Gateway TLS Cert - Chirpstack 4 Docker Installation

Good day - I’ve searched through the forums and cannot find the answers I am looking for.

I’m looking to create the TLS certificate to use with my gateway. This is a chirpstack 4 docker installation. Communication with the gateway works fine.

I used chirpstack-certificates to generate the CA certs and added them to the configuration file under [gateway] per the documentation


  # CA certificate and key file (optional).
  # If setting the CA certificate and key file options, ChirpStack 
  # will generate client certificates which can be used by the gateway for
  # authentication and authorization. The Common Name of the certificate will
  # be set to the Gateway ID.

  # Certificate lifetime.
  # This defines how long (after generating) the certificate remains valid.
  client_cert_lifetime="11months 30days 3h 50m 24s"

  # Allow unknown gateways.
  # If set to true, then uplinks received from gateways not configured in
  # ChirpStack will be allowed.

In the ChirpStack web UI, under ** Gateways → TLS Certificate** I generated the CA certificate, the TLS certificate and the TLS key.

The instructions read:

The gateway client-certificate can be used to connect the gateway in case a client-certificate is required for authentication. Please note that this feature might not be available in case it has not been configured in the server configuration. After the certificate has been generated, store the content of the files on your gateway. **Please note the expiration of the certificate and make sure to renew the certificate on time!**

I’m using a tektelic micro gateway - which files get applied to the gateway and where on the file system should they reside?

Thanks and regards,

Hi :wave:,
If you are using gateway bridge or MQTT packet forwarder, you can enter the path of those files in the toml file. Home folder of the main user under a “certs” subfolder is a valid choice (among others).
Hope this helps.

Hi Jerome,

Thanks for responding. That is exactly what I did to have ChirpStack generate the CA certificate, the TLS certificate and the TLS key. Now that I have these files generated by ChirpStack, I’m looking to finish the instructions:

After the certificate has been generated, store the content of the files on your gateway.

The question is, of the files generated, which ones are copied to the gateway’s file system and where in the gateway’s file system are the files put?

I was talking about the toml file and path on the gateway itself.
See: Configuration - ChirpStack open-source LoRaWAN® Network Server documentation

Thanks Jerome - I’ll check that out!

After creating the certificate file I added the following to the chirpstack gateway bridge .toml file:

# TLS certificate file (optional)
# TLS key file (optional)

I copied those files to the corresponding directory on the gateway. I then rebooted the gateway and the gateway bridge container. Everything seems to work. Do you recommend a way to verify that it is working correctly?



Hi @bosavage,
If the gateway connects correctly, you should see it in the MQTT logs on the server side.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.