In the next couple of days I’ll push a new release of both LoRa Server and LoRa App Server which will enable you to use client-side certificate authentication. Some certificate options are already available, but they were never fully implemented including client certificate authentication.
The flow in short:
You generate a set of certificates
You configure the LoRa Server API to use TLS (which will enable client certificate validation)
You configure the LoRa App Server API to use TLS (same…)
Then when creating or updating the network-server entity, you enter both the client certificates for LoRa App Server to connect to LoRa Server and LoRa Server to connect back to LoRa App Server.
In preparation I’ve creates some script so that you can create all certificates with one make command I’ll also update the documentation to document this feature.
Note this feature is not yet released, but will be available in the next days.
The scripts make it very easy to generate the certs. Thanks.
BUT I AM BLOCKED. probably something in the configuration of the scripts needs to be changed.
Setup:
-All components on local machine.
-certs created using scripts. CN for server certs is “localhost”. CN for client certs: ids used in the respective configurations. e.g. “010203” for loraserver. Allowed hosts : “127.0.0.1”, “localhost”, “{pc name}”.
-config of componenets: path to certs set except for the network-controller (don’t know yet when this comes into play)
ISSUE:
The moment the certs are set for the loraserver Network-server API, the lora-app-server is no longer running. N.B. the client certs for loraserver was copied to the lora-app-server’s folder. Did not copy the contents of the certificates in the Web UI because the lora-app-server doesn’t work anymore.
If you can tell me what might be the cause of this issue, I would be grateful
I’ll also update the documentation to document this feature.