Setting TLS certificate and key

ChirpStack Application Server
1

Hello!
I was reading this documentation about Application server configuration:
https://www.chirpstack.io/application-server/install/config/
I need to get HTTPS activates on my chirpstack application, I generated a certificate and key whit:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 90 -nodes
and now I have a key.pem and cert.pem, but Im no sure about how I should use them to get the TLS activated.
I know that I should put the certificate and key in the
tls_cert=""
and
tls_key=""
But if I copy and paste the content in the pem’s files the application server just stop working, what exactly do I need to do whit this files?

In advance thank you very much

2

Hi,
just put the path to the cert/key in there.
make sure the process has access to the files.

For example:

tls_cert=“/etc/chirpstack-application-server/cert.pem”
tls_key=“/etc/chirpstack-application-server/key.pem”

3

thank you so much!
just one more question, how do I know if the procces has acces to the files? :sweat_smile:

4

Simplest way to find out is, just trying to start it and see if it works.

it depends on how you have installed chirpstack, i’m assuming you have installed it like this: Quickstart Debian or Ubuntu - ChirpStack open-source LoRaWAN<sup>®</sup> Network Server

move both to /etc/chirpstack-application-server/

then change the owner to appserver

chown appserver:appserver /etc/chirpstack-application-server/cert.pem
chown appserver:appserver /etc/chirpstack-application-server/key.pem

then change the access permissions, so that the user can access the files, but no other user on your machine can:

chmod 640 /etc/chirpstack-application-server/key.pem
chmod 640 /etc/chirpstack-application-server/cert.pem

that should work

5

Thank you so much you were really usefull!
It seems that now HTTPS is active
I was trying to copy the whole content of the perm files into de configuration file xD
again, thank you so much!!!

6

hey where to add certificate location according to version 4 toml and please guide can we set .crt instead of .pem file