i’m not sure which CN is mismatching which CN, but it appears to be simple to put chirpstack-gateway-bridge on the same machine as running basic-station. In other words, run bridge on gateway. And just use unencrypted websocket between basic-station and bridge, because its over localhost.
Apparently the requirement for encrypted connection between chirpstack-gateway-bridge and chirpstack-network-server is to make the ca_cert , tls_cert , tls_key use the same files for [network_server.gateway.backend.mqtt] in chirpstack-network-server.toml as that are used for [integration.mqtt.auth.generic] in chirpstack-gateway-bridge.toml
ca_cert=“chirpstack-certificates/certs/ca/ca.pem”
tls_cert=“chirpstack-certificates/certs/mqtt/server/mqtt-server.pem”
tls_key=“chirpstack-certificates/certs/mqtt/server/mqtt-server-key.pem”
but the first step before generating those files is to set the hosts in chirpstack-certificates/config/mqtt/server/certificate.json to IP address or hostname that chirpstack-network-server runs on.
Alternately, it would still be useful to know which CN is mismatched when basic-station cant connect to bridge, since there are probably cases where bridge cant run on gateway. Its probably an mbedTLS thing.