Error of TLS Join Server Configuration


#1

Hi,

Having mastered all the elements of the project for a while, I decided to secure the communication between the three servers (loraserver, lora-app-server and join server) in TLS.
after finishing the configuration, that indicated here loraserver-certificates, I checked all the files, directories and paths. and it seems to me correct.

  • my folder “loraserver-certificates” is in"etc"

LORA SERVER ( join-server ) :

    # Network-server API

    # This is the network-server API that is used by LoRa App Server or other
    # custom components interacting with LoRa Server.
    [network_server.api]
    # ip:port to bind the api server
    bind="0.0.0.0:8000"

    # ca certificate used by the api server (optional)
    ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"

    # tls certificate used by the api server (optional)
    tls_cert="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server.pem"  
    # tls key used by the api server (optional)
    tls_key="/etc/loraserver-certificates/certs/loraserver/api/server/loraserver-api-server-key.pem"  

LORA SERVER ( join-server ) :

    # This API is provided by LoRa App Server.
    server="http://localhost:8003"

    # ca certificate used by the default join-server client (optional)
    ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"

    # tls certificate used by the default join-server client (optional)
    tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api- 
    client.pem"

    # tls key used by the default join-server client (optional)
    tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/client/lora-app-server-join-api- 
    client-key.pem"

LORA-APP-SERVER:

    # Settings for the "internal api"

    # This is the API used by LoRa Server to communicate with LoRa App Server
    # and should not be exposed to the end-user.
    [application_server.api]
    # ip:port to bind the api server
    bind="0.0.0.0:8001"

    # ca certificate used by the api server (optional)
    ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"


   # tls certificate used by the api server (optional)
   tls_cert="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api- 
   server.pem"


   # tls key used by the api server (optional)
   tls_key="/etc/loraserver-certificates/certs/lora-app-server/api/server/lora-app-server-api-server- 
   key.pem"

LORA-APP-SERVER ( join-server ) :

   [join_server]
   # ip:port to bind the join-server api interface to
   bind="0.0.0.0:8003"

   # CA certificate (optional).
   # When set, the server requires a client-certificate and will validate this
   # certificate on incoming requests.
   ca_cert="/etc/loraserver-certificates/certs/ca/ca.pem"

   # TLS server-certificate (optional).
   # Set this to enable TLS.
   tls_cert="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api- 
   server.pem"

   # TLS server-certificate key (optional).
   # Set this to enable TLS.
   tls_key="/etc/loraserver-certificates/certs/lora-app-server/join-api/server/lora-app-server-join-api- 
   server-key.pem"

in the web interface i also check carfully that i put the right content :

so when i restart my loraserver and lora-app-server, it’s look like working :

loraserver :

I noticed that there was written :

   level=info msg="integration/mqtt: TLS config is empty"

lora-app-server :

But whene i try "JOIN REQUEST in OTA " with my node, i have error with join-server :

LORA SERVER :

error :

    error="join-request to join-server error: http post error: Post http://localhost:8003: net/http:  
           HTTP/1.x transport connection broken: malformed HTTP response 
           \"\\x15\\x03\\x01\\x00\\x02\\x02\\x16\""

LORA-APP-SERVER :

 Apr 26 14:57:15 paclido-gat lora-app-server[1134]: time="2019-04-26T14:57:15+02:00" level=info 
   msg="finished unary call with code NotFound" error="rpc error: code = NotFound desc = object 
   does not exist" grpc.code=NotFound grpc.method=Geys grpc.service=api.DeviceService 
   grpc.start_time="2019-04-26T14:57:15+02:00" grpc.time_ms=18.785 peer.address="[::1]:48912" 
   span.kind=server system=grpc
 Apr 26 15:01:11 paclido-gat lora-app-server[1134]: time="2019-04-26T15:01:11+02:00" level=info 
   msg="device-keys created" dev_eui=393032355f378a05
 Apr 26 15:01:11 paclido-gat lora-app-server[1134]: time="2019-04-26T15:01:11+02:00" level=info 
   msg="finished unary call with code OK" grpc.code=OK grpc.method=CreateKeys 
   grpc.service=api.DeviceService grpc.start_time="2019-04-26T15:01:11+02:00" 
   grpc.time_ms=38.946 peer.address="[::1]:48912" span.kind=server system=grpc

 Apr 26 15:02:24 paclido-gat lora-app-server[1134]: 2019/04/26 15:02:24 http: TLS handshake error 
   from [::1]:45600: tls: oversized record received with length 21536
 Apr 26 15:05:04 paclido-gat lora-app-server[1134]: 2019/04/26 15:05:04 http: TLS handshake error 
   from [::1]:45654: tls: oversized record received with length 21536


important : I already read lot of topic, but i can’t find topic that find solution for my bug .


#2

Make that https:// insteead of http:// :slight_smile:


#3

oh thanks brocaar, I’m not paying attention to this details, solved :slight_smile:


#4

When doing EXACTLY the same as Jawad, I’m losing connection to the web-interface, and I can’t access the web-interface anymore. Why is that so?

Loaserver:

Lora App Server:


#5

The logs show that the user running the applications doesn’t have permissions to read the .pem files, so check those.