search

TheThingsArchive / packet_forwarder

Packet forwarder for Linux based gateways
MIT License
84 stars 92 forks source link

Add option to specify a root certificate #52

Closed egourlao closed 6 years ago

egourlao commented 7 years ago

When the packet forwarder connects to the discovery server, the discovery server declares his identity using a certificate, that can be self-generated in the case of a private network. But if it's self-generated, the packet forwarder cannot verify it, and the connection fails:

pi@raspberrypi:~ $ ./packet-forwarder start
  INFO Packet Forwarder for LoRa Gateway        HALVersionInfo=Version: 4.0.0; Options: native;
  INFO Found gateway parameters, getting frequency plans AuthServer=http://account.test.thethings.network GatewayID=raspi URL=http://account.test.thethings.network/api/v2/frequency-plans/EU_863_870
  INFO Refreshed account server information     TokenExpiry=2017-09-10 11:41:59.262825864 +0000 UTC
  INFO Connecting to TTN discovery server       Address=test.thethings.network:1900
 ERROR The program ended following a failure    error=Network configuration failure: x509: certificate signed by unknown authority source=Run: /builds/thethingsnetwork/packet_forwarder/gopath/src/github.com/TheThingsNetwork/packet_forwarder/pktfwd/run.go:15

There are two options to fix this problem:

For that, we can draw inspiration from the ttn repo, that uses a flag to indicate a directory where to find the trusted certificates, to use in gRPC.

johanstokking commented 7 years ago

Good approach, follow ttn convention

alex-wells commented 7 years ago

you can self-trust the discovery certificate by copying discovery/server.cert to /usr/share/ca-certificates (make sure it ends with .crt) on the gateway, and then doing the following:

The discovery server certificate should now be trusted by the OS, and the X.509 warning should disappear.