Closed cpoder closed 11 months ago
didier-wenzek
commented
11 months ago It's not enough to tell where is the certificate to be used to authenticate c8y, this certificate has to be trusted. Here is the documentation to do so: https://thin-edge.github.io/thin-edge.io/operate/security/add_self_signed_trusted/.
cpoder
commented
11 months ago Thanks Didier, I didn't think using ca-certificates was mandatory. The doc is a bit confusing about that part as https://thin-edge.github.io/thin-edge.io/start/connect-c8y/#connecting-to-cumulocity-server-signed-with-self-signed-certificate seems to tell that updating c8y.root_path_cert is enough, so it might be good to update that part of the documentation. I was even more confused since it was working for MQTTS but not for HTTPS. I should have thought to use ca-certificates though as it is usually the way to go :)
reubenmiller
commented
11 months ago @cpoder Though just for clarification (and for other users). Can you please list the actual command that you ran? As "connect to Thick Edge" is a bit vague.
cpoder
commented
11 months ago I should have mentioned that using ca-certificates it is now working perfectly. Here are the steps to connect Thin Edge to Cumulocity Thick Edge:
Describe the bug When connecting to a Cumulocity instance that uses self signed certificate (typically Cumulocity Edge), one has to update the c8y.root_path_cert to point to the server instance certificate. The tedge-mapper doesn't seem to take this parameter into account as it will still fail to connect to Cumulocity with the following error:
Error: FromHttpError(HyperError(hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) } })))To Reproduce Try to connect to Cumulocity Thick Edge instance that uses a self signed certificate.
Expected behavior Thin Edge should connect to the Thick Edge instance and tedge-mapper should appear as green in the services tab of the device in Cumulocity.
Environment (please complete the following information):