Authorization Failed while connecting mender-client to the self signed mender server

General Discussions
, ,
1

I have installed mender server using docker compose with self signed certificate. I also got the temp public domain from https://ipq.co/
I have generated the keys and certificates and then copied the certificate to the mender-client machine at /etc/mender/server.crt. My mender.conf is as below:

{
    "DeviceTypeFile": "/var/lib/mender/device_type",
    "UpdateControlMapExpirationTimeSeconds": 90,
    "UpdateControlMapBootExpirationTimeSeconds": 45,
    "UpdatePollIntervalSeconds": 5,
    "InventoryPollIntervalSeconds": 5,
    "RetryPollIntervalSeconds": 30,
    "ServerURL": "https://e3c0j.ipq.co",
    "ServerCertificate": "/etc/mender/server.crt"
}

When i start mender-client, it is not able to connect to the server and gives error below:

3:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=error msg="Failed to authorize with \"https://e3c0j.ipq.co\": Unknown url.Error type: depth zero self-signed certificate, openssl verify rc: 18 server cert file: /etc/mender/cert.crt"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=warning msg="Reauthorization failed with error: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=error msg="Failed to submit inventory data: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=error msg="inventory submit failed: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=warning msg="Reauthorization failed with error: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=warning msg="Failed to refresh inventory: failed to submit inventory data: inventory submit failed: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=info msg="Wait 30s before next inventory update attempt in 59.999998963s"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=error msg="Failed to submit inventory data: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=error msg="inventory submit failed: transient error: authorization request failed"
أغس 01 23:38:29 amerlin mender[2197193]: time="2022-08-01T23:38:29+04:00" level=warning msg="Failed to refresh inventory: failed to submit inventory data: inventory submit failed: transient error: authorization request failed"

When i read the documentation, this error is prespecified with self signed certificate and is mentioned to put the certificate in local truststore of the mender-client machine. I did the same using the below

sudo cp server.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

it shows that 1 server is added but still getting the error.
when i try to ping the server using curl, it gets success as below

amer@amerlin:/etc/mender$ sudo curl --verbose https://e3c0j.ipq.co
*   Trying 192.168.0.108:443...
* Connected to e3c0j.ipq.co (192.168.0.108) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=e3c0j.ipq.co
*  start date: Jul 31 15:49:38 2022 GMT
*  expire date: Jul 28 15:49:38 2032 GMT
*  subjectAltName: host "e3c0j.ipq.co" matched cert's "e3c0j.ipq.co"
*  issuer: CN=e3c0j.ipq.co
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55d33ed2ae80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: e3c0j.ipq.co
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301 
< location: https://e3c0j.ipq.co/ui/
< content-type: text/plain; charset=utf-8
< content-length: 17
< date: Mon, 01 Aug 2022 19:49:26 GMT
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host e3c0j.ipq.co left intact
Moved Permanently