Recently I created a Mender server and added a device to it. The device is communicating with the server perfectly: I was able to authorize it, view its inventory, etc.
However, I can’t deploy to it. I always get this in the error log:
2019-06-09 04:35:36 +0000 UTC error: Can not fetch update image: Get https://admin.zbapp.com:9000/mender-artifact-storage/b12174c5-7f8b-45e5-a1d0-d286172a6674?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=mender-deployments%2F20190609%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190609T043535Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&response-content-type=application%2Fvnd.mender-artifact&X-Amz-Signature=f5d4c15b92565f86eb014307bf71721337bea53417d88408c45a5f1b08e6ac4c: x509: certificate signed by unknown authority (possibly because of “x509: ECDSA verification failure” while trying to verify candidate authority certificate “admin.zbapp.com”)
Clearly it’s some kind of security error. But why is my device able to otherwise communicate perfectly with the server, yet when it tries to obtain an artifact, it fails? Is the connection to get the artifact somehow different than all the other connections?
I have a certificate installed on the device. The mender.conf has the entries:
“ServerURL”: “https://admin.zbapp.com:9010/”
“ServerCertificate”: “/opt/gateway/scripts/mender.crt”,
Was I supposed to have created an additional certificate for the artifact connections and specified that somewhere in mender.conf?
Thanks,
Zac