Sorry I misread your output. Its complaining about the godaddy “intermediate” certificate is missing and i pointed you in the direction of the root certificate. As well as the root cert you also need to concatenate the intermediate crt to your server.crt file. See links below to be able to download the missing file
https://certs.godaddy.com/repository
https://certs.godaddy.com/repository/gdig2.crt.pem
@dellgreen - I’m in the process of flashing a new microSD card for the BIG test, but… with those certs in the server.crt file, passed as the -CAfile parameter of openssl s_client, it did NOT report any errors. I’ll report back after my Pi attempts to register itself.
@dellgreen - I may know what the issue is here. The new server.crt does not contain the original values form server.crt when the server was first built. I removed them. I am going to add them back in and see if those PLUS the SSL certs solve the problem.
@dellgreen - No, that did not help. Same error as pictured above. Question: Does server.crt on the device have to match the server.crt on the mender server? I didn’t copy the server.crt with GoDaddy certs on to the mender server.
you normally get unauthorized if you haven’t yet accepted/approved the device on your mender server. Is your device now in the devices pending section of the mender server website?
Yes! It is. I actually totally rebuilt the server, which along with the now-correct server.crt helped. Unfortunately while the device is now registered, I suspect that part of the problem was however I attempted to re-route the storage traffic from port 9000 to port 80. Perhaps that messed up the registration? (although I thought all of that stuff goes over 443). OK so, this one is fixed. THANK YOU! Now I have to figure out how to get artifacts and downloads through our reverse proxy without using port 9000.
