Problem with client certificate

matchsp · November 30, 2021, 9:55pm

Hi. I installed a couple of weeks mender server 3.1 based on the documentation " Installation with Docker Compose". The Services on the server are up and running but once I wanted to add a device I started facing issues. The device is a raspberry pi4 and this will not appear in the list of pending devices.

I went through the troubleshoot guide of the client and found the following warnings:

WARN[0000] Unable to install Mender demo cert in local trust: Cannot create file: /usr/local/share/ca-certificates/mender/mender-demo-1.crt: open /usr/local/share/ca-certificates/mender/mender-demo-1.crt: file exists
680

time="2021-11-30T22:11:28+01:00" level=warning msg="Running with demo certificate installed in trust store. This is INSECURE! Please remove /usr/local/share/ca-certificates/mender/mender-demo-3.crt if you plan to use this device in production."

It seems the problem is because the certificate created on the server needs to be add it in the client but I’m unable to figure out where in the server the certificate is located and then how to add it in the client

I would appreciate any help
thanks!

kacf · December 1, 2021, 9:26am

Check out the Certificates and Keys guide and the pages it links to. You may find the answer there.

matchsp · December 2, 2021, 4:40pm

Hi,

Yes, that was helpful. I was able to find the certificate but now I’m still struggling with the importation in the client. Following the manual https://docs.mender.io/3.1/system-updates-yocto-project/build-for-production I see there are two ways to import the file: With a layer or using the local.conf file but this two options are for the Yocto project wich I’am not working with.

So I took the iniative to add the certifcate of my server in the mender.conf file of the client and I also changed the URL in mender.conf to my Server URL. After rebooting now I’m getting a different error:

Dez 02 17:08:26 MenderJC systemd[1]: Started Mender OTA update service.
Dez 02 17:08:27 MenderJC mender[581]: time="2021-12-02T17:08:27+01:00" level=info msg="Loaded configuration file: /var/lib/mender/mender.conf"
Dez 02 17:08:27 MenderJC mender[581]: time="2021-12-02T17:08:27+01:00" level=info msg="Loaded configuration file: /etc/mender/mender.conf"
Dez 02 17:08:27 MenderJC mender[581]: time="2021-12-02T17:08:27+01:00" level=info msg="The cached tenant token differs from the tenant token in the 'mender.conf' file. Deleting the cached authorization token so that the user configuration is respected."
Dez 02 17:08:27 MenderJC mender[581]: time="2021-12-02T17:08:27+01:00" level=info msg="Mender running on partition: /dev/mmcblk0p2"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=info msg="State transition: init [none] -> init [none]"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=info msg="State transition: init [none] -> idle [Idle]"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=info msg="State transition: idle [Idle] -> authorize-wait [Idle]"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=info msg="State transition: authorize-wait [Idle] -> authorize [Sync]"
Dez 02 17:08:28 MenderJC mender[581]: using interface /sys/class/net/eth0
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=error msg="Failure occurred while executing authorization request: Method: Post, URL: https://mender.matchsplab.de/api/devices/v1/authentication/auth_requests"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=error msg="Failure occurred while executing authorization request: Method: Post, URL: https://mender.matchsplab.de/api/devices/v1/authentication/auth_requests"
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=error msg="Authorize failed: transient error: authorization request failed: transient error: authorization request failed: Unknown url.Error type: depth zero self-signed certificate, openssl ver
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=error msg="Authorize failed: transient error: authorization request failed: transient error: authorization request failed: Unknown url.Error type: depth zero self-signed certificate, openssl ver
Dez 02 17:08:28 MenderJC mender[581]: time="2021-12-02T17:08:28+01:00" level=info msg="State transition: authorize [Sync] -> authorize-wait [Idle]"
Dez 02 17:08:58 MenderJC mender[581]: time="2021-12-02T17:08:58+01:00" level=info msg="State transition: authorize-wait [Idle] -> authorize [Sync]"

Wich part of the guide am I missing?

Topic		Replies	Views
SSL CA certificate setup on mender production General Discussions	5	2055	November 27, 2019
Client Not See On Open Source Deployment General Discussions	9	287	August 31, 2022
Using an already existing certificate while installing Mender General Discussions	9	1077	June 27, 2019
Issue with connecting client to 2.4 production mender server General Discussions	5	402	August 11, 2020
Raspberry Pi 4 - Hosted Mender / TLS Certificate warning? General Discussions	3	344	June 10, 2021

Problem with client certificate

Related Topics