Production config demo server certificate warning

B-Stefan · March 10, 2022, 1:52pm

I have a question regarding the server certificate:

According to the documentation there is no need for a manual server certificate if the certificate is signed by a know CA.

Including the server certificate on the client is only necessary if the certificate is not signed by a known Certificate Authority (CA) for example, if the certificate is self-signed. If signed by a known CA, the remainder of this section is not necessary.

According to my research, the certificate of the hosted version of mender is signed by a known CA.

But I still see the warning during the Yocto build and assume that I can ignore that warning.

Is that correct?

You are building with the default server certificate, which is not intended for production use

TheYoctoJester · March 11, 2022, 1:41pm

Hi @B-Stefan,

unfortunately that is not accurate. The message indicates that the demo certificated for a hosted Mender instance is in place, which is absolutely undesirable for production. As this note comes from the meta-mender-demo layer, the correct solution is to remove that layer from the build setup altogether.

The message can and should be improved, though.

Greetz,
Josef

Topic		Replies	Views
Problem with client certificate General Discussions raspberry-pi-4	2	781	December 2, 2021
Problem with Mender server production! General Discussions raspberry-pi-4	16	1120	December 9, 2020
Using Yocto with Self-hosted Mender server, manual instructions appear to be incomplete Yocto Project	4	769	August 25, 2022
Using an already existing certificate while installing Mender General Discussions	9	1148	June 27, 2019
Client complains server's cert signed by unknown authority General Discussions ssl	7	563	July 5, 2022

Production config demo server certificate warning

Related topics