I have been following this guide to setup the (production equivalent of ) mender server.
All went well and I had used freshly prepared self signed certificates for the server (as mentioned in the docs) and also prepared a RPi 3B device by converting 2019-04-08-raspbian-stretch-lite.img via mender-convert 1.1.1 branch.
Command used -
Although the option --server-cert successfully copied the generated server.crt file to the final sdimg, the “/etc/mender/mender.conf” did not contain the “ServerCertificate” key, and thus the copied certificate was not being used while the client tried to communicate to the server.
Ofcourse, I had no idea why I was still getting SSL errors (via journalctl -u mender) as the following documentations did not provide any hint that the mender.conf had to be updated with “ServerCertificate” key -
Only when I found out the Installation note here the client finally worked.
Note: A lot of time was wasted, even after following the guide.
So here are my two humble requests -
A) Can the mender-convert utility also add the “ServerCertificate” key to “/etc/mender/mender.conf” when “–server-cert” is specified as a command line option ?
B) Can the documentation be updated to point out that “ServerCertificate” needs to be set in the client in case of self-signed certificates.
This will help people who are new to mender to easily try out mender. Thanks!