Hello thingerio team! @alvarolb
Related to platform deployment, what kind of webserver are thingerio use?
I already used my own VPS with thingerio platform installed to connect to several embedded device and so far it is quite good. But when i tried to install the SSL certificate, it always asks by certificate provider the type of webserver that we use.
So, to avoid SSL misconfiguration, could you inform us the type of webserver in the thingerio platform?
Cheers!
Okay, i tried around a week and got problem regarding SSL installation.
This is because we got 2 files from certificate provider : the one is *.ca file and the other is *.crt file. The CA file must be installed to the server in order to finished SSL implementation in our server. But, unfortunately there are no *.ca file by default on thingerio to replace with new one. So, i can’t use my *.ca file from certificate provider.
I just use *.crt file, and when i accessed my server in several browser like chromium or chrome, there are warning regarding insecure connection.
When i consult with my certificate provider, they asked me what type of webserver am i using. It is very important to SSL configuration.
I still don’t have a clue.
Hi @astonix you need to use PEM format for setting your SSL certificate, like in any Apache or Nginx. Did you check the format of the default certificates? Check out some posts that may help:
Hi @alvarolb,
Yes, i already checked the default certificates.
I got the same type of files from certificate authority,there are CA bundle that consists of : *.ca file and *.crt file. The .crt one i put below the default file in server.crt. Then, the *.ca file i put separate directory under “certificates” directory which named “CA_bundle”. Then i added new line on config.json file like this :
“ssl_certificate_CA” : “certificates/CA_bundle/file_name.ca-bundle”,
I did that based on suggestion from Technical Support team from certificate provider.
Then, i tried to restart the thingerio service, but still failed.
Hi @astonix, you cannot change the key to ssl_certificate_CA, as the server will not be looking for that in the boot, it should be just ssl_certificate for the file containing the public certificate (cut), and the ssl_certificate_key pointing to the certificate private key (.key).
The public certificate (.crt), will look like this:
-----BEGIN CERTIFICATE-----
MIIGUTCCBDmgAwIBAgIJAM11zz3Uxa3EMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV
BAYTAkVTMQ4wDAYDVQQIEwVTcGFpbjEPMA0GA1UEBxMGTWFkcmlkMRMwEQYDVQQK
EwpUaGluZ2VyLmlvMRIwEAYDVQQDEwlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEW
EGFkbWluQHRoaW5nZXIuaW8wHhcNMTYxMTE4MjA0NzUzWhcNMTcxMTE4MjA0NzUz
WjB4MQswCQYDVQQGEwJFUzEOMAwGA1UECBMFU3BhaW4xDzANBgNVBAcTBk1hZHJp
ZDETMBEGA1UEChMKVGhpbmdlci5pbzESMBAGA1UEAxMJbG9jYWxob3N0MR8wHQYJ
KoZIhvcNAQkBFhBhZG1pbkB0aGluZ2VyLmlvMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAnzXdb0d9L5TrascAd7Q65rAmcvU1yVsb8GFiyN2JjMHgDpK3
kQcZmOt31XQ/G44Xh+bpzXy21zMu6GlNxlKWfvYZ+3DTOAdorLizsBwKHzwMV1Uq
D02vCl6XxxbNMz+FT24nmanpyUrKqjlUKQKffL9Cmb861u+IdgBlLYJ5bwqRraN9
1z9cEjLytz7aFUY4qgXf9hUcbLVBS4lrvmqpv7v9FKpcYRwzQXftgy5D7bXc3rFA
2NC43zxA5In62eiPkb0Hriu8/ekxmdIg+qPsnVzH7FCN76iNLLuoSUDMC7Dgf3wW
P9UAavcMuIHvci3fuSGGzkQoJK0sFhyT1KsKNfxZJHvCtFOXZjP5JNxqzQMaXoJ9
4wQpTHLyqqtSn++PmUbUWhYqDEwBdl60Zo7heERmipv71GPm/Xj4NEunghJXvWsI
oBx6tkUSx4hkK4jaCQ68u6C2ynNg+n+fxDkWcGPw+lvB0Ye8zQRTnexSzuxHKO0e
E9P9uRdPCd05UXlmrqszW/zyxdmbVRicLW+zrq2tJ2qVLa7SHISec7vw/WyJorKF
ZMQ4C5n3KHmGCmBb5Mpn2Bgs/SNXxrqwMn++8MsE/wPObgdxcA6IitsZUA9MQJnl
h+d4FH39Xhluvu6T5+LM1eSx5k0h1CdRxFJzHzEKXzSYarNsq+KaGkQJ2FECAwEA
AaOB3TCB2jAdBgNVHQ4EFgQUlAxOvYiifVZEow8f4+JQijvENsUwgaoGA1UdIwSB
ojCBn4AUlAxOvYiifVZEow8f4+JQijvENsWhfKR6MHgxCzAJBgNVBAYTAkVTMQ4w
DAYDVQQIEwVTcGFpbjEPMA0GA1UEBxMGTWFkcmlkMRMwEQYDVQQKEwpUaGluZ2Vy
LmlvMRIwEAYDVQQDEwlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGFkbWluQHRo
aW5nZXIuaW+CCQDNdc891MWtxDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4ICAQCZGBZoUvhC3nTTZYLJAWafAWnd8VWi2Ty/3R2flINqebWgxaySnItZxed1
fRLATB+VHDxTyqG1LuWIe80uF2U+wIOFfGcl8KvuNSohLVuy99xZInPiYVLIpgka
TyiFZrifw5UyF+89LYBAgdIRZG+gl+ZghWyIYRCgUW4oEgTfxadKx2f9F5YATXjX
te8igzV4GRfjBBWZDQqUY2lGIWeJRM60p9Ossf1cOsvxSYQJYcoOrgaVi+lX5Fz+
xfqMvR5D+jppLmIp3kVKz/MAfrLCvpHxAihDDfnfsX5a5/97ZSFioyI90R+9Dl6+
2+R9A/fA8LTPntGM2bB5ftSTZVZNigMGtAMqPEkKt2HVZ7TAa1vPfzkOL53mSRqF
DXDfkW3rO5aCwWhAClW4H3IaXAjvdp0kQ/td0AnPeaVmsPLmHKIhRAxwgxZ/o5yy
9+o3KzEQrvT94/ii1sr/Nim/lzVKcJm82vnwkNttvJiiA97A5RE8HwXUlPe15gic
LZaO0iTrwK69McemYWVsH1hn004xOo8mXsVrZbVnCXV12h7LgRV1gZ+XcfWE2xEH
FDOu3Kgve7OvhSi9b4zZdAku4rEh7dMbkDyBTA0SbGPtd/Vexa8DF40oYypohk4W
1qOakhbeNKRhaOeNIugJN5E5S1ppe8WmpNRamaWLhB2cb6YRew==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
The private key (.key), uses to be a private key in RSA, like:
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAnzXdb0d9L5TrascAd7Q65rAmcvU1yVsb8GFiyN2JjMHgDpK3
kQcZmOt31XQ/G44Xh+bpzXy21zMu6GlNxlKWfvYZ+3DTOAdorLizsBwKHzwMV1Uq
D02vCl6XxxbNMz+FT24nmanpyUrKqjlUKQKffL9Cmb861u+IdgBlLYJ5bwqRraN9
1z9cEjLytz7aFUY4qgXf9hUcbLVBS4lrvmqpv7v9FKpcYRwzQXftgy5D7bXc3rFA
2NC43zxA5In62eiPkb0Hriu8/ekxmdIg+qPsnVzH7FCN76iNLLuoSUDMC7Dgf3wW
P9UAavcMuIHvci3fuSGGzkQoJK0sFhyT1KsKNfxZJHvCtFOXZjP5JNxqzQMaXoJ9
4wQpTHLyqqtSn++PmUbUWhYqDEwBdl60Zo7heERmipv71GPm/Xj4NEunghJXvWsI
oBx6tkUSx4hkK4jaCQ68u6C2ynNg+n+fxDkWcGPw+lvB0Ye8zQRTnexSzuxHKO0e
E9P9uRdPCd05UXlmrqszW/zyxdmbVRicLW+zrq2tJ2qVLa7SHISec7vw/WyJorKF
ZMQ4C5n3KHmGCmBb5Mpn2Bgs/SNXxrqwMn++8MsE/wPObgdxcA6IitsZUA9MQJnl
h+d4FH39Xhluvu6T5+LM1eSx5k0h1CdRxFJzHzEKXzSYarNsq+KaGkQJ2FECAwEA
AQKCAgBv11EEmP2x7TUrPzxu2qb94wQ/gU4VcvE/fcn9PNMhlBgnZJ2bPZeXuuHl
itHCM6EIEQhxF4kBx6zOCxtdlCqwaYV7Apj+JQY9P0rLDgd2RaKNvv/a3EF4UVbh
vnzL4XVuhP1AjwHyK54O0lLytCsBYQISKynUT1RXQJPS0nMntA7+IXmHObUd+7hR
Tc+5Xij0F0hrAA2FuBZ0T8bmbttsG0z/tWVLupmvBeZNXrTNShIsRew94vHbr+IO
KXeUmDAyus2oZoVPAP+dBOWx7HGNYd33fecXUhpKMFFZlDFCjTBHng2rLaArg/zl
qDFiziL5VDn0sCBbE2OC7PRUUwrKIhHBSmMT19gRmKZzrfbcnELEBruQQGc31SuD
020lfwB8USvN/PGYB2NVxtfxEPx6tPwrYDlRs9X7/pDSDtX8Vi0zfpC8F/cKmnZe
IPpUjo365DP5eMpU98uz58j5XRfN4kPvWOBv7c6/3NylYeJMIv7cz0QjJpDuAM6q
jkgehYHCxN04iHaNSQ+SD5eLg3xVCDZ5/ep1Sf0YuVsMhktN0Fr4VZRknr7nD5fo
KcuFQeFoMoSuxW0nZvazrF0Nhu3IpmRQpneJYqfn7rOWyRoJLiV1LK8AWbLcKkcu
hRQT0w8pxcqmwrF62A6XwZ8MD6ZX0RLp7x/z3P6fPM1WSC10eQKCAQEAzobZdwk/
x60LUl2Xk9NjWEvVGx1RmHXBtAhjhmGGh/fhjHY1GKb4uHgRThvXoEvJk4Eo13TQ
pllTas95ct66OeHQ+P+qqaGWa59iAyrDhOgoTt2133ILjyOXawvPGT/9zOKa+Pd0
8XDPCCk8KkEvbjhszoGNjbK0IYUBA34LwyRkydazhdnfwKe0QpMbl1VL1zA3f0lb
wmw96c/IN7ipbNUvooLMoMKPFiEHEqtlVJjCkED+3AHi+i2fYENpMXZkE2c5JJw3
JCy0QW1zOGaa79IXVxNdfDnWGVRQY9C15BwD5XaWfMDoIqu4nW7p3wCj/Xa7KFbz
+E5c1J4L0LTv0wKCAQEAxVldOSAuUmWXuLydD/Krp4plL0ivbQ+ivkYUCXSuQwD7
7ObrE+mb5SXgGSN8RsdaAXQWdqnnAgGjOUs8UoGQlUp2rxEvUdhXv2CNy0kZ2bE2
AQO/JFOa4Vgzt8QpZ6yo31s706Zsp+uVeD4ThGRl+i0egi+RPHj4HdVFRFjgz5pK
HEKX3OrY3YatpCuBjWmPYBrm+bfKHSPk89KyULI9F0nncX600Fo9izF+LUf4ytJT
LBQXSn4yD0jx5gl8PyxndcjF48bttXmiVIVTSTv0COt1BKb3C8WI0kZnVYmcl155
UgXZX0mnbDabNZf/exirRU+g95Ihv4q9W7288hIkywKCAQAYxoiUBSIHnDS9fsjO
TQ+f6gj4pb3CIm5IYLE/z7dJ3GzMYunfuTghORYqXqCxdCYMcfQqVLMrIZAmQhl5
tEp24yYkmNcqXl4jLw2c/6ZQ7WDYhTRqR84nL8fcaaBAkTKrP4wDzfvTcwsDGZ9E
GmnMOSykYVpP415EnyYN+zMCB/2nUQBcUFTNUdEII4mtz+e3OuuNc4l0e3O59tk4
BgkdKz35quNNbcmoh/HHRZR0X5cHoyRv1DIcfRiffbbC3kcHJNzwDWV4C3zcVHr8
CyMPHg76vTH70xxiEYFLWCBZ6xp0jpNjB+lRL3SIPmQEApmpsHKnVjcSVKRCRWt5
cBtNAoIBAAUNirOBvW3iqAXU3nigEAEULA8P3139fn88sBql4ChbCBhCuVYjLxio
5Zn/LJlrVUSgQkr7gqyseg9ne73pD1ijNXK6D+oajfSadkb0MjM+tFFGVUiK03Zd
mcVkwmKjKxe88EU1B6ctAwC3JizHnUzQhu1yZleUCVZKNaHQXME0BB3BHr5LTQ4u
+pcvffuu7jrZtXxDVmt0ldIgXOxwA9xqygA/7EVBaj38IGzsYNRgmjyQrx/7JzD4
/yiSqZm8e1GquFZiq4dv+9YKK92+KTtpO+/Ijp7AigZIQzEPevDtPFH7UFt+OUku
BL9UivgN46S8qzRri22qEbsdmo7gJA0CggEBAIEEsk+gh77S7Neddt2pHDwoiipT
DBIlaipDckP1lOp3D4WGU9Kzx5deZkEz0JBJYvb+TyWNIvE+v/ydiYO714kMEaQR
O3nBguERKb3ChePw+bjGj9Qa7b4/vHnVvB11it9aqYOqTThbsEwRD1RWfa+LUP8R
xmoGVOE6z9SC5DupXKAoQdNho71WVwluc3j8um4puyKJPNaZq3aGna+cZ05Oi6oK
Ev8GqxmVnNjNEVpEf49ANW6sq3eXl/36PP6cvFUVZX+nuezHjhmaNMd3EGMUjUEo
hgq9Usx+jfBG3VAyz7T+Iw4S67IgWF1+eDfuVmJ2QGG6AkapaZqyU/q6ep4=
-----END RSA PRIVATE KEY-----
As I undertand, this kind of files are the common files for configuring SSL in apaches, nginx, and so on. So, you must be sure about what is your public key, your private key, what format they have, etc. (you can open them with a text editor)
Hello!
Thanks for your detailed answer, it matter to me. I reissue for the CSR and got private key also. I installed certificate both .crt and .key, and it’s work!
Thank you!
Aston