-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Leshan server demo DTLS x.509 mode #1227
Comments
Could you say us what are you using as LWM2M server and what are you using as LWM2M client ? |
I just not longer common to the intended credentials management of the leshan demo server. I guess, there is a Wiki page or other instructions, how to create a client certificate. nRF9160 is usually using a zephyr lwm2m client or the one from the modem itself. How certificates are handled for that modem, is then more a question to the manufacturer or the zephyr project. |
Could you also precise which version of LWM2M 1.0 or 1.1 ?
https://github.com/eclipse/leshan/wiki/Credential-files-format |
I'm using a leshan demo server hosted by OVH, my LWM2M client is a Zephyr lwm2m client project. I added self signed certificate with CN=Client_NAME but it didn't work as expected as i get a "Connection refused by the leshan server" |
Which version of LWM2M ? which version of Leshan ? |
2.0.0-SNAPSHOT |
OK so we still don't know which LWM2M version is used at client side For current 2.0.0-SNAPSHOT (corresponding to By default leshan-server-demo, trust any certificate, see
Client certificate must respect some basic rules :
Maybe you can share your client certificate and we will see if there is something wrong ? |
At first sight, I see nothing wrong with your certiticate :
I tried to connect to https://leshan.eclipseprojects.io using leshan-client-demo with a very similar certificate :
and it works for me. Do you succeed to make it work with leshan-client-demo ? |
Hi, I wrote own lwm2m client and test it with your leshan.eclipseprojects.io with no problems (noSec, psk, x509). It works fine for noSec, psk but not with x509. From log I see it finished with I wonder about Could you please advice what could be a reason that it works with your leshan.eclipseprojects.io and it doesn't with build one. I swap server certificate respectively. I am running it on Linux yocto-ubuntu-18 5.4.0-105-generic #119~18.04.1-Ubuntu SMP Tue Mar 8 11:21:24 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux Regards Logs included. |
And you use which dtls implementation on the client-side? openssl? From your log:
That's strange, maybe you can provide a capture of your client side? (I guess, your device sends not only DTLS records ...) Anyway,
indicates, that you client doesn't accept your "self-signed" certificate. You may check your client's truststore, if that self-signed is trusted at all. or you need to debug your client, in order to see, why your certificate is BAD for your client. |
Thanks for tips, |
@mehdi-chelouah did you finally succeed ? should we close this issue ? |
You can close the issue, thanks again for your help ! @sbernard31 |
No problem 😉 |
I'm currently working on an IoT Project with NRF9160 MCU. It works fine with no security mode and PSK mode. Now, i would like to add x509 security but i'm completely lost. I don't know what i have to do with the certificate provided by the server at der format. When I provide a self signed certificate to the NRF9160, i get a "Connection refused".
I'd like to know what
means exactly.
Thanks
The text was updated successfully, but these errors were encountered: