CoAPs
Devices can used secure CoAPs connections to the backend. To use CoAPs a Certificate signed by Lobaro is required.
The setup consists of the following steps:
- Create a Certificate Signing Request (CSR)
- Request a Certificate from Lobaro
- Install the signed Certificate in the Platform
Create a Certificate Signing Request (CSR)
Create Private Key
The key must be created at the Platform server and should never leave the system.
openssl ecparam -name prime256v1 -genkey -noout -out platform.key
Do not send the resulting private key file platform.key to anyone.
Create CSR
Update "-subj" parameter in the command below according to you server and organisation.
- C is Country Name: e.g.
C=DE - ST is State or Province Name (full name): e.g.
ST=Hamburg - O is Organization Name (eg, company): e.g.
O=Lobaro GmbH - CN is Common Name (e.g. server FQDN or YOUR name): e.g.
CN=up.lobaro.com- The CN must match your domain that is configured in the devices. It can also be an IP address.
openssl req -new -key platform.key -sha256 -subj "/C=DE/ST=Hamburg/O=Lobaro GmbH/CN=up.lobaro.com" -out "platform.csr"
Verify your request with:
openssl req -text -noout -in platform.csr
Request Certificate from Lobaro
Send the CSR to support@lobaro.de to receive a valid certificate for your Server.
Install the signed Certificate in the Platform
Add or update the following keys in the Platform configuration file:
server:
dtlsConfig:
dtlsCertDir: "./config" # This way the configuration directory is used to lookup the key and cert.
dtlsCertName: "platform" # Used to lookup "platform.cert" and "platform.key"
featureToggle:
dtlsSecureCoapServiceEnabled: true
Make sure your backups are either secure or do not backup the platform.key file.
In case you choose another location than "./config" the docker-compose.yml must be updated to mount the dtlsCertDir:
services:
lobaro-backend:
volumes:
- </host/path/to/cert-dir>:<dtlsCertDir>