CoAPs
Devices can used secure CoAPs connections to the backend. To use CoAPs a Certificate signed by Lobaro is required.
The setup consists of the following steps:
- Create a Certificate Signing Request (CSR)
- Request a Certificate from Lobaro
- Install the signed Certificate in the Platform
Create a Certificate Signing Request (CSR)
Create Private Key
The key must be created at the Platform server and should never leave the system.
openssl ecparam -name prime256v1 -genkey -noout -out platform.key
Do not send the resulting private key file platform.key
to anyone.
Create CSR
Update "-subj" parameter in the command below according to you server and organisation.
- C is Country Name: e.g.
C=DE
- ST is State or Province Name (full name): e.g.
ST=Hamburg
- O is Organization Name (eg, company): e.g.
O=Lobaro GmbH
- CN is Common Name (e.g. server FQDN or YOUR name): e.g.
CN=up.lobaro.com
- The CN must match your domain that is configured in the devices. It can also be an IP address.
openssl req -new -key platform.key -sha256 -subj "/C=DE/ST=Hamburg/O=Lobaro GmbH/CN=up.lobaro.com" -out "platform.csr"
Verify your request with:
openssl req -text -noout -in platform.csr
Request Certificate from Lobaro
Send the CSR to support@lobaro.de to receive a valid certificate for your Server.
Install the signed Certificate in the Platform
Add or update the following keys in the Platform configuration file:
server: dtlsConfig: dtlsCertDir: "./config" # This way the configuration directory is used to lookup the key and cert. dtlsCertName: "platform" # Used to lookup "platform.crt" and "platform.key" featureToggle: dtlsSecureCoapServiceEnabled: true # removed in > v1.59.1
Make sure your backups are either secure or do not backup the platform.key
file.
In case you choose another location than "./config
" the docker-compose.yml
must be updated to mount the dtlsCertDir
:
services: lobaro-backend: volumes: - </host/path/to/cert-dir>:<dtlsCertDir>
To apply the Configuration restart the Platfrom:
docker restart platform_lobaro-backend_1
In case the commands fails with e.g.Error response from daemon: No such container: platform_lobaro-backend_1
Execute
docker ps | grep lobaro
You should find the container that is running the platform. The restart command can be issued with the CONTAINER ID
or NAME