Devices can used secure CoAPs connections to the backend. To use CoAPs a Certificate signed by Lobaro is required.
The setup consists of the following steps:
The key must be created at the Platform server and should never leave the system.
openssl ecparam -name prime256v1 -genkey -noout -out platform.key |
Do not send the resulting private key file |
Update "-subj" parameter in the command below according to you server and organisation.
C=DE
ST=Hamburg
O=Lobaro GmbH
CN=up.lobaro.com
openssl req -new -key platform.key -sha256 -subj "/C=DE/ST=Hamburg/O=Lobaro GmbH/CN=up.lobaro.com" -out "platform.csr" |
Verify your request with:
openssl req -text -noout -in platform.csr |
Send the generated CSR file (platform.csr) to support@lobaro.de to receive a valid certificate for your Server.
Add or update the following keys in the Platform configuration file:
server: dtlsConfig: dtlsCertDir: "./config" # This way the configuration directory is used to lookup the key and cert. dtlsCertName: "platform" # Used to lookup "platform.crt" and "platform.key" featureToggle: dtlsSecureCoapServiceEnabled: true # removed in > v1.59.1 |
We recommend to do no backup of the If you need to backup the key file make sure the backup is encrypted in a secure way. |
In case you choose another location than "./config
" the docker-compose.yml
must be updated to mount the dtlsCertDir
:
services: lobaro-backend: volumes: - </host/path/to/cert-dir>:<dtlsCertDir> |
To apply the Configuration restart the Platfrom:
docker restart platform_lobaro-backend_1 |
In case the commands fails with e.g. Execute
You should find the container that is running the platform. The restart command can be issued with the |