# LoRa Server certificates
This repository contains configuration to generate certificates for the
[LoRa Server](https://www.loraserver.io/) project.
## Requirements
For generating the certificates, [cfssl](https://github.com/cloudflare/cfssl)
is being used. Make sure you have this tool installed.
## Generating certificates
Simply run `make` to generate all certificates. All certificates will be
written to the `certs` folder. See also the `Makefile` for all commands
being executed.
You probably want to make changes to the `certificate.json` files under
`config`. Please see [https://cfssl.org](https://cfssl.org) for documentation
about the `cfssl` usage.
This file has been truncated. show original
Stop buying beers 
I’ve been able to reproduce the issue. Let me check!
Update: I’m able to reproduce this issue when starting from scratch. I think I might have introduced this typo after testing and just before committing. This will be fixed in 0.17.1 which I’ll release shortly. See:
github.com/brocaar/chirpstack-application-server
I’ve updated (from the repo) and now I’m getting another error:
Error context deadline exceeded (code: 2)
Using:
root@altue# lora-app-server -v
lora-app-server version 0.17.1
root@altue# loraserver -v
loraserver version 0.23.3
should I post the configuration and the certificates being used? or should I take another beer?? lol 
That error usually appears at the appserver side when it is not able to connect to loraserver. You’d have to check the logs to be sure, but anything preventing loraserver from starting (another instance running, another program using that port, etc.) would result in this error.
Edit: I’ve just checked killing loraserver and didn’t get that error, so maybe I was misremembering. If you could show your logs that’d be great.
Now I see on the logs:
Jan 25 21:16:55 altue lora-app-server[1301]: time=“2018-01-25T21:16:55-03:00” level=info msg=“creating network-server client” server=“localhost:8000”
Jan 25 21:16:55 altue loraserver[1198]: time=“2018-01-25T21:16:55-03:00” level=warning msg=“grpc: Server.Serve failed to create ServerTransport: connection error: desc = “transport: http2Server.HandleStreams received bogus greeting from client: \”\\x16\\x03\\x01\\x00\\xa4\\x01\\x00\\x00\\xa0\\x03\\x03{\\xf8\\x89\\\”\\xe82\\xceH\\xdc\\xdcMS\\xcf\"""
Jan 25 21:16:55 altue lora-app-server[1301]: time=“2018-01-25T21:16:55-03:00” level=warning msg=“Failed to dial localhost:8000: connection error: desc = “transport: authentication handshake failed: tls: first record does not look like a TLS handshake”; please retry.”
Jan 25 21:16:56 altue lora-app-server[1301]: time=“2018-01-25T21:16:56-03:00” level=error msg=“finished unary call with code Unknown” error=“rpc error: code = Unknown desc = context deadline exceeded” grpc.code=Unknown grpc.method=Create grpc.service=api.NetworkServer grpc.start_time=“2018-01-25T21:16:55-03:00” grpc.time_ms=537.572 peer.address="[::1]:40216" span.kind=server system=grpc
related running processes:
root@altue:~# ps -ef | grep lora
gateway+ 1191 1 0 Jan25 ? 00:00:00 /usr/bin/lora-gateway-bridge
loraser+ 1195 1 0 Jan25 ? 00:00:38 /usr/bin/loraserver
postgres 1271 1254 0 Jan25 ? 00:01:51 postgres: loraserver_ns loraserver_ns ::1(54852) idle
appserv+ 1292 1 0 Jan25 ? 00:00:03 /usr/bin/lora-app-server
postgres 1302 1254 0 Jan25 ? 00:00:00 postgres: loraserver_as loraserver_as ::1(54856) idle
The relevant part of the configuration (all the certs are in /etc/default/lora-certs/, and the directory tree below that is generated automatically from loraserver-certificates):
/etc/default/lora-app-server:
ca certificate used by the api server (optional)
CA_CERT=/etc/default/lora-certs/ca/ca.pem
tls certificate used by the api server (optional)
TLS_CERT=/etc/default/lora-certs/lora-app-server/api/server/lora-app-server-api-server.pem
tls key used by the api server (optional)
TLS_KEY=/etc/default/lora-certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
ca certificate used by the join-server api server
JS_CA_CERT=/etc/default/lora-certs/ca/ca.pem
tls certificate used by the join-server api server (optional)
JS_TLS_CERT=/etc/default/lora-certs/lora-app-server/join-api/server/lora-app-server-join-api-server.pem
tls key used by the join-server api server (optional)
JS_TLS_KEY=/etc/default/lora-certs/lora-app-server/join-api/server/lora-app-server-join-api-server-key.pem
/etc/default/loraserver:
JS_SERVER=https://localhost:8003
ca certificate used by the default join-server client
JS_CA_CERT=/etc/default/lora-certs/ca/ca.pem
tls certificate used by the default join-server client (optional)
JS_TLS_CERT=/etc/default/lora-certs/lora-app-server/join-api/client/lora-app-server-join-api-client.pem
tls key used by the default join-server client (optional)
JS_TLS_KEY=/etc/default/lora-certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem
any ideas???
Did you also update /etc/default/lora-app-server with:
CA_CERT=.../ca/ca.pem
TLS_CERT=.../loraserver/api/server/loraserver-api-server.pem
TLS_KEY=.../loraserver/api/server/loraserver-api-server-key.pem
You might have missed this section: https://github.com/brocaar/loraserver-certificates#certsloraserverapi
@brocaar you are right
These lines on the lora-app-server were commented out, so I’ve fixed that and now it’s working as expected!!! at least, I could create the network server with certificates!!!
Now I’m going to try the link from the Draguino 433mhz GW (one channel) that I’ve got, to the server. Also, I’ve got a RAK 433 Mhz gateway (with a Raspberry 3, full 8 channels), but I’m still looking at the frequencies that I should put on the configuration for that.
I’ll report back when I’ve got more info, but for now the certificate part is working great!!!
thanks a lot!
