Skip to main content

LoRa Basics™ station


The minimal supported version of LoRa Basics™ station is 2.0.4.


LoRa Basics™ station uses two flows:


Using LoRa Basics™ station requires special attention to the DNS hostname and TLS certificate for HTTP traffic configuration.

First of all, the DNS hostname value is used by the LoRa Basics™ station to reach the ThingPark Enterprise server (or cluster). The DNS servers used by the base stations should resolve this hostname to an IP address routed to the ThingPark Enterprise. This IP address depends on your deployment choices like high availability, firewalls, etc.


The DNS hostname resolution could be done using the hosts file of the base station. This is not recommended for production deployment.

Then, once the IP address is resolved by LoRa Basics™ station, a TLS handshake is started. The certificate provided by ThingPark Enterprise is validated:

  • it should be signed by the configured trusted certificate
  • it should match the DNS hostname

The certificate used by ThingPark Enterprise for LoRa Basics™ station, is configured in the TLS certificate for HTTP traffic section of the ThingPark Enterprise configuration. Ensure that provided certificates are valid by checking that no validation errors are displayed.

TLS certificate for HTTP traffic renewal

The certificate (or any intermediate certificate) can be renewed at any time. It must be renewed by a certificate signed by the same root certificate.

TLS certificate for HTTP traffic root certificate renewal

The root certificate can be renewed at any time by a new certificate with the same distinguished name and public key. If the configured root certificate is expired, all LoRa Basics™ station will be disconnected until the renewed root certificate is manually configured on each base station. When the root certificate is renewed before its expiration date, LoRa Basics™ stations will automatically download the renewed certificate using the old but still valid root certificate.

Upgrading from 6.1 or 7.1

If you are using the default TLS certificate for HTTP traffic and the ThingPark Enterprise was initially installed using the 6.1 or 7.1 version, the root certificate in the TLS certificate for HTTP traffic section will be empty. The root certificate used to sign this default certificate (actility.local, *.actility.local) can be retrieved in the IPsec certificate for base stations traffic section, in the Certificate field.

Gateway Configuration

The following two files should be configured on the gateways:

  • cups.uri: should contain only the https://<fqdn>:443 string, where fqdn is the same as the HTTP hostname configured in Cockpit,
  • should contain the Root certificate configured in the TLS certificate for HTTP traffic section in Cockpit. The certificate can be in DER (binary) or PEM (base64 encoded with BEGIN and END CERTIFICATE) format. The content of the form field in Cockpit can just be copied and pasted into the` file.