Skip to main content

Troubleshooting X.509 certificate issues

The base station is connected to the Network Server with a secure connection through the Key Installer Server. The secure connection is based on trusted X.509 certificates the base station should have downloaded, and this secured connection needs to be established for the base station to appear Connected.

In SUPLOG, go to Troubleshooting, then IPsec and IPsec certificates.

You should see the certificates details:

If the result is empty, it means the certificates were not downloaded.

Again, you might need to check your connection towards the PKI server from where the certificates are downloaded.

SaaS setup check: The PKI server of ThingPark SaaS is only authorizing the base stations to download their certificates based on the mechanism of public/private key. To learn more, see Generating and retrieving the base station's Public Key.

Therefore, you might need to double check that the public key generated on the base station is the same as the one used in the base station provisioning on ThingPark GUI.

  • You can verify the effective public key generated from SUPLOG: go to Identifiers, then Get public key.

  • You can verify the public key used during the provisioning of your base station by entering the base station from the GUI and then click on the button Manage Public Key in the Security section:

If your certificates are present, go back to SUPLOG then go to Troubleshooting, then IPsec and IPsec status.

The connection status should be Established and Installed.

If not and if your base station remains in connection error state despite those different checks, contact your System Integrator or ThingPark Support team for further troubleshooting.