LoRa Basics™ station
Requirements
The minimal supported version of LoRa Basics™ station is 2.0.4.
Flows
LoRa Basics™ station uses two flows:
HTTPSon the443port for the CUPS protocolHTTPSon the4443port for the LNS protocol
Configuration
Using LoRa Basics™ station requires special attention to the HTTP hostname/IP address and TLS certificate for HTTP traffic configuration.
First of all, the HTTP hostname/IP address value is used by the LoRa Basics™ station to reach the ThingPark Enterprise server (or cluster). If a hostname is set, the DNS servers used by the base stations should resolve this hostname to an IP address routed to the ThingPark Enterprise. This IP address depends on your deployment choices like high availability, firewalls, etc.
The hostname resolution could be done using the hosts file of the base station. This is not recommended for production deployment.
Then, once the IP address is resolved by LoRa Basics™ station or if an IP address is set, a TLS handshake is started. The certificate provided by ThingPark Enterprise is validated:
- it should be signed by the configured trusted certificate
- it should match the HTTP hostname/IP address
The certificate used by ThingPark Enterprise for LoRa Basics™ station, is configured in the TLS certificate for HTTP traffic section of the ThingPark Enterprise configuration. Ensure that provided certificates are valid by checking that no validation errors are displayed.
TLS certificate for HTTP traffic renewal
The certificate (or any intermediate certificate) can be renewed at any time. It must be renewed by a certificate signed by the same root certificate.
TLS certificate for HTTP traffic root certificate renewal
The root certificate can be renewed at any time by a new certificate with the same distinguished name and public key. If the configured root certificate is expired, all LoRa Basics™ station will be disconnected until the renewed root certificate is manually configured on each base station. When the root certificate is renewed before its expiration date, LoRa Basics™ stations will automatically download the renewed certificate using the old but still valid root certificate.
Upgrading from 6.1 or 7.1
If you are using the default TLS certificate for HTTP traffic and the
ThingPark Enterprise was initially installed using the 6.1 or 7.1 version,
the root certificate in the TLS certificate for HTTP traffic section will be empty.
The root certificate used to sign this default certificate (actility.local, *.actility.local)
can be retrieved in the IPsec certificate for base stations traffic section,
in the Certificate field.
Gateway Configuration
The following two files should be configured on the gateways:
cups.uri: should contain only thehttps://<fqdn/ip>:443string, where<fqdn/ip>is the same as the HTTP hostname or IP address configured in the TPE Configuration Cockpit module,cups.trustshould contain the Root certificate configured in the TLS certificate for HTTP traffic section in the TPE Configuration Cockpit module. The certificate can be in DER (binary) or PEM (base64 encoded with BEGIN and END CERTIFICATE) format. The content of the form field in the TPE Configuration Cockpit module can just be copied and pasted into thecups.trustfile.