Hosted mender mender.conf configuration

34 views
Skip to first unread message

Sam Lewis

unread,
Feb 17, 2019, 6:11:26 PM2/17/19
to Mender List mender.io
Was wondering if anyone could point me towards what mender.conf configuration I should be using with hosted mender? Maybe I didn't search hard enough but I couldn't find this documented anywhere.

At the moment I'm using:

{
  "ClientProtocol": "https",
  "ServerURL": "https://hosted.mender.io",
  "TenantToken": ".."
}

(Removed parts of the config that aren't related to the management server).

Does this look ok? From the 'default' config I removed the skipverify, changed the protocol to https and removed the ServerCertificate. However now when the mender client boots up it informs me that "Server certificate not provided. Trusting all servers." which I assume is not ideal! I was under the impression that hosted mender used all signed CA certs so I should be fine if I just install the ca-certificates package? How can I inform the client to only trust officially signed certs? Looking up the "todo" in the source code is a bit worrying as well: https://github.com/mendersoftware/mender/blob/1.7.x/client/client.go#L310

Appreciate any help,

Sam.

Kristian Amlie

unread,
Feb 18, 2019, 2:24:32 AM2/18/19
to men...@lists.mender.io, Sam Lewis
This is an exceptionally misleading message, and certainly wrong. It
definitely does not trust all servers. I'm surprised this message went
unnoticed for so long. See my fix for the explanation:
https://github.com/mendersoftware/mender/pull/354/files

--
Kristian

signature.asc

Sam Lewis

unread,
Feb 19, 2019, 3:35:58 AM2/19/19
to Kristian Amlie, men...@lists.mender.io
Thanks Kristian! That certainly makes me feel better.
Reply all
Reply to author
Forward
0 new messages