Hi guys,
I’m trying to get the Blynk Local Server configured properly. I was following the procedures stated on your Git Page. Here is what I’ve done so far and I believe I’m very close to getting it to work, but I believe the certificates are causing some issues.
- Running latest Java - java version “1.8.0_45”
- Cloned the Blynk-Server repo
- Downloaded the files from here for the latest build (0.5, when I’m writing this).
- Generated the ssl-certificates as explained on the Git.
- Created a server.properties file and added the keys accordingly
4 & 5 were done under blynk-server
directory
I can successfully do the following:
-
launch the server locally by using java -jar server-0.5.jar -hardPort 8442 -appPort 8443
-
launch the client, register & login using
java -jar client-0.5.jar -mode app -host 172.x.x.x -port 8443
register email@email.com Password
login email@email.com Password
-
From the iPhone app, I was also able to connect to my local server via the custom IP.
-
I was even able to simulate the hardware via the CLI using
java -jar client-0.5.jar -mode hardware -host 172.x.x.x -port 8442
login tokenID
Now the problem:
When I run the following command
./blynk-ser.sh
I get the following error:
[ Press Ctrl+C to exit ]
Resetting device /dev/tty.wchusbserialfd120...
Connecting: GOPEN:/dev/tty.wchusbserialfd120,raw,echo=0,clocal=1,cs8,nonblock=1,ixoff=0,ixon=0,ispeed=9600,ospeed=9600,crtscts=0 <-> openssl-connect:172.x.x.x:8441,cafile=certs/server.crt,nodelay
2015/05/14 15:15:59 socat[32732] N opening character device "/dev/tty.wchusbserialfd120" for reading and writing
2015/05/14 15:16:01 socat[32732] N opening connection to LEN=16 AF=2 172.x.x.x:8441
2015/05/14 15:16:01 socat[32732] N successfully connected from local address LEN=16 AF=2 172.x.x.x:55982
2015/05/14 15:16:01 socat[32732] E SSL_connect(): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015/05/14 15:16:01 socat[32732] N exit(1)
Reconnecting in 3s...
I’ve already modified the blynk-ser.sh file to reflect my local server and created a new cert file. What am I doing wrong? Please help.
Hello @ram1505,
please show your server.properties file and log output after server start (blynk.log).
Most probably you didn’t specify correct path/pass to cert on server side; Server start log will give more info.
Hi @Dmitriy
Thanks for the response. So do you still need the server properties and log file?
@Dmitriy, here are the files that you have asked for. The server.properties file is located in the blynk-server directory where the jar files as well as the key files are located. The key file is named as server.key, server.pem, server.csr, server.crt.
Let me know if you find something wrong.
I’ve also attached a modified blynk-ser-local.sh file with the server address pointing to my local IP and the keys located under the certs directory.
@ram1505
You could find in a log a string
12:51:43.130 WARN - ATTENTION. Certificate path not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
It tells you that path to your certs configured wrong. So all you have to do is to change
server.ssl.cert=server.crt
server.ssl.key=server.pem
in your properties file to
server.ssl.cert=./server.crt
server.ssl.key=./server.pem
Let me know if that resolved your issue.
@Dmitriy, thanks for the reply. I’ve corrected the mistake on my server.properties file and restarted everything. I’m still getting stuck when I run the ./blynk-ser-local.sh file that I sent you earlier. Here is the error I’m getting:
Connecting: GOPEN:/dev/tty.wchusbserialfa130,raw,echo=0,clocal=1,cs8,nonblock=1,ixoff=0,ixon=0,ispeed=9600,ospeed=9600,crtscts=0 <-> openssl-connect:localhost:8441,cafile=certs/server.crt,nodelay
2015/05/14 21:54:40 socat[2477] N opening character device "/dev/tty.wchusbserialfa130" for reading and writing
2015/05/14 21:54:40 socat[2477] N opening connection to LEN=16 AF=2 127.0.0.1:8441
2015/05/14 21:54:40 socat[2477] N successfully connected from local address LEN=16 AF=2 127.0.0.1:49673
2015/05/14 21:54:40 socat[2477] E SSL_connect(): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015/05/14 21:54:40 socat[2477] N exit(1)
Reconnecting in 3s...
Does warning in logs disappeared after restart?
@Dmitriy, nope. It still shows the warning
Error is pretty clear, your client cert (those one that is in folder certs) does not correspond to server cert. Have you replaced cert in “certs” folder with those one you generated?
Also you could try to remove your certs and clear paths in server.properties and check without it.
Also there is a chance that path you put in properties file does not correspond to real. You also could try full path instead of relative to be sure.
@Dmitriy, when you say path to cert is wrong, which cert location are you specifying here? I’ve 2 folders .One is the blynk-server folder. I’ve followed the git tutorial to create the certs under the root of this folder. This is the folder where the server.jar and client.jar files reside too under the root of the folder.
The second folder I have is at a different location and this is basically a git clone of the blynk library folder. Under this library folder, there is a folder called scripts and under which another folder called certs. There is a server.crt and server.key file located here.
The library folder is used for communicating with my Arduino via USB and Socat. When I start server and try connecting my Arduino by running the ./blynk-ser.sh, I get a message saying Reconnecting...
on a loop.
You can find the zip file of the blynk-server folder here.
@ram1505
Paths are ok.
did you copy generated server.crt from archive you sent me to “certs” folder of “scripts” folder where you’are running blynk-ser.sh from?
1 Like
@Dmitriy, I did. But even before running the blynk-ser.sh, when I start the server-0.5.jar using java -jar server-0.5.jar
, I can already see the log files showing the warning.
WARN - ATTENTION. Certificate path not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
@ram1505
What I did:
- Downloaded and unpacked your zip file with server;
- Copied server.crt from your zip to “scripts/certs” folder of my latest Blynk library;
- Ran server “java -jar server-0.5.jar”;
- Made “cd /my_blynk_lib/scripts”;
- Ran “./blynk-ser.sh -c /dev/ttyACM1 -s localhost”;
All works perfectly! Please repeat and tell me what you did wrong during previous tries so we could simplify.
1 Like
Also have in mind - I didn’t change anything within scripts.
@Dmitriy, thanks for the step by step instructions. Did exactly the same and I get the following error message when I try to connect to my arduino at Step 5.
Connecting: GOPEN:/dev/tty.wchusbserialfd120,raw,echo=0,clocal=1,cs8,nonblock=1,ixoff=0,ixon=0,ispeed=9600,ospeed=9600,crtscts=0 <-> openssl-connect:localhost:8443,cafile=certs/server.crt,nodelay
2015/05/20 07:50:48 socat[3637] N opening character device "/dev/tty.wchusbserialfd120" for reading and writing
2015/05/20 07:50:50 socat[3637] N opening connection to LEN=16 AF=2 127.0.0.1:8443
2015/05/20 07:50:50 socat[3637] N successfully connected from local address LEN=16 AF=2 127.0.0.1:49825
2015/05/20 07:50:50 socat[3637] E SSL_connect(): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015/05/20 07:50:50 socat[3637] N exit(1)
Reconnecting in 3s...
Can I ask you if you changed the blynk-ser.sh file to point to localhost or left it to SERV_ADDR=cloud.blynk.cc
?
I tried both cloud.blynk.cc as well as localhost for the SERV_ADDR and I get the same error message as posted above.
Also, should I use ./certs/server.crt or certs/server.crt
?
Sorry for troubling you on this topic
Finally, figured out what was wrong. It works perfectly now! When I created the certificate, I gave a different name for the commonName. When I changed it to localhost, everything works perfectly.
Thanks a lot for your help.
@ram1505
Oh good, will add this to tutorial. Thanks for your feedback.