Hi,
I’ve followed the instructions in docs to use openssl to generate certificates for Blynk server on raspberry Pi, and they are in the same directory as the server file, but I still get the warning messages in the log file that the server certificates paths are not valid.
Where should the server certificates be?
Rob
Depends on what you configure in your server.properties file.
So the server.properties file is:
allowed.administrator.ips=192.168.0.0/24, 0:0:0:0:0:0:0:1
server.ssl.cert=server.crt
server.ssl.key=server.key
server.ssl.key.pass=##password##
data.folder=/tmp/blynk
and the blynk.log is:
2016-11-08 22:35:42.219 INFO - Initializing gmail smtp mail transport. Username : example@gmail.com. SMTP host : smtp.gmail.com:587
2016-11-08 22:35:42.378 WARN - ATTENTION. Certificate /home/pi/server.crt and key /home/pi/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-08 22:35:44.087 WARN - ATTENTION. Server certificate paths cert : '/home/pi/server.crt', key : '/home/pi/server.key' - not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own c$
2016-11-08 22:35:46.062 WARN - ATTENTION. Certificate /home/pi/server.crt and key /home/pi/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-08 22:35:50.240 WARN - ATTENTION. Certificate /home/pi/server.crt and key /home/pi/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-08 22:35:51.365 WARN - ATTENTION. Certificate /home/pi/server.crt and key /home/pi/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-08 22:35:53.209 INFO - Hardware plain tcp/ip server listening at 8442 port.
2016-11-08 22:35:53.216 INFO - Hardware SSL server listening at 8441 port.
2016-11-08 22:35:53.217 INFO - Application server listening at 8443 port.
2016-11-08 22:35:53.218 INFO - HTTP API server listening at 8080 port.
2016-11-08 22:35:53.220 INFO - HTTPS API server listening at 9443 port.
2016-11-08 22:35:53.221 INFO - HTTPS Admin UI server listening at 7443 port.
2016-11-08 22:35:53.222 INFO - Web Sockets server listening at 8082 port.
2016-11-08 22:35:53.224 INFO - Web SSL Sockets server listening at 8081 port.
2016-11-08 22:35:53.225 INFO - Mqtt hardware server listening at 8440 port.
2016-11-08 22:35:57.711 INFO - ##myemail##@gmail.com hardware joined.Did you follow the manual for creating certificates and are they actually in the place where the log say are?
Hi thanks for looking at this.
Yes I followed the instructions in docs and they are in the same directory as the server file.
Can you do me a favor and change the path to the absolute path of the certs? E.g. server.ssl.crt=/home/pi/server.crt and so on?
Hi,
I’ve done that but the log file is saying that the “/home/pi/home/pi/server.crt” and .key are not vaild.
It seems to be adding a “/home/pi” to the beginning of the path itself?
Rob
Many beginners work in /home/pi directory by default. So if your certs are located there you don’t need /home/pi in the path, use ~/server.crt etc.
server.ssl.cert=/storage/blynk/server.crt
server.ssl.key=/storage/blynk/server.pem
These are my lines as I set them. Are yours the same? (except the path of course)
@Costas if you enter an absolute path it should work, like above. In the USB-serial script there is a variable to the location of the files, but not in the server.properties 
I’m afraid that is not the case if server.properties, certs and the java app are all in the root directory (/home/pi/) for the Pi user.
Maybe ~/home/pi/ would work but not simply /home/pi/ as that just adds an extra /home/pi/ to the existing /home/pi/ path as confirmed by @Rob.
For 2 of my Pi servers I am using the following as all associated bits are in the root path for user Pi:
server.ssl.cert=~/server.crt
server.ssl.key=~/server.key
Edit: the paths above are incorrect, see later post.
But it works fine for me and it’s how a config file on Linux works? I’m 99% sure it has nothing to do with where the files are located.
Maybe @Dmitriy can shed some light
I checked my logs and it confirms my last post is incorrect.
server.ssl.cert=~/server.crt
server.ssl.key=~/server.key
the error in the log is /home/pi/~/server.crt and key /home/pi/~server.pem paths not valid
having changed the paths to simply
server.ssl.cert=server.crt
server.ssl.key=server.key
the log now shows the certs are fine.
For two way ssl you will also need to enter the details for the client, so this if everything is in the root directory.
client.ssl.cert=server.crt
client.ssl.key=server.pemHi,
Thanks to you both for looking at this.
I’ve put the server.jar file, server.properties and the certificates files into /home/pi/Blynk.
I generated the certificates using openssl and following the instructions here:http://docs.blynk.cc/#blynk-server-advanced-local-server-setup-generate-ssl-certificates
The Server is working, it connects to the Sparkfun Thing Dev ESP8266 Board i’m using to test and to my Android mobile - the blink (LED 5) sketch works fine.
I thought it best to provide all the following:
Directory:
pi@raspberrypi:~ $ cd /home/pi/Blynk
pi@raspberrypi:~/Blynk $ dir
deleted server-0.19.1.jar server.pem
mail.properties server.csr server.properties
##myemail##@gmail.com.Blynk.user server.key static
pi@raspberrypi:~/Blynk $
I have the following entry in crontab:
@reboot java -jar /home/pi/Blynk/server-0.19.1.jar -dataFolder /home/Blynk &
server.properties:
allowed.administrator.ips=192.168.0.0/24, 0:0:0:0:0:0:0:1
server.ssl.cert=/home/pi/Blynk/server.crt
server.ssl.key=/home/pi/Blynk/server.key
server.ssl.key.pass=##mypassword##
data.folder=/tmp/blynk
blynk.log:
2016-11-13 09:48:44.651 INFO - Region : local
2016-11-13 09:48:48.924 INFO - Initializing gmail smtp mail transport. Username : ##myyemail##@gmail.com. SMTP host : smtp.gmail.com:587
2016-11-13 09:48:49.180 WARN - ATTENTION. Certificate /home/pi/Blynk/server.crt and key /home/pi/Blynk/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-13 09:48:53.163 WARN - ATTENTION. Server certificate paths cert : '/home/pi/Blynk/server.crt', key : '/home/pi/Blynk/server.key' - not valid. Using embedded server certs and one way ssl. This is not secure. Please re$
2016-11-13 09:48:55.282 WARN - ATTENTION. Certificate /home/pi/Blynk/server.crt and key /home/pi/Blynk/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-13 09:48:56.598 WARN - ATTENTION. Certificate /home/pi/Blynk/server.crt and key /home/pi/Blynk/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-13 09:48:58.744 WARN - ATTENTION. Certificate /home/pi/Blynk/server.crt and key /home/pi/Blynk/server.key paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
2016-11-13 09:49:01.424 INFO - Hardware plain tcp/ip server listening at 8442 port.
2016-11-13 09:49:01.435 INFO - Hardware SSL server listening at 8441 port.
2016-11-13 09:49:01.437 INFO - Application server listening at 8443 port.
2016-11-13 09:49:01.439 INFO - HTTP API server listening at 8080 port.
2016-11-13 09:49:01.442 INFO - HTTPS API server listening at 9443 port.
2016-11-13 09:49:01.444 INFO - HTTPS Admin UI server listening at 7443 port.
2016-11-13 09:49:01.449 INFO - Web Sockets server listening at 8082 port.
2016-11-13 09:49:01.451 INFO - Web SSL Sockets server listening at 8081 port.
2016-11-13 09:49:01.453 INFO - Mqtt hardware server listening at 8440 port.
2016-11-13 11:20:23.295 INFO - ##myemail##@gmail.com hardware joined.
2016-11-13 11:23:41.739 INFO - ##myemail##@gmail.com Blynk-app joined.
Thanks again.
Rob
Where is the server.crt file? I don’t see it in your file listing? It is the most important file