TMT250 send data to Java socket server over TLS

Teltonika Telematics
1

Hello,

I have a Java based server running a Server socket. The socket is configured with a SSL keystore containing the server certificate (private & public key) together with the CA certificate used to sign these keys. I also uploaded the same CA certificate to my TMT250 device.

When trying to connect to the server I always get a bad certificate error in the server log. When I try out the connection from within a simple Java client application having a truststore with the CA certificate in it configured, everything is working fine.

I followed this documentation : TLS traffic encryption between Teltonika devices and flespi

When I do the same towards the Flespi platform, everything works fine. The problem I’m facing is similar to Uploaded certificate to FMC125 and turning TLS on is not working - Crowd Support Forum | Teltonika GPS

Without TLS activated on the device and on the server, the messages are processed correctly.

Thanks for your help!

Kind regards,

What do I do wrong. Is there more extended documentation available?

2

Good day,

Please try to follow instructions on how to generate the certificates from this page:
https://wiki.teltonika-gps.com/view/How_to_generate_TLS_certificates_(Windows)%3F

If you will have any questions, forward them in this topic.

Regards

3

Hello,

Thanks for replying. I’m using easyrsa on Ubuntu. These are the commands that I execute:

make-cadir dev2

cd dev2

./easyrsa init-pki

./easyrsa build-ca nopass

./easyrsa --subject-alt-name=“DNS:myhost.com” build-server-full platform nopass

Consequently I should configure pki/issued/platform.crt as a server certificates chain and pki/private/platform.key as a server private key on my Java server in a keystore. Apparently I don’t manage to do that correctly using keytool. Can you point out the precedure?

Thanks!

4

Good day,

It seems that in DNS it is set as myhost.com - is this the correct domain? Have you tried using the external IP address of your server as the ALT name?

Kind regards

5

The hostname is indeed different but not want to put it here.

In the meantime I managed to get it fixed by recreating the keystore.

Johan,