Skip to content

chore: host EMQX SL cert directory at /emqxsl-cert/#186

Closed
mikestankavich wants to merge 1 commit into
mainfrom
docs/emqxsl-cert-dir
Closed

chore: host EMQX SL cert directory at /emqxsl-cert/#186
mikestankavich wants to merge 1 commit into
mainfrom
docs/emqxsl-cert-dir

Conversation

@mikestankavich
Copy link
Copy Markdown
Contributor

@mikestankavich mikestankavich commented May 20, 2026

What

Stage a cert directory the GL-S10 beacon scanner can be pointed at.

  • Base URL for the device: https://docs.trakrf.id/emqxsl-cert/ (preview: https://docs.preview.trakrf.id/emqxsl-cert/)
  • The device appends ca.crt / client.crt / client.key to that base itself.
File Content
ca.crt EMQX SL CA — DigiCert Global Root G2, from https://assets.emqx.com/data/emqxsl-ca.crt
client.crt empty placeholder
client.key empty placeholder

Why this layout

The GL-S10 firmware takes a base directory URL and auto-fetches fixed filenames — it rejects a direct file URL. A previous attempt (#185) placed a single ca.crt and was closed; this re-does it as the directory pattern the firmware actually expects.

Notes

  • EMQX SL Serverless authenticates with username/password over server-auth TLS, not mutual TLS — so only ca.crt carries real content.
  • client.crt / client.key are empty placeholders, for firmware that wants all three paths to return 200. Empty by design: no private key is ever published. If the device requires a valid client key, that's real mTLS and cannot be solved by public hosting.
  • Unverified: whether the GL-S10 cert-download accepts HTTPS. Cloudflare Pages 301s HTTP→HTTPS, so if the firmware only speaks plain HTTP this won't work regardless of layout. Pointing the device at the preview URL and reading the actual error is the way to confirm.
  • Static-asset-only change — no doc content or config touched.

🤖 Generated with Claude Code

@claude
chore: host EMQX SL cert directory at /emqxsl-cert/
a4eb5d0 
The GL-S10 beacon scanner takes a base *directory* URL and appends
ca.crt / client.crt / client.key itself — it rejects a direct file URL.
Stage the directory so the device can be pointed at:

  https://docs.trakrf.id/emqxsl-cert/

- ca.crt:     EMQX SL CA (DigiCert Global Root G2), from
              https://assets.emqx.com/data/emqxsl-ca.crt
- client.crt: empty placeholder
- client.key: empty placeholder

EMQX SL Serverless authenticates with username/password over
server-auth TLS, so only ca.crt carries real content. The client.*
files are empty placeholders for firmware that expects all three
paths to return 200 — empty so no private key is ever published.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 20, 2026

🚀 Preview Deployment Update

✅ This PR has been successfully merged into the preview branch.

The preview environment will update shortly at: https://docs.preview.trakrf.id

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 20, 2026
edited
Loading

Deploying docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: a4eb5d0
Status: ✅  Deploy successful!
Preview URL: https://66a1b78b.docs-4n7.pages.dev
Branch Preview URL: https://preview.docs-4n7.pages.dev

View logs

github-actions Bot added a commit that referenced this pull request May 23, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
3b735a5
github-actions Bot added a commit that referenced this pull request May 23, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
29f49da
github-actions Bot added a commit that referenced this pull request May 24, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
e1ad4d7
github-actions Bot added a commit that referenced this pull request May 24, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
f2216b1
github-actions Bot added a commit that referenced this pull request May 27, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
0f112ed
github-actions Bot added a commit that referenced this pull request May 28, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
4b13238
github-actions Bot added a commit that referenced this pull request May 29, 2026
@github-actions
Merge PR #186: chore: host EMQX SL cert directory at /emqxsl-cert/
52713db
@mikestankavich
Copy link
Copy Markdown
Contributor Author

mikestankavich commented May 29, 2026

Closing — superseded by the MQTT broker migration from EMQX SL Serverless to Mosquitto on GKE. This PR hosted the EMQX SL CA (DigiCert Global Root G2) at /emqxsl-cert/ so the GL-S10 firmware could trust the EMQX SL broker's TLS. With the broker moving to Mosquitto-on-GKE, that CA is for the wrong endpoint, and the GKE broker's TLS is publicly-trusted (no hosted CA needed for the device). Never validated against a real device (the "does the GL-S10 accept HTTPS" question was left open). If a future broker turns out to need a privately-rooted CA hosted for the device, re-open with the new CA rather than this one.

@mikestankavich mikestankavich deleted the docs/emqxsl-cert-dir branch May 30, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mikestankavich