Howdy everybody, new here but have been enjoying ChirpStack very much for several months now.
I want to talk about Basic Station gateways for a second. I understant there is no CUPS support from CS which is fine and well, but has there been any plan for a more managed approach to TLS certificate generation via CS itself? I recently wrote a program called "CS-Bridge-Guard" which generates client and server certs for Basic Station mTLS and outputs a zip with the ca, cert, and key for the client. As you'll see from the splashscreen below, I have added several other functionalities as well, but want to know if this is something the community would widely benefit from.
Great to see you all here - Mitch
+----------------------------------------------------------+
| ___ ____ ____ _ _ |
| / __/ ___| | __ ) _ __(_) __| | __ _ ___ |
| | |_\___ \ | _ \| '__| |/ _` |/ _` |/ _ \ |
| | |_ ___) | | |_) | | | | (_| | (_| | __/ |
| \__|____/ |____/|_| |_|\__,_|\__, |\___| |
| / ___|_ _ __ _ _ |___/| |_ |
| | | _| | | |/ _` | '__/ _` | |
| | |_| | |_| | (_| | | | (_| | |
| \____|\__,_|\__,_|_| \__,_| |
| |
| ------| Keeping Your Certs Safe |------ |
| |
| Mitch Readinger 2-19-26 |
+----------------------------------------------------------+
What do you want to do?
1) Status check (certs + service + listener)
2) Initialize CA (create if missing)
3) Issue/Update SERVER cert for new public FQDN (install + optional restart)
4) Provision NEW gateway (issue client cert/key by EUI + export bundle zip)
5) Update EXISTING gateway (re-issue client cert/key by EUI)
6) Restart gateway bridge service
7) Tail gateway bridge logs (Ctrl+C to stop)
8) Configure paths/options (show or set)
9) Inventory: search / list / mark installed / set nickname / expiring
10) Server cert rollback (restore previous lns-server cert/key)
0) Exit
Enter a number (m=main, q=quit):
