Enable TLS on SBI

Hi there!

I’m trying to setup TLS for the SBI of free5gc. Unfortunately, I’m having some issues. If I’m not mistaken, one needs to change in the config folder every occurrence of the sbi.scheme setting from http to https. In addition, every Uri in the config needs to be changed to have a https as scheme. I.e. every NrfUri.

After doing that and confirming that there is no http (without being https) string in the config folder anymore, I try to start free5gs.
Unfortunately, I get a ton of error messages like:

[WARN][PCF][Init] AMF status subscribe Error[ server no response]
http: TLS handshake error from tls: first record does not look like a TLS handshake

Am I mistaken to think that I don’t need to recompile? What can this be? It is v.3.0.4. Everything works if TLS is disabled.

Thanks a lot in advance.


Can you share your config setting?

Yes, of course. Here is the patch, relative to the v.3.0.4 tag:

patch.diff.txt (10.0 KB)

You should drop the DB whenever you change NF address or their scheme. This is because most NFs in free5gc did not deregister themselves to NRF when NF is closed. So when perform NF_Discovery procedure, NRF will get the outdate NF Profile then return to the consumer

mongo --eval "db.NfProfile.drop()" free5gc

That worked! Thanks a lot! That’s logical but I didn’t think about it. I thought the new Uris would overwrite the old ones in the NRF.