This could just be user error, but having difficulty using the CLI tools to test the Portal functionality. When starting the portal locally I'm running:

frida-portal --cluster-certificate=frida-cert.pem --cluster-token=foo

And then attempting to connect using frida-join, running:

frida-join -D [device] "[process]" "127.0.0.1:27042" frida-cert.pem foo

I get the message Joining portal... which goes for a bit, then ends with Unable to join: timeout was reached. I've attempted with different combinations of token and certificate and haven't had any success.

Do you still have this problem? If you do, are you sure the Portal port is open (you can test with netcat)?

Unfortunately, yes, still unable to have it connect. After launching the portal netstat reports:

tcp        0      0 127.0.0.1:27042         0.0.0.0:*               LISTEN      13548/frida-portal

When checking using netcat:

$ nc -vz 127.0.0.1 27042
Connection to 127.0.0.1 27042 port [tcp/*] succeeded!

@wwhurley Did you ensure that frida-cert.pem contains both the certificate and the private key? The client side should only have the certificate, but the chain needs to be complete. (We don't currently make use of the system's certificate store.)

I went through and reviewed the documentation a bit more and I have a slightly better idea of why what I was doing wasn't working, though I still can't get it to work. You're correct in that I didn't have my files set up correctly. However, after performing the following steps, I still haven't been able to get it right:

1. Create CA key and root certificate
2. Create a key and CSR
3. Sign CSR using CA

What it appears is that frida-portal should take a PEM encoded file that contains the key and certificate from step 3 and frida-join should take a PEM encoded file that just contains the certificate from the CA. Does that sound in the right neighborhood?