Hello There, Guest!  
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

NEMS SSL Error

#11
Robbie, this is the output of my nems-info sslcert command (after run the quickfix script):

[email protected]:~ $ nems-info sslcert
Certificate:
   Data:
       Version: 1 (0x0)
       Serial Number: 1 (0x1)
   Signature Algorithm: sha256WithRSAEncryption
       Issuer: C = CA, ST = Ontario, L = Toronto, O = NEMS Linux, CN = *.NEMS.local, emailAddress = [email protected]
       Validity
           Not Before: Nov 10 12:01:04 2017 GMT
           Not After : Sep 19 12:01:04 2027 GMT
       Subject: C = CA, ST = Ontario, L = Toronto, O = NEMS Linux, CN = *.NEMS.local, emailAddress = [email protected]
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (2048 bit)
               Modulus:
                   00:c1:b3:f0:16:ec:fb:19:f4:d9:47:bd:18:1a:e2:
                   6f:02:4b:cd:f4:40:e7:10:30:6f:6e:c5:b8:65:d1:
                   db:3f:bc:b9:23:a3:39:44:d1:05:29:1b:d8:8c:61:
                   91:12:5d:f8:fa:51:18:d0:b0:98:96:4e:b1:88:19:
                   aa:3e:be:f9:58:9e:5c:e0:f6:8f:61:9c:38:54:78:
                   55:b6:3c:3b:27:2b:4b:36:b3:aa:40:8f:81:65:44:
                   12:8d:82:2e:b5:b2:b6:b9:53:b6:74:e9:ae:7f:af:
                   18:f0:d4:9c:c7:06:0d:15:62:f2:39:1a:6b:85:b5:
                   38:1d:da:7d:0f:54:0c:2a:1d:6a:a2:40:73:41:49:
                   74:4a:d1:fe:89:ca:d6:1b:ef:0e:a0:3b:8a:bf:41:
                   45:09:58:1f:43:94:d7:ed:dd:10:ac:1b:03:65:ee:
                   5c:1c:fc:10:81:43:84:d1:94:13:ce:ab:6c:84:d3:
                   27:5b:04:53:80:1a:b5:4d:50:aa:8a:e2:25:a3:bc:
                   9e:69:13:d5:55:26:4a:16:08:d3:ca:ae:20:c5:a6:
                   25:6c:06:d7:17:66:a8:6a:10:14:a4:7e:d4:9a:f8:
                   87:1b:9f:51:37:8f:d6:85:55:8c:2d:86:41:25:00:
                   e3:e4:44:49:8d:01:46:5a:c9:e7:e4:50:02:4f:d6:
                   e6:23
               Exponent: 65537 (0x10001)
   Signature Algorithm: sha256WithRSAEncryption
        7b:ef:42:0f:7e:0f:c4:a6:7b:bb:3a:0d:70:eb:10:38:a2:1c:
        b9:8f:58:92:42:52:02:9d:9d:fc:51:ac:26:e5:7b:49:1a:35:
        fb:ad:0c:a3:78:57:2d:0b:8e:4a:91:ff:49:32:a9:64:8b:c1:
        cf:a1:39:63:21:38:87:60:44:1e:d5:c2:f3:58:20:cd:f8:03:
        ad:98:4a:6a:b5:4f:df:e5:81:1f:19:19:a2:7b:8a:6e:cc:9e:
        4e:3f:aa:e8:7a:83:18:a8:b5:ca:98:38:a9:9f:04:79:27:b8:
        0f:a8:09:36:98:42:57:81:b7:33:c3:e8:40:da:1c:de:9f:16:
        ae:95:0c:70:85:2e:0a:42:3b:2a:0b:1a:46:0b:52:f9:ea:20:
        6e:15:3e:61:67:ec:a8:96:18:37:5b:f2:d2:85:e2:38:86:b7:
        07:ff:85:7d:22:a4:cd:05:fb:b9:13:28:51:72:8d:de:4f:17:
        ba:79:c1:16:ec:d7:94:fd:f4:69:1b:fe:d1:53:2e:77:35:f4:
        0e:11:19:2d:ad:e2:54:5b:36:2b:51:83:c3:0f:14:9a:2d:65:
        d3:72:e3:0b:d6:35:a7:c5:82:29:bd:63:84:5c:8e:90:a6:c9:
        97:f3:ea:2a:ec:e6:2a:29:56:b5:f2:c0:04:27:ff:e2:f5:c5:
        4c:55:71:56
-----BEGIN CERTIFICATE-----
MIIDfDCCAmQCAQEwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAkNBMRAwDgYD
VQQIDAdPbnRhcmlvMRAwDgYDVQQHDAdUb3JvbnRvMRMwEQYDVQQKDApORU1TIExp
bnV4MRUwEwYDVQQDDAwqLk5FTVMubG9jYWwxJDAiBgkqhkiG9w0BCQEWFW5vcmVw
bHlAbmVtc2xpbnV4LmNvbTAeFw0xNzExMTAxMjAxMDRaFw0yNzA5MTkxMjAxMDRa
MIGDMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEQMA4GA1UEBwwHVG9y
b250bzETMBEGA1UECgwKTkVNUyBMaW51eDEVMBMGA1UEAwwMKi5ORU1TLmxvY2Fs
MSQwIgYJKoZIhvcNAQkBFhVub3JlcGx5QG5lbXNsaW51eC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBs/AW7PsZ9NlHvRga4m8CS830QOcQMG9u
xbhl0ds/vLkjozlE0QUpG9iMYZESXfj6URjQsJiWTrGIGao+vvlYnlzg9o9hnDhU
eFW2PDsnK0s2s6pAj4FlRBKNgi61sra5U7Z06a5/rxjw1JzHBg0VYvI5GmuFtTgd
2n0PVAwqHWqiQHNBSXRK0f6JytYb7w6gO4q/QUUJWB9DlNft3RCsGwNl7lwc/BCB
Q4TRlBPOq2yE0ydbBFOAGrVNUKqK4iWjvJ5pE9VVJkoWCNPKriDFpiVsBtcXZqhq
EBSkftSa+Icbn1E3j9aFVYwthkElAOPkREmNAUZayefkUAJP1uYjAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAHvvQg9+D8Sme7s6DXDrEDiiHLmPWJJCUgKdnfxRrCbl
e0kaNfutDKN4Vy0LjkqR/0kyqWSLwc+hOWMhOIdgRB7VwvNYIM34A62YSmq1T9/l
gR8ZGaJ7im7Mnk4/quh6gxiotcqYOKmfBHknuA+oCTaYQleBtzPD6EDaHN6fFq6V
DHCFLgpCOyoLGkYLUvnqIG4VPmFn7KiWGDdb8tKF4jiGtwf/hX0ipM0F+7kTKFFy
jd5PF7p5wRbs15T99Gkb/tFTLnc19A4RGS2t4lRbNitRg8MPFJotZdNy4wvWNafF
gim9Y4RcjpCmyZfz6irs5iopVrXywAQn/+L1xUxVcVY=
-----END CERTIFICATE-----
 Reply
#12
Thanks. Did you double check to make sure the old cert isn't still in your browser? In Chrome it's in "Manage Certificates". Might need to remove old ones and reboot just to be sure.

I tried to replicate the issue yesterday evening but could not. So all the work on nems-cert is simply for good measure, and at least makes it easy for you to generate new certificates.

Also, what version of Chrome are you using?

We'll get to the bottom of it! Thanks!

Robbie
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#13
BTW, looking at the cert, this really looks like a browser issue. Hope you'll let me know soon what you're using. Have you tried installing Firefox just to see if it is just your Chrome?
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#14
Those having this problem, can you please confirm you are accessing NEMS via: https://nems.local/ and NOT the old IP address method, yes?
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
#15
Hello there,

It really seems the SSL cert process is not writing correct details to the cert.

I compared the one created with the nems-cert with a legit SSL cert.

We usually find a CN when we select the Certificate's object, which is not the case with the nems-cert generated cert. We find Object attributes like E, O, L, S, C and those don't fit with what the browser is trying to understand from the certificate.

Hope that helps!


Attached Files Thumbnail(s)
       
 Reply
#16
Hi, i think you´re right because chrome complaints about a non valid SSL response, and not about the validation of the cert. I´ve tried from a brand new installed windows with edge and IE and the result is the same.

Regards.
 Reply
#17
Thanks everyone! A working patch is in testing:

sudo nems-quickfix && sudo /usr/local/share/nems/nems-scripts/testfix.sh

Update: DEPRECATED - testing was successful. Patch rolled out to all NEMS devices. Your SSL should be working now.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
 Reply
 
Forum Jump:

Users browsing this thread: 1 Guest(s)