SSL certificate problem (again)

[TrevorH]

Show us the exact error you see.

[Whoever]

The documentation on installing Node-RED does not include any mention of installing Apache web server, so I think that Node-RED includes its own web server. Thus you need to look at the documentation for Node-RED for configuration of the SSL Certificates.

I note that the certificate error only shows when I go to a URL such as:
https://rucheconnectee.mc:1880/

When I go there, I get certificate errors and the certificate looks self-signed.

[Fabien]

Hello,

@TrevorH
The second attached file shows displayed error when using Google Chrome on the the web page embedding the Node-RED collected data for the first time.

When I open the page in a tab, I need to accept the SSL certificate:


@Whoever
The first attached file shows the message about the SSL certificate. It is described as valid. If it is self-signed, I don't know where it comes from. The openssl command only shows one certificate in Apache. Can it see any SSL certificate for another web server?

[Fabien]

Replying to my own last question! I typed this openssl command:

Code: Select all

$ openssl s_client -showcerts -connect 80.94.97.61:1880

CONNECTED(00000003)
depth=0 C = MC, ST = MONACO, L = Monaco, O = DENJS, OU = DENJS, CN = rucheconnectee.mc, emailAddress = fnguyen@gouv.mc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = MC, ST = MONACO, L = Monaco, O = DENJS, OU = DENJS, CN = rucheconnectee.mc, emailAddress = fnguyen@gouv.mc
verify return:1
---
Certificate chain
 0 s:/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
   i:/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
---
Server certificate
subject=/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
issuer=/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1606 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : XXXXXXXXXX
    Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Session-ID-ctx:
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    XXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXX
    Start Time: 1666684067
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

So, Node-RED is still using a self-signed certificate.

[TrevorH]

Yes. So you need to find out how to install the correct SSL cert in this Node-RED thing.