SSL certificate problem (again)

Issues related to configuring your network
User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SSL certificate problem (again)

Post by TrevorH » 2022/10/24 12:34:39

Show us the exact error you see.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: SSL certificate problem (again)

Post by Whoever » 2022/10/24 15:07:37

The documentation on installing Node-RED does not include any mention of installing Apache web server, so I think that Node-RED includes its own web server. Thus you need to look at the documentation for Node-RED for configuration of the SSL Certificates.

I note that the certificate error only shows when I go to a URL such as:
https://rucheconnectee.mc:1880/

When I go there, I get certificate errors and the certificate looks self-signed.

Fabien
Posts: 18
Joined: 2022/05/23 13:16:20

Re: SSL certificate problem (again)

Post by Fabien » 2022/10/25 07:23:59

Hello,

@TrevorH
The second attached file shows displayed error when using Google Chrome on the the web page embedding the Node-RED collected data for the first time.

When I open the page in a tab, I need to accept the SSL certificate:
Image

@Whoever
The first attached file shows the message about the SSL certificate. It is described as valid. If it is self-signed, I don't know where it comes from. The openssl command only shows one certificate in Apache. Can it see any SSL certificate for another web server?
Attachments
Valid SSL certificate but self-signed?
Valid SSL certificate but self-signed?
chrome_rucheconnectee_certificat_ssl.jpg (93.21 KiB) Viewed 4907 times
This is the error displayed when using Google Chrome on the the web page embedding the Node-RED collected data for the first time.
This is the error displayed when using Google Chrome on the the web page embedding the Node-RED collected data for the first time.
chrome_error_displaying_node_red.jpg (155.33 KiB) Viewed 4907 times

Fabien
Posts: 18
Joined: 2022/05/23 13:16:20

Re: SSL certificate problem (again)

Post by Fabien » 2022/10/25 07:53:16

Replying to my own last question! I typed this openssl command:

Code: Select all

$ openssl s_client -showcerts -connect 80.94.97.61:1880

CONNECTED(00000003)
depth=0 C = MC, ST = MONACO, L = Monaco, O = DENJS, OU = DENJS, CN = rucheconnectee.mc, emailAddress = fnguyen@gouv.mc
verify error:num=18:self signed certificate
verify return:1
depth=0 C = MC, ST = MONACO, L = Monaco, O = DENJS, OU = DENJS, CN = rucheconnectee.mc, emailAddress = fnguyen@gouv.mc
verify return:1
---
Certificate chain
 0 s:/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
   i:/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
---
Server certificate
subject=/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
issuer=/C=MC/ST=MONACO/L=Monaco/O=DENJS/OU=DENJS/CN=rucheconnectee.mc/emailAddress=fnguyen@gouv.mc
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1606 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : XXXXXXXXXX
    Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Session-ID-ctx:
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    XXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXX
    Start Time: 1666684067
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
So, Node-RED is still using a self-signed certificate.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SSL certificate problem (again)

Post by TrevorH » 2022/10/25 11:38:29

Yes. So you need to find out how to install the correct SSL cert in this Node-RED thing.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply