search

CreatorDev / DeviceServer

26 stars 20 forks source link

Cannot verify certificates #26

Closed mkowalczyk88 closed 7 years ago

mkowalczyk88 commented 7 years ago

Following https://github.com/CreatorDev/DeviceServer/blob/master/doc/devServerInstallation.md I cannot generate proper certificates. Error I'm getting:

mkmk88@mkmk88-VirtualBox:~/devel/creator/DeviceServer/docker/ds$ openssl verify -verbose -CAfile <(cat Root.pem CA.pem) LWM2MBootstrap.pem C = PL, ST = Wroclaw, O = img_img, OU = img_img, CN = localhost, emailAddress = xxxxx@gmail.com error 24 at 1 depth lookup: invalid CA certificate error LWM2MBootstrap.pem: verification failed

i'm using Ubuntu Xenial.

BTW, some time ago when I tried this I got following error:

$ openssl verify -verbose -CAfile <(cat Root.pem CA.pem) LWM2MServer.pem

C = PL, ST = Some-State, O = Internet Widgits Pty Ltd, CN = lwm2m error 7 at 0 depth lookup: certificate signature failure error LWM2MServer.pem: verification failed 139723596171008:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:crypto/asn1/a_verify.c:174:

What am I missing?

boyvinall commented 7 years ago

I don't particularly like the manual instructions we have for this. I've just created a little Makefile that automates this. Try grabbing this and just run make, let me know if that generates certificates that verify ok for you.

Note that this is something I've just put together fairly quickly. It changes some filenames compared to the original instructions, and I've not really thought about the subject details so stuff like the CN might not be appropriate - but it's easily changed from the commandline.

mkowalczyk88 commented 7 years ago

Thank you. Generating certificates using your Makefile succeeds. Have you consider adding it to the official installation guide? Anyway, with proper certificates I'm still getting the same behavior described in https://github.com/CreatorDev/DeviceServer/issues/20 ... :(

boyvinall commented 7 years ago

Yes, we'll add this to the build process .. although will probably modify slightly to leave some information blank and check that it has been specified as part of the command/environment.

boyvinall commented 7 years ago

I still don't know why you're getting that behaviour in the other issue, but I've not had time to spend investigating that deeper yet, sorry.