search

EOS-Nation / bpvalidate

Tools to validate BPs have set up their public configuration correctly
MIT License
20 stars 19 forks source link

TLS endpoint verification fails #28

Closed fschoell closed 6 years ago

fschoell commented 6 years ago

Report: https://validate.eosnation.io/producers/bpeosindexio.html

Issue:

The TLS enpoint verification fails with this error: invalid URL value=<500 Can't connect to api.bp.eosindex.io:443 (SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed)> for field=<node[1].ssl_endpoint> for url=<https://api.bp.eosindex.io>

However, as you can see on https://api.bp.eosindex.io, TLS is working and the certificate is valid.

matthewdarwin commented 6 years ago

It seems your certificate chain is not entirely complete. Compare yours to mine.

yours:

openssl s_client -connect api.bp.eosindex.io:443
CONNECTED(00000003)
depth=0 CN = api.bp.eosindex.io
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = api.bp.eosindex.io
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=api.bp.eosindex.io
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[chop]

mine:

openssl s_client -connect api.eosn.io:443
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = eosn.io
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=eosn.io
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
[chop]
fschoell commented 6 years ago

Ah thanks, included the full chain, it's working now.