Open JavierGalileaBrite opened 6 days ago
nixboot
commented
6 days ago Hi @JavierGalileaBrite.
Thanks for reaching out, and for filling out the template.
Can I get you to show the certificate chain used during registration? I.e. the certificates in qwac.pem
JavierGalileaBrite
commented
6 days ago Here you are @nixboot
-----BEGIN CERTIFICATE-----
MIIHXTCCBUWgAwIBAgIKDcLZ3yeyA37X4jANBgkqhkiG9w0BAQsFADBiMQswCQYD
VQQGEwJOTzEYMBYGA1UEYQwPTlRSTk8tOTgzMTYzMzI3MRMwEQYDVQQKDApCdXlw
YXNzIEFTMSQwIgYDVQQDDBtCdXlwYXNzIENsYXNzIDMgQ0EgRzIgUUMgV0EwHhcN
MjMxMDE2MTE0NTE0WhcNMjUxMTExMjI1OTAwWjCByTEZMBcGA1UEYQwQUFNEU0Ut
RklOQS00NjY0OTETMBEGA1UEBRMKNTU5MTE2MTYzMjETMBEGCysGAQQBgjc8AgED
EwJTRTEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xHjAcBgNVBAMMFWJy
aXRlcGF5bWVudGdyb3VwLmNvbTERMA8GA1UECgwIQnJpdGUgQUIxDzANBgNVBBEM
BjExNCA0NzESMBAGA1UEBwwJU1RPQ0tIT0xNMQswCQYDVQQGEwJTRTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPB3TtK5Zf0I3URZinPlsDLGgfhdKoT
os2vfErxnhgZ46Makj//GytSJcBymuEFHrBr6GnAmaQg7w1pLPv6sRkUjMG9r9Zr
Qzfh+O1xK8IucTcOYO76j9cAP8oRbhWhQ+6EAm2Lii1WYx2cDvZI1eacJ8lW6gUg
c+rqZy+fuM3m0RfV0XjbagpQAdhhS28jelEKOuaKKntJyvolKnsHIAZdrc0HT7lS
GjyXSNfaN3WWGMMYcNxEIJTYhWukdfUYeqKwqNBrq8znDcW8A/Xams/ZOazy2txA
f4efQOgo+JyiTU+IGu5y3ZfbRdaPqS4gJejItIiwMJWDu7Gv51mYg8cCAwEAAaOC
AqswggKnMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU63UxHk3jyzrqx6Ey/W/4
eTqncmUwHQYDVR0OBBYEFC+eyUQNb5gDv3Ki+wEpAapSKXyaMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA0
BghghEIBGgEDBzAoMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy5idXlwYXNzLm5v
L2NwczAJBgcEAIGYJwMBMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuYnV5
cGFzc2NhLmNvbS9CUENsM0NhRzJRQ1dBLmNybDA7BgNVHREENDAyghVicml0ZXBh
eW1lbnRncm91cC5jb22CGXd3dy5icml0ZXBheW1lbnRncm91cC5jb20wbwYIKwYB
BQUHAQEEYzBhMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcHdhLmJ1eXBhc3NjYS5j
b20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuYnV5cGFzc2NhLmNvbS9CUENsM0Nh
RzJRQ1dBLmNlcjAgBgVngQwDAQQXMBUTA1BTRBMCU0UMCkZJTkEtNDY2NDkwgc4G
CCsGAQUFBwEDBIHBMIG+MAgGBgQAjkYBATBkBgYEAIGYJwIwWjAmMBEGBwQAgZgn
AQIMBlBTUF9QSTARBgcEAIGYJwEDDAZQU1BfQUkMJ1N3ZWRpc2ggRmluYW5jaWFs
IFN1cGVydmlzaW9uIEF1dGhvcml0eQwHU0UtRklOQTATBgYEAI5GAQYwCQYHBACO
RgEGAzA3BgYEAI5GAQUwLTArFiVodHRwczovL3d3dy5idXlwYXNzLm5vL3Bkcy9w
ZHNfZW4ucGRmEwJlbjANBgkqhkiG9w0BAQsFAAOCAgEAh6RNCXvYMksa6nVz5CmM
f8XarROieqEwEg54FJIyOjQVec6Ca2aS+kpwKEiVvEaBOOjM+MCOWUmFdZ3FSzao
4e5tHsaQSotJEDRRlFIqWj3ZtIQZTyFjRxMxAsuG+jGMURPc+2E2f2HvDGMTYf85
MoOApvKhd71WwUqej60MLboA3l1mx5TMA8zNWxHj8pwfRhmtCQ9tkYu43NU9F2GV
zggkKTKmL0KzOLt+uYXuSW5KttFrAjZ1zTLNsbrgPOAl/+eHkH6KvZGHD3K9J45e
YmMU5yhXi1d4P+hjB+Yk836NRzJ8NUC1JAWhVXtkN+u8eAP+ecbmytDTsqe4J3wh
RtX2O3q12hWJCwtOjfNm67SV+CYqtIl8BiSqeWmdBlswIj9K/sem8FSuRK6gAIEp
HOhxN5UoLfSkWGUQQ7Y9DjfCls3bCb79hBwydLVSIJWEU1EgbccKmT429pIxALwt
rDyvaOurVUTN+LC/42XjY1Dq55lxMrl7dz+op/IVC0ha3Ivf197EjNbmaaC8Dh39
hmlqBGsfSWP/fL2PTrtQRqo8XZXO5Dv9fWUbVF9+/a6l9YQixx4PMH6jdejhzhk7
lYXtkTlcx9qEmoRyYkEfPS0EHl4XhskcUxAPeEj1IYGJqayniUMAliBJ23Gy9G2P
qZIeVxW1M9MViWB3yhbA6bc=
-----END CERTIFICATE-----Thanks @JavierGalileaBrite.
If that is the whole contents of the qwac.pem file I have a thing to try: Can you to add the rest of the certificates of the chain to the file?
The order in the file is: the leaf on the top, then any intermediate certificates, and lastly the root.
JavierGalileaBrite
commented
5 days ago I tried again and the error has changed @nixboot
{"code":605,"message":"name in body should match '^[a-z0-9-_.]+$'"}%
Here is the full error trace
* Trying 34.240.123.25:443...
* Connected to tpp.openbanking.prod.lunar.tech (34.240.123.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Enter PEM pass phrase:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=tpp.openbanking.prod.lunar.tech
* start date: Jul 31 04:11:49 2024 GMT
* expire date: Oct 29 04:11:48 2024 GMT
* subjectAltName: host "tpp.openbanking.prod.lunar.tech" matched cert's "tpp.openbanking.prod.lunar.tech"
* issuer: C=US; O=Let's Encrypt; CN=R11
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x556f1972beb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> POST /tpp HTTP/2
> Host: tpp.openbanking.prod.lunar.tech
> user-agent: curl/7.81.0
> accept: */*
> content-type: application/json
> content-length: 139
>
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* We are completely uploaded and fine
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 422
< content-type: application/json
< content-length: 67
< date: Fri, 13 Sep 2024 07:34:19 GMT
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host tpp.openbanking.prod.lunar.tech left intact
{"code":605,"message":"name in body should match '^[a-z0-9-_.]+$'"}%
Before opening an issue regarding registration problems please ensure that:
If all the above looks good you can open an issue.
Required information
Certificate chain used during registration:
Output of the registration call:
Time of the registration request: 9/11/2024 11:52
Link to the intermediate certificate on the EU Trusted list: https://www.fi.se/en/our-registers/company-register/details?id=171243
Debug information
Call
https://debug.openbanking-sandbox.prod.lunar.techincluding your full certificate chain and private key (eg.curl https://debug.openbanking-sandbox.prod.lunar.tech --cert your_full_certificate_chain.pem --key your_private_key.pem)Trying 34.240.123.25:443...
Connected to debug.openbanking-sandbox.prod.lunar.tech (34.240.123.25) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1 Enter PEM pass phrase:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Request CERT (13):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Certificate (11):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, CERT verify (15):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=debug.openbanking-sandbox.prod.lunar.tech
start date: Jul 20 10:04:32 2024 GMT
expire date: Oct 18 10:04:31 2024 GMT
subjectAltName: host "debug.openbanking-sandbox.prod.lunar.tech" matched cert's "debug.openbanking-sandbox.prod.lunar.tech"
issuer: C=US; O=Let's Encrypt; CN=R11
SSL certificate verify ok.
Using HTTP2, server supports multiplexing
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Using Stream ID: 1 (easy handle 0x61da53329eb0)
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
We are completely uploaded and fine
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.2 (IN), TLS header, Supplemental data (23):
Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
stopped the pause stream!
Connection #0 to host debug.openbanking-sandbox.prod.lunar.tech left intact curl: (92) HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
Note the time of the call: 9/11/2024 11:54