Error on Registration POST

JavierGalileaBrite commented 2 months ago

Before opening an issue regarding registration problems please ensure that:

[x] You are following the documentation at https://developer.openbanking.prod.lunar.app/catalog/default/api/Registration
[x] Your certificate chain is valid
[x] Your intermediate certificate is on the EU Trusted List: https://eidas.ec.europa.eu/efda/tl-browser/#/screen/home

If all the above looks good you can open an issue.

Required information

Certificate chain used during registration:

curl \                                                                                                       
  -v \
  -H "Content-Type: application/json" \
  --data '{"redirectUris":["https://integration-callback.test.britepayments.io/v1/callback/redirect"],"roles":["PSP_AI", "PSP_PI"], "name":"BriteAB"}' \
  --cert qwac.pem \
  --key qwac.key \
  https://tpp.openbanking.prod.lunar.tech/tpp

Output of the registration call:

*   Trying 34.240.123.25:443...
* Connected to tpp.openbanking.prod.lunar.tech (34.240.123.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Enter PEM pass phrase:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=tpp.openbanking.prod.lunar.tech
*  start date: Jul 31 04:11:49 2024 GMT
*  expire date: Oct 29 04:11:48 2024 GMT
*  subjectAltName: host "tpp.openbanking.prod.lunar.tech" matched cert's "tpp.openbanking.prod.lunar.tech"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x60bf9611beb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> POST /tpp HTTP/2
> Host: tpp.openbanking.prod.lunar.tech
> user-agent: curl/7.81.0
> accept: */*
> content-type: application/json
> content-length: 139
> 
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* We are completely uploaded and fine
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS alert, unknown CA (560):
* OpenSSL SSL_read: error:0A000418:SSL routines::tlsv1 alert unknown ca, errno 0
* Failed receiving HTTP2 data
* OpenSSL SSL_write: SSL_ERROR_ZERO_RETURN, errno 0
* Failed sending HTTP2 data
* Connection #0 to host tpp.openbanking.prod.lunar.tech left intact
curl: (56) OpenSSL SSL_read: error:0A000418:SSL routines::tlsv1 alert unknown ca, errno 0

Time of the registration request: 9/11/2024 11:52

Link to the intermediate certificate on the EU Trusted list: https://www.fi.se/en/our-registers/company-register/details?id=171243

Debug information

Call https://debug.openbanking-sandbox.prod.lunar.tech including your full certificate chain and private key (eg. curl https://debug.openbanking-sandbox.prod.lunar.tech --cert your_full_certificate_chain.pem --key your_private_key.pem)
Trying 34.240.123.25:443...
Connected to debug.openbanking-sandbox.prod.lunar.tech (34.240.123.25) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1 Enter PEM pass phrase:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Request CERT (13):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Certificate (11):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, CERT verify (15):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=debug.openbanking-sandbox.prod.lunar.tech
start date: Jul 20 10:04:32 2024 GMT
expire date: Oct 18 10:04:31 2024 GMT
subjectAltName: host "debug.openbanking-sandbox.prod.lunar.tech" matched cert's "debug.openbanking-sandbox.prod.lunar.tech"
issuer: C=US; O=Let's Encrypt; CN=R11
SSL certificate verify ok.
Using HTTP2, server supports multiplexing
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Using Stream ID: 1 (easy handle 0x61da53329eb0)
TLSv1.2 (OUT), TLS header, Supplemental data (23):

POST / HTTP/2 Host: debug.openbanking-sandbox.prod.lunar.tech user-agent: curl/7.81.0 accept: / content-type: application/json content-length: 139
TLSv1.2 (OUT), TLS header, Supplemental data (23):
We are completely uploaded and fine
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.2 (IN), TLS header, Supplemental data (23):
Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
stopped the pause stream!
Connection #0 to host debug.openbanking-sandbox.prod.lunar.tech left intact curl: (92) HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
Note the time of the call: 9/11/2024 11:54

nixboot commented 2 months ago

Hi @JavierGalileaBrite.

Thanks for reaching out, and for filling out the template.

Can I get you to show the certificate chain used during registration? I.e. the certificates in qwac.pem

JavierGalileaBrite commented 2 months ago

Here you are @nixboot

nixboot commented 2 months ago

Thanks @JavierGalileaBrite.

If that is the whole contents of the qwac.pem file I have a thing to try: Can you to add the rest of the certificates of the chain to the file? The order in the file is: the leaf on the top, then any intermediate certificates, and lastly the root.

JavierGalileaBrite commented 2 months ago

I tried again and the error has changed @nixboot {"code":605,"message":"name in body should match '^[a-z0-9-_.]+$'"}%

Here is the full error trace

*   Trying 34.240.123.25:443...
* Connected to tpp.openbanking.prod.lunar.tech (34.240.123.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Enter PEM pass phrase:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=tpp.openbanking.prod.lunar.tech
*  start date: Jul 31 04:11:49 2024 GMT
*  expire date: Oct 29 04:11:48 2024 GMT
*  subjectAltName: host "tpp.openbanking.prod.lunar.tech" matched cert's "tpp.openbanking.prod.lunar.tech"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x556f1972beb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> POST /tpp HTTP/2
> Host: tpp.openbanking.prod.lunar.tech
> user-agent: curl/7.81.0
> accept: */*
> content-type: application/json
> content-length: 139
> 
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* We are completely uploaded and fine
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 422 
< content-type: application/json
< content-length: 67
< date: Fri, 13 Sep 2024 07:34:19 GMT
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host tpp.openbanking.prod.lunar.tech left intact
{"code":605,"message":"name in body should match '^[a-z0-9-_.]+$'"}%

nixboot commented 2 months ago

Hi @JavierGalileaBrite.

Thanks for the update. It looks like the connectivity is working now 💪

The error indicates the name parameter does not follow the required format. If your name follows the format, can I get you post it here? Then I can figure out where the error lies in our end.

JavierGalileaBrite commented 1 month ago

I just changed the name and now works, your error message was very clear. Thanks for your help :smiley:

lunarway / openbanking

Error on Registration POST #84

Before opening an issue regarding registration problems please ensure that:

Required information