Certificate generation service is down

[emilwojcik93]

Hello, I can't generate certificate through "easy_openwrt.sh". To exclue firewall blocking rules on my device I've try to reach generation service through remote server and online curl but still I can't connect to this service.

root@OpenWrt:~# curl -v http://mariusmotea.go.ro:9002/gencert?mac=$mac
* Failed to connect to mariusmotea.go.ro port 9002: Host is unreachable
curl: (7) Failed to connect to mariusmotea.go.ro port 9002: Host is unreachable

[mariusmotea]

Remote service is down. It will be restored in few days.

[emilwojcik93]

Thanks for quick response. I'm awaiting further development 👍

[juanesf]

If you have an experience and your OpenWRT device has enough space and memory, you can try the following script which does not use the generated in-line certificate, but it needs more libraries, space and time.

https://github.com/diyhue/diyHue/blob/dev/BridgeEmulator/install_openwrt.sh

See here: https://github.com/diyhue/diyHue/blob/dev/BridgeEmulator/install_openwrt.sh#L76

[mariusmotea]

I restore the online service for certificate generation.

[emilwojcik93]

@juanesf Thx, it's works. I've to:

ps | grep hue | grep -v grep
rm -rf /opt/hue* /etc/init.d/hue*
cd /tmp
wget --no-check-certificate https://raw.githubusercontent.com/diyhue/diyHue/master/BridgeEmulator/easy_openwrt.sh

Edit easy_openwrt.sh:

• commentout curl "http://mariusmotea.go.ro:9002/gencert?mac=$mac" > /opt/hue-emulator/cert.pem
• after above line add below section from install_openwrt.sh to creating certificate:

echo -e "\033[32m Creating certificate.\033[0m"
curl https://raw.githubusercontent.com/mariusmotea/diyHue/9ceed19b4211aa85a90fac9ea6d45cfeb746c9dd/BridgeEmulator/openssl.conf -o openssl.conf
wait
serial="${mac:0:2}${mac:3:2}${mac:6:2}fffe${mac:9:2}${mac:12:2}${mac:15:2}"
dec_serial=`python3 -c "print(int(\"$serial\", 16))"`
openssl req -new -days 3650 -config openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$serial" -keyout private.key -out public.crt -set_serial $dec_serial
wait
touch /opt/hue-emulator/cert.pem
cat private.key > /opt/hue-emulator/cert.pem
cat public.crt >> /opt/hue-emulator/cert.pem

and than run it with sh easy_openwrt.sh

[juanesf]

I'm glad to help. Can we close the problem?

[juanesf]

Although I have realized that you have used the obsolete repository the current is http://github.com/diyhue/diyhue

[andsol]

Not fixed yet. Any other way to generate it manually?

[mariusmotea]

curl "http://mariusmotea.go.ro:9002/gencert?mac=00:11:22:33:44:55" -v. It works, i test now with online curl

[andsol]

curl "http://mariusmotea.go.ro:9002/gencert?mac=00:11:22:33:44:55" -v

It gives empty response For the one who can not generate it:

mac=<your-mac-address>
curl https://raw.githubusercontent.com/mariusmotea/diyHue/9ceed19b4211aa85a90fac9ea6d45cfeb746c9dd/BridgeEmulator/openssl.conf -o openssl.conf

serial="${mac:0:2}${mac:3:2}${mac:6:2}fffe${mac:9:2}${mac:12:2}${mac:15:2}"
dec_serial=`python3 -c "print(int(\"$serial\", 16))"`
openssl req -new -days 3650 -config openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$serial" -keyout private.key -out public.crt -set_serial $dec_serial

touch /opt/hue-emulator/cert.pem
cat private.key > /opt/hue-emulator/cert.pem
cat public.crt >> /opt/hue-emulator/cert.pem
rm private.key public.crt

[mariusmotea]

You are right, the service was hosted on a PI4 B and it seams the SD card is dead. I will try to recover the code and fix it.

[cjackolass]

@mariusmotea

Some news for the sslcert server ?

curl: (7) Failed to connect to mariusmotea.go.ro port 9002: No route to host

:(

[cjackolass]

Work great with docker with sudo su for the installaltion 👍

[mariusmotea]

I need to write this service from scratch.will witte here once available again.

[mariusmotea]

Fixed.

curl mariusmotea.go.ro:9002/gencert?mac=00:11:22:33:44:55
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEyB+r8WIWExtCNzR
exMewdyEmw5q2TqzQUHdywTA1wWhRANCAARkFxkz6TDDTkutWUJpX3laTN54odtZ
fqe5dEC/ieYr3ntlk6UjXWMcwsAxlELM1J0iqfaZ99/3X2mo4FMoPyV5
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIB2zCCAYKgAwIBAgIFESIzRFUwCgYIKoZIzj0EAwIwOjELMAkGA1UEBhMCTkwx
FDASBgNVBAoMC1BoaWxpcHMgSHVlMRUwEwYDVQQDDAwwMDExMjIzMzQ0NTUwHhcN
MjEwMzI1MTIwODI0WhcNMzEwMzIzMTIwODI0WjA6MQswCQYDVQQGEwJOTDEUMBIG
A1UECgwLUGhpbGlwcyBIdWUxFTATBgNVBAMMDDAwMTEyMjMzNDQ1NTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABGQXGTPpMMNOS61ZQmlfeVpM3nih21l+p7l0QL+J
5ivee2WTpSNdYxzCwDGUQszUnSKp9pn33/dfaajgUyg/JXmjdTBzMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFC9HdnZ9KWRo0CfNYJMGvkkS0JZQMB8GA1UdIwQYMBaA
FC9HdnZ9KWRo0CfNYJMGvkkS0JZQMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAK
BggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiAxz3tQqEVJ616w8iHnNawRWBgU
7cqrxOtLkEs5FckHoAIgNYXWUnO6Zca2KjnGN/sMMBE6Mc2PxgX/HUJ4sAnRBws=
-----END CERTIFICATE-----

[emilwojcik93]

Service is working but in diyhue script is lack of parameters in curl request, it should look like this:

curl --http0.9 "http://mariusmotea.go.ro:9002/gencert?mac=$mac" > /opt/hue-emulator/cert.pem

Thx and best regards :)