https access fails due to certificate problem

me-box / databox

Databox container manager and dashboard server

MIT License

94 stars 25 forks source link

https access fails due to certificate problem #210

Closed cgreenhalgh closed 6 years ago

cgreenhalgh commented 6 years ago

Using version tag 0.3.0 on Mac OS, after installing the databox certificate and trusting it, I still cannot access the databox secure pages from Chrome or Safari, and can only do so from Firefox by adding an additional security exception.

The error appears to be due to the HTTPS certificate and/or the root certificate not specifying the Organisation and Organisational Unit for the Issuer and/or Issued to.

E.g. Chrome reports "NET::ERR_CERT_INVALID" and "the website sent scrambled credentials that Google Chrome cannot process".

Toshbrown commented 6 years ago

Hi,

What version of MacOS are you running? I was debugging a similar problem earlier with @tlodge.

Accessing his version of databox from my laptop (MacOS High Sierra 10.13.1) did not have the same problem.

Adding Organisation and Organisational Unit should not be difficult @ktg can you take a look, please.

cgreenhalgh commented 6 years ago

Mac OS el capitan 10.11.6.

haddadi commented 6 years ago

faced similar issue, proceeded by proceeding with the security exception only

== Hamed https://haddadi.github.io

On 12 December 2017 at 16:20, Chris Greenhalgh notifications@github.com wrote:

Mac OS el capitan 10.11.6.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/me-box/databox/issues/210#issuecomment-351102648, or mute the thread https://github.com/notifications/unsubscribe-auth/ACy0r2HilRVIF701eyWAkXyPenPlXFxZks5s_qfbgaJpZM4Q_MWW .

Toshbrown commented 6 years ago

PR #213 Did not fix this problem. Can someone post the output of this?

cd ./certs

openssl verify -verbose -CAfile ./containerManager.crt ./container-manager.pem

openssl version

haddadi commented 6 years ago

Badger:certs hamed$ openssl verify -verbose -CAfile ./containerManager.crt ./container-manager.pem Error opening certificate file ./container-manager.pem 140735893091208:error:02001002:system library:fopen:No such file or directory:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/bio/bss_file.c:255:fopen('./container-manager.pem', 'r') 140735893091208:error:20074002:BIO routines:FILE_CTRL:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/bio/bss_file.c:257: unable to load certificate Badger:certs hamed$ Badger:certs hamed$ openssl version LibreSSL 2.2.7 Badger:certs hamed$

Thomas-Lodge commented 6 years ago

openssl verify -verbose -CAfile ./containerManager.crt ./container-manager.pem
./container-manager.pem: OK
tlodge-2:certs tomlodge$

tlodge-2:certs tomlodge$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

Toshbrown commented 6 years ago

Fixed in https://github.com/me-box/databox/commit/e2d77c76f50dab2905b9ac47cfadf0275f13c3aa