search

netbox-community / Device-Type-Library-Import

This library is intended to assist with importing device and module types into NetBox from the NetBox Community DeviceType-Library
https://github.com/netbox-community/devicetype-library
MIT License
270 stars 89 forks source link

SSL self signed certificate issue #58

Closed ait0rn00b closed 1 year ago

ait0rn00b commented 2 years ago

Yeah the same error as always, but I have changed bot options to false in settings.py and still get the following error: image

I know is a very recurring error but I'm a bit lost, netbox 3.3.5

ait0rn00b commented 2 years ago

I also tried with the env but nothing works, forgot to mention it

BMeach commented 2 years ago

Im having this same issue with self signed certs and with the env set to true and false Edit: This appears to be related to the default netbox install with nginx in my case where its not this scripts request returning the error but actually netbox which then gets passed to this script. The issue for me was the default nginx config with http redirection so I made it not redirect to https and set my netbox url as http instead of https in the .env file

dmidlo commented 2 years ago

same here. Brand new install of Ubuntu 22.04, brand new install of Netbox (w/nginx) following the netbox installation docs. toggling ignore in .env yielded the same error. I didn't think it would help, but I went into the script itself and forced the issue by editing out if settings.IGNORE_SSL_ERRORS: and still getting the self-signed error.

similar edit to the previous commenter:
yeah, it's hacky, but disabling https entirely does the trick.

here's my nginx config so nobody else has to google for it:

server {
    #listen [::]:443 ssl ipv6only=off;
    listen [::]:80 ipv6only=off;

    # CHANGE THIS TO YOUR SERVER'S NAME
    server_name netbox.your-domain.local

    #ssl_certificate /etc/ssl/certs/netbox.crt;
    #ssl_certificate_key /etc/ssl/private/netbox.key;

    client_max_body_size 25m;

    location /static/ {
        alias /opt/netbox/netbox/static/;
    }

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
}
}

#server {
    # Redirect HTTP traffic to HTTPS
#    listen [::]:80 ipv6only=off;
#    server_name _;
#    return 301 https://$host$request_uri;
#}

even if your netbox deployment will only ever be used in a local environment, be sure to re-enable https once your import tasks are completed.

Edit: here's another solution. you could add this to the top of your main script

import os

os.environ['REQUESTS_CA_BUNDLE'] = '/path/to/your/ca.pem' #or .crt
hermeticsoup commented 2 years ago

Same issue here; fresh install using lae.netbox ansible role on Ubuntu 20.04 with nginx in front of it.

I used:

os.environ['REQUESTS_CA_BUNDLE'] = '/path/to/your/ca.pem' #or .crt

to resolve. Worked a treat. Thanks for that!

danner26 commented 1 year ago

Hey @ait0rn00b, @BMeach, @dmidlo and @hermeticsoup. I have implemented a fix that will solve this SSL issue. Now, when you utilize the IGNORE_SSL_ERRORS=True definition, the library will properly ignore the SSL errors and initialize the API connection. This causes the library to A) suppress the SSL verification warning messages, and B) allow the API transaction to be successful. If you ever require more verbosity, you can also use the --verbose flag which will show you the raised exception. Note: the --verbose flag is new and will be further implemented throughout the library when possible