search

networkupstools / nut

The Network UPS Tools repository. UPS management protocol Informational RFC 9271 published by IETF at https://www.rfc-editor.org/info/rfc9271 Please star NUT on GitHub, this helps with sponsorships!
https://networkupstools.org/
Other
1.99k stars 349 forks source link

SSL certificate problem #1510

Open drcyberg opened 2 years ago

drcyberg commented 2 years ago

Hi All!

I configured NUT 2.7.4 on Ubuntu Server 20.04 (own repository installed) to Eaton 5E 1100i USB - 5E 1100i UPS and all fines ok, BUT the SSL (https) section doesen't works. :-( I follow this instruction but it keeps giving an error:

nut-server.service - Network UPS Tools - power devices information server Loaded: loaded (/lib/systemd/system/nut-server.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-07-20 07:39:54 CEST; 41s ago Process: 334232 ExecStart=/sbin/upsd (code=exited, status=0/SUCCESS) Main PID: 334243 (upsd) Tasks: 1 (limit: 2273) Memory: 576.0K CGroup: /system.slice/nut-server.service └─334243 /lib/nut/upsd

Jul 20 07:39:54 ups.local upsd[334232]: upsd.conf: invalid directive CERTFILE /usr/share/nut/certs/upsd.pem Jul 20 07:39:54 ups.local upsd[334232]: listening on ::1 port 3493 Jul 20 07:39:54 ups.local upsd[334232]: listening on 127.0.0.1 port 3493 Jul 20 07:39:54 ups.local upsd[334232]: Connected to UPS [nutdev1]: usbhid-ups-nutdev1 Jul 20 07:39:54 ups.local systemd[1]: Started Network UPS Tools - power devices information server. Jul 20 07:39:54 ups.local upsd[334232]: Connected to UPS [nutdev1]: usbhid-ups-nutdev1 Jul 20 07:39:54 ups.local upsd[334243]: Startup successful Jul 20 07:39:54 ups.local upsd[334243]: /usr/share/nut/certs is world readable Jul 20 07:39:54 ups.local upsd[334243]: The SSL certificate name is not specified. Jul 20 07:40:03 ups.local upsd[334243]: User upsmon_local@127.0.0.1 logged into UPS [nutdev1]

What am I doing wrong, how can I fix this?

Thank you!

Regards: DrCyberg

jimklimov commented 2 years ago

By description, it seems that on one hand you mix a bit HTTPS and SSL :) HTTPS is HTTP (plaintext) protocol wrapped in SSL "tunnel". Nowadays a bit more complex than that, but roughly so.

NUT SSL support is aimed at securing NUT client-server communications, so on localhost that is probably overkill. Well, probably also at securing networked UPS protocols (SNMPS, NetXML).

It is also implemented differently for NSS (Mozilla) and OpenSSL backends, as chosen at build time, and these variants are not feature-equivalent at the moment. Make sure you are not following the manual for one and setting up a build with another.

Finally, by the logged messages it seems NUT dislikes permissions to your certificate store. Not sure it would reject that for public files (certs) but may do so for sensitive data (keys, passphrases, and for that matter NUT config files that have password fields).