Closed mrdeep1 closed 4 years ago
Mr. @mrdeep1
NCC dots client --> go-dots server (AWS env)
2019/08/21 07:49:03 http: TLS handshake error from 217.40.240.156:45849: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca.example.com")
2019/08/21 07:50:03 http: TLS handshake error from 217.40.240.156:45850: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca.example.com")
2019/08/21 07:51:04 http: TLS handshake error from 217.40.240.156:45851: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca.example.com")
Failed to verify certificate that connect from NCC client to dots-server(AWS env). Could you check the certificate NCC client ?
Please confirm it.
It appears that you have rebuilt the certificates and not using the ones in this PR.
Your Server cert :-
Certificate: Data: Version: 3 (0x2) Serial Number: 5d:5b:a4:83:36:8a:09:12:75:ce:8d:ac Signature Algorithm: sha256WithRSAEncryption Issuer: CN=ca.example.com, O=Example CA, ST=Tokyo, C=JP Validity Not Before: Aug 20 07:42:59 2019 GMT Not After : Aug 19 07:42:59 2022 GMT
PRs Certificate
Certificate: Data: Version: 3 (0x2) Serial Number: 5d:5a:7b:81:2f:8f:3b:60:ce:10:35:13 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=ca.example.com, O=Example CA, ST=Tokyo, C=JP Validity Not Before: Aug 19 10:35:45 2019 GMT Not After : Aug 18 10:35:45 2022 GMT
We need to have the same at both ends.
If this PR is merged (and certs rebuilt if you want to do that), then it is easy for both of us to use the same CA, Server and Client certificates, and I can then generate the additional certificates needed for my end (which will be later today) using the CA cert/key files.
Mr. @mrdeep1
Mr. naga-lep merged code into master branch. Thank for your answer.
All is now looking good from my end
Needed for interoperability tests as old certs expired back in April 2019.
Gone for 3 years expiry, so this does not have to be done too often.