search

toni-moreno / snmpcollector

A full featured Generic SNMP data collector with Web Administration Interface for InfluxDB
MIT License
286 stars 53 forks source link

Issue with ssl enable InfluxDb #491

Closed chappi6 closed 3 years ago

chappi6 commented 3 years ago

Hi Toni ,

What SnmpCollector version are you using? 0.10 on Debian 8

What did you do?

I configured ssl within the Influx Servers tab. I actually tested the certificates with curl it was working for me. I also checked the file permissions they where also fine. But I get a error while I am connecting to my Influx server. So i did a pap and this pcap shows me that the certificate that the client sends to the server has 0 bytes. I compared it to the curl pcap and in this one the cert wasn't emtpy. Do you have any idea why the program doesn't load the cert?

here are the logs for this issue: time="2021-04-14 10:54:32" level=info msg="trying to ping influx server 3VEInflux : {ID:3VEInflux Host:prodflux03 Port:443 DB:socdb User:socreporter pass Retention:autogen Precision:ns Timeout:30 UserAgent:snmpcollector EnableSSL:true SSLCA:/etc/snmpcollector/subca.pem SSLCert:/etc/snmpcollector/monitoring.pem SSLKey:/etc/snmpcollector/monitoring.key.pem InsecureSkipVerify:true BufferSize:65535 Description:}"

time="2021-04-14 10:56:10" level=debug msg="ERROR on ping InfluxDB Server : \r\n400 No required SSL certificate was sent\r\n\r\n

400 Bad Request

\r\n
No required SSL certificate was sent
\r\n
nginx/1.19.9
\r\n\r\n\r\n"

Br

toni-moreno commented 3 years ago

Hello @chappi6 . I've tested client authentication with an apache server with client auth .

Here snmpcollector config

image

With its client certificate info.

openssl x509 -in /tmp/test/client.cer -noout -text
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 101 (0x65)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
        Validity
            Not Before: Apr 14 20:47:27 2021 GMT
            Not After : Apr 14 20:47:27 2022 GMT
        Subject: C = ES, ST = Barcelona, L = Barcelona, O = snmpcolcli, CN = testcli <----------

..
..

Here the connection test ( returning a dummy html page and obviously give error because is not and influx server)

image

here the apache custom log config

                CustomLog ${APACHE_LOG_DIR}/www-ssl.log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CLIENT_S_DN_O}x \"%r\" %b \"%{SSL_CLIENT_S_DN_CN}x\""

and here the output whe the snmpcollector ping is done.

[14/Apr/2021:22:58:28 +0200] 127.0.0.1 TLSv1.3 TLS_AES_128_GCM_SHA256 snmpcolcli "GET /ping/?wait_for_leader=30s HTTP/1.1" 18 "testcli"

As you can see server is logging the ssl client info ( Subject: C = ES, ST = Barcelona, L = Barcelona, O = snmpcolcli, CN = testcli)

please check your config, and reopen the issue if needed.