[Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify failed)
Matthias Hohl
matthias.hohl at telematica.at
Mon Jun 6 05:22:02 EDT 2016
Hmm, sorry I can’t help you with that problem…
Best would be if somebody from Sipwise could give you an advice how to solve the certificate problem itself without deactivating the „sslverify“ option.
I think this would be better as this work a round.
I tried to add a certificate but still no luck…
I played around now a bit and I tried to set also my server wildcard certificate for the REST API
ossbss:
apache:
port: '2443'
proxyluport: '1080'
restapi:
sslcertfile: /etc/ngcp-config/ssl/telematica.crt
sslcertkeyfile: /etc/ngcp-config/ssl/telematica.key
But I still got the same error, after activating the sslverify option:
root at spce:~# /usr/sbin/ngcp-fraud-daily-lock
500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 49.
So I am not sure, which certificate SPCE wants from me... normally this should work.. also this problem firstly happen with 4.3.1
Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von Serge S. Yuriev
Gesendet: Sonntag, 5. Juni 2016 17:25
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify failed)
Hello,
After this change we have another error now. I'll check logs and back.
502 Bad Gateway <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>
--
Wbr, Serge via mobile
04.06.2016, 18:30, "Matthias Hohl" < <mailto:matthias.hohl at telematica.at> matthias.hohl at telematica.at>:
Hello Serge,
i also got the same problem some weeks ago and the problem was a self signed
certificate. See the thread "NGCP-FRAUD Protection doesn't work in 4.3.1"
You can deactivate this check in config.yml file:
Security > ngcp-panel > scripts > restapi > sslverify
Set this value to "NO".
I still did this and solved the problem but I have now another problem, that
the fraud script can't lock a subscriber or customer.
I believe we must insert a valid certificate but I am not sure, where to set
this certificate and which one I need.
I hope I could help you a bit.
-----Ursprüngliche Nachricht-----
Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von
Serge Yuriev
Gesendet: Samstag, 4. Juni 2016 16:25
An: <mailto:spce-user at lists.sipwise.com> spce-user at lists.sipwise.com
Betreff: [Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify
failed)
Hello,
After upgrading to 4.3.1 we started receiving such error mails from Cron
Subject:Cron <root at host> if /usr/sbin/ngcp-check_active -q; then
/usr/sbin/ngcp-fraud-daily-lock; fi
500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't
connect to 127.0.0.1:1442 (certificate verify failed)
SSL connect attempt failed error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
/usr/share/perl5/LWP/Protocol/http.pm line 49.
How we can fix this?
--
Serge S. Yuriev
_______________________________________________
Spce-user mailing list
<mailto:Spce-user at lists.sipwise.com> Spce-user at lists.sipwise.com
<https://lists.sipwise.com/listinfo/spce-user> https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20160606/21bd08d0/attachment-0001.html>
More information about the Spce-user
mailing list