[Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify failed)

Matthias Hohl matthias.hohl at telematica.at
Mon Jun 6 05:22:02 EDT 2016


Hmm, sorry I can’t help you with that problem…

Best would be if somebody from Sipwise could give you an advice how to solve the certificate problem itself without deactivating the „sslverify“ option.

I think this would be better as this work a round.

 

I tried to add a certificate but still no luck…

 

I played around now a bit and I tried to set also my server wildcard certificate for the REST API

 

ossbss:

  apache:

    port: '2443'

    proxyluport: '1080'

    restapi:

      sslcertfile: /etc/ngcp-config/ssl/telematica.crt

      sslcertkeyfile: /etc/ngcp-config/ssl/telematica.key

 

 

But I still got the same error, after activating the sslverify option:

 

root at spce:~# /usr/sbin/ngcp-fraud-daily-lock

500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 49.

 

 

So I am not sure, which certificate SPCE wants from me... normally this should work.. also this problem firstly happen with 4.3.1

 

 

Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von Serge S. Yuriev
Gesendet: Sonntag, 5. Juni 2016 17:25
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify failed)

 

Hello,

After this change we have another error now. I'll check logs and back.

502 Bad Gateway <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>

-- 
Wbr, Serge via mobile

04.06.2016, 18:30, "Matthias Hohl" < <mailto:matthias.hohl at telematica.at> matthias.hohl at telematica.at>:




Hello Serge,

i also got the same problem some weeks ago and the problem was a self signed
certificate. See the thread "NGCP-FRAUD Protection doesn't work in 4.3.1" 
You can deactivate this check in config.yml file:

Security > ngcp-panel > scripts > restapi > sslverify
Set this value to "NO".

I still did this and solved the problem but I have now another problem, that
the fraud script can't lock a subscriber or customer.
I believe we must insert a valid certificate but I am not sure, where to set
this certificate and which one I need.

I hope I could help you a bit.



-----Ursprüngliche Nachricht-----
Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von
Serge Yuriev
Gesendet: Samstag, 4. Juni 2016 16:25
An:  <mailto:spce-user at lists.sipwise.com> spce-user at lists.sipwise.com
Betreff: [Spce-user] Can't connect to 127.0.0.1:1442 (certificate verify
failed)

Hello,

After upgrading to 4.3.1 we started receiving such error mails from Cron

Subject:Cron <root at host> if /usr/sbin/ngcp-check_active -q; then
/usr/sbin/ngcp-fraud-daily-lock; fi

500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't
connect to 127.0.0.1:1442 (certificate verify failed)

SSL connect attempt failed error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
/usr/share/perl5/LWP/Protocol/http.pm line 49.

How we can fix this?


-- 
Serge S. Yuriev




_______________________________________________
Spce-user mailing list
 <mailto:Spce-user at lists.sipwise.com> Spce-user at lists.sipwise.com
 <https://lists.sipwise.com/listinfo/spce-user> https://lists.sipwise.com/listinfo/spce-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20160606/21bd08d0/attachment-0001.html>


More information about the Spce-user mailing list