Server Certificate Verification Failed


#1

I followed these instructions to run a Cardano node successfully:

The wallet API works fine with SSL disabled:

$ curl -k https://localhost:8090/api/settings/sync/progress
{"Right":{"_spLocalCD":{"getChainDifficulty":{"getBlockCount":657293}},"_spNetworkCD":{"getChainDifficulty":{"getBlockCount":657293}},"_spPeers":0}}

However, I could not access the API using any certificate: (shunfan is my username)

$ curl --cacert /home/shunfan/cardano-sl/scripts/tls-files/ca.crt https://localhost:8090/api/settings/sync/progress
curl: (60) server certificate verification failed. CAfile: /home/shunfan/cardano-sl/scripts/tls-files/ca.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

/home/shunfan/cardano-sl/scripts/tls-files/ca.crt does exist and I tried /home/shunfan/cardano-sl/state-wallet-mainnet/tls/server.cert as well. However, both of them throw the same error.


#2

No issue to me.

cardano-sl]$ git describe
v1.0.3-2378-g0ceca33c2

cardano-sl]$ curl -H "Content-Type: application/json" --cacert scripts/tls-files/ca.crt https://localhost:8090/api/info
{"Right":{"cabalVersion":"1.0.3","apiVersion":"v0","gitRevision":"0ceca33c290f07ecdbb6ee8789dcdeef8e2d8d93","softwareVersion":"cardano-sl:0"}}

#3

I still could not find a solution, but I will use -k to turn off the verification for now.

$ git describe
v1.0.3-92-g520d315

#4

@shufan i am facing the same issue, but will figure it out soon, maybe we are missing some files


#5

Have you tried specifying your actual IP in the connect-to-mainnet script instead of using localhost? You’ll have to adjust it in a few places.


#6

Hi,I am a guy from China and I am a newbie for the Cardano.
I run the Cardano node withe the some intructions as the above and met the same issue with you!
I tried to add the -k in my curl command,but it only works for some get request,just like:
curl -k https://localhost:8090/api/settings/sync/progress or /api/info…
when I try the post command to create a new wallet,the command is in the below link:
curl -k -X POST https://localhost:8090/api/v1/wallets
-H “Content-Type: application/json; charset=utf-8”
-H “Accept: application/json; charset=utf-8” \
-d ‘{
“operation”: “create”,
“backupPhrase”: [“squirrel”, “material”, “silly”, “twice”, “direct”,
“slush”, “pistol”, “razor”, “become”, “junk”, “kingdom”, “flee”],
“assuranceLevel”: “normal”,
“name”: “MyFirstWallet”
}’
unfortunately,the command return nothing!
I wanna know whether you solve the issue and Could u create the new wallet with the post command?
Thanks!Looking forward to your reply!


#7

I have the same problem with API v1. Here is a related issue: https://github.com/input-output-hk/cardano-sl/issues/2719 (I saw your comments on that issue)

API v0 documentation: https://cardanodocs.com/technical/wallet/api/v0/
API v1 documentation: https://cardanodocs.com/technical/wallet/api/v1/


#8

Really appreciate your reply and patience!
Have a nice day!:grinning::grinning:


#9

@Shunfan Hi,friend! Could I have your several minutes??
I have created some new wallet and new accounts using the v0 api with curl command!
But I failed finally when I tried to create some new addresses.
The doc link is here:https://cardanodocs.com/technical/wallet/api/v0/#tag/V0-(Deprecated)%2Fpaths%2F~1api~1addresses%2Fpost
I think the part about creating the new addresses is not very clear.
I am really confused.I have tried the different curl command like below:
curl -k -X POST https://127.0.0.1:8090/api/addresses -H “Content-Type: application/json;charset=utf-8” -d ‘{“caId”:‘Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709’}’
Neither worked!What’s wrong with the curl command??
Have you succeeded with the creating addresses with curl command??
Could u paste your curl command here?
Thanks so much!


#10

The other curl commands I have tried:
curl -k -X POST https://127.0.0.1:8090/api/addresses -H “Content-Type: text/plain;charset=utf-8” -d “Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709”

curl -k -X POST https://127.0.0.1:8090/api/addresses -H “Content-Type: application/json;charset=utf-8” -H “Accept: application/json; charset=utf-8” -d “CAccountId=Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709”


#11

Could you add -v flag (verbose mode) into your curl command and show me the response from the API?

Does your wallet have a passphrase?


#12

Hi,friend!When I created the wallet,I didn’t set the passphrase,only set the cwBackupPhrase.
The verbose mode response is below:

Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying 127.0.0.1…
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8090 (#0)

  • found 148 certificates in /etc/ssl/certs/ca-certificates.crt
  • found 592 certificates in /etc/ssl/certs
  • ALPN, offering http/1.1
  • SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
  • server certificate verification SKIPPED
  • server certificate status verification SKIPPED
  • common name: localhost (does not match ‘127.0.0.1’)
  • server certificate expiration date OK
  • server certificate activation date OK
  • certificate public key: RSA
  • certificate version: #3
  • subject: CN=localhost
  • start date: Fri, 27 Apr 2018 11:13:44 GMT
  • expire date: Mon, 24 Apr 2028 11:13:44 GMT
  • issuer: CN=localhost
  • compression: NULL
  • ALPN, server accepted to use http/1.1

POST /api/addresses HTTP/1.1
Host: 127.0.0.1:8090
User-Agent: curl/7.47.0
Accept: /
Content-Type: application/json;charset=utf-8
Content-Length: 79

} [79 bytes data]

  • upload completely sent off: 79 out of 79 bytes
    < HTTP/1.1 400 Bad Request
    < Transfer-Encoding: chunked
    < Date: Tue, 01 May 2018 09:13:40 GMT
    < Server: Warp/3.2.13
    <
    { [51 bytes data]

100 117 0 38 100 79 342 711 --:–:-- --:–:-- --:–:-- 718

  • Connection #0 to host 127.0.0.1 left intact
    Failed reading: not a valid json value

Both commands(“caId”:…and “CAccountId”:…) return the same response.
Maybe the last sentence is import: Failed reading:not a valid json value.
But I really don’t know how to arrage the json value from the v0 api doc!