[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Handle-info] SSL certificate error on Rest API request

Hi,

I am trying to use the Rest API on my Handle server.
It works fine without authentication on GET request

$ curl -s 'http://192.168.178.224:8000/api/handles/20.500.13090/test?index=1' | json_pp
{
   "handle" : "20.500.13090/test",
   "responseCode" : 1,
   "values" : [
      {
         "data" : {
            "format" : "string",
            "value" : "https://books.openedition.org"
         },
         "index" : 1,
         "timestamp" : "2022-01-16T21:13:51Z",
         "ttl" : 86400,
         "type" : "URL"
      }
   ]
}

But it fails with an SSL certificate error on https :
curl: (35) error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid

I tried the method described in this message to generate certificate: http://www.handle.net/mail-archive/handle-info/msg00816.html

$ sudo ../handle-9.3.0/bin/hdl-convert-key admpriv.bin -o admprivatekey-2022-02-03.pem
$ sudo openssl req -new -x509 -key /usr/local/hdl/admprivatekey-2022-02-03.pem -subj '/UID=300:0.NA\/20.500.13090' -days 365 -out /usr/local/hdl/cert2022-02-03.pem

Error on GET request:

$ curl -i -k -v --cert /usr/local/hdl/cert2022-02-03.pem --key /usr/local/hdl/admprivatekey-2022-02-03.pem -H 'Authorization: Handle clientCert="true"' 'https://192.168.178.224:8000/api/handles/20.500.13090/test?index=1'
*   Trying 192.168.178.224:8000...
* Connected to 192.168.178.224 (192.168.178.224) port 8000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (OUT), TLS alert, decrypt error (563):
* error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid
* Closing connection 0
curl: (35) error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid


Error on DELETE request:

riviere@handle-dev:~$ curl -i -k -v --cert /usr/local/hdl/cert2022-02-03.pem --key /usr/local/hdl/admprivatekey-2022-02-03.pem -H 'Authorization: Handle clientCert="true"'-X DELETE 'https://192.168.178.224:8000/api/handles/20.500.13090/test?index=1'
* Could not resolve host: DELETE
* Closing connection 0
curl: (6) Could not resolve host: DELETE
*   Trying 192.168.178.224:8000...
* Connected to 192.168.178.224 (192.168.178.224) port 8000 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (OUT), TLS alert, decrypt error (563):
* error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid
* Closing connection 1
curl: (35) error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid


Does anyone have any idea what I am doing wrong? 

Thanks,
Jean-François

--
Jean-François Rivière
OpenEdition, service données
jean-francois.riviere@openedition.org
Tél. +33 4 13 55 03 50
22, rue John Maynard Keynes, BAT C, 13013 Marseille
http://www.openedition.org
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info