Fiware Wilma PEP ssl protocol error at curl

Question

I have at Fiware Lab a virtual machine deployed with Context Broker + Wilma Pep proxy. PEP is configured with https enabled at config.js config.https = { enabled =true...}

Executing the command below I can see "https" process related to the node.js pep process

[centos@orion ~]$ sudo netstat -t -l -p

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   

tcp        0      0 *:https                     *:*                         LISTEN      1492/node

But when I try to execute the following curl command I get the following message

curl -v -i -X GET https://public-ip-at-fiware-lab:443/v2/entities -H "X-Auth-Token: auth-token-from-idm-keyrock"

curl: (35) Unknown SSL protocol error in connection to public-ip-at-fiware-lab:443

What is missing in the configuration of PEP?

How can I debug what is happening in fiware-lab machine?

How can I test the SSL with curl command?

Any tip is wellcome!

Many thanks in advance

Maybe -vvvv (instead of -v) at curl could help to get more debug information. — fgalan, Sep 14 '17 at 15:51
What is your curl version? There is a known bug with the version 7.33.0-3: https://bbs.archlinux.org/viewtopic.php?id=175433 — Dalton Cézane, Sep 14 '17 at 18:50
I have executed the command with -vvv curl -vvv -i -X GET https://public-ip-at-fiware-lab.es:443/v2/entities -H "X-Auth-Token: auth-token-from-idm-keyrock" * About to connect() to public-ip-at-fiware-lab port 443 (#0) * Trying 130.206.116.160... connected * Connected to public-ip-at-fiware-lab (x.x.x.x) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to public-ip-at-fiware-lab:443 * Closing connection #0 I dont see any relevant log info — nacho tekniker, Sep 15 '17 at 07:13
Regarding the curl version curl --version curl 7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz Thanks for your comments — nacho tekniker, Sep 15 '17 at 07:17
The fiware-pep-proxy version I have installed is 0.1.0. This version is able to work with SSL? Maybe I have missed a required step to configure ssl at pep-proxy properly? In which page of the official documentation is this step documented? Maybe it is not possible to setup SSL at Fiware-Lab instances? Who can help me to solve these questions? Is there any support in FiwareLab for these questions? Maybe the Fiware-lab is not suited for a real application under secure channel? Many thanks in advance for your help — nacho tekniker, Sep 18 '17 at 12:52

score 0 · Answer 1 · answered Oct 16 '17 at 09:04

0

Finally I created a new certificate for the machine and the curl command works.

answered Oct 16 '17 at 09:04

nacho tekniker

65
4

It would be better if you can describe the exact cause of your problem and exactly how you solved it. – Dalton Cézane Oct 24 '17 at 15:37
Really it would be better, but I don´t know the exact cause. Maybe the certificate was not properly created? – nacho tekniker Oct 25 '17 at 11:17

Fiware Wilma PEP ssl protocol error at curl

1 Answers1