#ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added? #ves


Brian Freeman
 

It looks like you have a Basic Auth header in your curl. I think even though you specified a -u that header is taking a priority.

remove the basic auth and use -u or create a basic auth header with the correct credentials.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Kuldeep Singh Negi via lists.onap.org
Sent: Tuesday, December 15, 2020 10:35 PM
To: FREEMAN, BRIAN D <bf1936@...>; onap-discuss@...
Subject: FW: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added?

 

Hi Brian,

 

Just resending it…

Requesting for your response on this earlier discussed issue.

 

Regards,

Kuldeep

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Kuldeep Singh Negi via lists.onap.org
Sent: Monday, December 14, 2020 9:34 PM
To: bf1936@...
Cc: onap-discuss@...
Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added?

 

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

Hi Brian,

I am trying to post a ves event (Frankfurt) and getting POL2000 Unauthorized user error.

 

I have added cert from https://gerrit.onap.org/r/c/demo/+/106709/3/vnfs/VESreporting_vFW5.0_DANOS/onap-ca.crt   

Had tried with creds shared earlier - https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs/VESreporting_vFW5.0/vpp_measurement_reporter.c;h=123d50364f3ccb3faa8d100f7fb80e43eb116a1d;hb=refs/heads/master

 

Am I using wrong credentials ?

 

ubuntu@ransim-big:~$ curl "https://10.0.2.115:30417/eventListener/v7" -k -v -u sample1 -H "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" -H "X-MinorVersion: 1" -H "accept: */*" -H  "Content-Type: application/json" -d @~/bkup-data/fm-event-data.json

Warning: Couldn't read data from file "~/bkup-data/fm-event-data.json", this

Warning: makes an empty POST.

Enter host password for user 'sample1':

*   Trying 10.0.2.115...

* TCP_NODELAY set

* Connected to 10.0.2.115 (10.0.2.115) port 30417 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/certs/ca-certificates.crt

  CApath: /etc/ssl/certs

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.3 (OUT), TLS change cipher, Client hello (1):

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):

* TLSv1.3 (IN), TLS handshake, Unknown (8):

* TLSv1.3 (IN), TLS handshake, Request CERT (13):

* TLSv1.3 (IN), TLS handshake, Certificate (11):

* TLSv1.3 (IN), TLS handshake, CERT verify (15):

* TLSv1.3 (IN), TLS handshake, Finished (20):

* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):

* TLSv1.3 (OUT), TLS handshake, Certificate (11):

* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):

* TLSv1.3 (OUT), TLS handshake, Finished (20):

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

* ALPN, server did not agree to a protocol

* Server certificate:

*  subject: CN=dcae; OU=dcae@...:DEV; OU=OSAAF; O=ONAP; C=US

*  start date: Dec  3 17:23:45 2020 GMT

*  expire date: Dec  3 17:23:45 2021 GMT

*  issuer: C=US; O=ONAP; OU=OSAAF; CN=intermediateCA_9

*  SSL certificate verify ok.

* TLSv1.3 (OUT), TLS Unknown, Unknown (23):

> POST /eventListener/v7 HTTP/1.1

> Host: 10.0.2.115:30417

> User-Agent: curl/7.58.0

> Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

> X-MinorVersion: 1

> accept: */*

> Content-Type: application/json

> Content-Length: 0

* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

* TLSv1.3 (IN), TLS Unknown, Unknown (23):

< HTTP/1.1 401

< Content-Length: 87

< Date: Mon, 14 Dec 2020 15:57:28 GMT

* HTTP error before end of send, stop sending

* Closing connection 0

* TLSv1.3 (OUT), TLS Unknown, Unknown (21):

* TLSv1.3 (OUT), TLS alert, Client hello (1):

{"requestError":{"PolicyException":{"messageId":"POL2000","text":"Unauthorized user"}}}

 

Regards,

Kuldeep

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Brian Freeman via lists.onap.org
Sent: Thursday, May 7, 2020 5:07 PM
To: onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>; niranjana.y60@...
Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added?

 

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

https://gerrit.onap.org/r/gitweb?p=demo.git;a=blob;f=vnfs/VESreporting_vFW5.0/vpp_measurement_reporter.c;h=123d50364f3ccb3faa8d100f7fb80e43eb116a1d;hb=refs/heads/master

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of FREEMAN, BRIAN D
Sent: Thursday, May 7, 2020 7:35 AM
To: onap-discuss@...; niranjana.y60@...
Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added?

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

See the example VESreporting 5.0 for vFWCL or vFWCLDN

 

sample1:sample1 I believe are the default credentials.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of niranjana.y60 via lists.onap.org
Sent: Thursday, May 7, 2020 7:27 AM
To: FREEMAN, BRIAN D <bf1936@...>; onap-discuss@...
Subject: Re: [onap-discuss] #ves Exception while sending https request to ves-collector(Frankfurt)-SSLHandshakeException. What are the certificates to be added?

 

Hi Brian,

Thanks for you response. I  am able to establish SSL connection but I am getting 401 unauthorized exception while sending https request to ves. Is there any particular userName and password I should use in the authorization header before sending request?

Below are the logs in in dcae-ves-collector pod when I send request:

2020-05-07 10:37:42 INFO  SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties

2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user

2020-05-07 10:37:42 INFO  SubjectDN didn't match with any regexp from /opt/app/VESCollector/etc/certSubjectMatcher.properties

2020-05-07 10:37:42 ERROR EVENT_RECEIPT_FAILURE: Unauthorized user

Regards,
Niranjana

::DISCLAIMER::


The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.