500 Can't connect to 192.168.2.6:443 (certificate verify failed)

Question

Hey All,

 

I am having issues with the Linux agent for Ubuntu 12.04 to work via SSL: Here is the output from doing "--debug"

[Mon Feb  9 18:18:58 2015][error] Cannot establish communication : 500 Can't connect to 192.168.2.6:443 (certificate verify failed)
[Mon Feb  9 18:20:47 2015][debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 2.1.1
[Mon Feb  9 18:20:47 2015][debug] Log system initialised (File)
[Mon Feb  9 18:20:47 2015][debug] --scan-homedirs missing. Don't scan user directories
[Mon Feb  9 18:20:47 2015][debug] Accountinfo file: /var/lib/ocsinventory-agent/https:__192.168.2.6_ocsinventory/ocsinv.adm
[Mon Feb  9 18:20:47 2015][debug] OCS Agent initialised
[Mon Feb  9 18:20:47 2015][debug] Turns hooks on for /etc/ocsinventory-agent/modules.conf
[Mon Feb  9 18:20:47 2015][debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 2.1.1
[Mon Feb  9 18:20:47 2015][debug] Log system initialised (File)
[Mon Feb  9 18:20:47 2015][debug] Calling handlers : `start_handler'
[Mon Feb  9 18:20:47 2015][debug] [download] Calling download_start_handler
[Mon Feb  9 18:20:47 2015][debug]  - LWP loaded
[Mon Feb  9 18:20:47 2015][debug]  - LWP::Protocol::https loaded
[Mon Feb  9 18:20:47 2015][debug] Compress::Zlib is available.
[Mon Feb  9 18:20:47 2015][debug] Calling handlers : `prolog_writer'
[Mon Feb  9 18:20:47 2015][debug] sending XML
[Mon Feb  9 18:20:47 2015][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>proxmox-ubuntu-12-2015-02-05-14-00-29</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>
[Mon Feb  9 18:20:47 2015][error] Cannot establish communication : 500 Can't connect to 192.168.2.6:443 (certificate verify failed)

 

 

This same certificate works on Windows and OS X, so i presume there is not issue with the certificate file.

My config file:

basevardir=/var/lib/ocsinventory-agent
debug=1
ca=/var/lib/ocsinventory-agent/cacert.pem
server=https://192.168.2.6/ocsinventory
logfile=/var/log/ocsinventory-agent

perl Makefile.PL output:

root@proxmox-ubuntu-12:/ocs/Ocsinventory-Unix-Agent-2.1.1# perl Makefile.PL
Linux::Ethtool::Settings is recommended if you want to retrieve speed and duplex information for network cards.
Nvidia::ml is recommended if you want to retrieve memory, speed, bios information for Nvidia cards.
Warning: prerequisite ExtUtils::MakeMaker 6.59 not found. We have 6.5705.
Writing Makefile for Ocsinventory::Unix::Agent
Writing MYMETA.yml
root@proxmox-ubuntu-12:/ocs/Ocsinventory-Unix-Agent-2.1.1#

The only error is "communication : 500 Can't connect to 192.168.2.6:443 (certificate verify failed)"

 

Any help would be apreciated

Answer 1

I think it's because you don't use a FQDN. SSL work with DNS name and it can be error if you put IP address.

Comments

I thoutht this too, however we don't have a DNS server onsite, and its not setup on the router. I followed this guide to setup SSL http://wiki.ocsinventory-ng.org/index.php/Howtos:Install_OCS_on_debian. Acording to the guide, ip address is acceptable in the CN name.

---

Yes, it needs to be FQDN, the linux agent SSL cert has issues with IP. But it is working as designed

---

Did you get the agent work using SSL  with FQDN even if you didn't have DNS?. I configured the same FQDN in cert generator, hostnamectl, ServerName in ssl.conf and /etc/hosts but doesn't work :-(. I appreciate any help

---

Sure. i'd be happy to help. Can you post a new issue with your error log?

---

I made it work, the only thing was not the same at the rest of parts where I had to declare declare the FQDN was the ocsinventory-agent.cfg file. I changed it and works !. Thanks anyway for your help :-)