Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self Signed SSL Certificate verification is not skipped by Scrutiny collector[BUG] #536

Open
alphamike-1612 opened this issue Oct 28, 2023 · 3 comments
Open

Self Signed SSL Certificate verification is not skipped by Scrutiny collector[BUG] #536

alphamike-1612 opened this issue Oct 28, 2023 · 3 comments
Labels
bug Something isn't working enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@alphamike-1612
Copy link

alphamike-1612 commented Oct 28, 2023
edited
Loading

Describe the bug
Scrutiny Collector can't communicate with the WebApp when using HTTPS with self signed certificates.
This is on a Bare Metal System with 1 instance of the WebApp and 2 instances of the collector (one on same machine & another on a different machine)

Expected behavior
The collector is able to send data to the WebApp via HTTPS without failing.

Actual Behavior
The collector fails with journalctl showing it is unable to verify the certificate.
Error shown by journalctl:

ERROR: Post "https://scrutiny.internal/api/devices/register": tls: failed to verify certificate: x509: certificate signed by unknown authority

Steps To Reproduce

  1. Install Scrutiny-WebApp as per the INSTALL_MANUAL.

  2. Install Scrutiny-Collector as per the INSTALL_MANUAL.

  3. Ensure Collector and WebApp work by running collector with --api-endpoint http://ip:port

  4. Configure Reverse Proxy such that https://scrutiny.internal points to http://ip:port of scrutiny. (Can post Apache config file if required)

  5. Point api-endpoint to https://scrutiny.internal

  6. Run the Scrutiny-collector.

  7. Check the Journal.

** Steps attempted to solve**

  1. Tried adding skip verify in the command line such as
 scrutiny-collector run --api-endpoint https://scrutiny.internal --config /path/to/config/ --skip-verify
  1. Tried adding tls insecure skip verify in the config file,(based on example.scrutiny.yaml in docs)
tls:
      insecure_skip_verify: true

Log Files
Not Applicable
@alphamike-1612 alphamike-1612 added the bug Something isn't working label Oct 28, 2023
@alphamike-1612 alphamike-1612 changed the title [BUG] Self Signed SSL Certificates verificationis not skipped by Scrutiny collector[BUG] Oct 28, 2023
@alphamike-1612 alphamike-1612 changed the title Self Signed SSL Certificates verificationis not skipped by Scrutiny collector[BUG] Self Signed SSL Certificate verification is not skipped by Scrutiny collector[BUG] Oct 28, 2023
@AnalogJ
Copy link
Owner

AnalogJ commented Nov 17, 2023

Ah, yes that's not supported by the collector at the moment. It should be pretty easy to add if someone is interested in contributing a fix.

PR's are always welcome!

@AnalogJ AnalogJ added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Nov 17, 2023
@alphamike-1612
Copy link
Author

I don't know go, but I figure this only involves adding one line of code which probably can be copied directly off the webapp.

If it isn't too much difficulty, could you point me to the file that needs to be edited and I'll try doing it.

Cheers

@Tampa
Copy link

Tampa commented Sep 15, 2024
edited
Loading

Self-signed certs I can see being blocked, but I setup certs via zerossl and get the same error even though the frontend shows a proper certificate.

EDIT: Seems using the fullchain.cer instead of just the cert works, but this is normally not recommended!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AnalogJ @Tampa @alphamike-1612