Fiware Wilma PEP ssl protocol error at curl

2
votes

I have at Fiware Lab a virtual machine deployed with Context Broker + Wilma Pep proxy. PEP is configured with https enabled at config.js config.https = { enabled =true...}

Executing the command below I can see "https" process related to the node.js pep process

[centos@orion ~]$ sudo netstat -t -l -p

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   

tcp        0      0 *:https                     *:*                         LISTEN      1492/node

But when I try to execute the following curl command I get the following message

curl -v -i -X GET https://public-ip-at-fiware-lab:443/v2/entities -H "X-Auth-Token: auth-token-from-idm-keyrock"

curl: (35) Unknown SSL protocol error in connection to public-ip-at-fiware-lab:443

What is missing in the configuration of PEP?

How can I debug what is happening in fiware-lab machine?

How can I test the SSL with curl command?

Any tip is wellcome!

Many thanks in advance

1
fiwarefiware-orionfiware-wilma
Maybe -vvvv (instead of -v) at curl could help to get more debug information.fgalan
What is your curl version? There is a known bug with the version 7.33.0-3: bbs.archlinux.org/viewtopic.php?id=175433Dalton Cézane
I have executed the command with -vvv curl -vvv -i -X GET public-ip-at-fiware-lab.es:443/v2/entities -H "X-Auth-Token: auth-token-from-idm-keyrock" * About to connect() to public-ip-at-fiware-lab port 443 (#0) * Trying 130.206.116.160... connected * Connected to public-ip-at-fiware-lab (x.x.x.x) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to public-ip-at-fiware-lab:443 * Closing connection #0 I dont see any relevant log infonacho tekniker
Regarding the curl version curl --version curl 7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz Thanks for your commentsnacho tekniker
The fiware-pep-proxy version I have installed is 0.1.0. This version is able to work with SSL? Maybe I have missed a required step to configure ssl at pep-proxy properly? In which page of the official documentation is this step documented? Maybe it is not possible to setup SSL at Fiware-Lab instances? Who can help me to solve these questions? Is there any support in FiwareLab for these questions? Maybe the Fiware-lab is not suited for a real application under secure channel? Many thanks in advance for your helpnacho tekniker

1 Answers

0
votes

Finally I created a new certificate for the machine and the curl command works.