Cuberite Forum
[SOLVED] Error: HTTPS certs for webadmin - Printable Version

+- Cuberite Forum (https://forum.cuberite.org)
+-- Forum: Cuberite (https://forum.cuberite.org/forum-4.html)
+--- Forum: Discussion (https://forum.cuberite.org/forum-5.html)
+--- Thread: [SOLVED] Error: HTTPS certs for webadmin (/thread-3017.html)



[SOLVED] Error: HTTPS certs for webadmin - daisukiXCI - 09-11-2017

Hello,

i try to use https for the webadmin but i doesn't seem to work. At first i used my own certificate from my own CA but it failed so i tried to use the script GenerateSelfSignedHTTPSCertUsingOpenssl.sh and i got the same error:

[21:37:28] WebServer: Cannot read HTTPS certificate: -0x2180

i look into the code it seems the error is from the src/HTTP/HTTPServer.cpp:
int res = Cert->Parse(CertFile.data(), CertFile.size());
if (res == 0)
{
auto CertPrivKey = std::make_shared<cCryptoKey>();
res = CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), "");
if (res == 0)
{
// Modifyable locally but otherwise must be const
auto Config = cSslConfig::MakeDefaultConfig(false);
Config->SetOwnCert(Cert, CertPrivKey);
m_SslConfig = std::move(Config);
}
else
{
// Reading the private key failed, reset the cert:
LOGWARNING("WebServer: Cannot read HTTPS certificate private key: -0x%x", -res);
}
}
else
{
LOGWARNING("WebServer: Cannot read HTTPS certificate: -0x%x", -res);
}

Thank you for your time.


RE: Error: HTTPS certs for webadmin - xoft - 09-11-2017

The -0x2180 error is POLARSSL_ERR_X509_INVALID_FORMAT. That means that the file is in a format not supported by the TLS library. Which is weird, considering that the Generate script always has worked so far.

Could you post the generated cert and key? (You won't be using it anyway, so it shouldn't be a security concern Smile


RE: Error: HTTPS certs for webadmin - daisukiXCI - 09-18-2017

(09-11-2017, 05:37 PM)xoft Wrote: The -0x2180 error is POLARSSL_ERR_X509_INVALID_FORMAT. That means that the file is in a format not supported by the TLS library. Which is weird, considering that the Generate script always has worked so far.

Could you post the generated cert and key? (You won't be using it anyway, so it shouldn't be a security concern Smile

First, sorry for the response time. I couldn't go on internet before today.

EDIT:i remove them because i let my email adress in it

Thanks by advance for your time


RE: Error: HTTPS certs for webadmin - xoft - 09-18-2017

I meant for you to post the whole files.

When I copy-paste the certificate and privkey data from your listings into a fresh new pair of files, my Cuberite accepts them without any problem. But I tried on an older executable built with PolarSSL, I'll retry the new one with mbedTLS sometime in the afternoon.


RE: Error: HTTPS certs for webadmin - daisukiXCI - 09-19-2017

(09-18-2017, 11:25 PM)xoft Wrote: I meant for you to post the whole files.

When I copy-paste the certificate and privkey data from your listings into a fresh new pair of files, my Cuberite accepts them without any problem. But I tried on an older executable built with PolarSSL, I'll retry the new one with mbedTLS sometime in the afternoon.

 i uploaded you both files


RE: Error: HTTPS certs for webadmin - xoft - 09-19-2017

Right, so the files work in the old PolarSSL version, but not in the mbedTLS version. I'll investigate this. Thanks for the report and the data.


RE: Error: HTTPS certs for webadmin - xoft - 09-19-2017

I've found the cause and made a pull request with a fix: https://github.com/cuberite/cuberite/pull/4036

In the meantime, you can use your certificates if you convert them from PEM to DER (but keep their filenames).
( openssl x509 -inform pem -in certificate.pem -outform der -out certificate.crt )


RE: Error: HTTPS certs for webadmin - daisukiXCI - 09-20-2017

(09-19-2017, 07:37 PM)xoft Wrote: I've found the cause and made a pull request with a fix: https://github.com/cuberite/cuberite/pull/4036

In the meantime, you can use your certificates if you convert them from PEM to DER (but keep their filenames).
( openssl x509 -inform pem -in certificate.pem -outform der -out certificate.crt )

i saw your pull request has been merged. Thank you, i will try it and tell you the resulthttps://forum.cuberite.org/newreply.php?tid=3017&replyto=28601

EDIT: it works well thank you again