Dear tech support, Regarding the CA chain problem, it can be reproduced using curl: $ curl -v > https://data.lab.fiware.org/api/3/action/package_search\?rows\=20\&start\=0 > * Trying 130.206.84.9... > * Connected to data.lab.fiware.org (130.206.84.9) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * Cipher selection: > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * successfully set certificate verify locations: > * CAfile: /usr/local/etc/openssl/cert.pem > CApath: none > * TLSv1.2 (OUT), TLS header, Certificate Status (22): > * TLSv1.2 (OUT), TLS handshake, Client hello (1): > * TLSv1.2 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (OUT), TLS alert, Server hello (2): > * SSL certificate problem: unable to get local issuer certificate > * Closing connection 0 > * TLSv1.2 (OUT), TLS alert, Client hello (1): > curl: (60) SSL certificate problem: unable to get local issuer certificate > More details here: https://curl.haxx.se/docs/sslcerts.html > > curl performs SSL certificate verification by default, using a "bundle" > of Certificate Authority (CA) public keys (CA certs). If the default > bundle file isn't adequate, you can specify an alternate file > using the --cacert option. > If this HTTPS server uses a certificate signed by a CA represented in > the bundle, the certificate verification probably failed due to a > problem with the certificate (it might be expired, or the name might > not match the domain name in the URL). > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. > Also you can see that quality assurance tools like the one provided by ssllabs https://www.ssllabs.com/ssltest/analyze.html?d=data.lab.fiware.org&s=2001%3a720%3a1514%3a5400%3a0%3a0%3a0%3a9&latest <https://www.google.com/url?q=https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Ddata.lab.fiware.org%26s%3D2001%253a720%253a1514%253a5400%253a0%253a0%253a0%253a9%26latest&sa=D&sntz=1&usg=AFQjCNHEXRsMD9OhZQ8oyYtnUky8UlqzXQ> also complains about the CA chain: "This server's certificate chain is incomplete. Grade capped to B." > Best regards, Alejandro. On Mon, Nov 7, 2016 at 1:24 PM, Alejandro Rodriguez <alex.mognom at gmail.com> wrote: > Dear Sir/Madam. > > The CA chain is not included on the SSL configuration, so when making > queries using python the certificate is not validated, throwing an SSL > validation error. > > Best regards, > Alejandro. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20161108/a968580d/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy