Author Topic: CWP API - Error SSL with IP or FQDN  (Read 1715 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP API - Error SSL with IP or FQDN
« on: April 25, 2020, 02:26:07 AM »
Hello CWP Team! , I come to you because my searches are exhausted and I could not find anything specific. Currently I have the CWP Pro and it is really fantastic. I had a problem because I am implementing google's 2FA service for admin / user panel. Performing the tests, I even noticed this failure when trying to access internally and externally the API tests and any other:

Code: [Select]
[root@fqdn.dominio.com /usr/local/cwpsrv/htdocs/resources/scripts] # curl -v https://127.0.0.1:2304/v1/testapi/
* About to connect() to 127.0.0.1 port 2304 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 2304 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=fqdn.domain.com
*       start date: abr 24 22:28:57 2020 GMT
*       expire date: jul 23 22:28:57 2020 GMT
*       common name: fqdn.dominio.com
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
[root@fqdn.dominio.com /usr/local/cwpsrv/htdocs/resources/scripts] # curl -v https://123.123.123.123:2304/v1/testapi/
* About to connect() to 123.123.123.123 port 2304 (#0)
*   Trying 123.123.123.123...
* Connected to 123.123.123.123 (123.123.123.123) port 2304 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=fqdn.domain.com
*       start date: abr 24 22:28:57 2020 GMT
*       expire date: jul 23 22:28:57 2020 GMT
*       common name: fqdn.domain.com
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

Within the CWP> API Manager panel, the resolution is applied by IP and not by FQDN, for example https://123.123. 123.123: 2304 / v1.
I would also like to point out that I had to install through the script "/usr/local/cwpsrv/htdocs/resources/scripts/install_api" because it did not start the process cwpsrv (master) associated with port 2304.


Any suggestion or information will be welcome.

Greetings to everybody and thanks!

Mariano

Offline
***
Re: CWP API - Error SSL with IP or FQDN
« Reply #1 on: April 25, 2020, 02:41:47 AM »
Try using he hostname of the machine.  Your hostname cert should then match.
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #2 on: April 27, 2020, 07:47:11 PM »
First of all, thanks for helping me. Excuse me for the delay but I had health problems.
Today when trying to pick up the topic I find that access to the admin panel through port 2031 was not available and luckily I found this post where it indicated the failure:
http://forum.centos-webpanel.com/index.php?topic=8785.0

Well moving to the focus of this topic, my problem is that the running process is not found (api endpoint 2304 SSL). I really don't know the difference between php and phpfpm which is why I find it difficult to solve this issue. Any suggestion is welcome.

Code: [Select]
./check_api
User API port 2302 check: OK
Oauth query check: OK
User API folder check: OK
External API port 2304 check: FAILED
CSF Firewall status check: ENABLED
TCP_IN for port 2304 set in /etc/csf/csf.conf: OK
TCP_OUT for port 2304 set in /etc/csf/csf.conf: OK

Code: [Select]
netstat -tulpn|grep cwp
tcp        0      0 127.0.0.1:2302          0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2030            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2031            0.0.0.0:*               LISTEN      919/cwpsrv: master
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      919/cwpsrv: master

Thanks!

Offline
***
Re: CWP API - Error SSL with IP or FQDN
« Reply #3 on: April 28, 2020, 02:18:15 AM »
systemctl status cwp-phpfpm

probably not running

systemctl enable cwp-phpfpm
systemctl start cwp-phpfpm
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #4 on: April 28, 2020, 06:33:09 AM »
Code: [Select]
[root@vps-domain /usr/local/cwpsrv/htdocs/resources/scripts] # systemctl status cwp-phpfpm
● cwp-phpfpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/cwp-phpfpm.service; enabled; vendor preset: disabled)
   Active: active (running) since lun 2020-04-27 16:35:35 -03; 10h ago
 Main PID: 753 (php-fpm)
   CGroup: /system.slice/cwp-phpfpm.service
           └─753 php-fpm: master process (/usr/local/cwp/php71/etc/php-fpm.conf)

abr 27 16:35:35 vps-domain. systemd[1]: Started The PHP FastCGI Process Manager.
[root@vps-domain /usr/local/cwpsrv/htdocs/resources/scripts] # systemctl enable cwp-phpfpm
[root@vps-domain /usr/local/cwpsrv/htdocs/resources/scripts] # systemctl start cwp-phpfpm
[root@vps-domain /usr/local/cwpsrv/htdocs/resources/scripts] # systemctl status cwp-phpfpm
● cwp-phpfpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/cwp-phpfpm.service; enabled; vendor preset: disabled)
   Active: active (running) since lun 2020-04-27 16:35:35 -03; 10h ago
 Main PID: 753 (php-fpm)
   CGroup: /system.slice/cwp-phpfpm.service
           └─753 php-fpm: master process (/usr/local/cwp/php71/etc/php-fpm.conf)

abr 27 16:35:35 vps-domain. systemd[1]: Started The PHP FastCGI Process Manager.
[root@vps-domain /usr/local/cwpsrv/htdocs/resources/scripts] # netstat -tulpn|grep cwp
tcp        0      0 127.0.0.1:2302          0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2030            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2031            0.0.0.0:*               LISTEN      22577/cwpsrv: maste
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      22577/cwpsrv: maste

Offline
***
Re: CWP API - Error SSL with IP or FQDN
« Reply #5 on: April 28, 2020, 08:38:38 AM »
Make sure /usr/local/cwpsrv/conf.d/api.conf   exists
Make sure /usr/local/cwpsrv/conf/cwpsrv.conf contains the line include /usr/local/cwpsrv/conf.d/*.conf;
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #6 on: April 28, 2020, 04:02:57 PM »
cat /usr/local/cwpsrv/conf.d/api.conf

Code: [Select]
cat: /usr/local/cwpsrv/conf.d/api.conf: The file or directory does not exist.

/usr/local/cwpsrv/conf/cwpsrv.conf

Code: [Select]
    server {
        listen       2031 ssl;
        listen       2087 ssl;
        server_name  localhost;
        rewrite "/cwp_([0-9a-zA-Z]{32})/(.*)" /$2;

        ssl_session_timeout 90m;
        ssl_certificate /etc/pki/tls/certs/hostname.bundle;
        ssl_certificate_key /etc/pki/tls/private/hostname.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        error_page 497  https://$host:2087$request_uri;

        location / {
            root   /usr/local/cwpsrv/htdocs/admin;
            index  index.html index.htm index.php;

            # Includes
            include /usr/local/cwpsrv/conf/cwp_rewrite.conf;
            include /usr/local/cwpsrv/conf/cwp_services.conf;
            include /usr/local/cwpsrv/conf/include/*.conf;
            include /usr/local/cwpsrv/conf/cwp_panels.conf;

            location ~ \.php$ {
                try_files $uri =404;
                root /usr/local/cwpsrv/htdocs/admin;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_read_timeout 600;
                fastcgi_pass    unix:/usr/local/cwp/php71/var/sockets/cwpsrv.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME   $fastcgi_script_name;
                include                 fastcgi_params;
            }
        }
    }
    include /usr/local/cwpsrv/conf.d/*.conf;
}

cat /usr/local/cwpsrv/conf/cwpsrv.conf | grep conf.d
    include /usr/local/cwpsrv/conf.d/*.conf;


Thanks for helping.

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #7 on: April 28, 2020, 08:26:47 PM »
Last logs :

cat /usr/local/cwp/php71/var/log/php-fpm.log

Code: [Select]
[28-Apr-2020 17:07:57] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:02] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:07] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:12] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:17] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:22] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:27] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:32] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:37] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:42] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:47] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:52] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:08:57] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:02] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:07] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:12] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:17] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:22] WARNING: [pool cwpsrv] child 5250 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:27] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:32] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:37] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:42] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:47] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:51] WARNING: [pool cwpsrv] child 14445 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:09:56] WARNING: [pool cwpsrv] child 5253 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:10:01] WARNING: [pool cwpsrv] child 13520 said into stderr: "sed: couldn't write 79 items to stdout: Broken pipe"
[28-Apr-2020 17:10:02] WARNING: [pool cwpsrv] child 14445 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined index: type in /usr/local/cwpsrv/htdocs/resources/admin/addons/ajax/ajax_packages.php on line 0"
[28-Apr-2020 17:10:02] WARNING: [pool cwpsrv] child 14445 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: table in /usr/local/cwpsrv/htdocs/resources/admin/addons/ajax/ajax_packages.php on line 2097152"
[28-Apr-2020 17:12:29] WARNING: [pool cwpsvc] child 22574, script '/usr/local/cwpsrv/var/services/pma/db_structure.php' (request: "POST /pma/db_structure.php") executing too slow (6.051222 sec), logging
[28-Apr-2020 17:12:29] NOTICE: child 22574 stopped for tracing
[28-Apr-2020 17:12:29] NOTICE: about to trace 22574
[28-Apr-2020 17:12:29] NOTICE: finished trace of 22574
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Warning:  session_destroy(): Trying to destroy uninitialized session in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: [obfuscated] in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: [obfuscated] in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: [obfuscated] in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: [obfuscated] in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:35] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined variable: [obfuscated] in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:36] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined index: intended in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"
[28-Apr-2020 17:15:36] WARNING: [pool login] child 23170 said into stderr: "NOTICE: PHP message: PHP Notice:  Undefined index: intended in /usr/local/cwpsrv/var/services/users/login/index.php on line 0"


Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #8 on: April 28, 2020, 09:01:59 PM »
Hello

What are the endpoints that are called in this application?

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #9 on: April 29, 2020, 04:10:14 PM »
Hello ,

Two Factor Authorization and for a client system.

Offline
*
Re: CWP API - Error SSL with IP or FQDN
« Reply #10 on: May 02, 2020, 02:58:52 AM »
Could someone help me with this topic?

Thanks!