Supla + OpenHAB | Natywnie i przez REST API

superprzemo
Posts: 36
Joined: Thu May 09, 2019 6:52 am

Fri Jul 05, 2019 1:44 pm

Tak, Supla-Cloud mam na swoim RPI3, z tym dodaniem certyfikatów to chyba nie dam rady :(
Co do tokena to proszę:

Code: Select all

aHR0cHM6Ly8xOTIuMTY4LjEuNDU=
magx2
Posts: 279
Joined: Wed May 17, 2017 1:27 pm
Contact:

Fri Jul 05, 2019 1:53 pm

superprzemo wrote:
Fri Jul 05, 2019 1:44 pm
z tym dodaniem certyfikatów to chyba nie dam rady :(
No musisz dodac certy, inczej nie zadziala
superprzemo
Posts: 36
Joined: Thu May 09, 2019 6:52 am

Mon Jul 08, 2019 7:45 pm

Dodałem certyfikat do cacerts, ale to nic nie zmieniło (OH nie chce się połączyć z Supla).
Jak sprawdzić czy dodany certyfikat jest poprawny?
User avatar
pzygmunt
Posts: 5963
Joined: Tue Jan 19, 2016 9:26 am
Location: Paczków
Contact:

Mon Jul 08, 2019 9:27 pm

Zainstalowałeś certyfikaty pośrednie ?
superprzemo
Posts: 36
Joined: Thu May 09, 2019 6:52 am

Tue Jul 09, 2019 5:48 am

Zainstalowałem certyfikat wygenerowany podczas eksportowania certyfikatów "Certyfikat X.509 szyfrowany binarnie algorytmem DER (CER)" po otworzeniu strony logowania się do dockerwej SUPLA na RPI3.
Nie widziałem możliwości wyboru certyfikatu. Coś źle zrobiłem?
magx2
Posts: 279
Joined: Wed May 17, 2017 1:27 pm
Contact:

Tue Jul 09, 2019 9:08 am

Z tego co poszukalem to tak mozesz zaimportowac na RPi certyfikat:

Code: Select all

$ keytool -import -trustcacerts -keystore /opt/java/jre/lib/security/cacerts   -storepass changeit -noprompt -alias mycert -file /tmp/examplecert.crt
https://stackoverflow.com/a/11617655/1819402
superprzemo
Posts: 36
Joined: Thu May 09, 2019 6:52 am

Tue Jul 09, 2019 10:46 am

Niby certyfikat jest dodany ale OH daje taki komunikat:
Status: OFFLINE - CONFIGURATION_ERROR Cannot start server! javax.net.ssl.SSLPeerUnverifiedException: Hostname 192.168.1.45 not verified: certificate: sha1/vaCT/OCW6YyxKz0HdZYpBPTRaUw= DN: CN=SUPLA, O=SUPLA, L=SUPLA, ST=SUPLA, C=PL subjectAltNames: []
User avatar
pzygmunt
Posts: 5963
Joined: Tue Jan 19, 2016 9:26 am
Location: Paczków
Contact:

Tue Jul 09, 2019 10:54 am

Przetestuj certyfikat

Code: Select all

openssl s_client -showcerts -connect TWOJADOMENA:443
superprzemo
Posts: 36
Joined: Thu May 09, 2019 6:52 am

Tue Jul 09, 2019 11:12 am

pi@raspberrypi:~ $ openssl s_client -showcerts -connect 192.168.1.45:443
CONNECTED(00000003)
depth=0 C = PL, ST = SUPLA, L = SUPLA, O = SUPLA, CN = SUPLA
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = SUPLA, L = SUPLA, O = SUPLA, CN = SUPLA
verify return:1
---
Certificate chain
0 s:/C=PL/ST=SUPLA/L=SUPLA/O=SUPLA/CN=SUPLA
i:/C=PL/ST=SUPLA/L=SUPLA/O=SUPLA/CN=SUPLA
-----BEGIN CERTIFICATE-----
MIIDcDCCAligAwIBAgIJAJsjI72DSAdqMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
BAYTAlBMMQ4wDAYDVQQIDAVTVVBMQTEOMAwGA1UEBwwFU1VQTEExDjAMBgNVBAoM
BVNVUExBMQ4wDAYDVQQDDAVTVVBMQTAeFw0xOTA2MTExOTI4MTJaFw0yMDA2MTAx
OTI4MTJaME0xCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTVVBMQTEOMAwGA1UEBwwF
U1VQTEExDjAMBgNVBAoMBVNVUExBMQ4wDAYDVQQDDAVTVVBMQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANczkxp3Us/ejvoIDrCBnrG52nVsSN3Olp4c
7mEVAJQFsKsCWzb03E3L9+j9NiRkoN9XljWsW+xiqihB1/O24GLt0xJX3dooGXIQ
iRFa9GPrL/R99VW80iVl1VBeD916y+UkGkIBGeTHtWadEJu+Uu6c7A5iv5MW+A5t
kik0nKVRHbEAktfkhC76Fbwk+PIxUuz1tX80m/tc5luq2rvvIDeE2IuZHPTNgotf
B9z2e4LQtUSPjPM0BiFRW0mhO/uLbH3hucrTlRz7NpJ85mhu0gN6piuAVkkHxMoU
ytyQ6wO1Ko2SZu1NND4XfPtj1DZA5GF11ehZsbfQV/cNGlviR7cCAwEAAaNTMFEw
HQYDVR0OBBYEFAb/E1K57wdQnQk4Us4sOWuQ/D9uMB8GA1UdIwQYMBaAFAb/E1K5
7wdQnQk4Us4sOWuQ/D9uMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggEBAFvIa9pQ1WRjzOgSSMWJVno5FjccB9fCiySwzOvGC5MibpSSvLmTbYIUXAKp
7CALqeoU8q4UCgpV+YAjqmyw61tbuT1BbWGoOBsfDZv0vsnwoug/XKdD0BajMSXN
AVhaglAGky8FdmgByz8J07PK8vIFq/K2/zTgvHRWXfBL1rBs5YLE72ARU5ynpote
CiRa3Nk41e1IUoSvkF3Ff33nRKXuRF2T//+Q3TMjWLIIDgWYjQAEkA4XT98Z3it9
dFdC4TZ5Mn4B0y4PIhHvhJHDFV3i5wYMctIJ7vjDa3JmWuN5AQNwyRomKOTCWlaL
fmhvywMLvTo9jzE0maEMjpTLN5E=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=PL/ST=SUPLA/L=SUPLA/O=SUPLA/CN=SUPLA
issuer=/C=PL/ST=SUPLA/L=SUPLA/O=SUPLA/CN=SUPLA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1570 bytes and written 302 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 064333209273D94DA338D0F6BCFADF4522F5FC73D63E92DB0BB7D411F62A10CE
Session-ID-ctx:
Master-Key: E63DEE9E092837E8940FE2CDF5447DC58FB65E542D5964EC7F9907AAF809E620B804B87A4B7DE7E5BEEA2143916A63EE
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 88 cf ff 30 fb 71 14 db-a5 a6 ba 59 64 3b d8 2e ...0.q.....Yd;..
0010 - 6e 50 bd 67 bb fd ad 3d-99 8e d8 44 cc 1b 88 40 nP.g...=...D...@
0020 - a3 af e1 f5 b5 01 39 86-f7 9e 88 5b 10 60 69 87 ......9....[.`i.
0030 - 9f 64 8a 28 82 36 04 eb-13 c6 c1 7e 37 28 b2 dc .d.(.6.....~7(..
0040 - 72 90 f2 8a 01 e0 11 7b-59 a5 10 08 cb ef 8c 19 r......{Y.......
0050 - 27 d7 e0 b3 f7 fe 82 68-98 0b fe 75 cd fa e9 4e '......h...u...N
0060 - 03 cd f7 cf 17 29 4e cf-72 5b 1c ab a3 18 7e 78 .....)N.r[....~x
0070 - b0 47 cf 0f 71 7b d5 c5-66 5a b7 e1 8a 59 13 88 .G..q{..fZ...Y..
0080 - 5f 12 16 73 3f 3b 3f 6a-75 b2 60 8b 50 d1 e1 65 _..s?;?ju.`.P..e
0090 - 0b fc 96 70 73 ed 14 16-64 05 e3 b6 ba b2 68 e2 ...ps...d.....h.
00a0 - a5 88 c6 7f 9d e9 e7 e9-a1 9d fe 3f 02 45 28 6e ...........?.E(n
00b0 - 90 98 c9 b6 87 1b 54 d4-f5 36 20 e0 0a 5c 82 d6 ......T..6 ..\..

Start Time: 1562670634
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
---
closed
Post Reply