Error: certificate verification failed when connecting to API

ktsakos · February 1, 2018, 1:30pm

Hello everyone!

Although i have access from my browser to the UI https://localhost:8080 i can’t reach the REST API with curl or postman.

When i run " curl -X GET https://localhost:8080/api/applications" i got this message:
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

What should i do?

jith_cr1 · February 2, 2018, 6:28am

Hi,

try below command
sudo update-ca-certificates

if still issues, create ssl certificate and perform curl with certification verification try below with curl
curl --capath --cacert

if you don’t want certificate verification

curl --insecure -X

ktsakos · February 2, 2018, 12:05pm

curl -H “Grpc-Metadata-Authorization:+oL6k7HXwsAhVrzyvKSsmRZo1dPsJ/iaD8ynpncMOTI=” https://localhost/api/applications --insecure -X GET

The jwt token that i want as header for the authentication do you know where can i find it?
I put the one which is in the lora-app-server config file into /etc/default folder but it wasn’t accepted!

iegomez · February 2, 2018, 12:11pm

That’s because in the conf file you have the jwt secret, not a jwt token for a given user. You can get a token through the API web ui, or directly with curl by posting to /api/internal/login, which expects a json encoded user/pass pair:

{
  "password": "string",
  "username": "string"
}

It will return a json response holding the token:

{
  "jwt": "string"
}

This is an example post using curl:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \ 
   "password": "string", \ 
   "username": "string" \ 
 }' 'https://your-domain:8080/api/internal/login'

jith_cr1 · February 2, 2018, 1:58pm

by default ,
“password”: “admin”,
“username”: “admin”

ktsakos · February 2, 2018, 3:09pm

Thank you so much for your valuable help!It works now!