General SSLEngine problem

[mehdibetari]

{"type":"An error occurred while polling https://myapi.com/accounts/27644/state. : General SSLEngine problem","status":2001,"message":"General SSLEngine problem","source":"server"}

since we spent https we have this error in the console

[jukedom]

Hello,

The root cause of your issue is due to the self-signed certificate on your API.
You can check that by putting the url "https://myapi.com/accounts/27644/state" in your favorite browser: the https icon is striped.
Streamdata.io proxy works fine with https api that contains valid certificate.
To make things work, you must use a valid certificate on your API.

Regards,
Dominique

[mehdibetari]

Thank you for your reply, but our certificate is valid and http icon is not striped.

[jukedom]

Hello,

It seems that the hostname tested in the screenshot you've provided is not the same than the API url.
Here is what we get with the hostname myapi.com with firefox:

Using sslshopper online tool to test the hostname myapi.com reveals the following message:
None of the common names in the certificate match the name that was entered (myapi.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.

Certificate seems to be right but hostname associated is wrong.
You can try it on your side: https://www.sslshopper.com/ssl-checker.html#hostname=myapi.com

Regards,
Dominique

[mehdibetari]

Hello

myapi.com is a fake URL I paste for protect our api confidentiality.
Sorry my mistake. My screenshot has taking with real URL

Le 18 août 2016 11:52, "dominiquemongelli" [email protected] a
écrit :

Hello,

It seems that the hostname tested in the screenshot you've provided is not
the same than the API url.
Here is what we get with the hostname myapi.com with firefox:
[image: capture du 2016-08-18 11 47 03]
https://cloud.githubusercontent.com/assets/11227008/17769590/9f7cf56c-6539-11e6-9686-5d5a95b03170.png

Using sslshopper online tool to test the hostname myapi.com reveals the
following message:
None of the common names in the certificate match the name that was
entered (myapi.com http://myapi.com). You may receive an error when
accessing this site in a web browser. Learn more about name mismatch
errors.

Certificate seems to be right but hostname associated is wrong.
You can try it on your side: https://www.sslshopper.com/
ssl-checker.html#hostname=myapi.com

Regards,
Dominique

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#1 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMGzhRBrYer4NsxfYV8l1VmnmPuGMTH6ks5qhCtRgaJpZM4JmoLa
.

[kchoppin]

We're having the same issue after moving to an nginx web server on the same machine.

https://events.streamgo.co.uk/alerts/44

Have done some SSL tests, which are all coming back fine. We have changed streamdata requests to grab through non-ssl for the time being, but would like to use https if possible.

We have not changed the hostname or ip and the cert being served is the same. We've just gone from apache to nginx.

Any ideas?

Thanks

[jukedom]

Hello,

After done some tests with your api, it seems that the domain name events.streamgo.co.uk is a wildcard certificate with an incomplete certificate chain. This can cause the issue you are facing. The intermediate and root certificates from the authority are missing.
To make things work, ssl certificates must contains a valid certification chain.

Regards,
Dominique

[kchoppin]

ok, we'll try to get this sorted. Thanks for looking into it.