NEMS SSL Error

Found something amiss in NEMS? Confirm first that you are running the latest version, and then post your bug report here.
deger
Junior Member
Posts: 9
Joined: Wed Nov 08, 2017 9:37 am

NEMS SSL Error

Post by deger »

My nems-init output:

login as: dajadmin
dajadmin@nems's password:
Linux NEMS 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l
Last login: Wed Nov  8 08:27:20 2017 from 10.254.0.157

                                 \ |  __|   \  |   __|
                                .  |  _|   |\/ | \__ \
                               _|\_| ___| _|  _| ____/

                                 BY: ROBBIE FERGUSON
                                    NEMSLINUX.COM

  NEMS Version.....: 1.3 (Current Version is 1.3)
  NEMS IP Address..: 10.254.0.141
  Last Login.......: Wed Nov 8 09:34:11 from 10.254.0.157
  Uptime...........: 0days 0hours 3minutes 32seconds
  Load.............: 0.11 (1 minute) 0.24 (5 minutes) 0.11 (15 minutes)
                     0.02 (1 week)
  Memory...........: Total: 976 MB / Used: 177 MB / Free: 447 MB / Cached: 99 MB
  Disk Usage.......: You're using 79% of your SD Card space
  SSH Logins.......: 1 user logged in
  Processes........: 158 total running of which 6 are yours
dajadmin@NEMS:~ $ sudo nems-init
[sudo] password for dajadmin:

Welcome to NEMS initialization script.

Ign:1 http://download.webmin.com/download/repository sarge InRelease
Hit:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease
Hit:3 http://ftp.debian.org/debian stretch-backports InRelease
Hit:4 http://download.webmin.com/download/repository sarge Release
Hit:5 http://archive.raspberrypi.org/debian stretch InRelease
Hit:7 http://archive.raspbian.org/raspbian stretch InRelease
Ign:8 http://giteduberger.fr rpimonitor/ InRelease
Hit:9 http://giteduberger.fr rpimonitor/ Release
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

What username would you like to use when
logging in to NEMS? dajadmin
Password:
Password (again):
Adding password for user dajadmin
adduser: The user `dajadmin' already exists.
Disabling nemsadmin access. Remember you must now login as dajadmin
/usr/sbin/deluser: The user `nemsadmin' is not a member of group `sudo'.
Initializing new Nagios user
  Importing: contact
  Importing: contactgroup

Current default time zone: 'America/New_York'
Local time is now:      Wed Nov  8 09:38:58 EST 2017.
Universal Time is now:  Wed Nov  8 14:38:58 UTC 2017.


Let's configure your keyboard.
Please MAKE SURE a keyboard is connected to your NEMS Server.

Press any key to continue
Now, let's generate your SSL Certificates...
DO NOT LEAVE ANYTHING BLANK - If you do, the certs will fail.

Fill in the following:
Country Code: US
Province/State: Pennsylvania
Your City: Hollidaysburg
Company Name or Your Name: DAJPress any key to continue
Now, let's generate your SSL Certificates...
DO NOT LEAVE ANYTHING BLANK - If you do, the certs will fail.

Fill in the following:
Country Code: US
Province/State: Pennsylvania
Your City: Hollidaysburg
Company Name or Your Name: DAJ
Your email address: Generating RSA private key, 2048 bit long modulus
......................................................................+++
.........................................................................................+++
e is 65537 (0x010001)
Generating a 2048 bit RSA private key
............................+++
...+++
writing new private key to 'server-key.pem'
-----
writing RSA key
Signature ok
subject=C = US, ST = Pennsylvania, L = Hollidaysburg, O = DAJPress any key to continue, CN = *.nems.local, emailAddress = "Now, lets generate your SSL Certificates..."
Getting CA Private Key
Generating a 2048 bit RSA private key
...+++
.....................................+++
writing new private key to 'client-key.pem'
-----
writing RSA key
Signature ok
subject=C = US, ST = Pennsylvania, L = Hollidaysburg, O = DAJPress any key to continue, CN = *.nems.local, emailAddress = "Now, lets generate your SSL Certificates..."
Getting CA Private Key
Done.


Now we will resize your root partition to give you access to all the space
Done.

NOTICE: When you reboot, you must login as dajadmin

Press any key to reboot (required)

broswer error screenshot attached.

Thanks,
Dave
Attachments
Nems SSL Error.png
deger
Junior Member
Posts: 9
Joined: Wed Nov 08, 2017 9:37 am

RE: NEMS SSL Error

Post by deger »

Time on local PC and Server are both set to EST
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: NEMS SSL Error

Post by Robbie Ferguson »

Your cert creation failed because it seems you pasted something in as you were entering company name.

Note: O = DAJPress any key to continue

And email address is set to emailAddress = "Now, lets generate your SSL Certificates..."

Please run nems-init again and be careful to input the info meticulously  :)
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
deger
Junior Member
Posts: 9
Joined: Wed Nov 08, 2017 9:37 am

RE: NEMS SSL Error

Post by deger »

Ok, new output:

login as: dajadmin
dajadmin@nems's password:
Linux NEMS 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l
Last login: Wed Nov  8 09:34:11 2017 from 10.254.0.157

                                 \ |  __|   \  |   __|
                                .  |  _|   |\/ | \__ \
                               _|\_| ___| _|  _| ____/

                                 BY: ROBBIE FERGUSON
                                    NEMSLINUX.COM

  NEMS Version.....: 1.3 (Current Version is 1.3)
  NEMS IP Address..: 10.254.0.141
  Last Login.......: Wed Nov 8 10:00:34 from 10.254.0.157
  Uptime...........: 0days 0hours 20minutes 21seconds
  Load.............: 0.13 (1 minute) 0.06 (5 minutes) 0.07 (15 minutes)
                     0.02 (1 week)
  Memory...........: Total: 976 MB / Used: 161 MB / Free: 352 MB / Cached: 99 MB
  Disk Usage.......: You're using 79% of your SD Card space
  SSH Logins.......: 1 user logged in
  Processes........: 149 total running of which 5 are yours
dajadmin@NEMS:~ $ sudo init-nems
[sudo] password for dajadmin:
sudo: init-nems: command not found
dajadmin@NEMS:~ $ sudo nems-init

Welcome to NEMS initialization script.

Hit:1 http://ftp.debian.org/debian stretch-backports InRelease
Hit:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease
Hit:3 http://archive.raspbian.org/raspbian stretch InRelease
Hit:4 http://archive.raspberrypi.org/debian stretch InRelease
Ign:5 http://giteduberger.fr rpimonitor/ InRelease
Hit:6 http://giteduberger.fr rpimonitor/ Release
Ign:8 http://download.webmin.com/download/repository sarge InRelease
Hit:9 http://download.webmin.com/download/repository sarge Release
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

What username would you like to use when
logging in to NEMS? dajadmin
Password:
Password (again):
Adding password for user dajadmin
adduser: The user `dajadmin' already exists.
Disabling nemsadmin access. Remember you must now login as dajadmin
/usr/sbin/deluser: The user `nemsadmin' is not a member of group `sudo'.
Initializing new Nagios user
  Importing: contact
  Importing: contactgroup

Current default time zone: 'America/New_York'
Local time is now:      Wed Nov  8 10:03:35 EST 2017.
Universal Time is now:  Wed Nov  8 15:03:35 UTC 2017.


Let's configure your keyboard.
Please MAKE SURE a keyboard is connected to your NEMS Server.

Press any key to continue
Now, let's generate your SSL Certificates...
DO NOT LEAVE ANYTHING BLANK - If you do, the certs will fail.

Fill in the following:
Country Code: US
Province/State: Pennsylvania
Your City: Hollidaysburg
Company Name or Your Name: DAJ
Your email address: [email protected]
Generating RSA private key, 2048 bit long modulus
...........+++
.....................................................................+++
e is 65537 (0x010001)
Generating a 2048 bit RSA private key
...............................................+++
...............................................+++
writing new private key to 'server-key.pem'
-----
writing RSA key
Signature ok
subject=C = US, ST = Pennsylvania, L = Hollidaysburg, O = DAJ, CN = *.nems.local, emailAddress = [email protected]
Getting CA Private Key
Generating a 2048 bit RSA private key
.........................................+++
........................................................................................+++
writing new private key to 'client-key.pem'
-----
writing RSA key
Signature ok
subject=C = US, ST = Pennsylvania, L = Hollidaysburg, O = DAJ, CN = *.nems.local, emailAddress = [email protected]
Getting CA Private Key
Done.


Now we will resize your root partition to give you access to all the space
Done.

NOTICE: When you reboot, you must login as dajadmin

Press any key to reboot (required)

I still get the same SSL error when trying to open the System Settings Tool  :huh:
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: NEMS SSL Error

Post by Robbie Ferguson »

Few quick things to try and then we'll go from there:
  1. Access via nems.local (not just nems)
  2. Check your system's date and time: are they correct?
  3. Did you have NEMS 1.2.x installed previously? If yes, please make sure you delete the certificates from your computer and restart.
Thanks!
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
deger
Junior Member
Posts: 9
Joined: Wed Nov 08, 2017 9:37 am

RE: NEMS SSL Error

Post by deger »

Same error with nems.local

Time is correct on nems and on workstation

This is the first version on NEMS I am running.

Anything else I can do to try and troubleshoot?


Thanks,
Dave
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: NEMS SSL Error

Post by Robbie Ferguson »

Are you able to access other aspects of NEMS over SSL? Is it just NEMS SST that's doing this?

Can you please view the certificate in your browser (click the icon to the left of the address bar) and let me know these details: certificate Issuer, Valid from, Valid to, and Subject.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: NEMS SSL Error

Post by Robbie Ferguson »

Could someone with this problem please post the results of nems-info sslcert for me?
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: NEMS SSL Error

Post by Robbie Ferguson »

I don't seem to be getting any response here from the community.

Please also test:

Code: Select all

sudo nems-update && sudo nems-quickfix && sudo nems-cert
https://docs.nemslinux.com/commands/nems-cert

And then tell me if things look any different.

Thanks.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
Kuesco
Junior Member
Posts: 8
Joined: Fri Nov 10, 2017 6:56 am

RE: NEMS SSL Error

Post by Kuesco »

Hi Robbie, i have run the command, used generic settings when asked on the NEMS quickfix part and the script autogenerated a new cert (Ontario, Canada), but i still get the same SSL error.
Only thing to note during the nems-update partt was one repository marked as unavailable (the last one).

As far as i see, this affects only access to NSST. Nconf, Nagios Core, Nagvis and CheckMK are all OK and Nconf deploys changes as expected.

I can´t check webmin, RPI Monitor and monit right now because i am not in a local network and they use ports not mapped in my router, but later i will try.
Post Reply