Curl post in ADC tutorial fails


#1

Hi @willcharlton @Martin

I tried to follow the ADC device provisioning tutorial using TLS certs as per the following link:
http://docs.exosite.com/tutorials/provisioning/

Specifically:

  1. Created a new device called “00000002” in my Exosite account
  2. Used the following command to generate keys and certs
    openssl req -x509 -nodes -days 365 -sha256 -subj /C=US/ST=MN/L=Mpls/O=Exosite/CN=00000002 -newkey rsa:2048 -keyout adc-key.pem -out adc-cert.pem
  3. Used the following command to merge the key and cert into one file
    cat adc-key.pem adc-cert.pem >> adc.pem
  4. Used the following curl command to provision and write data to my device
    curl -v “/onep:v1/stack/alias” -d ‘myalias=55’ -E ./adc.pem

The request fails with the following error message:

  • Trying 50.18.196.186…
  • Connected to .m2.exosite.io (50.18.196.186) port 443 (#0)
  • found 173 certificates in /etc/ssl/certs/ca-certificates.crt
  • found 704 certificates in /etc/ssl/certs
  • ALPN, offering http/1.1
  • SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
  • server certificate verification OK
  • server certificate status verification SKIPPED
  • common name: *.m2.exosite.io (matched)
  • server certificate expiration date OK
  • server certificate activation date OK
  • certificate public key: RSA
  • certificate version: #3
  • subject: CN=*.m2.exosite.io
  • start date: Fri, 13 Jan 2017 00:00:00 GMT
  • expire date: Sat, 13 Jan 2018 23:59:59 GMT
  • issuer: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA
  • compression: NULL
  • ALPN, server did not agree to a protocol

POST /onep:v1/stack/alias HTTP/1.1
Host: .m2.exosite.io
User-Agent: curl/7.47.0
Accept: /
Content-Length: 10
Content-Type: application/x-www-form-urlencoded

  • upload completely sent off: 10 out of 10 bytes
    < HTTP/1.1 401 Unauthorized
    < content-length: 27
    < date: Thu, 14 Sep 2017 20:26:43 GMT
    < server: Murano
    <
    HTTP/1.1 401 Unauthorized
  • Connection #0 to host .m2.exosite.io left intact

Kind regards,
Vijay.


#2

I’m able to use same certificate and key to communicate using a small python script:

import requests
path = 'productid.m2.exosite.io/onep:v1/stack/alias'
s = requests.Session()
def write():
r = s.post(
    path,
    cert=('adc-cert.pem', 'adc-key.pem'),
    data={'testResource': 50}
)
r.content
return r.status_code
print(write())

#3

But I still need the curl request to work, as I’m using that in a script for automation.


#4

I’ve not had much luck with combing the key and cert into a single file for curl. So I use something like the following:

curl -v https://${DEVICE_HOST}/onep:v1/stack/alias \
		--cert client-signed.cer --key client-key.pem \
		-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
		-d 'data_in=42'

#5

Hi @tadpol

Thanks for the help. Please update the documentation on docs.exosite.com

Kind regards,
Vijay.


#6

Hi @tadpol,

I have same issue, I follow this tutorial http://docs.exosite.com/tutorials/provisioning/ and got 401 Unauthorized.

And I did your command:

curl -v https://${DEVICE_HOST}/onep:v1/stack/alias \
  --cert client-signed.cer --key client-key.pem \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
  -d 'data_in=42'

also got 401 Unauthorized, here the log:

$ curl -v https://<product_id>.m2.exosite.io/onep:v1/stack/alias \
--cert ./adc-cert.pem --key ./adc-key.pem \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-d 'data_in=42'

*   Trying 13.56.85.189...
* Connected to <product_id>.m2.exosite.io (13.56.85.189) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.m2.exosite.io (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=*.m2.exosite.io
* 	 start date: Mon, 18 Dec 2017 00:00:00 GMT
* 	 expire date: Sat, 16 Feb 2019 12:00:00 GMT
* 	 issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=RapidSSL RSA CA 2018
* 	 compression: NULL
* ALPN, server did not agree to a protocol
> POST /onep:v1/stack/alias HTTP/1.1
> Host: <product_id>.m2.exosite.io
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded; charset=utf-8
> Content-Length: 10
>
* upload completely sent off: 10 out of 10 bytes
< HTTP/1.1 401 Unauthorized
< content-length: 27
< date: Tue, 24 Jul 2018 05:16:43 GMT
< server: Murano
<
HTTP/1.1 401 Unauthorized

My question is, how do you generate your key and cert?

–cert client-signed.cer --key client-key.pem

is it same with command as follows:

openssl req -x509 -nodes -days 365 -sha256 -subj /C=US/ST=MN/L=Mpls/O=Exosite/CN=00000002 -newkey rsa:2048 -keyout adc-key.pem -out adc-cert.pem