-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can not connect to demo using x509 : Server certificate are invalid. #1050
Comments
It seems you are using a JDK/JRE which does not support EC (elliptic curves) Which one are you using (version/OS) ? |
Thanks for reply __ $ > uname -a |
Hi, I change to windows system and no more java error please check the following logs and share the idea , thx C:>java -jar ./leshan-client-demo.jar -n polo_test_certificate -u 23.97.187.154:5684 -ccert ./self_signed_cert.der -scert ./serverCertificate.der -cprik ./cprik.der
2021-07-09 21:31:56,666 INFO LeshanClient - Starting Leshan client ... 2021-07-09 21:32:07,125 INFO DefaultRegistrationEngine - Try to register to coaps://23.97.187.154:5684 again in 600s... |
Would it be possible, that you also execute java -version that should write something as: openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~18.04-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode) |
hi C:>java -version |
OK, it would have been interesting on the machine, where it is not working. |
@stpolo1979, it should work on linux too if you use a JVM with EC provider, anyway you have a working setup now.
I think that current certificate on sandbox are not correct since we add more x509 checks. (6e96cee) |
@stpolo1979, I update the certificate on https://leshan.eclipseprojects.io. It should work now but you need to use domain name instead of ip adress :
(and you need to re-download the server certificate) |
(I just fix LWM2M server, I need to deploy another certificate for LWM2M Bootstrap server sandbox too) |
OK it should be fixed on LWM2M Bootstrap server sandbox too. Now I need to change default certificate in demo setting CN=localhost as default. (or something like this) |
Thanks a lot It works by reload server certificate |
Thinking a bit more about this and looking at a bit more at the specification, I guess there is also a but at client side. (see #1052 for more details) |
Thx again for reporting this. That helps a lot. 🙏 |
Hi,
Please check what's wrong in my operations , thx.
1.downlowd client demo
wget https://ci.eclipse.org/leshan/job/leshan/lastSuccessfulBuild/artifact/leshan-client-demo.jar
2.add security information on
https://leshan.eclipseprojects.io/#/security
endpoint: polo_test_certificate
security mode : x509
3.refer to https://github.com/eclipse/leshan/wiki/Credential-files-format
X509 -> Using OpenSSL to create self-signed certificat
#gen key
openssl ecparam -out keys.pem -name prime256v1 -genkey
#Convert private Key to PKCS#8 format (DER encoding) for -cprik option
openssl pkcs8 -topk8 -inform PEM -outform DER -in keys.pem -out cprik.der -nocrypt
#create a self-signed certificate for -ccert option
openssl req -x509 -new -key keys.pem -sha256 -days 36500 -outform DER -out self_signed_cert.der
4.refer to https://leshan.eclipseprojects.io/#/server
download serverCertificate.der for -scert option
5.start launch leshan-client-demo.jar by
java -jar ./leshan-client-demo.jar -n polo_test_certificate -u 23.97.187.154:5684 -ccert ./self_signed_cert.der -scert ./serverCertificate.der -cprik ./cprik.der
6.got error
==========================================================
Unable to create and start client ...
java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
at sun.security.pkcs11.P11Key$P11ECPrivateKey.getEncodedInternal(P11Key.java:950)
at sun.security.pkcs11.P11Key.getEncoded(P11Key.java:131)
at org.eclipse.leshan.client.demo.LeshanClientDemo.createAndStartClient(LeshanClientDemo.java:686)
at org.eclipse.leshan.client.demo.LeshanClientDemo.main(LeshanClientDemo.java:621)
Caused by: java.security.InvalidKeyException: EC parameters error
at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
at sun.security.ec.ECPrivateKeyImpl.(ECPrivateKeyImpl.java:86)
at sun.security.pkcs11.P11Key$P11ECPrivateKey.getEncodedInternal(P11Key.java:947)
... 3 more
Caused by: java.security.NoSuchProviderException: no such provider: SunEC
at sun.security.jca.GetInstance.getService(GetInstance.java:83)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:697)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
... 5 more
The text was updated successfully, but these errors were encountered: