Data360 Analyze

 View Only

  • 1.  REST API with https enabled on Analyze server in Google Cloud

    Posted 09-24-2020 05:52

    Hello

    Following support query 161057, we successfully activated https access to our D360 Analyze server in the Google Compute platform.

    We can access Analyze on the server from our local browsers using https, and do our design work as normal.

    However, now we are having trouble using the Analyze REST API.

    1. We have a Red Hat Linux server VM instance running the D360 Server (v3.6.1) in the Google Cloud
    2. We have a client Linux VM (also inside the Google Cloud) from where we want to invoke the D360 REST API to run Analyze flows
    3. Before the D360 server was changed from http to https, our Python script to invoke the REST API ran successfully.
    4. After https was enabled, we are getting the following error:

    Here's the Python 3 code I'm using to obtain a token, with the error trace below:

    from urllib.parse import urlencode
    from urllib.request import Request, urlopen
    url='https://10.154.15.232:8443/login/rest'
    post_fields = {"username":"xxx","password":"xxx"}
    request = Request(url=url,data=urlencode(post_fields).encode('utf-8'), headers={})
    response = urlopen(request).read().decode()
    Traceback (most recent call last):
    File "/usr/lib/python3.5/urllib/request.py", line 1285, in do_open
    h.request(req.get_method(), req.selector, req.data, headers)
    File "/usr/lib/python3.5/http/client.py", line 1145, in request
    self._send_request(method, url, body, headers)
    File "/usr/lib/python3.5/http/client.py", line 1190, in _send_request
    self.endheaders(body)
    File "/usr/lib/python3.5/http/client.py", line 1141, in endheaders
    self._send_output(message_body)
    File "/usr/lib/python3.5/http/client.py", line 945, in _send_output
    self.send(msg)
    File "/usr/lib/python3.5/http/client.py", line 888, in send
    self.connect()
    File "/usr/lib/python3.5/http/client.py", line 1299, in connect
    server_hostname=server_hostname)
    File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket
    _context=self)
    File "/usr/lib/python3.5/ssl.py", line 760, in __init__
    self.do_handshake()
    File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake
    self._sslobj.do_handshake()
    File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake
    self._sslobj.do_handshake()
    ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)

    I have enabled port 8443 for tcp traffic. I have also exported a self-signed CA certificate from the D360 Analyze server, which I then imported into the Linux client box's certificate store.

    How to fix the SSL error?



  • 2.  RE: REST API with https enabled on Analyze server in Google Cloud

    Employee
    Posted 09-24-2020 06:03

    Is the REST API endpoint using an internal CA or a self-signed cert? If so, that cert would need to be exported and imported into Analyze's embedded Java's cacerts. The cacerts file is located at <Analyze install>/jre/jre/lib/security/cacerts. It sounds like this was done in one direction (Analyze cert at REST API endpoint) but not the other direction.



  • 3.  RE: REST API with https enabled on Analyze server in Google Cloud

    Posted 09-24-2020 06:38

    As part of the conversion from http to https, my colleague had imported a self-signed cert into Analyze's embedded Java cacerts per these instructions: https://d3sa-preview.infogixsaas.com/docs/dist/help/Default.htm#j-admin/enabling-https.htm

    We were able to connect from our browsers to the Analyze server and do our design, but when I tried to invoke the REST API, I got the error I showed before.

    So then I thought maybe we need to generate a self-signed CA certificate on the Analyze server (using openssl) and import that into the local machine. 

    Are you saying that I need to import this newly generated cert into the Java store? I hope it won't destroy the existing certificate in the Java store?