Adding certificate to OPAL

[Iago Giné Vázquez]

Dear all,

After upgrading Opal from v4.2.8 to last version Opal server address has changed from http://localhost:8080 to https://localhost:8443. With this change, when I try now to access to Opal through R and opalr with opal.login and the new url I get an issue such as:

Error in curl::curl_fetch_memory(url, handle = handle) :
  SSL peer certificate or SSH remote key was not OK: [scpdopal01:8443] schannel: SEC_E_UNTRUSTED_ROOT (0x80090325)

It seems as if I should add a certificate to Opal. Is that the issue? In that case, which is the process to add a certificate?

Thank you! 

[Yannick Marcon]

Hi,

By default Opal makes a self-signed certificate, so that the HTTPS entry point is functional. But this is not secure (potential middle-man attack) and must not be used in production.

Accessing via https://localhost:8443 is ok because it is localhost, and opalr will automatically add the options: list(ssl_verifyhost=FALSE, ssl_verifypeer=FALSE)

But apparently you are accessing via https://scpdopal01:8443 You can still try providing the SSL options mentioned above but this is not secure.

Although a valid key pair can be uploaded to Opal, the recommended and simplest solution is to access opal via a reverse proxy (apache or nginx). See documentation:

https://opaldoc.obiba.org/en/latest/admin/configuration.html#reverse-proxy-configuration

Regards

Yannick

--
You received this message because you are subscribed to the Google Groups "obiba-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obiba-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/obiba-users/CACYr1Kz5exktWuO9j%2BK_dmScNZwZUdFiSknTSz0Ucah6s_KHzQ%40mail.gmail.com.