Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

DEPTH_ZERO_SELF_SIGNED_CERT error

360 views
Skip to first unread message

François Noah

unread,
Apr 4, 2023, 8:57:50 AM4/4/23
to OpenWISP
hello,
i'am trying to use openwisp-wifi-login-pages but i get zrror below 

[ERROR 2023-04-04 13:30:39:3039] {
[0]   error: Error: self signed certificate
[0]       at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
[0]       at TLSSocket.emit (node:events:520:28)
[0]       at TLSSocket.emit (node:domain:475:12)
[0]       at TLSSocket._finishInit (node:_tls_wrap:944:8)
[0]       at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
[0]     code: 'DEPTH_ZERO_SELF_SIGNED_CERT',
[0]     config: {
[0]       transitional: [Object],
[0]       adapter: [Function: httpAdapter],
[0]       transformRequest: [Array],
[0]       transformResponse: [Array],
[0]       timeout: 2000,
[0]       xsrfCookieName: 'XSRF-TOKEN',
[0]       xsrfHeaderName: 'X-XSRF-TOKEN',
[0]       maxContentLength: -1,
[0]       maxBodyLength: -1,
[0]       validateStatus: [Function: validateStatus],
[0]       headers: [Object],
[0]       method: 'post',
[0]       url: 'http://api.build.lab/api/v1/radius/organization/default/account/',
[0]       data: '{"email":"te...@test.com","username":"te...@test.com","password1":"azerty","password2":"azerty"}'
[0]     },



I want to know which certificate is used by openwisp-wifi-login-pages ? is it a bug ? anyone know how i can solve it ?


Federico Capoano

unread,
Apr 4, 2023, 10:33:57 AM4/4/23
to open...@googlegroups.com
This is the error: Error: self signed certificate.

For production usage you need a valid SSL certificate.

Best regards
Federico


--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/7aaa8eed-d857-4c50-81e0-cecee6f1e4c0n%40googlegroups.com.
Message has been deleted
Message has been deleted

Federico Capoano

unread,
Apr 4, 2023, 1:52:24 PM4/4/23
to open...@googlegroups.com
I never ran into this issue when testing locally. I think it's because docker-openwisp is not meant for testing locally and it pushes you to use HTTPS, for which you do not have a valid certificate and for that reason nodeJS complains when used through wifi-login-pages.

To test wifi-login-pages locally I have my dev org YAML file which points to a local development instance of openwisp-radius (also running on HTTP) and I run:

yarn setup
yarn start

Instructions for running openwisp-radius for development are here: https://openwisp-radius.readthedocs.io/en/latest/developer/setup.html#installing-for-development

Alternatively, if you need to continue using docker-openwisp for freeradius and openwisp-radius, I think you would need to change the code of the server side part of openwisp-wifi-login-pages to ignore the SSL warning:

I hope this helps!

Best regards
Federico Capoano

On Tue, 4 Apr 2023 at 13:38, François Noah <fran...@gmail.com> wrote:
it is not for production , i need to test it on my computer.  
i created a self signed certificate and 
i store certificate on my computer and on my docker container ( i use openwisp-docker)
but i still have the same error 

eap eap-irecycle {
    default_eap_type = ttls
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = ${max_requests}

    tls-config tls-common {
        # make sure to have a valid SSL certificate for production usage
        private_key_password = whatever
        private_key_file = /etc/ssl/private/example.key
        certificate_file = /etc/ssl/certs/example.pem
        ca_file = /etc/ssl/certs/example.crt
        dh_file = ${certdir}/dh
        ca_path = ${cadir}
        cipher_list = "DEFAULT"
        cipher_server_preference = no
        ecdh_curve = "prime256v1"

        cache {
            enable = no
        }

        ocsp {
            enable = no
            override_cert_url = yes
            url = "http://127.0.0.1/ocsp/"
        }
    }

    ttls {
        tls = tls-common
        default_eap_type = pap
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        virtual_server = "inner-tunnel_irecycle"
    }
}

François Noah

unread,
Apr 4, 2023, 2:46:09 PM4/4/23
to open...@googlegroups.com
thanks for yours awnsers, it will help me.
my instance of wifi-login-pages and  openwisp docker run on the same computer . my question is which cetificate is checkeed by wifi-login-page ?where is it stored.
i created a self signed certificate linked to my ip 192.168.1.157 (build.lab)  adn i saved it to /etc/ssl/cert and /ect/ssl/private (for private key)
do you have any idea where i have to save my certificate ?

regards

François NOAH

Federico Capoano

unread,
Apr 4, 2023, 2:48:32 PM4/4/23
to open...@googlegroups.com

Sorab Kumar

unread,
Apr 18, 2024, 8:58:09 AM4/18/24
to OpenWISP
can you please elaborate how can we disable ssl so that can get rid of this error, I have installed openwisp wifi login pages from git, I am not using docker, but still getting error
Reply all
Reply to author
Forward
0 new messages