XNAT Desktop Client SSL error

[dr.ka...@gmail.com]

We're trying to use the XNAT Desktop Client (v3.0.0) to upload images, and we're getting SSL errors. From the upload log:

UNABLE_TO_VERIFY_LEAF_SIGNATURE: [URL: https://xxxxx.edu/xxxxx/data/services/import?import-handler=DICOM-zip...] unable to verify the first certificate

I'm able to connect to our XNAT instance, and choose a project, choose a subjectID/sessionID, and run the anonymization profile. It's only on the actual upload step that we get this failure. Any ideas on this? I also see in the settings there's a column for "Allow insecure SSL", and the documentation shows a checkmark there in one of the examples, but I don't see a way to edit this...

Thanks,

James

[dr.ka...@gmail.com]

(And for clarity, this is a valid SSL certificate- not self-signed)

[Herrick, Rick]

That’s almost certainly something going on with the server or in the configuration(s) between the server and the client (e.g. front-end proxy like nginx doing SSL termination). It looks like you’re seeing some variation on this issue but I have no idea why it’s only happening for that particular call.

 

Under the covers, the desktop client runs on top of Electron, which is itself a node.js wrapper around Chromium. The version of Chromium in there is fairly old (Electron 3.1.13, which uses Chromium 66.0.3359.181) but not so old that it should work inconsistently with the same certificate chain.

 

-- 

Rick Herrick

XNAT Architect/Developer

Computational Imaging Laboratory

Washington University School of Medicine

 

 

From: xnat_di...@googlegroups.com <xnat_di...@googlegroups.com> on behalf of dr.ka...@gmail.com <dr.ka...@gmail.com>
Date: Thursday, June 23, 2022 at 10:19 AM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Re: XNAT Desktop Client SSL error

* External Email - Caution *

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/12ccaae8-143c-4766-a88e-61bef9c3a5abn%40googlegroups.com.

 

---

The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[dr.ka...@gmail.com]

Thanks for the feedback, Rick. Our NGINX was configured with only the primary SSL cert, and after updating out setup to include the intermediate certs, uploads are happening fine.