We've Moved! Please visit our new and improved forum over at our new portal: https://portal.plumvoice.com/hc/en-us/community/topics

certificate verify failed

Questions and answers about IVR programming for Plum DEV

Moderators: admin, support

Post Reply
svu
Posts: 5
Joined: Wed Jun 03, 2015 8:51 am

certificate verify failed

Post by svu »

I am getting this error in the logs:

Error fetching document https://demo-ivr-api.loopbackanalytics. ... /Recording due to SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DocumentParser::FetchBuffer - could not open URL: https://demo-ivr-api.loopbackanalytics. ... /Recording
DocumentParser::FetchDocument - exiting with error result 2
errno: 203 uri https://demo-ivr-api.loopbackanalytics. ... /Recording


I have verified that it works from any browser.

Any ideas?

scott

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: certificate verify failed

Post by support »

Hi Scott,

When we try to access that url from our browser we are getting an untrusted certificate error.

The error from chrome:

Code: Select all

You attempted to reach demo-ivr-api.loopbackanalytics.com, but instead you actually reached a server identifying itself as *.loopbackllc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of demo-ivr-api.loopbackanalytics.com.
Same issue from firefox:

Code: Select all

demo-ivr-api.loopbackanalytics.com uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided. The certificate is only valid for the following names: *.loopbackllc.com, loopbackllc.com (Error code: sec_error_unknown_issuer)
It appears as though the certificate is not correctly configured and therefore we are seeing their error when accessing this url from the web.

This is most certainly what is causing the platform to fail to fetch the url.

Please let us know if you have any questions.

Regards,
Plum Support

svu
Posts: 5
Joined: Wed Jun 03, 2015 8:51 am

Re: certificate verify failed

Post by svu »

I was doing some testing, so that is why you were getting that. I put back the correct certs and I do not have any problems with chrome, ie, or firefox. Still getting this error:

Error fetching document https://ivr-api.loopbackanalytics.com/v ... inCodeNav2 due to SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
VXI::FetchXML - could not open URL: https://ivr-api.loopbackanalytics.com/v ... inCodeNav2
errno: 203 uri https://ivr-api.loopbackanalytics.com/v ... inCodeNav2

svu
Posts: 5
Joined: Wed Jun 03, 2015 8:51 am

Re: certificate verify failed

Post by svu »

also, I have verified this with other ssl cert verification sites:

https://www.sslshopper.com/ssl-checker. ... ytics.com/

https://www.digicert.com/help/

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: certificate verify failed

Post by support »

Hi Scott,

Thank you for providing that information.

We are currently taking a look into why the certificates are failing to verify and will reply shortly when we have identified the cause. We appreciate your patience while our investigation is still ongoing.

Regards,
Plum Support

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: certificate verify failed

Post by support »

Hi Scott,

Thank you for your patience.

It seems that there is some incompatibility between the certificates you are using and the version of openssl we are using in our platform. We already have in place a plan to upgrade openssl in our environment and have confirmed that this newer version does work correctly with your certificates, but this is a process that could take an additional 4-6 months to fully test and implement.

In the interim, we suggest using the certverifypeer property to turn off certification verification for your HTTPS connections.

We apologize for the inconvenience and would be happy to update you whenever the newer openssl is in place.

Regards,
Plum Support

Post Reply