View Issue Details

IDProjectCategoryView StatusLast Update
0000113easycwmpQuestionpublic2016-01-26 11:13
Reporterswcims Assigned Tomohamed.kallel  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionno change required 
PlatformOpenWRTOSLinux 
Summary0000113: How to set ssl related configuration in easycwmp?
DescriptionI want to test SSL encryption and certificate in easycwmp.
I have set ACS url with "https://", but don't know how to configure the "ssl_cert", "ssl_cacert" and "ssl_verify" options.
In openwrt, there are /etc/uhttpd.crt and /etc/uhttpd.key files, they work properly for https visiting.
Can I use them for easycwmp?How to configue in easycwmp?
Is there any example to configure these options?
Thanks!
TagsNo tags attached.
e-mail notification

Activities

mohamed.kallel

2016-01-13 09:36

administrator   ~0000374

you have to configure the following parameters in your easycwmp config file:
easycwmp.@acs[0].ssl_cert : path of the ssl cert file
easycwmp.@acs[0].ssl_cacert : path of the ssl cacert file
easycwmp.@acs[0].ssl_verify : should be set to enabled value if you wan easycwmp make ssl peer verification otherwise the easycwmp will not make the ssl peer verification

swcims

2016-01-13 09:56

reporter   ~0000375

Hi Manager,
  I configure them as following:
  easycwmp.@adcs[0].ssl_cert='/ect/uhttpd.cert'
  easycwmp.@acs[0].ssl_cacert='/ect/uhttpd.cert'
  easycwmp.@acs[0].ssl_verify='1'
  restart easycwmpd, it displayed: unable to use client certificate (no key found or wrong pass ph rase?)
  If I only configured
  easycwmp.@acs[0].ssl_verify='1'
  It displayed: ssl problem:self signed certificate in certificate chain
  Would you please provide your advice? Thanks!

mohamed.kallel

2016-01-13 10:28

administrator   ~0000376

for easycwmp.@acs[0].ssl_verify='1'
it should be easycwmp.@acs[0].ssl_verify='enabled'

swcims

2016-01-13 11:11

reporter   ~0000377

Yes, I set "enabled" in /etc/config.(It will interpret to be '1' )
Would you please provide advice for the error messages? Thanks!

mohamed.kallel

2016-01-13 11:29

administrator   ~0000378

There is some improvement that I can do concerning the ssl part. But I can not do it right now since I m involved on other issues. You can refer to our commercial services to get a quick improvement for this issue or you can play wil libcurl options to get the ssl working.

swcims

2016-01-13 11:59

reporter   ~0000379

Got it, thanks!

swcims

2016-01-19 05:20

reporter   ~0000380

Modified curl and fixed.

mohamed.kallel

2016-01-19 09:07

administrator   ~0000383

Last edited: 2016-01-19 09:50

Could you please share what you have modified

swcims

2016-01-26 10:53

reporter   ~0000390

Actually, curl-7.43.0 can resolve this issue.

Issue History

Date Modified Username Field Change
2016-01-13 08:47 swcims New Issue
2016-01-13 09:36 mohamed.kallel Note Added: 0000374
2016-01-13 09:56 swcims Note Added: 0000375
2016-01-13 10:28 mohamed.kallel Note Added: 0000376
2016-01-13 11:11 swcims Note Added: 0000377
2016-01-13 11:29 mohamed.kallel Note Added: 0000378
2016-01-13 11:59 swcims Note Added: 0000379
2016-01-19 05:20 swcims Note Added: 0000380
2016-01-19 09:07 mohamed.kallel Note Added: 0000383
2016-01-19 09:50 mohamed.kallel Note Edited: 0000383
2016-01-26 10:53 swcims Note Added: 0000390
2016-01-26 11:13 mohamed.kallel Status new => resolved
2016-01-26 11:13 mohamed.kallel Resolution open => no change required
2016-01-26 11:13 mohamed.kallel Assigned To => mohamed.kallel