[Thread Prev][Thread Next][Index]

Re: [ferret_users] TLS SSL Error



Thank you Ryo for the test results.

I already verified with the vendor (DigiCert), tool that the certificate is installed correctly. But I'm beginning to think that there is something else that might be causing this problem.

The diagnostic you obtained from wget seems to point to the chain file. I'll verify that by comparing ours with what is currently available on the vendor's site.

Funny... I tried using wget myself, and it didn't object. Maybe I have an older version in play.

On Wed, Feb 23, 2022 at 8:07 PM Ryo Furue <furue@xxxxxxxxxx> wrote:
Dear Russell,

On Thu, Feb 24, 2022 at 5:51 AM Russell Price - NOAA Federal <russell.price@xxxxxxxx> wrote:
Hello,

Workstation system details: Redhat Linux 8.5 / kernel 4.18.0-348.12.2.el8_5.x86_64 / Python 3.9 / PyFerret 7.6.4

In attempting to access the following data set:


I get the following error:

Error:curl error: SSL peer certificate or SSH remote key was not OK
curl error details:
Warning:oc_open: Could not read url
 **netCDF error
             NetCDF: I/O failure (OPeNDAP/netCDF Error code -68)
             Data set: https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly

I've verified that the host site has the certificate and certificate chain installed correctly, and the cert is not out-of-date or blacklisted.


This is the error message I get when trying to open the dataset via netCDF library:

syntax error, unexpected WORD_WORD, expecting SCAN_ATTR or SCAN_DATASET or SCAN_ERROR
context: <!DOCTYPE^ HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /erddap/griddap/CRW_sst_v3_1_monthly.ddson this server.</p></body></html>
ERROR: LoadError: NetCDF error: Opening path https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly: NetCDF: Access failure (NetCDF error code: -77)


(I'm using netCDF library on Julia, but Julia is just printing the error message from the netCDF library. I don't know what version of netCDF library this is.)

Here is what I got when getting the contents of the URL using wget:

$ wget "https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly"
--2022-02-24 15:00:01--  https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly
Resolving oceanwatch.pifsc.noaa.gov (oceanwatch.pifsc.noaa.gov)... 205.156.57.205
Connecting to oceanwatch.pifsc.noaa.gov (oceanwatch.pifsc.noaa.gov)|205.156.57.205|:443... connected.
ERROR: cannot verify oceanwatch.pifsc.noaa.gov's certificate, issued by ‘CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
To connect to oceanwatch.pifsc.noaa.gov insecurely, use `--no-check-certificate'


When I specified  --no-check-certificate, wget downloaded an HTML file, which I don't know is the correct one or not.

I've tested another OPeNDAP URL, which works both for Julia and wget.

So, my guess is that the server is broken in one way or another.

Regards,

Ryo
 

I can access the site fine with FireFox, Google Chrome, and Microsoft Explorer and Edge.

An older version of Ferret (7.5, running on CentOS 7.9 kernel 3.10.0-1160.53.1.el7.x86_64). doesn't have any issues with the site.

Can anyone provide guidance on what is going wrong here, and how to fix it? Or get around it....

Thank you,

Russell

--
Russell Price, UNIX Systems Administrator
Pacific Islands Fisheries Science Center
Information Technology Services, 3rd Floor, IRC
6AM-3:30PM M-Th; 6AM-2:30PM Fri / Out on Alt. Fri.
808-725-5312


--
Russell Price, UNIX Systems Administrator
Pacific Islands Fisheries Science Center
Information Technology Services, 3rd Floor, IRC
6AM-3:30PM M-Th; 6AM-2:30PM Fri / Out on Alt. Fri.
808-725-5312

[Thread Prev][Thread Next][Index]
Contact Us
Dept of Commerce / NOAA / OAR / PMEL / Ferret

Privacy Policy | Disclaimer | Accessibility Statement