[Thread Prev][Thread Next][Index]

Re: [ferret_users] TLS SSL Error



Ryo,

Thank you for pointing me in the right direction with your wget error.

Though the Digicert site checker tool said that everything was correct for the cert chain on our Oceanwatch proxy, I downloaded and checked their current intermediate cert against the one we were using. They were different.

I replaced the older (2020), intermediate cert from DigiCert with the new one. PyFerret works now.

Thanks again, Sir!

Sincerely,

Russell

On Wed, Feb 23, 2022 at 8:07 PM Ryo Furue <furue@xxxxxxxxxx> wrote:
Dear Russell,

On Thu, Feb 24, 2022 at 5:51 AM Russell Price - NOAA Federal <russell.price@xxxxxxxx> wrote:
Hello,

Workstation system details: Redhat Linux 8.5 / kernel 4.18.0-348.12.2.el8_5.x86_64 / Python 3.9 / PyFerret 7.6.4

In attempting to access the following data set:


I get the following error:

Error:curl error: SSL peer certificate or SSH remote key was not OK
curl error details:
Warning:oc_open: Could not read url
 **netCDF error
             NetCDF: I/O failure (OPeNDAP/netCDF Error code -68)
             Data set: https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly

I've verified that the host site has the certificate and certificate chain installed correctly, and the cert is not out-of-date or blacklisted.


This is the error message I get when trying to open the dataset via netCDF library:

syntax error, unexpected WORD_WORD, expecting SCAN_ATTR or SCAN_DATASET or SCAN_ERROR
context: <!DOCTYPE^ HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /erddap/griddap/CRW_sst_v3_1_monthly.ddson this server.</p></body></html>
ERROR: LoadError: NetCDF error: Opening path https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly: NetCDF: Access failure (NetCDF error code: -77)


(I'm using netCDF library on Julia, but Julia is just printing the error message from the netCDF library. I don't know what version of netCDF library this is.)

Here is what I got when getting the contents of the URL using wget:

$ wget "https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly"
--2022-02-24 15:00:01--  https://oceanwatch.pifsc.noaa.gov/erddap/griddap/CRW_sst_v3_1_monthly
Resolving oceanwatch.pifsc.noaa.gov (oceanwatch.pifsc.noaa.gov)... 205.156.57.205
Connecting to oceanwatch.pifsc.noaa.gov (oceanwatch.pifsc.noaa.gov)|205.156.57.205|:443... connected.
ERROR: cannot verify oceanwatch.pifsc.noaa.gov's certificate, issued by ‘CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
To connect to oceanwatch.pifsc.noaa.gov insecurely, use `--no-check-certificate'


When I specified  --no-check-certificate, wget downloaded an HTML file, which I don't know is the correct one or not.

I've tested another OPeNDAP URL, which works both for Julia and wget.

So, my guess is that the server is broken in one way or another.

Regards,

Ryo
 

I can access the site fine with FireFox, Google Chrome, and Microsoft Explorer and Edge.

An older version of Ferret (7.5, running on CentOS 7.9 kernel 3.10.0-1160.53.1.el7.x86_64). doesn't have any issues with the site.

Can anyone provide guidance on what is going wrong here, and how to fix it? Or get around it....

Thank you,

Russell

--
Russell Price, UNIX Systems Administrator
Pacific Islands Fisheries Science Center
Information Technology Services, 3rd Floor, IRC
6AM-3:30PM M-Th; 6AM-2:30PM Fri / Out on Alt. Fri.
808-725-5312


--
Russell Price, UNIX Systems Administrator
Pacific Islands Fisheries Science Center
Information Technology Services, 3rd Floor, IRC
6AM-3:30PM M-Th; 6AM-2:30PM Fri / Out on Alt. Fri.
808-725-5312

[Thread Prev][Thread Next][Index]
Contact Us
Dept of Commerce / NOAA / OAR / PMEL / Ferret

Privacy Policy | Disclaimer | Accessibility Statement