How to establish secure connection to Nx server using curl command from local?
AnsweredHi.
I would like to know how can I establish secure connection to Nx server using curl command?
I want to do...
Enable insecureApi for Nx 5.1 like below,
{"error":"4","errorId":"forbidden","errorString":"Bearer authorization is allowed for secure connections only."}
So Could you kindly guide me how to establish secure connection to Nx server 5.1?
Thank you very much.
-
Hello,
Please read the Authentication section in our documentation
https://meta.nxvms.com/doc/developers/api-tool/main?type=1&system=4
Please, see code examples in our public repo.
https://github.com/networkoptix/nx_open_integrations/tree/master/python/examples/authentication
-
Hi Andrey Terentyev.
Thank you for your message but links that you provided are not what I request.
I already succeed to get session token and access to almost of all nx server api.
But I should make secure connection (TLS/SSL) to access to some of endpoints on nx server api.
https://localhost:7001/rest/v2/system/settings is a one of them.
So I want to know how to make TLS/SSL connection to Nx server from a client.
On sample code that you provided as below.
it specifies as "verify=False", so that connection is not a TLS/SSL connection.
https://github.com/networkoptix/nx_open_integrations/tree/master/python/examples/authentication
Could you guide me how to establish TLS/SSL connection to Nx server?
Thank you very much.
-
Makoto Ogata san,
it specifies as "verify=False", so that connection is not a TLS/SSL connection.
"verify=False" instructs not to verify digital certificate when TSL/SSL session is established. By default, the Server uses self-signed digital certificate. To permit connections using this certificate, the parameter was passed.
-
HI Andrey Terentyev.
Sorry for late response.
>>"verify=False" instructs not to verify digital certificate when TSL/SSL session is established. By default, the Server uses self-signed digital certificate. To permit connections using this certificate, the parameter was passed.
I know. Where is proper CA file for self-signed certicate file?
I thought /opt/networkoptix/mediaserver/var/ssl/default.pem is the one but HTTPS request is failed with below curl command.
curl --cacert /opt/networkoptix/mediaserver/var/ssl/default.pem -X PATCH 'https://localhost:7001/rest/v2/system/settings' -H '
accept: */*' -H 'Content-Type: application/json' -H 'Authorization: xxxxxx' -d '{"insecureDeprecatedApiInUseEnabled":true}'
But I got below error{"error":"4","errorId":"forbidden","errorString":"Bearer authorization is allowed for connections only."}
In python3 requests case, script is like below.
import requests
headers = {
'accept': '*/*',
'Content-Type': 'application/json',
'Authorization': 'vms-e19e01818d271ac30c7e1b115d3dc2cd-jjTgeHdvgY',
}
json_data = {
'insecureDeprecatedApiInUseEnabled': True,
}
try:
response = requests.patch(
'https://localhost:7001/rest/v2/system/settings',
headers=headers,
json=json_data,
verify='/opt/networkoptix/mediaserver/var/ssl/default.pem',
)
except Exception as e:
print(f'ERROR: {e}')
finally:
print('DONE')And response is like..
ERROR: HTTPSConnectionPool(host='localhost', port=7001): Max retries exceeded with url: /rest/v2/system/settings (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'localhost'. (_ssl.c:1131)")))
DONECould you kindly support me how to solve this issue?
Thank you very much.
-
Hello,
As an issue I consider the one in you initial post.
So Could you kindly guide me how to establish secure connection to Nx server 5.1?
For an example, on how to establish secure connection and invoke and API see our code in public repository on GitHub.
Just replace USERNAME, PASSWORD, LOCAL_URL with your values?
Have you tried it? What's the result?
Answering your question,
Could you kindly support me how to solve this issue?
To work with the Server API via SSL using the default certificate use verify=False option.
If you need a custom certificate, you could add one. Here is the article on how to do that.
Please sign in to leave a comment.
Comments
5 comments