Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Apps
-
HD-Enabler:Wirecloud
Description
Hi,
I haven't used my mashup application in the last few weeks, but now my
NGSI query operator stopped working. After some digging and debugging,
it seems like the NGSI connection is passing the url of my context
broker through this url "https://mashup.lab.fiware.org/proxy/<cb_url>"
and here seems to be the problem. The context broker itself is working
fine when used from other applications.
The same problem seems to occur, when using the NGSI browser widget from
the marketplace.
What do I have to do to fix this?
My source looks like this:
this.ngsi_server = MashupPlatform.prefs.get('ngsi_server');
this.ngsi_proxy = MashupPlatform.prefs.get('ngsi_proxy');
var request_headers = {};
if (MashupPlatform.prefs.get('use_owner_credentials'))
{ request_headers['X-FI-WARE-OAuth-Token'] = 'true'; request_headers['X-FI-WARE-OAuth-Header-Name'] = 'X-Auth-Token'; request_headers['x-FI-WARE-OAuth-Source'] = 'workspaceowner'; }this.connection = new NGSI.Connection(this.ngsi_server,
{ use_user_fiware_token: MashupPlatform.prefs.get('use_user_fiware_token'), request_headers: request_headers, ngsi_proxy_url: this.ngsi_proxy });
var types = MashupPlatform.prefs.get('ngsi_entities').split(new
RegExp(',
s*'));
var entityIdList = [];
var attributeList = [];
var entityId;
for (var i = 0; i < types.length; i++) {
entityId =
;
entityIdList.push(entityId);
}
var options = {
flat: true,
limit: 1000,
offset: 0,
details: true,
onSuccess: function (data, details) {
for (var entityId in data)
{ MashupPlatform.wiring.pushEvent("entityOutput", JSON.stringify(data[entityId])); }if (details.count > options.offset + options.limit)
{ options.offset += options.limit; this.connection.query(entityIdList, attributeList, options); } }.bind(this),
onFailure: function (e)
};
this.connection.query(entityIdList, attributeList, options);
–
Artur Löwen
CEO
Gridhound UG (haftungsbeschränkt)
+49 179 1449189
aloewen@gridhound.de
www.gridhound.de
Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-lab-help
[Created via e-mail received from: =?UTF-8?Q?Artur_L=C3=B6wen?= <aloewen@gridhound.de>]
Activity
Álvaro,
sadly my mashup still fails to use the NGSI Query Operator to collect
data from the Orion context broker using the address
https://fiware.gridhound.de:1026/
The error is the same as before: 01/27/16 05:15:11 PM Error querying
entities from context broker server: Connection Error
Is there a way, that enables my server, the Orion context broker, to
provide the full chain? If that is the problem. I tried to use the file
with the full chain, but Orion wouldn't load it. The loaded file is
limited by Orion to 2048 Bytes, which doesn't allow more than one
certificate in a file.
Cheers
Artur
Hi Artur,
I have added the certificate for "COMODO RSA Domain Validation Secure Server CA" into the Mashup portal, so you dashboard should be working now.
Is there a way, that enables my server, the Orion context broker, to
provide the full chain? If that is the problem. I tried to use the file
with the full chain, but Orion wouldn't load it. The loaded file is
limited by Orion to 2048 Bytes, which doesn't allow more than one
certificate in a file
I have added Fermin to CC because I don't know if it's possible to configure orion to provide the full certificate chain.
Best regards.
Álvaro
Álvaro,
thank you, it is working now.
But does this mean, you would have to add every intermediate certificate
now, to get it to work? Let's say I would try to use Let's Encrypt or
any other of the bigger providers. This problem would raise with every
one of them, right? So every time, someone tries to use it, they run
with their head against the wall, with no meaningful error for the
source of the problem. And it takes quite some time to sort it out, as
in my case, until the error is found and the correct certificate is
added to the Mashup Portal.
Best regards
Artur
Álvaro,
thank you, it is working now.
Great 
But does this mean, you would have to add every intermediate certificate
now, to get it to work? Let's say I would try to use Let's Encrypt or
any other of the bigger providers. This problem would raise with every
one of them, right?
Hmm, yes and no. I have added the intermediate certificate into the Mashup portal to let you continue working without having to wait more time, but https servers MUST serve the full certificate chain, so the correct fix for this problem is configuring your orion context broker to provide the full certificate chain allowing everybody to trust your server (see this link for more details). Probably, the orion context broker needs to be modified for adding support for providing the certificate chain, I don't know because I don't work on the orion context broker (that was the point of adding Fermin to CC). Another option is to deploy your context broker using a front-end web server supporting the full https stack (e.g. Apache, nginx, ...)
So every time, someone tries to use it, they run
with their head against the wall, with no meaningful error for the
source of the problem. And it takes quite some time to sort it out, as
in my case, until the error is found and the correct certificate is
added to the Mashup Portal.
Well, you have been the firsts with those problems. So thanks for being our testers , and sorry for the waste of time 
.
Anyway, we have improved the response from the WireCloud proxy, that now provides a "better" error message:
{"description": "SSL Error", "details": "(\"bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)\",)"}
It's not perfect, but is easier now to understand that the certificate is not valid. Also take into account that the error description comes directly from python, as the SSL connection can fail for other reasons.
It's truth that after this modification we can provide a better error message for such cases in the "NGSI Source" operator, so I have created a ticket for improving this aspect .
Do you have any other suggestion for improving this scenario for the next ones?
Best regards
Artur
Best regards,
Álvaro
I have been added to this thread. However, after the
thank you, it is working now.
I understand that the issue is solved and no input from side is need. However, if I'm wrong, please ask whatever Orion specific question using StackOverflow ("fiware-orion" tag). Thanks!
Hi,
are you using some GE or fireware-lab component? If yes, my suggestion is
to look at the changelogs of the new versions.
Of course I can't check your code.
Regards,
Giuseppe
Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-lab-help