https://www.ssllabs.com/ssltest/analyze.html?d=www.telecontrolnet.nl
Uplink test results in:
"javax.net.ssl.SSLException hostname in certificate didn't match: != OR OR"
Beste antwoord door Infra
Bekijk origineel
Test uplink error: javax.net.ssl.SSLException hostname in certificate didn't match: != OR OR
Can anyone explain what this error means? According to SSLtest the site has a valid certificate and supports TLS 1.2
https://www.ssllabs.com/ssltest/analyze.html?d=www.telecontrolnet.nl
Uplink test results in:
"javax.net.ssl.SSLException hostname in certificate didn't match: != OR OR"
https://www.ssllabs.com/ssltest/analyze.html?d=www.telecontrolnet.nl
Uplink test results in:
"javax.net.ssl.SSLException hostname in certificate didn't match: != OR OR"
We have exactly the same errormessage, and also a valid (PCI DSS) SSL certificate.
I get this error if I try to send a payload in the developer portal.
Our problem is that we see data coming in from our LoRa sensors in the developer portal, but absolutely nothing in our application.
I read somewhere that SNI is not supported. Of course our webserver/proxy that receives the KPN messages hosts multiple (sub)domains, so SNI is required from the KPN side.
I hope anyone has a solution to this problem.
I get this error if I try to send a payload in the developer portal.
Our problem is that we see data coming in from our LoRa sensors in the developer portal, but absolutely nothing in our application.
I read somewhere that SNI is not supported. Of course our webserver/proxy that receives the KPN messages hosts multiple (sub)domains, so SNI is required from the KPN side.
I hope anyone has a solution to this problem.
Can anyone @KPN acknowledge this issue please?
Well, I managed to get data into our backend!
The webserver does host multiple SSL sites and/or proxies.
I manually changed all the vhosts files and added a proxy to the application server backend.
I then tested ALL these URL's with the "test uplink" function in the developer portal.
It appears that the FIRST SSL vhost created on the webserver works. NO SSL errors anymore.
Of course, this is only a temporary solution for us.
I really think that this is an SNI problem in the KPN developer portal, which is fixed soon I hope!
Does this problem also exist for the ThingPark portal?
The webserver does host multiple SSL sites and/or proxies.
I manually changed all the vhosts files and added a proxy to the application server backend.
I then tested ALL these URL's with the "test uplink" function in the developer portal.
It appears that the FIRST SSL vhost created on the webserver works. NO SSL errors anymore.
Of course, this is only a temporary solution for us.
I really think that this is an SNI problem in the KPN developer portal, which is fixed soon I hope!
Does this problem also exist for the ThingPark portal?
Reputatie 7
+11
Thanks for your posts, I'll verify this with our supplier.
Can it be the case the old certificate is still installed?
Can it be the case the old certificate is still installed?
Like
Any Java developer with SSL/SNI knowledge or the ability to look up the solution on for example stackexchange can solve this problem 🆒,
SNI is supported by Java clients (JSSE) since version 7 (2011, http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html):
"Server Name Indication (SNI) for JSSE client: The Java SE 7 release supports the Server Name Indication (SNI) extension in the JSSE client. SNI is described in RFC 4366. This enables TLS clients to connect to virtual servers."
Is it possible to give an ETA when this problem is solved in the developer portal?
And confirmation - as we don't use the ThingPark portal yet - that this problem does not exist in the ThingPark portal?
Reputatie 7
+11
Thanks for all the feedback! :)
I'll have this examined by specialists and/or the supplier. It's hard to give an ETA, but let's say I'll try my best to give you clearness asap, probably on monday or tuesday.
I'm not aware of this problem exist in ThingPark.
I'll have this examined by specialists and/or the supplier. It's hard to give an ETA, but let's say I'll try my best to give you clearness asap, probably on monday or tuesday.
I'm not aware of this problem exist in ThingPark.
I'll have this examined by specialists and/or the supplier. It's hard to give an ETA, but let's say I'll try my best to give you clearness asap, probably on monday or tuesday.
That's fine with me.
I will keep the 4 (sub)domains I used for testing active, so once fixed, it will be very easy to verify that it is working as expected. I guess
I'm not aware of this problem exist in ThingPark.
Great!
Also fine with me and I will indeed be able to verify if the fix works. Thanks in advance.
Reputatie 7
+11
Unfortunately SSL is not supported by a REST post (this is used to send a message to the server to the client). This is why get SNI users are getting an error.
This will mean that the platform must be upgraded to support this feature. We do expect an update from the supplier by the end of this month. When more information is available, like an ETA, I'll post an update.
As there won't be a fix available very soon. I'm happy to extend your trial period so your accounts won't expire. Please contact me for this.
This will mean that the platform must be upgraded to support this feature. We do expect an update from the supplier by the end of this month. When more information is available, like an ETA, I'll post an update.
As there won't be a fix available very soon. I'm happy to extend your trial period so your accounts won't expire. Please contact me for this.
Due to some troubles on the LoRa nodes I am using I didn't use the developers portal the last month.
When I tried to test the uplink message I got the same SSL error.
A check with Yourhosting showed that their SSL implementation works.
From the above I got the impression that this error is a new one, but it shure worked flawless one month ago.
Can this be confirmed?
As my trial period is about to end I would love to get it extended.
When I tried to test the uplink message I got the same SSL error.
A check with Yourhosting showed that their SSL implementation works.
From the above I got the impression that this error is a new one, but it shure worked flawless one month ago.
Can this be confirmed?
As my trial period is about to end I would love to get it extended.
Reputatie 7
+11
Before, the test uplink didn't use SSL. We noticed many users had a working application server setup with the test uplink, But when connecting LoRa devices, SSL will be used and some setups dind't work anymore.
We introduced SSL for the test uplink so there is no difference when using LoRa devices.
The workaround for now is that the certificate used for the lora device must be placed at the top of the webservice like users@Infra and @IAS also found out.
We introduced SSL for the test uplink so there is no difference when using LoRa devices.
The workaround for now is that the certificate used for the lora device must be placed at the top of the webservice like users
Server returned HTTP response code -1
Response info:
URL not reachable for 10 times.. escaping
When I use the exact URL in other POST tests (like http://www.hurl.it) then I see the POST message coming through to the application server. I've checked many times for typo's, and while the destination URL provided to the development portal is definitely reachable, messages from the developer portal aren't coming through.
When I tried the connection this morning I experienced the same, however using the url via a browser gave the expected result.
Reputatie 3
+1
Awesome @Jeroen10 ! Resetting the counter in de developer portal solved this issue. Thanks!
Reputatie 7
+11
Very clever @Jeroen10 , thanks! I've highlighted your post.
Perhaps more users face this problem while setting up the application server 😳
Perhaps more users face this problem while setting up the application server 😳
After a lng struggle with managed hosting I succeeded in getting a first Lora device (Seeeduino LoraWAN /GPS) operation at the KPN network without any problems.
I must admit, I got my learning curve with TTN (thanks for that).
Comparing TTN LoraWAN, KPN LoraWAN and Sigfox I notice that with TTN and Sigfox I'm unable to get indoor coverage. With KPN I have indoor coverage SF12 - SF10.
Location is Hengelo (7558RN)
I must admit, I got my learning curve with TTN (thanks for that).
Comparing TTN LoraWAN, KPN LoraWAN and Sigfox I notice that with TTN and Sigfox I'm unable to get indoor coverage. With KPN I have indoor coverage SF12 - SF10.
Location is Hengelo (7558RN)
Reputatie 7
+11
Great to hear you've got indoor coverage! 😃 Thanks for sharing
Reputatie 1
I'm experiencing trouble when using an endpoint hosted on Amazon's AWS API Gateway.
Response info:
Error in sending rest post to developer url https://xxxxx.execute-api.eu-central-1.amazonaws.com/test/lora, for device xxxxxxxx, payloadhex 000000. Error details: javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
From reading above posts, the most probable cause is the improper support for SNI by KPN, is that a correct assumption?
Response info:
Error in sending rest post to developer url https://xxxxx.execute-api.eu-central-1.amazonaws.com/test/lora, for device xxxxxxxx, payloadhex 000000. Error details: javax.net.ssl.SSLHandshakeException Received fatal alert: handshake_failure
From reading above posts, the most probable cause is the improper support for SNI by KPN, is that a correct assumption?
Reputatie 7
+6
Hi Tonb,
As we already discussed in our private conversation the problem is indeed caused by the lack of support for SNI.
This will solved by the next update of the Developer portal. I am waiting for the answer from the developers with the date of releasing the new update.
As we already discussed in our private conversation the problem is indeed caused by the lack of support for SNI.
This will solved by the next update of the Developer portal. I am waiting for the answer from the developers with the date of releasing the new update.
Is there any news about the SNI update?
It has been 3 months already...
It has been 3 months already...
Reputatie 7
+6
Hi @Infra
After my last post in this topic, I did not get a new update from the developers. I will immediately report back and ask for the release date of the new update (including support of SNI).
After my last post in this topic, I did not get a new update from the developers. I will immediately report back and ask for the release date of the new update (including support of SNI).
Reputatie 7
+6
Hi @Infra ,
First, I want to apologize for my very late answer.
This morning I discussed this again with the developers, but we still can't determine a date that the update will be pushed.
I can imagine that this answer isn't satisfying at all 😟 I will keep pushing with my colleagues to get the update as soon as possible.
First, I want to apologize for my very late answer.
This morning I discussed this again with the developers, but we still can't determine a date that the update will be pushed.
I can imagine that this answer isn't satisfying at all 😟 I will keep pushing with my colleagues to get the update as soon as possible.
Reageer
Meld je aan
Heb je al een account? Inloggen
Welkom
Nog geen account? Maak een account aan
Inloggen of registreren met sociaal netwerk
Inloggen met Facebook Login with LinkedInof
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
