SSL Handshake Failure #54

Closed
nightops opened this Issue Apr 20, 2012 · 5 comments

Comments

Projects
None yet
2 participants

Running into it...just did a delete of the old directory, did a git clone of the repo, created the apikeys.conf and plugins.conf, and ran sudo python SiriServer.py, had it create the keys, went to my iPhone and deleted all existing profiles, emailed the new ca.pem file to myself and installed it, and still get SSL handshake failure. I'm at a loss...what is going wrong?

Owner

Eichhoernchen commented Apr 21, 2012

first, you don't need to be sudo to run SiriServer, only if you change it to a port <= 1024, default is 4443. Can you ensure that you entered https in spire, as well as the same ip/domain as you used during certificate generation on the first start (or after deleting ca.pem, server.key or server.crt from keys folder)?

K, same results even if I dont sudo it. Yup, same domain name:
https://siri.domain.com:4443

On Apr 21, 2012, at 4:28 AM, Jan
reply@reply.github.com
wrote:

first, you don't need to be sudo to run SiriServer, only if you change it to a port <= 1024, default is 4443. Can you ensure that you entered https in spire, as well as the same ip/domain as you used during certificate generation on the first start (or after deleting ca.pem, server.key or server.crt from keys folder)?


Reply to this email directly or view it on GitHub:
#54 (comment)

Owner

Eichhoernchen commented Apr 23, 2012

do you do some address rewriting when forwarding the domain?

I just added "siri" as a CNAME entry in my hosting provider. I use
no-ip.com to point it to my personal redirect so that I don't have to
use an IP address to forward the CNAME to in my hosting providers
control panel.

Net -> Siri.domain.com -> no-ip.com -> home (SiriServerCore)

Is this what you mean? Should I try just using the alias I get from no-ip.com?

On Apr 23, 2012, at 4:51 AM, Jan
reply@reply.github.com
wrote:

do you do some address rewriting when forwarding the domain?


Reply to this email directly or view it on GitHub:
#54 (comment)

Owner

Eichhoernchen commented Apr 25, 2012

The certificate must match the siri.domain.com (I don't know it this is treated case sensitive) as it is the first request against which the client will validate the server certificate.

nightops closed this May 8, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment