NetTalk Central

Author Topic: Help connecting with rest server locally? Get error -69  (Read 2339 times)

jlavera

  • Newbie
  • *
  • Posts: 47
    • View Profile
    • Email
Help connecting with rest server locally? Get error -69
« on: March 11, 2024, 04:21:13 PM »
Hi, I have a rest server using nettalk -working- already in the Azure cloud. It works! But I need to do some testing locally... and this used to work, but lately I'm, totally unable to communicate to the server using 127.0.0.1 or localhost.
Using the latest Nettalk.
* I generated the crt and key certificates with the latest openssl - (both for localhost and 127.0.0.1).
* I tried from the browser, that was one of the latest things that worked, but not anymore.
* It is not locked by any antivirus or firewall. I made a small Clarion testing program, to send a GET to the server, and when I try locally (for example, to https://localhost:1741 or to https://127.0.0.1:1741) it says the error was -69 which means the SSL remote certificate failed verification.
* The server starts successfully, it says it loaded the certificates, 0 errors.
* The server shows there -was- a connection attempt. But it gives no error, nothing.
* If i started the server for localhost I tried calling localhost and used localhost named certificates, same for 127.0.0.1 - all matching)
* The problem seems to be in the side of the server... But I'm not sure what else to try.
** Do the openssl certificates are no longer valid for a local test??
** What I need to test is the server response under certain conditions and performance related LOCALLY, the connection over the web works perfect!!! What am I missing for testing the server locally?

Thank you for any help!
Kind regards,
Jorge Lavera

jlavera

  • Newbie
  • *
  • Posts: 47
    • View Profile
    • Email
Re: Help connecting with rest server locally? Get error -69
« Reply #1 on: March 11, 2024, 05:16:10 PM »
Some more info...
I tried connecting from PostMan to the secure port, got an error as well.

So later, I tried connecting to the non-secure port. From Postman, succeed! It indeed connected locally.
Then, I tried from my nettalk client program... no luck. Said "the requested connection to 127.0.0.1 could not be opened. The open command timed out or failed to connect". I'm tried with 127.0.0.1 and the insecure port (that worked from postman, and from the browser!).
In my program, I changed to net.SSL = 0 (recompiled, retried, not working)
And of course, the adresss to call (i set that at runtime).
What else should I change to get the same result as Postman?
Kind regards,
Jorge Lavera

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Help connecting with rest server locally? Get error -69
« Reply #2 on: March 12, 2024, 06:40:20 PM »
Hi Jorge,

to best test this it might be useful for you to edit your HOSTS file, so that your actual domain points to 127.0.0.1
that way you can test locally still using the actual site address.

Also, it's probably worth you mentioning what version of NetTalk you are using. From your explanation of what you did it sounds like an old one.

>> I generated the crt and key certificates with the latest openssl - (both for localhost and 127.0.0.1).

this is what makes me think you're on old. Typically you can generate certificates just adding one, or both, of these to your domain list.

>> * I tried from the browser, that was one of the latest things that worked, but not anymore.

what does your browser say?

>> * It is not locked by any antivirus or firewall. I made a small Clarion testing program, to send a GET to the server, and when I try locally (for example, to https://localhost:1741 or to https://127.0.0.1:1741) it says the error was -69 which means the SSL remote certificate failed verification.

Of course it will fail. It will fail in your browser too. generating your own certificates locally (for IP addresses, or localhost) means those certificates are not signed by a CA, and so are "untrusted". This will cause most clients to fail. In aNetTalk web client you need to turn off the test for the certificate so it "doesn't check against CARoot.Pem."

<< * The server starts successfully, it says it loaded the certificates, 0 errors.

sure.

>> * The server shows there -was- a connection attempt. But it gives no error, nothing.

sure. The server doesn't care if the client failed to connect.

>> * If i started the server for localhost I tried calling localhost and used localhost named certificates, same for 127.0.0.1 - all matching)

yes but not _trusted_ certificates. (It is not possible to get a trusted certificate for localhost or 127.0.0.1. Which is why setting your local HOSTS file is probably your best bet for this sort of testing.

>> * The problem seems to be in the side of the server... But I'm not sure what else to try.
>> ** Do the openssl certificates are no longer valid for a local test??

They're valid, but they're not trusted. So your browser / client needs to bypass the trustworthy test.

>> ** What I need to test is the server response under certain conditions and performance related LOCALLY, the connection over the web works perfect!!! What am I missing for testing the server locally?

You're missing an understanding of the limitations of self-signed certificates.

>> So later, I tried connecting to the non-secure port. From Postman, succeed! It indeed connected locally.

It succeeded because it's ignoring the trustworthiness of the certificate, because it likely knows you can't trust certs on that address.
Connecting to the insecure port simply returns a redirect (assuming you are on NT10 or later) and it is following that redirect.

>> What else should I change to get the same result as Postman?

net.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = true

Cheers
Bruce