PLCnext on LinkedInPLCnext on Instagram  PLCnext on YouTube Github PLCnext CommunityStore PLCnext Community

  1. Max
  2. PLCnext Technology & PLCnext Controls
  3. Thursday, 12 September 2019

Hello,

I have a problem with SSL calling the Rest-API. We're using NodeJS which is installed over the plcnextstore. MY plugin starts one the AXC F2152, but a GET request to the Rest-API is not successful.

I used restify-clients or the build-in https module, got an output like this and no data returned.

[ PLCnext | Debug | 2019-09-12 15:06:53.608] UNABLE_TO_VERIFY_LEAF_SIGNATURE

[ PLCnext | Debug | 2019-09-12 15:06:53.608] unable to verify the first certificate

[ PLCnext | Debug | 2019-09-12 15:06:53.608] Error: unable to verify the first certificate
at TLSSocket. (_tls_wrap.js:1108:38)
at emitNone (events.js:105:13)
at TLSSocket.emit (events.js:207:7)
at TLSSocket._finishInit (_tls_wrap.js:638:8)
at TLSWrap.TLSSocket._init.ssl.onhandshakedone (_tls_wrap.js:468:38)
Using Insomnia as a Rest-Client I get data, but also an SSL error. I used it just for checking the service itself. The output looks like this:

* Preparing request to https://192.168.43.223/_pxc_api/api/variables?pathPrefix=Arp.Plc.Eclr%2F&paths=AIN2
* Using libcurl/7.57.0-DEV OpenSSL/1.0.2o zlib/1.2.11 libssh2/1.7.0_DEV
* Current time is 2019-09-12T13:52:31.360Z
* Disable timeout
* Enable automatic URL encoding
* Disable SSL validation
* Enable cookie sending with jar of 0 cookies
* Connection 4 seems to be dead!
* Closing connection 4
* TLSv1.2 (OUT), TLS alert, Client hello (1):
* Trying 192.168.43.223...
* TCP_NODELAY set
* Connected to 192.168.43.223 (192.168.43.223) port 443 (#5)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\Users\Max\AppData\Local\Temp\insomnia_6.6.2\2017-09-20.pem
* CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=DE; ST=NRW; L=Blomberg; O=PHOENIX CONTACT; OU=PHOENIX CONTACT GmbH & Co KG; CN=192.168.1.10
* start date: Aug 27 12:40:39 2019 GMT
* expire date: Aug 25 12:40:39 2024 GMT
* issuer: C=DE; ST=NRW; L=Blomberg; O=PHOENIX CONTACT; OU=PHOENIX CONTACT GmbH & Co KG; CN=192.168.1.10
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

> GET /_pxc_api/api/variables?pathPrefix=Arp.Plc.Eclr%2F&paths=AIN2 HTTP/1.1
> Host: 192.168.43.223
> User-Agent: insomnia/6.6.2
> Accept: */*

< HTTP/1.1 200 OK
< Server: nginx/1.15.2
< Date: Thu, 12 Sep 2019 14:56:50 GMT
< Content-Type: application/json
< Content-Length: 128
< Connection: keep-alive
< Status: 200 OK
< Cache-Control: no-cache

 

  • Received 128 B chunk
    * Connection #5 to host 192.168.43.223 left intact

Is there anyone having similar problems or got a solution for this?

Calling the API via Chrome/Opera works fine, but the origin is marked as unsecure.

 

Thanks in advance

 

Max

Max Accepted Answer Pending Moderation
0
Votes
Undo

Topic is not closed, but I found a solution. If you have similiar issues, just use OPC UA. There is a node-module called "node-opcua" which will work just fine.

Also there is a tutorial video on how to set up the OPC UA server on YouTube.

 

If you have any question, feel free to ask.

Oliver PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

Hello Max,
this looks like the same thing happening in your browser when you access the PLC the first time.

You have to trust the Certificate that has not been created from a Certificat Authority.

You can either create your own certificat chain and store a root CA that you trust on the client or get a CA Certificat.
OPC UA should have the same issue.
But i guees in that function you have an option to "trust anyways" or seomthing similar.

Phoenix Contact Electronics Headquarter - PLCnext Runtime Product Management and Support

  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.