pinlawr Posted February 28, 2023 Posted February 28, 2023 I read through the info in this thread (Can you ignore ssl validation in a Network Resource?) and I am basically having the same issue. I've attached my network settings (protocol on both is set to 1.2, since it's not visible in the screenshot). Also attached is the network resource and the simple error message I'm getting back. Toggling SNI changed nothing (which wasn't a surprise since the cert has no SNI entries). The request has to be PUT. I have the self-sign cert from the hub exported, but I don't see any way to import it as trusted, or simply tell the ISY to ignore it. I have a Polisy, but haven't moved to IoP yet. As a test, I exported/imported my network resources into IoP just as they are, and they DID work fine without any errors. Thanks for any help!
DennisC Posted February 28, 2023 Posted February 28, 2023 32 minutes ago, pinlawr said: I read through the info in this thread (Can you ignore ssl validation in a Network Resource?) and I am basically having the same issue. I've attached my network settings (protocol on both is set to 1.2, since it's not visible in the screenshot). Also attached is the network resource and the simple error message I'm getting back. Toggling SNI changed nothing (which wasn't a surprise since the cert has no SNI entries). The request has to be PUT. I have the self-sign cert from the hub exported, but I don't see any way to import it as trusted, or simply tell the ISY to ignore it. I have a Polisy, but haven't moved to IoP yet. As a test, I exported/imported my network resources into IoP just as they are, and they DID work fine without any errors. Thanks for any help! In the thread you posted, Michel replied: "DO NOT check the Verify button. You'll make things worse. Please make sure you are using TLS1.2 / Strength All, SNI checked and timeout 10000. If that does not work, something else is wrong." I don't see the settings you posted as matching Michel's recommendation. I would start there and then if it doesn't work, check the error message. Can't tell, are you using TLS1.2? You don't have SNI checked. Does it work from a browser?
pinlawr Posted February 28, 2023 Author Posted February 28, 2023 35 minutes ago, DennisC said: I don't see the settings you posted as matching Michel's recommendation. My settings are exactly as suggested. In my screenshot you can see that verify is NOT checked. I mentioned that it's set to TLS 1.2 since it's not visible in the screenshot. Resource screenshot shows it's set to a 10,000 timeout. I also mentioned that SNI doesn't make a difference checked or unchecked (and it wouldn't anyway since the cert in question doesn't use SNI). It works from a browser, curl, and postman. I also mentioned it DOES work on a ISY on Polisy, just not on the 994.
DennisC Posted February 28, 2023 Posted February 28, 2023 16 minutes ago, pinlawr said: My settings are exactly as suggested. In my screenshot you can see that verify is NOT checked. I mentioned that it's set to TLS 1.2 since it's not visible in the screenshot. Resource screenshot shows it's set to a 10,000 timeout. I also mentioned that SNI doesn't make a difference checked or unchecked (and it wouldn't anyway since the cert in question doesn't use SNI). It works from a browser, curl, and postman. I also mentioned it DOES work on a ISY on Polisy, just not on the 994. That's good, what about the error log?
pinlawr Posted February 28, 2023 Author Posted February 28, 2023 Error log was the last attachment. It just says "Net-Resource: Failed connecting to 192.xxxx". Nothing else shows in the log.
Recommended Posts