Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hue sync box 8k cert seems has changed #5

Closed
bishengliu7 opened this issue Sep 19, 2024 · 2 comments
Closed

Hue sync box 8k cert seems has changed #5

bishengliu7 opened this issue Sep 19, 2024 · 2 comments

Comments

@bishengliu7
Copy link

aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host 192.168.31.183:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')]
2024-09-19 21:34:49.028 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_link, ConnectionInfo(host='192.168.31.183', unique_id='C4299600EBDA', access_token=None, registration_id=None, port=443, path='/api')
2024-09-19 21:34:49.028 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_link, asyncio.async_show_progress_done registered=False
2024-09-19 21:34:49.033 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_abort, None

Connecting to 192.168.31.183
CONNECTED(00000003)
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify return:1
---
Certificate chain
 0 s:C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
   i:C=NL, O=Philips Hue, CN=root-hsb
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
   v:NotBefore: Oct 29 01:44:39 2022 GMT; NotAfter: Dec 31 23:59:59 9999 GMT
-----BEGIN CERTIFICATE-----
MIICLjCCAdSgAwIBAgIHAMQplgDr2jAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJO
TDEUMBIGA1UECgwLUGhpbGlwcyBIdWUxETAPBgNVBAMMCHJvb3QtaHNiMCIYDzIw
MjIxMDI5MDE0NDM5WhgPOTk5OTEyMzEyMzU5NTlaMEkxCzAJBgNVBAYTAk5MMRQw
EgYDVQQKDAtQaGlsaXBzIEh1ZTEVMBMGA1UEAwwMQzQyOTk2MDBFQkRBMQ0wCwYD
VQQLDARIU0IyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDohDNNRKkJ//VHOj
lgh98m0cg9OtrOzwIsS61rr1qvCqkeSewfa06nXxmVQ2IHTCJW5yUJ8reL2bQh+v
Inu3EKOBtTCBsjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
DDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU+buvop3oH0aSEL1bk0UHkEU8i18wXgYD
VR0jBFcwVYAUyAWBz+c8UzPFUYPqvasLnVexjdqhOqQ4MDYxCzAJBgNVBAYTAk5M
MRQwEgYDVQQKDAtQaGlsaXBzIEh1ZTERMA8GA1UEAwwIcm9vdC1oc2KCAQEwCgYI
KoZIzj0EAwIDSAAwRQIgeacEPD4F5PHZGBF0ugJNiJpSVWq+UEiC7HaNq290xV4C
IQDWqEDItEGKIiul+epmFBg1Ft1MPdTbhwLDm8Nwx7clbA==
-----END CERTIFICATE-----
@mvdwetering
Copy link
Owner

That is weird my 8K box works fine. Was already happy that it just worked.

After a bit of searching it seems like the output is generated by OpenSSL. The Syncbox needs/uses a custom cert file and servername to make it validate. I am not really familiar with OpenSSL commandline, but when using the parameters below it gives similar output to what you posted (and more), but does not seem to give verify errors.

Could you try it on your setup with the additional options?
It should be copy-pastable for your setup. Pem file is attached with txt extension because Github would not let me add it otherwise.

If you used another command that is better I would be interested to learn about that.

openssl s_client -connect 192.168.31.183:443 -servername C4299600EBDA -CAfile hsb_cacert.pem.txt

hsb_cacert.pem.txt

@bishengliu7
Copy link
Author

Closing this and let's keep the discussion at mvdwetering/huesyncbox#128, Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants