Tried to replace ser2sock certs & failed

[usmcguy]

I didnt want to keep my certificates stock. So I setup my own self-signed CA and created certificates for both nginx & ser2sock. nxinx works great. However, the ser2sock gave me issues on alarmDecoder. I tried to set the ser2sock back to the stock certs on alarmDecoder and this happened, the same error I got when I tried to use my self-signed certs:

Code: Select all

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/opt/alarmdecoder-webapp/ad2web/app.py", line 94, in __call__
    return self.app(environ, start_response)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/opt/alarmdecoder-webapp/ad2web/decorators.py", line 25, in decorated_function
    return f(*args, **kwargs)
  File "/opt/alarmdecoder-webapp/ad2web/setup/views.py", line 226, in sslclient
    ca_cert = Certificate.query.filter_by(name='AlarmDecoder CA').one()
  File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2478, in one
    raise orm_exc.NoResultFound("No row was found for one()")
NoResultFound: No row was found for one()

[kevin]

Just FYI, the certs that are "stock" are generated at "first boot" for each instance of our image being used. No certs are the same using our image.

That said, please make sure that your ser2sock config file in /etc/ser2sock/ser2sock.conf is also defaulted after removing certificates.

I believe ser2sock will also generate its own certificates in "setup" when you choose to enable the "ssl" option for it - but I could be mistaken there - however with "ssl" option enabled for ser2sock it should be as easy as replacing filenames to certs in the config file and restarting ser2sock and gunicorn.

SSL for ser2sock is different from SSL for HTTPS. Unless you plan on exposing the ser2sock stream outside your network, this can be left alone.

I understand the want for encrypting the ser2sock stream that's why we offer the option, but there are reasons to keep it unencrypted and firewalled as well - currently there is only 1 method outside of the webapp able to connect to and read the encrypted ser2sock stream - the alarmdecoder keypad application. If you want to integrate this into a home automation system - keeping that stream plaintext can be beneficial. Also good for debugging.

[usmcguy]

I did not know about the unique generation at first boot. Good to know. I guess I'll agree on the advantages of clear transmission vice encrypted. I'll keep it that way, because I do using the iPhone app.