Details
-
Type: Connection Issue
-
Status: Closed (View Workflow)
-
Priority: Blocker
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Story Points:1
-
Sprint:Fall 2019 Sprint 2, Fall 2019 Sprint 3
Description
Situation:
After maintenance to CyVerse systems, IGB stopped being able to connect and retrieve data from public CyVerse files from https://data.cyverse.org/dav-anon/iplant/home/.
When IGB tried to load data from the CyVerse URL, it would ask if the user trusts the certificate - 1.2.840.113549.1.9.1=#1620726f6f74407230336330387531382d6461762d312e637976657273652e6f7267,CN=r03c08u18-dav-1.cyverse.org,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--,
If the user consented, IGB would then fail to connect and would issue a warning to the user saying the URL failed to load.
Confusingly, the same URL would work correctly in a web browser (the data would be downloaded), and the certificates were considered valid.
Resolution:
After talking with the CyVerse team, they believe the issue had to do with Server Name Indication (SNI). The server is data.cyverse.org, however, the certificate that was being sent (as can be seen from the IGB message) was r03c08u18-dav-1.cyverse.org. Most likely IGB does not handle SNI and as the certificate did not match the server, considered it invalid.
CyVerse has updated their server configuration, and the new certificate reads as *.cyverse.org, which works correctly with IGB.
Attachments
Issue Links
- relates to
-
IGBF-2009 Rework IGB Trust Certificate Dialog
- Closed