Uploaded image for project: 'IGB'
  1. IGB
  2. IGBF-2964

Investigate: “This feature is not reachable” error

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Story Points:
      2
    • Sprint:
      Fall 4 2021 Sep 27 - Oct 8, Fall 5 2021 Oct 11 - Oct 22, Fall 6 2021 Oct 25 - Nov 5

      Description

      See comment in IGBF-2948:

      IGB reports “This feature is not reachable” error even though the file is reachable in a Web browser.

        Attachments

          Issue Links

            Activity

            Hide
            ann.loraine Ann Loraine added a comment -

            Thank you for the very clear discussion.
            I have a an additional questions regarding how the interaction between the server and client when the client is curl or a Web browser. How do you know that they are obtaining the correct certificate? Is it because the browser and curl accept the authenticity?

            Show
            ann.loraine Ann Loraine added a comment - Thank you for the very clear discussion. I have a an additional questions regarding how the interaction between the server and client when the client is curl or a Web browser. How do you know that they are obtaining the correct certificate? Is it because the browser and curl accept the authenticity?
            Hide
            pbadzuh Philip Badzuh (Inactive) added a comment -

            Using the browser, you can inspect the certificate being used by clicking on the lock to the left of the URL. When using CURL, the -v flag can be passed for verbose output, which includes basic updates of the SSL handshake steps, including details about the certificate being used.

            Show
            pbadzuh Philip Badzuh (Inactive) added a comment - Using the browser, you can inspect the certificate being used by clicking on the lock to the left of the URL. When using CURL, the -v flag can be passed for verbose output, which includes basic updates of the SSL handshake steps, including details about the certificate being used.
            Hide
            ann.loraine Ann Loraine added a comment - - edited

            I'm confused about there being multiple certificates returned by the site. My understanding from having requested and installed certificates is that you only get one! And you can often purchase a "star" certificate that will cover every subdomain, e.g., foo.bioviz.org or bar.bioviz.org would be validated the same "star" certificate.

            However, looking at the above certificates mentioned in the previous comments, it looks like the site is using a public service ("let's encrypt") that provides certificates for free, in some kind of dynamic way. I wonder if the site's configuration is messed up or incorrect in a minor way that affects IGB and openssl, but not the other applications, explaining why the site maintainers perhaps never noticed the problem. For this latter task, let's make a new ticket to investigate "let's encrypt".

            Maybe we ought to investigate how the "let's encrypt" configuration is done? Also, [~aloraine] is interested in how "let's encrypt" works in case we want to use for our Web applications, as well. Why? It's because the lab has multiple domains, for only a few of which do we currently purchase certificates, as they are costly. If we knew how to use "let's encrypt," we could provide SSL level security for every site, not just "bioviz" and the few others for which we purchase certificates.

            Show
            ann.loraine Ann Loraine added a comment - - edited I'm confused about there being multiple certificates returned by the site. My understanding from having requested and installed certificates is that you only get one! And you can often purchase a "star" certificate that will cover every subdomain, e.g., foo.bioviz.org or bar.bioviz.org would be validated the same "star" certificate. However, looking at the above certificates mentioned in the previous comments, it looks like the site is using a public service ("let's encrypt") that provides certificates for free, in some kind of dynamic way. I wonder if the site's configuration is messed up or incorrect in a minor way that affects IGB and openssl, but not the other applications, explaining why the site maintainers perhaps never noticed the problem. For this latter task, let's make a new ticket to investigate "let's encrypt". Maybe we ought to investigate how the "let's encrypt" configuration is done? Also, [~aloraine] is interested in how "let's encrypt" works in case we want to use for our Web applications, as well. Why? It's because the lab has multiple domains, for only a few of which do we currently purchase certificates, as they are costly. If we knew how to use "let's encrypt," we could provide SSL level security for every site, not just "bioviz" and the few others for which we purchase certificates.
            Hide
            ann.loraine Ann Loraine added a comment - - edited

            To solve the immediate problem, I agree ([~aloraine]) that you should do this: "allow all certificates that have the same domain and TLD, regardless of subdomain".

            Make new tickets for these new tasks.

            Show
            ann.loraine Ann Loraine added a comment - - edited To solve the immediate problem, I agree ( [~aloraine] ) that you should do this: "allow all certificates that have the same domain and TLD, regardless of subdomain". Make new tickets for these new tasks.
            Hide
            pbadzuh Philip Badzuh (Inactive) added a comment -

            I have made new tickets for these tasks in IGBF-3000 and IGBF-3001. Closing this issue.

            Show
            pbadzuh Philip Badzuh (Inactive) added a comment - I have made new tickets for these tasks in IGBF-3000 and IGBF-3001 . Closing this issue.

              People

              • Assignee:
                pbadzuh Philip Badzuh (Inactive)
                Reporter:
                ann.loraine Ann Loraine
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: