Self signed Certs dosent work for my client how can i egenrate .pem using LetsEncrypt

CoolDevGem · September 18, 2020, 4:05am

Hi,

I am working on Matlab, is configured well with self signed certs and while browsing some HTTPS urls raise ssl invalid exception i believe its due to the fact that the server don't accept self signed certificates.

How can i generate valid lets encrypt based .pem files fill-chain and ca to add into Matlab ?

I am newbie for forgive if am wrong.

please help.

Thanks,

_az · September 18, 2020, 4:16am

Some relevant questions to get started:

Are you using “MATLAB Web App Server”?
Do you access the application by using a domain name? Is is it a real registered domain name that you purchased from a domain registrar?
Is that application accessible from the internet? (i.e. is it internal-only, or firewalled, or behind a VPN or something like that).
What operating system does the server run?

CoolDevGem · September 18, 2020, 6:05am

Hi @_az Thanks for your reply. I am using Matlab as client and request = matlab.net.http.RequestMessage(), request.send() methods classes to GET Json data from HTTPS link. It works from browser but it filed form Matlab.

I don’t use any domain as its just client application.

I suspect need to use valid certs . I run on windows.

Please advise,

Thanks,

_az · September 18, 2020, 6:31am

Ah, I see.

Do you run the server pointed to by the HTTPS link?

Or is it some third party?

CoolDevGem · September 18, 2020, 6:57am

I just access the HTTPs link and send GET request as client application to fetch data from remote server.

Thanks

schoen · September 18, 2020, 8:04am

Could you give an example of a site that works in the browser but not from Matlab?

CoolDevGem · September 18, 2020, 8:31am

Hi @schoen:
here is the url which works in browser but failed in matlab with invalid certs exception
https://rdap.verisign.com/com/v1/domain/google.com

alexeyc · September 18, 2020, 11:14am

Hi @CoolDevGem ,

The failure is most likely due to inability to negotiate a cipher suite, or TLS protocol version between client and server.

That server supports only the following Perfect Forward Secrecy AEAD cipher suites, so if your client doesn’t support them, it will fail to negotiate:

# TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

# TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

That server also only supports TLS 1.2 and TLS 1.3 - so if your client doesn’t support those - it will fail.

Either:

the cryptographic library used by the client is too old and doesn’t support these, or
the cryptographic library system-wide TLS configuration hasn’t enabled these, or
the client’s TLS configuration hasn’t enabled these.

schoen · September 19, 2020, 11:01pm

Good find, @alexeyc. @CoolDevGem, if you can’t update the TLS support provided by the Matlab client, consider using an external program like curl or wget to download the data and then parsing it with Matlab. It should be possible to script this to whatever level of automation you need.

CoolDevGem · September 20, 2020, 2:21pm

Thanks @alexeyc that was the actual issue i am still struggling to configure TLS version in Matlab but @schoen suggestions worked well too using curl i am able to sole this issue. Thanks to both of you.

system · October 20, 2020, 2:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.