aasami
(Miroslav ÄŽurian)
May 17, 2018, 12:49pm
1
The subject says it all. When uploading certificate, this error appears:
This page has expired
The request cannot be completed
because this page has expired
/var/log/messages says:
May 17 14:41:09 dpi httpd: [ERROR] Nethgui\Framework: CSRF token verification failed!
/var/log/httpd-admin/access_log contains:
10.1.8.252 - - [17/May/2018:14:25:18 +0200] "GET /en-US/Pki HTTP/1.1" 200 19734
10.1.8.252 - - [17/May/2018:14:40:39 +0200] "GET /en-US/Pki/Upload.json?_=1526559919524 HTTP/1.1" 200 429
10.1.8.252 - - [17/May/2018:14:40:39 +0200] "GET /css/img/mandatory_normal.png HTTP/1.1" 200 250
10.1.8.252 - - [17/May/2018:14:40:39 +0200] "GET /css/img/red-inset-normal.png HTTP/1.1" 200 217
10.1.8.252 - - [17/May/2018:14:40:49 +0200] "POST /en-US/Pki/Upload.json HTTP/1.1" 400 59
10.1.8.252 - - [17/May/2018:14:41:51 +0200] "GET /en-US/Pki HTTP/1.1" 200 19734
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /css/ui/jquery-ui-1.8.16.custom.css HTTP/1.1" 200 33719
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /css/base.css HTTP/1.1" 200 17784
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /css/font-awesome.css HTTP/1.1" 200 33233
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/jquery-migrate-1.4.1.min.js HTTP/1.1" 200 10056
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /css/jquery.timepicker.css HTTP/1.1" 200 1584
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/jquery.timepicker.min.js HTTP/1.1" 200 15297
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/percent.js HTTP/1.1" 200 910
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/jquery.dataTables.min.js HTTP/1.1" 200 82638
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/jquery-1.12.4.min.js HTTP/1.1" 200 97163
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/file-size.js HTTP/1.1" 200 1213
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/ip-address.js HTTP/1.1" 200 1921
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/mustache.js HTTP/1.1" 200 16469
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /en-US/Resource/27dd3ddb.css HTTP/1.1" 200 226
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /en-US/Resource/753b61bd.js HTTP/1.1" 200 57374
10.1.8.252 - - [17/May/2018:14:41:52 +0200] "GET /js/jquery-ui-1.8.23.min.js HTTP/1.1" 200 200748
10.1.8.252 - - [17/May/2018:14:41:53 +0200] "GET /js/datatable-en-US.json HTTP/1.1" 200 726
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /images/logo.png HTTP/1.1" 200 4031
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /css/ui/images/ui-bg_inset-soft_75_e6e6e6_1x100.png HTTP/1.1" 200 95
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /css/ui/images/ui-bg_flat_75_cccccc_40x100.png HTTP/1.1" 200 180
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /css/ui/images/ui-icons_888888_256x240.png HTTP/1.1" 200 4369
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /css/img/red-inset-normal.png HTTP/1.1" 200 217
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /css/img/mandatory_normal.png HTTP/1.1" 200 250
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1" 200 66624
10.1.8.252 - - [17/May/2018:14:41:54 +0200] "GET /images/light-polygons/toolbar.png HTTP/1.1" 200 108933
Any help is welcomed.
giacomo
(Giacomo Sanchietti)
May 17, 2018, 2:21pm
2
Sorry, but I can’t reproduce it with latest RPM available: nethserver-httpd-admin-2.2.1-1.ns7.noarch
Make sure to have nethserver-httpd-admin fully updated, also you can eventually logout, clean the cache and retry (or use an anonymous session).
Just to do basics checks, report the output of following commands:
cat /etc/redhat-release
rpm -q nethserver-httpd-admin --changelog
config show httpd-admin
1 Like
aasami
(Miroslav ÄŽurian)
May 21, 2018, 6:50am
3
All packages are fully updated. I have logged out and cleaned the cache, but result is the same. The requested output is here: https://ghostbin.com/paste/ng6ar
Thank you for your help.
giacomo
(Giacomo Sanchietti)
May 21, 2018, 8:02am
4
Everything seems correct.
@davidep could you take a look at this?
davidep
(Davide Principi)
May 21, 2018, 9:08am
5
The only things I note are
15 minutes between page generation and POST request
the error in messages timestamp does not correlate with access log: 20 seconds offset
aasami
(Miroslav ÄŽurian)
May 21, 2018, 9:59am
6
I’ve tried it ones more, to be sure, about the time and there is 20 seconds between upload and the error. What that means?
/var/log/httpd-admin/access_log
10.1.16.6 - - [21/May/2018:11:49:16 +0200] "GET /en-US/Pki HTTP/1.1" 200 19734
10.1.16.6 - - [21/May/2018:11:49:17 +0200] "GET /css/ui/jquery-ui-1.8.16.custom.css HTTP/1.1" 200 33719
10.1.16.6 - - [21/May/2018:11:49:17 +0200] "GET /js/jquery-1.12.4.min.js HTTP/1.1" 200 97163
10.1.16.6 - - [21/May/2018:11:49:17 +0200] "GET /js/jquery.dataTables.min.js HTTP/1.1" 200 82638
10.1.16.6 - - [21/May/2018:11:49:17 +0200] "GET /en-US/Resource/27dd3ddb.css HTTP/1.1" 200 226
10.1.16.6 - - [21/May/2018:11:49:17 +0200] "GET /en-US/Resource/753b61bd.js HTTP/1.1" 200 57374
10.1.16.6 - - [21/May/2018:11:49:18 +0200] "GET /js/datatable-en-US.json HTTP/1.1" 200 726
10.1.16.6 - - [21/May/2018:11:49:18 +0200] "GET /css/ui/images/ui-icons_454545_256x240.png HTTP/1.1" 200 4369
10.1.16.6 - - [21/May/2018:11:49:19 +0200] "GET /css/ui/images/ui-bg_flat_65_ffffff_40x100.png HTTP/1.1" 200 178
10.1.16.6 - - [21/May/2018:11:49:19 +0200] "GET /css/ui/images/ui-bg_flat_0_aaaaaa_40x100.png HTTP/1.1" 200 180
10.1.16.6 - - [21/May/2018:11:49:19 +0200] "GET /css/img/ajax-loader-big.gif HTTP/1.1" 200 15685
10.1.16.6 - - [21/May/2018:11:49:19 +0200] "GET /en-US/Pki/Upload.json?_=1526896158012 HTTP/1.1" 200 429
10.1.16.6 - - [21/May/2018:11:49:19 +0200] "GET /css/img/mandatory_normal.png HTTP/1.1" 200 250
10.1.16.6 - - [21/May/2018:11:49:28 +0200] "POST /en-US/Pki/Upload.json HTTP/1.1" 400 59
/var/log/messages
May 21 11:49:48 dpi httpd: [ERROR] Nethgui\Framework: CSRF token verification failed!
1 Like
davidep
(Davide Principi)
May 21, 2018, 10:07am
7
I don’t know by now… Do you see the error dialog just after starting the upload, or you actually wait 20 seconds then get the error?
Is there anything between your browser and Server Manager? Antivirus, web proxy, firewall, router, WAN connection…
aasami
(Miroslav ÄŽurian)
May 21, 2018, 1:06pm
8
There is 20s delay before the error pops out after I hit the upload button.
AFAIK there are 2 manageable switches between me and the server. We are on the same LAN and VLAN and I am connected through a “green” interface to the server.
1 Like
davidep
(Davide Principi)
May 21, 2018, 2:34pm
9
aasami:
We are on the same LAN
…So the upload of a couple of .pem files should run for a fraction of second! What is your browser version? Can you reproduce the problem with another one?
aasami
(Miroslav ÄŽurian)
May 22, 2018, 7:02am
10
Browser is Firefox 60.
Now I have tried Chromium 66. When clicking “Upload Cerficate”, it just flickers the upload animation dots for a fraction of a second and doesn’t show any message. The Upload certificate screen stays open. There is no error in /var/log/messages and no record in /var/log/httpd-admin/access_log
Konqueror doesn’t open the Server Manager: ERR_INSECURE_RESPONSE
Midori does the same with error: Unacceptable TLS certificate
1 Like
davidep
(Davide Principi)
May 22, 2018, 7:31am
11
Thank you for going deeper @aasami ! I still have no idea of what’s happening
Could you open to the browser development console (just press F12 on FF)?
The Network tab and the console window could display additional information…
davidep
(Davide Principi)
May 22, 2018, 8:16am
13
Did you try to disable the “HTTPS everywhere” FF extension? Do you use it also in Chromium?
aasami
(Miroslav ÄŽurian)
May 22, 2018, 10:38am
14
Disabling “HTTPS everywhere” FF extension and all other extensions doesn’t help.
Results are the same. In Chromium there are no plugins at all.
1 Like
davidep
(Davide Principi)
May 22, 2018, 10:56am
15
The fact that the response comes back with a regular delay of 20 seconds is suspect, but I cannot reproduce this behavior here… I’m sorry I cannot figure out why it behaves like this.
As workaround try to follow the instructions to set a custom certificate from the console. This is the procedure for NS6 (when upload from UI was still not implemented) and should work for NS7 too.
http://docs.nethserver.org/en/v6/base_system.html#server-certificate
1 Like
aasami
(Miroslav ÄŽurian)
May 22, 2018, 11:35am
16
That’s OK with me. I have followed the instructions and it works as expected.
Thank you for your help and patience davidep.
2 Likes
davidep
(Davide Principi)
May 22, 2018, 1:09pm
17
Thank you for your time! Even if we didn’t find a solution, I hope this thread can be useful to anyone who hits a similar issue.
aasami
(Miroslav ÄŽurian)
May 23, 2018, 9:34am
18
Now I have found the root cause by accident. There was a routing problem on the PC from which I’ve uploaded the certs. I had two default routes configured. Now it works flawlessly. Thank you again and God bless you!
1 Like