Testing HTTPS (SSL) Connections on NI LinuxRT
This is a VERY specific post – but it took me a while to avoid red herrings so I thought it was worth sharing. Sorry LabVIEW folks – this is all about LinuxRT!
I had a system that was having issues connecting to a HTTPS server (for WebDAV). It had previously been running without issue and then just stopped.
As I couldn’t disturb the software directly I logged into ssh and tried the following:
- nslookup <server> – This pings for DNS to make sure we have a valid address for the server. This passed.
- ping <server> – this failed but after testing from another system that also failed, so this server probably has ping responses blocked.
My next step would be to try curl which allows command line http(s) but that isn’t installed. Instead I found that I could do a security check with openssl. This should confirm that the certificates work and the port is reachable.
The command was:
openssl s_client -quiet -connect <server>:443
This failed! Hmm – maybe because this is an older LinuxRT distribution there is a certificate problem. So I went hunting for the certificate store.
It turns out there isn’t a central store automatically recognised by openSSL. So for the proper test we actually need to link to NI’s certificate bundle at /etc/natinst/nissl/ca-bundle.crt (On LinuxRT 2017, but I would be surprised if this moves).
I expect this is true of any command line tool that uses SSL – so if you do install cURL it will probably need a link to this.
So now the command is:
openssl s_client -quiet -CAfile /etc/natinst/nissl/ca-bundle.crt -connect <server>:443
That works and I have to move on in my troubleshooting. (At this stage it is working again without any intervention – not sure whether to be happy or not!)