ssh key mono

The Netatmo API is a set of webservices allowing developers and third parties to access Netatmo device's data.
Post Reply
goro
Posts: 3
Joined: 20 Sep 2014, 23:16

ssh key mono

Post by goro » 21 Sep 2014, 00:34

Hi to all the netatmo devolpers,

i am using .net and made an application on win 7/8. Everythin is fine.

Now i tried to convert the basics to my synlogy nas (linux). Although i inported the https cetificate from Synology the mono test utility output is

Code: Select all

NAS> mono TlsTest.exe https://api.netatmo.net

https://api.netatmo.net
[Subject]
  E=postmaster@netatmo.com, CN=*.netatmo.com, O=Netatmo LLC, L=Lewes, S=Delaware, C=US, OID.2.5.4.13=u0EV8Pp9cr4XXP3K

[Issuer]
  CN=StartCom Class 2 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

[Not Before]
  3/23/2014 10:01:39 AM

[Not After]
  3/22/2016 6:29:14 PM

[Thumbprint]
  1EC678CF7B1AB22EAB3A1CB9815F71142E4D9C2D


        Valid From:  3/23/2014 10:01:39 AM
        Valid Until: 3/22/2016 6:29:14 PM

Error #-2146762481: CERT_E_CN_NO_MATCH 0x800B010F
As you see on the output the cn is *.netatmo.com. My question: why does this cert work and what can i do on my synology to bring it to work?

Thx and greets
goro

Grinch
Posts: 15
Joined: 14 Jul 2014, 21:20

Re: ssh key mono

Post by Grinch » 23 Sep 2014, 12:18

It seems there are different (wrong) certificates being used.
If no server_name is given in the Client Hello of the TLS handshake it delivers a certificate for *.netatmo.com.

Code: Select all

~# openssl s_client -connect api.netatmo.net:443 
Certificate chain
 0 s:/description=u0EV8Pp9cr4XXP3K/C=US/ST=Delaware/L=Lewes/O=Netatmo LLC/CN=*.netatmo.com/emailAddress=postmaster@netatmo.com
So the SSL Error mono complains about is correct.

If the client uses the server_name extension of TLS the correct certificate is sent

Code: Select all

# openssl s_client -connect api.netatmo.net:443 -servername api.netatmo.net
Certificate chain
 0 s:/description=ieXGGBU42pKmPQtQ/C=US/ST=Delaware/L=Lewes/O=Netatmo LLC/CN=api.netatmo.net/emailAddress=postmaster@netatmo.net
So you might check if mono uses TLS and if it uses the TLS server_name extension.

goro
Posts: 3
Joined: 20 Sep 2014, 23:16

Re: ssh key mono

Post by goro » 23 Sep 2014, 15:09

Thx Grinch,
i will try this later

goro
Posts: 3
Joined: 20 Sep 2014, 23:16

Re: ssh key mono

Post by goro » 23 Sep 2014, 23:33

I found an easyer way for my problem.
I trust the url and overwrite the certificate validator as it is for persopnal use only.

Post Reply

Return to “Netatmo API”