Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while testing conenction to kmip server #21

Open
emanuelebeffa opened this issue Oct 27, 2024 · 6 comments
Open

Error while testing conenction to kmip server #21

emanuelebeffa opened this issue Oct 27, 2024 · 6 comments

Comments

@emanuelebeffa
Copy link

I am using a Docker image as a server to create and store encryption keys for my NAS. However, I'm experiencing an error when trying to connect the NAS to the server. The connection fails, and I'm unable to proceed with the encryption setup.

Expected behavior

The NAS should connect to the server successfully

Actual behavior

The connection attempt from the NAS to the Docker key server succeeds, but gives the following logs in the console:

dsm-kmip-server  | Exception in thread 00000001:
dsm-kmip-server  | Traceback (most recent call last):
dsm-kmip-server  |   File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
dsm-kmip-server  |     self.run()
dsm-kmip-server  |   File "/usr/lib/python3.11/site-packages/kmip/services/server/session.py", line 116, in run
dsm-kmip-server  |     self._connection.shutdown(socket.SHUT_RDWR)
dsm-kmip-server  |   File "/usr/lib/python3.11/ssl.py", line 1353, in shutdown
dsm-kmip-server  |     super().shutdown(how)
dsm-kmip-server  | OSError: [Errno 107] Socket not connected

While everything seems fine, the NAS won't save any encryption key to the server (the sqlite database is always empty) after resetting the encryption key from the storage settings.

Steps to reproduce

Run the Docker container
Attempt to connect from the NAS to the Docker server to access the keys

Environment

DSM 7.2.2-72803
@l0rda
Copy link

l0rda commented Nov 28, 2024

You need to use CA certificate file from certs folder while connecting to KMIP server.

@emanuelebeffa
Copy link
Author

Yeah I used the CA from the certs folder in the KMIP section, but it seems that the error is not related to the certificate

@xpiwA
Copy link

xpiwA commented Dec 7, 2024

I do have the same identical issue presented here.

@makkanftw
Copy link

makkanftw commented Dec 17, 2024
edited
Loading

Facing exact same issue as above using CA cert etc correctly. Any help would be appreciated.

@rnurgaliyev
Copy link
Owner

Can you post logs from the NAS itself?

@makkanftw
Copy link

makkanftw commented Dec 19, 2024
edited
Loading

I ran:
sudo /usr/syno/bin/synokmip --query
An error occurred while connecting to appliance {IP_of_KMIP_server}: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1131)

Turns out I had missed step on certificate view to click settings and select the correct certificate for KMIP. Works fine after following instructions properly...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@l0rda @rnurgaliyev @makkanftw @emanuelebeffa @xpiwA