Page 1 of 1

[SOLVED] "Warning: validating a server's identity"

Posted: March 4th, 2017, 4:01 pm
by OneCD
* first post! *

Hello,

This is on my QNAP NAS, with a fresh install of SABnzbd.

I'm hoping someone can advise how to prevent the warning shown here:

Image

Here's my info log:

Code: Select all

2017-03-05 06:42:09,848::INFO::[SABnzbd:1184] --------------------------------
2017-03-05 06:42:09,848::INFO::[SABnzbd:1185] SABnzbd.py-1.2.2 (rev=<HASH>1471852bd74c7d3)
2017-03-05 06:42:09,887::INFO::[SABnzbd:1186] Full executable path = /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/SABnzbd.py
2017-03-05 06:42:09,888::INFO::[SABnzbd:1198] Platform = posix
2017-03-05 06:42:09,889::INFO::[SABnzbd:1199] Python-version = 2.7.13 (default, Feb 19 2017, 10:50:02) 
[GCC 6.3.0]
2017-03-05 06:42:09,889::INFO::[SABnzbd:1200] Arguments = SABnzbd.py -f //share/MD0_DATA/.qpkg/SABnzbdplus/Config/sabnzbd.ini --browser 0 --daemon --pid /tmp
2017-03-05 06:42:09,890::INFO::[SABnzbd:1202] Preferred encoding = UTF-8
2017-03-05 06:42:09,891::INFO::[SABnzbd:1250] Read INI file //share/MD0_DATA/.qpkg/SABnzbdplus/Config/sabnzbd.ini
2017-03-05 06:42:09,894::INFO::[__init__:993] Loading data for rss_data.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/rss_data.sab
2017-03-05 06:42:09,896::INFO::[__init__:993] Loading data for totals10.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/totals10.sab
2017-03-05 06:42:09,897::INFO::[postproc:92] Loading postproc queue
2017-03-05 06:42:09,897::INFO::[__init__:993] Loading data for postproc2.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/postproc2.sab
2017-03-05 06:42:09,899::INFO::[__init__:993] Loading data for queue10.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/queue10.sab
2017-03-05 06:42:10,670::INFO::[__init__:993] Loading data for watched_data2.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/watched_data2.sab
2017-03-05 06:42:10,671::INFO::[__init__:993] Loading data for Rating.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/Rating.sab
2017-03-05 06:42:10,672::INFO::[__init__:996] //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/Rating.sab missing
2017-03-05 06:42:10,674::INFO::[scheduler:190] Setting schedule for midnight BPS reset
2017-03-05 06:42:10,675::INFO::[__init__:353] All processes started
2017-03-05 06:42:10,675::INFO::[SABnzbd:304] Web dir is /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/interfaces/Glitter
2017-03-05 06:42:10,676::INFO::[SABnzbd:304] Web dir is /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/interfaces/Config
2017-03-05 06:42:10,919::INFO::[SABnzbd:432] _yenc module... found!
2017-03-05 06:42:10,920::INFO::[SABnzbd:437] Cryptography module (v1.5.1)... found!
2017-03-05 06:42:10,922::INFO::[SABnzbd:442] par2 binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/par2)
2017-03-05 06:42:10,923::INFO::[SABnzbd:447] par2cmdline binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/par2)
2017-03-05 06:42:10,924::INFO::[SABnzbd:450] UNRAR binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/unrar)
2017-03-05 06:42:10,925::INFO::[SABnzbd:456] unzip binary... found (/usr/bin/unzip)
2017-03-05 06:42:10,926::INFO::[SABnzbd:461] 7za binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/7za)
2017-03-05 06:42:10,927::INFO::[SABnzbd:467] nice binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/nice)
2017-03-05 06:42:10,928::INFO::[SABnzbd:471] ionice binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/ionice)
2017-03-05 06:42:10,929::INFO::[SABnzbd:1304] SSL version OpenSSL 1.0.2k  26 Jan 2017
2017-03-05 06:42:10,930::INFO::[SABnzbd:1305] SSL supported protocols ['TLS v1.2', 'TLS v1.1', 'TLS v1']
2017-03-05 06:42:10,938::INFO::[SABnzbd:1444] Starting web-interface on 0.0.0.0:8800
2017-03-05 06:42:10,940::INFO::[_cplogging:219] [05/Mar/2017:06:42:10] ENGINE Bus STARTING
2017-03-05 06:42:10,955::INFO::[_cplogging:219] [05/Mar/2017:06:42:10] ENGINE Started monitor thread '_TimeoutMonitor'.
2017-03-05 06:42:11,309::INFO::[_cplogging:219] [05/Mar/2017:06:42:11] ENGINE Serving on 
2017-03-05 06:42:11,311::INFO::[_cplogging:219] [05/Mar/2017:06:42:11] ENGINE Bus STARTED
Is this something I can fix? I'd like to resolve any warnings or errors and have a clean status screen. ;D

Thank you.

Re: "Warning: validating a server's identity"

Posted: March 4th, 2017, 6:04 pm
by sander
So the warning is:
Secure (SSL) connections from SABnzbd to newsservers and HTTPS websites will be encrypted, however, validating a server's identity using its certificates is not possible. Python 2.7.9 or above, OpenSSL 1.0.2 or above and up-to-date local CA certificates are required.
Your python is 2.7.13, so good.
Your OpenSSL is 1.0.2k, so good.
So it must be your local CA certificates not being up-to-date (or completely missing). Can you check your QNAP forum how to solve that? It's at the OS level, and SABnzbd can check it, but not correct it.

FWIW:

On Ubuntu, the package that provides the CA Certificates is called ... "ca-certificates" ;)
See http://packages.ubuntu.com/xenial/all/c ... s/filelist which files it provides.

BTW: CA stands for certificate authority or certification authority.

Re: "Warning: validating a server's identity"

Posted: March 4th, 2017, 7:17 pm
by OneCD
Thank you sander. Something new to learn about. ;D

Re: "Warning: validating a server's identity"

Posted: March 4th, 2017, 8:03 pm
by OneCD
Admittedly, this is something I've never had to look that closely at, so I'm hoping to understand what is required here.

It seems my SAB needs a way to verify the certificate used by my Usernet provider (Astraweb, XSNews, etc...).

It does this by checking with a certificate authority.

Therefore, a list of known (and trusted) certificate authorities needs to be available on my NAS. Which looks like a collection of files.

Is this correct? ???

Re: "Warning: validating a server's identity"

Posted: March 5th, 2017, 1:43 am
by sander
Yes, correct.

Well, that is: if you use HTTPS and/or NNTPS, and you want that to be secure. Hopefully you can find out how to install / upgrade the CA Certificates on your QNAP.

You could also choose to have no / less security:
- use plain HTTP and NNTP (no S for Security)
- use HTTPS and NNTPS without checking the security. You can instruct SAB to not check security.
But SAB will keep giving you a warning in the status page.

Re: "Warning: validating a server's identity"

Posted: March 5th, 2017, 2:50 am
by OneCD
Oh, definitely with security please! :D

Thanks for enlightening me, sander. Much appreciated!

Re: "Warning: validating a server's identity"

Posted: March 5th, 2017, 2:56 am
by OneCD
Wow! That worked out to be quite easy to do.

Armed with my newly acquired knowledge thanks to @sander (and the right keywords to search for), I installed the ca-certificates package via Entware-3x:

Code: Select all

opkg install ca-certificates
/etc/init.d/sabnzbd.sh restart
And I no longer get that warning message. ;D

Re: [SOLVED] "Warning: validating a server's identity"

Posted: March 5th, 2017, 3:12 am
by sander

Code: Select all

opkg install ca-certificates
Just like that? Cool!

A few questions:
Is "opkg" installed by default on a QNAP?
Do you have a link/pointer where you found that information?

Re: [SOLVED] "Warning: validating a server's identity"

Posted: March 5th, 2017, 3:45 am
by OneCD
sander wrote:Is "opkg" installed by default on a QNAP?
No, it's the package installer for Entware. Entware has replaced the old Optware with regard to package installation on the QNAPs. It has to be installed first and does not ship with the standard QTS firmware.
sander wrote:Do you have a link/pointer where you found that information?
Yes, did a search on the QNAP forum for "certificate authorities" and found this one in the search results. ;)

Re: [SOLVED] "Warning: validating a server's identity"

Posted: March 5th, 2017, 4:35 am
by safihre
Thank you, this will be very helpful for others on Qnap :)

Re: [SOLVED] "Warning: validating a server's identity"

Posted: February 26th, 2018, 2:27 pm
by Pato
Hi all,

I have the same issue... :(
CA's are installed and up to date:

[/] # opkg install ca-certificates
Package ca-certificates (20170717) installed in root is up to date.

Do I need to tell SabNZBd to look for them in some folder or what?

Hope you can help me out.

Re: [SOLVED] "Warning: validating a server's identity"

Posted: February 26th, 2018, 2:32 pm
by OneCD
Did you also restart SABnzbd?