[SOLVED] "Warning: validating a server's identity"

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

[SOLVED] "Warning: validating a server's identity"

Post by OneCD »

* first post! *

Hello,

This is on my QNAP NAS, with a fresh install of SABnzbd.

I'm hoping someone can advise how to prevent the warning shown here:

Image

Here's my info log:

Code: Select all

2017-03-05 06:42:09,848::INFO::[SABnzbd:1184] --------------------------------
2017-03-05 06:42:09,848::INFO::[SABnzbd:1185] SABnzbd.py-1.2.2 (rev=<HASH>1471852bd74c7d3)
2017-03-05 06:42:09,887::INFO::[SABnzbd:1186] Full executable path = /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/SABnzbd.py
2017-03-05 06:42:09,888::INFO::[SABnzbd:1198] Platform = posix
2017-03-05 06:42:09,889::INFO::[SABnzbd:1199] Python-version = 2.7.13 (default, Feb 19 2017, 10:50:02) 
[GCC 6.3.0]
2017-03-05 06:42:09,889::INFO::[SABnzbd:1200] Arguments = SABnzbd.py -f //share/MD0_DATA/.qpkg/SABnzbdplus/Config/sabnzbd.ini --browser 0 --daemon --pid /tmp
2017-03-05 06:42:09,890::INFO::[SABnzbd:1202] Preferred encoding = UTF-8
2017-03-05 06:42:09,891::INFO::[SABnzbd:1250] Read INI file //share/MD0_DATA/.qpkg/SABnzbdplus/Config/sabnzbd.ini
2017-03-05 06:42:09,894::INFO::[__init__:993] Loading data for rss_data.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/rss_data.sab
2017-03-05 06:42:09,896::INFO::[__init__:993] Loading data for totals10.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/totals10.sab
2017-03-05 06:42:09,897::INFO::[postproc:92] Loading postproc queue
2017-03-05 06:42:09,897::INFO::[__init__:993] Loading data for postproc2.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/postproc2.sab
2017-03-05 06:42:09,899::INFO::[__init__:993] Loading data for queue10.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/queue10.sab
2017-03-05 06:42:10,670::INFO::[__init__:993] Loading data for watched_data2.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/watched_data2.sab
2017-03-05 06:42:10,671::INFO::[__init__:993] Loading data for Rating.sab from //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/Rating.sab
2017-03-05 06:42:10,672::INFO::[__init__:996] //share/MD0_DATA/.qpkg/SABnzbdplus/Config/<USERNAME>/Rating.sab missing
2017-03-05 06:42:10,674::INFO::[scheduler:190] Setting schedule for midnight BPS reset
2017-03-05 06:42:10,675::INFO::[__init__:353] All processes started
2017-03-05 06:42:10,675::INFO::[SABnzbd:304] Web dir is /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/interfaces/Glitter
2017-03-05 06:42:10,676::INFO::[SABnzbd:304] Web dir is /share/MD0_DATA/.qpkg/SABnzbdplus/sabnzbd/interfaces/Config
2017-03-05 06:42:10,919::INFO::[SABnzbd:432] _yenc module... found!
2017-03-05 06:42:10,920::INFO::[SABnzbd:437] Cryptography module (v1.5.1)... found!
2017-03-05 06:42:10,922::INFO::[SABnzbd:442] par2 binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/par2)
2017-03-05 06:42:10,923::INFO::[SABnzbd:447] par2cmdline binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/par2)
2017-03-05 06:42:10,924::INFO::[SABnzbd:450] UNRAR binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/unrar)
2017-03-05 06:42:10,925::INFO::[SABnzbd:456] unzip binary... found (/usr/bin/unzip)
2017-03-05 06:42:10,926::INFO::[SABnzbd:461] 7za binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/7za)
2017-03-05 06:42:10,927::INFO::[SABnzbd:467] nice binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/nice)
2017-03-05 06:42:10,928::INFO::[SABnzbd:471] ionice binary... found (/share/MD0_DATA/.qpkg/SABnzbdplus/x86/bin-utils/ionice)
2017-03-05 06:42:10,929::INFO::[SABnzbd:1304] SSL version OpenSSL 1.0.2k  26 Jan 2017
2017-03-05 06:42:10,930::INFO::[SABnzbd:1305] SSL supported protocols ['TLS v1.2', 'TLS v1.1', 'TLS v1']
2017-03-05 06:42:10,938::INFO::[SABnzbd:1444] Starting web-interface on 0.0.0.0:8800
2017-03-05 06:42:10,940::INFO::[_cplogging:219] [05/Mar/2017:06:42:10] ENGINE Bus STARTING
2017-03-05 06:42:10,955::INFO::[_cplogging:219] [05/Mar/2017:06:42:10] ENGINE Started monitor thread '_TimeoutMonitor'.
2017-03-05 06:42:11,309::INFO::[_cplogging:219] [05/Mar/2017:06:42:11] ENGINE Serving on 
2017-03-05 06:42:11,311::INFO::[_cplogging:219] [05/Mar/2017:06:42:11] ENGINE Bus STARTED
Is this something I can fix? I'd like to resolve any warnings or errors and have a clean status screen. ;D

Thank you.
Last edited by OneCD on March 5th, 2017, 2:57 am, edited 1 time in total.
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
sander
Release Testers
Release Testers
Posts: 8808
Joined: January 22nd, 2008, 2:22 pm

Re: "Warning: validating a server's identity"

Post by sander »

So the warning is:
Secure (SSL) connections from SABnzbd to newsservers and HTTPS websites will be encrypted, however, validating a server's identity using its certificates is not possible. Python 2.7.9 or above, OpenSSL 1.0.2 or above and up-to-date local CA certificates are required.
Your python is 2.7.13, so good.
Your OpenSSL is 1.0.2k, so good.
So it must be your local CA certificates not being up-to-date (or completely missing). Can you check your QNAP forum how to solve that? It's at the OS level, and SABnzbd can check it, but not correct it.

FWIW:

On Ubuntu, the package that provides the CA Certificates is called ... "ca-certificates" ;)
See http://packages.ubuntu.com/xenial/all/c ... s/filelist which files it provides.

BTW: CA stands for certificate authority or certification authority.
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: "Warning: validating a server's identity"

Post by OneCD »

Thank you sander. Something new to learn about. ;D
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: "Warning: validating a server's identity"

Post by OneCD »

Admittedly, this is something I've never had to look that closely at, so I'm hoping to understand what is required here.

It seems my SAB needs a way to verify the certificate used by my Usernet provider (Astraweb, XSNews, etc...).

It does this by checking with a certificate authority.

Therefore, a list of known (and trusted) certificate authorities needs to be available on my NAS. Which looks like a collection of files.

Is this correct? ???
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
sander
Release Testers
Release Testers
Posts: 8808
Joined: January 22nd, 2008, 2:22 pm

Re: "Warning: validating a server's identity"

Post by sander »

Yes, correct.

Well, that is: if you use HTTPS and/or NNTPS, and you want that to be secure. Hopefully you can find out how to install / upgrade the CA Certificates on your QNAP.

You could also choose to have no / less security:
- use plain HTTP and NNTP (no S for Security)
- use HTTPS and NNTPS without checking the security. You can instruct SAB to not check security.
But SAB will keep giving you a warning in the status page.
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: "Warning: validating a server's identity"

Post by OneCD »

Oh, definitely with security please! :D

Thanks for enlightening me, sander. Much appreciated!
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: "Warning: validating a server's identity"

Post by OneCD »

Wow! That worked out to be quite easy to do.

Armed with my newly acquired knowledge thanks to @sander (and the right keywords to search for), I installed the ca-certificates package via Entware-3x:

Code: Select all

opkg install ca-certificates
/etc/init.d/sabnzbd.sh restart
And I no longer get that warning message. ;D
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
sander
Release Testers
Release Testers
Posts: 8808
Joined: January 22nd, 2008, 2:22 pm

Re: [SOLVED] "Warning: validating a server's identity"

Post by sander »

Code: Select all

opkg install ca-certificates
Just like that? Cool!

A few questions:
Is "opkg" installed by default on a QNAP?
Do you have a link/pointer where you found that information?
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: [SOLVED] "Warning: validating a server's identity"

Post by OneCD »

sander wrote:Is "opkg" installed by default on a QNAP?
No, it's the package installer for Entware. Entware has replaced the old Optware with regard to package installation on the QNAPs. It has to be installed first and does not ship with the standard QTS firmware.
sander wrote:Do you have a link/pointer where you found that information?
Yes, did a search on the QNAP forum for "certificate authorities" and found this one in the search results. ;)
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
User avatar
safihre
Administrator
Administrator
Posts: 5335
Joined: April 30th, 2015, 7:35 am
Contact:

Re: [SOLVED] "Warning: validating a server's identity"

Post by safihre »

Thank you, this will be very helpful for others on Qnap :)
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Pato
Newbie
Newbie
Posts: 6
Joined: February 15th, 2017, 7:45 pm

Re: [SOLVED] "Warning: validating a server's identity"

Post by Pato »

Hi all,

I have the same issue... :(
CA's are installed and up to date:

[/] # opkg install ca-certificates
Package ca-certificates (20170717) installed in root is up to date.

Do I need to tell SabNZBd to look for them in some folder or what?

Hope you can help me out.
User avatar
OneCD
Hero Member
Hero Member
Posts: 557
Joined: March 4th, 2017, 3:47 pm

Re: [SOLVED] "Warning: validating a server's identity"

Post by OneCD »

Did you also restart SABnzbd?
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Post Reply