This is a Rstudio-connect install issue. changing login from HTTP to HTTPS

Hello All

I have change the setting from http to https... and added the certificates supplied to me. But it does not appear to work. if i run curl with --insecure it works ok

This is the normal out put.. also it does not work through the browser. I have added it to the CA certificate
Note the original certificate was on a load balancer only.. and i have moved it to the server directly, with the original certificate.. Also this is on AWS, linux.

===============================

[root@aae-rconnect-01 rstudio-connect]# curl https://<server>/connect/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

===============================

Part of the config

Address = http://aae-rconnect-01/
RVersion=/sc/app/R/v3.5.1/

[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
;Listen = :3939
Listen = :3939
; NoWarning = true

[HTTPS]
; ssl-enabled = 1
Certificate = <path>.cer
Key = <path>.key
; Permanent = true
Listen = :443

[HTTPRedirect]
Listen = :80

===================================

Thanks for your help
Mike

Hello!

Apologies for the delayed response here! This is probably an issue worth routing to our professional support team at support@rstudio.com !

That said curl --insecure working typically means one of two things:

  • Your certificate is self-signed, which is not recommended. You should have a certificate provided by your enterprise Certificate Authority (CA), which should automatically be trusted by servers and desktops within your infrastructure
  • If your CA did provide the certificate, then this means that the server itself does not trust your CA. This can present problems in a myriad of ways, so you should go through the process of adding your CA root certificate into the trust store for the server. (I.e. tell your server to trust your Certificate Authority).

Do you know which of these two paths you are in?

I would also recommend that you remove the HTTP section of your configuration, so that Connect does not listen on 3939 in HTTP any longer.

What happens in your desktop / browser when you go to https://<server> ?

The output of netstat -lntp should show you that Connect is listening (given the configuration above) on 80 (for redirecting), 443 (https), and 3939 (http)

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.