Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server not recognising signed certificates #8

Open
LukeGi opened this issue Dec 14, 2020 · 6 comments
Open

Server not recognising signed certificates #8

LukeGi opened this issue Dec 14, 2020 · 6 comments

Comments

@LukeGi
Copy link

LukeGi commented Dec 14, 2020
edited
Loading

Hi!

I decided to play around with this tool to see if I could get it working. Here are the steps I have taken:

  1. I installed the latest SPL (4.6.0) on the client and server.
  2. I created an instance on the minecraft launcher using the recommended forge (35.1.0) versions.
  3. I ran the client to generate the servermods folder.
  4. I ran the server to generate a whitelist, servermods folder and fix the eula
  5. I edited the serverpacklocator.toml files on both the server and client to accurately reflect the IP address being used for the server.
  6. I moved the client's serverrequest.csr to the server for signing, and signed it using the following batch file.
@echo off
java -cp ..\mods\serverpacklocator-4.6.0.jar;..\forge-1.16.4-35.1.0.jar cpw.mods.forge.serverpacklocator.cert.CertSigner "..\servermods\cacert.pem" "..\servermods\ca.key" < serverrequest.csr > servercert.pem.tmp
more +1 servercert.pem.tmp > servercert.pem
del servercert.pem.tmp
  1. I moved the servercert.pem back to the client's servermods folder.
  2. I installed mods on the server into the servermods folder.
  3. I whitelisted the players trying to connect to the server, and enabled the whitelist. (thanks @MichaelHillcox for reminding me to add this step)
  4. I started the server
  5. I started the client

After starting the client, the client fails to connect to the server with the following messages appearing in the log:

11:10:47.605
[11:10:47] [main/INFO] [cp.mo.fo.se.PackLocator/]: Loading server pack locator. Version 4.6.0+38+02276cd
11:10:48.840
[11:10:48] [pool-2-thread-1/ERROR] [cp.mo.fo.se.cl.SimpleHttpClient/]: Failed to receive successful data connection from server. Are you whitelisted?
11:10:48.841
[11:10:48] [main/INFO] [cp.mo.fo.se.cl.ClientSidedPackHandler/]: There was a problem with the connection, there will not be any server mods

And the following message appears in the server's log:

[14Dec2020 11:10:48.842] [ServerPack Locator Slave - 3/WARN] [cpw.mods.forge.serverpacklocator.server.RequestHandler/]: Disconnected unauthenticated peer at /81.100.192.88:50350 : Received fatal alert: certificate_unknown

Here is a link to both logs in full

Any help with resolving this and getting the tool working would be great as I would like to use this tool for a private server.
@MichaelHillcox
Copy link

If I remember correctly, the player must be whitelisted only the server. I might be wrong, I’ve not looked at this code in a long time

@LukeGi
Copy link
Author

LukeGi commented Dec 15, 2020

If I remember correctly, the player must be whitelisted only the server. I might be wrong, I’ve not looked at this code in a long time

Ah yes, I forgot to mention that in the setup steps... I'll add that now, I did whitelist the player who was trying to connect and turn the whitelist on

@Bricktricker
Copy link
Contributor

Your log shows the server generates a new privates key, this should only happen on the first launch.
You need to re-sign the client csr when the private key changes. I would also suggest rerunning the server after modifing the serverpacklocator.toml.
Can also upload your client debug.log file? It should contain more information

@Yunus1903
Copy link

I have the same issue here while it does say in my server log:

[22Jan2021 18:52:52.018] [main/DEBUG] [cpw.mods.forge.serverpacklocator.cert.CertificateManager/]: Loaded private key from ./servermods/ca.key
[22Jan2021 18:52:52.032] [main/DEBUG] [cpw.mods.forge.serverpacklocator.cert.CertificateManager/]: Loaded 1 certificates from cacert.pem

@Bricktricker
Copy link
Contributor

Check your client debug.log, it shoud contain the same lines, but should load 2 certificates. You should also check your certificates/config files:
Validate that your serverpacklocator.toml files have the coorect server ip/domain. On the client the name should only contain the ip/domain, e.g. example.com. On the server, the remoteServer should contain the protocol (https), the ip/domain and the port, e.g. https://example.com:8080/.
Also check your certificates, you can decode them with openSSL or any online certificate decoder. The server cacert.pem file should contain one certificate, where the common name is set to the server ip/domain, e.g. example.com. The client server.pem file should contain two certificates. The first certificate should have the common name field set to your minecraft account UUID. The second certificate should have the common name field set to the server ip/domain, e.g. example.com.

@Yunus1903
Copy link

I resolved my issue by using a domain name instead of a IP. For some reason directly using a IP address wouldn't work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Yunus1903 @LukeGi @MichaelHillcox @Bricktricker