Trouble Shooting SSL
====================

Implementing security best practices can often create complex and unique
problems. This document aims to guide you through resolving common SSL
connection issues.

Before using the Netlab+ API
----------------------------

We recommend fully setting up and debugging the webserver

**TODO** Link to how to setup api, check the port, enable LetsEncrypt ect.

How the Netlab+ API uses SSL
----------------------------

Netlab+ (by default) serves its api on port 9000. This api is
wrapped inside SSL and secured using the same certificate as the web
server. The netlab-sdk and Python will usually use the host system's openssl
and installed certificate authorities.

Certificate Authorities and Internal IPs
----------------------------------------

It is common to restrict the Netlab+ API to an internal IP address. This may
cause issues with SSL

  UserWarning: You have passed an ip address without a 'server_hostname'. This is insecure.


Advanced Debugging
------------------

Sometimes a deep investigation is needed. We recomend using 'openssl' to inspect
every part of the SSL connection. Use this command:

  openssl s_client -connect my-netlab.example.com:9000