Trouble Shooting SSL

Implementing security best practices can often create complex and unique problems. This document aims to guide you through resolving common SSL connection issues.

Before using the Netlab+ API

We recommend fully setting up and debugging the webserver

TODO Link to how to setup api, check the port, enable LetsEncrypt ect.

How the Netlab+ API uses SSL

Netlab+ (by default) serves its api on port 9000. This api is wrapped inside SSL and secured using the same certificate as the web server. The netlab-sdk and Python will usually use the host system’s openssl and installed certificate authorities.

Certificate Authorities and Internal IPs

It is common to restrict the Netlab+ API to an internal IP address. This may cause issues with SSL

UserWarning: You have passed an ip address without a ‘server_hostname’. This is insecure.

Advanced Debugging

Sometimes a deep investigation is needed. We recomend using ‘openssl’ to inspect every part of the SSL connection. Use this command:

openssl s_client -connect my-netlab.example.com:9000