Hi Toradex Community,
I am currently working through the steps to perform Secure Offline Updates for Torizon: How to Use Secure Offline Updates with TorizonCore | Toradex Developer Center
To provision the data (image) at scale, the article mentions I need to follow the following article: Production Programming in Torizon | Toradex Developer Center
In “Getting Provisioning Data”, I must execute the TorizonCore-Builder command platform provisioning-data to fetch the Shared-Data tarball.
Since I am working on a Windows 10 computer, TorizonCore-Builder is running on my WSL2. Executing the following command:
$ torizoncore-builder platform provisioning-data --credentials credentials.zip --shared-data shared-data.tar.gz --online-data DEFAULT
outputs the following error:
An unexpected Exception occured. Please provide the following stack trace to
the Toradex TorizonCore support team:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.9/dist-packages/urllib3/connection.py", line 419, in connect
self.sock = ssl_wrap_socket(
File "/usr/local/lib/python3.9/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/local/lib/python3.9/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.9/dist-packages/urllib3/connectionpool.py", line 787, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.9/dist-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='kc.torizon.io', port=443): Max retries exceeded with url: /auth/realms/garage-tools/protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/builder/torizoncore-builder", line 221, in <module>
mainargs.func(mainargs)
File "/builder/tcbuilder/cli/platform.py", line 391, in do_platform_provdata
sota_token = sota_token or sotaops.get_access_token(server_creds)
File "/builder/tcbuilder/backend/sotaops.py", line 172, in get_access_token
token = oauth.fetch_token(
File "/usr/local/lib/python3.9/dist-packages/requests_oauthlib/oauth2_session.py", line 336, in fetch_token
r = self.request(
File "/usr/local/lib/python3.9/dist-packages/requests_oauthlib/oauth2_session.py", line 515, in request
return super(OAuth2Session, self).request(
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/requests/adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='kc.torizon.io', port=443): Max retries exceeded with url: /auth/realms/garage-tools/protocol/openid-connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))
I assumed there may be a certificate issue with my WSL, so I performed the following to add the certificate:
-
sudo apt-get install ca-certificates -
Get the root certificate from the server by running the following command:
openssl s_client -showcerts -connect kc.torizon.io:443 </dev/null 2>/dev/null | sed -n '/BEGIN/,/END/p' > /tmp/torizon.crt -
Copy the certificate file to the trusted certificates directory:
sudo cp /tmp/torizon.crt /usr/local/share/ca-certificates/torizon.crt -
Update the trusted certificates list by running the command:
sudo update-ca-certificates, which gave me the output:
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping torizon.pem,it does not contain exactly one certificate or CRL
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
I then retried the torizon-core builder command, but got the same output.
I was wondering if anyone has run into this issue or if an obvious mistake can be identified from the above. I’m hoping it’s not an IT firewall issue with my company.
Thanks in advance,
Anthony