Skip to content

NetCDF 4.9.2: SSL peer certificate or SSH remote key was not OK #2705

Closed
Closed
NetCDF 4.9.2: SSL peer certificate or SSH remote key was not OK#2705
Assignees
DennisHeimbignerWardF
Milestone
4.9.3
@Alexander-Barth

Description

@Alexander-Barth
Alexander-Barth
opened on May 30, 2023

Unfortunately, the issue described here resurface again once updating to netCDF 4.9.2.

If you recall, for the libcurl used in the julia ecosystem, we need to explicitly declare the path for the CA certificates.
Previously, we used private function NC_rcfile_insert which does not work anymore in 4.9.2 but in the latest version we have the new public function nc_set_rc instead and call them with the function argument HTTP.SSL.CAINFO and the path
"/etc/ssl/certs/ca-certificates.crt". This files does indeed exists on my system and seems to be the correct one to use:

 ls -l /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 190243 Feb 13 16:59 /etc/ssl/certs/ca-certificates.crt

When accessing a HTTPS opendap resource, I get the following error:

Error:curl error: SSL peer certificate or SSH remote key was not OK
curl error details: 
Warning:oc_open: Could not read url

This error occurs at the call of nc_open using the URL https://rda.ucar.edu/thredds/dodsC/files/g/ds084.1/2018/20181231/gfs.0p25.2018123118.f003.grib2 (accroding to my web browser the certificate is valid).

With the call to nc_get_rc I get indeed to correct path (/etc/ssl/certs/ca-certificates.crt).

Surprisingly the error persists if I create a file ~/.ncrc with the content:

$ cat .ncrc
HTTP.SSL.CAINFO=/etc/ssl/certs/ca-certificates.crt

I am using Ubuntu 22.04.2 and NetCDF 4.9.2 is compiled with gcc 5.2.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions