Error executing R Plot - Peer's certificate has expired: /home/Support/LabKey Support Forum

Error executing R Plot - Peer's certificate has expired

LabKey Support Forum (Inactive)

View Message

Error executing R Plot - Peer's certificate has expired

tlynch

2016-08-03 13:44

Status: Closed

I noticed a similar issue "Accessing multiple queries in R View" from January 14, 2016. What was the cause / solution?

I'm using a self signed certificate that has not expired. Here is the error:

javax.script.ScriptException: javax.script.ScriptException: An error occurred when running the script 'script.R', exit code: 1).
Loading required package: Matrix
Loading required package: quadprog
Loading required package: RCurl
Loading required package: bitops
Loading required package: rjson
Error in function (type, msg, asError = TRUE) :
Peer's Certificate has expired.
Calls: labkey.selectRows ... getURI -> curlPerform -> .Call -> <Anonymous> -> fun
Execution halted

Thanks,

Tom

Jon (LabKey DevOps) responded:	2016-08-03 17:11
Hi Tom, Is this the forum post you're referring to? https://www.labkey.org/home/Support/Developer%20Forum/announcements-thread.view?rowId=12168 The problem with that one was due to the certificate that was self-signed was done incorrectly and required a whole new CSR and keystore to be made. Do you have more than one certificate? The error usually doesn't state the certificate as expired if it isn't. What is the date of the certificate's expiration date? Can you access the certificate to confirm the details? Can you also check the root certificate (and the intermediate certificate if available) to make sure those are current as well? Regards, Jon

tlynch responded:	2016-08-04 09:49
Jon, I was wrong, the certificate had expired. However, I created a new self signed certificate that appears to be valid but I am getting a different certificate error: Error executing command javax.script.ScriptException: javax.script.ScriptException: An error occurred when running the script 'script.R', exit code: 1). Loading required package: Matrix Loading required package: quadprog Loading required package: RCurl Loading required package: bitops Loading required package: rjson Error in function (type, msg, asError = TRUE) : Issuer certificate is invalid. Calls: labkey.selectRows ... getURI -> curlPerform -> .Call -> <Anonymous> -> fun Execution halted I've attached a screenshot of the Chrome window showing certificate overview. Tom
certinvalid.tiff

Jon (LabKey DevOps) responded:	2016-08-04 11:20
Hi Tom, Can you bring up the information on the issuer (aka Certificate Authority) of the certificate? If you click on that View certificate button for the test-ehrvm URL, you should see the details of the certificate showing the domain plus the ROOT CA and Intermediate CA, which would be the issuer. Here's an example of LabKey.org's (see screenshot) that I grabbed by clicking on the lock icon in my browser and then clicked View Certificate. Can you take a look at that for your machine and tell me what you're seeing? Regards, Jon
certificateissuers.png

jeckels responded:	2016-08-04 12:46
Hi Tom and Jon, Daniel and I discussed this on today's call. As you've already identified, the problem is that the certificate is not trusted by the library that Rlabkey is using to make the HTTPS request. As a temporary workaround, you can tweak the script to disable the certificate validation. See the code snippet under the "Certificate Test" heading here: https://www.labkey.org/home/Documentation/wiki-page.view?name=rlabkeyhttps You can also add it to the trusted certificate bundle: https://curl.haxx.se/docs/sslcerts.html Thanks, Josh

tlynch responded:	2016-08-04 14:20
Thanks Josh. I did try adding the cert to the bundle earlier but that didn't fix it. It is working now with the setCurlOptions to turn off verification. Tom