RWS with a real controller (OmniCore)

andreacarl6

Hello, I'm trying to use the RWS to comunicate with a REAL OmniCore controller.
As first I requested the mastership (or the rmmp in manual) but I obtained the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='155.185.56.242', port=443): Max retries exceeded with url: /users/rmmp (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

Maxim Riabichev

Hello there,

RWS on OmniCore doesn't accept Self-Signed Certificates.

Once you get your hands on a Trusted CA Certificate, you can upload it to the controller via RobotStudio as long as it's in the .PEM format.

I believe you can generate a CA Certificate via https://letsencrypt.org/

andreacarl6

Thanks for the reply. I have no experience with certificates so I'm trying to find out about it. I'm trying to generate the certificate via command line from a Linux terminal. Assuming I have generated the correct certificate, where should the certificate be uploaded? Under controller - properties - manage certificates I have the following tab.





Do you have a standard procedure to generate the correct certificate? because via https://letsencrypt.org/ is not so clear.
Thanks

Maxim Riabichev

Hello andreacarl6,

Unfortunately, I haven't tried this myself yet.

All I know is that you need to replace the self-signed certificate in rws_store with a trusted CA certificate. 

Make sure it's in .pem format, meaning the file should contain RSA Private Key and the Certificate in one file.

So it should look something like this:

------------BEGIN RSA PRIVATE KEY-----------
Bunch of letters and numbers
------------END RSA PRIVATE KEY------------
------------BEGIN CERTIFICATE--------------
Bunch of letters and numbers
------------END CERTIFICATE----------------

Perhaps you can find a youtube guide on how to work with letsencrypt?

Good luck!

Best regards,

Maxim

jakobhoerbst

andreacarl6 did you manage to get the CA? I'm facing the same problem at the moment. 

andreacarl6

I solved the problem: the certificate is not needed. Just disable certificate verification when creating the session. If you use Postman to test the services do as in the image. Since I use the services through a Python wrapper I have set the “verify” parameter of the session to FALSE. All it’s working perfectly.

Maxim Riabichev

Thank you for sharing this information with the community @andreacarl6!

For testing purposes I'm sure this will come in handy for many users out there.

However, please consider the security implications if you decide to take this route in a production environment. 

andreacarl6

Of course!, in a production environment it's essential to use a certificate. Thank you for the clarification!

jakobhoerbst

andreacarl6! 
That helped a lot. 

Maxim Riabichev

Just wanted to add to this post that it is not currently possible to fetch the certificate thumbprint via RWS, but it is possible via RobotStudio (trust_ca_store -> yellow selection):