serverpacklocator icon indicating copy to clipboard operation
serverpacklocator copied to clipboard

Published 20 hours ago verified publisher icon cpw

Server not recognising signed certificates

Open LukeGi opened this issue 4 years ago • 6 comments

Hi!

I decided to play around with this tool to see if I could get it working. Here are the steps I have taken:

  1. I installed the latest SPL (4.6.0) on the client and server.
  2. I created an instance on the minecraft launcher using the recommended forge (35.1.0) versions.
  3. I ran the client to generate the servermods folder.
  4. I ran the server to generate a whitelist, servermods folder and fix the eula
  5. I edited the serverpacklocator.toml files on both the server and client to accurately reflect the IP address being used for the server.
  6. I moved the client's serverrequest.csr to the server for signing, and signed it using the following batch file.
@echo off
java -cp ..\mods\serverpacklocator-4.6.0.jar;..\forge-1.16.4-35.1.0.jar cpw.mods.forge.serverpacklocator.cert.CertSigner "..\servermods\cacert.pem" "..\servermods\ca.key" < serverrequest.csr > servercert.pem.tmp
more +1 servercert.pem.tmp > servercert.pem
del servercert.pem.tmp
  1. I moved the servercert.pem back to the client's servermods folder.
  2. I installed mods on the server into the servermods folder.
  3. I whitelisted the players trying to connect to the server, and enabled the whitelist. (thanks @MichaelHillcox for reminding me to add this step)
  4. I started the server
  5. I started the client

After starting the client, the client fails to connect to the server with the following messages appearing in the log:

11:10:47.605
[11:10:47] [main/INFO] [cp.mo.fo.se.PackLocator/]: Loading server pack locator. Version 4.6.0+38+02276cd
11:10:48.840
[11:10:48] [pool-2-thread-1/ERROR] [cp.mo.fo.se.cl.SimpleHttpClient/]: Failed to receive successful data connection from server. Are you whitelisted?
11:10:48.841
[11:10:48] [main/INFO] [cp.mo.fo.se.cl.ClientSidedPackHandler/]: There was a problem with the connection, there will not be any server mods

And the following message appears in the server's log:

[14Dec2020 11:10:48.842] [ServerPack Locator Slave - 3/WARN] [cpw.mods.forge.serverpacklocator.server.RequestHandler/]: Disconnected unauthenticated peer at /81.100.192.88:50350 : Received fatal alert: certificate_unknown

Here is a link to both logs in full

Any help with resolving this and getting the tool working would be great as I would like to use this tool for a private server.

LukeGi avatar Dec 14 '20 11:12 LukeGi

If I remember correctly, the player must be whitelisted only the server. I might be wrong, I’ve not looked at this code in a long time

MichaelHillcox avatar Dec 15 '20 10:12 MichaelHillcox

If I remember correctly, the player must be whitelisted only the server. I might be wrong, I’ve not looked at this code in a long time

Ah yes, I forgot to mention that in the setup steps... I'll add that now, I did whitelist the player who was trying to connect and turn the whitelist on

LukeGi avatar Dec 15 '20 10:12 LukeGi

Your log shows the server generates a new privates key, this should only happen on the first launch. You need to re-sign the client csr when the private key changes. I would also suggest rerunning the server after modifing the serverpacklocator.toml. Can also upload your client debug.log file? It should contain more information

Bricktricker avatar Dec 27 '20 18:12 Bricktricker

I have the same issue here while it does say in my server log:

[22Jan2021 18:52:52.018] [main/DEBUG] [cpw.mods.forge.serverpacklocator.cert.CertificateManager/]: Loaded private key from ./servermods/ca.key
[22Jan2021 18:52:52.032] [main/DEBUG] [cpw.mods.forge.serverpacklocator.cert.CertificateManager/]: Loaded 1 certificates from cacert.pem

Yunus1903 avatar Jan 22 '21 17:01 Yunus1903

Check your client debug.log, it shoud contain the same lines, but should load 2 certificates. You should also check your certificates/config files: Validate that your serverpacklocator.toml files have the coorect server ip/domain. On the client the name should only contain the ip/domain, e.g. example.com. On the server, the remoteServer should contain the protocol (https), the ip/domain and the port, e.g. https://example.com:8080/. Also check your certificates, you can decode them with openSSL or any online certificate decoder. The server cacert.pem file should contain one certificate, where the common name is set to the server ip/domain, e.g. example.com. The client server.pem file should contain two certificates. The first certificate should have the common name field set to your minecraft account UUID. The second certificate should have the common name field set to the server ip/domain, e.g. example.com.

Bricktricker avatar Jan 25 '21 12:01 Bricktricker

I resolved my issue by using a domain name instead of a IP. For some reason directly using a IP address wouldn't work.

Yunus1903 avatar Jan 26 '21 23:01 Yunus1903