Add option to not check valid SSL certificate on local instance (not public / valid DNS)

[raul87011523]

Hello, I have the following problem. I configured the saas without problems with http. But when I try to configure it with ssl, I get the following error: Traceback (most recent call last): File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 638, in _handle_exception return super(JsonRequest, self)._handle_exception(exception) File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 675, in dispatch result = self._call_function(**self.params) File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 331, in _call_function return checked_call(self.db, *args, **kwargs) File "/home/mandy/Development/odoo10/odoo-server/odoo/service/model.py", line 101, in wrapper return f(dbname, *args, **kwargs) File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 324, in checked_call result = self.endpoint(*a, **kw) File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 933, in call return self.method(*args, **kw) File "/home/mandy/Development/odoo10/odoo-server/odoo/http.py", line 504, in response_wrap response = f(*args, **kw) File "/home/mandy/Development/odoo10/odoo-server/addons/web/controllers/main.py", line 889, in call_button action = self._call_kw(model, method, args, {}) File "/home/mandy/Development/odoo10/odoo-server/addons/web/controllers/main.py", line 877, in _call_kw return call_kw(request.env[model], method, args, kwargs) File "/home/mandy/Development/odoo10/odoo-server/odoo/api.py", line 681, in call_kw return call_kw_multi(method, model, args, kwargs) File "/home/mandy/Development/odoo10/odoo-server/odoo/api.py", line 672, in call_kw_multi result = method(recs, *args, **kwargs) File "", line 2, in action_sync_server File "/home/mandy/Development/odoo10/odoo-server/odoo/api.py", line 361, in loop result = [method(rec, *args, **kwargs) for rec in self] File "/home/mandy/Development/odoo10/custom-addons/odoo-saas-tools/saas_portal/models/saas_portal.py", line 134, in action_sync_server res = requests.Session().send(req, **req_kwargs) File "/home/mandy/Envs/env1/local/lib/python2.7/site-packages/requests/sessions.py", line 623, in send r = adapter.send(request, **kwargs) File "/home/mandy/Envs/env1/local/lib/python2.7/site-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

---

This is my nginx configuration file: upstream odoo { server 127.0.0.1:8069; }

upstream odoo-im { server 127.0.0.1:8072; }

server { listen 443 default; server_name odoo.local.com s1.odoo.local.com;

    #ssl settings
    ssl on;

    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    keepalive_timeout 60;

    # proxy header and settings
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;

    # odoo log files
    access_log /var/log/nginx/odoo-access.log;
    error_log /var/log/nginx/odoo-error.log;

    # increase proxy buffer size
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

 # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;       

 location / {
            proxy_pass http://odoo;
    }

    location /longpolling {
            proxy_pass http://odoo-im;
    }
    location ~* /web/static/ {
            # cache static data
            proxy_cache_valid 200 60m;
            proxy_buffering on;
            expires 864000;
            proxy_pass http://odoo;
    }

}

server { listen 80; server_name odoo.local.com s1.odoo.local.com;

add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;

}

I have generated the certificate for ssl as follows: $ sudo mkdir /etc/nginx/ssl && cd /etc/nginx/ssl $ sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes $ sudo chmod a-wx * # make files read only $ sudo chown www-data:root * # access only to www-data group

This configuration appears in the book "Odoo Development Essentials"

Below I show the captures of the configuration, the main DB and server of the saas respectively

Would appreciate any help, thanks

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[njeudy]

hello @raul87011523 ,

This is a self signed certificate issue. You certificate authority (you) is not public or verified one. So ssl verification failed.

We have to add an "do not check" option if we want to have this ... you can use https://letsencrypt.org/ to have free validated ssl certificate, but for local test, I think you have to stay in http.

[njeudy]

@raul87011523 which version do you use ?

[W360S]

im using that one https://certbot.eff.org/ but I think he should understand about SSL it cannot work with localhost

[njeudy]

@W360S by the way with ssl we can add "do not check certificate" to remove this issue :) but not in the scope now ..

[W360S]

Certbot must be checked available domain for mapping https so we have 2 ways to do like so. 1 , build up self SSL work with local 2, need valid domain to make that happen

[njeudy]

As 2 already works, only 1 case is to manage :)