Admin Console Login - error code: API:-1

billkelm · October 17, 2014, 5:43pm

Installing the SSL version on Red Hat Linux, install seems to go just fine, but when I log into the admin_console I get:

error code: API:-1

Looking at kaltura_apache_errors_ssl.log I see:

File does not exist: /opt/kaltura/app/alpha/web/opt, referer: https://kaltura.willamette.edu/admin_console/index.php/user/login

billkelm · October 17, 2014, 6:04pm

running kalturalog -

2014-10-17 11:02:06 [2013765606] [ErrorController->errorAction] ERR: exception ‘Kaltura_Client_ClientException’ with message ‘Problem with the SSL CA cert (path? access rights?). RC : 0’ in /opt/kaltura/app/admin_console/lib/Kaltura/Client/ClientBase.php:239
Stack trace:

billkelm · October 17, 2014, 6:47pm

Looks like related to the SSL, for now since this is a dev environment

Another way was to disable the SSL check inside /opt/kaltura/app/configurations/admin.ini, by removing the ; comment on this line :;settings.clientConfig.verifySSL = false

But would like to find a solution I can use on a live environment.

Does the kaltura xymon service needs access to the same certs as well?

billkelm · October 17, 2014, 6:59pm

Even though it runs fine in Firefox, Chrome will only display like a quarter of the page. I’m guessing that is due to when it runs into unsecure content.

billkelm · October 17, 2014, 10:46pm

Put the line back in, and just verifying the SSL settings in the systems.ini file. Noticed:

CRT_FILE=/etc/pki/tls/certs/kaltura.willamette.edu.crt
KEY_FILE=/etc/pki/tls/private/kaltura.willamette.edu.key
CA_FILE=NO_CA
CHAIN_FILE=/etc/pki/tls/certs/incommon-intermediate-ca.crt

Do you need to have a CA_FILE?

jess · October 18, 2014, 3:28pm

Hi Bill,

Is your cert self signed? If so, then some functionality will not work in some browswers, depending on securiy policy.
You can get a properly signed cert for free here:
http://cert.startcom.org/
See:

github.com

kaltura/platform-install-packages/blob/master/doc/install-kaltura-redhat-based.md#ssl-step-by-step-installation

# Installing Kaltura on a Single Server (RPM)
This guide describes RPM installation of an all-in-one Kaltura server and applies to all major RH based Linux distros including Fedora Core, RHEL, CentOS, etc.
([Note the supported distros and versions](http://kaltura.github.io/platform-install-packages/#supported-distros)).

[Kaltura Inc.](http://corp.kaltura.com) also provides commercial solutions and services including pro-active platform monitoring, applications, SLA, 24/7 support and professional services. If you're looking for a commercially supported video platform  with integrations to commercial encoders, streaming servers, eCDN, DRM and more - Start a [Free Trial of the Kaltura.com Hosted Platform](http://corp.kaltura.com/free-trial) or learn more about [Kaltura' Commercial OnPrem Edition™](http://corp.kaltura.com/Deployment-Options/Kaltura-On-Prem-Edition). For existing RPM based users, Kaltura offers commercial upgrade options.

#### Table of Contents
[Prerequites](pre-requisites.md)

[Pre-Install Steps](install-kaltura-redhat-based.md#pre-install-steps)

[Non-SSL Step-by-step Installation](install-kaltura-redhat-based.md#non-ssl-step-by-step-installation)

[Apache SSL Step-by-step Installation](install-kaltura-redhat-based.md#apache-ssl-step-by-step-installation)

[Nginx SSL Configuration](nginx-ssl-config.md)

[Unattended Installation](install-kaltura-redhat-based.md#unattended-installation)

[Live Streaming with Nginx and the RTMP module](install-kaltura-redhat-based.md#live-streaming-with-nginx-and-the-rtmp-module)

This file has been truncated. show original

For more info.
Depending on the kind of cert you use, you may need to set SSLCACertificateFile or SSLCertificateChainFile directives in /opt/kaltura/app/configurations/apache/kaltura.ssl.conf

billkelm · October 21, 2014, 9:23pm

No an incommon certificate. It should be complete.

billkelm · October 22, 2014, 11:04pm

Getting back to this today. Verified SSL was working fine then did a complete database and kaltura re-install. Still getting:

15:48:40 [243676761] [ErrorController->errorAction] ERR: exception ‘Kaltura_Client_ClientException’ with message ‘Problem with the SSL CA cert (path? access rights?). RC : 0’ in /opt/kaltura/app/admin_console/lib/Kaltura/Client/ClientBase.php:239
Stack trace:

but when I do curl command: curl -I -v https://kaltura.willamette.edu:443/api_v3/index.php?service=system

I get a new error message, may be leading in right direction:

About to connect() to kaltura.willamette.edu port 443 (#0)
Trying 127.0.0.1… connected
Connected to kaltura.willamette.edu (127.0.0.1) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
NSS error -8018
Closing connection #0
Problem with the SSL CA cert (path? access rights?)
curl: (77) Problem with the SSL CA cert (path? access rights?)

billkelm · October 22, 2014, 11:38pm

Although a curl command like this: curl -l -v https://kaltura.willamette.edu:443 Is just fine.

About to connect() to kaltura.willamette.edu port 443 (#0)
Trying 127.0.0.1… connected
Connected to kaltura.willamette.edu (127.0.0.1) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Server certificate:
subject: CN=kaltura.willamette.edu,O=Willamette University,STREET=900 State Street,L=Salem,ST=OR,postalCode=97301,C=US
start date: Oct 14 00:00:00 2014 GMT
expire date: Oct 13 23:59:59 2017 GMT
common name: kaltura.willamette.edu
issuer: CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US

GET / HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: kaltura.willamette.edu
Accept: /

< HTTP/1.1 302 Found
< Date: Wed, 22 Oct 2014 23:30:31 GMT
< Server: Apache/2.2.15 (Red Hat)
< Location: https://kaltura.willamette.edu/start/index.php
< Content-Length: 320
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<

302 Found

Found

The document has moved here.

Apache/2.2.15 (Red Hat) Server at kaltura.willamette.edu Port 443

billkelm · October 23, 2014, 12:19am

I went ahead and just did this;

You can disable the CURL check by editing:
/opt/kaltura/app/configurations/admin.ini
set:
settings.clientConfig.verifySSL=false
Then admin console will work for you as the verification of the cert will be skipped.
And everything loads fine.

jess · October 23, 2014, 1:54pm

Hi Bill,

Yes but I am wondering why, if you use a valid cert, this should be needed…
Who is your provider?

billkelm · October 28, 2014, 10:58pm

Our certificate provider is InCommon.

jess · October 29, 2014, 9:35am

When you make a curl request using:
curl -v https://host

Does it show a valid cert?

Thanks,

MrBecky · November 10, 2014, 7:32am

please check the DB ,I guess the tables aren’t be created .I encountered the problem few days ago

linlma · May 13, 2015, 8:38am

Hi MrBecky,

What kinds of tables are used?

regards,
Lin