Notifications
Clear all

Untrusted certificate for Octoprint  

  RSS
Dimensions of Three
(@dimensions-of-three)
Active Member
Untrusted certificate for Octoprint

So, I've recently updated my Prusaslicer to 2.3 alpha 4 (was using alpha 2 before) and now PrusaSlicer won't connect to my Octoprint anymore: it is a locally set up Octoprint without any access to the outside world. It keeps telling me that the certificate isn't trusted anymore. I've tried importing the certificate to my certificate store, but no luck. still not trusted. Where do I go from here?

Exact error message that PrusaSlicer gives me when testing the connection:

Could not connect to OctoPrint: Peer certificate cannot be authenticated with given CA certificates:
schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
[Error 60]
Note: OctoPrint version at least 1.1.0 is required.\

I know it is impossible for https to be secured with a self signed certificate if it is a .local address (I'm using a default setup of Octoprint on my Raspberry Pi 3B)

How do I fix this?

Napsal : 24/11/2020 12:41 pm
karl-herbert
(@karl-herbert)
Illustrious Member
RE: Untrusted certificate for Octoprint
Posted by: @dimensions-of-three

So, I've recently updated my Prusaslicer to 2.3 alpha 4 (was using alpha 2 before) and now PrusaSlicer won't connect to my Octoprint anymore: it is a locally set up Octoprint without any access to the outside world. It keeps telling me that the certificate isn't trusted anymore. I've tried importing the certificate to my certificate store, but no luck. still not trusted. Where do I go from here?

Exact error message that PrusaSlicer gives me when testing the connection:

Could not connect to OctoPrint: Peer certificate cannot be authenticated with given CA certificates:
schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
[Error 60]
Note: OctoPrint version at least 1.1.0 is required.\

I know it is impossible for https to be secured with a self signed certificate if it is a .local address (I'm using a default setup of Octoprint on my Raspberry Pi 3B)

How do I fix this?

I would rather post problems with PS 2.3.0 alpha 4 at github: https://github.com/prusa3d/PrusaSlicer

Possibly this problem is already listed there.

Statt zu klagen, dass wir nicht alles haben, was wir wollen, sollten wir lieber dankbar sein, dass wir nicht alles bekommen, was wir verdienen.

Napsal : 24/11/2020 1:01 pm
lcdguy
(@lcdguy)
Eminent Member
RE: Untrusted certificate for Octoprint

First i would make sure that the hostname you are accessing octopi matches whats in the certificate under subject and/or subject alternative name, if it doesn't match that could be causing issues. To fix that you either need to match the host name on the certificate or generate a new certificate with the new hostname.

then download a copy and upload it to your computer and probably user accounts root certificate store.

the only other way around that would be to get a certificate issued by a signing authority, not sure if there is a way to do that using something like let's encrypt.

If that doesn't work then something else might causing an issue like an unsupported cryptographic cipher.

Napsal : 03/12/2020 4:14 pm
IbPalle
(@ibpalle)
New Member
RE: Untrusted certificate for Octoprint

Set the connection to use http instead of https to remove the error. If you prefer keeping https, then replace the certificate with one created by a trusted CA or import the cert from the octoprint instance (can export it from the browsers inspect cert dialogue) into your trusted certificates.

Napsal : 04/12/2020 11:09 am
lcdguy
(@lcdguy)
Eminent Member
RE: Untrusted certificate for Octoprint

I did the following for me and it connected fine during the test.

First i followed the steps outlined here for creating a new SSL certificate and restarting the services.

https://github.com/PrusaMK2Users/MK2_Tips_and_Tricks/wiki/Generating-a-new-SSL-certificate-for-OctoPi

Then once that's up an running, i checked to ensure the subject matches the hostname of the octopi, and if it does copied it to a file (DER x509).

Then opened up the certificates mmc for computer and local user account

Then import the cer/crt file you  made earlier into the trusted roots certificate store.

Hope that helps.

Napsal : 04/12/2020 12:57 pm
towlerg
(@towlerg)
Noble Member
RE: Untrusted certificate for Octoprint

Hope I'm not teaching how to suck eggs but you did understand the physical printer bit.

This post was modified před 4 years by towlerg
Napsal : 04/12/2020 1:01 pm
Share: