Problems configuring SSL for R Server v9.1, connecting via mrsdeploy RRS feed

  • Question

  • I am unable to configure SSL on a R Server web node. The aim is simply to set up an API certificate, that is - encrypting the traffic between client applications and the R server.

    After installing a self-signed certificate and making the relevant changes in the appsettings.json file for the web node I can connect to an R API that has already been published to the rserver, e.g. make calls to it via Postman.

    However the issue is with connecting to the server over https from an R session using mrsdeploy (remoteLogin or remoteLoginAAD).

    When attempting a "remoteLoginAAD" I see the following error:

    Error in curl::curl_fetch_memory(build_url(uri, query), handle = h) : Peer certificate cannot be authenticated with given CA certificates

    In the stdout log on the R server (after a failed connection attempt) I see:

    fail: Microsoft.AspNetCore.Server.Kestrel[0] ConnectionFilter.OnConnection

    System.AggregateException: One or more errors occurred. (A call to SSPI failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted

    These issues make sense given it is a self-signed cert in use. However I can find no way to get the R client to "trust" the connection. I have attempted

    - Installing the certificate on the client machine         

    - Adding the certificate in .pem form to curl-ca-bundle.crt (in C:\Windows; C:\Windows\system32; C:\Program Files\Microsoft\R_Client\R_SERVER\etc

    - Configuring curl prior to making the remoteLogin call in R (setting ssl.verifypeer = FALSE alongside some other ssl configuration options)

    When attempting to configure the R server with a signed certificate (.pfx) the Web node does not start, claiming it is unable to find the certificate in the store.

    Can anyone help with this? Has anybody successfully set this up?

    Wednesday, July 19, 2017 8:42 PM

All replies

  • I'm working on this right now. I was able to get the Web Node to start using a .pfx. The CN was pretty finicky for me. When I queried the cert store with Powershell and copied the subject from that into the config file it was able to find it.

    Set-Location Cert:\LocalMachine\My

    Get-ChildItem | Format-Table Subject

    Hope this helps.

    Monday, September 25, 2017 7:27 PM