Unimus forum

Hi,

My company have been using your product for a while and have been very happy with it to date. I am currently trying to automate the import of devices from PRTG and having some issues.

While I am not using https ('do not check HTTPS certificate'), I am seeing this error in the unimus.log which suggests it is trying to use SSL (full log excerpt attached):

2020-10-13 00:22:37.751 WARN 9975 --- [http-nio-8085-exec-3] n.u.s.p.i.d._.domain.ImportUseCaseImpl : Failed to import device(s) from importer 'Failed to connect to PRTG. Reason: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed'

I am struggling to get this working, though I have been able to successfully build and test the query using Postman:
http://<server_name>/api/table.xml?content=devices&output=xml&columns=device,host,tags&filter_tags=unimus&username=prtgadmin&passhash=<password_hash>

Any assistance you can provide on:

• Confirming the pieces of the query to put into Unimus config
  Whether the expired SSL is an issue - even though is unchecked

Some relevant details:
Unimus = 2.0.6
PRTG = 20.3.62.1397+ (freeware edition for testing - not run against the paid instance yet)

SUCCESS!! By adding a Let's Encrypt certificate to PRTG, the import process worked exactly as expected.

Unimus team, is this something you can rectify? The checkbox for 'Do not check HTTPS certificate' seems to be ignored??

Below is what you get from a successful import:
2020-10-13 11:45:35.219 INFO 9975 --- [http-nio-8085-exec-7] n.u.s.p.v.impl.VaadinImportServiceImpl : User 'admin' importing devices using 'PRTG' importer

Hi,

EDIT: please see my next post for an update

Hi @Johnny, thanks for the update and taking the time to look into it. Happy to help

After further investigation we believe it's not a bug.
Sorry for misleading

I'll try to explain what we think is going on and why you got the exception at the first place.
As for your server address configuration you have used HTTP schema over HTTPS in assumption
it wouldn't validate SSL certificate. That's totally correct, an HTTP request doesn't work with SSL certificates in any manner.

So why the problem occurred even if you use HTTP schema?

That can be caused when a target server, in your case your PRTG server, returns HTTP 301 redirect as a response to the initial request.
The HTTP client we use in importers follows redirect requests natively.
Meaning that the HTTP client does another HTTP request to the address returned in the redirect response right away.
And that's where the problem is. When the returned address uses HTTPS schema, and not HTTP schema anymore, SSL certificate validation is triggered.

In your case it would mean your PRTG server instance asks Unimus' HTTP client to 'promote' its communication to HTTPS in order to be secured.

To validate whether the claim is true you can use the following curl command in your terminal:
The response status code in this case should be HTTP/1.1 301 Moved Permanently.

To let CURL to follow redirects you case use -L flag like the following:
CURL will follow redirect requests and you should see HTTP/1.1 200 OK status code in the final result.

Let us know if our assumption is correct.
Thanks!

Apologies, I had not seen this message. Here is the info requested:

Part1:

curl -v http://prtg.domain.com/api/table.xml?co ... =464292311
[1] 23376
[2] 23377
[3] 23378
[4] 23379
[5] 23380
user@unimus:~$ * Trying 10.83.10.17...
* TCP_NODELAY set
* Connected to prtg.domain.com (10.83.10.17) port 80 (#0)
> GET /api/table.xml?content=devices HTTP/1.1
> Host: prtg.domain.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< Content-Length: 45
< Date: Thu, 18 Mar 2021 14:19:14 GMT
< Expires: 0
< Cache-Control: no-cache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< LoginAgain: true
< Server: PRTG
< Location: https://prtg.domain.com/api/table.xml?content=devices
<
* Closing connection 0
<HTML><BODY><B>Unauthorized</B></BODY></HTML>

Part 2:

curl -v -L http://prtg.domain.com/api/table.xml?co ... =464292311
[1] 23671
[2] 23672
[3] 23673
[4] 23674
[5] 23675
user@unimus:~$ * Trying 10.83.10.17...
* TCP_NODELAY set
* Connected to prtg.domain.com (10.83.10.17) port 80 (#0)
> GET /api/table.xml?content=devices HTTP/1.1
> Host: prtg.domain.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< Content-Length: 45
< Date: Thu, 18 Mar 2021 14:22:22 GMT
< Expires: 0
< Cache-Control: no-cache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< LoginAgain: true
< Server: PRTG
< Location: https://prtg.domain.com/api/table.xml?content=devices
<
* Closing connection 0
<HTML><BODY><B>Unauthorized</B></BODY></HTML>