[ANNOUNCE] node-red-contrib-certificate-grabber: beta

Hi folks,

Long time ago that I announced a new node, due to a complete lack of free time. Hopefully that will be a bit better during the summer period ...

Anyway I had some troubles to get an FTPS connection running at home, so I wanted to check whether it was perhaps a problem with a wrong certificate being used. Of course I could have used a third-party tool like openssl, ... But since NodeJs contains already such functionality, it would be rather stupid not wrapping a custom node around it.

So I developed node-red-contrib-certificate-grabber, which allows you to inject a hostname/ipaddress and a port. And the output message will contain the certificate.

I have also added some extra fields in the output message (like daysRemaining and daysOverdue) that allow you to monitor certificates via Node-RED. For example you can send a message when your certficate will expire in a couple of days. An example flow is available on the readme page.

This node is node available on npm yet, so you can install it directly from my Github repo via following command (from within your .node-red folder):

npm install bartbutenaers/node-red-contrib-certificate-grabber

Like always, all "constructive" is very welcome!

Bart

11 Likes

Version 1.0.0 now available:

image

Trying your new node Bart, I see a 'undefined' field in the output. Is that expected?

grabber

Morning Paul,

That is a weird sentence...
Normally a guy says: "I found a bug, because valid_to is 'undefined' in the output. Can you please fix it".
As a result, the developer guy knows immediately which actions he need to do.
But this sounds more like a female hint, like "Dear, what day in the week the garbage truck passes by?".
Perhaps I have been mislead all those years by your Discourse profile info, but are you a woman?

Damn now I started using British humor myself :rofl:

Anyway this is something that I had already fixed, while testing the beta myself.
But seems that in my private life chaos I had forgotten to push the fix to Github :roll_eyes:
Here it is:

image

4 Likes

That was my attempt at being politely 'subtle' (it's a British thing).
I could have said "Hey Bart, within 10 seconds of trying your node I found a bug, how come you missed it???" but then you may have become disheartened with development, and never npm published it (like the other nodes :sweat_smile:).

Perhaps I should add a pronoun to my profile - (he, him, it)?

3 Likes

Yes, works great now Bart :+1:

1 Like

Thanks for the confirmation!

If anybody ever finds another use case for this node, please share it with me!
Then I will add the new use case to the readme page...

1 Like

Hello @BartButenaers,

I'm not sure, what the intended use of the node is, or what you had in mind.
I use an "Exec" node to test the expiry date of the certificate. Your node can replace that, but it will not make it simpler nor will it reduce the number of nodes.

Anyhow, I installed your node and imported your test flow. Just checking the host and port and ran a test. Oops, Node Red crashed, showing me "Lost connection to server, reconnecting...".
A quick investigation showed me that this has been caused by a missing value for "Timeout'.
Your example does not have a value for 'Timeout'. It is easy to test with a negative value for "Timeout". Of course a negative value is nonsense, but it should not cause a crash of NR.
Limit the range to positive values only and insert a default in your example, e.g. 0.

Looking forward to test 1.0.2 :grinning:

Regards

@FireWizard52 I use it myself for:

  • Troubleshooting SSL/TLS/FTPS/... issues in my home automation, and during developments of related nodes.
  • Send a notification to my phone when my Letsencrypt certificate renewal didn't work for some reason.

Yes that is true. You can do a lot of things also with Exec and Function nodes. But I prefer in my home automation to have wrapper nodes that include all the functionality I need. That way I can add documentation, handle edge cases, and so on... And afterwards I share the node with the community, so everybody can use it or not. And in the latter case people can still continue using their Exec node :wink: . It is all fine for me...

I have added some error handling on Github, and added timeouts in the example flows. Because I had implemented the timeout feature, after I had already added the flows to Github.

Would be nice if you could do some non-happy path testing, before I publish it on npm.
You can install it directly from my Github repo (when you have installed git) by executing following command in your .node-red folder:

npm install bartbutenaers/node-red-contrib-certificate-grabber

Thanks!
Bart

1 Like

Hello @BartButenaers,

I installed you new node from your repository and ran some test.

I see that the "Timeout" has been set to default 30 seconds. In my opinion it is a step forward, as a less experienced user will not create a NR crash with his first click on the inject node.

In my opinion you can improve the node further by:

  1. Prevent that a user selects a negative value for "Timeout" (make it more idiot proof)
  2. Create two configuration fields in the node for
  • host
  • port

For any new node, I think most user (at least, I always do) click on the node in order to see what can be configured. If I do it with yours, I see, ooh, only Timeout.
But without a correct "host" name and a correct "port" your node will not work.

Cannot get certificate due to error: Error: 1995745792:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

This is a little cryptical, but acceptable.
This is the result of a wrong host name and a wrong port.

Of course, I would keep the possibility to "Inject" those two properties, as e.g. msg.host and msg.port instead of the object {"host":"localhost","port":1880}

I do not know, if someone has other suggestions, as well

Thanks for creating such nodes.

Best regards

@FireWizard52,
Thanks for your useful response!

The version on Github contains some extra changes:

  1. It is now possible to set the hostname and port in the config screen:

    image

    By default the original values (from version 1.0.1) are being set:

    image

  2. Some migration logic has been added to avoid disrupting existing flows:

    • When the config screen of an existing (pre version 1.0.1) node is being opened, the above default values will also be applied automatically.
    • When an input message is being injected into an existing (pre version 1.0.1) node - without the config screen being opened - the above default values will also be applied automatically.
  3. A validator is added to the timeout field, to show an error for negative values, both in the config screen:

    image

    And in the flow:

    image

  4. Some extra validations are executed when an input message is injected:

    image

1 Like

Hello @BartButenaers

I tested your latest version and it works as, in my opinion, one should expect.
Good job, Bart, and thank you very much.
In my opinion you should publish it to npm.

Regards.

2 Likes

That how I normally talk to Bart

Well - it was in the old days before he stopped speaking to me.....

:slight_smile:

2 Likes

@FireWizard52,
Thanks a lot for testing!! All kind of help is welcome.
Version 1.0.2 is now available in the palette:

image

That was indeed a real turning point in my personal life.
Can't remember a single moment that I have regretted that decision :wink:

2 Likes

Thank you for the easy-to-use node.
Currently, this node doesn't seem to work for SNI hosts, but are there any plans to support SNI hosts?

Hi @utaani,
Well I developed this node simply for my home automation. Don't have any SNI hosts at home. Wife would kill me certainly I would start using such stuff in my housee :wink:

So no plans for SNI hosts. But of course I don't mind adding it, if it is not too much work. I am not experienced with that, so all tips are welcome. After a very quick search I found this, but not sure if that can be of any help for this feature?

1 Like

Where were you in April? I search and search and found nothing so I wrote a Perl wrapper around OpenSSL to do the same thing. GitHub - mrdvt92/openssl-s_client-enddate-days-json: Perl openssl wrapper to calculate days remaining on HTTPS certificate for integration with Node-Red. I'll update my project to point to your nodejs solution.

1 Like

Hi mister Node-RED police cop. Since it is quite some time ago, I am not sure anymore. But most probably I was developing some node, and then suddenly I needed some other node, so I left the first one about 95% finished somewhere on Github :wink:

Ah that good old s_client. Yes indeed I use that one at my daily job to from time to time. But for these kind of things you always have to think: most probably it is already available in NodeJs (or in a third party npm package), but most of the time you will have to do quite some googling to get started. But then at least you get a solution that doesn't require you to install a third party tool.

1 Like

:rofl::rofl::rofl::rofl::rofl::rofl::rofl::rofl::rofl::rofl::rofl: aaaaawwwww, tummy hurts!

1 Like