Re: [netcdfgroup] Secured OpenDAP: location of .httprc file, current working directory and $HOME environment variable

  • To: plieger <plieger@xxxxxxx>
  • Subject: Re: [netcdfgroup] Secured OpenDAP: location of .httprc file, current working directory and $HOME environment variable
  • From: Dennis Heimbigner <dmh@xxxxxxxxxxxxxxxx>
  • Date: Fri, 18 Jul 2014 11:43:30 -0600
Ok, I tried it on the lastest version out of github.
I used your certificate file and your .dodsrc file.
It seems to work fine for me.
So I did this command (using 4.3.2).
The '-h' was just to limit the amount of output.
    ncdump  -h 
'http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22\
E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc'

It produced the output below, as expected.
So not sure why it fails for you. My guess
is that there is some kind of firewall/proxy
at your site that is interfering.
Also, check that your libcurl supports https.
=Dennis Heimbigner
netcdf tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_1950010\
1-19501231 {
dimensions:
        time = UNLIMITED ; // (365 currently)
        bnds = 2 ;
        maxStrlen64 = 64 ;
        rlat = 412 ;
        rlon = 424 ;
variables:
        char rotated_pole(maxStrlen64) ;
                rotated_pole:grid_mapping_name = "rotated_latitude_longitude" ;
                rotated_pole:grid_north_pole_latitude = 39.25f ;
                rotated_pole:grid_north_pole_longitude = -162.f ;
.....
}






plieger wrote:
Hi Dennis,

Thanks! But it does not work:

ncdump -h "http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log";
syntax error, unexpected WORD_STRING, expecting WORD_WORD
context: Error { code = 404; message = "cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log"^;}; ncdump: http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log: NetCDF: Malformed or inaccessible DAP DDS


I created a tarball with a valid .dodsrc, credential valid for 10 hours, and a text file with an opendap link. This should work if you cd in the dir netcdf_x509test and do: ncdump -h http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc

If the creds.pem expires I can send you a new one. I will see if I can make one with a longer validity period. You can see the expiry date with openssl x509 -in creds.pem -noout -text

Thanks,
Maarten


On 07/15/2014 06:53 PM, Dennis Heimbigner wrote:
Unfortunately, I do not have an acct with ESG,
so it is going to be difficult to debug this.
Let me start by asking you to do the following:
1. append the string '#noprefetch&show=fetch&log'
    to your url
2. send me the output of, say, ncdump using the modified url
=Dennis Heimbigner
  Unidata

plieger wrote:
Hi all,

I have a question about the netcdf 4.3.2 library and accessing ESGF
opendap servers which are secured with x509 client authentication.

I usually store config settings about my certificate and ssl in the
.httprc file, I have several of them at different places. In the past I
used the $HOME environment variable to designate which one to use, but
this does not seem to work with netcdf 4.3.2.

As described in
http://www.unidata.ucar.edu/software/netcdf/docs/netcdf/DAP-Support.html
chapter 4.12.4 HTTP Configuration, you can either set the current
working directory to this place or export the HOME variable to the
directory where this file resides. I found this very useful
functionality (now I have to change the working directory all the time).

This is an example of such an .httprc file:
HTTP.SSL.VALIDATE=0
HTTP.COOKIEJAR=/someplace/.dods_cookies
HTTP.SSL.CERTIFICATE=/someplace//certs/creds.pem
HTTP.SSL.KEY=/someplace/creds.pem
HTTP.SSL.CAPATH=/someplace/esg_trusted_certificates/

Is it possible to get this back working again?

Thanks,
Maarten Plieger



_______________________________________________
netcdfgroup mailing list
netcdfgroup@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/





  • 2014 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the netcdfgroup archives: