Sdkmanager login problem

Hi,

I’m trying to install jetpack 4.2 for jetson xavier. I installed sdkmanager 0.9.11-3405.
When I try to login with sdkmanager, I see ‘Unable to connect to proxy server’ problem.

I didn’t configure proxy setting, I can login to developer.nvidia.com with firefox.

Would you let me know how to solve this problem?

For one more thing, My company uses webkeeper solution to block harmful sites.
I have to install root certificate issued by webkeeper solution company to have internet access and
I installed it to /etc/ssl/certs with update-ca-certificates.

Thanks,

BR,
Jae-Hyuck
nvsdkm.tar.gz (2.5 KB)

Hi Jae-Hyuck,
Can you package the folder ~/.nvsdkm and send us to analyze?

Thanks

I’ve attached it to my original post.

BR,
Jae-Hyuck

From the log, SDK Manager received ECONNRESET error when authenticate to developer.nvidia.com.
This is probably due to missing root certificate as you mentioned in SDK Manager, which uses NodeJS request API for authentication.

Could you try
export NODE_EXTRA_CA_CERTS=[your CA certificate file path]
OR
export NODE_TLS_REJECT_UNAUTHORIZED=0
before running the app?

Both of them did not work for me.

BR,
Jae-Hyuck

Hi, I tested it at home which does not require custom certificate for internet access.
I could login to sdkmanager.

So, the problem is definitely due to custom certificate, as you mentioned.

How can I solve this problem? I tried NODE_EXTRA_CA_CERTS, NODE_TLS_REJECT_UNAUTHORIZED environment, and also tried NODE_OPTIONS=’–use-openssl-ca’.

None of them did not work.

Any other ideas?

BR,
Jae-Hyuck

Hi Jae-Hyuck,
We will consider to add the support of root certificate in SDK Manager in future releases. It will be very helpful if you can give more detailed steps on how to set up the test environment.

Since I don’t have the repro environment, can you try if the below command resolve your issue as workaround?
sdkmanager --spectron --ignore-certificate-errors

Thanks

–spectron --ignore-certificate-errros does not work for me.

I finally decided to use proxy server outside the webkeeper, and I could login successfully.

Thanks anyway.

BR
Jae-Hyuck

Nice! Thanks for the feedback.

I’ve got the same problem, and also none of the above work for me.

Seems very short sighted to release a product that doesn’t allow for access from behind a company’s firewall. I mean, that’s your target audience for this product!

Are there any updates on this? It seems like the sdkmanager should attempt to use the default system level certificate store: /etc/ssl/certs/ca-certificates.crt

The NODE_EXTRA_CA_CERTS environment variables is not honored by Electron apps.

Running with --ignore-certificate-errors does not resolve the issue.

Thanks!

The purpose of a company’s firewall is to prevent such access. It isn’t possible for one company to circumvent the security of another company in most cases, and if it were possible, then it wouldn’t be legal. Your company’s own tech support would need to be contacted to work around this.

I have the same problem. My company uses certificate swapping (this has nothing to do with firewalls and site/port blocking). That is we have a transparent proxy server that performs a man-in-the-middle intercept of all traffic and in the case of ssl it replaces the ssl certificate with our own corporate certificate. And each corporate computer then has the certificate authority chain (i.e. ROOT_CERT.pem] altered to validate the certificate. This is pretty common on corporate networks so I’m surprised that Nvidia hasn’t resolved this. sdkmanager, however, doesn’t respect the system’s ssl certificate authentication configuration (I can wget and curl other https urls without issue). And none of the methods listed in this chain work around this issue. In my case, I also can’t bypass the proxy that is swapping the ssl certs.

Any update on adding support for self-signed root certificates? Thanks