Error when trying to run rpki validator

Baptiste · 28 April 2023 07:22

Hello,

I want to install rpki validator as a validation software on a debian 11 VM.
I have installed rpki validator from this site How to Install an RPKI Validator | RIPE Labs. The installation went well but I can’t execute this command: curl -H “Accept: text/csv” localhost:8080/api/export.csv, it gives me curl: (7) Failed to connect to localhost port 8080: Connection refused.
Is it from my VM or from the installation of rpki-validator which was badly done?

Thank you in advance
Baptiste

ties · 1 May 2023 07:44

Hi Baptitse,

Thanks for your question. These validators can be tricky to run, especially back in 2019 when the article was published.

The article describes the installation of four different RPKI validators. What validator did you install?

The URL/port/API they have to download the validated object content differs for each validator.

If you installed the RIPE NCC RPKI validator, I recommend picking a different one. The RIPE NCC RPKI validator was deprecated; there are better alternatives available.

Kind regards,
Ties

Baptiste · 2 May 2023 06:36

Good morning,

I have installed the RIPE NCC RPKI Validator.
Is the routinator more recent?
Best regards
Baptiste

ties · 4 May 2023 10:41

routinator is easy to install and is well maintained.

The RIPE validator has been deprecated. routinator, fort, octorpki, and rpki-client are being maintained.

Baptiste · 5 May 2023 12:35

Thank you for your information.
I have chosen the routinator software to make my RPKI server.
But I have a question. I’m not sure if I should use TLS or SSH to set up my RTR server.
https://routinator.docs.nlnetlabs.nl/en/stable/rtr-service.html

ties · 9 May 2023 14:59

The choice of transport depends on what is supported and how much you trust the network between the router and RTR server. As far as I know the most commonly used methods are plaintext or SSH.

Of course it is important to think about the risks when using plaintext. If you trust the network, this limits the risk of using plaintext. On a less, or non-trusted network (worst, very unlikely case: public wifi) I would really want authentication/security.

mrjohnsmith · 21 September 2023 09:31

The “Connection refused” error when attempting to access localhost on port 8080 typically suggests that the RPKI Validator service isn’t running or isn’t configured to listen on that port.

To troubleshoot, check the service’s status using systemctl status rpki-validator and start it if it’s not running. Also, inspect the configuration file to confirm that it specifies port 8080. Additionally, ensure that there are no firewall rules or other network-level issues blocking access to the specified port.

If the issue persists, consider reviewing the installation steps and logs for any errors during the RPKI Validator installation on your Debian 11 VM.