Error when trying to run rpki validator

Hello,

I want to install rpki validator as a validation software on a debian 11 VM.
I have installed rpki validator from this site How to Install an RPKI Validator | RIPE Labs. The installation went well but I can’t execute this command: curl -H “Accept: text/csv” localhost:8080/api/export.csv, it gives me curl: (7) Failed to connect to localhost port 8080: Connection refused.
Is it from my VM or from the installation of rpki-validator which was badly done?

Thank you in advance
Baptiste

Hi Baptitse,

Thanks for your question. These validators can be tricky to run, especially back in 2019 when the article was published.

The article describes the installation of four different RPKI validators. What validator did you install?

The URL/port/API they have to download the validated object content differs for each validator.

If you installed the RIPE NCC RPKI validator, I recommend picking a different one. The RIPE NCC RPKI validator was deprecated; there are better alternatives available.

Kind regards,
Ties

Good morning,

I have installed the RIPE NCC RPKI Validator.
Is the routinator more recent?
Best regards
Baptiste

routinator is easy to install and is well maintained.

The RIPE validator has been deprecated. routinator, fort, octorpki, and rpki-client are being maintained.

Thank you for your information.
I have chosen the routinator software to make my RPKI server.
But I have a question. I’m not sure if I should use TLS or SSH to set up my RTR server.
https://routinator.docs.nlnetlabs.nl/en/stable/rtr-service.html

The choice of transport depends on what is supported and how much you trust the network between the router and RTR server. As far as I know the most commonly used methods are plaintext or SSH.

Of course it is important to think about the risks when using plaintext. If you trust the network, this limits the risk of using plaintext. On a less, or non-trusted network (worst, very unlikely case: public wifi) I would really want authentication/security.

The “Connection refused” error when attempting to access localhost on port 8080 typically suggests that the RPKI Validator service isn’t running or isn’t configured to listen on that port.

To troubleshoot, check the service’s status using systemctl status rpki-validator and start it if it’s not running. Also, inspect the configuration file to confirm that it specifies port 8080. Additionally, ensure that there are no firewall rules or other network-level issues blocking access to the specified port.

If the issue persists, consider reviewing the installation steps and logs for any errors during the RPKI Validator installation on your Debian 11 VM.

Following the installation instructions provided on RIPE Labs, the installation appeared to proceed without any errors. Upon attempting to execute the command “curl -H “Accept: text/csv” localhost:8080/api/export.csv,” I consistently receive the error message “curl: (7) Failed to connect to localhost port 8080: Connection refused.” This error has left me puzzled, wondering whether it stems from misconfiguration during the rpki-validator installation process or if there’s an underlying issue with my Debian 11 VM setup.

The RIPE NCC RPKI validator is no longer supported. Debian 11 was released after the software support ended, so I think that the compatibility has not been tested.

There are two main causes for the connection being refused:

  • The software may not be running
  • The port is incorrect

I would recommend you pick an alternative validator over continuing to run the RIPE validator though (unless for research purposes)

Have you verified that there are no firewall rules or network restrictions on the VM that might be blocking access to port 8080?

An issue when trying to execute the command curl -H "Accept: text/csv" localhost:8080/api/export.csv. The error message I receive is curl: (7) Failed to connect to localhost port 8080: Connection refused. I’m unsure whether this issue stems from a misconfiguration on my VM or if the RPKI Validator installation did not complete properly.

The RIPE NCC RPKI validator is no longer supported. It is known to be insecure, since maintenance stopped per July 2021.

If you still run this software, we strongly urge you to replace it with another validator. More information is published at: Ending Support for the RIPE NCC RPKI Validator — RIPE Network Coordination Centre