Issues installing nvs, laptop has Zscaler and cannot be deactivated - ssl

I'm using Windows 10 using Git Bash.
My company's laptop uses Zscaler and I've trying to get nvs from this repository:
https://github.com/jasongin/nvs#nvs-node-version-switcher
export NVS_HOME="$HOME/.nvs"
git clone https://github.com/jasongin/nvs "$NVS_HOME"
. "$NVS_HOME/nvs.sh" install
The first issue I got was error 60:
cURL error 60: SSL certificate problem: unable to get local issuer certificate and send me to cURL documentation.
These errors are potentially caused by Zscaler. I went to this website: https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trusted-store and added the CA following this:
Exporting Zscaler root certificate
You will need to export the Zscaler root certificate to be able to add it to application custom trust store. To do this with Chrome follow the steps below. Different browsers will have different ways of doing this, google as required.
Settings
Privacy and Security
Manage Certificates
Trusted Root Certification Authorities
Select Zscaler Root CA
Export using the Wizard (DER .cer format)
I converted from .cer to .pem
Then added the cacert certification:
echo "cacert=<Path to Certificate>/ZscalerRootCA.pem" >> $HOME/.curlrc
After doing that, the new error I got is this:
curl: (77) error setting certificate verify locations: CAfile: /c/Users/xxx/CAZscaller/rootAM.pem CApath: none
Failed to download node binary.
If anyone has any idea on how can I fix this and finally get access to nvs I really appreciated. (Please note I'm not using PHP).

Related

Visual Studio 2022 Access is Denied when adding the certificate to the Trusted Root Certificates store

I recently changed my IDE from VS 2019 to 2022 and I have not been able to successfully debug an SSL web site without receiving the popup message:
This project is configured to use SSL. To avoid SSL warnings in the browser you can choose to trust the self-signed certificate that IIS Express has generated. Would you like to trust the IIS Express SSL certificate?
After clicking Yes, the following message pops up:
Adding the certificate to the Trusted Root Certificates store failed with the following error: Access is denied.
After doing some research I ran the following command in an administrative prompt:
dotnet dev-certs https --clean
dotnet dev-certs https --trust -v
This resulted in the following:
An error has occurred while trusting the certificate: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied.
at Internal.Cryptography.Pal.StorePal.Add(ICertificatePal certificate)
at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
at Microsoft.AspNetCore.Certificates.Generation.WindowsCertificateManager.TrustCertificateCore(X509Certificate2 certificate)
at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.TrustCertificate(X509Certificate2 certificate).
There was an error trusting HTTPS developer certificate.
So far, I have tried importing the localhost certificate directly into the Trusted Root Certification Authorities, changing permission on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder, uninstalling IIS Express and repairing, and uninstalling and reinstalling VS 2022. So far nothing has worked, not sure what to try from here?
For people seeing this post and having the same issue. I 'fixed' this by doing the following:
Go to your Current User certificates store and click the Personal and then the Certificates folder. If you can see there a localhost certificate where the friendly name is something like IIS Express Development Certificate then try to move that certificate to the Trusted Root Certification Authorities --> Certificates folder.
If you get an Access Denied error then try to set the Physical certificate stores checkbox, as per this post: The certificate cannot be pasted into the Trusted Root Certification Authorities store. Access is denied, under (View --> Options), make sure you selected the root certificates file to see the View/Options menu.
Repeat the above steps also for the Local Computer certificates. For some reason sometimes my localhost certificate was stored under Current User and sometimes under Local Computer.
When starting the application the following 'error' should have dissapeard:
This project is configured to use SSL. To avoid SSL warnings in the
browser you can choose to trust the self-signed certificate that IIS
Express has generated. Would you like to trust the IIS Express SSL
certificate?
Though, in my case I got the ERR_CONNECTION_RESET error after doing the above. To fix this I had to manually add the localhost port certificate as per this post: https://stackoverflow.com/a/68804745/3242154
After doing the above it generated another certificate in my personal certificate folder for the specified port, I once again had to repeat steps 1-3 (depending in which certificates store it was created), then it finally worked without problems.

git get error: "Peer's Certificate issuer is not recognized"

When I run something like:
git clone https://gitlab.mydoman.com/test.git
from part of the clients, I get the error:
Peer's Certificate issuer is not recognized
I saw 2 main solution:
1. User can set
export GIT_SSL_NO_VERIFY=true
2. to install root certificates
I would like to solve the problem to all the users.
I did not understood how to install the root certificate and where I configure Gitlab to use it. Is there url to clear instruction?
Thanks.

svn: E230001: Server SSL certificate verification failed: issuer is not trusted

I am using the svnX Version 2.0 (2.0.017068) and I can't connect. We already have a certificate for it, but it is giving me these errors:
svn: E170013: Unable to connect to a repository at URL 'https://svn.sample.com/svn/web'
svn: E230001: Server SSL certificate verification failed: issuer is not trusted
It suddenly happened to me today. I followed the steps from Rick: https://community.smartbear.com/t5/Collaborator/Server-SSL-Certificate-verification-failed-issues-is-not-trusted/td-p/96838
Please try running an "svn ls" or something similar from inside your working/checkout directory. You should be prompted to accept the certificate, make sure that you accept it permanently.
I did an svn update on the working directory.
Automatically, it asked me to accept the certificate.
Just accept it.

curl certificate Error_ssl.c334: No root certificate specified for verification of other side certificate

"""You also need CA certificates bundle file for SSL support. Download cacert.pem from the cURL site, rename it to curl-ca-bundle.crt, and place in the directory where you make installer, or in any directory listed in PATH environment variable."""
I did the same and stored it in "c:\python27"
but it gives me the following error.
value "C:\Python27\caret.pem" is not valid for "ssl.ca_certs"
No valid trusted SSL CA file set . See 'bzr help ssl.ca_certs" for more information on setting trusted certificates.
I got past this error by skipping the rename step.
I downloaded cacert.pem to "C:\Python27\" (no name change) and these errors went away.

Chef ssl validation failure

I have one chef-server version 12.0.1 and can connect linux (rhel/centos) systems to the chef-server with knife bootstrap but cannot with windows and locally on my rhel client knife ssl check fails.
I have two problems but I think they are both related.
Problem 1 - knife ssl check fails:
Connecting to host chef-server:443
ERROR: The SSL certificate of chef-server could not be verified
Problem 2 - bootstrap windows server fails:
ERROR: SSL Validation failure connecting to host: chef-server - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Chef encountered an error attempting to create the client "desktop"
I have tried a number of things:
1) knife ssl fetch - no changes
2) I have a signed digicert crt on the server which is accepted by the management-console and chrome web browser
3) I have changed set this in the chef-server.rb
nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/hostname.crt"
nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/hostname.key"
which go to the signed certs.
Anything else I should be trying or am I being a plank?
Try running these commands on your Chef server:
mkdir /root/.chef/trusted_certs
cp /var/opt/chef-server/nginx/ca/YOUR_SERVER'S_HOSTNAME.crt /root/.chef/trusted_certs/
I was having the same problem and it was fixed after I looked through this article, and tried out the steps it gave: http://jtimberman.housepub.org/blog/2014/12/11/chef-12-fix-untrusted-self-sign-certs/
I was having the same issue using a valid wildcard certificate, although it was linux rather than windows. Looks like the issue is that the chef client uses openssl and didn't have the CA and root certificates. I was getting errors when I ran the following from the chef client server:
openssl s_client -connect chef_server_url*:443 -showcerts
I solved my issue by browsing to the chef server, inspecting the certs and exporting each cert in the chain to a single file, ordered with the issued certificate at the top, and the root at the bottom. I then used this bundled-cert as the certificate file in the chef server config file and reconfigured chef.