I'm working on a gRPC service, and we're using a CA certificate we generated ourselves for our server. Unfortunately, I can't seem to figure out how to tell grpc_cli about that certificate, and so I get "Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed."
I see an option for specifying the client cert and key, but not for the CA cert. What am I missing?
Related
Following up from previously asked question.
We were provided with an x.509 v3 .pkcs12 certificate from Bloomberg.
For testing the webservice on Coldfusion, the certificate had to be encoded to DER for installing in the keystore.
I managed to install the certificate successfully using the link.
But getting the following error when calling the webservice.
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Testing the same(.der) certificate on SoapUI threw the below error.
ERROR:java.security.KeyStoreException: failed to extract any certificates or private keys - maybe bad password?
Note: The provided .p12 and the converted .pem certificates work as expected on SoapUI.
Any pointers?
I'm on a Windows system and when I try connecting to Ably, I'm getting the following errors(s):
cURL error: SSL certificate problem: self signed certificate in certificate chain
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
What am I doing wrong?
This error is caused by out of date root certificates on your server or local machine. In order to fix this problem, follow the instructions from one of the related issues:
PHP SSL certificate problem
Ruby certificate verify failed
I am running nginx ingress on my kubernetes 1.9 cluster. Using internal singed certificate for the application URL, I have include root & intermediate certificate part of the TLS secretes.
From my nginx log file, I see this message frequently.
backend_ssl.go:139] unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate.
How to get more details about this error message?
error message:
E0129 01:11:39.582118 7 backend_ssl.go:139] unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate.
E0129 01:11:39.582689 7 backend_ssl.go:139] unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate.
E0129 01:11:39.583031 7 backend_ssl.go:139] unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate.
E0129 01:11:39.583308 7 backend_ssl.go:139] unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate.
Some certificates don't support it. You need to set --enable-ssl-chain-completion = false . Then it stops
I am running a IBM Liberty server (on IBM Container) in https with a self signed certificate (described in server.xml).
I am connecting to IBM cloudant database for by DB needs. Everything worked fine until I switched my liberty server to https. I am getting the following excepton
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.cloudant.com, O="Cloudant, Inc.", L=Boston, ST=Massachusetts, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
I followed the documentation here https://www.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/t_install_datastore_config_certificates.html to import the cloudant certificate generated by openssl s_client -connect cloudant.com:443 -showcerts > cloudant.cert to the liberty truststore, but that did not resolve the issue.
Your help is appreciated.
Try with: openssl s_client -connect xxxxx-bluemix.cloudant.com:443 where xxxxx-bluemix.cloudant.com refers to your Bluemix Cloudant service instance.
You can get the service instance domain by launching the Cloudant dashboard in Bluemix from your Cloudant service instance. Click on the API tab on the top right.
I am using sample code provided by gsoap for SSL on Windows. I have successfully generated all required certificates, and I installed certificate on Windows in trusted root certificate directory. The problem I encounter is that self signed certificates are not accepted on windows. The process is terminated in handshake.
When I run client and server, I get the error on client side:
SSL verify error or warning with certificate at depth 1: Self signed certificates in certificate chain
certificate issuer
certificate subject
It looks issuer and subject fields are both empty and, therefore, equal.
Both Certs, ca and client should be reissued with subj field set.
In command prompt , we need to run the winscp command manually . it will prompt to accept certificate. subsequent execution will work