I was using Postman to test all my APIs on a server with SSL certificates generated using letsencrypt. As the root certificate (DST Root CA X3) expired yesterday, I am not able to use any APIs from the postman. But the same APIs are working fine with SSL from the web browsers and using curl. Let me know How can I make the postman trust the new root certificate.
Update postman to 9.0.5 released on Oct 2, 2021
https://github.com/postmanlabs/postman-app-support/issues/10338
Are you using Postman on Linux? If so, this gist may work,, perhaps.
https://gist.github.com/kujiy/67ef342170c4b0a36bb4bd9615ae2916
Related
I Need to attach a CA certificate with the postman request. I am attaching a CA certificate as shown in this in postman CA certifcate image. Here domain.pfx is not a self-signed certificate. It is signed by CA. When I attach this certifcate and hit the dotnet core web api controller, It is giving the socket hangup error. Its not even hitting dotnet core web api. Giving this error in postman.error_imageerror details.
But When I attach the self-signed certificate instead of a certificate signed by CA, everything works as expected. I can hit the controller and retrieve thumbprint from it. I am attaching the self-signed certificate in the same way.self-signed-certificate
I am getting the socket hangup error only when a CA certificate is attached, with Self-Signed certificate its working. How can I resolve this issue? Am I doing something wrong in adding CA certificate? Is there any other ways to attach a CA certificate in postman?
Your configuration of the certificate does not appear to be a problem. Since I don't know what your request looks like, I can only share with you a few cases where I encountered this error.
When you use same port for connecting database, which port is already in use for other service, then "Socket Hang up" error comes out. For example: port 51223 is dedicated port for some other service or connection. You cannot use same port (51223) for making a database connection on same server.
Your application was switched to https and your postman requests still had http in them. You can change postman to https to fix it.
Check if there is a VPN connection, if so, disconnect it.
Check if the version of postman is the latest version, this problem occurs in some versions.
Hope this can help you.
I have an admission controller to validate a request. I have tested the admission controller separately and it is working fine. Now I have implemented kube-rbac-proxy as a sidecar container. The sidecar container is https and it is expecting either a ca cert or a bearer token. The curl request with ca is working fine. When I am trying using kubectl command, it is giving me tls: bad certificate error. I have logged the request and I could not find any ca cert included in the request.
Admission controller(https server) alone is working fine. The curl request with corresponding ca cert is able to call the admission controller via kube-rbac-proxy. Implemented this to support tls.
Searching through the docs I think it's possible to make kubectl pass a certificate in it's requests.
Client certificate authentication is enabled by passing the
--client-ca-file=SOMEFILE option to API server. The referenced file must contain one or more certificate authorities to use to validate
client certificates presented to the API server.
Edit: realized I have made a mistake in my initial answer, it's corrected now.
I'm having an issue with my development where I am trying to implement OAuth authentication in my app. In order to get this to work I have to set up my .net core app to run with SSL certificates. These certificates are generated automatically and trusted, so far so good.
The issue arises where I try to use a phone client on these sites. Obviously the device doesn't have the certificate installed, and installing the certificate on the device makes little difference (the certificate provided by the dotnet tool doesn't have a CA attribute or something? So I can't physically trust the certificate on an iOS device).
From where I'm standing, it would make more sense to just use a Let's Encrypt SSL certificate on IIS Express, have the certificate provided by a recognised authority, but it seems that I can't do that for localhost. I think this is because the Let's Encrypt ACME bot can't connect to my local development instance which makes sense.
Is there any way to have a recognised development certificate (when I say recognised, I mean something like Let's Encrypt) in use for IIS express or local development? Or do I have to use a self signed certificate and find some way to install them on my testing devices?
Thanks.
I think you need 2 steps to achieve it.
Configure your IIS Express to use a custom domain name rather than localhost. This custom domain name is the one that you have SSL certificate for. Check here for how to do it.
Bind the Let's Encrypt certificate to IIS Express. This blog post uses a self signed cert, but in theory it should also work for Let's Encrypt cert.
The new version of google chrome doesn't allow using webcam without https :
getUserMedia() no longer works on insecure origins. To use this
feature, you should consider switching your application to a secure
origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
So I need a free ssl certificate (or cheap ssl certificate) for my web application. Openssl doesn't suit me because browsers display warning message when the ssl certificate is self-signed.
An idea ?
Thank you in advance.
use https://letsencrypt.org/ to get a free valid ssl certificate recognized by your mobile phone and by your web browser
I use cloudflare.com Origin Certificate. It is pretty good.
I had installed SSL certs one one of my cloud server by following this:
http://www.rackspace.com/knowledge_center/article/installing-an-ssl-certificate-on-apache
I am running jetpack plugin on my wordpress blog. The jetpack plugin is not getting connected to wordpress. I have talked with the Jetpack support guys and they say this:
Support Reply
"The problem is that OpenSSL doesn't recognize your certificate's Certificate Authority's certificate. The that URL works in browsers is because most modern browsers allow for certificate discovery by reading the "Authority Information Access" metadata from the certificate, which contains a URL from which the browser can download the CA's certificate. OpenSSL does not.
The best solution is if you can configure your webserver to supply the entire SSL certificate chain, rather than just your own certificate. That's what we do on WordPress.com. Sending the entire chain will also make your sites more compatible with older (and I believe some mobile) browsers."
Can any one describe me how can I install or provide entire certificate chain???
Thanks
These pages might help with setting up a CA and then creating a certificate: https://help.ubuntu.com/community/OpenSSL#SSL_Certificates
https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html