The ceritifcate of download.postgresql.org has expired and since then, I'm unable to download packages
Related
I am developing a Moodle website using SSO. I have configured auth_saml2 moodle plugin and I have tested with test login. I am getting error
Exception: Failure Signing Data: error: 06065064: digital envelope routines: EVP_DecryptFinal_ex: bad decrypt - SHA256
I have tried SHA384, SHA512 algorith but still am getting same error.
Error screenshot.
The error message has been reported on Github in a couple of tickets.
https://github.com/catalyst/moodle-auth_saml2/issues/387
https://github.com/catalyst/moodle-auth_saml2/issues/380
Looks like the certificate might need to be regenerated?
Also a post on Moodle, they switched to OpenID
https://moodle.org/mod/forum/discuss.php?d=397317
The certificate needs to be regenerated, from the saml settings click the 'Regenerate certificate' button, or go here:
http://moodle.example/auth/saml2/regenerate.php
and resave the certificate. You will need to re-import the SP metadata again with your IdP.
Can anyone shet some light on how I can debug the matching of certificates configured in Postman?
Problem:
I’m trying to connect to a REST service using a SSL client certificate. I configured it in the settings tab the same way as in set-and-view-ssl-certificates-with-postman
When checking the console I don’t see the certificate being sent and get failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40
Context:
Postman v 6.4.2 running on windows 10
(for security reasons some information below replaced by dummy info)
Using the same certificate/key/password I can setup a connection using openssl. (checked for validity of certificates, TSL v1.1 and v1.2 supported, no SNI issues)
The server certificate is signed by a trusted CA (I tested with both --SSL certificate verification-- on and off )
In the Postman console I dont see the certifciate being sent.
---- [console output] ----
GET https://somehost:443/somepath?someparameter=9076443&somedate=2017-02-17T00:00:00.000
Error: write EPROTO 101057795:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:
Request Headers:
appid:“42”
cache-control:“no-cache”
ipaddress:“192.68.1.1”
postman-token:“some-token”
role:“Applicatie”
userid:“6x9”
---- [end console output] ----
image of certificate configuration
I matched, matched and rematched the hostname
A search on the interweb did not learn me anything I did not try yet…
Questions
Is there any debug option that will show the way the certificates are matched
is there any way I can force postman to pick a configured certificate
any other ideas on how to proceed on this problem
any help appreciated
Additional info
Monitoring with wireshark shows no certificate is sent.
(Postman console did not show a certificate being sent. I assume from examples that it will log which certificates it will/does send for a given request)
snippet wireshark output
Postman app in chrome
it does work from chrome, using the chrome keystore
Using the pk12 form of the same key (original postman request uses the .cer form) imported into the chrome keystore, the requests work.
Chrome app will not do
Obvious question is: “why not keep using the chrome app”
because its depricated and we use the newer 6.x test functions not supported in version 5.x
Question posted on Postman help forum with no answer about a week ago:
OP on postman helpforum
Additional additional info
It works on newman
I had same issue when I typed path to CRT and KEY files instead of using file dialog.
Just click Choose File button instead of pasting file path when adding certificate.
If you can download postman app then there is an option under preference/certificate and under there is an option 'Client Certificate'.
You need to provide both .cert and .key file into respective section, provide host name and key password if any. Click "save". next time you send a request matching hostname , postman app will send the certificate along with the way. You can validate in console output.
I have been asked to update an old project done in objective-c.
I'm having this issue with my distribution provisioning profile. It goes like this
Provisioning profile "XXXXXX" doesn't include signing certificate
"iPhone Distribution: XXXXXXXXXX (XXXXXXXXXX)".
The thing is I can see the certificate "iPhone Distribution: XXXXXXXXXX (XXXXXXXXXX)" in my keychain. But there are 2 of them. One has a private key and the other one doesn't and both have a different expiry date. When I checked the developer account, the distribution provisioning profile is signed with certificate that doesn't have a private key (the expiry date of the certificate shown on developer account is that of the one without private key)
What is causing this issue?
How can I fix it?
What if I can't get the private key from the older machine(as that machine is no more usable)
I tried deleting one of the certificates, and also automatically manage signing. Both didn't work.
Please help.
The problem is that the only valid provisioning profile you have tied to the distribution certificate for which you do not have the private key. Without the private key, it is not a valid signing identity, so Xcode won't use it.
To fix this, You will need to create a new private key / distribution certificate, and then create a new distribution profile using the newly created certificate. You can find instructions, starting with creating the cert signing request, here.
See 2 above. Without the key, you can't use the existing certificate. If you are needing to build from multiple Macs, you need to set up a sharing mechanism to provide the private key to any other Macs that will be downloading and using the certs / profiles from the Apple's site. I would also back up the private key so that you won't run into this in the future if something happens to your build Mac. Also, when the cert expires, it is helpful to keep the .csr file from answer 2 above. This means you can use the same private key for the new cert when your distribution cert expires.
Make sure you have selected right Code Signing identity.
In my case I had selected Distribution instead of Developer
I have created a Xero partner app and I have been asked to renew my Entrust Certificate. When I POST to oauth/RequestToken, I get this error:
oauth_problem=signature_invalid&oauth_problem_advice=Failed%20to%20validate%20signature
Here are the steps that I took:
I downloaded the P12 Entrust Certificate from Xero.
In certmgr, I imported the P12 certificate into my personal certificate store.
I right clicked the certificate. I clicked all tasks and export.
I said do not export the private key.
I exported the file as a CER.
I logged into developer.xero.com and I clicked apps.
I uploaded the CER in the form and clicked save.
Are there any additional steps I must take?
I think where you went wrong is at stage 5.
The entrust cert isn't supposed to be uploaded into the developer portal.
The .cer file you upload into the developer portal conatins your public key and is used to decode the signature you provide on your API calls. This signature is signed by your application using the private key associated with it. If the certs are mismatched (which they will be now that the API is trying to decode with the wrong public key), you will recieve the "Failed to validate signature" error you are seeing.
You will want to either
Re-upload the previous .cer public key file you used for your application originally, as it will match the private key you are currently signing with (unless you changed this also)
Regenerate a new public/private key pair as described here: https://developer.xero.com/documentation/advanced-docs/public-private-keypair, upload the new .cer public key into the developer portal, and use the new private key in your application
I want to create a helpdesk project following this great tutorial : http://blog.jetbrains.com/youtrack/2014/02/using-youtrack-as-a-help-desk/
I want to set the parameters of my mailbox using a Gmail adress but I don't know how to obtain a SSL key from Gmail.
Without it, I have "Connection timed out" error. I know where to add the SSL key in Youtrack, but I need a file (JKS or PKCS12 format).
My settings:
Protocol:IMAPS
Host:imap.gmail.com
Port:993
Login:mylogin
Password:mypassword
Select SSL key: nothing
Connection timeout:60
Socket timeout:60
Please help :)
Here how to obtain Gmail trusted root keys (from Google PKI FAQ):
Google may decide to have its intermediate signed by another root at any point in time, so you should have an update mechanism in place for the trusted roots you ship with your product. If you are developing code intended to connect to a Google property, we recommend you include a wide set of trustworthy roots. We made an example available as a PEM file here.
PEM file provided can be manually converted to PKCS12 with, for instance, OpenSSL tool.
I suspect, however, that installing a cert won't solve the issue. "Select SSL key" likely stands for client (i.e. YouTrack) certificate, which is not required by Gmail. Please check the following:
If IMAP is enabled in your GMail account
this recipe to make sure Gmail is not blocking new client application explicitly