I have been going around and around with this issue. I can create a dev-cert using dotnet dev-certs https --trust but the certificate only appears in the Personal certificates folder. If I try copying it to the Trusted folder it disappears on refresh. I have watched videos of people doing this on YouTube and it works so I'm not sure what is wrong with my PC/install.
Running my code and hitting the route in Postman returns a 500 error and UntrustedRoot.
I have tried this using a local user account and my admin account. I have also tried creating a certificate and importing it using OpenSSL following guides I have found, but still no luck.
I am running Windows 10 Pro on a new build PC. Windows was a clean install with a new licence.
I really don't want to have to purchase a signed certificate just to do development on localhost as that seems a bit overkill.
Any suggestions?
tl;dr try disabling your anti-virus before creating certificate!
I finally stumbled upon the answer; my anti-virus, WebRoot. I was following a YouTube tutorial on how to add a custom certificate to Kestrel and in doing so I discovered that WebRoot was blocking access to the hosts file. Disabling the av allowed me to update that file but also, it then allowed trusting of the dev-cert generated by dotnet dev-certs https --trust.
Not sure how I can prevent this in future other than temporarily disable the av before creating a certificate. Frustrating that the av doesn't warn me and there doesn't appear to be an obvious setting to allow this to happen.
Related
To start with I really don't want to pay for hobby dyno on heroku. I am well aware of their ACM process. I am trying to be a little careful with spends as I am testing something.
My current setup is as follows:
Namecheap (domain xyz.com) -> xyz.herokuapp.com (with DNS Name configured correctly)
This is configured correctly and works great for HTTP. I have a task at hand to obtain certifactes from LetsEncrypt (because they are free), and integrated it to app deployed on heroku.
The app is a simple react-app, built using create-react-app. I have followed the steps to obtain a certificate from LetsEncrypt, and the certbot is asking me to place the certificate in this path public/.well-known/acme-challenge/<cert-string>. The content of the file in that path contains the .
The problem I am having is, the route localhost:3000/.well-known/acme-challenge/<cert-string> works well in my dev environment. When I deployed the react app to heroku, the route /.well-known/acme-challenge/<cert-string> is heading to a 304 and I am unable to facilitate the certbot to complete the validation step.
After a few hours of debugging I understood the architecture inside heroku better, and I have understood that this is a heroku buildpack related problem. My current understanding of the issue is as follows:
heroku blocks access to /.well-known/acme-challenge/<cert-string>
and I have to find a way to unblock this ^ .. so that certbot can validate my cert process.
I did some research and understood that there is a way to by-pass the nginx.conf. Is this really possible?
Looking for some guidance here.
Edit1
I have tried some approaches here https://github.com/heroku/heroku-buildpack-php/issues/218 - they did not work well.
I am posting this question on SO instead of ServerFault, because all my previous efforts to get Magento 2 issues sorted out, ended up being hacking some or other code in the Magento or template source.
I have configured a basic install of Magento 2 with a theme for a client.
Magento is running on IIS and Windows. (Not WAMP), shared IIS hosting on windows (My own server).
I configured the shop to use SSL, and the complete shop runs over SSL without any issues.
However, when trying to use the market place, I get a weird SSL issue:
"SSL certificate problem: unable to get local issuer certificate"
This error is shown on the Magneto shop (which is currently running over ssl), when trying to sign in to the market place.
I have found lots of hits on this issue, but all answers seem to lead to a self-signed certificate that isn't trusted or adding intermediary and/or root certificates. This is all based on XAMP, WAMP or native 'nix installations.
I do not understand what the exact issue is. I also do not know how to troubleshoot this further as the error description is very vague.
I would appreciate some feedback.
Thanks
This error happens because cURL cannot find a cacert.pem file from which take the trusted signatures.
There are some ways to set this file in cURL:
• Pass the cacert.pem file path directly to cURL when making the call;
• Set the path to the cacert.pem file in the php.ini.
You could follow below post:
• https://serverfault.com/questions/633644/adding-a-self-signed-cert-to-the-trusted-certs-within-curl-in-windows
• https://magento.stackexchange.com/questions/97036/magento-component-manager-ssl-certificate-problem-unable-to-get-local-issuer-c
• https://mage2.pro/t/topic/988
Regards,
Jalpa.
I am having problems decrypting any SSL traffic (my Windows 10 PC) using (thelatest version of) Fiddler.
I have tried Eric's (created Fiddler) post on resetting certificates to no avail:
http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
I am seeing the following error in the logs on all SSL requests:
09:50:02:3744 fiddler.network.https> HTTPS handshake to www.fiddler2.com (for #1) failed. System.Security.Cryptography.CryptographicException Unspecified error
To try and isolate the issue I installed Charles and it is able to decrpyt SSL requests so I dont believe it is a system-wide / local network issue.
Any help much appreciated as Fiddler is such an excellent tool.
So I have now got Fiddler working again, these steps fixed my problem:
Remove Fiddler certificates (via the GUI, and manually check in Certificates mmc)
Uninstall Fiddler, including all settings data
Use a registry cleaner to clean up orphan / broken entries
Delete any remnant folder related to Fiddler
Download latest version of Fiddler
Install using all defaults (dont install to a custom location)
Set HTTPS Capture and Decrypt in Fiddler
I faced similar issue on mac with Fiddler. This was the first time I was using fiddler with mac.
The problem was the mac was not trusting the Fiddler
certificate.
To solve it I first of all, go to the Fiddler and then choose
Tools>Options>HTTPS
check Decrypt HTTPS Traffic
In the same dialog, then go to actions and click on export root certificate to the Desktop
click ok and close the fiddler.
Now the fiddler certificate has been downloaded on your desktop. In my case its name was FiddlerRoot.cer .
Double click on it and it will open in the keychain.
Select certificate option from left hand under category
You will find there is a certificate with name DO_NOT_TRUST_FiddlerRoot
Right click on the certificate and click on the Trust to make it expand. Here is how my dialog looks now.
In your case instead of Always trust, use system defaults would have been selected by default. Select Always trust.
Clear cookies and cache of your browser and then restart the browser.
Now if I start my fiddler it is able to decrypt the https website.
I have a Synology NAS DiskStation DS2415+. When I bought it several years ago, I followed the setup instructions and created a self-stamped certificate which worked and even allowed me to remotely connect to my NAS via HTTPS.
Recently I changed some settings following the Synology's "Security Advisor" which is an automatic tool which scans all settings and recommend changes to secure it.
Following the recommendations of the said tool, I made some the reuqired changes, mostly in the Network Settings and Security Settings, but now I now can't use Quick Connect without getting a warning. In case any of you is familiar with this issue, I do hope there is a way to use HTTPS and not HTTP, either with a self stamp SSL or a purchased one. When I inquired about purchasing an SSL, I am told that it would be impossible to use an SSL without a dedicated domain for that SSL, but that's a side issue because originally my NAS worked and was remotely accessed via a self stamped certificate.
I managed to fix it by the following steps:
Creating a Self Stamped SSL (done in 2 steps)
1. Go to Control Panel -> Security -> Certificate -> CSR
Generate the CSR and download it. Use your user name as the Common name.
Go again to Certificate -> CSR and this time select Sign Certificate Signing Request. You will then be asked to select the .csr file from before, and as a result, the certificate will be downloaded.
Go to your browser and import this certificate. (Thanks #Matt Clark !)
In my case, only after going to Chrome -> Settings -> Advance and selecting Reset Settings to Default, it worked.
I can now connect to my NAS using QuickConnect and using HTTPS.
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.