We Keep Coding

How to specify CA certificate to grpc_cli

I'm working on a gRPC service, and we're using a CA certificate we generated ourselves for our server. Unfortunately, I can't seem to figure out how to tell grpc_cli about that certificate, and so I get "Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed."
I see an option for specifying the client cert and key, but not for the CA cert. What am I missing?

SSL certificate issues when communicating with Ably

I'm on a Windows system and when I try connecting to Ably, I'm getting the following errors(s):
cURL error: SSL certificate problem: self signed certificate in certificate chain
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
What am I doing wrong?

This error is caused by out of date root certificates on your server or local machine. In order to fix this problem, follow the instructions from one of the related issues:
PHP SSL certificate problem
Ruby certificate verify failed

Jenkins svn collabnet build failure

I am getting the below build error :
[ERROR] The svn blame command [svn blame --xml --non-interactive -x -w xxxxx.java] failed: svn: E230001: Unable to connect to a repository at URL 'xxx-xxxx.java'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
I am using Subversion Edge by Collabnet with jenkins to run the build. Could you please help me out?

Here is the wording of the error message:
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
The error you are getting "Server SSL certificate verification failed: issuer is not trusted" means that there is a problem with the certificate installed on SVN Edge server. The client does not trust the certificate and displays the error. Therefore, you should look into the certificate-related problems on CollabNet Subversion Edge server.
The only possible way to ignore the error is to use --trust-server-cert command line option. You also have to add --non-interactive option because your CI machine runs the Subversion client non-interactively.
If you use Subversion 1.9 client, you can also use --trust-server-cert-failures option which is intended to ignore a wider range of invalid certificates than --trust-server-cert that can only ignore certificates issued by unknown or not trusted certificate authority.

OpenStack CLI Failed SSL Verification

When executing an openstack command, it is failing to verify a certificate that was signed by an internal CA.
CentOS 7
Root CA installed in /etc/pki/ca-trust/source/anchors
openstack 3.3.0
$ openstack server list
Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://XXXXX :13000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
I hit the url from a browser and downloaded the certificate. Then ran openssl verify successfully.
$ openssl verify -CAfile /etc/ssl/certs/ca-bundle.trust.crt 10.92.50.11.crt
10.92.50.11.crt: OK
Does the root CA need to be placed in another area for the command line to pick it up?

Explicitly pointing at the CA certificate by setting OS_CACERT did the trick. Other people in my environment didn't have to do this. I'm not sure why it was necessary, but that's what fixed my issue.
export OS_CACERT=/path/to/ca.crt
Reference: http://docs.openstack.org/user-guide/common/cli-set-environment-variables-using-openstack-rc.html

SSL certificate verifaction error cPanel

When I want to install my certificates on cPanel, I see this error:
error Certificate verification failed!
Executed /usr/bin/openssl verify -CApath /var/cpanel/ssl/installed/cabundles:
stdin: CN = example.com
error 20 at 0 depth lookup:unable to get local issuer certificate

I was able to resolve this issue by including the CA trusted bundle at the bottom.