In PostgreSQL with Password authentication , if SSL = on , in postgresql.conf file , then can the client connect without the SSL certificate on his side ?
Please help.
Enabling SSL (SSL = on) will still allow both normal and SSL connections. However, the pg_hba.conf file can be configured to allow only SSL (or both) through using the hostssl and clientcert option. See here for more info
Related
I have set the setting in cloudflare ssl/tls to Full (strict), but my server is connecting even with a self certificate. Why is this? My server is configured with Apache.
I want to prevent access to servers with self certificates.
If you set ssl/tls to Full, you will force CF to redirect traffic over ssl/tls. If your server is using a self-signed certificate you will need to upload a valid cert.
To avoid direct access, you need to set up authentication origin pull:
https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/explanation/
so that all traffic is evaluated before receiving a response from your server.
If you want your server to stop using self-signed certs, you can download a valid one from CF, and load it:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
I am working on Kafka security using SSL(OpenSSL) everything is working fine except hostname verification
If I set ssl.endpoint.identification.algorithm in any one side or both side(client and server)
ssl.endpoint.identification.algorithm = https
then I am getting SSL handshake failed error
I searched a lot but getting only one answer that is
This error is due to the SSL.endpoint.identification.algorithm configuration option is set to HTTPS, enabling host-name verification, and is the default for Kafka 2.x clients. This needs to be set to an empty string to work or to restore to the previous version. like below
ssl.endpoint.identification.algorithm =
Please explain, Is host-name verification is possible with self signed certificate(CA) or else We need sign/verify it by recognized authorized CA(Verisign, GlobalSIgn which needs to pay)
I use Alembic to manage my migrations. My database is on AWS, and I want to connect it with SSL.
In my alembic.ini I have the lines
[production]
script_location = alembic_prod
sqlalchemy.url = mysql+pymysql://user:password#my-rds-host.eu-west-1.rds.amazonaws.com/mydatabase
Of course, it works if user have the permission to connect the base without SSL, but not otherwise.
How to require a SSL connection, and specify the certificate ?
You first need the certificate bundle -
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport
You then would add the appropriate parameter to your URL like shown here -
How to connect to mysql server with SSL from a flask app
To repeat the previous answer with more specific steps:
Download the RDS certificate bundle from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
Use the ssl_key option to point to the certificate:
sqlalchemy.url = mysql+pymysql://user:password#my-rds-host.eu-west-1.rds.amazonaws.com/mydatabase?ssl_key=/Users/DaMaill/Downloads/rds-ca-2019-root.pem
I try to activate ssl of emqttd server. For this, I added following lines to emq.conf under the etc folder.
mqtt.listener.ssl.tls_versions = tlsv1.2,tlsv1.1,tlsv1
mqtt.listener.ssl.handshake_timeout = 15s
mqtt.listener.ssl.keyfile = etc/certs/key.pem
mqtt.listener.ssl.certfile = etc/certs/cert.pem
mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
mqtt.listener.ssl.verify = verify_peer
All other settings is same to default.
However, I can connect my local mqtt server without doing any ssl configuration like ssl version, certificate, etc. by using mqtt-spy broker. I think i didn' t configure ssl properties of emqttd. How can i solve this problem?
Thanks in advance.
You must check which port you are trying on for SSL.
Secondly you need to place your key.pem and cert.pem at the path mentioned.
It will just work fine if client have the certificate to authenticate the server.
Hello i have istalled to openfire into my computer.I am trying to login to spark using username password and ip address as domain but i am getting I am getting certificate hostname verification failed errror.I found that that they are asking to change server i tried that option as well no result.
When we install Openfire server, it generates self-signed certificates for SSL connections. Now if you are in development phase, you don't need to worry about this error. However, once you go into production, you might consider placing proper HTTPS certificates against your domain.
Certificate directory: OPENFIRE_HOME/resources/security/