Ahoi guys!
The setup.
Nexus-IQ running on a Windows server, as a service, using the "clm-jsw".
I was trying to enable secured connection to the server, but i have pfx file, and i would like to know how i can use that in the config.yml so that server will load it and enable SSL.
the file should be something like that:
applicationConnectors:
- type: https
port: 8443
What parameter shall be (if any), so that server take the pfx file?
TY
Got it !
This is the solution.
.pfx extension can be renamed to .p12
As they are the type.
After that just use this in the Config.yml:
applicationConnectors:
- type: https
keyStorePath: 'C:\Nexus-IQ\Certs\file.p12'
keyStorePassword: yourpassword
port: 8443
Related
I have a valid Let's Encrypt SSL certificate which works as expected when setup on windows IIS:
https://www.sslshopper.com/ssl-checker.html#hostname=https://paperlesssolutionsltd.com.ng
When I apply same certificate to an Elixir ACE server like so:
certfile: Application.app_dir(#app, "priv/cert.pem"),
keyfile: Application.app_dir(#app, "priv/cert.key")
I get the following errors:
https://www.sslshopper.com/ssl-checker.html#hostname=https://paperlesssolutionsltd.com.ng:8443
Please what does Erlang SSL config require in order to fix this?
Thanks!
Was an erlang issue!
Upgrading to OTP 23.2.4 helped.
Also I had to use a cert file that combined my cert and Lets-encrypt's intermediate file.
Set this to both :certfile and :cacertfile
All credit to #voltone (Bram Verburg)
https://elixirforum.com/t/making-ssl-tests-all-pass-for-phoenix-lets-encrypt/3507/30?u=charleso
I have a Mosca MQTT broker running on a node instance and I would like to encrypt all the incoming communications with SSL/TLS (MQTTs protocol) but without the client having to link any certificate to the connexion (I guess it has to do with self-signed certificates) just as https works. I want all my clients to connect just with credentials specifying the MQTTs protocol and the communication can be encrypted. I was using Amazon MQ just before and that's how it works so I want the same.
I can't figure how to configure properly Mosca to do so, I don't know what kind of certificate I must use.
I added the secure field in the configuration as shown here
For the certificate I tried to create a self signed certificate as shown here
I also tried with certbot certificates (Let's Encrypt) registered for my domain name : mq.xxx.com .
I'm running everything on a ec2 (ubuntu 18) and my network and firewall are open for 1883 and 8883. My key and cert are at the root of my project where the deamon is running with good rights and ownership. I know my instance access them correctly.
new mosca.Server({
port: 1883,
secure: {
keyPath: "./privkey.pem",
certPath: "./cert.pem"
},
backend: {
type: 'redis',
redis: require('redis'),
host: "localhost",
port: 6379,
db: 0,
return_buffers: true,
},
persistence: {
factory: mosca.persistence.Redis
}
});
My server is running and working with simple mqtt on port 1883 but when I try to connect with ssl/tls with a client on port 8883 specifying that the server uses self-signed certificates (I tried with MQTT.fx) it fails saying : "unable to find valid certification path to requested target".
I can't make my head around this issue, I think somehow the client cannot "accept" or "verify" the certificate provided. Maybe I'm providing the wrong key or certificate to Mosca but there is only one of each resulting openssl or certbot. Maybe I created wrong but I follow many tutorials on the very same subject such as this one
What kind of certificate do I need to do ?
Is there something more to do with them ?
Thank you.
If you are using a self created certificate then the client will need a copy of certificate that signed the broker's certificate. This certificate will be added to the list of trusted sources so it can prove the broker is who it claims to be.
If you do not want to / can not distribute a certificate then you will need to use a certificate for your broker that is issued by CA (Certificate Authority) whoes signing certificate you already have (bundled into the OS/client that you are using).
The Lets Encrypt signing certificates should be bundled into most OSes by now but they are also cross signed by IdenTrust again who's certs should be bundled with most OSes. If you are having problems with the Lets Encrypt certs then I suggest you ask a new question with the exact details of how you configured mosca with those certs and more details of how you are configuring MQTT.fx and the errors you receive.
I've recently created a PKCS keystore using LetsEncrypt and I configured my production profile for JHipster to run Tomcat on 8443 using the new keystore. I can get the application to run if I call "ciwiseaccounting.com:8443" but when the page arrives Chrome shows the "!" meaning the page is not secure. This is odd because I didn't see the SSL challenge occur. If I call "https://ciwiseaccounting.com:8443" this does not work. Does anyone know what I'm doing wrong? IPTables is wide open for now and I can nmap the 8443 listener. Here's my server config snippet:
server:
port: 8443
server.ssl.key-store:
/etc/letsencrypt/live/ciwiseaccounting.com/keystore.p12
server.ssl.key-store-password: password
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
You are using the server key twice in your configuration (line 1, then again on lines 3-6). This means the properties aren't parsed into the correct variables, resulting in regular http instead of https.
Try with the below config:
server:
port: 8443
ssl:
key-store: /etc/letsencrypt/live/ciwiseaccounting.com/keystore.p12
key-store-password: password
keyStoreType: PKCS12
keyAlias: tomcat
I try to activate ssl of emqttd server. For this, I added following lines to emq.conf under the etc folder.
mqtt.listener.ssl.tls_versions = tlsv1.2,tlsv1.1,tlsv1
mqtt.listener.ssl.handshake_timeout = 15s
mqtt.listener.ssl.keyfile = etc/certs/key.pem
mqtt.listener.ssl.certfile = etc/certs/cert.pem
mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
mqtt.listener.ssl.verify = verify_peer
All other settings is same to default.
However, I can connect my local mqtt server without doing any ssl configuration like ssl version, certificate, etc. by using mqtt-spy broker. I think i didn' t configure ssl properties of emqttd. How can i solve this problem?
Thanks in advance.
You must check which port you are trying on for SSL.
Secondly you need to place your key.pem and cert.pem at the path mentioned.
It will just work fine if client have the certificate to authenticate the server.
I followed this tutorial to create a ssl certificate for a CAS server, now I decided that I need to use a vhost using the mod_jk, so the certificate need to be set in the Apache vhost config file..
The problem that my certificate is a binary file and can't use it with Apache, anyone has an idea how to convert that certificate?
I find the solution..
I set my OpenSSL certificate to Apache..
Then from my browser I export it to a binary file (DER).. After that I copied it to my server then I add it to the tomcat cacert file (as shown in the tutorial)..
Hope that'll help somebody else one day..