When I run the following command testcafe --ssl pfx=path/to/file.pfx safari mytestfile.js, I always immediately get a mac verify failure error message in the terminal window.
I created my .pfx file using openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 999999 -nodes
Questions:
Am I using the wrong .pfx file?
What is causing this error?
How would I go about fixing this issue?
I have tried using the instructions here (https://devexpress.github.io/testcafe/documentation/using-testcafe/programming-interface/createtestcafe.html), but even that doesn't work.
Any help would be greatly appreciated! :)
Related
I tried to generate a private key and certificate using OpenSSL v3.0.1 on x64 using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" req -x509 -sha256 -days 7300 -newkey rsa:2048 -keyout ProductPrivate.key -out ProductCertificate.crt
Then I try to package the key and certificate into a single PFX file using the command:
"C:\Program Files\OpenSSL\bin\openssl.exe" pkcs12 -export -out KeyPackage.pfx -inkey ProductPrivate.key -in ProductCertificate.crt -passout pass:superevil -passin pass:secret
Here is the actual screenshot, you can see all steps completes successfully and that you can see the password I set it up with.
I verified that all three files are created:
Next I took the pfx and try to import it into a certificate store of couple of machines, however everywhere I tried, I got the same password incorrect error. I used this same instruction 5 - 6 years ago and everything worked so I don't know what changed? do you happen to know?
The screen below proof that I have the right password for the pfx entered.
I found the answer, this is only issue if I use openssl v. 3.0.1. I test the same steps against openssl 1.1 and the import works.
There was many answer for this question but all are for windows. There had a same question for ubuntu but had no answer (Unable to open config file /usr/lib/ssl/openssl.cnf). When ran this command in my AWS ubuntu instance
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/example.com.key -out /etc/ssl/certs/example.com.crt
It shows the error above. That error start showing after delete the /etc/ssl folder from my instance. Please help me if anyone have solution.
I've got an issue with my local SSL certificate in that the site isn't downloading the CSS and JS files because of the error net::ERR_CERT_AUTHORITY_INVALID. I found that it was originally using an SHA-1 certificate and that could be the problem. In order to fix this I ran this command:
sudo openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
When I look at the certificate details on Chrome (v48) under "Certificate Signature Algorithm" it says "PKCS #1 SHA-256 with RSA Encryption"
I'm still getting the same issue, it doesn't appear to be a caching issue as I've appended a timestamp to the url so that its not cached.
I'm not sure what else I need to do to resolve this. Anyone shed any light on this?
I need to make client approve a server CA certificate which is not known to it.
I have generated cert.pem using the following command
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
And then using the following command I came to know that requests points to <full-path>/cacert.pem.
python -mrequests.certs
So, I have copied the generated cert.pem to the same path and gave it to verify. I have tried the following to do so. I don't want to use verify=False.
requests.get("https://<ip>:<port>/route1", verify='<full-path>/cert.pem')
Still I see that the client is throwing the following error.
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
How do I make the client approve the server certificate? Am I missing anything? Any help would be appreciated.
Server side code
context = ('cert.pem', 'key.pem')
#app is flask object
app.run(host="<ip>", port=port, debug=Ture, ssl_context=context)
Using Apache 2.2, SSL is configured. I am creating the key and temporary cert in command prompt. When I use
openssl genrsa -des3 -out server.key 1024
I am returned this output :
WARNING: can't open config file:
z:/strawberry_libs/build/2013Q3_/ssl/openssl. cnf error on line -1
of C:\Program Files\Apache Software Foundation\Apache2.2\conf\o
penssl.cnf
and then it creates the key.
So good and fine. The error is bothersome. Then I try to make the cert with
openssl req -new -key server.key -out server.csr
Now it shows an error and wont create it.
C:\temp>openssl req -new -key server.key -out server.csr WARNING:
can't open config file:
z:/strawberry_libs/build/2013Q3/ssl/openssl.cnf Unable to load
config info from z:/strawberry_libs/build/2013Q3/ssl/openssl.cnf
Not exactly sure how to proceed at this point as I can't get past this step for my assignment without the certification. If there is another way, or a way to correct the error that would be great.