I installed OpenSSL and tried to use it to verifiy my SSL certificates with the commands shown in this page but I always get this error:
s_client -connect server.yourwebhoster.eu:995
18556:error:2008F002:BIO routines:BIO_lookup_ex:system lib::0:H connect:errno=11001 error in s_client
I want to verify these certificates because I'm block when I try to run a program with node js that uses a https.get request :
I searched solution on the Internet and I found out that line : npm config set strict-ssl false
I tried it, set it to true then to false again but nothing changed,
Related
Trying to get up SSL for prometheus (started via docker). I generated key and crt myself using open ssl. Pair: key and crt works ok.
when I execute this command on my host:
openssl s_server -cert prometheus.crt -key prometheus.key
It's saying "ACCEPT"
Here is my Dockerfile for prometheus container:
https://pastebin.com/4wGtCGp6
When I build image and start it, it's saying:
level=error ts=2021-09-24T20:44:11.649Z caller=stdlib.go:105 component=web caller="http: TLS handshake error from 127.0.0.1:50458" msg="remote error: tls: bad certificate"
кричит постоянно
In the web.yml I configure SSL in a following way:
tls_server_config:
cert_file: /etc/prometheus/prometheus.crt
key_file: /etc/prometheus/prometheus.key
In the prometheus.yml I configure SSL in a following way:
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
scheme: https
tls_config:
ca_file: /etc/prometheus/prometheus.crt
cert_file: /etc/prometheus/prometheus.crt
key_file: /etc/prometheus/prometheus.key
What could be the reason of this error ?
If it's self-signed, you shouldn't need a CA file, so try deleting that line in the tls_config and restarting the container.
I know this is old, so apologies if it's bad to answer an old question. Feel free to delete.
I have a website that is hosted behind company's network. You could only connect to it using the client.crt and client.key. This client.crt is signed by a self signed ca.crt which is referenced in the apache config file.
I installed the server certificate (servercrt.crt) on my machine and can make a curl request with no issues:
curl https://my_url.com:53234 --cert path/to/client.crt --key path/to/client.key
I also imported the client.crt in the browser. When navigate to the url the browser asks to select the client certificate. Once selected the right client certificate, it opens up the page without issues.
However, I have problems with python. When I try to connect using python:
import requests
clientcertfile = './client.crt'
clientcertkeyfile = './client.key'
servercert = './servercert.pem'
requests.get(url='https://my_url.com:53234, cert= (clientcertfile, clientcertkeyfile), verify = servercert)
I get the following error:
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')
But, I can connect to this url when set the verify=False which I don't want. The requests package just displays a warning that its better not to set the verify=False option.
I have looked at here, here and here but no joy.
Any ideas?
Apparently, I was using the wrong ca.crt for the server. Once I replaced it with the right certificate. It fixed the issue.
#Steffen's comment helped solved the issue.
I'm trying to use curl to access a URL of an app we've developed internally, and on the server I'm seeing
http: TLS handshake error from 1.2.3.4 remote error: tls: unknown certificate authority.
This only happens when we hit the endpoint using curl (inside git bash ) or wget. When we use IE on Windows it works just fine. I've even tried re-installing git bash using Native SSL library (which should be the same as IE), but still getting the same error message.
Have even tried downloading the curl-ca-bundle.crt file and saving to the same place as the curl binary, or even directly telling it to use this file with curl --cacert option, but still no joy.
I've compared the root certs that IE is reporting, and the ones in that curl-ca-bundle.crt and they look the same (they don't line up exactly the same, but they have the same text in them between the BEGIN and END markers, one is just wider on the screen and therefore uses fewer lines if that makes sense).
Hopefully someone has ideas what to try next as two of us have been tearing our hair out all afternoon with this.
wget also gives an error message :-
$ wget https://bler.com/admin/user
--2018-09-03 15:53:43-- https://bler.com/admin/user
Connecting to 132.146.1.142:8090... connected.
ERROR: cannot verify oss.dns.networks.bt.com's certificate, issued by 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to oss.dns.networks.bt.com insecurely, use '--no-check-certificate'.
We're using a local proxy server, and HTTP_PROXY is set. It must be using the proxy, as we can see we're hitting the end point.
I also had the same error. This problem occurs when you install on Golang web server the only certificate. You must use a certificate chain instead.
For example, Letsencrypt gives "cert.pem" and "fullchain.pem". "cert.pem" works in browsers, but curl cannot work with this file (curl: (60) SSL certificate problem: unable to get local issuer certificate). "fullchain.pem" works fine in browsers and curl.
I have been trying to generate a SSL certificate for local testing. When I cd into /xampp/apache/ and run makecert I get the following error:
WARNING: Can't open config file: ./bin/openssl.cnf
...
Error opening Private Key privkey.pem
How can that be fixed?
There is a wrong path to the openssl.cnf in the makecert.bat.
Just edit makecert.bat to fix the path:
set OPENSSL_CONF=./conf/openssl.cnf
I'm running Ubuntu 11.10 and I'm trying to install RVM.
I enter "bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)" and then press enter, and nothing happens. It pauses for a second and then returns to the command prompt.
RVM doesn't install. I run rmv-v and get The program 'rvm' is currently not installed.
No errors.
Any thoughts?
Thanks.
Jason
UPDATE: I removed the -s option from curl and now I see some messages. Specifically:
0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
UPDATE 2: I reinstalled Git, and now when I run curl-config --ca, I get:
curl-config --ca
/etc/ssl/certs/ca-certificates.crt
I downloaded the cacert.pem file from curl.haxx.se and created a new ca-certificates.crt file with it.
However, I'm still getting:
0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Not sure what else to try other than disabling the checking, which I'd rather not do.
The SSL certificate on https://rvm.io expired. Looks like RVM migrated to a new domain. See: https://github.com/wayneeseguin/rvm/issues/889