I am trying to add a certificate using this documentation kong docs
But I am unable to figure out how to generate these "cert" and "key" pem files.
I tried with public and private keys generated by puttygen and did not workout.
A sample will be extremely helpful
{
"message": "3 schema violations (cert: invalid certificate: x509.cert.new: asn1_lib.c:101:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long; key: invalid key: pkey.new: tasn_dec.c:1130:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag; tags: expected a set)",
"name": "schema violation",
"fields": {
"tags": "expected a set",
"cert": "invalid certificate: x509.cert.new: asn1_lib.c:101:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long",
"key": "invalid key: pkey.new: tasn_dec.c:1130:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag"
},
"code": 2
}
This is the error I received
Try this command
curl -i -X 'POST' http://localhost:8001/certificates \
-F 'cert= Content PEM archive ' \
-F 'key= Content key archive without password ' \
-F 'snis=subdomain.mydomain.com'
I can't say I quite understand it, but after looking at what some others have done online I can get it to work by just having the same data in two files and then running a line that prints the data from a file, like so:
curl -i -m 60 -X POST http://localhost:8001/certificates
-F "cert=$(cat cert.pem)"
-F "key=$(cat key.pem)"
-F "snis=domain.net"
Credit:
https://discuss.konghq.com/t/adding-certificate-does-not-create-sni/2497
Related
I use the GCP Text-to-Speech API to create greetings and interactive menus that are played to phone customers who call into businesses. I have successfully used the Text-to-Speech API in the past using this Google quick-start: Google Cloud Text-to-Speech
I used the same quick-start guide again for a new organization and project but I keep getting an invalid key error which I have been unable to debug.
Here are the commands I have used to invoke the service and the results:
# curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)”\
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
I tried again with a different authentication header:
# curl -X POST \
-H "X-Goog-Api-Key:***my_API_key***.json" \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 400,
"message": "API key not valid. Please pass a valid API key.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_INVALID",
"domain": "googleapis.com",
"metadata": {
"service": "texttospeech.googleapis.com"
}
}
]
}
}
I have re-verified the following configurations:
The Text-to-Speech API is enabled for my project.
The credential (service account) I am attempting to use is listed with the Text-to-Speech API as compatible. I verified that that service account key is the key that was used in the attempted authentications.
I compared my configuration on GCP with another working configuration I manage for a different company. There are no differences I can see.
I compared my key and the other company's working key and they are identical except for the specific user data.
The billing account for the project is active with valid payment card in place.
These two links were helpful but did not clear up the problem:
Google Cloud Text-to-Speech API - permission error
Google Cloud Text to Speech INVALID API KEY
Any help on this issue would be very appreciated!
The solution to this problem is to install the Google Cloud SDK.
The CLI was missing so the returned output from gcloud auth application-default print-access-token was an error.
I enabled the Cloud Text-to-Speech API
I created a service account with Editor role.
Note: Ensure you have set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your service account private key file path.
Save the request body in a file called request.json,
Execute the following command:
curl -X POST \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize
Response body
{
"audioContent": "//NExAARcrn0ABhEudAgAjuem7vohckY3IAFgWvxrBkAD//ARvqc/QhCZ/6EJO6E9Dvo2cjHPQhLfWQ/rTU7yEznsoGBn8hJz5xbQiOgEfwDzD1DVARLPlzGNXylbM8s//NExA0SCnoAAUIQAd8vlrM9DPR//6t5fpUpS
sk3MbzGUvMhqOpdSsjmcpeY2Zz ...................
}
Everything worked as expected
OneDrive file uploads failing when source URL is to a TLS 1.2 server
$ curl -L -H"Authorization: $ACCESS_TOKEN" -H"Content-Type: application/json" -H"Prefer: respond-async" "https://graph.microsoft.com/v1.0/me/drive/root/children" -d'{
"#microsoft.graph.sourceUrl": "https://tls-v1-2.badssl.com:1012/icons/icon-green.png",
"name": "icon-green.png",
"file": { }
}'
This returns a 202 Accepted, with a Location header containing a URL to track the upload. Following this returns:
{"operation":"DownloadUrl","status":"failed","statusDescription":"Unexpected response 'InternalServerError The underlying connection was closed: An unexpected error occurred on a send.' when downloading all content"}
With a TLS 1.0 Server (following the Location header)
$ curl -L -H"Authorization: $ACCESS_TOKEN" -H"Content-Type: application/json" -H"Prefer: respond-async" "https://graph.microsoft.com/v1.0/me/drive/root/children" -d'{
"#microsoft.graph.sourceUrl": "https://tls-v1-0.badssl.com:1010/icons/icon-red.png",
"name": "icon-green.png",
"file": { }
}'
{"operation":"DownloadUrl","percentageComplete":100.0,"resourceId":"6A071D3FEEC6C6B6!115","status":"completed","statusDescription":"URL was successfully downloaded to target"}
It should, but obviously it's not. We'll look into adding the support.
Update:
This has now been fixed - requests to download files on a TLS 1.2 endpoint should work.
I'm testing Elasticsearch in development mode with docker official image.
The basic install is based on X_pack and basic authentication.
Everything works fine by performing curl like:
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d'
{
"title": "The Godfather",
"director": "Francis Ford Coppola",
"year": 1972, "user":"elastic", "password":"changeme"
}'
But is there a way to perform a token request (with user and password) and then query Elasticsearch with the token. Instead of having to specify user/password every time I perform a query?
The default X_Pack in docker image has Basic authentication enabled. Which is what your are using. The token for the same is base64(user:password). You can generate the same using http://base64encode.org and inputing :.
In curl there are two ways to call Basic auth URLs
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d''
which you have already been using
curl -H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" -XPUT "http://localhost:9200/movies/movie/1" -d'....'
Now if your problem is putting in this again and again then you better create a alias in your bash profile like below
alias curles='curl -u elastic:elasticpassword'
After that you can call your commands as below
curles -XPUT "http://localhost:9200/movies/movie/1" -d''
Cutting out a lot of my original answer because you could argue it's all local, but leaving one major complaint about security here:
Definitely don't go to base64encode.org and enter your username:password. The very fact that it is suggested here on StackOverflow makes that site now (sadly for the owners) and incredibly juicy hacking target to compromise since they know people are going there.
curl -X GET --user myuser:mypassword "http://elasticsearch:9200/_cluster/health?pretty"
In my case above curl helped
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 16,
"active_shards" : 16,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Further to Taran's answer, if you want to generate base64 token, you can do so by the following command:
echo -n 'username:pass' | openssl base64
I'm trying to create container in bluemix with API as it in http://ccsapi-doc.mybluemix.net In the document it mentions:
When using the API with the new model, the following HTTP headers shall be provided:
X-Auth-Token = Bluemix JWT Token
X-Auth-Project-Id = Space GUID
But I have no idea how to get or generate the Bluemix JWT Token. Can someone help me ?
You can get X-Auth-Token by cf oauth-token command. Then copy and paste rest of the part after bearer. And you also can get X-Auth-Project-Id by cf space --guid <space Name>. Please see below commands;
$ cf login -a api.<region>.bluemix.net -u <space name> -o <org name> -s <space name>
$ cf ic login
$ cf oauth-token
$ cf space <space-name> --guid (space name where the container exists)
Try expanding the Authentication section on that page and the "Get TLS Certificate" to show more info
When you enter the values and click "try it out" you will see additional output generated with token info.
This is an alternative Method:
You can retrieve X-Auth-Token and X-Auth-Project-Id with this command:
cf login
CF_TRACE=true cf ic login
Copy all output in a .txt file and search for X-Auth-Token and X-Auth-Project-Id
here there is a simple example:
curl -X GET --header "Accept: application/json" --header "X-Auth-Token: asdlkfajdfdkaldkjfskl239049283049jsdfjksl29304" --header "X-Auth-Project-Id: sdfadf-0090-43ef-22932-23434234" "https://containers-api.ng.bluemix.net/v3/containers/quota"
Response:
The output of API is like this:
{
"account_type": "TRIAL",
"country_code": "ITA",
"org_quota": {
"floating_ips_max": "2",
"floating_ips_space_default": "2",
"floating_ips_usage": 2,
"ram_max": "2048",
"ram_space_default": "2048",
"ram_usage": 2048,
"subnet_usage": -1,
"subnets_default": "5",
"subnets_max": 0
},
"space_quota": {
"floating_ips_max": 2,
"ram_max": 2048,
"subnets_max": -1
}
I am using the Embeddable Reporting service for Bluemix. I want to dynamically change the SQL text in the SQLQuery of a report definition so that the report is generated from a referenced table. The report specification can be changed using the https://erservice-impl.ng.bluemix.net:443/ers/v1/definitions//specificationAPI. However, how do you change the SQL text?
Here are the steps that are involved:
Author a report in the your favorite authoring tool against a sample table.
Grab the report specification by clicking Tools > Copy Report to Clipboard.
Locate the SQL string in the report specificiation and change it to a token that you can easily search/replace. For example: Select * from %%DATATABLE%%
Save this template in a file or in a string variable within your app.
Search/replace the string %%DATATABLE%% with the table that you want.
Execute the report:
a. POST to /ers/v1/packages/(package-id)/reports with content-type application/xml and the specification as the body. The response will contain the location of the new report.
b. GET /ers/v1/reports/(report-id)/html to render the report in HTML.
Here is an example in curl:
Connect to the service with your cloudant/Mongo URL and Embeddable Reporting Service credentials. For example:
curl --insecure -i -X POST --cookie-jar newcookies.txt -H "Content-Type: application/json" -d '{"bundleUri":"https:/(repository-uri)/"}' https://(ers-userid):(ers-password)#erservice-impl.ng.bluemix.net/ers/v1/connection
Create a run instance from a specification against the packageId that contains your database.For example:
curl --insecure -i -X POST -b newcookies.txt -H "Content-Type: application/xml" -d '(report-spec-goes-here)' https://erservice-impl.ng.bluemix.net/ers/v1/packages/(package-id)/reports
Here is an example response:
{
...
"_links": {
"formats": [
{
"href": "/ers/v1/reports/JwVd3JkeR3SFUkLlOi1bWw/html",
"disposition": "paged",
"mimeType": "text/html"
},
... other formats ...
]
},
"_bundleID": "JwVd3JkeR3SFUkLlOi1bWw"
}
You can now run the response._links.formats.href
Run the instance in HTML. For example:
curl --insecure -i -X GET -b newcookies.txt https://erservice-impl.ng.bluemix.net:443/ers/v1/reports/JwVd3JkeR3SFUkLlOi1bWw/html
Get the HTML back.