I am using the svnX Version 2.0 (2.0.017068) and I can't connect. We already have a certificate for it, but it is giving me these errors:
svn: E170013: Unable to connect to a repository at URL 'https://svn.sample.com/svn/web'
svn: E230001: Server SSL certificate verification failed: issuer is not trusted
It suddenly happened to me today. I followed the steps from Rick: https://community.smartbear.com/t5/Collaborator/Server-SSL-Certificate-verification-failed-issues-is-not-trusted/td-p/96838
Please try running an "svn ls" or something similar from inside your working/checkout directory. You should be prompted to accept the certificate, make sure that you accept it permanently.
I did an svn update on the working directory.
Automatically, it asked me to accept the certificate.
Just accept it.
Related
Having problems installing PayPalCommerce in OpenCart,
After installing and trying to connect to PayPal I get this error!
"(60) SSL peer certificate or SSH remote key was not OK"
As anybody else come across problem as the server certs are just fine?
As Stated Server Certificats are fine, was thinking of changing the Curl SSL Veerify to False but that would defeat the whole purpose. And as the latest Security 1.2 (whatever abrevation).
Update your certificate authority bundle so that your HTTPS connection to the PayPal API endpoint can verify the connection is trusted.
One can be downloaded here, among other places.
If your attempted connection is using a specific certificate file rather than a CA bundle, delete the old certificate and either obtain the endpoint's current one to use instead or use CA verification of it
I'm using Windows 10 using Git Bash.
My company's laptop uses Zscaler and I've trying to get nvs from this repository:
https://github.com/jasongin/nvs#nvs-node-version-switcher
export NVS_HOME="$HOME/.nvs"
git clone https://github.com/jasongin/nvs "$NVS_HOME"
. "$NVS_HOME/nvs.sh" install
The first issue I got was error 60:
cURL error 60: SSL certificate problem: unable to get local issuer certificate and send me to cURL documentation.
These errors are potentially caused by Zscaler. I went to this website: https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trusted-store and added the CA following this:
Exporting Zscaler root certificate
You will need to export the Zscaler root certificate to be able to add it to application custom trust store. To do this with Chrome follow the steps below. Different browsers will have different ways of doing this, google as required.
Settings
Privacy and Security
Manage Certificates
Trusted Root Certification Authorities
Select Zscaler Root CA
Export using the Wizard (DER .cer format)
I converted from .cer to .pem
Then added the cacert certification:
echo "cacert=<Path to Certificate>/ZscalerRootCA.pem" >> $HOME/.curlrc
After doing that, the new error I got is this:
curl: (77) error setting certificate verify locations: CAfile: /c/Users/xxx/CAZscaller/rootAM.pem CApath: none
Failed to download node binary.
If anyone has any idea on how can I fix this and finally get access to nvs I really appreciated. (Please note I'm not using PHP).
I could use some guidance on what needs to be put in place for resolving this SSL issue to an artifactory server when running
pip install. Is this "self signed certificate" supposed to be replaced by a specific one provided by that server?
Could not fetch URL [our.artifactory.server.name]/simple/hercl/:
There was a problem confirming the ssl certificate: HTTPSConnectionPool
(host='[our.artifactory.server.name]', port=443):
Max retries exceeded with url:
/api/pypi/our.artifactory.server.name-local/simple/hercl/ (Caused by SSLError(SSLCertVerificationError(1,
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self signed certificate in certificate chain (_ssl.c:1131)'))) - skipping
Credited to pip.pypa.io:
Starting with v1.3, pip provides SSL certificate verification over
HTTP, to prevent man-in-the-middle attacks against PyPI downloads.
This does not use the system certificate store but instead uses a
bundled CA certificate store. The default bundled CA certificate store
certificate store may be overridden by using --cert option or by using
PIP_CERT, REQUESTS_CA_BUNDLE, or CURL_CA_BUNDLE environment variables.
In regards to the SSL issue, it depends whether you insist on SSL enforcement, if not, you may use an existing flag to ignore this by appending --trusted-host <server_name> ,in the example below: --trusted-host artifactory.
Some suggestions raised to overcome this issue are suggested here as well: pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
Do note, prior to using artifactory as a caching/proxy server for Pypi packages, you should configure the pip.conf and .pypirc files according to the SetMeUp instructions: https://www.jfrog.com/confluence/display/JFROG/PyPI+Repositories#PyPIRepositories-ResolvingfromArtifactoryUsingpip
For example:
pip.conf:
[global]
index-url = http://artifactory:8081/artifactory/api/pypi/pypi-virtual/simple
.pypirc:
[distutils]
index-servers =
virtual
local
remote
devpi
[virtual]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-virtual
username: admin
password: ***
[local]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-local
username: admin
password: ***
[remote]
repository: http://artifactory:8081/artifactory/api/pypi/pypi-org-remote
username: admin
password: ***
[devpi]
repository: http://localhost:3141/admin/dev
username: admin
password: ***
As part of updating the SSL/TLS certificate of the web server deployed in the Kubernetes(which the current one will expire soon), I updated the Kubernetes secret (kubernetes.io/tls) with the new crt and key.
After that, the application works fine in the browser.
But, the API calls to the server, (From some python applications running in some pods) are hitting some SSLError.
The same will work if I restore the old certificate for the server.
The error is:
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname',
port=443): Max retries exceeded with url: URL(Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1131)')))
I tried to resolve this by creating the crt and key in different ways from the pfx file.
But the issue remains.
I did some search on - if anything to update in the Kubernetes cluster as part of the certificate change and I couldn't find a solution.
Any help will be greatly appreciated.
The issue was, the certificate I installed was without the intermediate certificate. The browsers may "fill in the gap" by searching for the missing certificate. Re-install the certificate with the complete chain resolved the issue
I am setting up Chef workstation by configuring knife.rb using "knife configure -i" configure command. After PROPERLY answering all question, I get the following error :
ERROR: SSL Validation failure connecting to host: 172.xx.x.xx - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
My goal is to disable this SSL certificate verification forever and use knife utility to bootstrap my all nodes.
I had the same issue running chef-client after upgrading to the version 12.xx. Steps to solve:
Pull crt from server. Run on node:
knife ssl fetch -s https://yourchefserver01.com:443
Note: If fetch doesnt work copy from yourchefserver01.com:/var/opt/chef-server/nginx/ca/yourchefserver01.com.crt to client:/root/.chef/trusted_certs/yourchefserver01.com.crt
Verify it pulled:
knife ssl check -s https://yourchefserver01.com:443
export SSL_CERT_FILE="/root/.chef/trusted_certs/yourchefserver01.com.crt"
Run chef-client
Your problem is the validation of the chef server certificate.
Install a proper certificate on the chef server
or add your chef server certificate (located in /etc/chef-server/hostname.crt) to your workstation cacert.pem (located by default in <install path>/opscode/chef/embedded/ssl/certs).
With chef 12 you'll have to ditribute it too on your nodes to validate the chef API server or you'll have a warning at the start of each chef-client run about it.
Issue seems to be concerned with the .pem validator. your validation are misconfigured. Try create new validation key from chef server and place it under the node.
If you are running Chef Server on-premise, it will easier in the long run to install a third-party SSL cert, e.g. Verisign, on the Chef Server (or load balancer). chef-client and knife come with OpenSSL which will trust a valid third-party cert automatically with no configuation required on each node.
Please don't turn off SSL cert validation. SSL validation is additional protection that the server you are trusting with root access to your Chef nodes is the real Chef server, not a man-in-the-middle attack.