When I tried to execute "conda update conda", I had this error:
May you help me please!
If you are behind a firewall or proxy you may have to set ssl_verify to false in your condarc.
In our corporate environment our proxy modifies certificates so ssl verification will fail. In addition we have to set the http and https proxies explicitly.
You can find an example of a .condarc file with these settings in How to make anaconda work behind http proxy not https
If you are behind a proxy with a self-signed certificate authority I have given a detailed answer here:
How to add a custom CA Root certificate to the CA Store used by Python in Windows?
Related
I'm using CloudFlare SSL. when I set SSL to flexible everything works fine.
But if I use full SSL mode this error occurs instantly:
Note that I set the certificate and the key in my cpanel ssl section and I think everything is done ok.
Why this is happening and how to fix it ?
It is quite simple. All you have to remember is:
Flexible - there should be no SSL installed for that domain on the server ( no VHOST for port 443 either ).
Full - there should be an SSL installed for that domain, but it does not have to be a valid one ( you can use a self-signed or expired SSL ).
Full Strict - there should be a VALID SSL installed for that domain on the server ( it has to be absolutely a valid and active SSL ).
So, depending on the SSL you have on your domain server, just set the Cloudflare SSL to one of the above options. If you believe that everything is okay and you still get an issue, I would suggest reaching your web host to check that further for you.
I am using devise, devise_ldap_authenticatable module to do simple ldap authentication.
But if I try to authenticate on ssl (689 port), I have this error:
Net::LDAP::Error (hostname "x.x.x.x" does not match the server certificate):
So, I need to ignore this verification.
I tried to google, but I have no result :(
How I can do it?
Per the devise_ldap_authenticatable documentation
If you're using a test LDAP server running a self-signed SSL certificate, make sure the appropriate root certificate is installed on your system. Alternately, you may temporarily disable certificate checking for SSL by modifying your system LDAP configuration (e.g., /etc/openldap/ldap.conf or /etc/ldap/ldap.conf) to read TLS_REQCERT never.
I'm having issues with TLS enabling in Mattemost. In my server I configured a lot of virtualHosts plus the mattermost files. In http everything was working fine.
Today I tried to setup TLS and https. I followed the instuctions as in https://docs.mattermost.com/install/config-tls-mattermost .html. Now I get this:
Please notice the error: I'm trying to access domain1.mywebsite.com and the error is "its security certificate is signed by domain2.mywebsite.com". domain2.mywebsite.com is one of the websites configured as virtualhosts in apache.
I did not configure any virtualhost for Mattermost, since I don't thing any is needed (and it worked flawlessly without one, and without TLS). But how can I tell mattermost (or the browser?) that the server of domain2.mywebsite.com is the same of domain1.mywebsite.com?
I generated the certificates using letsencrypt with the standalone option (sudo certbot certonly --standalone -d domain1.mywebsite.com) and didn't move any file, just enabled "UseLetsEncrypt": true, in config.json file.
Do you happen to have any idea about how I could fix this?
Thank you
Marco
You'll need to configure TLS on Apache. You'll needs to use separate certificates for each virtual host.
Here is information that might help you: https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Don't configure TLS on Mattermost if TLS is being handled by the proxy.
How to add secured ssl support in the thunderpush websocket server, i was looking in there doc but did not find any answers how to add the certificate file to the server.
not sure how we can achieve it.
Never tried it, but I guess you can use a haproxy with ssl terminate setup. Haproxy will accept ssl traffic and forward it to non ssl thunderpush backend.
Regards,
Vangelis
I'm trying to configure keystone with ssl certs from an intermediate CA.
Is there any way of getting keystone to "serve" the intermediate CA's cacert to clients?
I've tried setting it in keystone.conf with ca_certs option under both [ssl] and [signing] sections but some https clients (firefox, curl, wget & keystone-client) still do not trust the certs.
It works with Chrome(ium) and Opera tho.
NB. Running Keystone via Apache works but i'm looking for a standalone Keystone implementation.
First -> [face palm]
It turns out you can just bundle the intermediate CA cert with your certificate and have keystone send that to the https client.
The Apache + mod_wsgi way is still better IMHO