I was going through Citrix Netscaler documentation to renew certificate for Netscaler so it is using Passcrypt as argument for private key but no where mentioned how is it being generated and how is it being used on Netscaler so does anyone faced same problem or or having any idea about it?
Doc:https://developer-docs.citrix.com/projects/netscaler-command-reference/en/10.5/ssl/ssl-certkey/ssl-certkey/
Related
I'm trying to setup a very basic wordpress setup as explained in this document: https://cloud.google.com/kubernetes-engine/docs/tutorials/persistent-disk
And cloud sql proxy is giving me certificate errors:
esonika#cloudshell:~ (esonika)$ k logs wordpress-8d7998ccd-xnfn9 -c cloudsql-proxy
2022/12/30 10:43:38 using credential file for authentication; email=cloudsql-proxy#esonika.iam.gserviceaccount.com
2022/12/30 10:43:38 Listening on 127.0.0.1:3306 for esonika:europe-west9:mysql-wordpress-instance
2022/12/30 10:43:38 Ready for new connections
2022/12/30 10:44:01 New connection for "esonika:europe-west9:mysql-wordpress-instance"
2022/12/30 10:44:02 couldn't connect to "esonika:europe-west9:mysql-wordpress-instance": x509: certificate is valid for 38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog, not esonika:mysql-wordpress-instance
I dont know why a certificate such as "38-968d77ed-a928-4b25-97d3-5451b5f3c670.europe-west9.sql.goog" is created and where.
Tried resetting ssl configurations and it didn't work.
Usually, if you don't explicitly set a SSL connection on your Cloud SQL instance, the communication with the database is in plain text.
EXCEPT when you create a tunnel with Cloud SQL proxy. This time, a secure connection is created, with encrypted data. The encryption is ensure by this automatically and ephemeral certificate created by the proxy.
Here is a doc which might help you in connecting to Cloud SQL from GKE using sidecar pods.
Thanks, The document doesn't list anything that I haven't tried. I think there is an internal issue with cloud_sql_proxy, that's why I decided to switch Cloud SQL to a private network only and wordpress pod is directly connecting to Cloud SQL private IP.
I was running into the same issue around the time you posted this question. I also reset SSL configuration on the DB like you did. My solution was upgrading from the version 1.11 to 1.33.2. It resolved all of the x509 errors. No clue why it suddenly stopped working.
I've installed bitnami WordPress on GCP and issued SSL certificate via SSH. and was everyting ok till today.
Could anyone help and advice..
what shall I do
https://www.careersar.com/
Thank you
Remaz
I am trying to get more documentation, understanding about security in Azure Managed Kubernetes Service (AKS).
Does Azure encrypt the containers deployed to the AKS cluster at "rest"? If so, how is data encryption achieved at rest, and in motion?
What are the ways to achieve SSL/TLS in AKS, any documentation is appreciated.
Thanks in advance
I can definitely tell you TLS termination is supported in AKS. I've been able to implement this.
HTTPS Ingress on Azure Kubernetes Service (AKS)
This documentation is slightly out of date though. You should use cert-manager instead of KUBE-LEGO.
I would welcome a more authoritative answer, but as far as I have determined managed disks are always encrypted (https://azure.microsoft.com/en-us/blog/azure-managed-disks-sse/), but the worker nodes are not encrypted by default. It would be necessary to run az vm encryption enable on every node (quite a chore if you are scaling up and down!). If you do that you should be covered, though.
As for SSL/TLS Kubernetes supports TLS for Ingress, see https://kubernetes.io/docs/concepts/services-networking/ingress, but I haven't tested it in AKS. We are using our own Nginx server as gateway and with that approach you can use any TLS tutorial out there. We feel that we have more control that way.
Recently, I've installed the rocket.chat using docker containers (rocketchat, mongo_db and hubot) but now I would like to enable the HTTPS (SSL) to securize the chat since will be accesible from internet.
Do anyone knows how to setup the SSL files (I have the .key and .cert files) and enable the HTTPS for my rocket.chat ?
To install the tool I followed this guide LINK (the guide is in spanish, if you need anything else, just let me know)
Thanks in advance
Kind Regards
kv
You can use nginx to create a reverse proxy for that. You can use Let's Encrypt to get the certificates.
Here is a more detailed guide: https://rocket.chat/docs/installation/docker-containers/#5-installing-nginx-ssl-certificate
I'm setting up my development environment using the binary files that I have downloaded from WSO2's website.
I'm getting an issue related to the SSL certificate which prevents me to call some URI's from my Ruby script. How can I can fix this kind of problem?
Have you tried installing the SSL Certificate into the client-truststore in repository/resources/security?