I am facing certificate validation error after recreated my self signed certificate. Initially it was working fine but yesterday I changed it new certificate since old cert got expired. After this I am getting below error:
An operation failed because the following certificate has validation errors:
Subject Name: CN=xx.yy.msh.local
Issuer Name: CN=xx.yy.msh.local
Thumbprint: A9E62A621QEHF0A32CF509BC90EACE9827AA1C7A
Errors:
SSL policy errors have been encountered. Error code '0x2'
Site is running in sharepoint and is trying to call service which is using this certificate. I am running out of ideas and same error is logged in ULS also. Any help will be really appreciated.
Regards
Sri
Related
I encounter this error which I put in brackets. I want to install the SSL certificate on my site which is hosted on a vps with webmin, when I did it the first time it worked my site had the SSL certificate with let's Encrypt but afterwards I wanted to start all over again so I deleted the server and all the files from my site then I created a new server with the same name as the old server but now when I try to request the ssl certificate at the level of my webmin it no longer works while the first time it worked well, I put the error that is displayed in parentheses ( Requesting a certificate for ertiden from Let's Encrypt ..
Request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for "ertiden": Domain name needs at least one dot
Please see the logfiles in /var/log/letsencrypt for more details.
DNS-based validation failed : Neither DNS zone or any of its sub-domains exist on this system )
As part of updating the SSL/TLS certificate of the web server deployed in the Kubernetes(which the current one will expire soon), I updated the Kubernetes secret (kubernetes.io/tls) with the new crt and key.
After that, the application works fine in the browser.
But, the API calls to the server, (From some python applications running in some pods) are hitting some SSLError.
The same will work if I restore the old certificate for the server.
The error is:
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname',
port=443): Max retries exceeded with url: URL(Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1131)')))
I tried to resolve this by creating the crt and key in different ways from the pfx file.
But the issue remains.
I did some search on - if anything to update in the Kubernetes cluster as part of the certificate change and I couldn't find a solution.
Any help will be greatly appreciated.
The issue was, the certificate I installed was without the intermediate certificate. The browsers may "fill in the gap" by searching for the missing certificate. Re-install the certificate with the complete chain resolved the issue
I am disabling certificate verification using the following command:
getsessionkey = requests.post(AUTH_URL, headers=headers, data=data, verify=False)
I use above command in a script that calls an API to retrieve data from it. When I run my script, I have the following error:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
I understand from that error that the script could not verify the distant's API certificate. But I am explicitely disabling the verification, I am at loss as to how to interpret this.
If the problem cannot be resolved, how can I add my certificate to the certificate truststore?
P.S: Disabling certificate verification has always worked for me so far. I started to have the error above since a recent security update.
Thanks for helping.
I'm following this readme: https://github.com/nicodewet/template-spring-boot-oauth2-wso2-is
I do everything like in link above but when I click login I got error:
502 Bad Gateway
Certificate Verification Error for localhost: unable to get local issuer certificate (errno: 20, depth: 0)
I'm not sure where is the problem, I tried to everything and still same problem... How to solve this problem?
I have bought a wild-card certificate for *.helloworld.com in "Godaddy" and had tried to use it in "2.2.2.2" that is in digital ocean which has my apache installed, ssl configured based on the above certificate.
On trying to run the "https://2.2.2.2", i received the following error:
"2.2.2.2" uses an invalid security certificate.
The certificate is only valid for the following names:
*.helloworld.com, helloworld.com
(Error code: ssl_error_bad_cert_domain)
To overcome this issue, i had tried to do a forward with masking in "godaddy" for "x.helloworld.com" which is pointing to "https://2.2.2.2".
Still, i am facing the Error code: ssl_error_bad_cert_domain.
I am interested in having a clear understanding of my issue. Kindly Someone help me by providing your views on this issue. Thanks in advance.