I can't get CouchDB working over SSL. The certificates are fine, and indeed I have tested with self signed, and the test certificates for Couch at https://github.com/mochi/mochiweb/blob/master/examples/https/
It's an Ubuntu box, running couch 1.6.1 and the SSL certificates all check out when checked at https://www.digicert.com/help/
The error does not appear when testing via curl, but does when attempting connection from a browser. The error line in the log is:
SSL: certify: tls_connection.erl:375:Fatal error: decode error
Related
I'm trying to use curl to access a URL of an app we've developed internally, and on the server I'm seeing
http: TLS handshake error from 1.2.3.4 remote error: tls: unknown certificate authority.
This only happens when we hit the endpoint using curl (inside git bash ) or wget. When we use IE on Windows it works just fine. I've even tried re-installing git bash using Native SSL library (which should be the same as IE), but still getting the same error message.
Have even tried downloading the curl-ca-bundle.crt file and saving to the same place as the curl binary, or even directly telling it to use this file with curl --cacert option, but still no joy.
I've compared the root certs that IE is reporting, and the ones in that curl-ca-bundle.crt and they look the same (they don't line up exactly the same, but they have the same text in them between the BEGIN and END markers, one is just wider on the screen and therefore uses fewer lines if that makes sense).
Hopefully someone has ideas what to try next as two of us have been tearing our hair out all afternoon with this.
wget also gives an error message :-
$ wget https://bler.com/admin/user
--2018-09-03 15:53:43-- https://bler.com/admin/user
Connecting to 132.146.1.142:8090... connected.
ERROR: cannot verify oss.dns.networks.bt.com's certificate, issued by 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to oss.dns.networks.bt.com insecurely, use '--no-check-certificate'.
We're using a local proxy server, and HTTP_PROXY is set. It must be using the proxy, as we can see we're hitting the end point.
I also had the same error. This problem occurs when you install on Golang web server the only certificate. You must use a certificate chain instead.
For example, Letsencrypt gives "cert.pem" and "fullchain.pem". "cert.pem" works in browsers, but curl cannot work with this file (curl: (60) SSL certificate problem: unable to get local issuer certificate). "fullchain.pem" works fine in browsers and curl.
I am building an ecommerce website on a local Windows 7 pro (Apache/php) test server with a self-signed SSL. I have the mydomain.com in the hosts file redirecting to localhost - so far so good.
When I try to use the email function of the ecommerce software via Gmail smtp, I am getting an SSL error:
[23-Apr-2018 03:00:06 America/New_York] Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed [C:\Apache24\htdocs\includes\classes\vendors\PHPMailer\class.smtp.php line 379]
[23-Apr-2018 03:00:06 America/New_York] SMTP Error: Could not connect to SMTP host.
[23-Apr-2018 03:00:06 America/New_York] CLIENT -> SERVER: QUIT
I thought about just getting a cheap CA SSL and installing it on the server but I'm not sure this will work, since the Gmail smtp server is obviously not using my hosts file. This is just a guess at this point.
Question I'd like answered is, 1, will installing CA cert resolve the issue, and 2. if not, what is your strategy to have a functional email on a test server with domain in hosts file?
Thank you,
David
I added the following to the function responsible for smtp connection. Warning, only to be used on completely secure environment, your own test server, never on a live server.
$options["ssl"]=array("verify_peer"=>false,"verify_peer_name"=>false,"allow_self_signed"=>true);
I've set self-signed SSL certificate on my local virtual host, setup redirect in router from MyGlobalIP:8443 to MyLocalIP:443
It works fine for browser, but if I check my hook with telegram api method getWebhookInfo I get a error message
"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"
I cant find any solution how to fix this. I cant even find kind of problem, bad certificate or bad apache settings or something else.
php 7.1
apache 2.4
mac os x sierra
Hello i have istalled to openfire into my computer.I am trying to login to spark using username password and ip address as domain but i am getting I am getting certificate hostname verification failed errror.I found that that they are asking to change server i tried that option as well no result.
When we install Openfire server, it generates self-signed certificates for SSL connections. Now if you are in development phase, you don't need to worry about this error. However, once you go into production, you might consider placing proper HTTPS certificates against your domain.
Certificate directory: OPENFIRE_HOME/resources/security/
When I used set doc=db.GetDocumentByURL(url,1,1,,,,,False) to get a page/file under http, it returned the web page/file successfully as a Notes document.
But when I used set doc=db.GetDocumentByURL(url,1,1,username,password,,,False) to get an ssl page/file under https, where url is like "https://docs.google.com/document/d/xxxxoooo/edit", it failed and the remote console showed the error messages:
SSL Error: Keyring File access error
Connection interrupted: SSL Error: Bad or missing remote certificate
Can't db.GetDocumentByURL() access an ssl page/file? What should I do?
Assuming you are using Windows - make sure that IE can open the page. I've seen this problem in case the server's SSL certificate was self-signed and installing it in IE solved the problem.