I'm getting an SSL Connection failed error when I try to connection to an HTTPS endpoint using Parse.Cloud.HTTPRequest. My guess is that the CA that issued the SSL Certificate isn't trusted by the Parse Server. Is there a way to trust that particular CA/Certificate?
Related
I'm creating an app hosted by IIS and I want to have it communicate securely with SoapUi (so IIS is the client is this scenario). I'm using certificates at both ends because I want mutual authentication. When IIS connects to SoapUi, I can see in WireShark that:
The client hello is sent from IIS
Then SoapUi responds with the server hello and continues with the certificate and a certificate request
Then IIS terminats the connection with a TCP [FIN, ACK]
And finally SoapUi sends the Alert(Level: Fatal, Description: Handshake Failure)
In my application log I can see the error Could not establish secure channel for SSL/TLS with authority 'localhost:8443'.
From the logs in my app I can see that my app is apparently loading the certificate as expected. The certificate is loaded from the LocalMachine certificate store and the CA certificate is located in the Trusted Root Certification Authorities. In SoapUi I've added .pfx files for the SoapUi certificate/private key and for the CA certificate/private key. Both the IIS certificate and the SoapUi certificate is signed by the same CA.
Is there anything special I need to configure in IIS to allow an app to connect with mutual certificate authentication.
IIS does not necessarily have access to the private keys in the local machine certificate store. If you have installed the certificate with e.g. an administrator account you will have to give the app pool that runs your application access to the private key of the certificate.
I can't connect with my Tableau Server from Tableau Desktop because it shows me that error: SSL certificate is not valid. I'm searching for a solution, but I'm only reading how to change the certificate with another, beacause I do not have any other certificate.
My question goes before that: how can I get a certificate? where I can get it from?
This is the guide from Tableau I use whenever I need to setup SSL for my servers. It includes obtaining an SSL Certificate from a certificate authority Steps for SSL Cert
To configure Tableau Server to use SSL, you must have an SSL certificate. To obtain the SSL certificate, complete the steps:
Set the OpenSSL configuration environment variable (optional)
Generate a key file
Create a Certificate Signing Request (CSR)
Send the CSR to a certificate authority (CA) to obtain an SSL certificate
Use the key and certificate to configure Tableau Server to use SSL
I have a Go program that uses tls.Server to accept TLS connections from clients. When a particular client connects, I'm getting the error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority".
I'd like to see the certificate chain that was presented (and failed to verify) so that I can figure out what the client is doing wrong. Is there a way to do that using Go's tls package? The obvious answer - to use the ConnectionState method - doesn't work because the ConnectionState's PeerCertificates field is only populated after the handshake has completed successfully.
I'm creating a Certificate Authority with openssl, and signing my server & client certificate with it (they both are the same).
Installing CA as a Trusted Root CA and Intermediate CA, server certificate - as a Personal one.
Adding server certificate in IIS6, adding bindings - and getting the right https connection via browser on server side.
But on the client side -
Installing CA as a Trusted Root CA and Intermediate CA, client certificate as Personal, server certificate as External.
Checking all the certificates - they are in a working state, CA is connected to client, everything looks normal.
Trying to get via Chrome - I'm getting the connection, but it is unsecured (can't connect to https). (But I still can connect Chrome, and use all the requests in Google Rest Client.)
In IE I'm getting ERR_TUNNEL_CONNECTION_FAILED.
What am I doing wrong here?
SOLVED. Had the same serial_number for both client and server certificates
SOLVED. Had the same serial_number for both client and server certificates
I made HTTP proxy server. But the problem that I can't decrypt SSL traffic.
I found that Fiddler install Trust Root Certificate. I did the same and now I don't have error that certificate untrusted but I got other error: wrong Common Name (CN). How fiddler change the CN of installed trusted certificate?
Will appreciate any answer.
Fiddler acts as an SSL termination proxy.
I.e. the connection goes like this:
Browser ---(SSL handshake)---> Fiddler --- (SSL handshake) ---> Actual Site
So your connection is first time encrypted and sent to Fiddler, where it is first decrypted by Fiddler and then again encrypted to be sent to the actual site that you access.
Additionally when you access a site Fiddler automatically generates a server certificate with a CN that is equal to the host name of the site and this certificate is signed by the CA of fiddler That's why Fiddler needs to install a set of trusted CAs in your browser so that the first SSL handshake can be made against a trusted authority.