I have been trying to generate a SSL certificate for local testing. When I cd into /xampp/apache/ and run makecert I get the following error:
WARNING: Can't open config file: ./bin/openssl.cnf
...
Error opening Private Key privkey.pem
How can that be fixed?
There is a wrong path to the openssl.cnf in the makecert.bat.
Just edit makecert.bat to fix the path:
set OPENSSL_CONF=./conf/openssl.cnf
Related
I'm using Windows 10 using Git Bash.
My company's laptop uses Zscaler and I've trying to get nvs from this repository:
https://github.com/jasongin/nvs#nvs-node-version-switcher
export NVS_HOME="$HOME/.nvs"
git clone https://github.com/jasongin/nvs "$NVS_HOME"
. "$NVS_HOME/nvs.sh" install
The first issue I got was error 60:
cURL error 60: SSL certificate problem: unable to get local issuer certificate and send me to cURL documentation.
These errors are potentially caused by Zscaler. I went to this website: https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trusted-store and added the CA following this:
Exporting Zscaler root certificate
You will need to export the Zscaler root certificate to be able to add it to application custom trust store. To do this with Chrome follow the steps below. Different browsers will have different ways of doing this, google as required.
Settings
Privacy and Security
Manage Certificates
Trusted Root Certification Authorities
Select Zscaler Root CA
Export using the Wizard (DER .cer format)
I converted from .cer to .pem
Then added the cacert certification:
echo "cacert=<Path to Certificate>/ZscalerRootCA.pem" >> $HOME/.curlrc
After doing that, the new error I got is this:
curl: (77) error setting certificate verify locations: CAfile: /c/Users/xxx/CAZscaller/rootAM.pem CApath: none
Failed to download node binary.
If anyone has any idea on how can I fix this and finally get access to nvs I really appreciated. (Please note I'm not using PHP).
Fresh install of Mediawiki 1.37.2 on Ubuntu gives an error with the visual editor:
Error contacting the Parsoid/RESTBase server: (curl error: 77) Problem with the SSL CA cert (path? access rights?)
in LocalSettings.php is only put:
wfLoadExtension( 'VisualEditor' );
How could this be solved?
Can well be a permission issue. Make sure that your certificate is readable by both root and web server user (probably, www-data). Can be done by chown root:www-data fullchain.pem privkey.pem; chmod g+r fullchain.pem privkey.pem.
I found the answer to the problem:
This page helped out: https://github.com/curl/curl/issues/3793
It is caused by a wrong certificate being used on curl. To fix the problem the following was executed:
Download the cacert.pem file from the Curl's site: https://curl.haxx.se/docs/caextract.html;
Place certificate inside the domain's root directory.
Specify the path to it in php.ini.
curl.cainfo = /var/www/vhosts/example.com/httpdocs/cacert.pem
I have Matomo 4.7.1 installed on RHEL8 and am getting an error message when running the core archive.
/opt/matomo/matomo-4.7.1/plugins/GeoIp2/GeoIP2AutoUpdater.php(175): GeoIP2AutoUpdater: failed to download 'https://download.db-ip.com/free/dbip-city-lite-2022-03.mmdb.gz' to '/opt/matomo/matomo-4.7.1/tmp/latest/DBIP-City.mmdb.gz.download': curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was: download.db-ip.com [Query: , CLI mode: 1]
Our company uses a self signed cert and it is installed on this server and Apache and PHP both work as expected. I can use command line curl to download the file given in the error message with no problems, but running the core archive always shows the error. I also added the option to accept invalid ssl certificates and that didn't help.
php /opt/matomo/matomo/console core:archive --url=https://myserver.com/matomo/ --accept-invalid-ssl-certificate
I also updated the php.ini file with the path to the pem file and that didn't work.
curl.cainfo = "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
Is there anything else I am missing or can check?
Turns out there is config item for Matomo where you can set it to use your custom pem file instead of the one included with Matomo.
https://forum.matomo.org/t/certificate-issues-during-update/30238/8https://matomo.org/faq/troubleshooting/faq_34226/
To solve this issue, you are able to provide your own cacert file that trusts your proxies certificate. To use your own file, follow these steps:
1. Upload your cacert.pem file in a folder on your server such as /path/to/your/cacert.pem
2. Add custom_cacert_pem = "/path/to/your/cacert.pem" to the [General] section of your config file config/config.ini.php.
3. Make sure the certification is readable by your webserver.
I've tried to follow the following tutorial to setup our own private registry (v2) on an AWS Centos machine.
I've self signed a TLS certificate and placed it in /etc/docker/certs.d/MACHINE_STATIS_IP:5000/
When trying to login the registry (docker login MACHINE_IP:5000) or push a tagged repository (MACHINE_IP:5000/ubuntu:latest) i get the following error :
Error response from daemon: Get https://MACHINE_IP:5000/v1/users/: x509: cannot validate certificate for MACHINE_IP because it doesn't contain any IP SANs
Tried to search for an answer for 2 days, however I couldn't find any.
I've set the certificate CN (common name) to MACHINE_STATIC_IP:5000
When using a self signed TLS certificate docker daemon require you to add the certificate to it's known certificates.
Use the keytool command to grab the certificate :
keytool -printcert -sslserver ${NEXUS_DOMAIN}:${SSL_PORT} -rfc > ${NEXUS_DOMAIN}.crt
And copy it your client's machine SSL certificates directory (in my case - ubuntu):
sudo cp ${NEXUS_DOMAIN}.crt /usr/local/share/ca-certificates/${NEXUS_DOMAIN}.crt && sudo update-ca-certificates
Now reload docker daemon and you're good to go :
sudo systemctl restart docker
You can also use the following command to temporarily trust the certificate without adding it your system certificates.
docker --tlscert <the downloaded tls cert> pull <whatever you want to pull>
I have a Meteor app I am deploying to a Digital Ocean Ubuntu server via MUP. It works great without SSL, but I can't figure out the SSL part.
I Purchased a Comodo SSL Cert. They sent me 4 .crt files. I can the following command:
cat cert1.crt cert2.crt cert3.crt mydomain.crt > ssl.pem
I then put that ssl.pem file in the root directory locally. Added "ssl": {"pem":"./ssl.pem"} to my mup.json file and ran mup setup -- everything is succesful until:
[45.55.225.190] x Verifying SSL Configurations (ssl.pem): FAILED
-----------------------------------STDERR-----------------------------------
Trying to initialize SSL contexts with your certificatesError loading rsa private key
-----------------------------------STDOUT-----------------------------------
----------------------------------------------------------------------------
I'm not even sure how to troubleshoot this. I ran a quick find on the server and the ssl.pem is there, so mup successfully sent the file over, but it seems stud is not verifying the file or not finding it?
Turns out I was running into two different problems. First, you have the put the certificate files in a very specific order. Second, I was not including my key file. The command to create the .pem file needed was:
cat mydomain.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt mydomain.nopass.key > ssl.pem
This blog post at DeveloperSide.NET helped me tremendously.