I am trying to add a self-signed certificate to one of my apps on Heroku. I have followed the guides from the Dev Center.
https://devcenter.heroku.com/articles/ssl and https://devcenter.heroku.com/articles/ssl-certificate-self
After I have generated the self-signed cert I try to add the cert by
heroku certs:add server.crt server.key
And get the error message:
Resolving trust chain... failed
! No certificate given is a domain name certificate.
I am not sure what that means or how to fix the problem.
You have to set the CN to the domain you're issuing the certificate for.
Related
I am trying to connect to a webserver from my CentOS but I got an error regarding the certificate.
curl https://mywebsite ends with error 60 : Peer's certificate issuer is not recognized.
I am not able to add my CA certificate issuer.crt to the ca-bundle.crt.
Looking at /etc/pki/tls/certs/ca-bundle.crt.
My website certificate issuer is missing, that's why i got an error.
Verifying my CA_issuer_crt with curl --cacert /path/to/my/CA_issuer.crt https://mywebsite
Curl is successful.
So, trying to add my CA_issuer.crt to the ca-bundle.crt
I put my CA_issuer.crt to /etc/pki/ca-trust/source/anchors/CA_issuer.crt
running update-ca-certificate
Tried the followings
update-ca-certificate enable update-ca-certificate force enable update-ca-certificate extract
My /etc/pki/tls/certs/ca-bundle.crt seems updated (the last modified date is right now) but my CA certificate is still missing in the file + my curl test is still KO.
My certificate is an authority CA certificate is X509v3 Basic Constraits: CA:TRUE
openssl verify my CA_issuer.crt gives me an error.
18 at 0 depth lookup:self signed certificate OK
This CA certificate is deployed on several servers without issue.
I only have a couple of servers with this issue.
Any help is welcome to find a solution.
Thank you.
I am trying to add SSL cert to heroku.
When I try to add a certificate
heroku certs:add server.crt server.key --type endpoint
I am getting following error.
Resolving trust chain... done
Adding SSL certificate to ⬢ myapp... !
Only one SSL endpoint is allowed per app (try certs:update instead).
And when I try to update certificate as below
heroku certs:update server.crt server.key --type endpoint
I am getting following error
myapp has no SSL certificates
And when I check for SSL certificates
heroku certs
Here's the output
myapp has no SSL certificates.
Use heroku certs:add CRT KEY to add one.
I am unable to add SSL certificate to heroku.
Please help me out. Thanks in advance.
You can add certificates directly from setting sub menu.
Add domain
Click on configure SSL
Add priva6 key and crt
If using pointdns update target values
So we have a self-hosted version of Atlassian BitBucket running on Ubuntu server which holds the code repository. We use a SSL certificate from DigiCert . Every year we renew the certificate which has never caused issues. However this time most of the developers are getting the following error when pushing and pulling code from GIT after the certificate was renewed
fatal: unable to access : SSL certificate problem: unable to get local
issuer certificate
Another Error:
fatal: unable to access : Peer's Certificate issuer is not
recognized.
However, when we try to access the website using Chrome (or any other browser), it works fine and there is no error
All searches online point to this error when you're using a self-signed or internal PKI certificate. We are totally stumped on why a certificate issued by a public authority like DigiCert is getting this error.
Any help on this would be highly appreciated.
Ensure the root cert is added to git.exe's certificate store as discussed here.
Tell Git where to find the CA bundle by running:
git config --system http.sslCAPath /absolute/path/to/git/certificates
or copying the CA bundle to the /bin directory and adding the following to the gitconfig file:
sslCAinfo = /bin/curl-ca-bundle.crt
Reinstalling Git.
Ensuring that the complete CA is present, including the root cert.
Check www.atlassian.com more ssl errors for resolutions.
I created a Let's Encrypt certificate using SSLforFREE. It works great in the browser, but generates an "unknown certificate" error when used with an Alexa skill. Manually uploading the certificate to the Alexa service works, but it will not work as a "trusted" certificate.
Has anyone successfully used one of these as a "trusted" certificate with Alexa?
Oh, here's what you can do:
Download the contents of your fullchain.pem cert, from /etc/letsencrypt/live/<domain>/fullchain.pem on your server
On your skill config page, select the "SSL" Tab.
Mark "I will upload a self-signed certificate in X.509 format."
Paste the contents of your fullchain.pem file.
It worked for me. Not sure if chain or cert would be enough.
Dont use sslforfree. Use Letsencrypt fullchain certificates directly
Though certificates from https://www.sslforfree.com/ utilizes letsencrypt certificate chain, amazon finds an issue while tracing to a trusted certificate authority.
This is another discussion on missing certificate chains.
The solution that will work is, Use LetsEncrypt certificates directly with chained certificates to a trusted CA certificate.
For this, use certbot in order to generate LetsEncrypt certificate on your Server and follow the steps in #aldrinleal answer.
I am already 3 hours fighting with setting SSL certificate for a Heroku app. I am following this tutorial, but when I run
heroku certs:add server.crt bundle.pem server.key --app my-app-name
I always get this error:
Resolving trust chain... failed
! No certificate given is a domain name certificate.
I have bought the SSL certificate at DNSimple. What's is still wrong, why am I missing. It makes me despair, even Google didn't help...
All help will be appreciated.
In my case the ZIP file I downloaded from my SSL provider contained 2 .crt files and I picked the wrong one when running the certs:update. Re-running with the other .crt file solved the problem
Seems like your certs and your bundle are not resolving properly, i.e. either the trust chain is broken (not all certs exist in bundle for domain -> intermediate CA -> root CA) or alternatively your cert is not valid for the domain that Heroku is expecting.
Make sure the fully qualified domain name in your cert matches the domain you are using.