I have unrealirc running on my aws and it is compiled with ssl. I downloaded the server.key.pem to my machine. When I try to connect to the server I getSSL Error: ssl not available
I can log into aws through a terminal with my server key.
02[10:48] * Connecting to ec2-xx-xx-xx-114.compute-1.amazonaws.com (+6697)
-
02[10:48] * SSL error: ssl not available
-
02[10:48] * Connect cancelled
Also I added the correct port to my Security Group
Any Suggestions?
Are you missing the openssl shared libraries on your ec2 instance? That seems unlikely but without more info seems most likely from the error.
On a Redhat based image try:
yum search ssl
and Debian try
apt-cache search ssl
That will tell you what ssl libraries are installed.
Related
By "not working" I mean the page loads with an http:// prefix. If I manually type https:// it times out. I'm hoping that someone who has done this before can glance at the tutorials and see what might be missing.
The tutorials I've tried all tend to be the same:
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-debian-8
https://wiki.debian.org/Self-Signed_Certificate
If I test the SSL connection with an online utility such as:
https://www.sslshopper.com/ssl-checker.html
I get this error:
No SSL certificates were found on mywebsite.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.
Relevant info:
$ sudo uname -a
Linux ip-172-26-14-207 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2018-10-08) x86_64 GNU/Linux
Running in an AWS Lightsail instance with Debian (OS only) and LAMP stack installed.
Solved it! After using nmap, wget, telnet, etc. to verify that port 443 was open locally but not externally, I remembered that my AWS Lightsail instance was a virtual private server and I might need to configure the VPS. Sure enough, in the Lightsail web interface there is a firewall setting.
Lightsail landing page > Manage instance > Networking > Firewall
I am on a very newby level when it comes to AWS and SSL.
I got an SSL from GoDaddy. After that I generated the .csr file on AWS and I got an elastic IP. I created a subdomain on godaddy sub.mydomain.com that points to that IP.
I installed the certs following the instructions a found online, but now I get an error. I've tried installing apache2 on the EC2 and rebooting the instance but no luck yet.
Is there a way to remove the SSL cert or Fix the issue? When I got the SSL from GoDaddy, the zip had 2 files and ran the following command to install them:
sudo java -jar lib/ace.jar import_cert gd_bundle-g2-g1.crt gdroot-g2.crt sfroot-g2.crt 54581acbeba8a74e.crt
System said the certs were installed but now as I get that error, on the EC2 we have a unifi controller and we want to get that SSLrunning to accept payments for the hotspot.
I had the same issues my controller is hosted on an EC2 instance.
Check your system.properties which sits in /var/lib/unifi/ open the file with vim or your text editor of choice.
Have a look at your HTTPS options, the important ones are the ciphers and protocols.
The Protocols you need are TLSv1 and potentially SSLv2Hello there should be no other SSL protocols in there.
The Ciphers you ideally want are TLS, so for example TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA
If you are having issues throw them all in, CAUTION! only use this in a demo /test environment.
unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
Remember once you have edited the system.properties you need to restart the controller.
sudo service unifi restart
Lots of help on the Unifi page
UniFi - SSL Certificate Error
UniFi - Explaining the config.properties File
UniFi - system.properties File Explanation
I am having a trouble related with SSL certificates.
I have a server running service in a docker container, I installed Caddy and get the SSL certificate for the site. Now, from other server I want to consume the service with HTTPS, but I get:
x509: certificate signed by unknown authority exit status 1
And, it seems to be a common issue when using docker + SSL. What should I do? thanks
Install the ca-certificates package.
I'm trying to diagnose this error:
Getting distribution for 'zc.buildout<2dev'.
Got zc.buildout 1.7.1.
Generated script '/opt/mytardis/releases/a549cd05272afe8f16c2fe5efe8158490acbde82/bin/buildout'.
Download error on http://pypi.python.org/simple/buildout-versions/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Couldn't find index page for 'buildout-versions' (maybe misspelled?)
Download error on http://pypi.python.org/simple/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Getting distribution for 'buildout-versions'.
STDERR: /usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'src_root'
warnings.warn(msg)
While:
Installing.
Loading extensions.
Getting distribution for 'buildout-versions'.
Error: Couldn't find a distribution for 'buildout-versions'.
It happens deep inside a Chef + buildout installation stack. One thing I have discovered is that if I attempt to access the buildout-versions package directly:
$ wget https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz#md5=731ecc0c9029f45826fa9f31d44e311d
--2013-07-09 12:50:18-- https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz
Resolving proxy.redacted.com... 123.45.67.8
Connecting to proxy.redacted.com|123.45.67.8|:8080... connected.
ERROR: certificate common name “*.a.ssl.fastly.net” doesn’t match requested host name “pypi.python.org”.
To connect to pypi.python.org insecurely, use ‘--no-check-certificate’.
I can access the file fine from my desktop. So I suspect the proxy (provided by a university, and this server has to use it to reach the web). It's set with https_proxy=....
Is this the likely cause of buildout failing? Any way around it?
Your version of wget is too old.
wget started to support SNI (Server Name Indication) only since version 1.14 and that TLS extension is needed to be presented the correct certificate on pypi.python.org.
Yes, zc.buildout and easy_install both use urllib2 to retrieve HTTPS resources, which does not verify SSL certificates:
Warning: HTTPS requests do not do any verification of the server’s certificate.
Your wget tool does verify certificates, but your local certificate authorities certificates are incomplete, it seems; see SSL certificate rejected trying to access GitHub over HTTPS behind firewall for instructions on how to update those.
As for your original error, it appears your firewall proxy is doing the peer resets.
As per PEP 476, Python 2.7.9 remedies this situation. From that version onwards, urllib2 will verify SSL certificates by default.
Since Python 2.7.9 (released) / 3.4.3 (released soon), certificates are validated by default:
HTTPS certificate validation using the system's certificate store is
now enabled by default. See PEP 476 for details.
https://www.python.org/downloads/release/python-279/
you can try it:
wget http://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg#md5=fe1f997bc722265116870bc7919059ea --no-check-certificate
I configured a OpenShift installation in CentOS 6.3 using the follow tutorial: https://openshift.redhat.com/community/wiki/build-your-own
All services are OK, up and running.
However, when I try to connect my rhc client to my server (running the follow commands), a SSL error appears. Appears that i've to trust my Self-Signed SSL Certificate. I'm using OS X, so I added the .cer file to keychain. This made acessing the https URL from Safari appears OK, however the rhc command's still with error.
Mac-de-Ariel:~ ariel$ export LIBRA_SERVER=MY_DOMAIN
Mac-de-Ariel:~ ariel$ rhc server
/Users/ariel/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: (null) (OpenSSL::SSL::SSLError)
Full error: https://gist.github.com/0e9019f39c59512eb54b
'rhc server' doesn't work against Origin servers yet - right now it only works against openshift.redhat.com. I would recommend trying:
LIBRA_SERVER=yourhost rhc setup
Setup will run against your provided server and do the necessary config, and then save the server variable into the ~/.openshift/express.conf file for future use.