I'm running Ubuntu 11.10 and I'm trying to install RVM.
I enter "bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)" and then press enter, and nothing happens. It pauses for a second and then returns to the command prompt.
RVM doesn't install. I run rmv-v and get The program 'rvm' is currently not installed.
No errors.
Any thoughts?
Thanks.
Jason
UPDATE: I removed the -s option from curl and now I see some messages. Specifically:
0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
UPDATE 2: I reinstalled Git, and now when I run curl-config --ca, I get:
curl-config --ca
/etc/ssl/certs/ca-certificates.crt
I downloaded the cacert.pem file from curl.haxx.se and created a new ca-certificates.crt file with it.
However, I'm still getting:
0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Not sure what else to try other than disabling the checking, which I'd rather not do.
The SSL certificate on https://rvm.io expired. Looks like RVM migrated to a new domain. See: https://github.com/wayneeseguin/rvm/issues/889
Related
As part of an automated build, we run download some code from github. Minimal example:
wget github.com
Recently, the command started failing with a certificate error:
URL transformed to HTTPS due to an HSTS policy
--2017-10-05 11:43:45-- https://github.com/
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
ERROR: cannot verify github.com's certificate, issued by 'CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
Unable to locally verify the issuer's authority.
I tried updating the certificate store, and wget itself:
update-ca-certificates
apt-get install wget
The error is still the same.
My wget version is GNU Wget 1.17.1, and the OS is Ubuntu 16.04.3.
You can avoid checking the validity of the certificate adding the --no-check-certificate option on the wget command-line.
The answer turned out to lie somewhere in packet configuration. Unfortunately, I am unable to tell exactly why. The suspicion is some mono version installed from a ppa was messing with our cert store.
I've been trying off and on to get a LAMP development server operational behind my corporate firewall (McAfee Web Gateway). I have a Ubuntu/Trusty64 image on a virtualbox VM provisioned through Vagrant. I cannot get "some" {most} repositories to load for a proper sudo apt-get update. I'm getting a 401 authentication required error on all 'security.ubuntu.com trusty-security/*' sources and 'archive.ubuntu.com trusty/*' sources and all fail to fetch. Therefore most all sudo apt-get install {whatever} fails and I cannot add the necessary PPA repository to install the LAMP environment I want.
I can turn off SSL verification for some things and can get many things installed - but I need SSL working correctly within this environment.
Digging deeper, I find that if I curl -v https://url.com:443, I get the
curl(60): ssl certificate error: unable to get local issuer certificate.
I have the generic bundle 'ca-bundle.crt' installed locally in /usr/local/share/ca-certificates/ and ran sudo update-ca-certificates which seemed to update ca-certificates.crt in etc/ssl/certs/.
I ran a strace -o stracker.out curl -v https://url.com:443 and searched for the failing stat() as suggested in here by No-Bugs_Hare and found that curl was looking for 'c099e901.0' in /etc/ssl/certs/ and it isn't there. Googling that particular HEXID is no joy and am stuck at this step.
Next I tried strace -o traceOppenSSL.out openssl s_client -connect url.com:443 to see if I can get more detail but can't see what causes the
verify error:num=20:unable to get local issuer certificate
followed by two other errors (I'm sure all relating to the first one), then displays the "Server Certificate" within a BEGIN / END block, followed by a bunch of other metadata. The entire session ends with
Verify return code: 21 (unable to verify the first certificate).
So, this is not my forte and I'm doing what I can to try and get this VM operational. Like I said earlier, I've been trying many things and understand most of the issue is the fact that I'm behind a McAfee firewall within my corporate structure. I don't know how to troubleshoot more than what I've explained above but I'm willing to dig deeper.
I have a few questions. Why is curl looking for that particular hex ID and where would I find or generate the beast? Are there other troubleshooting steps I should try? The VM is a server-class Ubuntu install, so I only have a SSH CLI terminal and no WindowManager GUI to work with this.
While installing Composer to XAMPP, I got some errors. My system OS was Windows 7, how can I solve this and install Composer?
Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
file_get_contents(): Failed to enable crypto
file_get_contents(https://getcomposer.org/composer.phar.sig): failed to open stream: operation failed
Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
file_get_contents(): Failed to enable crypto
file_get_contents(https://getcomposer.org/composer.phar.sig): failed to open stream: operation failed
Make sure you configured the path to the ca certificates in php.ini:
curl.cainfo=/full/path/to/ssl/certs/ca-bundle.crt
openssl.cafile=/full/path/to/ssl/certs/ca-bundle.crt
In case you don't have a ca certificate bundle download it:
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
To install Composer (without using cURL):
php -r "readfile('https://getcomposer.org/installer');" | php
Or, to install Composer (with cURL):
curl -sS https://getcomposer.org/installer | php
(If that doesn't work out, simple download the Composer PHAR via your browser.
https://getcomposer.org/composer.phar
But, you will run into the issue again, when fetching packages, until you fix the certificate issue.)
That's exactly the same issue I'm facing. While installing the Composer Installer on my Windows 7 machine I'm getting the below error:
The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Tried this:
$ curl -sS https://getcomposer.org/installer | php
stdin is not a tty
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
And this:
$ ping getcomposer.org
Pinging getcomposer.org [87.98.253.108] with 32 bytes of data:
Reply from 87.98.253.108: bytes=32 time=137ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Ping statistics for 87.98.253.108:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 137ms, Average = 129ms
My PHP version is:
$ php -v
PHP 5.5.37 (cli) (built: Jun 22 2016 16:14:46)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
I've enabled the following list in my php.ini:
extension=php_curl.dll
extension=php_openssl.dll
curl.cainfo="C:/xampp/php/extras/certs/cacert.pem"
openssl.cafile="C:/xampp/php/extras/certs/cacert.pem"
Where I've downloaded the cacert.pem from https://curl.haxx.se/ca/cacert.pem
I was missing to add the proxy settings while installation, when added it worked like charm! :)
http://username:password#your_proxy:your_port
I was having the same issue while changing php version on my Windows. Hope this could help someone.
php.ini didn't have right extensions and I just had to uncomment:
extension_dir = "ext"
extension=openssl
Check the php.ini of your php for me Im using ampps on mac and just changed it to:
curl.cainfo =/Applications/AMPPS/ca-bundle.crt
openssl.cafile =/Applications/AMPPS/ca-bundle.crt
After Updating php.ini, you need to restart your apache
You may download the ca-bundle.cer here https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and rename as ca-bundle.crt.
check attached for your reference before and after updating php.ini
FYI my certificate is trusted by GeoTrust SSL CA.
I do the following command :
npm adduser --registry https://npm.****.fr and the error thrown is UNABLE_TO_VERIFY_LEAF_SIGNATURE.
I did a lot of test to fix it.
I try with curl and fix the issue by adding my website CRT on system (/usr/share/ca-certificates/extra/***.crt then dpkg-reconfigure ca-certificates). The same error occured on NPM.
I try to specify option ca, cafile, cert, nothing change.
If I provide the option strictssl=false, it works but I don't really like this option...
Any ideas ?
I had a similar issue, following command did the trick:
npm config set strict-ssl false
export NODE_TLS_REJECT_UNAUTHORIZED=0
I fix it by adding the CA certificate to my server.
Indeed it's the CA certificate missing, not the website certificate. But it is strange that GeoTrust SSL CA is not provide with apt-get install ca-certificates.
I have one chef-server version 12.0.1 and can connect linux (rhel/centos) systems to the chef-server with knife bootstrap but cannot with windows and locally on my rhel client knife ssl check fails.
I have two problems but I think they are both related.
Problem 1 - knife ssl check fails:
Connecting to host chef-server:443
ERROR: The SSL certificate of chef-server could not be verified
Problem 2 - bootstrap windows server fails:
ERROR: SSL Validation failure connecting to host: chef-server - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Chef encountered an error attempting to create the client "desktop"
I have tried a number of things:
1) knife ssl fetch - no changes
2) I have a signed digicert crt on the server which is accepted by the management-console and chrome web browser
3) I have changed set this in the chef-server.rb
nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/hostname.crt"
nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/hostname.key"
which go to the signed certs.
Anything else I should be trying or am I being a plank?
Try running these commands on your Chef server:
mkdir /root/.chef/trusted_certs
cp /var/opt/chef-server/nginx/ca/YOUR_SERVER'S_HOSTNAME.crt /root/.chef/trusted_certs/
I was having the same problem and it was fixed after I looked through this article, and tried out the steps it gave: http://jtimberman.housepub.org/blog/2014/12/11/chef-12-fix-untrusted-self-sign-certs/
I was having the same issue using a valid wildcard certificate, although it was linux rather than windows. Looks like the issue is that the chef client uses openssl and didn't have the CA and root certificates. I was getting errors when I ran the following from the chef client server:
openssl s_client -connect chef_server_url*:443 -showcerts
I solved my issue by browsing to the chef server, inspecting the certs and exporting each cert in the chain to a single file, ordered with the issued certificate at the top, and the root at the bottom. I then used this bundled-cert as the certificate file in the chef server config file and reconfigured chef.