When I access website API using https, the ASIHTTPRequest can't get response. I got the error below:
ASI error:: Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (possibly a bad/expired/self-signed certificate)" UserInfo=0x4e5ccd0 {NSUnderlyingError=0x4e5ce40 "The operation couldn’t be completed. (OSStatus error -9807.)", NSLocalizedDescription=A connection failure occurred: SSL problem (possibly a bad/expired/self-signed certificate)}
I guess I got this error because I generated the SSL certificate by myself, instead of purchasing one. Is that right? Does "SSL problem (possibly a bad/expired/self-signed certificate)} " mean i should purchase a SSL certificate for my server?
You're correct, a self-signed SSL Cert will cause this error. That said, you're not forced to purchase an SSL Cert.
If this were for an internal application, I'd just disable the Cert check with the following:
[request setValidatesSecureCertificate:NO];
Related
In Objective C Socket based SSL communication , with property ‘kCFStreamSSLValidatesCertificateChain’ set to ‘YES’ we are not able to establish the SSL connection with server even with globally trusted certificate which is part of the system keychain.
When we set above property to 'NO' then we are able to establish the connection even with self-signed or custom certificate which is not part of keychain.
Could some one help me to understand ,how SSLValidatesCertificateChain validation happens and how to make it work in our case for Global Trusted Root Certificates.
For Ex:Digicert Global Root CA)
Exception we get is
CFNetwork SSLHandshake failed (-9807)
2022-07-21 18:38:09.921000+0530 MSCA[21431:380392] TCP Conn 0x600002d69600 SSLHandshake failed (-9807)
2022-07-21 18:38:09.927247+0530 MSCA[21431:380392] [NATIVE] Stream event error: The operation couldn’t be completed. (OSStatus error -9807.)
2022-07-21 18:38:09.927412+0530 MSCA[21431:380392] [NATIVE] openErrorEventHandler. Code -9807
Appreciate your help.
Thanks
Crosschecked the issue by disabling ATS and Removing Root Certificate from keychain , but still able to establish the connection with server with property "kCFStreamSSLValidatesCertificateChain" set to 'NO'
I wrote this script around 4 months ago, everything was working fine. But when I returned to this code yesterday I got the following exception:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1108)
this happens when I run the following:
client = xmlrpc.client.ServerProxy('{}/xmlrpc/2/common'.format(odoo_server), allow_none=True)
what might be the problem?
This solution might help you out in your situation.
import ssl
xmlrpc.client.ServerProxy('{}/xmlrpc/2/common'.format(odoo_server), allow_none=True,verbose=False, use_datetime=True,context=ssl._create_unverified_context())
whats the value in odoo_server, try without http or https. try with your ip or just the domain name
I am getting below certification error while i am trying to call any API https://:8243/ from a react based frontend application. I have defined my rest API in wso2 EI 6.3. I am not using wso2 APIM.
What i did to resolve this issue:
1. I created a new self signed certificate and created a new key store. Updated carbon.xml, axis2.xml file. Restart the server. I am able to see my certificate in wso2 Ei GUI.
2. I accepted the certificate in browser.
But still i am not able to get rid of this error.
Is this error coming due to self signed certificate? If i will be using any CA signed certificate then this issue will not be there?
Any help or pointer is highly appreciated.
[2020-04-07 08:54:48,841] [-1] [] [HTTPS-Listener I/O dispatcher-2] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
BR//
Vipin Nirwal
I was able to resolve this issue. I followed the below steps.
I created a self CA first. Then created a certificate signed by my own CA. Import the root certificate of my CA into the browser As this CA needs to be trusted by browser.
After this update carbon.xml, files inside axis2 directory and catalina-server.xml file with proper jks file and password for keystores.
Restarted the server.
You can try to debug it yourself by enabling SSL debug logs in the EI server. In the SSL logs, you can check whether the client certificate and the server certificate is matching. Have a look at the following blog.
https://medium.com/#nipunadilhara/enabling-ssl-debug-logs-for-wso2-products-30833d5de88e
When I try "rbt post" I get this error "ERROR: Could not reach the Review Board server at http://reviewboard.company.com/: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)"
If it is an internal company FQDN, try to find out whether you requesting over a companies proxy. If so, please delete your proxy envs and try again
I have just installed Orbeon 3.9 CE on a WebSphere WAS 7.0 environment all was looking well but when I tried to add a form I got and error sating "peer not authenticated".
I turned on debugging in the log4j.xml file and this is what I got out of it:
2011-05-27 16:34:13,051 ERROR ProcessorService - Exception at oxf:/apps/fr/components/components.xsl (executing XSLT transformation)
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.ibm.jsse2.fc.getPeerCertificates(fc.java:46)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:488)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.orbeon.oxf.resources.handler.HTTPURLConnection.connect(HTTPURLConnection.java:219)
at org.orbeon.oxf.util.Connection.connect(Connection.java:494)
at org.orbeon.oxf.util.Connection.open(Connection.java:94)
at org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.openConnection(URLGenerator.java:817)
at org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.getResourceMediaType(URLGenerator.java:770)
at org.orbeon.oxf.processor.generator.URLGenerator$1.readImpl(URLGenerator.java:420)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl$TopLevelOutputFilter.read(ProcessorOutputImpl.java:263)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl.read(ProcessorOutputImpl.java:406)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:260)
at org.orbeon.oxf.processor.pipeline.TeeProcessor$TeeProcessorOutputImpl.readImpl(TeeProcessor.java:89)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl$TopLevelOutputFilter.read(ProcessorOutputImpl.java:263)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl.read(ProcessorOutputImpl.java:406)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:260)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsTinyTree(ProcessorImpl.java:286)
at org.orbeon.oxf.processor.ProcessorImpl$3.read(ProcessorImpl.java:315)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:365)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:330)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsTinyTree(ProcessorImpl.java:313)
This looks like an error that would happen if you use HTTPS with an invalid certificate (such as a self-signed certificate). If this is what you are doing, you can either:
Add the your certificate to your VM trust store. (I'll let you lookup how to do this on WebSphere.)
Use HTTP instead of HTTPS, at least during development where you don't have a valid certificate.
Get a real certificate, for instance from StartSSL which issues class 1 certificate for free.