gcloud unable to get local issuer certificate - gcloud

Behind a corporate firewall with Symantec WSS agent.
I get this error
ERROR: (gcloud.compute.start-iap-tunnel) There was a problem refreshing your current auth tokens: HTTPSConnectionPool(host='oauth2.googleapis.com', port=443): Max retries exceeded with url: /token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
Please run:
I tried
gcloud config set auth/disable_ssl_validation True
I also pulled the certificate chain with
openssl s_client -showcerts oauth2.googleapis.com:443
and then
gcloud config set core/custom_ca_certs_file c:/temp/certs.pem
No matter what it won't get past the certificate check
I thought that disabling SSL validation would work, but it doesn't

Related

Pod injected with istio-sidecar are not created

I have installed istio with below command.
istioctl install --set profile=default -y
And I created istio-injection=enabled label to specific namespace.
But, Replicaset of that namespace occur below error.
Warning FailedCreate 12m (x20 over 53m) replicaset-controller Error creating: Internal error occurred: failed calling webhook "namespace.sidecar-injector.istio.io": Post "https://istiod.istio-system.svc:443/inject?timeout=10s": context deadline exceeded
So I used the below command in another container.
Command
curl https://istiod.istio-system.svc:443/inject
Out
Client sent an HTTP request to an HTTPS server.
root#general-component-b477fd4b8-qdfqn:/# curl https://istiod.istio-system.svc:443/inject
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
root#general-component-b477fd4b8-qdfqn:/# curl http://istiod.istio-system.svc:80/inject
curl: (7) Failed to connect to istiod.istio-system.svc port 80: Connection timed out
root#general-component-b477fd4b8-qdfqn:/# curl https://istiod.istio-system.svc:443/inject
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
There seems to be a problem with SSL, but I just did a basic install.
How can i solve this problem?

Unable to use Node-Red with token verification to request kubernetesAPI

The Node-Red flow is as follows:
Related attributes:
I have appended the Token string, why can’t I get a GET request?
The error is as follows:
"Error: unable to verify the first certificate : https://192.168.58.160:6443/api/v1/namespaces/nodes/"
If you enable SSL/TLS and create a SSL/TLS configuration for the connection you can either supply a CA certificate or disable Certificate verification.

Getting Unable to connect to the server: x509: certificate is valid for ingress.local, not rancher

As part of renewing our cluster certificate we have accidentally deleted our "tls-rancher-ingress secret" from local cluster, after that we are unable to access cluster through kubectl and getting error like "Getting Unable to connect to the server: x509: certificate is valid for ingress.local, not rancher",please guide us if there is any way to add the secret again without using kubectl?

Configuring HTTPS to a Web Service kubernetes dashboard

I just installed the kubernetes dashboard. I would like to access it in HTTPS and not in HTTP. Unfortunately when I enter the URL https://10.109.0.xx:6443
I have an error telling me that the connection is not secure.
And I would just like to avoid this kind of mistake.
Do you have any idea how I can fix this problem?
so when i want to run helm ls --tls i get the error certificate signed by unknown authority as you can see below
I have succeeded to signa URL https://xxx.cloud.net/ to go directly to the kubernetes dashboard .
# helm ls --tls
Error: Get https://10.109.0.xx:6443/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

Facebook - error Callback verification failed: SSL certificate problem: unable to get local issuer certificate

When setting up a callback URL in "Canvas payment" / "Realtime Update Subscriptions" I get the following error:
Callback verification failed: SSL certificate problem: unable to get
local issuer certificate
When I click "test callback url"
The website open fine, it's only Facebook which makes problems.
The only answer I found ( curl: (60) SSL certificate : unable to get local issuer certificate ) did not solve the problem.