I have implemented SSO login to argocd through Active Directory.
When I try to access argocd, I get error :
Your connection is not private
Attackers might be trying to steal your information from argo-cd.daa.pks.dell.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
When I check the logs of argocd pod, I see this error :
finished unary call with code Unauthenticated" error="rpc error: code = Unauthenticated desc = no session information" grpc.code=Unauthenticated grpc.method=List grpc.service=application.ApplicationService grpc.start_time="2022-05-02T02:06:34Z" grpc.time_ms=5.178 span.kind=server system=grpc
But when I open ArgoWorkflow and try to open argocd, it works.
Please help me in understanding what is the issue?
You have to use a trusted certificate (by a certificate authority like letsencrypt for example if you want to use it on internet)
Example: (sorry it's in French but you got the point)
https://blog.blaisot.org/letsencrypt-wildcard-part1.html
https://blog.blaisot.org/letsencrypt-wildcard-part2.html
However if it's in your enterprise network, just ask for an SSL certificate from the authority of certification and use it. ( https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/ )
You can also disable TLS/ssl to avoid this kind of error if you want.
Bguess
Related
Is it possible to have Wazuh Manager served through custom SSL certificates? The wazuh-certs-tool gives you a self cert, and every other way to get it served through SSL has failed.
The closest I've gotten to getting this to work is I've had the dashboard being served by a custom SSL, I had agents connecting to it successfully and providing a heartbeat, but had zero log flows or events happening. When I had it in this state, I saw the API calls were coming from what appeared to be a Java instance, erroring out complaining about receiving certificate. I saw a keystore file located at /etc/wazuh-indexer. Do I also need to add the root-ca cert here as well?
It seems that your indexer's excepted certificates do not match the certificates in your manager or the dashboard.
If you follow the normal installation guide, it shows how and where to place your certificates, that are created using the wazuh-cert-tool. But, certificates can be created from any other source, as long as they have the expected information, you can check that informationenter link description here here.
I would recommend you follow the installation steps in the installation guide, from scratch to make sure you copy each excepted certificate in it's place and that the configuration files for your indexer, dashboard, and manager take into account the correct files. All you would need to change, the creation of the certificates, to have your own custom certs.
In case of further doubt, do not hesitate to ask.
Hello I am very much a beginner in this field but I am attempting to use a -wget given by website to download a database. However I get the following error:
ERROR: cannot verify <domain name>'s certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to <domain name> insecurely, use `--no-check-certificate'.
I don't want to use the --no-check-certificate certificate, how else can I solve this issue?
Thank you!
The cirtificate has expired, there is nothing you can do.
It's the responsibility of the domain owner to issue a new certificate.
I would advice you to not use --no-check-certificate, as a connection with an invalid certificate might not be secure.
If the domain owner wont issue a new certificate, you have no option besides ignoring the invalid certificate (--no-check-certificate).
I'm trying to revoke some SSL certificates for private routes from the developer console. Some of them were successfully revoked, but some others cannot be revoked:
Revoking certificate for mydomain.com failed.
A running revoke process
in init status exists for the domain 'mydomain.com'.
I waited for while and tried again, but I still can't revoke the certificates. I've been trying this since yesterday, waiting about 8h since the last time I tried.
How can I revoke these certificates ?
I saw on Swisscom Extensions API documentation that there's a request to do manually revoke a SSL certificate (https://api.lyra-836.appcloud.swisscom.com/api-doc/#!/Certification_Processes/put_custom_certifications_revoke), but how am I supposed to log in to get a token ?
Due to various reasons the certification revoke process can fail and in some cases an automatic resolution is not possible. Please contact Swisscom's Developer Support and give them the ORG, SPACE and domain affected.
To interact with the API directly follow these instructions to login and then use i.e. cf curl -X GET /custom/accounts to execute requests against the Cloud Controller.
When generating certificate via directadmin using letsencrypt for mail.domain.com, directadmin told me that it generated a certificate called:
letsencrypt.key
But in order to make the mail.domain.com contains the certificate, I have to edit the dovcot config like below:
ssl_cert = </etc/letsencrypt/live/YOURSITE/fullchain.pem
ssl_key = </etc/letsencrypt/live/YOURSITE/privkey.pem
But as shown above dovcot only take 2 parameters for certs and I only have letsencrypt.key
How do I point this certificate in dovcot so, that it will use let's encrypt certs ?
UPDATE:
I read that the built-in feature letsencrypt in DA actually combined the cert into one. I search Google and redirected to a site that we can manually install the DA letsencrypt so that it will generate 3 files for certs where I can use to link in dovcot.
So in order to do this do I have to disable the built in feature of DA Let's encrypt?
The URL: https://www.interserver.net/tips/kb/letsencrypt-support-directadmin-control-panel/
Is this the best way? What about the renewal process? Will directadmin handle the cert's renewal process or we need to create cronjob for that ? I'm lost.
My aim is just to enable certificate for the mail.domain.com (using let's encrypt) so when I log in using 3rd party email client, it would not complain about invalid certs.
I never heard about mail_sni someone pointed out that I should use this to make it work. Following this documentation, everything is working:
http://forum.directadmin.com/showthread.php?t=56297
We're just going live with the Intuit API feature on our live application. We finished the last step of the process by uploading the X.509 certificate signed by Comodo PositiveSSL CA. Though our production access status shows up as ready now, we are having a problem using the production OAUTH credentials. We get an unauthorized exception using these credentials. The development OAUTH credentials work fine though. We also tried using Thawte SSL 123 but no luck even with that.
Also, the actual expiry date of the X.509 certificate, we uploaded is 16-Mar-2014 but when we upload this to the Intuit settings page, it shows expired (0/1/1). Please advice.
Adding the update here to this question- issue was with pointing to the wrong PFX file.