After updating Xcode to latest version Xcode Server can not be turned on. It fails with error:
Could not export API server SSL certificate: Error Domain=XCSSecurity Code=-1 "OpenSSL: Error decrypting key
4304406060:error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/apple/hmac/hmac.c:188:
4304406060:error:06FFF078:digital envelope routines:CRYPTO_internal:keygen failure:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/evp/evp_pbe.c:166:
4304406060:error:23FFF073:PKCS12 routines:func(4095):pkcs12 algor cipherinit error:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/pkcs12/p12_decr.c:83:
4304406060:error:23FFF075:PKCS12 routines:func(4095):pkcs12 pbe crypt error:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/pkcs12/p12_decr.c:133:
" UserInfo={NSLocalizedDescription=OpenSSL: Error decrypting key
4304406060:error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/apple/hmac/hmac.c:188:
4304406060:error:06FFF078:digital envelope routines:CRYPTO_internal:keygen failure:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/evp/evp_pbe.c:166:
4304406060:error:23FFF073:PKCS12 routines:func(4095):pkcs12 algor cipherinit error:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/pkcs12/p12_decr.c:83:
4304406060:error:23FFF075:PKCS12 routines:func(4095):pkcs12 pbe crypt error:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75.60.3/libressl-2.8/crypto/pkcs12/p12_decr.c:133:
}
Development and Xcode Server runs on the same Mac machine.
I have tried to restart xcscontrol, but it did not help.
sudo xcscontrol --reset
In my case here is no SWE folder at this location:
/System/Volumes/Data
How I could fix "Could not export API server SSL..." error?
It looks that needs to install macOS 12.3 beta and use Xcode 13.3 beta or 13.2.1.
If here is another way on fixing this problem I would like to know.
More discussion can be found here.
Related
I am having an issue with a lab server I am running using CentOS 9, when I'm trying to install Grafana, the GPG check fails. This is the output I get:
Importing GPG key 0x24098CB6:
Userid : "Grafana <info#grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
Key import failed (code 2). Failing package is: grafana-8.5.5-1.x86_64
GPG Keys are configured as: https://packages.grafana.com/gpg.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
When I try the same on my local Fedora 35 machine, I get this:
Importing GPG key 0x24098CB6:
Userid : "Grafana <info#grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
Key imported successfully
Running transaction check
The packages being downloaded are the same grafana-8.5.5-1.x86_64.rpm, I am using dnf for both installations, and the grafana.repo files are both the same:
[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
I know I could just turn off the gpg checking, but I am not comfortable with a solution like that.
Any help resolving this would be greatly appreciated! Let me know if I should supply any more information.
I've quite recently swapped over to CentOS and Fedora, so I apologize if this has been resolved before, but I was unable to find it.
There has been some change with the default crypto policies in CentOS streams 9.
update-crypto-policies --set DEFAULT:SHA1
The packages need to be re-signed with a SHA256 or SHA521 key instead of SHA1.
Ref: https://access.redhat.com/articles/6846411
We installed Kubeflow 1.0 on Kubernetes 1.15.16 (with Azure) and we have an issue with SSL certificate when trying to install pip package in Jupiter Notebook. The same issue also appear when trying to install directly the package from the docker container used for the Notebook Server:
In order to provide more context about the mentioned issues, here are attached some outputs that contain the errores mentioned within.
Issues found during installation of ‘nose’ package
If we try:
pip install --index-url=https://pypi.python.org/simple/ nose
Output is:
WARNING: Certificate did not match expected hostname: pypi.python.org.
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError
Could not fetch URL https://pypi.python.org/simple/nose/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/nose/
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/pip/
Similar issue also happen using curl:
! curl https://pypi.org
Output:
curl: (51) SSL: no alternative certificate subject name matches target host name 'pypi.org'
We tried to ignore the SSL verification using
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org
But is also raise an error:
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
We dont know where to start to solve this...
Any help would be welcome!
Thanks a lot in advance!
I got a same exception in kubeflow with Azure.
This command work for me:
pip install xgboost -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
pypi.douban.com is a chinese mirror url.
But when I go to the next step, I got the same ssl ca error when use kubeflow sdk in python. I'm still finding solution.
Receiving the CKR_GENERAL_ERROR when the application tries to open a connection to the H/W HSM.
The error in detail is:
50004-Crypto API could not be open.
Caused by: xxx.xxx.xxx.cryptoapi.CryptoApiSysException: Error opening session!!
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_Initialize(Native Method) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
at iaik.pkcs.pkcs11.Module.initialize(Module.java:307) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
Could anyone please tell what might be the reason for this error? The application works fine with the software HSM.
H/W HSM details:
ProtectToolkit C Key management utility : 4.2.0 (even tried with 4.3.0)
Manufacturer : Eracom
Hardware version : 66.00
Firmware version : 2.02
CKR_GENERAL_ERROR is the general error message thrown by most of the PKCS#11 complaint API. Since you have the error while connecting to the HSM hardware Please make sure you do the following things:
You have successfully done the client (you app) to h/w hsm NTL configuration. Here's a link!
Verify that you have a valid slot number and partition password (PIN) while opening the session and login to the hsm.
Also, you can check HSM logs (usually residing on your hsm client installation directory in your application) to know what is the exact cause for the problem. Here's You can refer to my previous response on finding luna safenet client logs!
I am trying to install solaris studio 12.3 on a Solaris 11 x86 machine.
I have downloaded oracle cert and key from mentioned link, but while publishing am getting following error.
pkg set-publisher -k Oracle_Solaris_Studio.key.pem -c Oracle_Solaris_Studio.certificate.pem -g **PORTAL** solarisstudio
pkg set-publisher: The origin URIs for 'solarisstudio' do not appear to point to a valid pkg repository.
Please verify the repository's location and the client's network configuration.
Additional details:
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
1: Framework error: code: 7 reason: Failed connect to pkg.oracle.com:443; Connection refused
URL: '**PORTAL**' (happened 4 times)
2: Framework error: code: 28 reason: Connection timed out after 60000 milliseconds
URL: '**PORTAL**' (happened 4 times)
Please let me know if further information is required.
NOTE PORTAL - https://pkg.oracle.com/solarisstudio/release
Configuring correct proxy settings as pointed out by alanc, resolved the issue.
I am creating a sencha application and i want to run it on BB10 device. I have requested for signin Key files from BlackBerry and received two .csj registration files by mail . For signing my application i am using this command :
blackberry-signer –register –csjpin 01234567 –storepass mcube F:\BB10Key-28Feb\client-PBDT-1975809.csj F:\BB10Key-28Feb\client-RDK-1975809.csj
It gives error :
"Error: Keystore load: DerInputStream.getLength(): lengthTag=109, too big."
I don't have any idea about it that how it will be solve .
Welcome to StackOverflow.com
I think you are passing wrong files to the signer.
blackberry-signer -register -csjpin <csj pin>
-storepass <KeystorePassword> <client-RDK-xxxxxx.csj file>
<client-PBDT-xxxxx.csj file>
I see you are passing PBDT key first in place of RDK key.
Your code would be like this (please do not copy paste this command when signing yourself as this is for demo puposes only)
blackberry-signer –register –csjpin 01234567 –storepass mcube F:\BB10Key-28Feb\client-RDK-1975809.csj F:\BB10Key-28Feb\client-PBDT-1975809.csj
You should pass RDK key then PBDT key. Modify your bar signer tool command and run again with correct parameters. For more info visit Set up for signing BlackBerry 10 apps and Signing your BlackBerry 10 application.
If this solves your problem, check this as answer.