Error verifying certificate when using -wget - certificate

Hello I am very much a beginner in this field but I am attempting to use a -wget given by website to download a database. However I get the following error:
ERROR: cannot verify <domain name>'s certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to <domain name> insecurely, use `--no-check-certificate'.
I don't want to use the --no-check-certificate certificate, how else can I solve this issue?
Thank you!

The cirtificate has expired, there is nothing you can do.
It's the responsibility of the domain owner to issue a new certificate.
I would advice you to not use --no-check-certificate, as a connection with an invalid certificate might not be secure.
If the domain owner wont issue a new certificate, you have no option besides ignoring the invalid certificate (--no-check-certificate).

Related

ArgoCD Your connection is not private

I have implemented SSO login to argocd through Active Directory.
When I try to access argocd, I get error :
Your connection is not private
Attackers might be trying to steal your information from argo-cd.daa.pks.dell.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
When I check the logs of argocd pod, I see this error :
finished unary call with code Unauthenticated" error="rpc error: code = Unauthenticated desc = no session information" grpc.code=Unauthenticated grpc.method=List grpc.service=application.ApplicationService grpc.start_time="2022-05-02T02:06:34Z" grpc.time_ms=5.178 span.kind=server system=grpc
But when I open ArgoWorkflow and try to open argocd, it works.
Please help me in understanding what is the issue?
You have to use a trusted certificate (by a certificate authority like letsencrypt for example if you want to use it on internet)
Example: (sorry it's in French but you got the point)
https://blog.blaisot.org/letsencrypt-wildcard-part1.html
https://blog.blaisot.org/letsencrypt-wildcard-part2.html
However if it's in your enterprise network, just ask for an SSL certificate from the authority of certification and use it. ( https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/ )
You can also disable TLS/ssl to avoid this kind of error if you want.
Bguess

ServiceFabric Secrets encrypted with certificate inside X509FindValueSecondary

I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue and X509FindValueSecondary?
SecretsCertificate uses the same formatting for other certificate options like
ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
Load the first certificated, if it is valid, use it
if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.

Alexa Echo Beta SDK - Certificate issue

Amazon recently release Echo Alexa toolkit.
I received, registered my app. Alexa clearly recognizes my app exists. However it gives this error
Request Identifier:
amzn1.echo-api.request.d969c196-8b3e-4169-99c8-20f566889760 The
certificate does not have a path to a trusted authority. This happens
if you are using a self signed certificate. Voice feedback Echo heard:
"alexa start myapp"
I verified my COMODO CA (COMODO RSA Certification Auth) is on the list of authorized CA. I ensured my certificate bundle was valid.
Is there anything specific I need to ensure my bundle.crt is in the correct order for Alexa? (there is no mention that .com is required, I am using .net)
these my COMODO filenames.
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
mydomain-net.crt
ssl-bundle.crt
stn.private.key
Excited to get this to work ... please help
SA
I am now able to communicate with Alexa without issues. the source of the problem was the order of the certs and the incorrect directives in SSL and HTTP config files for apache.
I used
openssl s_client -connect 192.237.1.1:443
to verify that the certificate
Verify return code: 0 (ok)
Initially I was able to confirm the error by code and searched and fixed it.

p12 certificate installed issue

I am trying to insalled p12 certificate but gives below error:
"Unable to import an item"
"The content of this item cannot be retrieved".
Password are correct. But the certificate is not displayed under "Keychain -> My Certificate" section.
Can anyone let me know what can be an issue?
One more thing, certificate is there under "Keychain -> Certificates" section. But there is not expand button.
When I get info of that certificate, it's give some extra information as below:
Extension: Certificate Authority Information Access
Critical: NO
Method #1: Online Certificate Status Protocol
URL: ocsp.apple.com/ocsp-wwdr01
Can anyone help me on this?
Thanks.
In response to your comments...
...leave the settings default. I encounter this issue before. I end up revoking all related certificates & private keys and re-requesting certificate with new key & certificate signing request (CSR).

Generating X.509 Certificates

I am new to Google API and I an trying to import a users Google contacts to my web-application. In between, there is an error which says :
Consumer does not have a cert:
www.spats.in
It looks like I need something called a X.509 certificate for my server. Any ideas where to get it from?
Okkay....I figured it out myself. I used the cPanel to generate a .crt certificate. I just did it by trial and error and it works now.