The connection to "FILEMAKER: 5003" is not encrypted - filemaker

I'm using FileMaker Pro 18 Advanced and when I go to Host-> Host Shows I get this error:
"The connection to "FILEMAKER: 5003" is not encrypted
This connection is not encrypted and should only be used for test purposes. Do you want to connect anyway?"
How can I fix that?

Add a valid SSL certificate to the server. It will fix this error.
If you don't care about encryption on transit, accept the prompt and connect.

Related

JDBC connection to Cloud SQL PostgreSQL is failing

I am trying to connect Cloud SQL Postgres using JDBC Using SSL without Certificate Validation.
The option I passed to the JDBC connection is "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory"
The connection fails with the below error:
[Permission denied] PSQLException: FATAL: connection requires a valid
client certificate
It seems the connect string options "sslfactory=org.postgresql.ssl.NonValidatingFactory" is not considered.
Can you please advise how to connect SSL Cloud SQL PostgreSQL without validating SSL certificate?
The server is demanding a client certificate to prove the identity of the client. This is an unusual setting, but if that is how the server is configured (via pg_hba.conf) you can't make it change its mind from the client side, other than perhaps switching to a connection method that matches a different pg_hba.conf line. But of course you can't do that unless another suitable pg_hba.conf entry exists, which is not under the client's control.
Talk to whoever is in charge of the server about either changing the configuration, or granting you a client cert.
There is no such thing as a non-validating client cert. It would be pointless: if you don't want to validate the client cert you just wouldn't demand one. If you just want encryption without validation, then the usual server cert (without validation) is entirely sufficient to do that.

SSL_accept error in log while using Postfix

So I set up a mail server on my VPS with cyberpanel and I can send emails manually through rainloop. I also have a program based on the lettre crate for Rust which runs perfectly fine on my own devices and correctly sends emails out through code. However when I try to run the program on my VPS, I get the following messages in my syslog.
globalfun postfix/smtps/smtpd[24656]: connect from localhost[::1]
globalfun postfix/smtps/smtpd[24656]: SSL_accept error from localhost[::1]: -1
globalfun postfix/smtps/smtpd[24656]: warning TLS library problem: error 14094418:SSL routines:ssl3_resl3_read_bytes: tlsv1 alert unknown ca:../ssl/rec/layer_s3.c:1543:SSL alert number 48:
globalfun postfix/smtps/smtpd[24656]: lost connection after CONNECT from localhost[::1]
globalfun postfix/smtps/smtpd[24656]: disconnect from localhost[::1] commands=0/0
I don't really understand why I can't send out emails through my program but it seems to have something to do with SSL. For reference, I have two servers on the same domain - one for my website which has an SSL installed through Let's Encrypt and another for the mail server which doesn't have SSL on it. That said, I don't think that's the issue as I can send emails through the mail server manually completely fine. Does anyone have any ideas as to what's wrong? Thanks in advance.
globalfun postfix/smtps/smtpd[24656]: warning TLS library problem: error 14094418:SSL routines:ssl3_resl3_read_bytes: tlsv1 alert unknown ca:../ssl/rec/layer_s3.c:1543:SSL alert number 48:
Your client refuses to connect to your mail server since it does not trust the CA which issued the mail servers certificate. It notifies the server about this problem by sending a unknown ca TLS alert.
There can be various reasons for this. Typically it is either the use of a CA which is not trusted by the client which need to be fixed at the client (trust this CA) or at the server (use a certificate from a CA trusted by the client). Or the root CA is actually trusted but the server is not sending the intermediate certificates needed by the client to build the trust chain to this trusted root CA. This need to be fixed at the server.

Cannot connect postgresql db to my netcore web project (DigitalOcean Cloud)

I want to use my postgresql db from digital ocean in my webpage. Before i create this db, i have a free one for test and is working fine, but this new its not working.
I can connect from pgadmin to the db without problem.
My web project is a net core 2.1.
My connection strings
(1) From my test db (working):
optionsBuilder.UseNpgsql( "Server=my-server;Port=5432;Database=mydb; User Id=myuser;Password=mypsw;");
(2) From digital ocean db (not working):
optionsBuilder.UseNpgsql("Server=myserver;Port=25060;Database=defaultdb; User Id=doadmin;Password=mypsw;SslMode=Require");
If i use the (1) connection it works perfect, but when i change to (2) connection throw me the error message.
This is the error message:
“The remote certificate is invalid according to the validation procedure.”
My web its certificated with Let’s Encrypt, certbot.
Tell me if you need more info.
I found the solution, my problem was the ssl certificate, letsencrypt its a self-signed certificate and with sslmode=require, the connection fail.
So you have to add this parameter Trust Server Certificate=true.
optionsBuilder.UseNpgsql("Server=myserver;Port=25060;Database=defaultdb; User Id=doadmin;Password=mypsw;SslMode=Require;Trust Server Certificate=true");
Source: https://www.npgsql.org/doc/security.html#encryption-ssltls

How secure npgsql connection with ssl option

i use npgsql version 2270 and i would to secure my connection passing db password NOT in cleartext and with capability to use SSL connection on a preconfigured postgresql server. My doubt is about how set the connection string with npgsql.
I tryed adding ssl=true sslmode=prefer to conn string but i have not idea about how to verify if it work.
Is sufficient for secure data transit? is string correct?
Is needed to activate ssl also on server is right?
How can i verify if data transit on ssl mode ? Thanks all.
First, SSL isn't really about encrypting your password - it's about encrypting the entire stream. If you use PostgreSQL's md5 authentication method (see your pg_hba.conf), then passwords are never transferred in cleartext regardless of whether you're using SSL or not.
To use SSL, it's better to set SSL Mode to require rather than prefer: the latter will attempt to establish an SSL connection, but will fallback to non-SSL if the server doesn't support it. require will fail the connection attempt if SSL could not be established.
Regardless, yes, you need to set up SSL on PostgreSQL, including a certificate and a private key - you can read about this in the documentation.
If the aim is only to avoid sending passwords in cleartext, using md5 (or sha256 in more recent versions) is the simplest way.

Npgsql 3.0.3 error with Power BI Desktop

I'm receiving the following error when connecting to an AWS Postgres database that requires SSL. I recently upgraded from npgsql 2.3.2 (which was buggy) to 3.0.3 which won't connect. Any suggestions would be appreciated.
DataSource.Error: TlsClientStream.ClientAlertException:
CertificateUnknown: Server certificate was not accepted. Chain status:
A certificate chain could not be built to a trusted root authority. .
at TlsClientStream.TlsClientStream.ParseCertificateMessage(Byte[] buf,
Int32& pos) at
TlsClientStream.TlsClientStream.TraverseHandshakeMessages() at
TlsClientStream.TlsClientStream.GetInitialHandshakeMessages(Boolean
allowApplicationData) at
TlsClientStream.TlsClientStream.PerformInitialHandshake(String
hostName, X509CertificateCollection clientCertificates,
RemoteCertificateValidationCallback
remoteCertificateValidationCallback, Boolean
checkCertificateRevocation) Details:
DataSourceKind=PostgreSQL
I was able to fix the issue by installing the Amazon RDS public certificate on my machine. Once I did this, I was able to connect.
Steps I followed:
Download the AWS RDS public certificate 1
Create a .crt file from the .pem file downloaded. Sample instructions
here 2
Install the certificate (.crt file) on the machine. 3
Connect!
The docs from npgsql give the solution as changing the default trust server certificate of 'false' to 'true' in the connection string.
Unfortunately, neither Excel (AFAIK) nor Power BI will allow you to edit the connection string. So if you are unable to get the SSL certificate from the DB admin (as suggested in another answer), or the SSL cert has a different server name to the name you connect to (in my case an IP address), there is not much that can be done.
I can see two ways of fixing this. Either Shay & co from npgsql (who are doing an excellent job btw) provide some way for users to change the default settings for the connection string parameters. Or Microsoft allows users to send keywords in the connection dialog of Power BI (and Excel).
Npgsql 2.x didn’t perform validation on the server’s certificate by default, so self-signed certificate were accepted. The new default is to perform validation, which is probably why your connection is failing. Specify the Trust Server Certificate connection string parameter to get back previous behavior.
You can read more on the Npgsql security doc page, note also that this change is mentioned in our migration notes.
I had the same issue connecting PowerBI to a locally hosted PostgreSQL server and it turned out to be easy to solve if you can get the right information. Recent Npgsql versions will only connect over SSL if it trusts the certificate of the server. As a Windows application PowerBI uses the windows certificate store to decide what to trust. If you can get the SSL cert for the PostgreSQL server (or the CA cert used to sign that one) then tell Windows to trust that certificate, PowerBI will trust it too.
In the configuration folder for the PostgreSQL server there is a postgresql.conf file, search it for ssl settings, there is one with the location of the ssl cert. Note NOT the key file which contains the private key, only the cert file which contains the public key. copy it or its content to the machine running PowerBI and import using Run | mmc | Add Plugin... Certificates (Google it)
Look at the server name once you imported the cert and connect from PowerBI using the same server name (so the cert matches the connection). That solved the problem for me. If PostgreSQL is configured to insist on a SSL connection you might have to do the same for a ODBC connection too.
Its not best way but worked for me since if u dont need encryption for security reason.
Go to Postgres config file on your DB server and go from
ssl = true
to
ssl = false
Then open your power bi desktop File-> Options and settings -> Data source settings -> then in global you will have saved your connection press Edit Permissions and uncheck "ENCRYPT CONNECTIONS"
Then it will work
WARNING: THIS IS NOT RECOMMENDED IF YOUR DB IS OPEN TO PUBLIC.
Regards,
Davlik