I installed spacewalk 2.7 on CentOS, Create a configuration channel and able to register client into a channel however, When I tried to pull/diff a file it fails with ssl certificate error.
[root#eagles ~]# rhncfg-client diff
Using server name spacewalk.test.com
XML-RPC error while talking to https://spvstest.test.local/CONFIG-MANAGEMENT: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
[root#eagles ~]#
I tried to install a new certificate with the link below but no luck
https://access.redhat.com/solutions/15753
How do I fix this certificate error.
Regards
Arjun
Related
I have installed istio with below command.
istioctl install --set profile=default -y
And I created istio-injection=enabled label to specific namespace.
But, Replicaset of that namespace occur below error.
Warning FailedCreate 12m (x20 over 53m) replicaset-controller Error creating: Internal error occurred: failed calling webhook "namespace.sidecar-injector.istio.io": Post "https://istiod.istio-system.svc:443/inject?timeout=10s": context deadline exceeded
So I used the below command in another container.
Command
curl https://istiod.istio-system.svc:443/inject
Out
Client sent an HTTP request to an HTTPS server.
root#general-component-b477fd4b8-qdfqn:/# curl https://istiod.istio-system.svc:443/inject
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
root#general-component-b477fd4b8-qdfqn:/# curl http://istiod.istio-system.svc:80/inject
curl: (7) Failed to connect to istiod.istio-system.svc port 80: Connection timed out
root#general-component-b477fd4b8-qdfqn:/# curl https://istiod.istio-system.svc:443/inject
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
There seems to be a problem with SSL, but I just did a basic install.
How can i solve this problem?
I'm trying to connect to the PayPal REST API. This is a Nim program that uses httpclient, but there's nothing specific to Nim since this is just a REST API.
The error I get is:
Error: unhandled exception: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [SslError]
I'm using OpenSSL 1.1.1m on Windows 10.
certificate verify failed
Your environment is not able to verify the SSL/TLS certificate currently used by paypal.com servers.
Update your root certificate authority bundle that's used to trust the signers of TLS certificates; you can download a current one here.
If you don't know where to put it, try openssl version -d
I am following the installation docs for the new IPI install of OpenShift 4.5 on vCenter and running into a snag when trying to connect to the vCenter. I am running the installer from a CentOS 7 box.
[root#lb ocp45_install_2]# openshift-install create install-config
[...]
INFO Connecting to vCenter [myvcenterhere]
FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": unable to connect to vCenter [myvcenterhere]. Ensure provided information is correct and client certs have been added to system trust.: Post https://[myvcenterhere]/sdk: context deadline exceeded
I have added the root certs for my vcenter into /etc/pki/ca-trust/source/anchors/ per the documentation and I am able to reach it over 443 when using netcat. I also verified all login info was correct.
I have previously used this machine to do a UPI install of 4.3 in the same vCenter and did have success connecting. The vCenter uses a self-signed certificate.
Does anyone know if I need to include anything special to allow it to use the self-signed certificates when creating the install-config.yaml after adding the certs to the system trust?
You can try inserting that self-signed certificate into your nodes trust store.
This can be done editing your install-config.yaml, adding an additionalTrustBundle definition. Doc mentions:
apiVersion: v1
baseDomain: my.domain.com
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
<MY_TRUSTED_CA_CERT>
-----END CERTIFICATE-----
...
I just installed the kubernetes dashboard. I would like to access it in HTTPS and not in HTTP. Unfortunately when I enter the URL https://10.109.0.xx:6443
I have an error telling me that the connection is not secure.
And I would just like to avoid this kind of mistake.
Do you have any idea how I can fix this problem?
so when i want to run helm ls --tls i get the error certificate signed by unknown authority as you can see below
I have succeeded to signa URL https://xxx.cloud.net/ to go directly to the kubernetes dashboard .
# helm ls --tls
Error: Get https://10.109.0.xx:6443/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
We are trying to install a third party CA cert on our WSO2 ESB server (Linux). We are unable to install CA certificate. Always falling back to default certificate.
While the WSO2 service is started, it shows that the new cert is being referred and loaded, but at client browser, it gives error and shows the default inbuilt cert.
Can someone guide us to where we need to look for errors?
We followed the instructions from
http://wso2.org/library/knowledge-base/2011/08/adding-ca-certificate-authority-signed-certificate-wso2-products
All steps are followed correctly,
Sreejith, the document you're following is correct. I've used the same to configure our servers.
you can get the certificate being used by your server by executing this from a consumer host (client):
echo -n | openssl s_client -connect esb.yourdomain.co.nz:8243 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.cert
Then you can see if the certificate being used is the one you expect.
To replace the default certificate, you'll need to replace the WSO_HOME$/repository/resources/security/wsocarbon.jks keystore and modify WSO2_HOME$/repository/conf/carbon.xml and $WSO2_HOME/repository/conf/axis2/axis2.xml with the new keystore (along with alias and passwords) whenever necessary.
According with my experience the keystore need to be replaced. You can not simply add your certificate to the existent keystore, you need to force wso2 server to use your certificate by making it the only certificate in the keystore. Also the certificate CN and alias must match your server hostname (as in the url) for this to work.
Then add the certificate to the WSO_HOME$/repository/resources/security/client-truststore.jks keystore.
And don't forget to restart the server after the changes.
Regards