I get this error "Error: self signed certificate : DEPTH_ZERO_SELF_SIGNED_CERT with an HTTPS request node, I am running Node Red on IBM Bluemix. In previous posts it was suggested to add an environment variable: export NODE_TLS_REJECT_UNAUTHORIZED=0 for Linux. Do you have any experience on how to make the HTTP/S request work from Node Red on Bluemix?
You can add environment variables to the context of a app on Bluemix via the web console.
From the Application page, pick "Runtime" from the menu on the left hand side of the screen, then click on "Environment Variables" in the middle.
From here scroll to the bottom of the page. This will bring you to a section that will allow you to add an environment variable. Set the name to NODE_TLS_REJECT_UNAUTHORIZED and the value to 0.
You will have to restart your application for this to come into effect.
Also be aware that setting this variable opens up your application to potential man in the middle attacks as it will not check any outbound HTTPS to see if the certificate matches the issuer.
You can tell the node.js runtime to allow self-signed certificates. You can do this by setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to 0.
For reference: http://stackoverflow.com/questions/10888610/ignore-invalid-self-signed-ssl-certificate-in-node-js-with-https-request
Related
Is it possible to have Wazuh Manager served through custom SSL certificates? The wazuh-certs-tool gives you a self cert, and every other way to get it served through SSL has failed.
The closest I've gotten to getting this to work is I've had the dashboard being served by a custom SSL, I had agents connecting to it successfully and providing a heartbeat, but had zero log flows or events happening. When I had it in this state, I saw the API calls were coming from what appeared to be a Java instance, erroring out complaining about receiving certificate. I saw a keystore file located at /etc/wazuh-indexer. Do I also need to add the root-ca cert here as well?
It seems that your indexer's excepted certificates do not match the certificates in your manager or the dashboard.
If you follow the normal installation guide, it shows how and where to place your certificates, that are created using the wazuh-cert-tool. But, certificates can be created from any other source, as long as they have the expected information, you can check that informationenter link description here here.
I would recommend you follow the installation steps in the installation guide, from scratch to make sure you copy each excepted certificate in it's place and that the configuration files for your indexer, dashboard, and manager take into account the correct files. All you would need to change, the creation of the certificates, to have your own custom certs.
In case of further doubt, do not hesitate to ask.
I use this tutorial to deploy a business network on a free bluemix cluster: https://ibm-blockchain.github.io/
I also deploy the REST Server and communicate via Web apps.
All went fine till yesterday. The REST Server was not accessible anymore.
I deleted everything on the cluster using the script delete_all available in the ibm-container-service repository.
I followed the install procedure using the create_all script. I could access the composer playground (port 31080) again but was not really able to deploy an online business network using the "profile" hlfv1. Now it asks at the bottom of the "deploy UI" for credentials.
I don't know what to fill in. I tried to use ID+Password. On this way I was able to deploy but I got access error by clicking on "connect now". I was able to start the REST server then but if i try to access it in the browser (port 31090), I get the feedback that I'm not authorized.
Any ideas?
And do you know which changes have been made in the last month, which could bring these troubles?
Thx
Phil
The tutorial pointed to only covers playground when used with a Web Browser connection not a real fabric. When you deploy to a real fabric you have to provide an initial identity that you want bound to an initial participant in the business network. The initial participant will be of type org.hyperledger.composer.system.NetworkAdmin and given a name of the initial identity name you provide.
This dialog looks like this
To get you started you should select the ID and Secret radio button. Then for Enrollment ID enter admin and for the Enrollment Secret enter adminpw.
This is the name and secret of the bootstrap identity that exists in the fabric-ca server that has been deployed as part of the scripts.
By providing this information that identity will be enrolled and it's public certificate will be bound to a NetworkAdmin participant which will be called admin. This identity admin will then have access to the business network as only identities that are bound to a participant in the business network can have any sort of access.
FOR DEVELOPMENT: I configured my site to run without SSL for my development box and it all works great.
Now I am moving this to our dev testing server so I can test it there.
I first ran it as a non ssl intranet site to confirm configuration and etc....
It works perfectly.
Now I am in the process of creating a cert for the site and plan to use self signed certs for developer testing.
I have read many post ( google search ) on the topic related to the error I am getting.
Basically, I am 110% sure I am not creating this cert correctly for the site to which I need to bind it to.
The error:
The remote certificate is invalid according to the validation procedure.
So I am trying to understand what they mean by answers like this:
When working with self-signed certificates: add them to the trusted root authorities & use the hostname instead of localhost. ]
So if your computer name is "mypc", the uri should be "https://mypc/..." instead of "https://localhost/...".
This is what is confusing to me...
For example , if computer name is: svr-d-web-003
So the uri: https: //svr-d-web-003/?????
Looking at the advanced settings Bindings could I extrapolate the uri as: https: //svr-d-web-003/webhost.oauth.xyz.org ?? This seems wrong to me...
Site settings and etc....
Used these steps to create the cert:
1. C:> certlm.msc
2. Right-click on Certificates, then click All Tasks/Request New Certificate
Click Next, Next
Click on link as shown under the template you need.
Select Common Name from drop down
Enter the machine name dns name (example: svr-v-wus-001), then click Add button
Click OK,
In the Requests Certificates window check the box for xyz, click Enroll
Look in the certificates store and it’ll be there – you may need to click Refresh button
Follow up In IIS – you’ll bind the certificate there to your site. Remember the name needs to match the url. (This might be my issue here...)
See attachment...
I finally got it to work.
When creating the cert I had to match the name of the cert (common name) to the site.
For example: the site is https://identService.oauth.xyz.org so the cert name needed to be identService.oauth.xyz.org.
Then it all worked. I was confusing the site name with the machine name. Doh...
Hi I am trying to deploy the Custom Login application give in
Github
to Bluemix I deployed the .wlapp to the container. But I could not deploy the AuthAdapter provided. It is failing to get deployed.
Keeping that aside I tried to deploy the starter application provided in the
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/sample-app/
It is giving Error shown is as below
The request is coming to my localhost mobilefirst server
What should I do to solve this problem and get the apps deployed on bluemix mfp container
How to deploy custom auth adapters which is not getting deployed to Bluemix
You did not mention if you are using the pre-configured evaluation container, or your own container.
Pre-configured: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/evaluate/
Your own container: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/run/
You can't open a question and say "deployment fails". It's not going to help anyone solve your problem. mention the error you're getting during the deployment attempt.
An "auth adapter" implies it is using some security test(s). If your server on Bluemix (see "your own container") was not configured correctly with said security test(s) in its authenticationConfig.xml file, this could fail an adapter deployment.
The screen shot in your question clearly shows a CORS issue. Chrome does not allow CORS (attempting to get data for different domains).
Make sure that your application points to the correct server - not your local host one, since you want to use your Bluemix server, right? So in its worklight.plist file or wlclient.properties file, make sure the wlHost property is pointing to the correct server.
Actually I need to access to another folder at different server at the same network. I am planing to generate a kind of active directory user to work with the web server and my data server. How can I add it to my IIS 8?
I can't find any link to add access to Authentication section at IIS.
appreciate any help.
Ok I found solution! Simple as few click!!!
you can do it with following my Guid:
Select Application Pool at IIS8
Right click on the related pool and select advanced Setting
Find Identity under Process Model section
Set your credential at Custom account section.
it is done and don't forget to recycle the application pool and restart your web services.