Trying to sync my marketplace account with magento2 admin panel and getting this error:
error setting certificate verify locations:
CAfile: F:\xampp\ca-bundle\ca-bundle.crt CApath: none
CMS installed to localhost with https and ssl self-signed certificates, system - windows 7.
In php.ini added this:
[curl]
curl.cainfo="F:\xampp\ca-bundle\ca-bundle.crt"
openssl.cafile="F:\xampp\ca-bundle\ca-bundle.crt"
As I read for linux this problem according with permissions and directory should be readable. But my system installed at C:/ so for F:/ any directory should be available.
What's the issue related with? How to fix it?
Thanks.
I found solution for this issue, let try this follow: http://chrisschuld.com/2008/07/how-to-fix-the-curl-error-error-setting-certificate-verify-locations/
(this solution for linux)
With xampp on windows, let try:
1. Open file server.crt in xampp\apache\conf\ssl.crt
2. Copy content of server.crt and paste to end of cacert.pem in xampp\perl\vendor\lib\Mozilla\CA
3. add to end of php.ini: curl.cainfo="D:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"
4. Restart your Xampp
Reference: https://yikesplugins.com/support/knowledge-base/i-receive-the-error-ssl-certificate-problem-unable-to-get-local-issuer-certificate-why/
Related
I was trying to commit something to github repo using VSCode and I was told that
"extension github wants to sign in using github", when I allowed it I was redirected to a page with some link which I could copy in VScode to login.
But when I did so it gives me this error:
Sign in failed: FetchError: request to
https://vscode-auth.github.com/token?code=e23e730e3d1c5dc&state=717aca03-28e1-486f-bbb2-57680a149638
failed, reason: self signed certificate in certificate chain
It has become impossible to work with GitHub due to its security restrictions.
Can someone help?
If somehow the certificate from GitHub is not trusted by your Ubuntu OS, you can get it with (as suggested here):
mkdir ~/git-certs
openssl s_client -showcerts github.com:443 2>/dev/null </dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/git-certs/cert.pem
git config --global http.sslCAInfo "${HOME}/git-certs/cert.pem"
Then relaunch your VSCode and try again.
I had a similar problem, and my final resolution was reinstalling it. However, that didn't solve the problem, as there were remnants left on my windows computer.
In the end, I got the problem removed by completely removing vs-code (or insider) from my computer as suggested here, meaning:
Uninstall by running unins.exe file found in > C: Users\your_user_name\AppData\Local\Programs\Microsoft\ VS Code (or insider)
delete the .vscode or .vscode-insiders folder found in C: Users\your_user_name
Now delete code or code-insider found in >C:\Users\your_user_name\AppData\Roaming
I installed vs-code again and also the github pull requests. I authenticized it using my git account, and things are back to normal. I have had already synced my setting to my account, therefore my previous working setup was back.
I´m trying to install some software in Eclipse 2018-12 via its Marketplace.
On trying to do so, I keep getting the same error:
Unable to read repository at http://download.eclipse.org/releases/2018-12.
Unable to read repository at https://download.eclipse.org/technology/epp/packages/2018-12/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The company I am currently working with has a proxy active. If that`s what causes this issue (which I am not sure of), how would I bypass it in Eclipse? I tried a manual Network connection with a proxy bypass, but to no avail.
Any help or ideas?
I tried many solutions, but found it is available at https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html and solved my problem.
In that case, I used the KeyStore Explorer tool and generated the certificate.
Download KeyStore Explorer and Install
Open the application (Run as administrator) and in Examine => Examine SSL
On the Connection Settings screen => SSL Host: google.com / SSL Port: 443 => Click "OK"
In the certificate, click on "PEM" and "Export".
Save as "public.crt"
Click the "Open an existing KeyStore" button => C:\Program Files\Java\jdk1.8.0_261\jre\ lib\security\cacerts (JDK)
Enter the password: changeit
In Tools => Import trusted certificate => Select the public.crt file => Click "OK"
Save the "cacerts" file.
Repeat steps 6 through 9 for the JRE (C:\Program Files\Java\jre1.8.0_261\lib\security\ cacerts)
Restart your PC.
References:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html
https://confluence.atlassian.com/kb/connecting-to-ssl-services-802171215.html
If you are using a https url, change it to http url (just remove 's') and try.
In my case 'https://dl.bintray.com/fabioz/pydev/8.0.0/' was throwing cert error, but changing it to 'http://dl.bintray.com/fabioz/pydev/8.0.0/' worked fine.
In my case, I could not open Eclipse Marketplace and got the same error reported in the question of this thread. I was able to solve this problem by getting instructions from the admin since I am connected using VPN. If I disconnect the VPN, it will work without any problem. I am using Eclipse Version: 2022-09 (4.25.0) - Build id: 20220908-1902.
Steps (Windows):
Get the certificate definition files and store them under this folder for example: <user-home>\.certificate\my-certs.pem. If you have more than one certificate, combine the definitions in this file my-cert.pem. In my case I was provided two certificates, they are XXXROOTCA and XXXCERTnn.
If you have more than one certificate, store each in a separate file in the same folder for example file1.crt and file2.crt.
From the command line with admin rights, use the Java keytool to import the certificates:
%JAVA_HOME%\bin\keytool -import -alias XXXROOTCA -file %HOME%\.certificates\file1.crt -cacerts
%JAVA_HOME%\bin\keytool -import -alias XXXCERTnn -file %HOME%\.certificates\file2.crt -cacerts
Note: Make sure to associate the certificate alias with the correct file in the above command lines.
3. You may have to pass the password for the above command lines. Add the parameter -storepass changeit if the password is still changeit and you didn't change it which is the default.
For NodeJS, execute the following command (if required):
setx NODE_EXTRA_CA_CERTS %HOME%\.certificates\my-certs.pem
Now you should be able to open Eclipse Marketplace.
I installed freeipa on centos7 - the installation did not throw any errors nor could I find anything unusual in the ipa install log file. However, when I run the kinit command post installation, I get the following response:
kinit admin
kinit: Generic error (see e-text) while getting initial credentials
Any thoughts on how to go about troubleshooting this?
Edit:
In the /var/log/krb5kdc.log file, I see the following entry:
preauth pkinit failed to initialize: PKINIT initialization failed: Cannot read cert
ificate file '/var/kerberos/krb5kdc/kdc.crt': No such file or directory
I ran the installation on centos and kinit works fine (I had to ensure that I was specifying the correct domain name during the installation script).
I am using the following configuration, ubuntu 16.04 apache2 php 7.0 owncloud 10.0.3. I think I have made an error when I setup ownclound. The data directory lives in /var/www/owncloud/data ( I believe that owncloud.log resides in this folder). I have deployed fail2ban and the issue that I am having is that fail2ban cannot access the data folder because I ran sudo chown -R www-data:www-data /var/www/owncloud/. The only way I access the log file is through the OWNcloud gui settings > general > log. where I can see the failed login attempts by me. I cannot seem to get Fail2ban to read the owncloud log.
I am new to ubuntu and Owncloud can anyone advise how to rectify this issue, owncloud is working fine and I am using ip addresses to restrict access to owncloud. Fail2ban was supposed to make the server secure so that I could open up owncloud to the internet.
Regards
Steve
You should change the permissions of the log file so that it can be read by everyone but written only by the php process. Do a 'chmod 755 /var/log/owncloud/owncloud.log'
By the way. I suggest that you migrate from Owncloud to Nextcloud. It is a full replacement, fully open source, more features and more secure. And it has a fail2ban equivalent brute force protection already build in :-)
I want a easy way to save, copy and edit files on a remote server. I'm using Eclipse as an IDE, what could be better for these tasks than RSE(Remote System Exlporer) plugin for Eclipse. The thing is that I dont know how to make a connection using a public key. I have file that I downloaded from my Amazon account, *.pem. But I don't see any forms or inputs for this, when I try to connect to my remote Linux server. It is just User-id and password. I also tried to open the public key using the system's text editor and copy everything to my password field, but it didn't worked. Pls help me
this was baking my noodle for a while too. you put the keys in a folder not in the RSE config but in the whole of eclipse
check this: http://siteadmin.gforge.inria.fr/eclipse-ssh.html
Not mentioned (at least in explicitly) is the fact that RSE (and for what I've seen, Eclipse in general) only seems to work with 1024 bit keys https://bugs.eclipse.org/bugs/show_bug.cgi?id=404714
I also had issues, because my privatekey was 2048, but I added a new key to authorized hosts and then I could connect.
I added my local computer's ~/.ssh/id_rsa.pub to the remote /home/ec2-user/.ssh/authorized_keys.
Then just set the user to connect in RSE to ec2-user when connecting.
Someone asked for root login. It works too: update /root/.ssh/authorized_keys, and edit /etc/ssh/sshd_config to allow root login:
#PermitRootLogin forced-commands-only
PubkeyAuthentication yes
Then reload the sshd daemon: service sshd restart