I'm trying to build a Docker image, based on ubuntu:20.04, with R and bookdown with PDF support. But I'm getting ERROR: cannot verify yihui.org's certificate [...] with tinytex::install_tinytex():
> tinytex::install_tinytex()
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
--2020-11-23 09:19:05-- https://yihui.org/tinytex/TinyTeX-1.tar.gz
Resolving yihui.org (yihui.org)... 167.99.129.42, 134.209.226.211
Connecting to yihui.org (yihui.org)|167.99.129.42|:443... connected.
ERROR: cannot verify yihui.org's certificate, issued by 'CN=SSL-SG1-GROBU,OU=Operations,O=Cloud Services,C=US':
Unable to locally verify the issuer's authority.
To connect to yihui.org insecurely, use `--no-check-certificate'.
Error in download.file(url, output, ..., method = method) :
'wget' call had nonzero exit status
Calls: <Anonymous> ... download_file -> <Anonymous> -> download -> download.file
In addition: Warning messages:
1: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
2: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
You may have to restart your system after installing TinyTeX to make sure ~/bin appears in your PATH variable (https://github.com/yihui/tinytex/issues/16).
Execution halted
I need to find a way to verify and trust the certificate chain from yihui.org, as I'm not allowed to bypass the verification with --no-check-certificate.
Thanks in advance for any hint!
Mihai
The default docker image has no certificates installed, therefore there are also no root certificates. That is what is indicated by the error message Unable to locally verify the issuer's authority. You can obtain the root certificates from the package ca-certificates (install it via apt-get).
Related
I had an issue in nodejs, when I use the API link https://hostname:8089
return new NoSQLClient({
serviceType: ServiceType.KVSTORE,
endpoint: 'localhost:8089'
});
I'm getting error like this,
Error: [REQUEST_TIMEOUT] Operation timed out after 10000 ms and 6 retries; Caused by: [NETWORK_ERROR] Network error; Caused by: socket hang up
There is nothing wrong with the query, it's about the port, you have to expose the port first and then try it...or disable the firewall
This error happens when you are trying to access a secure KVStore using a non-secure connection call ( http://localhost:8089 )
NoSQLTimeoutError: [REQUEST_TIMEOUT] Operation timed out after 10000 ms
and 6 retries; Caused by: [NETWORK_ERROR] Network error;
Caused by: socket hang up
When accessing a secure KVstore, you need also to provide a user/pwd. If not, you will have the following error
NoSQLArgumentError: [ILLEGAL_ARGUMENT] TABLE_REQUEST: Illegal Argument:
Missing authentication information
Here is an example of a connection string (see https, if this value is not set you will use http by default):
return new NoSQLClient({
serviceType: ServiceType.KVSTORE,
endpoint: 'https://localhost:8089'
, auth: {
kvstore: {
user: "driver_user",
password: "DriverPass##123"
}
}
});
In a secure mode, the proxy requires an SSL Certificate and private key. You need to provide the certificate, before running your application, set the environment variable NODE_EXTRA_CA_CERTS
export NODE_EXTRA_CA_CERTS=<yourpath>/certificate.pem
Without the certificate, you will have the following error:
NoSQLAuthorizationError: [REQUEST_TIMEOUT] Authorization error:
[operation timeout]: Failed to login to kvstore.
Operation timed out, see the cause
You also need to validate the requested domain name to match the server's certificate.
$ curl --cacert ~/certificate.pem https://localhost:8089
curl: (51) Unable to communicate securely with peer: requested domain name
does not match the server's certificate.
In this case, you need to change the certificate or use the appropriate URL
$ openssl x509 -text -noout -in ~/certificate.pem | grep CN
Issuer: CN=kvlite
Subject: CN=kvlite
$ curl --cacert ~/certificate.pem https://kvlite:8080
If your CN is not localhost, use an url matching with the certificate (e.g.)
return new NoSQLClient({
serviceType: ServiceType.KVSTORE,
endpoint: 'https://kvlite:8089'
, auth: {
kvstore: {
user: "driver_user",
password: "DriverPass##123"
}
}
});
I'm trying to stream videos from YouTube in a GUI app using PyQt5, python-vlc and pafy modules, but vlc gave me some connection errors:
[0000025466dc7340] main tls client error: connection error: Interrupted function call
[0000025466df9f00] access stream error: HTTP connection failure
[0000025466dc7430] gnutls tls client error: TLS handshake error: Error in the push function.
[0000025466dc7430] main tls client error: TLS session handshake error
[0000025466dc7430] main tls client error: connection error: Interrupted function call
[0000025466dfa080] access stream error: HTTP connection failure
When I make the same thing with tkinter module it works without problems. How can I solve these errors?
def OnYT(self):
text = self.textbox.text()
url = self.Search(text) #this function returns the first result url from a search on YouTube
self.textbox.setText("")
video = pafy.new(url)
best = video.getbest()
self.mediaplayer.set_mrl(best.url)
if sys.platform.startswith('linux'):
self.mediaplayer.set_xwindow(self.videoframe.winId())
elif sys.platform == "win32":
self.mediaplayer.set_hwnd(self.videoframe.winId())
elif sys.platform == "darwin":
self.mediaplayer.set_nsobject(int(self.videoframe.winId()))
self.mediaplayer.play()
there is a work around for this , you can configure VLC to connect to URL using http using the parameter vlc.Instance("prefer-insecure")
or you can try to update and feed VLC with certificates:
sudo update-ca-certificates --fresh --verbose
mkdir -p ~/.local/share/vlc/certs/
cat /usr/share/ca-certificates/mozilla/* | tee ~/.local/share/vlc/certs/ca-certifcates.crt
you can find more info here
GNUtls options:
--gnutls-system-trust, --no-gnutls-system-trust
Use system trust database
(default enabled)
Trust the root certificates of Certificate Authorities stored in the
operating system trust database to authenticate TLS sessions.
--gnutls-dir-trust <string>
Trust directory
Trust directory
--gnutls-priorities {PERFORMANCE,NORMAL,SECURE128,SECURE256,EXPORT}
TLS cipher priorities
Ciphers, key exchange methods, hash functions and compression methods
can be selected. Refer to GNU TLS documentation for detailed syntax.
you could use --gnutls-dir-trus to point to firefox certs I think
I am trying to initialize fabric-ca following its user guide using this config file but when executing the following command:
fabric-ca-server init --cafiles fabric-ca-server-config.yaml
I am getting the following error:
2018/11/12 22:59:45 [DEBUG] Intializing nonce manager for issuer 'undercroft'
2018/11/12 22:59:45 [DEBUG] Closing server DBs
2018/11/12 22:59:45 [FATAL] Initialization failure: CA name 'undercroft' is used in '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml' and '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml'
While I am getting this error if I am using the command line flags of fabric-ca-server I am successfully able to initialize and launch the
This is the full error log
As of now the --cafiles flag is only used when there are multiple CAs, in case of a single ca it will only use the config file at the $FABRIC_CA_SERVER_HOME directory.
Have you try if you change the CN of the fabric-ca-server ? or change the name of the CA ?
I downloaded jhipster registry version 4.0.0, imported and run the registry successfully, when I open localhost:8761 I am getting request cannot be proceed error, there is no error information also.
When I used command mvnw I am getting an exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
One way is to use http protocol instead of https.
To do this go into your project directory > .mvn > wrapper > maven-wrapper.properties.
You will find something like distributionUrl=http://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.3/apache-maven-3.5.3-bin.zip.
Change this url to using http instead of https.
Other solutions are more complex but there is no harm in trying.
Problems connecting via HTTPS/SSL through own Java client
Calling web service: javax.net.ssl.SSLException: Received fatal alert: protocol_version
javax.net.ssl.SSLException: Received fatal alert: protocol_version
Simply pass "-Dhttps.protocols=TLSv1.2" as extra argument
I am fairly new to Linux (and brand new to chef) and I have ran into an issue when setting up my chef server. I am trying to create an admin user with the command
sudo chef-server-ctl user-create admin Admin Ladmin admin#example.com
examplepass -f admin.pem
but after I keep getting this error:
ERROR: Connection refused connecting...
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 5/5
ERROR: Network Error: Connection refused - Connection refused
connecting to https://..., giving up
Check your knife configuration and network settings
I also noticed that when I ran chef-server-ctl I got this output:
[2016-12-21T13:24:59-05:00] ERROR: Running exception handlers Running
handlers complete
[2016-12-21T13:24:59-05:00] ERROR: Exception
handlers complete Chef Client failed. 0 resources updated in 01 seconds
[2016-12-21T13:24:59-05:00] FATAL: Stacktrace dumped to
/var/opt/opscode/local-mode-cache/chef-stacktrace.out
[2016-12-21T13:24:59-05:00] FATAL: Please provide the contents of the
stacktrace.out file if you file a bug report
[2016-12-21T13:24:59-05:00] FATAL:
Chef::Exceptions::CannotDetermineNodeName: Unable to determine node
name: configure node_name or configure the system's hostname and fqdn
I read that this error is due to a prerequisite mistake but I'm uncertain as to what it means or how to fix it. So any input would be greatly appreciated.
Your server does not have a valid FQDN (aka full host name). You'll have to fix this before installing Chef server.