I am trying to access https wcf web service from my application using monodevelop in Linux. The web service call is throwing the following exception
SendFailure (Error writing headers) at
System.Net.HttpWebRequest.EndGetRequestStream (IAsyncResult
asyncResult) [0x00043] in
/home/abuild/rpmbuild/BUILD/mono-3.4.0/mcs/class/System/System.Net/HttpWebRequest.cs:845
at
System.ServiceModel.Channels.HttpRequestChannel+c__AnonStorey1.<>m__0
(IAsyncResult r) [0x0001d] in
/home/abuild/rpmbuild/BUILD/mono-3.4.0/mcs/class/System.ServiceModel/System.ServiceModel.Channels/HttpRequestChannel.cs:219.
when I try to load the web service url using https, the Firefox browser is giving a warning:
"This connection is Untrusted"
The certificate(.cer) is generated using Visual Studio 2008 makecert utility.I tried to install certificate using the below commands
certmgr -add -c -m My MyCert.cer
certmgr -ssl https://myserver.com:1200/Monik/TestSvc
But it looks like the certificates are not configured properly. In some of the forums it saying that move the certificate to /etc/httpd/conf . But there is no such folder in my system
Please let me know what I am missing?
Mono handles certificates via mozroots so best thing in your case would probably be to run this:
sudo mozroots --import --machine --sync
sudo certmgr -ssl -m https://myserver.com:1200/Monik/TestSvc
First command will synchronise public root certificates. Second will ask you if you want to trust your server certificate which will be displayed to you after entering command. Type "yes".
Related
I am trying to create the Azure VM and use the VM application to silently install the application. Link to the procedure is at https://learn.microsoft.com/en-us/azure/virtual-machines/vm-applications-how-to.
Application fails to install the driver with the error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
It looks like the driver can't be installed since some root CA is missing. And it can't be installed automatically since the user running silent install has no proper rights.
I tried to just create VM and then run silent install from the command prompt, and that works just fine.
Has anyone had problems like that and how was it solved?
I tried to reproduce same in my environment I got the error like below.
This error says root certificate, which is not trusted by the trust provider, as silently install is running sometimes root certificate is not installed automatically it may cause error on application installation.
To resolve this issue, try to download Microsoft Root Certificate
Click Start ->Run , type mmc , and then click OK
Click File -> Add/Remove snap in like below:
Click on certificate -> Add :
Select -> computer name and finish it.
In console1 MMC you can see certificate -> Expand Trusted Root Certification Authorities , like below:
Once the Trusted Root Certification Authorities as imported I can able to install the application successfully
I'm new to Linux, just installed Lubuntu and faced the problem -
when i'm trying to clone my remote work repo from my company's git:
$ sudo git clone https://path/to/repo.git
I keep on receiving error:
Cloning into 'repo'...
fatal: unable to access 'https://path/to/repo.git/': server certificate verification failed. CAfile: none CRLfile: none
I know it's mentioning certificates, but i do not have any. And before, i worked on windows and was able to simply git clone this repo without any certs.
This error means that the git client cannot verify the integrity of the certificate chain or root. The proper way to resolve this issue is to make sure the certificate from the remote repository is valid, and then added to the client system.
Update list of public CA
The first thing I would recommend is to simply update the list of root CA known to the system as show below.
# update CA certificates
sudo apt-get install apt-transport-https ca-certificates -y
sudo update-ca-certificates
This may help if you are dealing with a system that has not been updated for a long time, but of course won’t resolve an issue with private certs.
Fetch certificates, direct connection
The error from the git client will be resolved if you add the certs from the remote git server to the list of locally checked certificates. This can be done by using openssl to pull the certificates from the remote host:
openssl s_client -showcerts -servername git.mycompany.com -connect git.mycompany.com:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > git-mycompany-com.pem
This will fetch the certificate used by “https://git.mycompany.com”, and copy the contents into a local file named “git-mycompany-com.pem”.
Fetch certificates, web proxy
If this host only has access to the git server via a web proxy like Squid, openssl will only be able to leverage a squid proxy if you are using a version of OpenSSL 1.1.0 and higher. But if you are using an older version of OpenSSL, then you will need to workaround this limitation by using something like socat to bind locally to port 4443, and proxy the traffic through squid and to the final destination.
# install socat
sudo apt-get install socat -y
# listen locally on 4443, send traffic through squid "squidhost"
socat TCP4-LISTEN:4443,reuseaddr,fork PROXY:squidhost:git.mycompany.com:443,proxyport=3128
Then in another console, tell OpenSSL to pull the certificate from the localhost at port 4443.
openssl s_client -showcerts -servername git.mycompany.com -connect 127.0.0.1:4443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > git-mycompany-com.pem
Add certificate to local certificate list
Whether by proxy or direct connection, you now have a list of the remote certificates in a file named “git-mycompany-com.pem”. This file will contain the certificate, its intermediate chain, and root CA certificate.
The next step is to have this considered by the git client when connecting to the git server. This can be done by either adding the certificates to the file mentioned in the original error, in which case the change is made globally for all users OR it can be added to this single users’ git configuration.
** Adding globally **
cat git-mycompany-com.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt
** Adding for single user **
git config --global http."https://git.mycompany.com/".sslCAInfo ~/git-mycompany-com.pem
Which silently adds the following lines to ~/.gitconfig
[http "https://git.mycompany.com/"]
sslCAInfo = /home/user/git-mycompany-com.pem
Avoid workarounds
Avoid workarounds that skip SSL certification validation. Only use them to quickly test that certificates are the root issue, then use the sections above to resolve the issue.
git config --global http.sslverify false
export GIT_SSL_NO_VERIFY=true
I know there is an answer already. Just for those who use a private network, like Zscaler or so, this error can occur if your rootcert needs to be updated. Here a solution on how this update can be achieve if using WSL on a Windows machine:
#!/usr/bin/bash
# I exported the Zscaler certifcate out of Microsoft Cert Manager. It was located under 'Trusted Root Certification > Certificates' as zscaler_cert.cer.
# Though the extension is '.cer' it really is a DER formatted file.
# I then copied that file into Ubuntu running in WSL.
# Convert DER encoded file to CRT.
openssl x509 -inform DER -in zscaler_cert.cer -out zscaler_cert.crt
# Move the CRT file to /usr/local/share/ca-certificates
sudo mv zscaler_cert.crt /usr/local/share/ca-certificates
# Inform Ubuntu of new cert.
sudo update-ca-certificates
I am running IIS in a standalone Windows Server 2012, and getting a mysterious issue:
I have a webapi (developed with .NET 4.6) which impelement SCEP protocol under the HTTP GET, and the app folder is in C:\inetpub\wwwroot\app\mywebapi.
If I create a virtual directory under Default Web Site,then it works (for instance, http://localhost/app/mywebapi).
Test procedures:
using browsers to surf: http://localhost/app/mywebapi?operation=GetCACert
using sscep (an command line test tool) sscep getca -u http://localhost/app/mywebapi -c ca.crt
Results: Both cases work
if I create a new website, then it does not work in some case (for instance: http://mywebapi) (hosts file has been edited, so it understand mywebapi as a hostname already)
using browsers to surf: http://mywebapi?operation=GetCACert
using sscep (an command line test tool) sscep getca -u
http://mywebapi -c ca.crt
Results:
OK
does not work, IIS returns 404
Does anybody know about this issue?
I am trying to setup cron job with following url :
wget -O - -q -t 1 https://myexample.com/check/test > /dev/null
but this is not working.
When i am trying to execute this url on web https://myexample.com/check/test
i see message Your connection is not private
You will need a SSL certificate to get rid of that security warning. You could use one generated by letsencrypt (which is free). An alternative way would be to get a SSL certificate through startssl.com (also free). If you just need your cron to run you could use it like this:
/usr/bin/wget --no-check-certificate -O - -q -t 1 https://myexample.com/check/test > /dev/null
Accessing the same link via a web browser, without having a valid SSL certificate will result in a security warning. If you do not want to buy or use a real SSL certificate then you could just use Firefox web browser an add an exception for that website/certificate.
I'm having a problem I can't seem to solve on my own:
I have to request RESTful services but the RESTful services use HTTPs protocol.
I've created the client and it is deployed in WebLogic
I've downloaded the certificate using the browser and I've installed it in JAVA using the following command (In my linux server):
"keytool -import -alias myalias -keystore /jdk1.8.0_101/jre/lib/security/cacerts -file certificado.com.crt"
I need to test that it works...
First, How can I test the RESTful services from command line?
Second, Do I need to install the certificate in WebLogic? If yes, How can I do it?
JAVA: jdk1.8.0_101
WebLogic: 12.1.3.0.0
The certificate must be installed on the system that's making the request. It's not about weblogic, it's about the local sertificate vault of the machine. You don't need to install the certificate on weblogic. You may want to take a look at this.
Then you can use wget or curl, just keep in mind that wget just makes get requests while curl do all types of requests.