https call failed from python using FastAPI - https

Ran the following commands.
PS C:\Users\anups\Desktop\Cloud_AntiScalant> mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
PS C:\Users\anups\Desktop\Cloud_AntiScalant> mkcert localhost
Created a new certificate valid for the following names 📜
- "localhost"
The certificate is at "./localhost.pem" and the key at "./localhost-key.pem" ✅
It will expire on 5 October 2024 🗓
Started the uvicorn server with the following command.
cls;uvicorn main:app --reload --host 127.0.0.1 --port=8000 --ssl-certfile="C:\Users\anups\Desktop\Cloud_AntiScalant\localhost.pem" --ssl-keyfile="C:\Users\anups\Desktop\Cloud_AntiScalant\localhost-key.pem"
I am able to open browser with https://127.0.0.1:8000 but it still shows that its unsecure and says certificate status says OK.
I am running the client app with the following code:
url = 'https://127.0.0.1:8000/'
r = requests.get(url)
I get the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I checked the certmgr.msc and I see the mkcert installed.
Any someone please help me?

Related

Docker issue during gatling performance test

I have a spring boot application, and I run a performance test on it, using Gatling.
The issue is that after a few requests where everything works OK, the server returns connection refused and no other requests are working.
Gatling log looks like this:
---- Requests ------------------------------------------------------------------
> Global (OK=14 KO=1001 )
> POST /template (OK=13 KO=938 )
> PUT /feedback (OK=1 KO=63 )
---- Errors --------------------------------------------------------------------
> j.n.ConnectException: Connection refused: no further informati 577 (57,64%)
on
> j.i.IOException: Premature close 240 (23,98%)
> j.n.c.ClosedChannelException 184 (18,38%)
When I create a manual request using curl, returns:
$ curl https://localhost:8087
curl: (7) Failed to connect to localhost port 8087: Connection refused
If I connect to docker and do the request:
$ docker exec -it web /bin/bash
root#794f9e808f14:/# curl https://localhost:8443
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
SSL handshake failed, as expected, but this means that the server is up an running.
The port is mapped in docker:
$ docker port web
8443/tcp -> 0.0.0.0:8087
8443/tcp -> :::8087
After restart, all thing happen again.
I'm using docker on a WSL Ubuntu. Not sure if this matters too much. What can I do to make this connection more stable?

kubectl giving error: Unable to connect to the server: x509: certificate signed by unknown authority

docker desktop on mac is getting error:
Unable to connect to the server: x509: certificate signed by unknown authority
The following answers didn't helped much:
My system details:
Operating system: macOS Big Sur Version 11.6
Docker desktop version: v20.10.12
Kubernetes version: v1.22.5
When I do:
kubectl get pods
I get the below error:
Unable to connect to the server: x509: certificate signed by unknown authority
Posting the answer from comments
As appeared after additional questions and answers, there was a previous installation of rancher cluster which left its traces: certificate and context in ~/.kube/config.
The solution in this case for local development/testing is to delete entirely ~/.kube folder with configs and init the cluster from the scratch.
If you are using a corporate laptop, and everything you do goes through a proxy, you will get this message. Hence, when docker desktop tries to connect to the server defined in ~/.kube/config, it will try to go through the proxy and you will need the cert issued by the company. Long story short, you are getting blocked by the the company... To fix, you can add the no proxy props, adding what ever value server: internal.docker defined in~/.kube/config . Meaning, if I am connecting to docker cluster which runs locally in my laptop, do not direct my traffic through proxy.
When doing docker info, after setting no proxy, you should see something like this.
docker info | grep -i proxy
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal,localhost,127.0.0.1,.local,.us.example.com,.examplecorp.com,.examplevcn.com,kubernetes.docker.internal
hubproxy.docker.internal:5000

microk8s untrusted dashboard - how to verifiy certificate

I am trying out microk8s following this
I am getting a certificate error when browsing the dashboard(multipass ls - ip address)
I guess I need to copy and verify kuberneters certificate from multipass host(macos) on macos keychain?

Consul running on Docker HTTP health check returns "connection reset by peer"

We are running consul through docker and using the HTTP health checks to a URL (https://10.1.24.68:5012/status) with a self-signed certificate. However, I get the following error:
2016/06/10 10:29:42 [WARN] agent: http request failed
'https://10.1.24.68:5012/status': Get https://10.1.24.68:5012/status:
read tcp 10.3.2.11:55549->10.1.24.68:5012: read: connection reset by
peer
It works as well when we use the Script health check with the wget command but this is not ideal. This is the line of code in Consul throwing the above error.
When running the health check to a HTTP URL (http://localhost:5012/status) it works. Could this be a certificate issue? I've added our certificate to both /etc/ssl/certs/ca-certificates.crt and /usr/share/local/ca-certificates.crt.
Halp!

How do I get Leopard to work with ssl from the command line

Everything I try and connect to via https fails. Bellow is a curl output, but it does this with git mongo and everything. darwin just doesn't like https.
About to connect() to github.com port 443 (#0)
Trying 207.97.227.239... connected
Connected to github.com (207.97.227.239) port 443 (#0)
successfully set certificate verify locations:
CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
You might say not a problem just change https to http, yes this is fine when you only have
1 url like git clone but on rvm install about 50 of the required things fails to install because of this. I don't want to go into rvm and change all occurrences of https to http.
Take a look at this post, slightly different, but i think it will answer you questions:
SSL certificate rejected trying to access GitHub over HTTPS behind firewall
You can essentially have OSX ignore the SSL Cert Verify, and accept the connection.
It turned out that my version of curl was using an old certificate to validate https.
I cam across this issue on git for cURL under Leopard:
https://github.com/mxcl/homebrew/issues/11947
And the error went away and I am now able to download https files from cURL.
This looks like an issue with curl itself, rather than OSX. What version are you using? If it's particularly old, then the reference here to a "severely outdated CA file" probably applies.
Try installing up-to-date versions of curl and git from macports.

Resources