Ubuntu18 firefox Add trust to a exsisting certificate - firefox

Im using ubuntu18 desktop and i have added the certificates i need to firefox 73.0:
/usr/share/ca-certificates/mozilla
and also added it to :
/etc/ca-certificates.conf
At the end of the file like :
mozilla/caname.crt
And run :
update-ca-certificate
now, i can see certificates are in firefox certificate list through the browser but does not have any trust box marked, so it doesnt work.
Is there a way from cli to force the trust flag on this certificates, maybe with certutil ?
I know there is a lot of ways to enter certificate to firefox using cli commands but none have worked for me, and now i was able to add the certificates using the commands above, but i need to add the trust.

Found this solution to add certificates to firefox on ubuntu :
https://github.com/mozilla/policy-templates/#proxy
Simply need to add this file to :
/usr/lib/firefox/distribution/
touch policies.json
In policies.json add:
{
"policies": {
"Certificates": {
"ImportEnterpriseRoots": true,
"Install" [
"somecert1.crt",
"usr/local/share/ca-certificates/somecert1.crt"
]
}
}
}
The install part is first the name of the cert and then the path.
And restart firefox. if somthing doesnt work try resetting firefox as if you have set somthing before it can stuck it.
This method works good without certutil

Related

Not able to change default download directory for chrome with selenium hub docker and ruby watir

After a few days of searching and experimenting with any of the solutions I could find online, I give up and want to get some help from the community.
Ruby gems (ruby 2.5.1):
watir 6.11.0
selenium-webdriver 3.4.1
Docker:
selenium/node-chrome-debug:3.14
selenium/hub:3.14
My ruby code:
prefs = {
download: {
prompt_for_download: false,
default_directory: download_directory
}
}
browser = Watir::Browser.new(:chrome, url: selenium_hub_url, options: {prefs: prefs})
Our set-up is:
Run a selenium/hub and a selenium/node-chrome-debug. Something that might be different is that we are mounting the /tmp of the base OS as /hosttmp/tmp in the node container
Make the selenium/node-chrome-debug talk to selenium/hub
Make the browser automation talk to the selenium/hub using the code provided above
The problem is that I was never able to set the default download directory. However, all other parts are working correctly. The VNC window shows the browser is working correctly despite the default download directory settings. It is always /home/seluser/Downloads
Things I have tried:
Other people's ideas such as different ways to specify the options and preferences. (e.g. using the Capabilities)
Docker security-related settings such as: --privileged --security-opt apparmor:unconfined --cap-add SYS_ADMIN
On the base OS, chmod 777 for the download_directory. The download_directory, for example, /tmp/tmp.123 on the base OS, which is mounted as /hosttmp/tmp/tmp.123 in the chrome node container, I could see it and make a few read/write operations in this folder inside the container or on the base OS
Tweaks about the interesting ruby symbol/string stuff when creating a Hash object.
Does anyone have more ideas about what could lead to this situation? What else I could try? And is there any log that I could refer to. There is no error or warning when running the code. Thanks in advance.
I'm using Java+Docker+Selenium+Chrome for automation test and also met similar issue with you. Please find my solutions below and try if it works for your case.
Don't set default download directory in the options, just leave "/home/seluser/Downloads" as it is.
When you start up the chrome node on docker, please add the parameter of volume that could transfer the downloaded files to the directory you want.
e.g. docker run -d -p 5900:5900 --link myhub:hub -v :/home/seluser/Downloads selenium/node-chrome-debug:3.14.0
In my case, the JDK environment and my test script is on Linux machine while the selenium webdriver & browser are all on docker, so once the file downloaded by browser it cannot saved directly on Linux machine, you have to mount the local directory with default directory on docker. Then you could find the file saved in the directory you want.
Thanks & Regards!
Jing
Did you define options = Selenium::WebDriver::Chrome::Options.new?
We use
options = Selenium::WebDriver::Chrome::Options.new
prefs = {
prompt_for_download: false,
default_directory: download_directory
}
options.add_preference(download: prefs)
and then you would want something like
browser = Watir::Browser.new(:chrome, url: selenium_hub_url, options: options)
But maybe the main problem is just that you are using
options: {prefs: prefs}
instead of
options: {download: prefs}
Okay, by digging into the source code of the Watir and Selenium-Webdriver, I think I know the 'root cause'.
I have created an issue since I am not sure if this is a bug or a 'feature' The issue
Also, I have a workaround for my case, in watir/capabilities.rb:
Change
#selenium_browser = browser == :remote || options[:url] ? :remote : browser
to
#selenium_browser = browser == :remote ? :remote : browser
This shouldn't be the final solution as it might not be a good idea. Will wait for what the Watir people say about this.

Codesigning a Windows build with electron-builder, on a Mac, not working

I am getting an issue code-signing a Windows .exe build, on a Mac, using a .p12 certificate generated by Apple, and stored in the Mac keychain.
My electron-builder version is: 20.28.1
And the target build i'm trying to run is a Windows ia32 build.
Codesigning works for the Mac app fine. But when trying to sign the Windows build it's not able to sign it.
If possible I would like to try and sign Windows build on a macOS machine, as I've read this is possible in the docs (I hope I've read that correctly?)
After trying to codesign I check the build using:
codesign -dv [path/to/app/appname].exe
And always get (for the Windows build only, the Mac app signs fine):
code object is not signed at all
I am building for both Mac and Windows, but for Windows I only build for the ia32 architecture at the moment. Here is what my build config looks like in my package.json
"build": {
"appId": "[my-app-id]",
"files": [
"public/**/*",
"node_modules/**/*",
"package.json"
],
"directories": {
"buildResources": "build/resources"
},
"mac": {
"category": "public.app-category.productivity",
"target": [
"dmg",
"zip"
],
"publish": {
"provider": "s3",
"bucket": "[BUCKET_NAME]",
"path": "my-path"
}
},
"win": {
"target": [
{
"target": "nsis",
"arch": [
"ia32"
]
}
],
"publish": {
"provider": "s3",
"bucket": "[BUCKET NAME]",
"path": "my-path"
}
},
"extends": null
},
And here also is how my .env file looks, where I load up environment variables for electron-builder:
export ENV_NAME=staging
export CSC_NAME='[certificatename]' #example 1A3JKJD89O
export CSC_LINK=./path/to/mycert/cert.p12
export CSC_KEY_PASSWORD='my-passowrd'
export WIN_CSC_LINK=./path/to/mycert/cert.p12
export WIN_CSC_KEY_PASSWORD='my-passowrd'
export CSC_IDENTITY_AUTO_DISCOVERY=true
export DEBUG=electron-builder
export AWS_ACCESS_KEY_ID=[AWSKEYID]
export AWS_SECRET_ACCESS_KEY=[AWSSECRETACCESSKEY]
export AWS_S3_ENDPOINT=[S3ENDPOINT]
And finally, here's the yarn command I run to package the build (this is in a yarn script)
export $(grep -v '^#' ./path/t/my/env/file/staging.env | xargs) && electron-builder -p never -mw --ia32
I am not sure what I am missing here? Would anyone have an idea of what else I would need to do?
Thanks! :)
As far as I understand you have to use compatible certificates:
https://www.electron.build/code-signing
To sign an app on Windows, there are two types of certificates:
EV Code Signing Certificate
Code Signing Certificate
Personally getting the right certificate was hard. A certificate that will work for Windows is not easy to get, I had to go through a lot of paperwork to get this done.
I hope that this article, will make your life easier:
https://blog.dcpos.ch/how-to-make-your-electron-app-sexy
Go to the section: Signed Installers
Quoting the article:
To get a Windows signing certificate, we recommend Digicert. The
documentation for Windows app signing is surprisingly bad. If you go
with the wrong vendor, they'll ask you to mail them notarized
paperwork. That makes it a slow and annoying process to get the cert.
Digicert is easier: they just send you a password via Certified Mail,
you go to the post office, show your ID to pick it up, and bam, you
get your signing certificate.
For anybody having issues actually getting the cert to use on your Mac, here's what worked for me: (I ended up getting it via windows, it's just too messy getting the cert via Mac)
Use IE 11 on Windows to REQUEST the cert (it should generate it
via your preferred cert profiders website automatically (I use Comodo as you don't need to wait for them to send a USB stick)
Once they issue you your cert, use the email link your cert providers sends you and open with the same browser that you requested it via. It should say “success”, but nothing else visually will happen.
Open IE settings, find certs in “content” and export as .PFX WITH private key. (you'll need to specify a password)
Copy the cert over to your Mac, and open in keychain.
Finally, you can now export it in .p12 format and save to your dir as specified in your app, and built/sign the app via your build command.
If anybody knows an easier way, please share!

PHPUnit + Selenium: How to set Firefox about:config options?

When running Selenium tests remotely with PHPUnit and Firefox, onChange events are not fired as they are when a user is operating the browser.
The solution to this seems to be to set the focusmanager.testmode option to true in Firefox's preferences (i.e. about:config), as suggested in a Selenium bug report.
However all the examples are using Selenium directly, while I am using PHPUnit which has its own API hiding the Selenium internals. I can't figure out how to set this Firefox option using PHPUnit, so I'm hoping someone else can tell me how this can be done!
(No, I can't go into about:config and set it myself manually because the tests create a new clean browser profile each time the tests are run, so any manual config changes are lost.)
Thanks to the Selenium developers I have a solution!
Short version
Put this in your test so that it gets called in the setUp() function:
// Firefox mini-profile that sets focusmanager.testmode=true in about:config
define('FIREFOX_PROFILE',
'UEsDBAoAAAAAADqAxkSBK46tKgAAACoAAAAIABwAcHJlZnMuanNVVAkAA1BZkVM6WZFTdXgLAAEE
6AMAAARkAAAAdXNlcl9wcmVmKCJmb2N1c21hbmFnZXIudGVzdG1vZGUiLCB0cnVlKTsKUEsBAh4D
CgAAAAAAOoDGRIErjq0qAAAAKgAAAAgAGAAAAAAAAQAAAKSBAAAAAHByZWZzLmpzVVQFAANQWZFT
dXgLAAEE6AMAAARkAAAAUEsFBgAAAAABAAEATgAAAGwAAAAAAA==');
protected function setUp()
{
$this->setDesiredCapabilities(Array('firefox_profile' => FIREFOX_PROFILE));
}
This sets focusmanager.testmode to true.
Long version
You need to create your own mini Firefox profile with the preferences you want set, and pass it along at the start of your tests. Here's how to do it:
Create a new folder and put the files you want in the Firefox profile in there. This can be anything (bookmarks, extensions, a copy of your own profile, etc.) but all we need here is a file called prefs.js which stores our about:config settings.
Create prefs.js in this folder with the following content:
user_pref("focusmanager.testmode", true);
Zip up the folder (prefs.js should be in the root of the archive), and base64 encode it.
If you're using Linux, you can do it all like this:
mkdir firefox-profile
cd firefox-profile
echo 'user_pref("focusmanager.testmode", true);' >> prefs.js
zip -r ../firefox-profile.zip *
base64 < ../firefox-profile.zip
Then take the base64 value and set it as the "firefox_profile" capability as per the short version above.

Bower calls blocked by corporate proxy

I'm trying to use Bower for a web app, but find myself hitting some sort of proxy issues:
D:\>bower search jquery
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 1.2s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 2.5s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 6.8s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 15.1s
bower retry Request to https://bower.herokuapp.com/packages/search/jquery failed with ECONNRESET, retrying in 20.3s
bower ECONNRESET Request to https://bower.herokuapp.com/packages/search/jquery failed: tunneling socket could not be established, cause=Parse Error
Relevant points:
I can browse to https://bower.herokuapp.com/packages/search/jquery and it returns a full json response.
I can use git to clone, both using the git:// protocol and http(s).
I can use NPM directly without these issues
I've tried using Fiddler to determine what's being blocked, but it doesn't detect any calls from the Bower command. I can see calls from NPM commands in Fiddler.
I've searched the Bower issues list, seen similar issues, but they either have no solution or it doesn't seem quite the same as mine.
Any ideas?
Thanks #user3259967
This did the job.
I would like to add that if you are behind a proxy that needs to be authenticated, you can add the username/password to your .bowerrc file.
{
"directory": "library",
"registry": "http://bower.herokuapp.com",
"proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/",
"https-proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/"
}
NOTICE the use of http:// in https-proxy
The solution for me is this config .bowerrc
{
"directory": "vendor",
"registry": "http://bower.herokuapp.com",
"proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"https-proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"strict-ssl": false
}
Using the http protocol in https-proxy plus registry entry with http protocol.
Remember to change 8080 port number to whatever is yours proxy server port.
Are you behind a proxy?
Have you set up environment variables HTTP_PROXY and HTTPS_PROXY?
SET HTTP_PROXY=http://yourproxyserver:yourproxyport
SET HTTPS_PROXY=http://yourproxyserver:yourproxyport
Try changing the registry value in your .bowerrc:
{
"registry": "http://bower.herokuapp.com"
}
I did not have a .bowerrc file to configure my bower settings. I found the settings living in a file called defaults.js. found under "C:\...\bower\node_modules\bower-config\lib\util\defaults.js"
I hope this helps others:
var defaults = {
'cwd': process.cwd(),
'directory': 'bower_components',
'registry': 'http://bower.herokuapp.com',
'shorthand-resolver': 'git://github.com/{{owner}}/{{package}}.git',
'tmp': paths.tmp,
'proxy': '<<http://user:pass#proxy:port>>', // change proxy here or at the top
'https-proxy': '<<http://user:pass#proxy:port>>', // change proxy here or at the top
'timeout': 30000,
'ca': { search: [] },
'strict-ssl': false,
'user-agent': userAgent,
'color': true,
'interactive': null,
'storage': {
packages: path.join(paths.cache, 'packages'),
links: path.join(paths.data, 'links'),
completion: path.join(paths.data, 'completion'),
registry: path.join(paths.cache, 'registry'),
empty: path.join(paths.data, 'empty') // Empty dir, used in GIT_TEMPLATE_DIR among others
}
};
module.exports = defaults;
you can try suggest #thebignet into same issue on GitHub
Set proxy, https-proxy and strict-ssl configuration into .bowerrc File :
{
"proxy" : "http://<host>:<port>",
"https-proxy" : "http://<host>:<port>",
"strict-ssl" : false
}
But you must run Command from terminal:
git config --global url."https://".insteadOf git://
"strict-ssl": false
in .bowerrc did for me
For Win 7.
What worked for me , are below steps as suggested at this link - read #nanowizard answer.
In .bowerrc file, remove any http_proxy / https_proxy settings that
you might have done earlier. This is important.
So final content of this file should look like :-
{
"directory": "app/bower_components"
}
Set environment variables in your pc - http_proxy and https_proxy to your corporate firewall proxy. In case, your corporate proxy requires authentication and if your password contains special characters, convert it to hex form as suggested by this link. As in my case escaping of characters with '\' did not help. Also I had to restart my system.
Note :
http_proxy and https_proxy should contain same proxy address as shown below
http_proxy = http://<user>:<password>#<your company proxy>:<port>
https_proxy= http://<user>:<password>#<your company proxy>:<port> ->Note no 's' in http://...
I am behind corporate firewall and I have to specify domain name too.
None of these answers worked for me. Here is what I did -
Downloaded CNTLM from http://cntlm.sourceforge.net/
Obviously installed it.
Open up cntml.ini and change the following
Domain your_domain_name
Username your_domain_username
Password your_domain_passowrd
PassLM 1AD35398BE6565DDB5C4EF70C0593492 (uncomment this)
PassNT 77B9081511704EE852F94227CF48A793 (uncomment this too)
Proxy http://localhost:8888
Go to services.msc and start the CNTLM Authentication service.
Download Fiddler 4/2 (whatever they call it).
Install this too. This will run in http://localhost:8888
Now whatever program you’re running forward(proxy) it to http://locahost:3128 ( that’s what CNTLM is running.)
In this case specify http.proxy and https.proxy as http://localhost:8888
This will work for other client programs. Just specify proxy as http://localhost:8888
its work for me to change in .bowerrc file
{
"directory": "client/lib",
"registry": "http://bower.herokuapp.com",
"proxy":"http://192.168.1.205:3228",
"https-proxy":"http://192.168.1.205:3228"
}
where client/lib is installation directory where do you want to install
and http://192.168.1.205:3228 is your proxy ip with port. corporate proxy can be different according to oraganization.
In addition to setting the below proxy in .bowerrc:
{
"directory": "app/bower_components",
"proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"https-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"http-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"strict-ssl": false,
"registry": "http://bower.herokuapp.com"
}
I am required to run the following commands to fix the issue:
npm cache clean
bower cache clean
bower install
The registry used in the the other answers is now deprecated. Please update it!
{
"proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"https-proxy":"http://<user>:<password>#proxy.company.com:<proxy-port>",
"registry": "https://registry.bower.io"
}
{
"directory": "library",
"registry": "http://bower.herokuapp.com",
"proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/",
"https-proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/"
}
This code worked for me. I am using Win 7 and chrome and also git bash. Here few things need to be cleared. This takes me huge time to find the actual data regarding the user name, password, proxy IP and Port. I will describe it step by step so that every learners can easily grasp the message:
Create a file in the notepad named .bowerrc in the login folder; You can go there by typing at Start>Run>%UserProfile% and press OK.
Type above code in the .bowerrc file with the following changes:
Replace <USERNAME> with your internet connection user ID or login ID
Replace <PASSWORD> with your internet connection password or login password.
Replace <PROXY_IP> and <PROXY_PORT> with the working proxy IP address and its port number.
**Note: There should be no angle brackets.**
Proxy IP should be different than your own IP.
Before using any proxy IP and port you should check it is working by changing your proxy IP and port.
You can go through this link to know the details of proxy settings at description here
From this proxy settings you will get Proxy IP and Port.
Recheck all the input so that all are correct and save and close the file.
Open git bash and change directory to the project file and type command and hit enter, in my case, git bash command:
a#a-PC MINGW32 /d/conFusion
$ bower install
It worked like magic.
In case it helps someone, I had a 'bower blocked by group policy' error.
Solution was to make an exception in CryptoPrevent, a application installed on our company computers to prevent crypto lockers.
For info, in your .bowerrc file you can add a no-proxy attribute. I don't know since when it is supported but it works on bower 1.7.4 and it solve the issue of bower behind a corporate proxy with an internal repository
.bowerrc :
{
"directory": "bower_components",
"proxy": "http://yourProxy:yourPort",
"https-proxy":"http://yourProxy:yourPort",
"no-proxy":"myserver.mydomain.com"
}
Regards
Please make sure there are no special characters in your proxy password. Convert it to hex. It works for me.

Puppet Server and Client working Good but still manifest file doesn't get executed

I am currently working on puppet using Amazon Fedora EC2 instances. Both Puppet Server and Client are working fine. I am able to create certificate from client and server is able to sign that but still whatever code I have written in manifest files doesn’t get executed.
Below mentioned is my code in Site.pp file :
class test_class {
file { “/tmp/testfile”:
ensure => present,
mode => 644,
owner => root,
group => root
}
}
node puppetclient {
include test_class
}
Here, puppetclient is the hostname of client. But still after signing certificate /tmp/testfile doesn’t get created.
DNS is also working perfectly fine. I can ping puppetserver(named as puppet) from puppet client.
Can you please tell me what must be the possible mistake ??
It's probably just a typo in the question, but the default catalog file is 'site.pp', not 'Site.pp', so try it with 'site.pp' instead.

Resources