I am trying to create and connect to my IOT Edge Hub but keep running into paho-mqtt failing on ssl.SSLCertVerificationError certificate verify failed: unable to get local issuer certificate. How do I find the temp certificate that is created from my iot edge docker image thing? Am I just going about this wrong? Both device and iot edge are running on the the computer (raspberry pi 4, buster)
https://learn.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway
This will be the helpful link, got it to work.
Related
I know from this page that there should be a way to use self-signed certificates in my LAN in order to establish encrypted connections between my computers and my local synology NAS.
In essence it says:
It has two prerequisites:
Your Diskstation must have a fixed IP address on your LAN. You must be
able to add or assign certificates to devices you want to approve your
SSL. If you can satisfy those conditions, proceed with the following
steps:
In DSM 6.0 -> Control Panel -> Security -> Certificate
Click “Add” to start the process and choose “Create self-signed
certificate”
First you create a Certificate Authority (CA) which is the master key
that will sign the site usable SSL.
However in my case (DSM 7.0-41890) I cannot see any options saying "create self signed certificate"
Does anybody know how to do this with DSM 7?
I don't need 100% security, I just want the communication between devices in my network to be encrypted. I don't want any malicious program in my network to be able to see passwords in clear text by just monitoring network traffic...
There should be a subsection called "Add a new certificate", in which you can create a new self-signed certificate. A friend told me about this, I wasnt able to check it myself, so I apologize in advance in case it does not work.
I think they remove this possibility in dsm 7, it was in 6
I have company provided Samsung S20. I have successfully installed Microsoft's Intune Company Portal App.
Then I was also able to register company portal. However after connecting to company portal, it suppose to download certificate from the company portal. But its not downloading any certificate or i dont see any notifications that it is downloaded.
Once i have the certificate, i will use it to connect to Access Point. But that's next step after i have the certificate.
1>What could be the potential issue for not downloading certificate?
2>Where and how can i view the logs?
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
4>I am connecting from home. Is there any settings i need to do on router.
Note that, I also have company provided iPhone. and I was able to install and configure everything without any issue.
1>What could be the potential issue for not downloading certificate?
It depends on what you need the certificate for. How are you issuing the certificate to the device? via configuration policy?
2>Where and how can i view the logs?
Plug the device into a computer and allow USB to transfer data and files. Should be under Android\Com.microsoftintunecompanyportal\data
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
refer to previous answer
4>I am connecting from home. Is there any settings i need to do on router.
Sounds like you're trying to get a trust certificate on the device but I would need to understand more about what you're trying to do. RIght now I'm working on a wifi profile for android devices and am using SCEP certificates to do that. But you're welcome to read this to try to gain a better understanding.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-configure
I am developing a Bot application with the Azure Bot Framework and registered the bot on Azure and enabled direct line channel.
I have tested my application in Visual Studios (IIS Express) with Conveyor by keyoti and it works fine.
Now I need to try to run in a docker container, so I can't use conveyor so I tried a ngrok tunnel service, but when I try to run the application, I am getting an error
System.Net.Http.CurlException: Peer certificate cannot be authenticated with given CA certificates
The exception is raised on turnContext.SendActivityAsync.
NB: When I load fiddler on my machine, everything works fine, so I am not sure what the issue is.
Please let me know if there is any setting I need to do to get this working.
Any advice or help will be appreciated.?
Hello Stack Overflow community, I am encountering the following errors when I try to add a node to my local computer cluster using Microsoft HPC Pack 2016:
Could not contact node 'NODE-A08' to perform change. Identity check
failed for outgoing message. The expected DNS identity of the remote
endpoint was 'HEAD-NODE01' but the remote endpoint provided DNS claim
'NODE-A08'. If this is a legitimate remote endpoint, you can fix the
problem by explicitly specifying DNS identity 'NODE-A08' as the
Identity property of EndpointAddress when creating channel proxy.
Could not contact node 'NODE-A08' to perform change. The management
service was unable to connect to the node using any of the IP
addresses resolved for the node.
Ultimately I would like to write and test my own MPI programs while using HPC Pack as my cluster manager, but I cannot seem to get past this preliminary step of setting up my cluster.
Through my research in to the issue I have found "Identity check failed for outgoing message..." to be a well documented error related to Windows Communication Foundation (WCF). My understanding is that it occurs when the common name (CN) of the endpoint computer's certificate does not match its DNS identity.
The solutions that I found where lines of code for people writing their own programs, however those solutions do not apply to HPC Pack because I cannot access its source code directly.
Some additional information specific to my situation:
the certificates used by both the head node and the node were issued
individually by a trusted domain
all computers are connect to one enterprise network
the head node's PC name is 'HEAD-NODE01'
the node's PC name is 'NODE-A08'
these errors occur during the provisioning stage of adding a node
the errors are displayed in the provisioning log within HPC Pack
2016's user interface
I was successful in pinging each computer from the other
both computers display the proper DNS IP address when I use command
prompt
the head node is running Windows Server 2012 R2
the node is preconfigured to be a workstation node and is running
Windows 10 Enterprise
Any help would be greatly appreciated. I have looked for a few days and in a lot of places for an answer, but I have not been very successful. Thank you very much in advance!
Subject names of both SSL certificates must be identical
So as many of my past questions indicate I've been working on implementing an Apple MDM service from scratch. It now works flawlessly with pretty much any iOS device we throw at it, which is nice. However when we try to enroll an OS X device, which according to Apple uses the same API, it fails miserably with an unexpected error (as apposed to excepted ones I assume).
The following 2 lines show up in the system.log:
Mar 18 15:33:05 dizzy mdmclient[23234]: *** ERROR *** [Agent:510] ProcessOTABootstrapPayload (Unable to receive OTA identity profile <InternalError:1>)
Mar 18 15:33:05 dizzy System Preferences[93537]: *** ERROR *** [CPInstallerUI:510] Profile installation (Device Enrollment (com.capasystems.enrollment.handshake )) (Unable to receive OTA identity profile <InternalError:1>
Looking through the SCEP servers logs I can see it doesn't even try to connect, before determining it can't recieve the OTA Identity profile. So I'm kind of at a loss here, I've tried troubleshooting network issues, but an iOS device on the same network works fine. I've tried using an SSL connection and a non-SSL connection. No difference.
We are using JSCEP for the SCEP server if it makes any difference. Does anyone have the faintest idea what undocumented extra infrastructure or otherwise I'm missing in order to get the whole MDM thing working on OS X?
I was having the same issue for a long time, I spent waaay too much time trying to figure this out.
For me, the answer came when I was able to successfully enroll one machine (my macbook pro, my personal machine), and unable to enroll another (a mac mini). Turns out, to enroll successfully, a valid certificate with CN=com.apple.idms.appleid.prd.XXX... is required. This certificate appears to be linked to the logged in user's iCloud account, which means if you're not logged in to an iCloud account on the machine, you don't have the certificate. After I (a) logged in to a valid iCloud account and (b) attempted to enroll in our mdm solution, this certificate showed up in the login keychain and the enrollment finished smoothly.
Hope this helps someone.
I would double check network problems. You Mac and your iPhone can be on two different networks (wired and wireless) and in such case they can have different ports accessible on SCEP server.
Also, in the case, if your SCEP server is ssl protected (as example sitting behind Apache), make sure that your Mac has root certificate installed in System Roots.
BTW. If you have something like Apache sitting upfront of SCEP server, check it logs too.
The error means the device is unable to retrieve the identity cert in the payload.. either point the identitycertuuid to scep payloaduuid or to the identity.p12 payloaduuid that you are including with the payload.