I have installed Mirth connect and it is running on https://example.com:8443 but it throwing https warning. If I run https://example.com it doesn't show any warning because ssl certificate is instaled. The issue is with the port. Please help me out from this problem.
Thanks.
Mirth Connect generates a new self-signed certificate on first startup. You can replace this with your own cert, it's the "mirthconnect" alias in the keystore.jks file. Follow the Changing The Server Certificate section in the user guide.
Related
how to add a trusted CA for local Consul docker container?
So I have a consul running as a docker container and I am able to access it using chrome at localhost:8500 after exposing the ports, as expected. But due to company setting there is a security CA being added that chrome trusts, since it is added to MacOS keychain, but consul does not seems to trust when I try to use golang library to connect to consul
x509: “Menlo Security Intermediate CA” certificate is not trusted"
I get a certificate is not trusted error. I am able to export the CA to a RootCA.cer file from the keychain but how do I configure consul image to trust this CA file?
https://iotech.force.com/edgexpert/s/article/secure-consul-tls
I see articles like this
ca_file is used to check the authenticity of the client and server connections
cert_file is provided to clients and server to verify the agent's authenticity
key_file is used with the certificate to verify the agent's authenticity
but for me, the .cer export file will be used as cert_file?
how should I do it in docker compose?
consul:
image: dockerproxy.comp.com/consul:latest
ports:
- "9500:9500"
I’m trying to implement HTTPS communication. I converted my .p7b bundle to .crt file. Also I have the private key file which has .pem extension. I’m providing my defaults.ini and sample.ini file’s screenshots below.
default.ini
sample.ini
certificate paths:
C:\Program Files\GrafanaLabs\grafana\grafana.crt
C:\Program Files\GrafanaLabs\grafana\grafana_key.pem
Error ( still can not connect via port 443)
Do you have any suggestions guys?
docker desktop on mac is getting error:
Unable to connect to the server: x509: certificate signed by unknown authority
The following answers didn't helped much:
My system details:
Operating system: macOS Big Sur Version 11.6
Docker desktop version: v20.10.12
Kubernetes version: v1.22.5
When I do:
kubectl get pods
I get the below error:
Unable to connect to the server: x509: certificate signed by unknown authority
Posting the answer from comments
As appeared after additional questions and answers, there was a previous installation of rancher cluster which left its traces: certificate and context in ~/.kube/config.
The solution in this case for local development/testing is to delete entirely ~/.kube folder with configs and init the cluster from the scratch.
If you are using a corporate laptop, and everything you do goes through a proxy, you will get this message. Hence, when docker desktop tries to connect to the server defined in ~/.kube/config, it will try to go through the proxy and you will need the cert issued by the company. Long story short, you are getting blocked by the the company... To fix, you can add the no proxy props, adding what ever value server: internal.docker defined in~/.kube/config . Meaning, if I am connecting to docker cluster which runs locally in my laptop, do not direct my traffic through proxy.
When doing docker info, after setting no proxy, you should see something like this.
docker info | grep -i proxy
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal,localhost,127.0.0.1,.local,.us.example.com,.examplecorp.com,.examplevcn.com,kubernetes.docker.internal
hubproxy.docker.internal:5000
First, thanks to all who may or may not try to help me.
My Problem: I'm trying to create an ssl certificate with Let's Encrypt. Already installed everything mentioned in the documentation. I decided to use certbot / since it seemed to be the easiest way for me to fulfill my needs.
We have freed both ports 80 and 443 and every request that comes to one of these ports are redirected to my Ubuntu 18.04 machine's internal IP address.
There are no configurations on this machine, so nothing listens on port 80 or 443, as you can see on my netstat command:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 895/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1211/sshd
tcp6 0 0 :::22 :::* LISTEN 1211/sshd
After creating the certificate I'll run a spring boot application, which should use the certificate.
As far as I understood from the documentation, it isn't required to have running applications listening on these ports. It ought be possible to create the certificate by using the standalone parameter. So I guess certbot creates a small application listening to one of these ports on it's own to verify that I'm the one, who I claim to be. Right?
placeholder.example.com is as you will assume a placeholder. I think it's obvious why I'm not publishing my domainname, when having port 80 & 443 opened.
root#urlaub:/# certbot certonly --standalone --preferred-challenges http -d placeholder.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for placeholder.example.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. placeholder.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://placeholder.example.com/.well-known/acme-challenge/jCJ4waxV0aYPxjqDI3OcBXXPReNSrse1kd6piK9Dwdo: Connection refused
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: placeholder.example.com
Type: connection
Detail: Fetching
http://placeholder.example.com/.well-known/acme-challenge/jCJ4waxV0aYPxjqDI3OcBXXPReNSrse1kd6piK9Dwdo:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
EDIT: I've had tried this a lot of times, without success. Now there are 13 .pem files in /etc/letsencrypt/keys
Can I convert them to .p12 file to use it in an spring boot application?
It was an issue with the redirection to my server machine. So the above used command works properly and I was able to create a certificate. If anyone wants to use it: go for it.
My intent was to use it in a spring boot application and needed a pkcs12 file. I was able to convert the .pem files created by certbot to a .p12 file by using following command:
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname tomcat
In your application.properties you've to put following:
server.port: PORTNUMBER
server.ssl.key-store:/etc/letsencrypt/live/<YOURDOMAIN>/keystore.p12
server.ssl.key-store-password: <PASSWORD YOU WERE PROMPTED WHEN CREATING THE CERTIFICATE>
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
With Let's Encrypt if you use HTTP validation, you will need a server serving requests on port 80 (HTTP) for placeholder.mydomain.com so that the Let's Encrypt server can download the file .well-known/acme-challenge/jCJ4waxV0aYPxjqDI3OcBXXPReNSrse1kd6piK9Dwdo. This is how Let's Encrypt validates that you have control over the domain. Note: That filename is generated dynamically and will be different each time you attempt validation.
Another option that I use is to use DNS validation and then create the special record in my DNS server. You can then create the certificates on your desktop for any service that requires SSL for that domain name.
Everything I try and connect to via https fails. Bellow is a curl output, but it does this with git mongo and everything. darwin just doesn't like https.
About to connect() to github.com port 443 (#0)
Trying 207.97.227.239... connected
Connected to github.com (207.97.227.239) port 443 (#0)
successfully set certificate verify locations:
CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
You might say not a problem just change https to http, yes this is fine when you only have
1 url like git clone but on rvm install about 50 of the required things fails to install because of this. I don't want to go into rvm and change all occurrences of https to http.
Take a look at this post, slightly different, but i think it will answer you questions:
SSL certificate rejected trying to access GitHub over HTTPS behind firewall
You can essentially have OSX ignore the SSL Cert Verify, and accept the connection.
It turned out that my version of curl was using an old certificate to validate https.
I cam across this issue on git for cURL under Leopard:
https://github.com/mxcl/homebrew/issues/11947
And the error went away and I am now able to download https files from cURL.
This looks like an issue with curl itself, rather than OSX. What version are you using? If it's particularly old, then the reference here to a "severely outdated CA file" probably applies.
Try installing up-to-date versions of curl and git from macports.