We are trying to enable tls to the Consul so that our Rest service(which is using self-signed certificate) will be able to register to Consul in Https mode, For enabling TLS I am following Consul documentation as well as below links
https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04
http://russellsimpkins.blogspot.in/2015/10/consul-adding-tls-using-self-signed.html
Note: I am using centos 7.2
now my service try to register to the consul but in Consul dashboard its down and on the console I am getting below error:
x509: certificate signed by unknown authority
we found the solution. we have to add the CA cert to TLS trust store instead JVM trust store for centos it is "/etc/pki/tls/certs/ca-bundle.crt"
just by appending CA certificate to this file solved our issue
Related
When i build the container of elasticsearch and the compose logs I got "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.29.0.2:9200, remoteAddress=/172.29.0.4:54642}"
And also when I curl to "https://elasticsearch:9200" i got the following curl: (60) SSL certificate problem: self signed certificate in certificate chain It might be the problem from the SSL certificate?
I have a privekey.pem and fullchain.pem files how to use them in order to solve this issue ?
Noting it is all up but kibana not connected to elasticsearch, and also i tried to disable security but i have the same error.
Unless you are using a trial license, Elastic Stack security features require SSL/TLS encryption for the transport networking layer.
This section demonstrates an easy path to get started with SSL/TLS for both HTTPS and transport using the Elasticsearch Docker image. The example uses Docker Compose to manage the containers.
APISIX uses etcd as the configuration center, I have configured and enabled mTLS in etcd for secure data transfer, how do I configure it in APISIX to make it effective?
First of all, you need to prepare a pair of client certificate and private key. Then configure it on APISIX. You can specify them in the config.yaml. The related fields are:
etcd.tls.cert: client certificate
etcd.tls.key: client private key
apisix.ssl. ssl_trusted_certificate: CA certificate to verify the ETCD server certificate
I want to configure letsencrypt ca signed certificate for my exist-db app and I have used the below two guides but could not succeed.
https://www.cirt.gov.bd/a-step-by-step-guide-to-securing-a-tomcat-server-with-letsencrypt-ssl-certificate/
How to configure SSL in Jetty with CA signed certificate properly?
Can anyone help me to dig out the issue?
It might be easier to run your existdb instance behind a nginx proxy and let nginx handle SSL connections with letsencrypt certs.
More on existdb deployment scenarios here:
https://e-editiones.org/wp-content/uploads/2020/08/Common-eXist-db-TEI-Publisher-Deployment-Scenarios.pdf
Is it possible to generate certificates via Citadel for HTTPS services? In my case, I would like to use the Elastic ECK operator to spawn a new Elasticsearch cluster + Kibana, but I don't want to use the self-signed CA (since I'd have to push that CA certificate file to all and every service that wants to connect to the ES API); rather I'd like to use another self-signed certificate authority; the one and the same that Istio uses.
My hope is that if we get around to adding Vault to the cluster + cert-manager, I can easily create new certificates with that and all HTTPS usage INSIDE the cluster.
How can I (or can I), generate TLS certificates with Istio somehow? I have SDS installed in the cluster.
This question is not about:
How to generate public certificates
cert-manager
How to turn off TLS in Elasticsearch's HTTP endpoint
I try to do GRPC client --> GCP external LB with HTTPS --> GKE with pod GRPC server
The external LB uses a google managed certificate.
The documentation states:
If you are using HTTPS or HTTP/2 from the load balancer to the backends, you must install SSL certificates on each VM instance. To install SSL certificates on a VM instance, use the instructions in your application documentation. These certificates can be self-signed.
So I developped the grpc server with a self-signed certificate.
My question is how the backend service (part of the LB) can call the GRPC server without the server.crt, i.e. the public key of the cert used in the GRPC server?
Is there a way to pass this server.crt to the backend service?
I don't see how to fulfill the documentation requirement.
Please help :)