How to get serverless framework to use CA Cert - serverless

I'm on a corporate network. Said network requires a ca certificate for all encrypted transmissions.
I make this work using NPM by npm config set cafile /path/to/cerrname.pem
When I attempt to run serverless (or sls commands) commands of any kind I get
Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
at TLSSocket.emit (node:events:394:28)
at TLSSocket.emit (node:domain:475:12)
at TLSSocket._finishInit (node:_tls_wrap:944:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)
This "unable to get local issuer certificate" is the exact same error I get if I don't set the CA file in npm.
How can I set the CA file in serverless framework?
I have looked at this answer (Serverless Framework Login From Behind a Proxy?), which feels close, but when running the command in the accepted answer and then trying to run serverless I get the same unable to get local issuer certificate error.

I believe it's possible to address that by setting NODE_EXTRA_CA_CERTS, at least some users in the past were successful with that approach: https://github.com/serverless/serverless/issues/9548#issuecomment-857882498

Related

Xray docker image using "jf docker scan DOCKER_IMAGE:TAG --insecure-tls=true" --> error "x509: certificate signed by unknown authority"

I am trying to scan a docker image using "jf docker scan DOCKER_IMAGE:TAG --insecure-tls=true" but an error "x509: certificate signed by unknown authority" is showing up,
Here is the log :
[Warn] (Attempt 1) - Failure occurred while sending GET request to https://THE_URL/api/system/version: Get "https:///api/system/version": x509: certificate signed by unknown authority
[Info] executor timeout after 3 attempts with 0 milliseconds wait intervals
INFORMATION: When I try to send a Curl request from the terminal to the URL it works.
The issue here is that JFrog CLI cannot get the certs to trust the connection and fails. I would suggest referring to this wiki first to understand the JFrog CLI's cert validation. Overall, you should simply add the pem file of the cert to the JFROG_CLI_HOME/security/certs directory.

How to install a paid SSL (Comodo or Sectigo) to Harbor: Private Docker Registry?

I was trying to install Harbor: Private Docker Registry with Paid SSL from Sectigo(Comodo).
But when I install, I can see it was successful in web page, but not in docker login.
When I tried to docker login ~~~, then it says Error response from daemon: Get https://docker.siadev.kr/v2/: x509: certificate signed by unknown authority
What I received from SSL provider are these.
{domain}.crt, {domain}.key, AAACertificateServices.crt, AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt, SectigoRSAAddTrustCA.crt, SectigoRSADomainValidationSecureServerCA.crt, rsa-dv.chain-bundle.pem
And docker says it supports ca.crt, {domain}.cert, {domain}.key.
What crt files do I have to concat?
I placed those like,
/etc/docker/certs.d/{domain}/{domain}.cert
/etc/docker/certs.d/{domain}/{domain}.key
/etc/docker/certs.d/{domain}/ca.crt
.
If I try to login with ip or another domain, then it says Error response from daemon: Get https://{domain}/v2/: x509: certificate is valid for {domain}, not {fake_domain}.
So I assume that they are in the right place, and the problem is from wrong combine of ca.crt.
I'm not sure it's going to solve your problem but I think you should put your certificate in
/etc/docker/certs.d/$MY_REGISTR_DOMAIN:REGISTR_PORT/
folder. That's where I placed mine (they are self signed) and it works.

Jenkins Certificate Installation: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

ERR_SSL_VERSION_OR_CIPHER_MISMATCH -
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite
All I could find online regarding this error is that this may relate to RSA/DSA. I've checked this out and could not find any conflicts so I'm not sure why the error still occurs. I am using keytool to install this certificate on a Jenkins server. How can I resolve this error and install my certificate?

Self Signed Certificate in GitHub Webhook

I have got Jenkins server setup in Azure VM with self-signed certificate, when I tried to setup a webhook from GitHub server I getting error "We couldn’t deliver this payload: certificate signed by unknown authority".
Do we have any way to import my CA file into GitHub trusted entry? I have tried searching in different forums but could see any response.
Thanks,
If you have admin access to the server you can install into it's cert store.
Most likely will never work for github.com, only for github enterprise.
https://docs.github.com/en/enterprise-server#3.4/admin/configuration/configuring-your-enterprise/troubleshooting-ssl-errors#installing-self-signed-or-untrusted-certificate-authority-ca-root-certificates

Kubectl apply return certificate has expired or is not yet valid

I m using docker and kubernetes for deployment. When I try to deploy project.yaml file by running kubectl apply -f project.yaml I'm getting an error Unable to connect to the server: x509: certificate has expired or is not yet valid.
I found here https://github.com/kubernetes/kubernetes/wiki/Debugging-FAQ that is is clock issue but I don't know how to sync local clock with server one. I tried manuali setting local clock to UK time(Where server is) but it does't work.

Resources