Does Azure IoT Edge works with Zscaler proxy AND SSL inspection
Indeed, we need to check header information from IoT Edge for security reason which require to decrypt .
IoT Edge run in CentOS or Ubuntu ESX VM and Zscaler certificat can be uploaded in the OS file system
regards
You will need the Zscaler root certificate added to list of root certificates that are trusted by OpenSSL in both the edgeAgent and edgeHub modules. Without that the TLS negotiation will fail with not trusting the certificate chain from any server that they attempt to negotiation a TLS connection with. I have done this. It will work.
Related
I'm trying to run neo4j community on a vps via a docker image managed with plesk.
I am however having issues configuring the SSL certificate so I can connect to it securely from nodejs.
Currently, the error I'm getting is quite straightforward in node:
Neo4jError: Failed to connect to server.
Please ensure that your database is listening on the correct host and port and that you have
compatible encryption settings both on Neo4j server and driver. Note that the default encryption
setting has changed in Neo4j 4.0. Caused by: Server certificate is not trusted. If you trust the
database you are connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the signing
certificate, or the server certificate, to the list of certificates trusted by this driver using
`neo4j.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This is a security measure
to protect against man-in-the-middle attacks. If you are just trying Neo4j out and are not
concerned about encryption, simply disable it using `encrypted="ENCRYPTION_OFF"` in the driver
options. Socket responded with: DEPTH_ZERO_SELF_SIGNED_CERT
I've mapped the volumes as follows:
/certificates to the letsencrypt live folder for the domain db.example.com
Then I'm trying to connect to it via: bolt://db.example.com:32771
When i check via browser, the certificate being served is self-signed. I have try to add this certificate to the trusted certificates in windows but it didn't do anything at all.
Also added the path to the trusted certificates when instantiating the driver:
this._driver = neo4j.driver(process.env.Neo4jUri, token, {
encrypted: true,
trustedCertificates: ['ssl/neo4j.crt'],
});
I've also tried to copy the files within that certificate folder so that the appropriate files are named as mentioned in this article.
After upgrading a service written in F# from 4.6.1 to 4.7.2 i startet getting a classic SSL/TLS error "The request was aborted: Could not create SSL/TLS secure channel".
TLS 1.2 is enabled on all servers.
I verified with Fiddler that the old version and the new version of the application both uses TLS 1.2 as they should and have done for a long time.
The requests appears to be identical.
The service runs as a Network Service, however i get the same error if i run it as admin.
The certificate is selfsigned and placed in Trusted Root Certification Auth.
The certificate is only used to internal https between our services.
If I add the certificate to Personal certificates in certmgr the error disappears and the service works!
From my view it is as if after upgrading to 4.7.2 the Trusted Ca certificates are "ignored".
Adding the certificate to Personal when its placed in Trusted Certificates is not a solution.
I havent been able to identify the change which somehow must have been introduced in 4.7.2.
What am i missing?
I am trying to setup a remote VPN bridge to a partner router and get this error in connection: Local SSL handshake failed: Server certificate verification failed: self signed certificate in certificate chain.
I have added the cert to the local Solace router as well as added the names to the trusted names list but still not working.
What am I missing here?
This means that you have not installed the public cert of the root issuer of the remote Solace broker server cert.
In general, the trust chain of a SSL cert needs to be established. For example, if the entire of the server cert is like this:
Root > Root > Intermediate1 > Intermediate2 > Server
where > denotes "issue", and the server cert installed on the remote server (in this case a Solace broker) only has this:
Intermediate2 > Server
i.e., it contains the public certs of Intermediate2 AND Server.
Then, the client (in this case the local Solace broker) needs to be able to verify the rest of the chain:
Root
Intermediate1
This is typically known as ca-bundle in most environments. "CA" stands for Certificate Authority. Unlike other OS or browsers, Solace broker does not have any defaults installed. You'll have to install those certs / certificate authorities as per steps done in https://docs.solace.com/Configuring-and-Managing/Managing-Certificate-Authorities.htm.
WL 5.0.6, HTTP adapter, running on Liberty
We want to make simple connection from our adpater to a backend over SSL, the backend team have provided us their certificate.
Our symptom is
FWLSE0101E: Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
We have read the infocenter here but clearly have got something wrong. Steps we took
Used the JRE keystore tool to add the cert to a keystore.
Adjusted the worklight properties to point to the kaystore.
Restarted the WL Server
Any suggestions for how to diagnose or fix?
The issue in this case was that the certificate referenced hosts that were not visible to our DNS server. We worked around this by adding entries to /etc/hosts.
I cannot load HTTPS pages - I am getting page not found!
I guess this is related to the server.
What can I do to enable this?
Thanks
You can install this hotfix:
http://support.microsoft.com/kb/968730
Windows Server 2003 and Windows XP clients cannot obtain certificates
from a Windows Server 2008-based certification authority (CA) if the
CA is configured to use SHA2 256 or higher encryption
SSL Port was blocked by the firewall.
I added the port 443 to the windows firewall exceptions (TCP exception) and I managed to access the site using 'https://'