I am trying to implement Elasticsearch 5.x with https(using Safeguard) and NEST client.
I am failing on, how to generate a X509certificate of Elasticsearch installed in server.
Found some code in below link how to create a NEST connection to Elasticsearch with X509 certificate.
How to use X509 certificate with the Nest Elastic Client
But I have no idea how to achieve this. I need to know how the below things:
How to generate a X509 certificate of Elasticsearch 5.x(Elasticsearch installed in a server and is accessible through some url like https://elas:9300)
What could be the value for "path_to_cert" in the above link's answer(I understood it is the path to X509 certificate file). It need to be a shared path or that certificate need to be included in application
I tried searching all the web and still no idea. Please help on this.
Thanks in advance.
Your question is not clear if it is about the Elasticsearch server to configure, or only the client. Is the server already running with SSL (is it reachable at https://elas:9300 ?). If no, then you need to create a java keystore containing a self-signed certificate (I suppose it's enough for your need). If already running in SSL and your question is only about the client, then store the certificate that you can get when browsing https://elas:9300 in this file that you suggested (path_to_cert)
Related
I'm trying to run neo4j community on a vps via a docker image managed with plesk.
I am however having issues configuring the SSL certificate so I can connect to it securely from nodejs.
Currently, the error I'm getting is quite straightforward in node:
Neo4jError: Failed to connect to server.
Please ensure that your database is listening on the correct host and port and that you have
compatible encryption settings both on Neo4j server and driver. Note that the default encryption
setting has changed in Neo4j 4.0. Caused by: Server certificate is not trusted. If you trust the
database you are connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the signing
certificate, or the server certificate, to the list of certificates trusted by this driver using
`neo4j.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This is a security measure
to protect against man-in-the-middle attacks. If you are just trying Neo4j out and are not
concerned about encryption, simply disable it using `encrypted="ENCRYPTION_OFF"` in the driver
options. Socket responded with: DEPTH_ZERO_SELF_SIGNED_CERT
I've mapped the volumes as follows:
/certificates to the letsencrypt live folder for the domain db.example.com
Then I'm trying to connect to it via: bolt://db.example.com:32771
When i check via browser, the certificate being served is self-signed. I have try to add this certificate to the trusted certificates in windows but it didn't do anything at all.
Also added the path to the trusted certificates when instantiating the driver:
this._driver = neo4j.driver(process.env.Neo4jUri, token, {
encrypted: true,
trustedCertificates: ['ssl/neo4j.crt'],
});
I've also tried to copy the files within that certificate folder so that the appropriate files are named as mentioned in this article.
I'm trying to create a development enviroment using nginx, mysql and php. I want to have a self signed SSL certificate configured because in productions I'll use ssl connections as well.
For php and mysql I had no problems, but for nginx and struggling to make it work. I'm using MarvAmBass/docker-nginx-ssl-secure image (https://github.com/MarvAmBass/docker-nginx-ssl-secure) but when accessing the site I get the SEC_ERROR_UNKNOWN_ISSUER error in Firefox (invalid ssl certificate).
I've replaced the CN var in the command to create the self certificate but doesn't seem to affect.
I don't know if maybe there's another image I can use (I'm pretty new to the docker world).
Thanks in advance
If the certificate is not authorized by the valid CA(Certificate Authority), then you will notice SEC_ERROR_UNKNOWN_ISSUER on Mozilla. It is recommended to use the certificates provided by your CA(Certificate Authority).
ERROR:(You can't able to connect server without SSL certificate)
I have to use fullchain.pem file. How can I use that fullchain.pem file in my project to access the server and retrive the secure information from the server(fullchain.pem file was given by my backend team)
Please help me...
Advanced Thanks
I have Rails app running behind Nginx using Passenger. SSL is configured at Nginx side in server block and works fine. Now I need specify separate certificate on certain path, say for https://example.com/blablabla.
I need this because of constrains of some system I working with.
A certificate identifies a server and not a path inside the server. The path is only known after the SSL handshake is done, that is after the certificate was already provided. Thus it is not possible to have one certificate for a specific path and another certificate for another path and the same hostname.
I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...
The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.