Migrating from one service to IBM Cloud for Redis.
I cannot find the correct configuration to connect using TLS. Everything I find on this is related to Heroku. and it ignores verifying the TLS/SSL connection.
I cannot find how to configure our Sidekiq/Redis to connect.
I do have a certificate from the IBM Cloud dashboard and I suspect I have to pass that along somehow.
Configure the Sidekiq.yml like this
:redis:
:url: "rediss://:< PWD >#< DB Name >:< PORT >/0"
:namespace: "app"
:ssl_params:
ca_file: 'path/to/cert'
I keep getting back the error Redis::CommandError - WRONGPASS invalid username-password pair or user is disabled.: however using these same credentials in the migration script I am able to connect to the DB, so the credentials are ok, I think it is not including the certificate correctly and I cannot find the correct way to do this
The sidekiq.yml configuration looks good to me, just make sure this has correct complete path
ca_file: 'path/to/cert'
and change the redis url to
:url: "rediss://< PWD >#< DB Name >:< PORT >/0"
further info you can read from here for TLS secured connection.
I'm not familiar with sidekiq.yml. But I've configured redlin with redis using a python script you can find here: https://github.com/IBM-Cloud/vpc-transit/blob/master/py/test_transit.py. Maybe the configuration is similar.
The relevant code is:
def vpe_redis_test(fip, resource):
"""execute a command in fip to verify postgresql is accessible"""
redis = resource["key"]
credentials = redis["credentials"]
cert_data = credentials["connection.rediss.certificate.certificate_base64"]
cli_arguments = credentials["connection.cli.arguments.0.1"]
command = f"""
#!/bin/bash
set -ex
if [ -x ./redli ]; then
echo redli already installed
else
curl -LO https://github.com/IBM-Cloud/redli/releases/download/v0.5.2/redli_0.5.2_linux_amd64.tar.gz
tar zxvf redli_*_linux_amd64.tar.gz
fi
./redli \
--long \
-u {cli_arguments} \
--certb64={cert_data} << TEST > redis.out
set foo working
enter image description here1. I have downloaded and extracted the 'opencv_contrib-master' & 'opencv-master' from Git repo.
2. cmake 3.9 version is installed.
When I run the cmake, I am getting the below error:
I am using Visual Studio 2017 and Windows 10. Any help?
This is a screnshot of the CMAkeDownloadLog.txt
ErrorLog
From ErrorLog:
#use_cache "C:/Downloads/OPENCV/opencv-master/.cache"
#do_copy "opencv_ffmpeg.dll" "b8120c07962d591e2e9071a1bf566fd0" "https://raw.githubusercontent.com/opencv/opencv_3rdparty/0a0e88972a7ea97708378d0488a65f83e7cc5e69/ffmpeg/opencv_ffmpeg.dll" "C:/OpenCV/3rdparty/ffmpeg"
#missing "C:/OpenCV/3rdparty/ffmpeg/opencv_ffmpeg.dll"
#check_md5 "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll"
#mismatch_md5 "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll" "d41d8cd98f00b204e9800998ecf8427e"
#delete "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll"
#cmake_download "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll" "https://raw.githubusercontent.com/opencv/opencv_3rdparty/0a0e88972a7ea97708378d0488a65f83e7cc5e69/ffmpeg/opencv_ffmpeg.dll"
# timeout on name lookup is not supported
# Trying 151.101.112.133...
# TCP_NODELAY set
# connect to 151.101.112.133 port 443 failed: Timed out
# Failed to connect to raw.githubusercontent.com port 443: Timed out
# Closing connection 0
As you probably noticed, CMake cannot connect to the server providing the file it needs to download. Most likely that is some problem with your network connection.
For me CMake didn't know about the company https proxy. CMake knows about this through the environment variables HTTP_PROXY and HTTPS_PROXY. If this is your problem, you can set these variables for your system. If you cannot set environment variables system wide or you just want a quick test, start up command prompt and run
set HTTP_PROXY=<your-proxy-here>
set HTTPS_PROXY=<your-proxy-here>
c:\program files\cmake\bin\cmake-gui.exe
The path to cmake may be different, if it was installed to a different location.
If this is not the cause, something else is blocking your connection. E. g. a firewall, malware protection, etc.
Environment variable
After installing rails in windows when I run command in cmd it gets an error that
the system cannot find the path specified
and second when I run command in cmd it gets an error that
ERROR: could not find a valid gem 'railties' <= 4.2.3> here is why:
unable to download data from https://rubygems.org/ - SSL_connect
returned=1 errorno=0 state=SSLv3 read server certificate B:
certificate verify failed https://api.rubygems.org/specs.4.8.gz
You are likely behind a corporate proxy that is creating fake certificates for https sites so that it can sniff https traffic. The reason this usually works is that you have the corporate certificate as a trusted root on clients, but it doesn't work for Gem because it uses certificate pinning.
The solution is either
adding the company certificate to the Gem trusted certificates: SET SSL_CERT_FILE=c:\your\company\cert.pem
changing the Gem source in your Gemfile to http instead of https (source 'https://rubygems.org' to source 'http://rubygems.org')
turning off certificate validation (by adding :ssl_verify_mode: 0 to your gemrc file, located on Windows in %USERPROFILE%\.gemrc)
Note that if you change the gem source to http or turn off certificate validation, an attacker may be able to tamper with the downloaded gems (change contents to arbitrary code). You should not normally do these.
Go to command prompt, and input the following lines.
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/, input y afterward.
Then you should be able to install gem.
For Windows with PowerShell installed
Installing Windows PowerShell
Paste this 1line code in command console: (WIN + R, cmd)
powershell -Command "& {$fname='cacert.pem'; $outpath=\"$($(Get-ChildItem Env:USERPROFILE).Value)/$fname\"; Invoke-WebRequest http://curl.haxx.se/ca/$fname -OutFile \"$outpath\"; [Environment]::SetEnvironmentVariable('SSL_CERT_FILE', \"$outpath\", 'User')}"
Script will do:
Download http://curl.haxx.se/ca/cacert.pem
Save it as %USERPROFILE%/cacert.pem ( C:\Users\__you__\cacert.pem)
Set persistent environment variable for current user SSL_CERT_FILE as %USERPROFILE%/cacert.pem
After this try to install the gem
I recently upgraded to OS X Mountain Lion, and when I run curl-config --ca I get an empty line. Details about curl:
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
The issue is that I can't run brew update unless I update the certificate because I get the following error:
Initialized empty Git repository in /usr/local/.git/
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/mxcl/homebrew.git/info/refs
fatal: HTTP request failed
Error: Failure while executing: git fetch origin
The homebrew help forums say I need to update the certificate. However, unless I can find where curl is storing the certificate, I can't update it.
EDIT: The solution presented by HeatfanJohn below:
I just noticed that there is a Macport for curl-ca-bundle. Sorry for the possibly simple question, but did you install curl or did it come preinstalled? You might want to consider installing MacPorts and then installing curl-ca-bundle using MacPorts, although looking quickly at the Portfile this MacPort appears to just put the bundle into /usr/share which you can also do manually.
The command to install from MacPorts is port install curl. Installing from MacPorts resolves the issue.
I mostly run curl on Winodws, but from the curl documentation the following should work:
If you're using the curl command line tool, you can specify your own
CA cert path by setting the environment variable CURL_CA_BUNDLE to the
path of your choice.
Then download the lastest .pem file from http://curl.haxx.se/ca/cacert.pem placing the .pem in the directory path that you specify in the CURL_CA_BUNDLE environment variable. The documentation is a little vague as to whether the environment variable points to the file or directory. I would try pointing it to the file.
On Windows, curl looks for the .pem file as file curl-ca-bundle.crt in the same directory where the curl executable lives. That may also work. I have an old MAC at home. I will test this later tonight.
curl-config --ca returns /usr/share/curl/curl-ca-bundle.crt for me.
I just noticed that there is a Macport for curl-ca-bundle. Sorry for the possibly simple question, but did you install curl or did it come preinstalled? You might want to consider installing MacPorts and then installing curl-ca-bundle using MacPorts, although looking quickly at the Portfile this MacPort appears to just put the bundle into /usr/share which you can also do manually.
I installed curl from Macports and now I have version 7.27.0 installed and it is configured to use the latest curl-ca-bundle.crt file. See below:
sams-mac:~ sam$ curl --version
curl 7.27.0 (powerpc-apple-darwin8.11.0) libcurl/7.27.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
sams-mac:~ sam$ curl-config --ca
/opt/local/share/curl/curl-ca-bundle.crt
sams-mac:~ sam$ ls -l /opt/local/bin/curl*
-rwxr-xr-x 1 root admin 147012 Aug 3 11:00 /opt/local/bin/curl
-rwxr-xr-x 1 root admin 4988 Aug 3 11:00 /opt/local/bin/curl-config
sams-mac:~ sam$
RVM is running into a certificate error when trying to download Ruby 1.9.2. It looks like curl is having a certificate issue but I am not sure how to bypass it. I have included the exact error info below.
$ rvm install 1.9.2
Installing Ruby from source to: /Users/willdennis/.rvm/rubies/ruby-1.9.2-p180, this may take a while depending on your cpu(s)...
ruby-1.9.2-p180 - #fetching
ERROR: Error running 'bunzip2 '/Users/willdennis/.rvm/archives/ruby-1.9.2-p180.tar.bz2'', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/extract.log
ruby-1.9.2-p180 - #extracting ruby-1.9.2-p180 to /Users/willdennis/.rvm/src/ruby-1.9.2-p180
ruby-1.9.2-p180 - #extracted to /Users/willdennis/.rvm/src/ruby-1.9.2-p180
Fetching yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/archives
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log. Next we'll try to fetch via http.
Trying http:// URL instead.
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log
Extracting yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/src
ERROR: Error running 'tar zxf /Users/willdennis/.rvm/archives/yaml-0.1.3.tar.gz -C /Users/willdennis/.rvm/src --no-same-owner', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/extract.log
/Users/willdennis/.rvm/scripts/functions/packages: line 55: cd: /Users/willdennis/.rvm/src/yaml-0.1.3: No such file or directory
Configuring yaml in /Users/willdennis/.rvm/src/yaml-0.1.3.
ERROR: Error running ' ./configure --prefix="/Users/willdennis/.rvm/usr" ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/configure.log
Compiling yaml in /Users/willdennis/.rvm/src/yaml-0.1.3.
ERROR: Error running '/usr/bin/make ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.log
Installing yaml to /Users/willdennis/.rvm/usr
ERROR: Error running '/usr/bin/make install', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.install.log
ruby-1.9.2-p180 - #configuring
ERROR: Error running ' ./configure --prefix=/Users/willdennis/.rvm/rubies/ruby-1.9.2-p180 --enable-shared --disable-install-doc --with-libyaml-dir=/Users/willdennis/.rvm/usr ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/configure.log
ERROR: There has been an error while running configure. Halting the installation.
How can I resolve or avoid this error?
In case any one else comes across this while trying to update to 1.9.3 (although version probably doesn't matter), check the version of rvm that you have. Wayne seems to have moved from rvm.beginrescueend.com to rvm.io. The old site's security certificate has expired, so curl's response is correct.
Updating rvm from the new site fixed this problem and allowed me to move forward.
$ \curl -L https://get.rvm.io | bash -s stable --rails --autolibs=enabled
Update: As #rodgerdpack mentioned, the command changes and I've updated the above. In general, see https://rvm.io/ for the latest.
If do not want to change the script AND you do not want to add a cert "for ever" to the cert bundle. There is a very nice and quick solution:
#to download the cert
wget http://curl.haxx.se/ca/cacert.pem
#to let curl use it for the next calls
export CURL_CA_BUNDLE=~/cacert.pem
Then run your script.
To reset the environment variable (for subsequent script calls that should not use this cert) re-login to your system or unset the environment variable:
export CURL_CA_BUNDLE=
Curl is invoked in .rvm/scripts/fetch, which by default will be in your home directory.
Edit this using your favourite text editor: for example,
nano ~/.rvm/scripts/fetch
In lines 56 and 58 (may vary with other versions of RVM, of course) you'll see two lines which begin
fetch_command="curl ...
Simply add -k after curl, save and try again.
You need to download the ca certificate from http://curl.haxx.se/ca/cacert.pem and add them to your curl-ca-bundle-new.crt file.
To find the location of this file use:
$ curl-config --ca
/usr/share/curl/curl-ca-bundle.crt
Backup your curl-ca-bundle.crt file:
$ cp /usr/share/curl/curl-ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt.old
Then you want to concatenate the two file using:
$ cat cacert.pem /usr/share/curl/curl-ca-bundle.crt >> curl-ca-bundle-new.crt
Perhaps all these complicated solutions were once necessary, but now all you need to do is first upgrade RVM and your problem will be solved:
$ rvm get stable
$ rvm reload
$ rvm install ruby-1.9.3-p194
If you don't mind disabling certificate check in curl (I don't):
echo insecure > ~/.curlrc
On Centos 5.6 (Final)
I had a problem with installing rvm 1.9.2
The error was:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /usr/local/rvm/log/ruby-1.9.2-p290/*.log. Next we'll try to fetch via http.
Trying http:// URL instead.
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: There was an error, please check /usr/local/rvm/log/ruby-1.9.2-p290/*.log
ERROR: There has been an error while trying to fetch the source.
Halting the installation.
ERROR: There has been an error fetching the ruby interpreter. Halting the installation.
Here is a list of actions which helped me to solve the problem
$ curl-config --ca # show path to the certificate
/usr/local/share/curl/curl-ca-bundle.crt
$ cd /usr/local/share/curl/ # go to that path
$ cp curl-ca-bundle.crt curl-ca-bundle.crt.bak # backup certificate
$ curl http://curl.haxx.se/ca/cacert.pem -o curl-ca-bundle.crt # download new
$ rvm install 1.9.2 # bingo it works
Btw curl version is curl 7.18.0 (to check '$ curl -V')
I was attempting to install ruby-1.9.2-p290 and came across the same problem. After running which curl and realizing that the curl instance was coming from an installation of MAMP on my system (OS X Snow Leopard), I reconfigured my PATH variable to use the system default at /usr/bin/curl. Using this version, curl 7.19.7, I had no problem installing the latest version of Ruby with RVM.
I had trouble installing 1.9.2 using RVM, here is my solution:
Download yaml-0.1.3.tar.gz from http://www.filewatcher.com/m/yaml-0.1.3.tar.gz.466845.0.0.html
Save it to /Users//.rvm/archives/yaml-0.1.3.tar.gz
Run these commands:
chmod 777 yaml-0.1.3.tar.gz
tar zxf /Users//.rvm/archives/yaml-0.1.3.tar.gz -C /Users//.rvm/src
I still got the file not found error but the installation went on to be successful
[2011-07-05 14:24:07] tar zxf /Users//.rvm/archives/yaml-0.1.3.tar.gz -C /Users//.rvm/src --no-same-owner
tar (child): /Users//.rvm/archives/yaml-0.1.3.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
Thank you Dorothy - this recipe worked for me with the following minor modifications for a Win7 environment:
For others with this issue -
Appreciate the discussion about updating the CA_Bundle - Good to do
but it didn't help with this issue - the pyyaml website cert will still
cause CURL to throw an error and since CURL is launched within the installer,
no way to add a -k option.
Ruby 1.9.2-p290 is trying to install YAML 0.1.4 so Google for a
mirror and download that version - YAML-0.1.3 will have no effect in
bypassing the issues.
You need to do the windows equivalent of CHMOD 777 - within the rvm/src
folder to the extracted files. Change security so that everyone has
ownership/all privileges and turn off the read-only attribute for all files and
folders.
The installer will still throw errors when it tries to download (CURL error), but will resume by trying to extract. The extraction will throw errors because the tarball is already extracted to the src folder. The next step of configuring YAML should work without errors if permissions in step 3 were set correctly and the installation should complete without further problems. (If installing via cygwin/bash, you will need to add a C compiler like 'gcc' and add 'ncurses' (tput command) and 'make' to the default core cygwin setup options.)
$ sudo apt-get install curl
$ curl -L https://get.rvm.io | bash -s stable --ruby with ruby
$ curl -L https://get.rvm.io | bash -s stable --rails with rails