I have a private gem repository hosted in the cloud and accessible via https. The certificates are valid and signed.
The problem is when deploying an app that uses this private repo to Heroku, I'm getting this output:
Retrying source fetch due to error (2/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying source fetch due to error (3/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.
Bundler Output: Fetching source index from https://mygemserver.com/
Retrying source fetch due to error (2/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying source fetch due to error (3/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Could not verify the SSL certificate for https://mygemserver.com/.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.
!
! Failed to install gems via Bundler.
!
! Push rejected, failed to compile Ruby app
It looks like it is not able to validate the certificates. I got the same problem on my local and was able to fix by running 'rvm osx-ssl-certs update'. This command updates the certificates bundle recognised by the system. How can I reproduce this behaviour in Heroku?
It turned out that we were able to fix this by appending an intermediate certificate, provided by comodo, to the certificate itself.
Related
ERR_SSL_VERSION_OR_CIPHER_MISMATCH -
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite
All I could find online regarding this error is that this may relate to RSA/DSA. I've checked this out and could not find any conflicts so I'm not sure why the error still occurs. I am using keytool to install this certificate on a Jenkins server. How can I resolve this error and install my certificate?
I was using app on two domains:
domain.com,
differentdomain.com
All calls from the app by RestClient was done on differentdomain.com. Right now i'm switching calls to domain.com because there is no need to have two different domains.
So i created subdomain different.domain.com. I have valid SSL certificate (with wildcard), properly set with nginx server.
When i enter different.domain.com in my browser i get page with valid ssl certificate. It's working ok without any bugs.
The problem is when i'm trying to call subdomain via RestClient. I'm getting this error:
RestClient::SSLCertificateNotVerified (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Do i need update cert/key somewhere else ?
Normally this SSL error indicates some issues in the certification installation such as missing intermediate certificate. You could verify your ssl certificate from https://www.ssllabs.com/ssltest/analyze.html
If you saw "Chain Issue: Incomplete", most likely you will need to re-install your intermediate certificate again (https://community.qualys.com/thread/11685)
give it a try.
I missed the end date of my SSL certificate few days ago but I did buy the renew last month. My app runs with Ruby on Rails using Heroku and CloudFront for the assets. My SSL certificate come from RapidSSL.
Here is the process I did:
I got the RapiddSSL key by email that i store in a crt file
I ran the Heroku command line heroku certs:update cert.crt server.key -- app remote production
The command line heroku certs --app remote production results with a trusted status but when I open the URL browsers warns about that untrusted certificate.
At the same time none of application assets stored on CloudFront are available (net::ERR_INSECURE_RESPONSE).
I asked for help on Heroku assistance, they told me that the SSL certificate for the app is OK but it's seems to need an update for assets certificate.
So I went to AWS console in aim to find CloudFront SSL configuration, I ended on ACM console page to give the RapidSSL certificate to resolve the problem but I cannot be sure to take the right files to do this.
What I need is to solve the access to the website and to the associated assets to ensure trust of my customers.
What did I wrong? Am I missing something?
Thanks for any help you can provide!
Generally net::ERR_INSECURE_RESPONSE error occurres in SSL certificate when the browser found the mixed content warning. Which simply means few of your content is active with HTTP and others are active with HTTPS.
Please check your content portion, if you find any content which is active with HTTP, turn in into HTTPS.
It sounds like maybe the issue might be an outdated certificate on CloudFront.
If so, you can either upload your RapidSSL certificate using aws iam upload-server-certificate, or (I'd prefer) request a new certificate that you'll only use with CloudFront from AWS Certificate Manager. The latter is free, and AWS will autoupdate the certificate before it expires.
You can start this simple and quick process by going to your CloudFront distribution in AWS Console, and clicking Edit > Request or Import a Certificate with ACM
Once that is done, you will be able to choose the certificate from the Custom Certificate dropdown at the same location (screenshot).
Note: If you upload your RapidSSL certificate, it must be uploaded to eu-east-1 (N. Virginia) in order to be used with CloudFront. Requesting ACM Certificates must also be done in this region
If you provide an URL to your website, it's easier to confirm this issue.
I scribbled some notes on this here with more details on uploading your own/RapidSSL certificate.
When I run the project with SSL I get a warning in the browser, in every browser: firefox, IE, edge, chrome. When I launch the project it doesn't show me the warning dialog and I don't know if I have any certificate installed.
How to check if I have the certificate installed and if not, how to install it?
You probably need to add your certificate to CA Root.
High level plan:
Export SSL certificate from IIS.
Import that SSL certificate into CA Root.
Here is a blog post that explains everything in detail and with screenshots.
If you use Google Chrome, you might need to close and re-open it after installing a new SSL certificate due to browser's caching.
You can use online SSL checker tool to diagnoses issues regarding SSL certificate installation.
You should check that you are using a self-signed certificate or a CA signed certificate. If it’s a self-signed certificate then your users will experience warning message when they browse your site because browsers don't recognize it.
If you have a CA signed certificate, then you received a certificate via email from trusted third-party certificate authority, which contains the root, intermediate and primary certificates. You should install all three files on your server.
You should update your all browser. Modern browsers have already implemented root certificate, so you need to configure only intermediate and primary certificate on the server.
Follow below link which may help you to add CA Root certificate in the Trusted Root Certification Authorities store. https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
I'm following link 1 to mitm my iPhone. I'm getting stuck at installing the mitm certificate on the phone.
Every bit of documentation points toward going to mimt.it once you've set up mitmproxy server to install the cert. No such luck, further more the instructions to manually install a certificate on iOS point to a password protected MIT.edu domain link 2
When attempting to install by going to mitim.it I get this error:
[+++] PokemonGo MITM Proxy listening on 8081
[!] Make sure to have the CA cert .http-mitm-proxy/certs/ca.pem installed on your device
[-] PROXY_TO_SERVER_REQUEST_ERROR on /:
[-] HTTPS_CLIENT_ERROR on :