I'm running grails on my local dev box (Mac OS 10.8) to host a web service over SSL using a self-signed certificate and the WeakSSL grails plugin. The problem is I'm connecting to this server through an Xcode iPhone simulator, and it's giving me an untrusted certificate error.
I've found instructions on how to install a certificate to the phone/simulator, but my question is how do I find this certificate on my machine to install?
I think if you are using grails 2.2.x you won't see the directory in ~.grails/. To find the keystore, the plugin uses a Pattern matched to Grails version 1.3.x and 2.0.x - 2.1.x.
Ideally you should see the certificates stored in ~./grails/${grailsVersion}
Have a look a the plugin code where certificates are found.
Created JIRA defect for the same.
Pattern matcher will not work for Grails version 2.2.x and above because of the below code.
import java.util.regex.Pattern
Pattern V2X = Pattern.compile("2.[01].\\d+?")
assert !V2X.matcher("2.2.0").find()
Also, consider using openssl to get the key directly from the running grails server with a command like this:
openssl s_client -connect localhost:8443
AFTER starting grails with something like this:
grails run-app -https
The output of the openssl command will have the self signed certificate that you can add to your clients trusted certificates.
Related
ERR_SSL_VERSION_OR_CIPHER_MISMATCH -
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite
All I could find online regarding this error is that this may relate to RSA/DSA. I've checked this out and could not find any conflicts so I'm not sure why the error still occurs. I am using keytool to install this certificate on a Jenkins server. How can I resolve this error and install my certificate?
I am working on a Rails application that is hosted on AWS-Beanstalk and uses RDS Aurora - PostgreSQL database.
My Application has 3 environments: Dev, Staging and Production
I saw this message on RDS console that says:
Update your Amazon RDS SSL/TLS certificates before March 5, 2020
To avoid interruption of your applications using RDS and Aurora databases, update the Certificate Authority (CA) certificates for these databases before March 5, 2020. We strongly recommend making your updates before February 5, 2020, to leave time for deployments, testing, and validation. New databases created after January 14, 2020, will default to using the new CA certificates. Make sure that you update your client applications with the new certificates first.
Later I saw that Dev and Staging's RDS instance are already upgraded to the latest SSL certificate and this message is appearing only for Production's RDS instance
So I tried to bring Dev and Staging's RDS instance to use older SSL certificate (Same as production's one) -> Downloaded the latest certificate file from https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html and then inside my config/database.yml appended these 2 lines:
production:
sslmode: 'verify-full'
sslrootcert: /path/to/cert/file
After making this change, I deployed the changes on Dev -> Result: build succeeded. Then, from RDS console, I tried upgrading SSL cert of Dev instance to latest one and it worked
There are couple of things I would like to gain more clarity
This change in YML file wasn't there before. It seems adding those lines making the environment less flexible. This can be avoid - But how?
Initially when Dev and Staging's RDS instances were upgraded to latest SSL certs my app was working but I have no idea/clue that my Dev and Staging applications are using the latest SSL certificates or not! Is there any way I can confirm that my apps are also upgraded to latest SSL/TSL certs?
RDS uses self signed certificates and hence you need to explicitly trust it in your client. Not sure which client setup you are running (I'm guessing RoR given the tags on the question), but basically you need to research on how you can add a private root CA cert into your trust store. If you had a Java client, then the way you'd do this is to download the rootCA cert file and explicitly add it to your java truststore (there are multiple ways to do this). You'd need to find the mechanism to do the same thing for your client stack, should be fairly straightforward to find that.
Use openssl and talk to your DB endpoint from your client instance and describe your certificate. The certificate detail should list the issue date and expiry of your DB's certificate, and also the issuer CA's details. You need to confirm that the CA is the new 2019 (or 2020, not sure) RDS root CA.
Something like:
openssl s_client -showcerts -servername endpoint.goes.here -connect endpoint.goes.here:3306 2>/dev/null | openssl x509 -inform pem -noout -text
I am trying to implement Elasticsearch 5.x with https(using Safeguard) and NEST client.
I am failing on, how to generate a X509certificate of Elasticsearch installed in server.
Found some code in below link how to create a NEST connection to Elasticsearch with X509 certificate.
How to use X509 certificate with the Nest Elastic Client
But I have no idea how to achieve this. I need to know how the below things:
How to generate a X509 certificate of Elasticsearch 5.x(Elasticsearch installed in a server and is accessible through some url like https://elas:9300)
What could be the value for "path_to_cert" in the above link's answer(I understood it is the path to X509 certificate file). It need to be a shared path or that certificate need to be included in application
I tried searching all the web and still no idea. Please help on this.
Thanks in advance.
Your question is not clear if it is about the Elasticsearch server to configure, or only the client. Is the server already running with SSL (is it reachable at https://elas:9300 ?). If no, then you need to create a java keystore containing a self-signed certificate (I suppose it's enough for your need). If already running in SSL and your question is only about the client, then store the certificate that you can get when browsing https://elas:9300 in this file that you suggested (path_to_cert)
I've been playing with Grails for few months and I've just build my first app. Can someone tell me how to put my grails application behind https? I used Grails 1.3.7, Spring Security Core 1.2.7.2 and deployed it on Tomcat 7. If you need more info please say so.
If you're just using Tomcat you'll need to install an SSL cert for Tomcat. The details of that process are too lengthly, IMHO, for SO. Especially when the information is readily available on the web:
Install SSL Cert
You can also run it locally during dev in https mode by appending -https to your run-app command.
I keep getting this error in my production enviroment
OpenSSL::SSL::SSLError (hostname was not match with the server certificate)
I really don't know much about certificates. I have configured rails to use sendmail. Sendmail is working well in other php applications on the server.
I use Phusion Passenger.
I also have a redmine-app which uses sendmail and also works fine (but it runs rails 2.x)
Any idea how to solve this?
This means the SSL Certificate installed on the mail server did not match its hostname.
You can disable these exceptions, but then you are vulnerable to man-in-the-middle attacks.
The other option is to get a proper SSL Certificate (or install it correctly) for your mail server.
For more on SSL Certs I suggest superuser.com