recentpopularlog in

cacert

« earlier   
nsheridan/cashier: A self-service CA for OpenSSH
A self-service CA for OpenSSH. Contribute to nsheridan/cashier development by creating an account on GitHub.
certificate  ssh  certificate_authority  authority  cacert 
october 2019 by exnihilo
Fixing SSL CA certificates with OpenSSL from MacPorts - andatche.com
MacPorts now offers a Methode that syncs certificates from the system keychain:
<code class="language-bash">sudo port install certsync
sudo port load certsync</code>
As for the missing dependency, consider filing a bug.
openssl  macports  macos  ca  cacert  certificate  curl  maybesolution 
september 2019 by kme
LFTP FTPS and Certificate Verification » Versatile Web Solutions | https://www.versatilewebsolutions.com/
<code class="language-bash">
openssl s_client -showcerts -connect example.com:21 -starttls ftp
</code>
lftp  cryto  cacert  certificate  woes  maybesolution  troubleshooting 
april 2019 by kme
The Monkeysphere Project | http://web.monkeysphere.info/
Frequent users of ssh are familiar with the prompt given the first time you log in to a new server, asking if you want to trust the server's key by verifying the key fingerprint. Unfortunately, unless you have access to the server's key fingerprint through a secure out-of-band channel, there is no way to verify that the fingerprint you are presented with is in fact that of the server you're really trying to connect to.
pki  gpg  ssh  cacert  security  crypto 
february 2019 by kme
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them | https://support.ssl.com/
Microsofty things use the '.cer' extension (which is interchangeable with '.crt'), and are often DER-encoded. PEM-encoded certs are "ASCII (Base64) armored data" prefixed with a "-----BEGIN CERTIFICATE-----" line.

Here's how to "cat" a DER-encoded certificate:
<code class="language-bash">
openssl x509 -in certificate.der -inform der -text -noout
</code>

And here's how to convert one in that format to the format expected on a Debian GNU/Linux system:
<code class="language-bash">
openssl x509 -in cert.crt -inform der -outform pem -out cert.crt
</code>

NB: the '.crt' extension seems to be important, otherwise 'sudo update-ca-certificates' doesn't pick up on new ones that you've added to /usr/local/share/ca-certificates.
ssl  certs  cacert  certificates  openssl  sysadmin  webmaster  crypto  fuckina  solution  importexport  conversion 
january 2019 by kme
curl - ERROR: The certificate of `raw.githubusercontent.com' is not trusted - Stack Overflow | https://stackoverflow.com/
In my case, 'wget' gave a better error message than 'curl', and it told me that my organization was using a fake root CA, and 'wget' didn't recognize *its* issuer.

Solution for a Debian system at https://pinboard.in/u:kme/b:c57651a965b4 (convert issuer CA to PEM-encoded .crt, put in /usr/local/share/ca-certificates, and run 'sudo update-ca-certificates)
github  errormessage  ssl  cacert  certificates  crypto  headache 
january 2019 by kme
python - urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error - Stack Overflow | https://stackoverflow.com/
My solution was actually to install the ISSUER certificate for our organizations root CA (which hijacks GitHub, and others) into /usr/local/share/ca-certificates, then run 'sudo update-ca-certificates'.

If the certificate is available in DER format (might be the case if you got it from somewhere Microsofty), you can convert using 'openssl'.
<code class="language-bash">
openssl x509 -in YourOrgRootCA.der -inform der -outform pem -out YourOrgRootCA.crt
</code>

The '.crt' extension seems to be required, otherwise 'update-ca-certificates' won't pick up the new certificates.
python  seaborn  ssl  cacert  certificates  headache  maybesolution 
january 2019 by kme
ssl - How to add an enterprise certificate authority (CA) to git on cygwin (and some linux distros) - Stack Overflow
git-remote-https will read the following files for ca certificates:
<code>/etc/ssl/certs/ca-bundle.crt
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
</code>

If you edit these files, they will be overwritten each time the Cygwin setup is run and there is an update for the ca-certificates package.

The correct/proper solution is to add the certificate to the pick up directory and run the pickup script, update-ca-trust:
<code class="language-bash">curl -sL http://ca.pdinc.us > /etc/pki/ca-trust/source/anchors/ca.pdinc.us.pem \
&& update-ca-trust
</code>

The post install script for the ca-certificates package will automatically rerun the update-ca-trust script on every upgrade. For more information:
<code class="language-bash">man update-ca-trust</code>
cacert  certificate  openssl  curl  cygwin  sysadmin  solution 
january 2018 by kme
How to View a Certificate Fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL | Symantec | https://knowledge.symantec.com/
Seems to work, even though '-fingerprint' doesn't seem to be in the 'openssl' man page:
<code class="language-bash">
# SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]

# SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]

# MD5
openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt]</code>

If they came from Windows (in .cer) format, use '-inform der' (DER = Distinguished Encoding Rule). Der!
<code class="language-bash">
openssl x509 -inform der -in SomeIssuer.cer -fingerprint -sha1 -noout
</code>
ssl  openssl  cacert  ca  certificate  fingerprint  commandline  cli  solution 
january 2018 by kme
GitHub - nsheridan/cashier: A self-service CA for OpenSSH
"Cashier is a SSH Certificate Authority (CA).

OpenSSH supports authentication using SSH certificates. Certificates contain a public key, identity information and are signed with a standard SSH key."
cashier  pki  openssh  ca  cacert  certificate 
october 2017 by anl
Retrieving an Active Directory Certificate (Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide)
"To Retrieve an Active Directory Certificate using LDAP

Execute the following search against Active Directory:

ldapsearch -h CR-hostname -D administrator_DN -w administrator_password
-b "cn=configuration,dc=put,dc=your,dc=domain,dc=here" "cacertificate=*"

Where the administrator_DN might look like:

cn=administrator,cn=users,dc=put,dc=your,dc=domain,dc=here"
activedirectory  tls  ca  cacert  ssl  certificate  ldap 
august 2017 by anl
python - Installing via `setup.py develop` fails - pip works - Stack Overflow
"The requests package bundles ca certs in the package itself, python -c 'import pip;print(pip.download.requests.certs.where())'.

setuptools uses system installed ca certs python -c 'from setuptools import ssl_support;print(ssl_support.cert_paths)'."
python  pip  setup  setuptools  requests  cacert  ssl  tls  certificate 
february 2017 by anl

Copy this bookmark:





to read