I want to initialize the SDK and am repeatedly running into reachability fails. I'm behind an organizational proxy and I think that is the problem, although I set the necessary info as provided from the organization. I installed the SDK from the archives here: https://cloud.google.com/sdk/docs/downloads-versioned-archives (Windows 64-bit (x86_64) with Python bundled).
What is frustrating is that I managed to set it up a year ago, in the same organization with the same device. Its OS just got reinstalled since then but I expected I could install it this time, too.
So this is what I get (masked) running gcloud config list proxy/:
address = [my.proxy.host.address]
password = [my_pwd]
port = [port]
type = http
username = [user.name]
Then I run gcloud init and get the following:
ERROR: Reachability Check failed.
and httplib2 and requests modules cannot reaching urls:
httplib2 cannot reach https://accounts.google.com:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129
httplib2 cannot reach https://cloudresourcemanager.googleapis.com/v1beta1/projects:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
httplib2 cannot reach https://www.googleapis.com/auth/cloud-platform:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
httplib2 cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
requests cannot reach https://accounts.google.com:
HTTPSConnectionPool(host='accounts.google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
requests cannot reach https://cloudresourcemanager.googleapis.com/v1beta1/projects:
HTTPSConnectionPool(host='cloudresourcemanager.googleapis.com', port=443): Max retries exceeded with url: /v1beta1/projects (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
requests cannot reach https://www.googleapis.com/auth/cloud-platform:
HTTPSConnectionPool(host='www.googleapis.com', port=443): Max retries exceeded with url: /auth/cloud-platform (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
requests cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json:
HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
I am not familiar with ssl certificates, so feel a bit lost.
Related
When DocuSign tries to call my API it throws a TLS exception, how can I solve this?
Error: Exception in EnvelopeIntegration.RunIntegration: 7f48081c-4fb1-48c5-a97a-66498625a892 :: https://dapi.altertude.com/api/1/rest/feed-master/queue/GTC_Dev/apim/DocuSign/1.0.1/Docusignwebhook :: Error - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; The remote certificate is invalid according to the validation procedure.
You need to use a TLS certificate for HTTPS connections that is issued by a well-known CA, such as those listed in the Microsoft Trusted Root program. Using a self-signed certificate or any of the free certificates from untrusted CAs will not work.
I am using AWS load balancer to listen to dev.example.com and api.dev.example.com. I have added amazon managed certificates in the listener for both the subdomains. I can connect to dev.example.com successfully, but for api.dev.example.com I am getting an SSL error. I am using AWS default security policy(ELBSecurityPolicy-2016-08). I did sslscan for api.dev subdomain and got the following error
TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
OpenSSL version does not support compression
Rebuild with zlib1g-dev package for zlib support
Heartbleed:
Supported Server Cipher(s):
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Certificate information cannot be retrieved.
Why is sslscan failing for api.dev subdomain while it is successful for dev subdomain? How can I resolve this?
Second level subdomains have to be listed in the SSL certificate. If you have a *.example.com wildcard certificate the wildcard is only valid for one level. You would also need to add wildcards for other levels, like: *.dev.example.com.
This is not a limitation of AWS, it is a limitation of SSL certificates.
I'm using vSphere Client version 7.0.2.00200, facing issue when adding the Trusted Root Certificates in administration settings.
Error message: Error occurred while adding trusted root certificates: com.vmware.vapi.std.errors.Error, Certificate bearing subject CN=XXXXX,O=XXXXXXXXXXX,L=Palo Alto,ST=California,C=US is not a valid CA certificate. Please retry with a valid certificate chain
Please helpme out.
I have created a certificate with Powershell:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
I have copied the certificate to trusted root certification authorities
I have enabled certificate binding in IIS
Now if I access localhost from chrome I see the ssl connection correctly
however, if I start the connection from the web application I get the following error:
The SSL connection could not be established, see inner exception.
Request text: https://localhost/webservice/api/ImboundCall/?Telephone=5551234
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure
even with Postman same message
I am configuring a SharePoint 2013 web application to use Identiy server 3 as an identity provider, the configuration is done successfully and identiy server is added as a trusted identity token issuer to SharePoint, I have used identity server 3 Test Certificate as the signing certificate for SharePoint but every time, the redirect url gives an error occurred, this is the error in the log
An operation failed because the following certificate has validation errors: Subject Name: CN=idsrv3test Issuer Name: CN=DevRoot Thumbprint: Errors: PartialChain: A certificate chain could not be built to a trusted root authority. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate. OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline. .
SharePoint needs to have the entire certificate chain, right up to the root, added as a SPTrustedRootAuthority.
In the "Import a token signing certificate by using Windows PowerShell" section of the Configure SAML-based claims authentication with AD FS in SharePoint 2013 article:
This step must be repeated for every token signing certificate in the chain until the root certification authority is reached.
So you can either get the root certificate of the IdentityServer test certificate, which is called DevRoot or create your own self-signed certificate for token signing.