How can we set HTTP proxy for GCP C++ SDK?
Setting env variables using the "http_proxy" does not seem to have an effect.
Setting the SSL_CERT_FILE env variable also does not affect the SSL certificate path. CURL always seems to be using the default certificate directory.
Also, is there a way to disable SSL certificate verification in the GCP C++ SDK?
This seems like a duplicate of this question on GitHub:
https://github.com/googleapis/google-cloud-cpp/issues/5584
I have answered there.
Related
Dear Stackoverflow community. This question has been asked before, but my question is little bit different.
So I am using Elasticbeanstalk to deploy my Django Backend and RDS for database (PostgreSQL).
EB generated a link for my backend --> http://XXXXX.region.elasticbeans.com. The issue is that when I send a request from the frontend side (HTTPS), it gives a "Blocked loading mixed active content" error, which comes from HTTPS to HTTP request. As far as I am concerned I have to change configuration of the Load Balancer of my EC2 instance and add redirection. In order to successfully do that I am required to have a SSL certificate. However, when I use ACM (Certificate Manager) in order to generate one using the exact same link for the backend, it automatically rejects my request.
So my question is that what is the exact process of obtaining the SSL cert. for the default EB link, or maybe there are easier ways to redirect HTTP to HTTPS from the AWS console?
Regards.
So my question is that what is the exact process of obtaining the SSL cert. for the default EB link,
There is no process as this is not possible. You need to have your own domain (e.g. myapp.com). Only then you can setup SSL using ACM. Once you have your own domain, the full process of setting up https on EB is in AWS docs.
I am using WSO2 API manager 3.2.0 and I am faced with a probelm when I configured load balancing with Nginx and multi instance, as following :
schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
Could you please guide me how to solve it? I know that is SSL_Certificate issue and for example we can invoke api wit -inactive or deisable ssl verification in post man, but I want to solve it. I have studied in document that there is wso2carbon.jks that is default keystore , so how to solve problem with defualt key store?
The mentioned error is happening since you are using Self-Signed certificates in your environment. The cURL doesn't trust the Self-Signed certificates when trying to invoke the APIs. Therefore, if you want to overcome this behavior, you have to generate a CA-signed certificate and configure the environment.
You can refer to the following docs to generate and configure CA-signed certificate with WSO2 API Manager.
Furthermore, if this is your local setup, you can move forward with the -k flag in the cURL command to bypass and make an insecure connection with the API Manager.
Problem Summary:
Hi i have one wildcard ssl which is installed in IIS on AWS EC2 instance.
This is working fine
Now i need to create another EC2 instance and use same ssl to the new instance IIS.
Current Stage:
I created new instance and installed IIS and working fine. I have http and https inbound access so currently i can access default IIS page from outside with instance public address.
Now i installed same SSL certificate in the IIS. I configured ssl in my new website and done. But this is not working. When i try with https i got 404.
Please help me to identify the issues.
Any restriction to use wildcard in multiple instances' IIS in same account
Any correct method to do this? I don't dont want load balancer now
Update:
I tried to configure in my local machine.
Step 1: I created a sample WebAPI and run in 8090 port with http. It shows like below as expected.
Step 2: I added https bindings with my ssl certificate but not gave any host name.
Step 3: Now I added sample host name (ssltest.mydomain)
I didn't get any idea on this. Please help
Any restriction to use wildcard in multiple instances' IIS in same account
There are no restrictions on how often a certificate can be used
Any correct method to do this?
There is nothing special about it, i.e. there is no difference between installing two different certificates on two hosts or the same certificate on two hosts. You likely did something wrong but it is unclear what exactly.
Note that a HTTP response code 404 actually means that the certificate itself is working since otherwise you would get a certificate error which comes before the HTTP response. So there is likely some misconfiguration which is not related to the certificate.
I set up AWS cloudfront to work as a CDN to host some files for my site.
When I use the cloudfront integration – it works in HTTP and HTTPS.
When I use the custom domain – it only works in HTTP.
So, using dummy examples, here's what I mean:
http://www.12345.cloudfront.net/file - Works fine
https://www.12345.cloudfront.net/file - Works fine
http://www.cdn.domainname.com/file - Works fine
https://www.cdn.domainname.com/file - Prompts an insecure site warning message in browsers
I created a custom domain SSL certificate within AWS for cdn.domainname.com--as I thought that would remedy the issue. And, I added that to the cloudfront distribution, but this doesn't seem to have changed anything.
custom SSL certificates for Cloudfront have a different set of requirements than for ELB. You may need to issue a different certificate; also, it used to be that you had to import the certificate in US-East to use it in Cloudfront, not sure if that's still the case.
See details here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html#https-requirements-aws-region
and:
https://aws.amazon.com/premiumsupport/knowledge-center/custom-ssl-certificate-cloudfront/
UPDATE: I was able to fix this issue by adding both cdn.domainname.com and www.cdn.domainname.com to the SSL certificate.
I have configured HTTP end point using Amazon API gateway.
Further I have added custom domain along with SSL certificate.
However on invoking api , I am getting Execution failed due to configuration error: General SSLEngine problem.
Now what is confusing that same SSL certificate works well for other Amazon API configured apis.
The API back end is Play Web Service and is being served through Nginx.
From Cloud watch logs , I do not find much relevant information.
It is possible that the issuer of your server certificate is not trusted by API Gateway.
Just For info.
Following analysis could be one of the reason for above issue.
The mentioned problem was being faced on following configuration.
Operating System :- UBUNTU 16.04 X64
NGINX :- 1.10.X
The issue was resolved on downgrading to following configuration.
Operating system to UBUNTU 14.04 x64
NGINX to 1.4.6.
Though I am not sure , it appears to me that the problem with Nginx 1.10.x.
Execution failed due to configuration error: General SSLEngine problem is a common error in the API Gateway private integration (VPC Link) and HTTP Integration.
General SSLEngine problem can be observed in following scenarios, when Integration returns :
A certificate signed by issuers API gateway do not trust
An expired certificate
A self-signed certificate
Certificate signing chain/chain of trust is missing the root certificate or one or more intermediate certificates
Any other unrecognizable certificate-related exceptions
Read More here - https://cloudnamaste.com/general-sslengine-problem/
I faced the same issue and then I contacted my SSL Support/Company and they added the intermediate certificate into the actual SSL certificate file using JavaKeyStore - which solved the issued