I just tried to set up TLS on a django app hosted by Heroku PaaS. How can I verify if TLS was configured properly and that the communication is encrypted?
I tried:
curl -vI https://www.example.com
but I cannot tell if it is properly configured.
I tried:
heroku certs:info --app Appname
and it says
appname has no SSL certificates
If not set up properly but if I go to the url using chrome, I get the padlock symbol followed by 'secure'. What is going on? xD
Related
I have a problem during adding facebook login button to my website at localhost.
I've already add mysite.com to hosts file and installed django-extensions, werkzeug, pyOpenSSL. By running command python manage.py runserver_plus --cert-file cert.crt my own-made sertificate was created. I imported this certificate to Trusted Chrome sertificates but safe connection doesn't establish. When i pass https://example.com:8000/account/login/ I hit an error NET::ERR_CERT_COMMON_NAME_INVALID,
Failed to confirm that this is the server example.com. Its safety certificate refers to *. The server may be configured incorrectly or someone is trying to intercept your data.
Please help me to solve this.
I have a google appengine project running in localhost. Everything works fine until i go to the 'login' page. When i go there i get the following error:
This site can’t provide a secure connection 127.0.0.1 sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
the appengine command i use to run the project is dev_appserver.py" --host 127.0.0.1 . This is run pycharm. This only occurs in the 'login' endpoint and no other endpoint.
The console error i get is:
default: "GET /signin HTTP/1.1" 301 -
to connect over HTTPS you need a valid SSL certificate on your server here is you local server as I understand from the message. you can get a certificate for your local server but I don't think it's worth the trouble while working locally. On the other hand when you deploy to Google App Engine, you get SSL certificate automatically and it's managed by Google, that's why your code works without any problem in the deployment.
I have built a Flask-Socketio server application which works as expected when I connect to it using a javascript client via ws, but fails to connect via wss, both on localhost and when running on my Digital Ocean server. With wss, I get this error in the console (client running on Heroku):
index.js:14 WebSocket connection to 'wss://[IP_ADDRESS]/socket.io/?
EIO=3&transport=websocket' failed: Error in connection establishment:
net::ERR_CONNECTION_REFUSED
When the client is running on localhost, it causes this error:
polling-xhr.js:265 GET https://localhost:5000/socket.io/?
EIO=3&transport=polling&t=MW6p0Aj net::ERR_SSL_PROTOCOL_ERROR
The flask server is running with
socketio.run(app, host='0.0.0.0', port=443) # production
or
socketio.run(app, host="localhost", port=5000) # localhost
At first I thought it could have been an issue with the Nginx configuration or server ports not being open, however the same issue occurs with the server running on Localhost, so now I'm suspecting an issue with my Flask-Socketio application
Turns out I didn't have SSL certificates configured. I followed the instructions in this guide to create a self-signed SSL certificate and configure Nginx to use it. Now works as expected.
There are lot of issues with Flask-Socketio. With Apache server it almost doesn't works.But you are using Nginx. Refer following link on github.
https://github.com/miguelgrinberg/Flask-SocketIO/issues/298#issuecomment-408682588
Scenario
I have AWS setup for a unifi controller, I've been to access it with https://myserverip:8443, I bypass "This connection is note sucured" and use the controller normally
Now, I need to install and SSL certificate to get the hotspot payment system going.
I have a FQDN with GoDaddy so I created a subdomain unifi.mydomain.com, that points to the elastic IP, I log on with https://unifi.mydomain.com:8443
I bought the SSL certificate from GoDaddy, added the subdomain to that certificate.
I log on my AWS with SSH, generate my csr with the following command
cd /usr/lib/unifi
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom “My Company Name” City State CC*
Then I do
cd var/lib/unifi
more unifi_certificate.csr.pem
Once I get that I copy and paste it on GoDaddy, download the cert files, go back to AWS copy the files with filezilla to /usr/lib/unifi
Then I run the following command
sudo java -jar lib/ace.jar import_cert unifi_mydomain_com.crt bundlecert.crt
They import correctly, restart unifi service and reboot EC2
When I got to any of the above address I get the following
This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR
I've tried different browsers, incognito mode, vpn, etc, I believe it's just a matter of SSL or my server
Check your system.properties which sits in /var/lib/unifi/ open the file with vim or your text editor of choice.
Have a look at your HTTPS options, the important ones are the ciphers and protocols.
The Protocols you need are TLSv1 and potentially SSLv2Hello there should be no other SSL protocols in there.
The Ciphers you ideally want are TLS, so for example TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA
If you are having issues throw them all in, CAUTION! only use this in a demo /test environment.
unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
Remember once you have edited the system.properties you need to restart the controller.
sudo service unifi restart
Lots of help on the Unifi page
UniFi - SSL Certificate Error
UniFi - Explaining the config.properties File
UniFi - system.properties File Explanation
I’m trying to connect my django heroku app with cloudamqp over ssl.
Without it works fine.
To use ssl in celery I set BROKER_USE_SSL settings variable to True.
Unfortunately the default 5672 port can’t handle ssl.
So I tried to set the heroku config var CLOUDAMQP_RABBITMQ_AMQP_PORT to 443 and 5671 but both return unknown protocol.
Maybe I miss something or you have a hint.
thanks in advance
Add port :5671 to the broker url.