Kurinchi Blogger Scribbles …


Posts Tagged ‘ssl’

Dec 21
2016

Python PIP install: Insecure platform warning

Last updated: December 21st, 2016

Normally, installing a python module and its dependencies is done via Pip. If HTTPS is blocked in private networks, then things might get tricky and you get the following message.

InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.

To bypass this, you can issue the below command to trust pypi.python.org

$ pip install –trusted-host pypi.python.org Flask

To make sure that the needed module is installed, check it by

$ pip freeze

Dec 16
2016

Git: SSL certificate problem: unable to get local issuer certificate

Last updated: December 16th, 2016

You get this message when the system is behind a firewall and when the security certificates are blocked.

There are two ways to overcome this message and to enable a git pull or git clone.

i) Issue the below command from git bash

$ git config –global http.sslVerify false

OR

ii) Add http block in “gitconfig” file to avoid ssl verification

[http]
sslVerify = false
sslCAinfo = /bin/curl-ca-bundle.crt

May 05
2010

How to move the SSL certificates?

Last updated: May 14th, 2010

Migrating SSL certificates: CPanel, WHM

Possible Scenarios
i) Server load balancing
ii) Moving web sites between servers

Find where the SSL certificates, private keys are installed in the old server and gzip the certs
$ tar -zxcf /tmp/crt.tar.gz /etc/ssl/certs
$ tar -zxcf /tmp/priv.tar.gz /etc/ssl/private

In the new server, extract the certificates and keys to its respective folder location. Edit httpd.conf file and add the following lines

SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCACertificateFile /etc/ssl/certs/example.com.cabundle
CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined

Sample virtual host configuration setting

<VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName subdomain.example.com
    ServerAlias www.subdomain.example.com
    DocumentRoot /home/emaple/public_html
    ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key        
   SSLCACertificateFile /etc/ssl/certs/example.com.cabundle    
  CustomLog /usr/local/apache/domlogs/exampleuser-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/example.com/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/exampleuser/example.com/*.conf"
</VirtualHost>

Restart apache
$ /etc/init.d/httpd restart
(or)
$ /sbin/service httpd restart

Note: Once moving the SSL certificates to the new server, you can also use WHM or CPanel to configure the certs.

Feb 03
2010

SSL Error: Revocation information for the security certificate for this site is not available.

Last updated: February 4th, 2010

SSL Error: Revocation information for the security certificate for this site is not available. Do you want to proceed?

Solutions:
i) Install the root CA under Trusted Certificate Authority or,
ii) Add an exception to the browser filter not to check certificate revocation or,
iii) Programatically handle the SSL stream when request is made from the server

Nov 16
2009

SSL: Points to consider before choosing the right certificate

Last updated: November 16th, 2009

Points to consider before choosing the SSL certificate

i) Strength of the encryption offered by the certificates

ii) Browser comptability or recognition of the certificates. A well known brand is recognized by most of the browsers in the market

iii) If the certificate offers backward comptability across browsers offering

iv) Whether the Certification Authority (CA) is a Trusted Root or if they use a Chained Root Certificates.

v) Which web server will be used for SSL installation. Chained root certificates may be little complicated on some web servers.

vi) Nature of the application that will be served over the SSL – depending on the volume of the transactions and the value of each transaction

vii) Warranty offered by the certificate (if that matters which most certainly is when it comes to ECommerce products)


Valid HTML 4.01 Strict  Valid HTML 4.01 Strict