ssl
OpenSSL: unable to verify the first certificate for Experian URL
The first error message is telling you more about the problem: verify error:num=20:unable to get local issuer certificate The issuing certificate authority of the end entity server certificate is VeriSign Class 3 Secure Server CA – G3 Look closely in your CA file – you will not find this certificate since it is an intermediary CA – … Read more
What exactly is cacert.pem for?
cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you’re talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the … Read more
CFNetwork SSLHandshake failed iOS 9
iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app’s Info.plist file. The syntax for the Info.plist configuration looks like this: If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it … Read more
SSL_ERROR_BAD_CERT_DOMAIN
SSL certificate is valid only for website without www I set my site with SSL certificate. It is on posidonia.ga but if I connect then Firefox shows this warning: “”Websites guarantee their identity through certificates. Firefox does not consider this site reliable as it uses a certificate that is not valid for www.posidonia.ga. The certificate … Read more
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The problem appears when your server has self signed certificate. To workaround it you can add this certificate to the list of trusted certificates of your JVM. In this article author describes how to fetch the certificate from your browser and add it to cacerts file of your JVM. You can either edit JAVA_HOME/jre/lib/security/cacerts file or run you … Read more
HTTPS connection Python
Python 2.x: docs.python.org/2/library/httplib.html: Note: HTTPS support is only available if the socket module was compiled with SSL support. Python 3.x: docs.python.org/3/library/http.client.html: Note HTTPS support is only available if Python was compiled with SSL support (through the ssl module). To verify if SSL is enabled, try:
Simple Java HTTPS server
What I eventually used was this: To generate a keystore: See also here. Potentially storepass and keypass might be different, in which case the ks.load and kmf.init must use storepass and keypass, respectively.
Convert .pem to .crt and .key
I was able to convert pem to crt using this:
How to generate a self-signed SSL certificate using OpenSSL?
You can do that in one command: You can also add -nodes (short for no DES) if you don’t want to protect your private key with a passphrase. Otherwise it will prompt you for “at least a 4 character” password. The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you … Read more