Sometimes there are problems to export a website certificate that is not trusted by one of the major CAs (self-signed or development certificates for example). Usually you’d open the certificate details in Chrome, then drag and drop the image icon to any folder on your computer (for example your Desktop). Then you’d double click it and import… Continue Reading Export Website Certificate from Chrome on OSX
When creating new docker-machine Docker nodes, one needs to add necessary root CA certificates to them in order to let them communicate with SSL protected services. The easiest, if manual, method is to copy the ca certificate (in .pem format) to /var/lib/boot2docker/certs on EVERY swarm node (if running in swarm mode).
What the shait this has been annoying… Well, here is the bottom line: Issue Your Own Self-Signed S/MIME Certs with OpenSSL by using these two shell scripts: makeauthority.sh makecert.sh
According to play-with-docker.com you can trust a self-signed cert by doing the following: If you are running the registry locally, be sure to use your host name as the CN.To get the docker daemon to trust the certificate, copy the domain.crt file. Make sure to restart the docker daemon. The /dev/null part is to avoid the output… Continue Reading Reminder: Make Docker trust certificates
Certificates have a purpose which is determined at creation time. They may not be used for other intentions than what they werer created for… Find some details on how I learned this lesson in this post. Continue Reading curl – SSL peer does not support certificates of the type it received – or how I learned that certificates have a purpose
So…this happened lately: $ docker ps error during connect: Get https://xx.xx.xx.xx:xxxx/vx.xx/containers/json: x509: certificate has expired or is not yet valid Browsing to the URL gave me: This site can’t provide a secure connection xx.xx.xx.xx didn’t accept your login certificate, or one may not have been provided. Try contacting the system admin. ERR_BAD_SSL_CLIENT_AUTH_CERT journalctl -u docker.service… Continue Reading Fix “error during connect: Get https://10.10.18.10:2376/v1.37/containers/json: x509: certificate has expired or is not yet valid”
openssl req -x509 -sha256 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 Keep in mind: This is for local development. Put in additional safety for self-signed production certs. Optional: Add the location and company information via parameter so you don’t have to manually enter it: openssl req -x509 -sha256 -newkey rsa:4096 -keyout key.pem -out cert.pem… Continue Reading A quick self-signed certificate for local development
If you encounte a website with an invalid certificate and chrome won’t let you access it because of HSTS being enabled, you can simply type “thisisunsafe” (Chrome v.65+) and bypass this check to access the website anyways. Hint: Before Chrome v.65 this is “badidea”. You simply click anywhere into the website, where Chrome displays the… Continue Reading Bypass HSTS in Chrome – thisisunsafe and badidea