repost: remember how to manage root cas in centos

Basically this: How to add Certificate Authority file in CentOS 7 But more importantly: Check if the so installed new CA has made it into the recognized system CAs by doing this: Reference: How do I list all available SSL CA certificates on CentOS 6

Export Website Certificate from Chrome on OSX

Sometimes there are problems to export a website certificate that is not trusted by one of the major CAs (self-signed or development certificates for example). Usually you’d open the certificate details in Chrome, then drag and drop the image icon to any folder on your computer (for example your Desktop). Then you’d double click it and import… Continue Reading Export Website Certificate from Chrome on OSX

Add root ca cert to docker-machine

When creating new docker-machine Docker nodes, one needs to add necessary root CA certificates to them in order to let them communicate with SSL protected services. The easiest, if manual, method is to copy the ca certificate (in .pem format) to /var/lib/boot2docker/certs on EVERY swarm node (if running in swarm mode).

Reminder: Make Docker trust certificates

To import a self-signed CA certificate that you want to manually trust in your Docker VM, follow these steps: Taken from: Recommended way to install CA certificate on local VM docker machine #1799 According to play-with-docker.com you can also trust a self-signed cert by doing the following: If you are running the registry locally, be… Continue Reading Reminder: Make Docker trust certificates

curl – SSL peer does not support certificates of the type it received – or how I learned that certificates have a purpose

Certificates have a purpose which is determined at creation time. They may not be used for other intentions than what they werer created for… Find some details on how I learned this lesson in this post. Continue Reading curl – SSL peer does not support certificates of the type it received – or how I learned that certificates have a purpose

Fix “error during connect: Get https://10.10.18.10:2376/v1.37/containers/json: x509: certificate has expired or is not yet valid”

So…this happened lately: $ docker ps error during connect: Get https://xx.xx.xx.xx:xxxx/vx.xx/containers/json: x509: certificate has expired or is not yet valid Browsing to the URL gave me: This site can’t provide a secure connection xx.xx.xx.xx didn’t accept your login certificate, or one may not have been provided. Try contacting the system admin. ERR_BAD_SSL_CLIENT_AUTH_CERT journalctl -u docker.service… Continue Reading Fix “error during connect: Get https://10.10.18.10:2376/v1.37/containers/json: x509: certificate has expired or is not yet valid”

A quick self-signed certificate for local development

openssl req -x509 -sha256 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 Keep in mind: This is for local development. Put in additional safety for self-signed production certs. Optional: Add the location and company information via parameter so you don’t have to manually enter it: openssl req -x509 -sha256 -newkey rsa:4096 -keyout key.pem -out cert.pem… Continue Reading A quick self-signed certificate for local development

Bypass HSTS in Chrome – thisisunsafe and badidea

If you encounte a website with an invalid certificate and chrome won’t let you access it because of HSTS being enabled, you can simply type “thisisunsafe” (Chrome v.65+) and bypass this check to access the website anyways. Hint: Before Chrome v.65 this is “badidea”. You simply click anywhere into the website, where Chrome displays the… Continue Reading Bypass HSTS in Chrome – thisisunsafe and badidea