How to install company proxy certificateIIS 7.5 Unable to use self signed certificate on a per web site basis for https binding sharing port 443Install a root certificate in CentOS 6SSL certificate issueAdding trusted root certificates to the server cent osCurl: unable to get local issuer certificate. How to debug?Let's Encrypt certificate not recognized by Nginxnginx as reverse ssl proxy (Apache + Varnish) skips its own configurationcurl: (60) server certificate verification failedIIS 8.5 403.16 Untrusted Client CertificateInstall GeoTrust SSL CA - G3 certificates - curl error
How to implement float hashing with approximate equality
If 1. e4 c6 is considered as a sound defense for black, why is 1. c3 so rare?
Feels like I am getting dragged into office politics
How can I fairly adjudicate the effects of height differences on ranged attacks?
Selecting a secure PIN for building access
Was the ancestor of SCSI, the SASI protocol, nothing more than a draft?
Why do freehub and cassette have only one position that matches?
Copy line and insert it in a new position with sed or awk
Why is Thanos so tough at the beginning of "Avengers: Endgame"?
How to back up a running Linode server?
Why do money exchangers give different rates to different bills
Unidentified items in bicycle tube repair kit
LT Spice Voltage Output
Historically, were women trained for obligatory wars? Or did they serve some other military function?
Floor tile layout process?
Power LED from 3.3V Power Pin without Resistor
How can I close a gap between my fence and my neighbor's that's on his side of the property line?
What is the limiting factor for a CAN bus to exceed 1Mbps bandwidth?
How did Arya get back her dagger from Sansa?
Is balancing necessary on a full-wheel change?
Is Cola "probably the best-known" Latin word in the world? If not, which might it be?
A non-technological, repeating, phenomenon in the sky, holding its position in the sky for hours
Why was Germany not as successful as other Europeans in establishing overseas colonies?
What does air vanishing on contact sound like?
How to install company proxy certificate
IIS 7.5 Unable to use self signed certificate on a per web site basis for https binding sharing port 443Install a root certificate in CentOS 6SSL certificate issueAdding trusted root certificates to the server cent osCurl: unable to get local issuer certificate. How to debug?Let's Encrypt certificate not recognized by Nginxnginx as reverse ssl proxy (Apache + Varnish) skips its own configurationcurl: (60) server certificate verification failedIIS 8.5 403.16 Untrusted Client CertificateInstall GeoTrust SSL CA - G3 certificates - curl error
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
My CentOS 7 server which is in AWS private cloud(company network), is unable to connect to some sites. After some work I managed to narrow the problem down to following problem.
- The following internal site is not accessible (SSL by public CA)
curl -v https://git.company.com
which returns,
About to connect() to git.company.com port 443 (#0)
Trying 10.62.124.6...
Connected to git.company.com (10.62.124.6) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
- But following internal site works (SSL by public CA)
curl -v https://alm.company.com
which returns
About to connect() to alm.company.com port 443 (#0)
Trying 10.64.167.137...
Connected to alm.company.com (10.64.167.137) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
...
...
...
Accept: */*
These are both internal sites trusted by same public CA.
How can debug this further?
I ran into some solutions where they ask to install company's into the server(though i'm wondering why one site works but other one doesnt), but not sure how to install this certificate correctly.
Can someone help please?
Thanks for the help.
linux centos ssl curl
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
add a comment |
My CentOS 7 server which is in AWS private cloud(company network), is unable to connect to some sites. After some work I managed to narrow the problem down to following problem.
- The following internal site is not accessible (SSL by public CA)
curl -v https://git.company.com
which returns,
About to connect() to git.company.com port 443 (#0)
Trying 10.62.124.6...
Connected to git.company.com (10.62.124.6) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
- But following internal site works (SSL by public CA)
curl -v https://alm.company.com
which returns
About to connect() to alm.company.com port 443 (#0)
Trying 10.64.167.137...
Connected to alm.company.com (10.64.167.137) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
...
...
...
Accept: */*
These are both internal sites trusted by same public CA.
How can debug this further?
I ran into some solutions where they ask to install company's into the server(though i'm wondering why one site works but other one doesnt), but not sure how to install this certificate correctly.
Can someone help please?
Thanks for the help.
linux centos ssl curl
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
1
You could start by posting the error thatcurlreturned. Your post did not include this information.
– Michael Hampton♦
Oct 8 '18 at 19:04
add a comment |
My CentOS 7 server which is in AWS private cloud(company network), is unable to connect to some sites. After some work I managed to narrow the problem down to following problem.
- The following internal site is not accessible (SSL by public CA)
curl -v https://git.company.com
which returns,
About to connect() to git.company.com port 443 (#0)
Trying 10.62.124.6...
Connected to git.company.com (10.62.124.6) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
- But following internal site works (SSL by public CA)
curl -v https://alm.company.com
which returns
About to connect() to alm.company.com port 443 (#0)
Trying 10.64.167.137...
Connected to alm.company.com (10.64.167.137) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
...
...
...
Accept: */*
These are both internal sites trusted by same public CA.
How can debug this further?
I ran into some solutions where they ask to install company's into the server(though i'm wondering why one site works but other one doesnt), but not sure how to install this certificate correctly.
Can someone help please?
Thanks for the help.
linux centos ssl curl
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
My CentOS 7 server which is in AWS private cloud(company network), is unable to connect to some sites. After some work I managed to narrow the problem down to following problem.
- The following internal site is not accessible (SSL by public CA)
curl -v https://git.company.com
which returns,
About to connect() to git.company.com port 443 (#0)
Trying 10.62.124.6...
Connected to git.company.com (10.62.124.6) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
- But following internal site works (SSL by public CA)
curl -v https://alm.company.com
which returns
About to connect() to alm.company.com port 443 (#0)
Trying 10.64.167.137...
Connected to alm.company.com (10.64.167.137) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
...
...
...
Accept: */*
These are both internal sites trusted by same public CA.
How can debug this further?
I ran into some solutions where they ask to install company's into the server(though i'm wondering why one site works but other one doesnt), but not sure how to install this certificate correctly.
Can someone help please?
Thanks for the help.
linux centos ssl curl
linux centos ssl curl
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
edited Oct 8 '18 at 22:24
alexander.polomodov
1,0503712
1,0503712
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
asked Oct 8 '18 at 16:57
Chandima JayawickremaChandima Jayawickrema
62
62
1
You could start by posting the error thatcurlreturned. Your post did not include this information.
– Michael Hampton♦
Oct 8 '18 at 19:04
add a comment |
1
You could start by posting the error thatcurlreturned. Your post did not include this information.
– Michael Hampton♦
Oct 8 '18 at 19:04
1
1
You could start by posting the error that
curl returned. Your post did not include this information.– Michael Hampton♦
Oct 8 '18 at 19:04
You could start by posting the error that
curl returned. Your post did not include this information.– Michael Hampton♦
Oct 8 '18 at 19:04
add a comment |
1 Answer
1
active
oldest
votes
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
answered Oct 8 '18 at 22:54
potompotom
1107
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f934532%2fhow-to-install-company-proxy-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
answered Oct 8 '18 at 22:54
potompotom
1107
add a comment |
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
answered Oct 8 '18 at 22:54
potompotom
1107
add a comment |
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
answered Oct 8 '18 at 22:54
potompotom
1107
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
answered Oct 8 '18 at 22:54
potompotom
1107
edited Oct 8 '18 at 23:03
answered Oct 8 '18 at 22:54
potompotom
1107
answered Oct 8 '18 at 22:54
potompotom
1107
answered Oct 8 '18 at 22:54
potompotom
1107
1107
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f934532%2fhow-to-install-company-proxy-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
You could start by posting the error that
curlreturned. Your post did not include this information.– Michael Hampton♦
Oct 8 '18 at 19:04