InSecurity: mudanças entre as edições

De Wiki Clusterlab.com.br
Ir para navegação Ir para pesquisar
Sem resumo de edição
 
(13 revisões intermediárias pelo mesmo usuário não estão sendo mostradas)
Linha 1: Linha 1:
This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools. <br>
There are two paths here.
One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid. <br>
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway. <br>
Below this point there is no more explanation and use those commands at your own risk. <br>
=Linux and python CA=
<syntaxhighlight lang=bash>
export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
  sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
  cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
  cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt
</syntaxhighlight>
=Python Pip=
<syntaxhighlight lang=bash>
pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install \
    --trusted-host files.pythonhosted.org \
    --trusted-host pypi.org \
    --trusted-host pypi.python.org \
    --trusted-host files.pythonhosted.org \
    xxxxxxx --upgrade
</syntaxhighlight>
=Azure cli=
=Azure cli=
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
Linha 11: Linha 36:
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
kubectl --insecure-skip-tls-verify
kubectl --insecure-skip-tls-verify
alias k="kubectl --insecure-skip-tls-verify"
</syntaxhighlight>
=Helm=
<syntaxhighlight lang=bash>
cat << EOF > ~/.kube/config
clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
</syntaxhighlight>
</syntaxhighlight>
=Maven=
=Maven=
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
mvn  -Dmaven.wagon.http.ssl.insecure=true package
mvn  -Dmaven.wagon.http.ssl.insecure=true package
</syntaxhighlight>
=GIT=
<syntaxhighlight lang=bash>
export GIT_SSL_NO_VERIFY=true
git config http.sslVerify false
git config --global http.sslVerify false
git -c http.sslVerify=false clone https://example.com/path/to/git
git config --system http.sslCAPath /path/to/cacerts
</syntaxhighlight>
</syntaxhighlight>

Edição atual tal como às 13h55min de 10 de junho de 2020

This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools.
There are two paths here. One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid.
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway.
Below this point there is no more explanation and use those commands at your own risk.

Linux and python CA

export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
  sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
  cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
  cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt

Python Pip

pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install \
    --trusted-host files.pythonhosted.org \
    --trusted-host pypi.org \
    --trusted-host pypi.python.org \
    --trusted-host files.pythonhosted.org \
    xxxxxxx --upgrade

Azure cli

virtualenv -p $(which python3) azc
source azc/bin/activate
pip install pip --upgrade
pip install azure-cli
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az login --use-device-code

Kubectl

kubectl --insecure-skip-tls-verify
alias k="kubectl --insecure-skip-tls-verify"

Helm

cat << EOF > ~/.kube/config
clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository

Maven

mvn  -Dmaven.wagon.http.ssl.insecure=true package

GIT

export GIT_SSL_NO_VERIFY=true
git config http.sslVerify false
git config --global http.sslVerify false
git -c http.sslVerify=false clone https://example.com/path/to/git
git config --system http.sslCAPath /path/to/cacerts