InSecurity: mudanças entre as edições
Ir para navegação
Ir para pesquisar
| (6 revisões intermediárias pelo mesmo usuário não estão sendo mostradas) | |||
| Linha 1: | Linha 1: | ||
= | This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools. <br> | ||
There are two paths here. | |||
One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid. <br> | |||
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway. <br> | |||
Below this point there is no more explanation and use those commands at your own risk. <br> | |||
=Linux and python CA= | |||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
export SITE=wiki.clusterlab.com.br | export SITE=wiki.clusterlab.com.br | ||
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \ | openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \ | ||
sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" | sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem | ||
cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem | |||
cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Linha 10: | Linha 16: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
pip config set global.cert /etc/ssl/certs/ca-certificates.crt | pip config set global.cert /etc/ssl/certs/ca-certificates.crt | ||
pip install | pip install \ | ||
--trusted-host files.pythonhosted.org \ | |||
--trusted-host pypi.org \ | |||
--trusted-host pypi.python.org \ | |||
--trusted-host files.pythonhosted.org \ | |||
xxxxxxx --upgrade | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=Azure cli= | =Azure cli= | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
| Linha 24: | Linha 36: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
kubectl --insecure-skip-tls-verify | kubectl --insecure-skip-tls-verify | ||
alias k="kubectl --insecure-skip-tls-verify" | |||
</syntaxhighlight> | |||
=Helm= | |||
<syntaxhighlight lang=bash> | |||
cat << EOF > ~/.kube/config | |||
clusters: | |||
- cluster: | |||
server: https://cluster.mysite.com | |||
insecure-skip-tls-verify: true | |||
name: default | |||
EOF | |||
#or | |||
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=Maven= | =Maven= | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
mvn -Dmaven.wagon.http.ssl.insecure=true package | mvn -Dmaven.wagon.http.ssl.insecure=true package | ||
</syntaxhighlight> | |||
=GIT= | |||
<syntaxhighlight lang=bash> | |||
export GIT_SSL_NO_VERIFY=true | |||
git config http.sslVerify false | |||
git config --global http.sslVerify false | |||
git -c http.sslVerify=false clone https://example.com/path/to/git | |||
git config --system http.sslCAPath /path/to/cacerts | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Edição atual tal como às 13h55min de 10 de junho de 2020
This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools.
There are two paths here.
One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid.
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway.
Below this point there is no more explanation and use those commands at your own risk.
Linux and python CA
export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt
Python Pip
pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install \
--trusted-host files.pythonhosted.org \
--trusted-host pypi.org \
--trusted-host pypi.python.org \
--trusted-host files.pythonhosted.org \
xxxxxxx --upgrade
Azure cli
virtualenv -p $(which python3) azc
source azc/bin/activate
pip install pip --upgrade
pip install azure-cli
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az login --use-device-code
Kubectl
kubectl --insecure-skip-tls-verify
alias k="kubectl --insecure-skip-tls-verify"
Helm
cat << EOF > ~/.kube/config
clusters:
- cluster:
server: https://cluster.mysite.com
insecure-skip-tls-verify: true
name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
Maven
mvn -Dmaven.wagon.http.ssl.insecure=true package
GIT
export GIT_SSL_NO_VERIFY=true
git config http.sslVerify false
git config --global http.sslVerify false
git -c http.sslVerify=false clone https://example.com/path/to/git
git config --system http.sslCAPath /path/to/cacerts