InSecurity: mudanças entre as edições
Ir para navegação
Ir para pesquisar
(→Maven) |
|||
| Linha 16: | Linha 16: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
pip config set global.cert /etc/ssl/certs/ca-certificates.crt | pip config set global.cert /etc/ssl/certs/ca-certificates.crt | ||
pip install | pip install \ | ||
--trusted-host files.pythonhosted.org \ | |||
--trusted-host pypi.org \ | |||
--trusted-host pypi.python.org \ | |||
--trusted-host files.pythonhosted.org \ | |||
xxxxxxx --upgrade | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=Azure cli= | =Azure cli= | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
Edição das 14h32min de 8 de junho de 2020
This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools.
There are two paths here.
One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid.
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway.
Below this point there is no more explanation and use those commands at your own risk.
Linux and python CA
export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt
Python Pip
pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install \
--trusted-host files.pythonhosted.org \
--trusted-host pypi.org \
--trusted-host pypi.python.org \
--trusted-host files.pythonhosted.org \
xxxxxxx --upgrade
Azure cli
virtualenv -p $(which python3) azc
source azc/bin/activate
pip install pip --upgrade
pip install azure-cli
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az login --use-device-code
Kubectl
kubectl --insecure-skip-tls-verify
Helm
cat << EOF > ~/.kube/config
clusters:
- cluster:
server: https://cluster.mysite.com
insecure-skip-tls-verify: true
name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
Maven
mvn -Dmaven.wagon.http.ssl.insecure=true package
GIT
export GIT_SSL_NO_VERIFY=true
git config http.sslVerify false
git config --global http.sslVerify false
git -c http.sslVerify=false clone https://example.com/path/to/git
git config --system http.sslCAPath /path/to/cacerts