InSecurity: mudanças entre as edições
Ir para navegação
Ir para pesquisar
| Linha 31: | Linha 31: | ||
kubectl --insecure-skip-tls-verify | kubectl --insecure-skip-tls-verify | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=Helm= | |||
<syntaxhighlight lang=bash> | |||
cat << EOF > ~/.kube/config | |||
clusters: | |||
- cluster: | |||
server: https://cluster.mysite.com | |||
insecure-skip-tls-verify: true | |||
name: default | |||
EOF | |||
#or | |||
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository | |||
</syntaxhighlight> | |||
=Maven= | =Maven= | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
mvn -Dmaven.wagon.http.ssl.insecure=true package | mvn -Dmaven.wagon.http.ssl.insecure=true package | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Edição das 16h33min de 28 de maio de 2020
This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools.
There are two paths here.
One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid.
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway.
Below this point there is no more explanation and use those commands at your own risk.
OpenSSL
export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt
Python Pip
pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install xxxxxxx --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org
Azure cli
virtualenv -p $(which python3) azc
source azc/bin/activate
pip install pip --upgrade
pip install azure-cli
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az login --use-device-code
Kubectl
kubectl --insecure-skip-tls-verify
Helm
cat << EOF > ~/.kube/config
clusters:
- cluster:
server: https://cluster.mysite.com
insecure-skip-tls-verify: true
name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
Maven
mvn -Dmaven.wagon.http.ssl.insecure=true package