InSecurity: mudanças entre as edições

De Wiki Clusterlab.com.br
Ir para navegação Ir para pesquisar
Linha 4: Linha 4:
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway. <br>
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway. <br>
Below this point there is no more explanation and use those commands at your own risk. <br>
Below this point there is no more explanation and use those commands at your own risk. <br>
=OpenSSL=
=Linux and python CA=
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
export SITE=wiki.clusterlab.com.br
export SITE=wiki.clusterlab.com.br

Edição das 17h10min de 28 de maio de 2020

This is a micro resume for a scenario where you are behind a firewall or a proxy with a self signed certificate and cannot use administration or development tools.
There are two paths here. One way is introducing the self signed CA into the development library or the trusted CA of the operation system. This way the tool, which thrust the chain offered by the operating system or the imported library chain will accept the self signed certificate as valid.
The other way, insecure, is when you accept or ignore the self signed certificate to proceed anyway.
Below this point there is no more explanation and use those commands at your own risk.

Linux and python CA

export SITE=wiki.clusterlab.com.br
openssl s_client -showcerts -servername $SITE -connect $SITE:443 | \
  sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > $SITE-ca.pem
  cat $SITE-ca.pem >> /home/$HOME/azc/lib/python3.6/site-packages/certifi/cacert.pem
  cat $SITE-ca.pem >> /etc/ssl/certs/ca-certificates.crt

Python Pip

pip config set global.cert /etc/ssl/certs/ca-certificates.crt
pip install xxxxxxx --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org

Azure cli

virtualenv -p $(which python3) azc
source azc/bin/activate
pip install pip --upgrade
pip install azure-cli
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az login --use-device-code

Kubectl

kubectl --insecure-skip-tls-verify

Helm

cat << EOF > ~/.kube/config
clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default
EOF
#or
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository

Maven

mvn  -Dmaven.wagon.http.ssl.insecure=true package
Disponível em “https://wiki.clusterlab.com.br/index.php?title=InSecurity&oldid=903