I want to send JSON to an endpoint using vb or C# - easy enough to do. I also think I know how to attach the .CRT file to the request. However, I am unsure how to make use of the .pem private key file? Do I attach that to the request too? I'm using.net framework 4.
Solution: You need to create a .pfx file:
openssl pkcs12 -in a.crt -inkey a.pem -export -out a.pfx
and then add that to your request as shown here.
Related
I have to authenticate the openshift cluster via .kube/config file. For that, I have generated a x509 client certificate and key using OpenSSL.I converted that certificate into .pem format using the following command x509 -in xyz.crt -out xyz.pem -outform PEM I had generated one .kube/config file for openshift authentication I put the ca.pem, xyz.pem and xyz_key.pem into that openshift .kube/config file.But I am
facing Error like error tls- failed to find any PEM data in certificate input
Kinds regard and thank you for your patience.
I'm using PhpStorm 2018.2 and attempting to connect to remote host using SSH key (I can connect via ssh on terminal).
When I enter the (newly created) rsa key into the remote host settings I get the error "'{path/to/key}_rsa' is corrupt or has unknown format" ... see image attached.
I have seen some bits about converting the key to an ssh2 key using this command
ssh-keygen -e -f ~/.ssh/key_rsa > ~/.ssh/key_rsa_ssh2
and using that in PhpStorm instead but with no luck.
To expand on #eugenemorozov's answer. I had to do these 2 points.
add the private key(s) to ssh-agent using ssh-add command;
i did this by following this guide.
choose OpenSSH Config and authentication agent authentication type option when configuring SFTP Deployment Connection options.
The SSH library we use doesn't support these keys.
We're looking for solutions currently, as a workaround, please use ssh-agent and choose this authentication type in the Deployment Configuration.
https://youtrack.jetbrains.com/issue/PY-24325
What worked for me was to convert the key in puttygen, like this: https://youtrack.jetbrains.com/issue/IDEA-284623
Currently, I have used the MySQL 6.5 and PostgreSQL 9.5 version. I need to enable(Configure) SSL in both servers. I have now (.pfx) SSL certificate. Can you please suggest me to how to configure the SSL in both servers. I have searched a lot of documents on online but I didn't get any clear idea about that.
OS: Windows 10
For PostgreSQL you will need a crt and key file.
To get the crt, Key file you can use following commands -
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
Note you may have to use pkcs8/pkcs7 depending on your pfx file.
this is now to be used in your postgresql.conf file, refer the article to identify the attributes that you need to set in here - https://www.postgresql.org/docs/9.5/static/runtime-config-connection.html
keys are - ssl_cert_file ,ssl_key_file
I'm an utter newbie so forgive what may be a stupid question, but when I am trying to pass the location of my service account key file using Google Cloud Platform, I am receiving the message:
WARNING: .p12 service account keys are not recomended unless it is necessary for
backwards compatability. Please switch to a newer .json service account key for
this account.
ERROR: (gcloud.auth.activate-service-account) PyOpenSSL is not available. If you
have already installed PyOpenSSL, you will need to enable site packages by sett
ing the environment variable CLOUDSDK_PYTHON_SITEPACKAGES to 1. If that does not
work, see https://developers.google.com/cloud/sdk/crypto for details or consider using .json private key instead.
However I selected and downloaded a JSON key. Can anyone tell me what is happening and how to get around this? Not sure if I'm providing enough info so please ask if you need details. Thanks!
The error indicates that you're possibly using a deprecated p12 format service account key file (as well as unable to find the required crypto libraries for reading keys in that format) instead of the json format.
You might want to double confirm that the key file you downloaded is indeed JSON. A quick way to verify this is by opening this file in some text editor of if you're on *nix or OS X, you can just use cat. I've shown an example json service account key file:
$ cat my-service-account-key.json
{
"type": "service_account",
"project_id": "PROJECT_NAME",
"private_key_id": "YOUR_PRIVATE_KEY_ID",
"private_key": "-----BEGIN PRIVATE KEY-----\nYOUR_PRIVATE_KEY\n-----END PRIVATE KEY-----\n",
"client_email": "SERVICE_ACCOUNT_NAME#PROJECT_NAME.iam.gserviceaccount.com",
"client_id": "CLIENT_ID",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "URL",
}
To activate the service account you will have to run the gcloud auth activate-service-account command:
gcloud auth activate-service-account --key-file=/path/to/service-account-key.json
The key must be encoded based on base64, you can do it with the following bash command:
$ cat key_file.json | base64
Please take a look at gcloud setup instructions at:
https://github.com/GoogleCloudPlatform/github-actions/tree/master/setup-gcloud#inputs
I am setting up automated deployment pipeline for my website ,as part of it i have to automate Api import using VSTS RM . I have achieved this using custom PS scripts in VSTS tasks. I have used swagger url to import
i.e
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
To Improve the security we have implemented to redirect the http request https which is secured by client certificate. Here comes the problem.
Now we are not able to use above command to import which is returning 403 forbidden error as API manager don't have option to bypass certificate validation. what can be done to solve this ?
Even i have tried to invoke-webrequest the url with specific cert and to import the API which worked fine in my local machine.
$swaggerurl="https://mywebapp.org/swagger/docs/1"
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("xyz.cer")
$test=Invoke-WebRequest -Uri "$swaggerurl" -Certificate $cert
$test.statuscode
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
But not in VSTS Inline power shell. It is not accepting certificate value and returning 403 forbidden error.
Please let me know how to resolve this ?
Issue :
1.Unable to import to API manager due to https client certificate validation on swagger url.
VSTS inline power shell not accepting certificate parameter details even though i use the right cert. Same case works in local machine. is there any limitation in VSTS inline power shell.
Thanks in advance.
Using Azure PowerShell step/task instead. (Include in Deploy category)
For this to work, API Management service needs to make the WebRequest on your behalf to the url, with a ClientCertificate in the Request.
We currently don't provide that option to call Import-AzureRmApiManagementApi with a Client Certificate.
Only available option is to make WebRequest using Powershell (Invoke-RestMethod), download the swagger to a local file and use the -SpecificationPath parameter in the cmdlet
This issue has been resolved by changing the private agent to run as admin account. Now Everything works as expected :)
Import of API using VSTS private agent