![]() See hg help config.web if you want to configure who can. Recent openssl version should use sha256 as default. This section allows you to store usernames and passwords for use when logging into HTTP servers. Openssl x509 -req -days 360 -in sha1.csr -CA Dumm圜A-DonotTrust.pem -CAkey Dumm圜A-DonotTrust.pem -CAcreateserial -out sha256.crt -sha256 Or overwrite the algorithm while signing the existing CSR again: Openssl x509 -x509toreq -in sha1.crt -signkey sha1.key -out sha256-new.csr -sha256 You can either create a new CSR from your existing key and information from your certificate: Copy the contents from your exported certificate file, and paste them to the bottom of cacert. On my machine, the full path is C:\Program Files\TortoiseHg\hgrc.d\cacert.pem. Edit the cacert.pem file for TortoiseHg (if that’s the way you installed mercurial). If only the Signature Algorithm is too weak you can recreate the certificate only: Be sure to select X.509 Certificate (PEM), when exporting. If you key is too small you need to recreate the complete set key cert. Run openssl x509 -in yourcert.crt -noout -text and check for Public-Key: and Signature Algorithm: attributes. To get a list of supported algorithms with ECLEVEL=2 use following openssl command: openssl ciphers -s -v most cases you have chosen a rsa key with <= 1024 bit or sha1 as has algorithm for the signature. debian has increased the requirements with updates to openssl-1.1.1 see Most likely a weak crypto algorithm is part of your Key/Certificate. ![]() This makes no sense to me! Any help is appreciated! Mqttc.tls_set(dir "fullchain.pem", dir "cert.pem", dir "privkey.pem")Īnd this returns me: ssl.SSLError: _ssl.c:504: error:14090086:SSL routines:SS元_GET_SERVER_CERTIFICATE:certificate verify failed Mqttc = mqtt.Client("08-ssl-connect-crt-auth", run) Python script: import os, subprocess, socket, sys, time, struct import *ĭir = "/etc/letsencrypt/live/def on_connect(mqttc, obj, flags, rc): A python script I use from a website gives me a little bit more information ![]() Which gives me surprising little information. Running command: mosquitto_pub -h -p 8883 -t test -cafile /etc/letsencrypt/live/It mentions in my command line: Unable to connect (A TLS error occurred.).Ī more curious look inside to mosquitto.log file reveals me: 1463562141: Socket error on client, disconnecting.ġ463562154: New connection from X.X.X.X on port 8889. Yet, when I try to subscribe to the test topic, to, well, test, using this command from the client: mosquitto_sub version 1.4.8 running on libmosquitto 1.4.8. Now, when I put these files inside my /etc/mosquitto/nf: cafile /etc/letsencrypt/live/certfile /etc/letsencrypt/live/keyfile /etc/letsencrypt/live/And I was able to start the broker, v1.4.8 fine: mosquitto is running.Īnd from the log: 1457462631: mosquitto version 1.4.8 (build date Sun, 15:06:55 0000) starting These files I am also using for the SSL encryption on my website (apache2) which seems to work just fine as in my conf file: SSLCertificateFile /etc/letsencrypt/live/SSLCertificateKeyFile /etc/letsencrypt/live/Include /etc/letsencrypt/nfĪnd when going on my webserver, I see the SSL icon, and it works. Lrwxrwxrwx 1 root root 44 Mar 6 23:50 privkey.pem Lrwxrwxrwx 1 root root 46 Mar 6 23:50 fullchain.pem Lrwxrwxrwx 1 root root 42 Mar 6 23:50 chain.pem letsencrypt-auto certonly -d This has given me: lrwxrwxrwx 1 root root 41 Mar 6 23:50 cert.pem To be able to get the CA certificate, I've used the letsencrypt python command ( ). We have server certicate added in mercurial.I'm been desperately trying to get my MQTT clients to connect to my MQTT broker which is set up with a certificate from a CA (Letsencrypt). ![]() (the full certificate chain may not be available locally see "hg help debugssl")Ībort: error: certificate verify failed (_ssl.c:661)ĮRROR: Failed to clone Failed to clone FAILURE $ "C:\Program Files\THG\hg.exe" -debug -config =* -config ******** -config ******** -config "=http https" clone -rev default -noupdate Files (x86)\Jenkins\jobs\test\workspace" We have setup integration between Jenkins 2.46.3 with Mercurial and we created a jobs to pull the source code from mercurial.when we are trying to build the job it failing with below error.īuilding in workspace C:\Program Files (x86)\Jenkins\jobs\test\workspace
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |