tl;dr Generate a certificate issued by own CA (see the script below) Here’s what I’ve found. Correct me where I’m wrong. There are CA’s (certificate authorities). They issue certificates (sign CSR’s) for other CA’s (intermediate CA’s), or servers (end entity certificates). Some of them are root authorities. They have self-signed certificates, issued by themselves. That … Read more
So the solution was to (first a backup) $ cd /etc/kubernetes/pki/ $ mv {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt} ~/ $ kubeadm init phase certs all –apiserver-advertise-address <IP> $ cd /etc/kubernetes/ $ mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} ~/ $ kubeadm init phase kubeconfig all $ reboot then $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config that did the job for me and thanks for your hints … Read more
After some searching and trawling through some old stackoverflow questions I’ve found a solution in a previously asked SO question: Question: Java client certificates over HTTPS/SSL Answer Java client certificates over HTTPS/SSL Here’s the code that I ended up using. // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new … Read more
This could happen if you are not running the command prompt in administrator mode. If you are using windows 7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click … Read more
Step 1: Generating a self-signed certificate: I downloaded the Certificate.cs class posted by Doug Cook I used this code to generate a .pfx certificate file: byte[] c = Certificate.CreateSelfSignCertificatePfx( “CN=yourhostname.com”, //host name DateTime.Parse(“2000-01-01”), //not valid before DateTime.Parse(“2010-01-01”), //not valid after “mypassword”); //password to encrypt key file using (BinaryWriter binWriter = new BinaryWriter( File.Open(@”testcert.pfx”, FileMode.Create))) { … Read more
-Dcom.sun.net.ssl.checkRevocation=false
You need to provide localhost as a subject alternative name when creating your certificate. You can do that by provide the following additional parameter: -ext “SAN:c=DNS:localhost,IP:127.0.0.1” So something like this: keytool -genkeypair -keyalg RSA -keysize 2048 -alias stackoverflow \ -dname “CN=stackoverflow,OU=Hakan,O=Hakan,C=NL” \ -ext “SAN:c=DNS:localhost,IP:127.0.0.1” -validity 3650 \ -storepass <password> -keypass <password> \ -keystore identity.jks -deststoretype … Read more
TLDR: Here is a better solution: https://github.com/gunthercox/ChatterBot/issues/930#issuecomment-322111087 Note that when you run nltk.download(), a window will pop up and let you select which packages to download (Download is not automatically started right away). To complement the accepted answer, the following is a complete list of directories that will be searched on Mac (not limited to … Read more
If just for development, I think you can refer the following code (available in SO): public class HttpsTrustManager implements X509TrustManager { private static TrustManager[] trustManagers; private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {}; @Override public void checkClientTrusted( X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {} @Override public void checkServerTrusted( X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException … Read more
Thanks to the contributing answer by Aleksi, I found a bug/feature request that already requested this very thing: http://bugs.python.org/issue18233. Though the changes haven’t been finalized, yet, they do have a patch that makes this available: This is the test code which I’ve stolen from some forgotten source and reassembled: import socket from ssl import wrap_socket, … Read more