I requested a SSL certificate in AWAS Certificate Manager with my own domain, then setup an Elastic Load Balancer forwarding to an EC2 instance which has a Python API running on port 5070.
Load Balancer
443 Rule
Target Group
I can get response from http URL, but https is not working, got the below error
The requested URL can’t provide a secure connection
The URL sent an invalid response.
Learn more about this problem.
net::ERR_SSL_PROTOCOL_ERROR
Any idea on this problem?
Related
Currently my client side HTTPS request code looks like this:
resp = requests.post(endpoint_predict_v100, files={'image': open(file_path, 'rb')}, verify=client_auth,
cert=(client_cert_path, client_secret_path))
This is an HTTPS request, the server root CA is client_auth and the client certificate and key are client_cert_path and client_secret_path.
because my server code is deployed and I cannot change much on that side, I am wondering if I can do the following on the client side:
enable server authentication only when the server root CA is provided by the client
enable client authentication only when the client cert and key are provided by the client.
I have found out that I am able to do the first thing, "enable server authentication only when the server root CA is provided by the client", by passing verify=False if the server root CA is not presented on the client side., referring to the Python requests docs. However, when I try to remove the cert=(client_cert_path, client_secret_path), the request will fail, throwing this error:
ssl.SSLError: [SSL] tlsv13 alert certificate required (_ssl.c:2570)
It seems that this error is suggesting I must pass in the client cert and key to make the server accept my request. but is there a way to disable client authentication on the client side, when the client cert and key are not present?
ssl.SSLError: [SSL] tlsv13 alert certificate required (_ssl.c:2570)
... is there a way to disable client authentication on the client side, when the client cert and key are not present?
The alert you get is because the server is requiring the client certificate. Since it is required by the server it is not sufficient to change some client side behavior only. This is similar to a server requesting authentication by password - this cannot be simply skipped in the client too.
With many servers there is a way to have client certificates optional, i.e. request a client certificate but don't insist that one is sent. How to do this with your specific server and if it is supported by your server at all is unknown though.
On a python app, i send a request post through a socks proxy of nordvpn :
(los-angeles.us.socks.nordhold.net)
prox = {'https':'socks5://user:pass#host:port'}
requests.post(url, proxies=prox, data=data)
While this code works on my local windows environnement, the request been sent and received, the code gets an error when the app is hosted on a shared server.
socks.ProxyConnectionError: Error connecting to SOCKS5 proxy los-angeles.us.socks.nordhold.net:1080:
[Errno 111] Connection refused
Hoster says i need a root ssh access from a dedidated server. But how would it help ?
amsterdam.nl.socks.nordhold.net
atlanta.us.socks.nordhold.net
dallas.us.socks.nordhold.net
dublin.ie.socks.nordhold.net
ie.socks.nordhold.net
los-angeles.us.socks.nordhold.net
nl.socks.nordhold.net
se.socks.nordhold.net
stockholm.se.socks.nordhold.net
us.socks.nordhold.net
Port is 1080
your username is manually setup credentials and passwords too.
Dont try to use ur login data for it because it will never work.
Try with closing the connection.
I am trying to get the IP address of the requesting computer on my server. I can successfully get the IP-address from request header if the request came from a web browser. The code example below. However, I cannot fetch the client IP, if I send the request via curl/postman. I checked the nginx log, and I found there is a log of my public IP when I sent a curl request. How can I achieve this?
PS: I am using the Sanic Framework.
client_ip = request.headers.get('x-real-ip')
In sanic's docs for Request Data:
ip (str) - IP address of the requester.
Therefore, just use
client_ip = request.ip
I am trying to connect to the Visa Direct API, but i am not passing the basic SSL certificate authetification, here is my code:
import requests
headers = { 'Content-Type' : 'Application/json' }
url = 'https://sandbox.visa.com/rsrv_vpp/v1/acnl'
payload = {"SystemsTraceAuditNumber":565690,
"RetrievalReferenceNumber":"505012455690",
"AcquiringBin":409999,
"AcquirerCountryCode":"840",
"PrimaryAccountNumber":"4895070000008881"}
r = requests.post(url, data=json.dumps(payload),
cert =('/etc/ssl/certs/sandbox_cert.pem'), headers=headers,
auth=('370df57a-a8aa-4446-a23e-44a0ef06ea09',
'6023e518-c36c-47a8-b16e-c8a5b3a941ef'))
Ass you can see i am using request and passing the cert argument along with the API user and password info but i keep getting the error:
requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I get a SSL error when I try to open https://sandbox.visa.com/rsrv_vpp/v1/acnl in Google Chrome.
The Visa Docs say
SSL Server Authentication
The SSL server certificate installed on sandbox.visa.com servers is a
Visa issued self-signed certificate. Client applications need to add
the sandbox.visa.com SSL certificate to their local trust store to
prevent SSL Handshake errors at runtime.
Ensure that your application that connects to the Visa Direct API is
configured (or built) to use the trusted certificate store as a trust
store, and not a key store.
Verify that the application is configured to use the right password
associated with the trust store file.
It looks like you need to do do some SSL Authentication before you can connect to Visa.
I'm trying to run a project which holds data in web2py server and web2py based client shows the visualization. When running both server and client , the chrome console on clinet side shows:
XMLHttpRequest cannot load http://127.0.0.1:8075/?format=json.
No 'Access-Control- Allow-Origin' header is present on the requested resource.
Origin 'http://127.0.0.1:8080' is therefore not allowed access. (index):1
[ERROR] Cannot connect to data server: http://127.0.0.1:8075?format=json
I'm running above with web2py2.9.5 on linux.
It looks like your web2py client page is served on port 8080 but is then making an Ajax request to port 8075, which violates the same origin policy enforced by web browsers.
If you can't serve both from the same origin, you can get around this by using JSONP or by setting up CORS.