You might be missing an intermediate certificate in your cert file. If you have already visited another website which has the same certificate seller, the intermediate certificate is remembered in your browser. This might not – or even better – will not be the case with every visitor to your website. To solve a missing … Read more
I ran into this problem today. Due to the timeframe and some other issues, getting the key from the provider was not possible. I found the following solution here (under pixelloa’s comment) and thought it would be good to have the answer on Stack Overflow as well. If the certificate does not have a private … Read more
-Dcom.sun.net.ssl.checkRevocation=false
I have used the below code to override the SSL checking in my project and it worked for me. package com.beingjavaguys.testftp; import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; /** * Fix for Exception in thread “main” javax.net.ssl.SSLHandshakeException: * sun.security.validator.ValidatorException: PKIX … Read more
SSLCertificateChainFile was a correct option to choose but this directive became obsolete as of Apache 2.4.8. This directive caused the listed file to be sent along with the certificate to any clients that connect. SSLCACertificateFile (hereafter “CACert”) supersedes SSLCertificateChainFile (hereafter “Chain”), and additionally permits the use of the cert in question to sign client certificates. … Read more
copy your certificates inside /etc/pki/ca-trust/source/anchors/ then run the following command update-ca-trust
You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command: openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes Then, you can extract the expiration date from the certificate in the .pem file using the following command: cat certificate.pem | openssl x509 -noout -enddate
TLDR: Here is a better solution: https://github.com/gunthercox/ChatterBot/issues/930#issuecomment-322111087 Note that when you run nltk.download(), a window will pop up and let you select which packages to download (Download is not automatically started right away). To complement the accepted answer, the following is a complete list of directories that will be searched on Mac (not limited to … Read more
SSL certificates are bound to a ‘common name’, which is usually a fully qualified domain name but can be a wildcard name (eg. *.example.com) or even an IP address, but it usually isn’t. In your case, you are accessing your LDAP server by a hostname and it sounds like your two LDAP servers have different … Read more
Turns out, if you just want to disable certificate validation altogether, you can change the ServerCertificateValidationCallback on the ServicePointManager, like so: ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; This will validate all certificates (including invalid, expired or self-signed ones).