It’s pretty straightforward, using jdk6 at least… bash$ keytool -keystore foo.jks -genkeypair -alias foo \ -dname ‘CN=foo.example.com,L=Melbourne,ST=Victoria,C=AU’ Enter keystore password: Re-enter new password: Enter key password for (RETURN if same as keystore password): bash$ keytool -keystore foo.jks -exportcert -alias foo | \ openssl x509 -inform der -text Enter keystore password: asdasd Certificate: Data: Version: 3 … Read more
You can disable SSL certificate checking by adding one or more of these command line parameters: -Dmaven.wagon.http.ssl.insecure=true – enable use of relaxed SSL check for user generated certificates. -Dmaven.wagon.http.ssl.allowall=true – enable match of the server’s X.509 certificate with hostname. If disabled, a browser like check will be used. -Dmaven.wagon.http.ssl.ignore.validity.dates=true – ignore issues with certificate dates. … Read more
Note: I wrote my original answer very hastily, but since then, this has turned into a fairly popular question/answer, so I have expanded it a bit and made it more precise. TLS Capabilities “SSL” is the name that is most often used to refer to this protocol, but SSL specifically refers to the proprietary protocol … Read more
A wildcard SSL certificate for *.example.net will match sub.example.net but not sub.sub.example.net. From RFC 2818: Matching is performed using the matching rules specified by RFC2459. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered … Read more
The handshake failure could have occurred due to various reasons: Incompatible cipher suites in use by the client and the server. This would require the client to use (or enable) a cipher suite that is supported by the server. Incompatible versions of SSL in use (the server might accept only TLS v1, while the client … Read more
Windows 10 users: Repair is only in the Control Panel, not in the Add Remove programs app. I typically run appwiz.cpl to launch the old control panel applet and run repair from there. Windows 7 and 8.1: After going to Add/Remove Programs and choosing the “Repair” option on IIS Express, the certificate has been reinstalled … Read more
This could happen if you are not running the command prompt in administrator mode. If you are using windows 7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click … Read more
The answers above were partial. I’ve spent so much time getting this working, it’s insane. Note to my future self, here is what you need to do: I’m working on Windows 10, with Chrome 65. Firefox is behaving nicely – just confirm localhost as a security exception and it will work. Chrome doesn’t: Step 1. … Read more
Upgrade pip as follows: curl https://bootstrap.pypa.io/get-pip.py | python Note: You may need to use sudo python above if not in a virtual environment. (Note that upgrading pip using pip i.e pip install –upgrade pip will also not upgrade it correctly. It’s just a chicken-and-egg issue. pip won’t work unless using TLS >= 1.2.) As mentioned … Read more
On Windows the easiest way is to use the program portecle. Download and install portecle. First make 100% sure you know which JRE or JDK is being used to run your program. On a 64 bit Windows 7 there could be quite a few JREs. Process Explorer can help you with this or you can … Read more