SSL certificate issues

In

Premiliminar steps

  • You will need a certificate file CertEmulationCA.crt
  • It will be useful to also have it as a .pem, so you can transfor it via:
    1
    openssl x509 -in CertEmulationCA.crt -out CertEmulationCA.pem -outform PEM

Fixes

Python

  • pip

    • Unconfortabe option since you need to do it on every action

      • Work with SSL disabled

        1
        2
        pip install --trusted-host pypi.org \
            --trusted-host files.pythonhosted.org pip boto3

      • Add the certiticate on every call

        1
        2
        3
        4
        5
        python config --set ssl_verify \
          "%USERPROFILE%\.aws\CertEmulationCA.crt"

        pip --proxy http://proxy.threatpulse.net:8080 \
            --cert="%USERPROFILE%\.aws\CertEmulationCA.crt" install moto

    • Permanent option by adding the certificate to the profile variable

      1
      pip config set global.cert "%USERPROFILE%\.aws\CertEmulationCA.crt"

  • requests

    • Permanent option by adding the certificate to the profile variable 
      1
      SETX REQUESTS_CA_BUNDLE "%USERPROFILE%\.aws\CertEmulationCA.pem"

AWS-CLI

  • Work with SSL disabled

    • On CLI
      1
      aws --no-verify-ssl s3 ls
    • On boto3: while you are runnnig it on your computer, you must deactivate the SSL on the client (don’t forget to remove this “disable flags” before uploading the code somewhere else)
      1
      2
      3
      4
      session = boto3.session.Session(profile_name=profile_name)
      rds_client = session.client("rds", verify=False, use_ssl=False)
      cloudwatch_client = session.client(
          "cloudwatch", verify=False, use_ssl=False)

  • Add certiticate manually

    • Add environment variable
      1
      2
      # add as environment variable and reboot
      SETX AWS_CA_BUNDLE "%USERPROFILE%\.aws\CertEmulationCA.pem"

Git

  • Option 1: Generate a virtual certificate variable

    1
    git config --global http.sslCAInfo %USERPROFILE%/.aws/CertEmulationCA.crt

  • Option 2: You may also add it directly to the .gitconfig file

    1
    2
    [http]
    	sslCAInfo = %USERPROFILE%/.aws/CertEmulationCA.crt

Manual fix for Postman

  • The .crt file doesn’t work properly, so you will need a .pem version of it.
  1. Transform the .cert file into a .pem 
    1
    2
    # convert crt to pem
    openssl x509 -in CertEmulationCA.crt -out CertEmulationCA.pem -outform PEM
  2. Go to settings, certificates, and set the CA certificates flag as ON
  3. Add the .pem file

Extra: CMD variable

  • Add variable for Terminus
    1
    SETX CMDER_ROOT "%USERPROFILE%\Dev\Apps\cmder"