Trying to configure TLS on my MSSQL connections following this article: https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-encrypted-connections?view=sql-server-2017
The server-side configuration seems pretty straight-forward with minor differences in the container environment (e.g. systemctl doesn't exist so I kill/respawn pod):
systemctl stop mssql-server
cat /var/opt/mssql/mssql.conf
/opt/mssql/bin/mssql-conf set network.tlscert /var/opt/mssql/ssl/mssql.pem
/opt/mssql/bin/mssql-conf set network.tlskey /var/opt/mssql/ssl/mssqlprivkey.key
/opt/mssql/bin/mssql-conf set network.tlsprotocols 1.2
/opt/mssql/bin/mssql-conf set network.forceencryption 0
systemctl start mssql-server
So I took my PFX from my Windows CA and extracted the key and the client cert to key and pem files, added them to the location for persistent storage (/var/opt), ran the commands (seen above) and sql came back up.
I installed mssql-tools on a different machine and configured it in the trust-anchors to trust my CA.
However, when trying to test the connection (sqlcmd -N -S tcp:1.1.1.1,1433 -U user -P password), I get the error: SSL Provider: [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:subject name does not match host name]
When I change the connection string to the DNS name, it works (sqlcmd -N -S tcp:mssql.mydomain.com,1433 -U user -P password) -- even though the IP address is listed as a subject alternative name on the cert.
Why are secure connections not working using the IP? What am I missing?
Different TLS client tools differently handle IP Address Subject Alternative Name type. Most Microsoft tools ignore iPAddress name type completely and require IP addresses to be listed as dNSName name type. Try to add IP Address to SAN extension as dNSName name type, it should work.
I have a lab environment where I can do various operations(GET, PUT, DELETE etc).
I do these in Postman using a URL similar to:
http://1.2.3.4:8338/accounts
This returns JASON containing account information.
I can also get this information with the following curl statement:
curl https://1.2.3.4:8338/accounts -u admin:Jpassword
I now want to do it in a remore environmnet that I have to access through a jump server. I previously did something similar. I used SSH Tunnel Manager to create the connection. This is what it looked like. 1.1.1.1 is the jump server IP and 1.2.3.4 is the server I'm looking to connect to.
ssh -N -p 22 username#1.1.1.1 -o StrictHostKeyChecking=no -L 1.1.1.1:8080:1.2.3.4:443
I can then access through postman or my browser using the following URL:
https://127.0.0.1:8080/
I want to do the same with except I must specify port 8338. If I follow the same steps but use port 8338 instead of 8080 I get a 403 response when I try my url. If I change port 443 to 8338 I also get also get a 403.
I was wondering if this is likely to be an authentication issue or something I'm doing wrong with my tunnel.
Found the answer.
My problem was that I was using a wrong port. I should have had port 8338 instead of 443.
ssh -N -p 22 username#1.1.1.1 -o StrictHostKeyChecking=no -L 1.1.1.1:8080:1.2.3.4:8338
Now I can connect with this URL:
http://1.2.3.4:8080/accounts
The first thing i did in my odoo was created two databases, later i want to remove the port ip:8069 from the url so i do:
Go to terminal open rc.local file. rc.local file reside in etc folder.
sudo gedit /etc/rc.local
Paste this command on rc.local file and save
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8069
Reboot Ubuntu, to see effect
sudo reboot
the result is that i can acces without put the port in the URL, but it send me to the page to create a database, not to the selection.
I think i must configure something in the databases created but i don't know what.
Can anyone help me?
thanks for any help you can offer.
To change the port of an Openerp server, you have to make the change in config.py file. Which is located at
your-openerp-server/openerp/tools/config.py
and change the port in the below my_default attribute
group.add_option("--xmlrpc-port", dest="xmlrpc_port", my_default=8069,
help="specify the TCP port for the XML-RPC protocol", type="int")
and restart the server.
I have just installed Apache 2.2.17, and I am using it for the first time.
Now when I try to start the server using the command service httpd start it gives me the message:
httpd: Could not reliably determine the server's fully qualified domain name, using ::1 for ServerName
Now I think I have to set ServerName and the IP address as I search through Google. But I don't know in which file I have to set.
How can I fix this problem?
sudo vim /etc/apache2/httpd.conf
Insert the following line at the httpd.conf: ServerName localhost
Just restart the Apache: sudo /etc/init.d/apache2 restart
Yes, you should set ServerName:
http://wiki.apache.org/httpd/CouldNotDetermineServerName
http://httpd.apache.org/docs/current/mod/core.html#servername
You can find information on the layouts used by the various httpd distributions here:
http://wiki.apache.org/httpd/DistrosDefaultLayout
In your case the file to edit is /etc/httpd/conf/httpd.conf
I was NOT getting the ServerName wrong. Inside your VirtualHost configuration that is causing this warning message, it is the generic one near the top of your httpd.conf which is by default commented out.
Change
#ServerName www.example.com:80
to:
ServerName 127.0.0.1:80
Under Debian Squeeze;
Edit Apache2 conf file : vim /etc/apache2/apache2.conf
Insert the following line at the apache2.conf: ServerName localhost
Restart Apache2: apache2ctl restart or /etc/init.d/apache2 restart
Should work fine (it did solve the problem in my case)
tks noodl for the link on the different layouts. :)
sudo nano /etc/apache2/httpd.conf
search for a text ServerName in nano editor <Ctrl + W>
Insert the following line at the httpd.conf: ServerName localhost
Just restart the Apache: sudo /usr/sbin/apachectl restart
Another option is to ensure that the full qualified host name (FQDN) is listed in /etc/hosts.
This worked for me on Ubuntu v11.10 without having to change the default Apache configuration.
" To solve this problem You need set ServerName.
1: $ vim /etc/apache2/conf.d/name
For example set add ServerName localhost or any other name:
2: ServerName localhost
Restart Apache 2
3: $ service apache restart
For this example I use Ubuntu 11.10.1.125"
FQDN means the resolved name over DNS. It should be like "server-name.search-domain".
The warning you get just provides a notice that httpd can not find a FQDN, so it might not work right to handle a name-based virtual host. So make sure the expected FQDN is registered in your DNS server, or manually add the entry in /etc/hosts which is prior to hitting DNS.
If you are using windows there is something different sort of situation
First open c:/apache24/conf/httpd.conf.
The Apache folder is enough not specifically above path
After that you have to configure httpd.conf file.
Just after few lines there is pattern like:
#Listen _____________:80
Listen 80
Here You have to change for the localhost.
You have to enter ipv4 address for that you can open localhost.
Refer this video link and after that just bit more.
Change your environment variables:
In which you have to enter path:
c:apache24/bin
and
same in the SYSTEM variables
If any query feel free to ask.
Two things seemed to do it for me:
Put all aliases for 127.0.0.1 in /etc/hosts in a single line (e.g. 127.0.0.1 localhost mysite.local myothersite.local
Set ServerName in my httpd.conf to 0.0.0.0 (localhost or 127.0.0.1 didn't work for me)
Editing /etc/hosts got rid of long response times and setting the ServerName got rid of OP's warning for me.
who are still couldnt resolve the problem and using mac then follow this
1.goto the root folder /
cd usr/local/etc/apache2/2.4
3.sudo nano httpd.conf
4.change #servername to ServerName 127.0.0.1:8080 press ctrl+o,+return+ctrl x
5.then restart the server apachectl restart
If you are using windows, remove comment on these lines and set them as:
Line 227 : ServerName 127.0.0.1:80
Line 235 : AllowOverride all
Line 236 : Require all granted
Worked for me!
Here's my two cents. Maybe it's useful for future readers.
I ran into this problem when using Apache within a Docker container. When I started a container from an image of the Apache webserver, this message appeared when I started it with docker run -it -p 80:80 my-apache-container.
However, after starting the container in detached mode, using docker run -d -p 80:80 my-apache-container, I was able to connect through the browser.
I am using ubuntu 22.04
I installed the apache2 at the location '/usr/local/apache2'
I just edited the '/usr/local/apache2/conf/httpd.conf' file.
run the following commands
cd /usr/local/apache2/conf
sudo nano httpd.conf
find this comment
#ServerName www.example.com:80, in my case it is at line 197
after that add this
ServerName localhost
don't modify anything else in this file!
Thank you!
I'm using Apache2, and when reloading/restarting the server I get this warning:
apache2: Could not reliably determine the server's fully qualified domain name, using (my FQDN) for ServerName
Everything works fine, but I'm trying to figure out what's causing the error. I'm grabbing the source to see if can find it, but since my C's not very good....
Some notes:
If I change the system hostname, Apache uses the new hostname
I have a ServerName set; it's the same as the hostname
I have a static, unique IP - dig (hostname) returns (my ip), dig -x (my ip) returns (hostname)
My hosts file is correct
Versions:
Apache/2.2.9
Linux 2.6.24-23-xen x86_64
Description: Debian GNU/Linux 5.0 (lenny)
Any ideas?
Are you sure you have a ServerName directive with the proper value - outside any <VirtualHost> blocks? (You also need a ServerName inside each <VirtualHost> block, of course)
When Apache gives out that error message, usually it means that it's not finding a ServerName for the server as a whole. If you do have that directive set properly, I can't imagine why Apache would still be complaining...
On Debian, the hostname is set at startup thanks to the script /etc/init.d/hostname.sh which uses the file /etc/hostname. We can use this file to update the computer hostname and its FQDN (fully qualified domain name).
If ServerName in your vhost is my-computer.my-domain.ext make sure to copy the exact name in /etc/hosts
Caution: in the /etc/hosts file, the hostname and FQDN order must be respected.
First the fqdn then the hostname and localhost at the end.
~$ echo "my-computer" > /etc/hostname
~$ echo "127.0.0.1 my-computer.my-domain.ext my-computer localhost" > /etc/hosts
~$ /etc/init.d/hostname.sh
You can check the change with the following lines:
~$ hostname
my-computer
~$ hostname --fqdn
my-computer.my-domain.ext
The old hostname may still be present in the command line prompt. Just logoff then login to make it disappear.
For further information about setting hostname and FQDN on debian (which also prevents the warning) check this: http://movealong.org/hostname.html