cert-sync | Dynamic provision for istio ingressgateway certificates | TLS library

by dunjut Go Version: Current License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | cert-sync Summary

cert-sync is a Go library typically used in Security, TLS applications. cert-sync has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

Dynamic provision for istio ingressgateway certificates.

Support

Quality

Security

License

Reuse

Support

cert-sync has a low active ecosystem.

It has 23 star(s) with 3 fork(s). There are 2 watchers for this library.

It had no major release in the last 6 months.

There are 0 open issues and 1 have been closed. On average issues are closed in 14 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of cert-sync is current.

Quality

cert-sync has 0 bugs and 0 code smells.

Security

cert-sync has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

cert-sync code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

cert-sync is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

cert-sync releases are not available. You will need to build from source code and install.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed cert-sync and discovered the below as its top functions. This is intended to give you an instant insight into cert-sync implemented functionality, and help decide if they suit your requirements.

haveConcernedUpdate returns true if the two secrets have changed .
Run starts the agent
init is responsible for registering the command line flags
ensureFileData checks if file exists and if it does not exist .
validateCertificateDir validates a certificate dir .
setupSignalHandler returns a stop signal handler .
validateThreadiness validates threadiness
ensureCertificateDir ensures the directory exists .
initializeKubeClient initializes a Kubernetes client
Main entry point .

Get all kandi verified functions for this library.

cert-sync Key Features

No Key Features are available at this moment for cert-sync.

cert-sync Examples and Code Snippets

No Code Snippets are available at this moment for cert-sync.

Community Discussions

Trending Discussions on cert-sync

Trust issue while sending a post to my API since DST Root CA X3 Expiration

QUESTION

Trust issue while sending a post to my API since DST Root CA X3 Expiration

Asked 2021-Oct-01 at 15:05

I have a C# api running on a aws S3 with ubuntu. This API is use by a website, a windows application and a xamarin app deployed on Samsung android devices.

Since today 16:00 (paris time), the android part is not working anymore, I have a "trust issue". Clearly it seems to be related with DST Root CA X3 Expiration (No release on my side and the timing is perfect).

But I don't understand why...

SSL certificate

I checked my SSL certificate and regarding let'sencrypt forums, I have one of the path base on "ISRG Root X1". The second one is base on "DST Root CA X3" (expired). I renew them anyway to be sure, but still the same certificate path. (and no problem for chrome to contact them).

Internet with https is working

I can reach internet with a webview inside the app (to my website in https)

Can't connect using restsharp

When I use RestSharp to contact my server, I have the trust issue.

My android devices are all the same: Samsung A7 tab, half up to date, the other half was update in august, all of them with Android 11. So theorically they are "not concerned" with this certificate expiration.

Can the problem come from Xamarin or RestSharp ? Maybe my server certificate ?

EDIT Ok half resolved.... If I go to the "Trusted Root Certificates folder" in my android device (don't know the exact name), If I disable the "Digital Signature Trust Co. - DST Root CA X3", it's working again !

Not a "real solution" since I need to update something like 150 devices... 2 options in my mind

Can I force RestSharp to use a certificate more than another ?
Is it just because Android know the expiration date is 30/09 and still use it because we are still the 30/09 and everythin will work Tomorow ?

EDIT 2 resolved.

Thx to all of you, sorry I should have been able to validate this answer before some post, but stackoverflow was on readonly mode this night and I fall asleep after that.

What I did (not sure if all step are mandatory).

1/ I updated the certbot since mine was < 1 (check with certbot --version)

...

ANSWER

Answered 2021-Sep-30 at 21:09

We’ve had similar issues today, unfortunately we were using older Amazon Linux on elasticbeanstalks. Upgrading to the latest Ubuntu build in your case should fix your issues.

The issue we had was the Amazon Linux version trusted certificate service was always adding the expired root certificate.

The reason restsharp is having problems is probably because it’s trying to do something like a curl request behind the scenes and is doing a handshake to verify the validity of the ssl cert when sending a request. The way it does this is checks it against certs that are trusted on the server, which includes the expired certificate.

See here for Ubuntu builds that have the latest certs upgrade https://ubuntu.com/security/notices/USN-5089-1

Source https://stackoverflow.com/questions/69397845

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install cert-sync

You can download it from GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: