跳到主要內容

ELK - client 憑證無法建立連線

作者:

 http 開啟TLS,使用 PKI 驗證 client 憑證





xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.client_authentication: optional
xpack.security.authc.realms.pki.realm1.order: 1

發現一直出現錯誤訊息,CA憑證是信任的但是還是建立連線失敗?
太詭異了!

[2022-01-21T16:51:33,810][WARN ][o.e.c.s.DiagnosticTrustManager] [ES01] failed to establish trust with client at [<unknown host>]; the client provided a certificate with subject name [CN=ES01,DC=TW] and fingerprint [d33df0ef4c412115585e3f90dfdbccc696044232]; the certificate is issued by [CN=ROOT CA,DC=TW]; the certificate is signed by (subject [CN=ROOT CA,DC=TW] fingerprint [2b2f8bc39a8a84d640b3cf6cdbe659316ffe1e97] {trusted issuer}) which is self-issued; the [CN=ROOT CA,DC=TW] certificate is trusted in this ssl context ([xpack.security.http.ssl])

錯誤訊息往下看

Extended key usage does not permit use for TLS client authentication

原來使用工具產生的憑證,extKeyUsage 都會包含 clientAuth 與 serverAuth
而我剛剛好是用公司的CA產出,少了clientAuth,難怪驗不過去!!
參考

  keyUsage :
    digitalSignature,keyEncipherment
  1.3.6.1.4.1.311.21.7 :
  extKeyUsage :
    serverAuth
  1.3.6.1.4.1.311.21.10 :

留言

張貼留言

這個網誌中的熱門文章

小蟻智慧攝影機支援RTSP

作者:
來源: http://en.miui.com/thread-196713-1-1.html 小蟻智慧攝影機版本: 1.8.5.1l_201511061661(台灣版) 下載檔案 https://drive.google.com/file/d/0ByjBix7wpeJJY0ZWZXlvWl9Za1E/view?usp=sharing 把攝影機SD卡拿讀卡機讀取 把壓縮檔內的test資料夾放進SD根目錄 插回SD卡至攝影機 重開 攝影機會呈現橘燈並執行更新 等恢復至藍燈或是用app確認攝影機開啟 用VLC或相關程式讀取串流 Main stream:rtsp:// <CameraIP> :554/ch0_0.h264 Minor stream:rtsp:// <CameraIP> :554/ch0_1.h264 Audio stream:rtsp:// <CameraIP> :554/ch0_3.h264 Telnet與FTP開啟加上 # Telnet if [ ! -f "/etc/init.d/S88telnet" ]; then     echo "#!/bin/sh" > /etc/init.d/S88telnet     echo "telnetd &" >> /etc/init.d/S88telnet     chmod 755 /etc/init.d/S88telnet fi # FTP echo "#!/bin/sh" > /etc/init.d/S89ftp echo "tcpsvd -vE 0.0.0.0 21 ftpd -w / &" >> /etc/init.d/S89ftp chmod 755 /etc/init.d/S89ftp User:  root Password:  1234qwer 使用passwd改密碼 參考: http://en.miui.com/thread-224653-1-1.html
3 則留言
閱讀完整內容

Ollama AMD GPU 支援

作者:
AMD Radeon RX 6300(gfx1034)為例 本次為官方不支援 LLVM Target 參考 ollama-for-amd 安裝ROCmLibs for HIP SDK 6.1.2 AMD HIP SDK for Windows 官方支援GPU 下載ollama https://github.com/likelovewant/ollama-for-amd/releases 執行Ollama 於資料夾執行ollama: ollama serve AMD Radeon RX 6300 為gfx1034 LLVM Target 回應不支援GPU: msg="amdgpu is not supported (supported types:[gfx1030 gfx1100 gfx1101 gfx1102 gfx906])" gpu_type=gfx1034 gpu=0 library="C:\\Program Files\\AMD\\ROCm\\6.1\\bin" 下載gfx1034 ROCm https://github.com/likelovewant/ROCmLibs-for-gfx1103-AMD780M-APU/releases/tag/v0.6.1.2 將rocblas.dll及library 備份後刪除 C:\Program Files\AMD\ROCm\6.1\bin\rocblas.dll C:\Program Files\AMD\ROCm\6.1\bin\rocblas\library 將下載後的gfx1034 ROCm解壓後放置於 C:\Program Files\AMD\ROCm\6.1\bin\rocblas.dll C:\Program Files\AMD\ROCm\6.1\bin\rocblas\library 重新執行 執行ollama: ollama serve 本次已找到適應版本 msg="inference compute" id=0 library=rocm variant="" compute=gfx1034 driver=6.1 name="AMD R
張貼留言
閱讀完整內容