Where to get a certificate?

MartinMKD · 4 July 2018 06:21

Very true. I almost suggested self-signed but I figured (probably incorrectly) that’s not what he wants. That’s easiest for testing tho. And even if you bought one, a non-wildcard cert can be gotten now for like $10/year.

lemon · 10 January 2019 04:21

I encounter the same problem.

I use cardano ca certificate to sign my client and server certificate, then replace these certificates in the state-wallet-testnet/tls/client(server).

I test the client.pem valid on my local mac. But got “The Local Security Authority cannot be contacted” on my windows 10.

The server.crt:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10407386161665786073 (0x906e7692c667c0d9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Input Output HK, CN=Cardano SL Self-Signed Root CA
Validity
Not Before: Jan 10 03:39:07 2019 GMT
Not After : May 24 03:39:07 2020 GMT
Subject: C=US, ST=CA, L=Budapest, O=Input Output HK, Inc., CN=Cardano SL Server Node
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9a:b7:b3:e5:0c:cf:a0:a7:c2:7f:62:06:36:34:
eb:8d:72:6e:6e:cf:4f:80:5b:c0:eb:6d:01:99:c7:
88:24:5d:18:d5:c1:cf:4e:b8:e4:5c:76:e0:25:8b:
75:62:9b:34:84:b6:00:20:f2:78:d4:8d:c1:f5:d2:
19:0b:68:d7:dc:24:7f:32:e4:57:34:2b:10:4f:f9:
b2:46:56:3c:3f:64:9a:f0:cc:56:0f:7a:78:6c:c7:
fd:4a:12:44:8f:c0:39:75:5a:fd:ea:9b:7f:4f:54:
82:93:c8:6b:99:a2:fc:4a:bf:fb:83:78:bc:60:6f:
ba:8f:ae:98:b6:02:a7:f1:f5:70:50:72:07:5f:77:
79:41:f4:25:47:6c:97:c8:84:df:45:e0:2b:e4:5b:
4c:cf:ad:fd:ac:af:41:3b:d7:29:52:bc:55:40:f6:
93:f5:51:d6:ac:0f:1c:fc:1c:df:44:68:63:5e:5c:
9d:64:10:c7:96:44:50:45:cc:37:5a:1a:b6:81:f7:
c5:1d:f5:5b:f3:24:8e:86:9d:0c:1b:e9:b2:ab:3e:
a8:3f:b9:0f:ba:da:30:57:96:57:93:65:5d:c1:35:
d1:6d:de:bb:a9:71:af:d7:69:f0:16:9a:ae:7b:45:
97:0e:94:c8:64:75:00:02:8e:f7:33:4e:56:32:35:
06:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:172.18.0.111, DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
a8:6e:f7:61:d7:7d:af:4c:85:30:1d:60:ea:e6:f2:76:6e:08:
01:da:36:49:83:f8:d5:8a:45:50:e5:bb:0a:40:fa:c7:d9:68:
7f:25:46:29:61:37:5b:0e:35:ce:5f:d1:18:58:12:f2:33:fe:
21:ef:e0:13:03:df:4c:fe:6d:b9:bd:92:ec:40:58:c0:81:63:
3b:8b:b1:ac:cd:43:76:66:2e:e2:be:b4:1d:cd:60:bd:20:5f:
9c:a1:7e:aa:af:7d:eb:88:13:b4:e4:67:09:e3:80:2f:ce:b8:
25:f7:9d:5a:af:60:19:40:d5:92:ec:99:1a:3b:66:ba:7f:e9:
d5:e1:1a:85:44:92:e1:ae:09:1e:d7:23:14:19:e9:37:e8:63:
db:1f:9e:83:1b:a9:3e:73:10:67:5d:54:80:77:e9:83:ad:1d:
88:bb:a3:42:cf:29:60:e9:07:81:cd:40:a5:d3:f2:7e:f3:1b:
57:b5:5a:75:2e:94:4a:73:3d:68:ed:ab:a2:2c:d2:d6:0e:e4:
73:b8:38:6c:5a:43:2f:14:e9:6c:9f:07:3d:ae:f6:f5:14:55:
e0:dd:31:29:a4:3f:87:cd:80:82:9d:6b:a8:74:c0:0a:8a:3c:
3d:d0:b3:13:80:ad:99:34:ad:24:bf:34:5d:ec:47:31:3f:c9:
dd:cb:29:3d
-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIJAJBudpLGZ8DZMA0GCSqGSIb3DQEBCwUAMEMxGDAWBgNV
BAoMD0lucHV0IE91dHB1dCBISzEnMCUGA1UEAwweQ2FyZGFubyBTTCBTZWxmLVNp
Z25lZCBSb290IENBMB4XDTE5MDExMDAzMzkwN1oXDTIwMDUyNDAzMzkwN1owbjEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhCdWRhcGVzdDEeMBwG
A1UECgwVSW5wdXQgT3V0cHV0IEhLLCBJbmMuMR8wHQYDVQQDDBZDYXJkYW5vIFNM
IFNlcnZlciBOb2RlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrez
5QzPoKfCf2IGNjTrjXJubs9PgFvA620BmceIJF0Y1cHPTrjkXHbgJYt1Yps0hLYA
IPJ41I3B9dIZC2jX3CR/MuRXNCsQT/myRlY8P2Sa8MxWD3p4bMf9ShJEj8A5dVr9
6pt/T1SCk8hrmaL8Sr/7g3i8YG+6j66YtgKn8fVwUHIHX3d5QfQlR2yXyITfReAr
5FtMz639rK9BO9cpUrxVQPaT9VHWrA8c/BzfRGhjXlydZBDHlkRQRcw3Whq2gffF
HfVb8ySOhp0MG+myqz6oP7kPutowV5ZXk2VdwTXRbd67qXGv12nwFpque0WXDpTI
ZHUAAo73M05WMjUGmwIDAQABox4wHDAaBgNVHREEEzARhwSsEgBvgglsb2NhbGhv
c3QwDQYJKoZIhvcNAQELBQADggEBAKhu92HXfa9MhTAdYOrm8nZuCAHaNkmD+NWK
RVDluwpA+sfZaH8lRilhN1sONc5f0RhYEvIz/iHv4BMD30z+bbm9kuxAWMCBYzuL
sazNQ3ZmLuK+tB3NYL0gX5yhfqqvfeuIE7TkZwnjgC/OuCX3nVqvYBlA1ZLsmRo7
Zrp/6dXhGoVEkuGuCR7XIxQZ6TfoY9sfnoMbqT5zEGddVIB36YOtHYi7o0LPKWDp
B4HNQKXT8n7zG1e1WnUulEpzPWjtq6Is0tYO5HO4OGxaQy8U6WyfBz2u9vUUVeDd
MSmkP4fNgIKda6h0wAqKPD3QsxOArZk0rSS/NF3sRzE/yd3LKT0=
-----END CERTIFICATE-----

And the client.crt:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10407386161665786074 (0x906e7692c667c0da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Input Output HK, CN=Cardano SL Self-Signed Root CA
Validity
Not Before: Jan 10 03:42:04 2019 GMT
Not After : May 24 03:42:04 2020 GMT
Subject: C=US, ST=CA, L=Budapest, O=Input Output HK, Inc., CN=Daedalus Wallet
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:1a:19:11:af:88:14:50:b6:34:fd:5b:70:48:
fd:4f:3e:0b:21:6c:c6:54:2f:28:31:97:3b:10:a8:
f3:2a:9d:3c:ec:d3:37:f9:7a:74:b0:bc:a1:23:59:
5c:38:24:fd:0a:b4:c3:f1:e5:06:f6:df:8c:8e:3c:
4b:17:7a:79:ff:5c:a6:26:60:1f:2a:dd:ce:2d:ce:
e9:2e:00:7e:0f:55:d9:0e:ab:99:10:bb:90:f9:f0:
20:8c:01:9f:f2:a3:28:6c:99:8c:b7:98:1e:35:f5:
23:d2:0f:31:cd:eb:46:57:00:90:bb:f3:1b:0e:f9:
cf:f8:ba:0a:ce:c9:be:48:67:7f:ae:9a:f0:28:61:
b2:f7:35:d9:39:52:7b:13:2d:31:87:2b:55:13:9c:
07:f7:75:11:e0:fc:9c:11:5a:39:2c:6d:88:c4:48:
80:ea:1f:e9:79:7c:8f:a5:28:d1:9c:c5:29:c5:fd:
9d:f6:ca:86:68:95:d6:29:b7:6f:d3:1f:ac:ac:db:
87:b0:01:d4:0d:6f:ab:ad:13:87:bb:00:5d:a1:2b:
5b:73:d3:48:f7:07:53:2b:37:7b:64:77:fa:5a:16:
5a:45:d7:80:fd:e7:19:18:ad:ea:e6:6e:98:68:70:
21:a8:16:03:f7:88:7b:c7:1d:5d:a1:f3:ff:ad:97:
ac:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:172.18.1.218, DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
14:f5:29:44:85:6f:e7:5e:f4:a3:89:b7:fb:99:4e:3d:05:71:
8d:a1:e5:ef:b1:b6:1c:12:4b:31:ad:81:2c:3f:fa:a3:d5:ec:
7f:87:24:bf:dd:64:41:a8:f8:82:ad:3a:87:23:61:82:c2:d7:
98:d6:e5:a8:18:c6:1d:5a:93:06:88:8e:f9:7e:05:16:b7:5b:
ff:fe:cb:e4:47:3c:95:8f:d4:6d:09:53:e3:19:0c:64:22:c1:
66:80:88:8f:38:b6:52:08:d2:c4:50:52:75:8e:bb:a1:4a:57:
88:4b:a0:f2:b8:c2:10:3e:5e:af:6b:fb:09:18:8c:4e:b2:3f:
76:1a:9c:01:ce:86:4a:bb:73:4d:14:a6:90:91:48:dc:67:14:
ec:56:d8:e1:49:b4:f1:97:28:78:6b:84:06:c2:44:6e:41:ad:
95:3e:47:bd:15:a3:a6:fb:f6:34:e0:28:02:09:50:16:3e:3a:
f8:54:05:44:ae:02:83:9d:90:31:9f:28:3f:fd:f3:6e:5b:a6:
d6:67:94:56:99:ef:0c:fe:27:87:e1:9c:a1:ec:96:65:b4:d2:
1f:0b:f2:cd:3a:86:ee:c6:9f:67:33:64:93:93:af:07:8e:de:
c6:86:69:83:b6:93:00:40:95:ca:03:e2:0b:af:be:4e:da:ca:
63:a9:9b:e4
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIJAJBudpLGZ8DaMA0GCSqGSIb3DQEBCwUAMEMxGDAWBgNV
BAoMD0lucHV0IE91dHB1dCBISzEnMCUGA1UEAwweQ2FyZGFubyBTTCBTZWxmLVNp
Z25lZCBSb290IENBMB4XDTE5MDExMDAzNDIwNFoXDTIwMDUyNDAzNDIwNFowZzEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhCdWRhcGVzdDEeMBwG
A1UECgwVSW5wdXQgT3V0cHV0IEhLLCBJbmMuMRgwFgYDVQQDDA9EYWVkYWx1cyBX
YWxsZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDGhkRr4gUULY0
/VtwSP1PPgshbMZULygxlzsQqPMqnTzs0zf5enSwvKEjWVw4JP0KtMPx5Qb234yO
PEsXenn/XKYmYB8q3c4tzukuAH4PVdkOq5kQu5D58CCMAZ/yoyhsmYy3mB419SPS
DzHN60ZXAJC78xsO+c/4ugrOyb5IZ3+umvAoYbL3Ndk5UnsTLTGHK1UTnAf3dRHg
/JwRWjksbYjESIDqH+l5fI+lKNGcxSnF/Z32yoZoldYpt2/TH6ys24ewAdQNb6ut
E4e7AF2hK1tz00j3B1MrN3tkd/paFlpF14D95xkYrermbphocCGoFgP3iHvHHV2h
8/+tl6zhAgMBAAGjHjAcMBoGA1UdEQQTMBGHBKwSAdqCCWxvY2FsaG9zdDANBgkq
hkiG9w0BAQsFAAOCAQEAFPUpRIVv5170o4m3+5lOPQVxjaHl77G2HBJLMa2BLD/6
o9Xsf4ckv91kQaj4gq06hyNhgsLXmNblqBjGHVqTBoiO+X4FFrdb//7L5Ec8lY/U
bQlT4xkMZCLBZoCIjzi2UgjSxFBSdY67oUpXiEug8rjCED5er2v7CRiMTrI/dhqc
Ac6GSrtzTRSmkJFI3GcU7FbY4Um08ZcoeGuEBsJEbkGtlT5HvRWjpvv2NOAoAglQ
Fj46+FQFRK4Cg52QMZ8oP/3zblum1meUVpnvDP4nh+GcoeyWZbTSHwvyzTqG7saf
ZzNkk5OvB47exoZpg7aTAECVygPiC6++TtrKY6mb5A==
-----END CERTIFICATE-----

Wallet is running on 172.18.0.111, and client is running on 172.18.1.218.

Why I still got error? Is there any mistakes in the certifiates? Thanks in advance.

hayamoto_jr · 10 January 2019 06:50

Try importing the cert of the custom root key that you used to sign client.pem and server.pem, to the Windows trusted root cert store.

lemon · 10 January 2019 11:27

Yes, I did that. Still get the same error.

Topic		Replies	Views
localhost certificates Community Technical Support	1	447	22 August 2018
SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Operate a Stake Pool	16	5564	19 November 2021
Create a Pool on AWS Setup a Stake Pool	10	663	4 October 2022
Cardano Wallet API v1 Beta (who has experience with this?) Developers	4	1476	18 March 2018
Server Certificate Verification Failed Developers	11	2686	1 May 2018

Where to get a certificate?

Related Topics