Scan your WordPress code to turn off SSL Check, if you are behind a Firewall that re-writes the certs.
Searching for: sslverify
wp-includes\class-http.php(230): 'sslverify' => true
Git Cert Error
Use the following to accept a self-signed certificate:
$ git config --global http.sslVerify false
Refer: https://confluence.atlassian.com/fishkb/unable-to-clone-git-repository-due-to-self-signed-certificate-376838977.html
Maven work around to ignore all certs
Maven workaround to ignore all certs:
$ mvn install -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true
Installing Certificates on Mac
From: "Fnu, Preeti (HA Group)" <PFnu@HollandAmericaGroup.com>
Subject: Re: Lingering cert issues - causing work stoppage
Date: May 5, 2017 at 1:33:50 PM PDT
These steps worked for me on Mac. Below are the steps
# Copy the certificate into the directory Java_home\Jre\Lib\Security
# Change your directory to Java_home\Jre\Lib\Security>
# Import the certificate to a trust store.
$ keytool -import -alias comodoaddtrustexternalcaroot -file COMODOAddTrustExternalCARoot.cer -keystore cacerts -storepass changeit
$ keytool -import -alias comodorsacertauthority -file COMODORSACertAuthority.cer -keystore cacerts -storepass changeit
$ keytool -import -alias addtrustexternalca -file AddTrustExternalCARoot.cer -keystore cacerts -storepass changeit
Update POLAR Certs
Every 1 to 3 years we are issued new POLAR certificates that need installed on our servers to allow us to connect to HTTPS on our servers. This is a security feature where the servers need to have their target certificates installed.
Use the following attachment [ update-polar-certs ] [ developers-vm-polar-cert-update ] to allow you to copy-n-paste the commands, also this was for the batch server which is on Java 1.6.
Go to halprdjobs02.hq.halw.com and run the following commands as root:
$ cd /usr/java/jdk1.6.0_45/jre/lib/security
$ /usr/java/jdk1.6.0_45/bin/keytool -v -import -trustcacerts -alias pcl_rsa -keystore /usr/java/jdk1.6.0_45/jre/lib/security/cacerts -storepass -file /software/pcl-cert/JBoss/COMODO_RSA_Certification_Authority.CER
$ /usr/java/jdk1.6.0_45/bin/keytool -v -import -trustcacerts -alias RSA-organization -keystore /usr/java/jdk1.6.0_45/jre/lib/security/cacerts -storepass -file /software/pcl-cert/JBoss/New_Princess_COMODO_RSA_Organization_Validation_Secure_Server_CA.cer
Re: halinquirytest.halw.com Cert – Checking SSL Certs
Command Executed:
Preeti-Fnus-MacBook-Pro:security root# openssl s_client -connect halinquirytest.halw.com:443 -showcerts
CONNECTED(00000003)
depth=0 /OU=Domain Control Validated/CN=halinquirytest.halw.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=Domain Control Validated/CN=halinquirytest.halw.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=Domain Control Validated/CN=halinquirytest.halw.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=halinquirytest.halw.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgIJAOuSdfQd4EJsMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE1MDgyNTIxNTUzOFoX
DTE2MDgyNTIxNTUzOFowRTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMSAwHgYDVQQDExdoYWxpbnF1aXJ5dGVzdC5oYWx3LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALi26qE3lUt3aEKs23PnGlsi55ZYs0lItmoE
sRBbm4WTnuGV3wnogNOOij0SvVcIqUvWsFmnWlOb3Yp1leW0htAsUgz0COF2Jy7N
9PejmgRUQ9Kl9MamifH0nRQaFD9V41JxHawGIbtoxC6Ub6STagNAt7HJZqqz6SBM
wJVuoBLL4jkV4CVFUvo+xICB+9TVE+r5I5ZtnKwt9YpLb7fSQjRAgy+9BfGZt6iX
sD/SY7E+FlWYsK9ENamUnt+BVY6uXtN1DpIPVc0Quy5bJ4r0mV4URchouzb38iG5
ypD7h96OHNCrIgS6h7xVBaZeYnfrc+dRRSRgU+dGeS5PYuLiE7MCAwEAAaOCAcgw
ggHEMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MA4GA1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmdv
ZGFkZHkuY29tL2dkaWcyczEtMTEzLmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0B
BxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
b20vcmVwb3NpdG9yeS8wdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRw
Oi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZp
Y2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgw
FoAUQMK9J47MNIMwojPX+2yz8LQsgM4wPwYDVR0RBDgwNoIXaGFsaW5xdWlyeXRl
c3QuaGFsdy5jb22CG3d3dy5oYWxpbnF1aXJ5dGVzdC5oYWx3LmNvbTAdBgNVHQ4E
FgQUp9Cg4a7eWhkr09m9lV/DMKCvDbswDQYJKoZIhvcNAQELBQADggEBACuAbo68
SOrL7Ak4CRPde9m2Dqwx1ViHK4fe+lz3lAXOlfuRXwnIA6KNMzEScIsW8YCyIr7K
VGN3++FaRrlDlIHlajn7uEr2UsCN+vpFW/0XPVDoESO0FDoGILgvh/IbIUwiW9TA
p+rcfJjeM2uGRTQY3YWo0bWNc0RC4YpUo2nmdvV35I/ga3U50ER60mYmThMWvXb3
LMU9Sw36XKkvSBPGLr1rJWu/rzQKtuwWMWXw8CuhxTCgKxROMzhnw4jUbtAI+oyd
a0+6rmOb9HAmraqRZW2/qjOqseo+Ld5np7c8rxPXb2JtLwN7hYQnlI0/YefQ4kBX
YRcEyQvMJ+d1j5s=
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/CN=halinquirytest.halw.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
---
SSL handshake has read 1498 bytes and written 440 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 982500008C3CC53F4FDF7678FCD3A2EF83F01834E69EF11B3746A0F63CC9265B
Session-ID-ctx:
Master-Key: C6EE7071AE8731E7554122713C6D81FB3415EB75BE83E6D9CFB039F2030739D77D9A98196993F82A8AA69129967B5EC9
Key-Arg : None
Start Time: 1463000757
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---