CLI SSL issue. How to install localhost cert on macOS?

I have…

• [ ] Read the following guideline: https://docs.squidex.io/01-getting-started/installation/troubleshooting-and-support. I understand that my support request might get deleted if I do not follow the guideline.

I’m submitting a…

• [ ] Regression (a behavior that stopped working in a new release)
• [ ] Bug report
• [ ] Performance issue
• [ X ] Documentation issue or request

Current behavior

I’ve tried to install certs at https://github.com/Squidex/squidex/tree/master/dev with no luck on macOS.
Tried drag and drop on my keychain and nothing happens. Also tried dragging the localhost cert from chrome (From “Not Secure” warning) and adding it to keychain access with no success.

Expected behavior

To install the localhost dev cert to be able to work with the CLI.

Minimal reproduction of the problem

I ran successfully the following command:
./sq config add atlas atlas:default (token) -u https://localhost/

After this I try to connect to it and work with my content, I get the following error:

ERROR: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Squidex.ClientLibrary.Configuration.Authenticator.GetBearerTokenAsync()
   at Squidex.ClientLibrary.Configuration.CachingAuthenticator.GetBearerTokenAsync()
   at Squidex.ClientLibrary.Utils.AuthenticatingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Squidex.ClientLibrary.Management.SchemasClient.GetSchemasAsync(String app, CancellationToken cancellationToken)
   at Squidex.CLI.Commands.App.Schemas.List(ListArguments arguments)
   at CommandDotNet.Execution.InvocationResultExtensions.GetResultCodeAsync(Object value)
   at CommandDotNet.AppRunner.HandleException(Exception ex, IConsole console, CommandContext commandContext)
   at CommandDotNet.AppRunner.Run(String[] args)
   at Squidex.CLI.Program.Main(String[] args)

Environment

• [ X ] Self hosted with docker
• [ ] Self hosted with IIS
• [ ] Self hosted with other version
• [ ] Cloud version

Version: 5.6.0.0

Browser:

• [ ] Chrome (desktop)
• [ ] Chrome (Android)
• [ ] Chrome (iOS)
• [ ] Firefox
• [ ] Safari (desktop)
• [ ] Safari (iOS)
• [ ] IE
• [ ] Edge

Others:
Running on macOS Catalina

Hi,

I am not a mac user myself. I don’t know how to install certificates on Mac.

But this certificate is only used for local development and is not relevant for docker. With docker you need a reverse proxy to setup https.

Indeed, running docker on localhost has its self signed certificate, but when using the cli, it does not work because of the exception mentioned above.

Screen Shot 2021-03-29 at 11.44.491440×858 93.7 KB

By the way, the cli command that throws the exception is:
./sq schemas list

Thanks.

Not yet, I can add this.

It would be nice!

Thanks a lot Sebastian, you rock!!!

I have pushed a new version, where the config add parameters has a new argument (you will see it, --help)

Hi Sebastian!

Thanks for you support!. I was testing it but I’m still getting the same error. Please let me know if I’m doing something wrong:

➜  osx-x64  ./sq config add --ignore-self-signed atlas atlas:default (token) -u https://localhost/
> App added.

(also tried with “-i” instead of “–ignore-self-signed”)

➜  osx-x64  ./sq config use atlas                                                                                                      
> App selected.

➜  osx-x64  ./sq schemas list
ERROR: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Squidex.ClientLibrary.Configuration.Authenticator.GetBearerTokenAsync()
   at Squidex.ClientLibrary.Configuration.CachingAuthenticator.GetBearerTokenAsync()
   at Squidex.ClientLibrary.Utils.AuthenticatingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Squidex.ClientLibrary.Management.SchemasClient.GetSchemasAsync(String app, CancellationToken cancellationToken)
   at Squidex.CLI.Commands.App.Schemas.List(ListArguments arguments)
   at CommandDotNet.Execution.InvocationResultExtensions.GetResultCodeAsync(Object value)
   at CommandDotNet.AppRunner.HandleException(Exception ex, IConsole console, CommandContext commandContext)
   at CommandDotNet.AppRunner.Run(String[] args)
   at Squidex.CLI.Program.Main(String[] args)

Any help will be appreciated Sebastian!

Have you downloaded a newer version?

Perhaps you just download the source code and try it there?

Yes, I’ve used the last version for macOS from https://github.com/Squidex/squidex-samples/releases.

I downloaded the source code but I have no knowledge about C# projects so couldn’t run from there at the moment.

Thanks for your time and support Sebastian!

I see, I can have another look. Honestly I have not tested this change with a real setup.

You can also try to add the config with another name, perhaps it is not overriden. There is a .configuration file that you can test

I have also encountered an issue because I didn’t install the cert(in the dev folder).

In MacOS, double click the squidex-dev.crt(in the dev folder) or you can drag it into the Keychain Access

Thank your for your update. Is your issue related to the CLI? Because the CLI should work with all kind of installations, even if you have a self signed certificate in kubernetes or something like that.

It’s not related to the CLI, I don’t create a new cert for this, only install the provided cert(Mac OS use squidex-dev.crt), for Linux(Mac OS) it usually uses bash command, the ps(PowerShell developed from Windows PowerShell, although it is cross-platform, it does not use in other platforms).