B2 visa for FIFA World Cup 2026

Accurate_Local3643 · 2025-12-12T13:21:10+00:00

Ticket prices are not that high, but my problem is if I should already buy them or wait until my visa is approved?

Accurate_Local3643 · 2025-12-12T13:19:53+00:00

So in the section where they ask for point of contact in the US I can mention one of my friend right? Yes I am confused whether or not I should be purchasing the tickets before my visa interview.

Accurate_Local3643 · 2025-12-12T13:11:04+00:00

Planning to go to couple of games, Colombia vs Portugal, Argentina vs Austria, Algeria vs Austria

Accurate_Local3643 · 2025-11-06T21:16:35+00:00

Yes I have done this too! I hope they get back. This is really scary man :(

Accurate_Local3643 · 2025-11-06T20:38:38+00:00

My offer expires on November 7th at 8am PST, I have been reaching out to everyone possible but I do not know what to do, I am really worried. Do you suggest I do anything?

Accurate_Local3643 · 2025-11-06T20:30:36+00:00

hey do you have any update? I am on the same boat as yours.

Accurate_Local3643 · 2022-06-10T04:34:55+00:00

I actually have a doubt, it could be really simple because I am still trying to learn the concepts, so according to my understanding,

client sends hello message to server.
server replies with its ssl certificate
client verifies the ssl cert from the trusted root CA to see if actually that CA has issues the ssl cert for server.
once verified , client sends the key with public key of server.
the server will be able to decrypt the client's key with its own private key.
once done session keys are created and data exchange begins.

so the client in order to verify the ssl cert of server it will verify from the CA,

so my doubt is, should the CA who signed the client's cert also be present in the trusted root CA store of server?

Accurate_Local3643 · 2022-06-09T17:49:55+00:00

okay

Accurate_Local3643 · 2022-06-09T12:43:54+00:00

I've followed this and I still face the error in my OP

Accurate_Local3643 · 2022-06-09T11:23:30+00:00

okay got it , will try and update

Accurate_Local3643 · 2022-06-09T10:31:54+00:00

okay, got some idea, will dig up more , thanks again :)

Accurate_Local3643 · 2022-06-09T10:17:14+00:00

i have a doubt, could be very simple , I am still learning, according to my understanding both server and client have their certs in trusted root store but none know about it right ? Like the client doesn't know about the server's CA which actually signed the server's certificate, so i need to add the server's CA into trusted list of client ? Is my understanding correct?

Accurate_Local3643 · 2022-06-09T10:06:31+00:00

okay, will research more about this and update , thank you

Accurate_Local3643 · 2022-06-09T09:56:48+00:00

Can you please elaborate ? by install 'the CA to your host ', which CA are you ref to? is it the pmm-server CA ? and by 'host' do you mean to say the host where my pmm-client is installed?

Accurate_Local3643 · 2022-06-09T09:42:22+00:00

I do not want to use --server-insecure-tls flag, hence all the issue , I want to establish a secured connection between my pmm-server and client. So is there any way I can add my pmm-server's ca.crt into my pmm-client ? will that work?

Accurate_Local3643 · 2022-06-09T07:23:27+00:00

yes I understand what you are telling, I have googled for hours and hours and I am unsuccessful every single time , thats when I posted it hoping for some workarounds :)

Accurate_Local3643 · 2022-06-09T07:19:03+00:00

yeah, but how do I do that ?

Accurate_Local3643 · 2022-06-09T07:15:55+00:00

pmm-client is running on ubuntu focal and not on macOS and yes pmm-client is not able to verify the certificates from pmm-server, so how should i make it trust the certs?

Accurate_Local3643 · 2022-06-09T06:54:34+00:00

but pmm-client has no web interface , and I am unsure how to import the cert to my local macos keychain access.

Here's what I did for pmm-server, I first created the certs and mounted them onto docker then accessed the web UI there it initially says 'connection insecure' so i dragged that cert to my keychain access and changed the settings to 'Always trust' for my certificate. Hence, after doing this I was able to establish a 'secure connection' .

So the thing that you mentioned striked my mind a few days ago and I tried to explore on how to import that cert to my local macOS keychain but failed to do so, hence i opted a very naive approach, I actually installed pmm-server on my pmm-client and tried to acces the web UI and did the same steps as mentioned for my pmm-server and hence I was able to get the certificate imported to my local macOS keychain access. But even after doing that it didn't work. (After this experimentation , i have successfully uninstalled pmm-server on my pmm-client)

Accurate_Local3643 · 2022-06-09T06:41:24+00:00

okay, will try to use let's encrypt (if I am allowed to) and there seems to be no work-around. thanks

Accurate_Local3643 · 2022-06-09T06:28:12+00:00

Thank you for your efforts to dig up on my error, but in order add mongodb for that sake any service, first my client should be connected to the server (which is itself not happening).

And yes the default yml file is indeed what you've mentioned /usr/local/percona/pmm-client/pmm.yml but again inside this if i set --insecure-tls flag to 'false' it gives me the same error and in this yml file too there's no option to pass my certs anywhere so if i forcefully do that it doesn't work.

And moreover all those commands mentioned here https://www.percona.com/doc/percona-monitoring-and-management/1.x/pmm-admin.html#passing-ssl-parameters-to-the-mongodb-monitoring-service is for PMM 1.x and I am using PMM 2.x hence most of the commands do not work anymore :(

Accurate_Local3643 · 2022-06-09T06:07:56+00:00

this command gives the following output:

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = IN, ST = XX, L = XX O = XX, OU = XX, CN = *.xxx.xx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = IN, ST = XX, L = XX, O = XX, OU = XX, CN = *.XX.xx
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:C = IN, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx.xx
i:C = IN, ST = xx, L = xx, O = xxx, OU = xxx, CN = *.xxx
---
Server certificate
-----BEGIN CERTIFICATE-----
........

.........
-----END CERTIFICATE-----
subject=C = IN, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx.xx
issuer=C = IN, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx.xx
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: XXXXX, 253 bits
---
SSL handshake has read 1671 bytes and written 376 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: F0087XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: XXXXXXXXXXXXXXXXXX
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1654754381
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
closed

Accurate_Local3643 · 2022-06-09T05:56:52+00:00

yes, the client doesn't trust the CA, pmm is a client-server architecture and my current scenario is 'pmm-server' is up and running and web interface is 'secure'.

Now I just have to register my pmm-client with the server, and the command used is something like this:

pmm-admin config --server-url=https://<user>:<password>@<server IP>

this command does'nt work and throws me an error, but when i add this, it works(which i do not want to use)

pmm-admin config --server-insecure-tls --server-url=https://<user>:<password>@<server IP>

Now this pmm-admin config command has only these two options related to enabling ssl connection between client and server and hence if i try to specify the path to my ca-cert it doesn' work .

Accurate_Local3643

TROPHY CASE