ApacheJMeterTemporaryRootCA can't open the certificate file after downloading it on emulator
ApacheJMeterTemporaryRootCA can't open the certificate file after downloading it on emulator
Valid certificate should be normally "opened", you should check your emulator logs for any suspicious entries.
It might be connected with the certificate expiration, by default its life span is 7 days only so if it's expired you won't be able to use it. In this case you will need to delete ApacheJMeterTemporaryRootCA.crt and proxyserver.jks files and re-generate new certificate by launching the HTTP(S) Test Script Recorder once again.
Also just importing the certificate might not be sufficient, most probably you will have to amend your application network security configuration like it's described in Configure Android Devices for Proxy Recording
Related
I need to install a cert to allow a browser to talk to localhost via our app. The .pfx file created for this purpose works great when imported with the Windows 10 MMC tool. But that's a lot of steps to make our users do manually.
By following the steps in this answer (Install a pfx certificate in a users store in Windows using WiX), I can build an MSI and it runs on the target machine without errors.
However, the cert does not exist in the usual "Certificates - Local Computer" MMC tool, nor can the cert be bound to the app with netsh. After a bit of searching, it turns out the cert is installed "somewhere in IIS", and is only visible in the IIS tool (?!).
Using openssl, I converted the .pfx to a .pem file. When running the MSI, this DOES seem to install the cert to the proper place (?!). However, the cert is missing the private key, so it also can't be bound with netsh ('SSL Certificate add failed, Error 1312').
What on earth is going on, and how can I make Wix install the certificate properly?
Well, I guess I figured it out. I tried running the MSI on a virgin Windows 10 installation, and the .pfx file installed correctly and can be bound ok.
So, my guess is that "something" is checking the local computer to see if IIS is installed, and makes the decision to install the cert in a place that only IIS can see or use it. There's probably a lot more going on behind the scenes, but that's the gist of it.
In summary, use a .pfx file to get the private key, and remember that the installation will only work on computers without IIS installed.
I've created a UWP app using Xamarin Forms in Visual Studio. It is ready for release, and I do not intend publishing it to the Windows Store. Under the "Packaging" tab of Package.appxmanifest, I created a test certificate via
Configure Certificate... >> Create test certificate...
and then created the app package. I can install the application on my own device (that was used to create and publish the app) using the .appxbundle file in the package, but any other device will not install the app, saying that "Either you need a new certificate installed for this app package, or you need a new app package with trusted certificates. Your system administrator or the app developer can help. A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)"
On the devices giving this error, I have installed the certificate using the Certificate Import Wizard to both the local machine's "Trusted Publishers" and "Trusted Root Certification Authorities" stores, as well as whatever stores were chosen using the automatic option, then restarted the device. When I go into Digital Signature Details under the .appxbundle file's properties, it says that "The difital signature is OK", but still gives me the same error when I try to install the app.
If there is an issue with my certificate, which says it expires on 1/7/2019, how can I create a certificate that will work? Otherwise, have I incorrectly installed the certificate on the device? I have double and triple checked and the device is set to Developer Mode. It is also on the same version of Windows 10 that my device is on.
I have also tried right clicking the .ps1 file and running with powershell, which gives me the same error. I have been following these instructions to this point: https://learn.microsoft.com/en-us/windows/uwp/packaging/packaging-uwp-apps#before-packaging-your-app
I've discovered the issue on my own. I had mistakenly installed the certificate to "Third-Party Certification Authorities" instead of "Trusted Root Certification Authorities". Once I installed the certificate to the proper stores the app was able to install.
For UWP apps, the certificate must be placed in the Trusted People store.
In my case I have installed certificate for current user instead of local machine. I installed for local machine and it works .
Also installed for for all 3 types of as shown below
Personal
Trusted root ....
Trusted Publisher
and things start working for me after 2 hours of effort.
I've created self-signed CA-certificate and added it to "trusted root certification authorities".
Then I've created another certificate that was signed by created earlier CA-certificate.
Then I've signed my exe with first certificate, download this file on the computer and try to launch. But Windows thinks that it is untrusted file. In the file properties I can see digital sign with my certificates' hierarchy.
So, the question is what I'm doing wrong?
Thanks.
I've installed a wildcard SSL certificate for two subdomains that I'm working on for an organization. This is the first time I've worked with wildcard certificates, and I missed installing the intermediate certificate when I first set this up, which resulted in certificate revocation messages when I first tried to load them. I've reloaded the certificates correctly, and both subdomains check out now using http://www.sslshopper.com/ssl-checker.html.
The sites appear to load fine everywhere except on the two machines (Mac Laptop & Vista Desktop) that I use to develop on, where they're still showing revoked. I've tried to refresh my local CRLs using the following commands:
certutil -setreg chain\ChainCacheResyncFiletime #now (Vista)
and
crlrefresh r p (mac)
I've restarted both computers and cleared browser caches but am still not able to access. How can I get my local machines to forget that the certificate was initially revoked?
I needed to ask the organization I'm working with to regenerate the certificate. I installed that one and everything's good to go now.
We have just received some new computers for use in the office (Dell Vostro). They seem to work fine in the main. When we use IE8 to go to some web pages such as yahoo mail it tells us:
“There is a problem with this websites security certificate”
If we have a look at the details it says:
“This certificate cannot be verified up to a trusted certification authority”
This however works correctly in Firefox. I don't understand why I should get such an error message, should this not just work?
The PC has Windows & (64 bit) and Norton Internet Security installed.
Don't forget that every browser comes with it's own list of trusted root server certificates.
Eg. from microsoft:
The Internet Explorer Certificate Manager enables you to install and remove trusted certificates for clients and CAs. Many CAs have their root certificates already installed in Internet Explorer. You can select any of these installed certificates as trusted CAs for client authentication, secure e-mail, or other certificate purposes, such as code signing and time stamping. If a CA does not have its root certificate in Internet Explorer, you can import it. Each CA's Web site contains instructions that describe how to obtain the root certificate.
Or from mozilla:
View Certificates: Click this button to view stored certificates, import new certificates, and back up or delete old certificates in Firefox.
So if IE and FF come with different lists of trusted Certificate Authorities, then some sites's certificates will be verifiable with one browser, but not the other. I would imagine that a high-profile organisation like Yahoo would use a highly profile CA that would be installed in both browsers.
I had the same problem with every website using windows 7 professional 64-bit and i realized that my clock was wrong so i changed it to the correct time and date and VIOLA! it worked.