I have a question I sort of run into misunderstanding. I have created new Apns certificate p8 and I have more applications with different budnle ids. Do I need to create apns certificate for all of them or just one? Does it only depend on the teamid ? Or what's is the deal
Related
We use Advanced Installer and at the moment we sign the .exe and installer package with a Standard Code Sign Certificate for token using a Safenet USB token. We want to move to the cloud and use Azure Key Vault there. Azure Key Vault needs a HSM certificate and we need to buy a new one. Is it possible to switch from token to HSM and will the old deployed Windows Services signed with the token certificate accept new update packages signed with the new HSM certificate?
As far as I understand it, the private key is stored on the usb token and we can't get it, so HSM will use a new private key?
We use GlobalSign certificates.
There should be no problem if you switch to a new certificate.
The only case you should be aware of is if you use the Install only digitally signed update packages signed with the same certificate as the Updater option from the Updater view of your setup project. Check this article.
When you use the Updater feature with this option enabled you should make sure that the new certificate has exactly the same subject as your old one.
I have been managing Let's Encrypt's SSL certificates for a domain.
Now I am moving to Amazon API gateway. I will be using the AWS Certificate Manager to generate HTTPS certificates for the root domain and a bunch of subdomains.
If I make the transfer, what happens to my current HTTPS certificate which is associated with my domain. If browsers suddenly start seeing a new HTTPS certificate for a domain, for which they had been getting a different HTTPS certificate until now, would this be a problem?
Also, once I make the shift, what do I do with my current (manually managed) Let's Encrypt certificate? Is there a way to permanently void it?
Szabolcs Dombi says
You can have multiple valid certificates for the same domain at the
same time. Moving from one certificate issuer to another should not
cause a problem.
Toby Osbourn says
SSL certificates don’t last forever, most of them need to be renewed
on a yearly cycle and occasionally you will want to change the type of
the SSL certificate mid-cycle.
Since you are replacing certificates, I suggest you to back up the ones you have.
Once you have backed up the old certificates, just overwrite the .crt and .key files with your new ones. Then, reload your web server so it knows to look at these new certificates, and you should be good to go.
If it's within your interest to know more about how to Generate SSL certificate using Amazon Certificate Manager (ACM), I suggest Barguzar, A. (July 2018). Building Serverless Python Web Services with Zappa. where one can read a good step by step guide. See an excerpt of it below:
ACM is a service that manages and creates SSL/TSL certificates for
AWS-based services and applications. An ACM certificate works with
multiple domain names and subdomains. You can also use ACM to create a
wildcard SSL.
ACM is strictly linked with AWS Certificate Manager Private
Certificate Authority (ACM PCA). ACM PCA is responsible for validating
the domain authority and issuing the certificate.
You can have multiple valid certificates for the same domain at the same time. Moving from one certificate issuer to another should not cause a problem.
This also means that if you create a new certificate the old one still can be used unless it already expired.
I have an app that uses APNS and a server that uses SSL certificates generated by Apple member portal.
Both the app and the server are open source, and people using this solution install the server and the app in their own machines. There is no "central" server.
For others to use push notifications, they need SSL certificates that I have. What are the security implications if I share my SSL certificates (private and public) for APNS push with others?
I have an app in the App Store with APNS.
Now, my distribution profile is broken and I can't add my device to the distribution profile. It is a generated profile by apple with the prefix XC:.
So one solution is to create a new distribution profile for a new version of my app and submit it to the App Store.
But do I then also need to create a new APNS certificate? Or will this also work with the new distribution profile?
Perhaps my actual question is: is there a relationship between the distribution profile and the APNS certificate? Or is it the app ID that is important to let the APNS work?
As outlined in the push notification guide, the SSL certificate used for push notifications is independent from the distribution provisioning profile used by your app.
However, you need to ensure that your new provisioning profile provides the correct entitlements for using push notifications and their production/development environment, as described here. Good luck.
According to MSDN documentation, to send more than 500 push notifications per day, your service needs a certificate to establish an SSL tunnel to the WNS.
I see here http://msdn.microsoft.com/library/windows/apps/ff941099(v=vs.105).aspx how to upload the certificate, but how do I get the certificate? Do I need to install the certificate the my web server hosting my services? What if I am hosting my services in Windows Azure?
Firstly, this question is about MPNS (Microsoft Push Notification Service), not WNS (Windows Notification Service). They are two separate services, with WNS being now Microsoft's preferred platform.
Microsoft provides a list of MPNS-approved CA's (certificate authorities) here:
SSL root certificates for Windows Phone OS 7.1
The process for acquiring the certificate is roughly the same with all CA's. You need to create a CSR (certificate signing request) with your domain name as the certificate CN (common name), and send it to the CA. The CA charges a sum for certain validity period (typically 1, 2, or 3 years). Before the SSL certificate is issued, they normally do certain checks to ensure that you really own the domain name, e.g. by mailing the WHOIS owner of the domain and/or asking you to create a special DNS record.
Once you have your certificate, you need to install it as a client certificate in the server that makes the push notification calls to the MPNS servers. How do you do that, depends on your server architecture (.NET, Java, etc.).
http://www.verisign.co.uk/
you need a registered domain name and then you can register to buy a certificate, I think the cheapest I found for my app a few years ago was something like $99 but this may well be incorrect now.
Good Luck,