I was trying to update my certificate but I'm having issues. I issued
heroku certs:add server.crt server.key
but this command is giving me the error
No key found that signs the certificate.
I've tried to add the key from my previous certificate, but I got the same error. I unfortunately lost my private key while trying to get a certificate with GoDaddy.
Related
After signing my Application using Test certificate (pfx) with signtool when I try to verify using signtool verify I am getting below error code
SignTool Error: WinVerifyTrust returned error: 0x80096019
A certificate's basic constraint extension has not been observed.
I have Tried to other exe with the same cert still the same Issue?
I have tried different certificates with the same exe still the same Issue?
I have searched on the Internet I couldn't find a source or Link. Any Help would be much appreciated?
You maybe use a CA certificate to sign. A CA certificate should issue a Code Signing certificate so you need a second certificate to sign your executable (Basic Constraints = LIMITED to 0 or false) that is then used to sign the executable.
This second code signing certificate is signed with the CA certificates private key.
Could you please help me to use JFrog Artifactory certificates feature. (Admin -> Certificates).
I want to add certificate for a maven repository (https://plugins.jenkins.io/repository)
Below are the steps I followed –
Step1: Downloaded the certificate (DER encoded binary X.509) for this repository from chrome browser.
Step2: Converted certificate extension from .cer to .pem. Directly converted extension from .cer to .pem and tried with open ssl also openssl x509 -inform der -in certificate.cer -out certificate.pem
Step3: Add new certificate via (Admin -> Certificates -> New -> Drag and dropped .pem file), Entered Certificate Alias name.
After clicking on Save, I am getting below error –
Certificate could not be added. Unable to read the provided PEM file. Missing private key or certificate.
Other important information –
When I researched more on this error, I found jfrog is expecting certificate and private key both in .pem file. When I am downloading certificate from chrome I am getting only certificate but not private key.
https://jfrog.com/knowledge-base/how-to-resolve-the-certificate-could-not-be-added-unable-to-read-the-provided-pem-file-missing-key-or-certificate/
I have tried the above steps with Base-64 encoded X.509 certificate also but results are same.
What you are doing is adding client certificate.
Meaning that when Artifactory will access a remote repository, it will secure the connection using client certificate.
If your problem is that Artifactory does not trust the certificate exposed by the remote repo (https://plugins.jenkins.io/repository) then you need to follow the directions here:
https://www.jfrog.com/confluence/display/RTF/Using+a+Self-Signed+Certificate
More explanations about the differences:
https://www.websecurity.symantec.com/security-topics/client-certificates-vs-server-certificates
Please elaborate a little bit more about the original problem you had, so we could understand if you are picking the right solution.
Good luck.
Your certificate probably came from a CSR (certificate request)?
You should have a private key within that CSR request file. Simply paste the output CER text (enclosed by ----- BEGIN CERTIFICATE ... -----END CERTIFICATE) - ie your issued certificate, a blank line, then the similar ---- BEGIN PRIVATE KEY ... ---- END PRIVATE KEY section from the CSR into a simple file called < whatever >.PEM and put that into jfrog. I told Jfrog just yesterday that this part is not clear, and could be expressed more simply in their wiki. What its complaining about is the lack of a PRIVATE KEY entry in the PEM. It took me a while to realise this, and where to get it from.
I am trying to login into a private docker registry using docker community edition 18.06 for Mac, but i am getting this error while docker login from cli-
Error response from daemon: Missing client certificate domain.cert for
key domain.key
First, I installed CA certificate in ~/.docker/certs.d/myprivaterepo:port using below commmands:
$ openssl genrsa -out client.key 4096
$ openssl req -new -x509 -text -key client.key -out client.cert
And it gave me error -
Error response from daemon: Get
https://myprivaterepo:port/v2/: Service Unavailable
Then i generated the certificate with '.crt' format using above command and it started giving me this error:
Error response from daemon: Missing client certificate client.cert for
key client.key
I am assuming it requires a key and both .crt and .cert certificates to be present. I infact tried creating another .cert certificate with another key, but it gave me below error:
Error response from daemon: tls: private key does not match public key
I referred to docker documentation- https://docs.docker.com/engine/security/https/, but could not resolve issue.
Can you please let me know how to generate the combination of these 2 certificates.
Thanks in advance!
For me, renaming and putting the crt file in /usr/local/share/ca-certificates/ worked:
# copy and rename the file
cp client.crt /usr/local/share/ca-certificates/<my-private-repo>:<port>.crt
# update certificates
sudo ca-update-certificates
# restart docker daemon
sudo service docker restart
I'm trying to connect to Apple's push notification server using my key and certificate
openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert MyApp.pem -key MyApp.pem
I keep getting the following error. Does anyone know what might be wrong?
7495:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-47/src/crypto/bio/bss_file.c:358:
unable to load client certificate private key file
You might be entering the wrong pass phrase.
I have a c# program and part of it creates a self-signed certificate.
The problem is when i try to import the certificate in MMC it says "This certificate has an invalid digital signature."
And when i try to add this certificate through command prompt using netsh http add it says:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
I've tried all suggestions from other questions similar to this but to no luck.
I've also tried downloading Hotfix from Microsoft but it didnt work.
By the way, my machine is running in Windows7-64bit.
I ran into an answer here The basic issue is that DC authority cert creators get sloppy and create multiple certs for the same DC cert authority. I had my self-signed cert created using latest and grates DC cert authority certificate. I had to export and install both root cert and a self signed cert on my destination machine for it to recognize self signed cert used on the server. But the root cert I exported was a cert with the same name but different dates. Once I located the proper root cert and installed it on my destination computer everything worked flawlessly.
In my case it was due to an old self signed certificate with a small key length.
I found the solution here - https://security.stackexchange.com/a/82606/26742 to reduce the security (only in my dev environment)
certutil -setreg chain\minRSAPubKeyBitLength 512