I can't specify "Let's Encrypt . . " in Azure Cloud definition for certificate name. I need to specify intermediate certificate name, can't change the name.
Wrong:
<Certificate name="Let's Encrypt Authority X3"
Right:
<Certificate name="Lets Encrypt Authority X3"
Because ServiceDefinition:NamedElementNameString doesn’t allow apostrophe(').
Also I have tried:
<Certificate name="Let's Encrypt Authority X3"
Adding SSL cert as per this: https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-configure-ssl-certificate
Related
I'm trying to create a solana wallet using solana-keygen and then check it's balance
With this line I create the wallet with the spesific outfile
C:\Users\Ali Berkin>solana-keygen new --force -o "C:\Users\Ali Berkin\Documents\Solana\test.json"
It generated the wallet successfully and outputted me this
Generating a new keypair
For added security, enter a BIP39 passphrase
NOTE! This passphrase improves security of the recovery seed phrase NOT the
keypair file itself, which is stored as insecure plain text
BIP39 Passphrase (empty for none):
Wrote new keypair to C:\Users\Ali Berkin\Documents\Solana\test.json
================================================================================
pubkey: CgvYXNqdVLvNvByFXiSkFGfRC3QFR9SGZq17Bq1bRdht
================================================================================
then I saved this keypair as my default keypair
C:\Users\Ali Berkin>solana config set --keypair "C:\Users\Ali
Berkin\Documents\Solana\test.json"
Config File: C:\Users\Ali Berkin\.config\solana\cli\config.yml
RPC URL: https://metaplex.devnet.rpcpool.com/
WebSocket URL: wss://metaplex.devnet.rpcpool.com/ (computed)
Keypair Path: C:\Users\Ali Berkin\Documents\Solana\test.json
Commitment: confirmed
Finally, when I tried to check my balance, it threw an error which looks like this
C:\Users\Ali Berkin>solana balance
Error: Dynamic program error: No default signer found, run "solana-keygen new -o C:\Users\Ali Berkin\Documents\Solana\test.json" to create a new one
I already created a keypair at C:\Users\Ali Berkin\Documents\Solana\test.json but error tells me to create one. Can someone help me with this?
Apparently, the space on my username caused the problem. I tried opening a new wallet in C:\solana and it seems to work now.
C:\solana>solana-keygen new --force -o "C:\solana\test.json"
Generating a new keypair
For added security, enter a BIP39 passphrase
NOTE! This passphrase improves security of the recovery seed phrase NOT the
keypair file itself, which is stored as insecure plain text
BIP39 Passphrase (empty for none):
Wrote new keypair to C:\solana\test.json
pubkey: ASgogsZ7WW6uuGQYFX6BwfjwrEytzNJt4f9pVyp9gaaN
C:\solana>solana config set --keypair "C:\solana\test.json"
Config File: C:\Users\Ali Berkin\.config\solana\cli\config.yml
RPC URL: https://metaplex.devnet.rpcpool.com/
WebSocket URL: wss://metaplex.devnet.rpcpool.com/ (computed)
Keypair Path: C:\solana\test.json
Commitment: confirmed
C:\solana>solana balance
0 SOL
I'm trying to make a soap client in VisualStudio.
First thing I've done was generating proxy class with delivered WSDL file (using Add Service Reference option in VisualStudio).
It was generated with wrong binding configuration - message security should be:
DefaultAsymmetricSignatureAlgorithm - "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
DefaultCanonicalizationAlgorithm - "http://www.w3.org/2001/10/xml-exc-c14n#" and
DefaultDigestAlgorithm - "http://www.w3.org/2001/04/xmlenc#sha256",
while it is:
DefaultAsymmetricSignatureAlgorithm "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
DefaultCanonicalizationAlgorithm "http://www.w3.org/2001/10/xml-exc-c14n#" and
DefaultDigestAlgorithm "http://www.w3.org/2000/09/xmldsig#sha1".
I tried changing basicHttpBinding settings in App.conf by adding:
<security mode="Message">
<message algorithmSuite="Basic256Sha256" clientCredentialType="Certificate"/>
</security>
and certificate:
var cert = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "//cert.p12", "Pass");
client.ChannelFactory.Credentials.ClientCertificate.Certificate = cert;
client.ClientCredentials.ClientCertificate.Certificate = cert;
But I got the exception:
The service certificate is not provided for target 'http://.../service'. Specify a service certificate in ClientCredentials.
But I don't think I have a service certificate at all (service belongs to another company). I tried using the same certificate for ClientCertificate and ServiceCertificate.
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
But I got error :The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.
Changing mode to None gives excepion Security not found.
In general, sending request using SoupUI works fine, but I can't make right configuration in my client service to send any request.
Edit1:
I tried adding:
<serviceBehaviors>
<behavior name="mLegServiceSoapBehaviour">
<serviceCredentials>
<clientCertificate>
--><!--dont use on production--><!--
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
but nothing happend. I also tried:
<endpointBehaviors>
<behavior name="endpointBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
but I got another error:
„Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'nameA' but the remote endpoint provided DNS claim 'nameB'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'nameB' as the Identity property of EndpointAddress when creating channel proxy. ”
I suppose to you use self-signed cert.WCF will verify all the chain of issuers and expects that finally chain would end on root trusted authority.You can add the line below to app.config to disable the check.However, it is best not to use in production : serviceBehaviors/behavior/serviceCredentials/clientCertificate.
<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck" />
I'm trying to enable push notifications in my app, the problem is that I can't generate the certificate because whenever I upload my CSR (generated from Windows) I get the following error:
Invalid CSR Select a valid Certificate Signing Request.
The CSR was generated using the following specs:
Key Size 2048 bit
RSA Algorithm
I did the same process last year and I was able to generate the certificate but now all I get is the error above.. did Apple change anything about the CSR or am I missing something?
found it........
The CSR first and last line were:
-----BEGIN NEW CERTIFICATE REQUEST-----
.
.
.
-----END NEW CERTIFICATE REQUEST-----
I had to remove the NEW word and it worked, I was able to generate the .cer file
I am a total newbie in WSO2 configuration and a relative newbie in how HTTPS certificates work, so please bear with me.
I am trying to change the certificate for HTTPS connections in WSO2. Without any configuration WSO2 returns a certificate with the DN CN = localhost,O = WSO2,L = Mountain View,ST = CA,C = US. I am trying to change this with my own certificate, following the instructions from this blog article.
I have imported my certificate in the keystore and changed the config as described in the article. One notable difference is that I couldn't find ${carbon.home}/repository/conf/mgt-transports.xml.
After doing this, connecting to the IS server management service results in the "localhost" certificate being returned, instead of the one imported.
The KeyStore and RegistryKeyStore entries in repository/conf/carbon.xml
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
<!--
Encrypt Decrypt Store will be used for encrypting and decrypting
-->
<RegistryKeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</RegistryKeyStore>
Step 1: Create a new keystore with private and public key (key-pair).
Inside /repository/resources/security/ directory. The default keystore (wso2carbon.jks) and truststore (client-truststore.jks) will be stored here.
• Create a keystore containing a key-pair using java key tool (contained in the standard jdk) and save it as a jks file. The keystore contains THIS server’s key-pair (public & private keys).
• The Keystore/Key-Pair should have the following properties/attributes :
KeystoreType = JKS,
KeyPairAlgorithm = RSA,
Size = 2048 bits
SignatureAlgorithm = SHA-256 WITH RSA
Password (Must be exactly the same as the keystore password)
Name(Subject): The CN(Common Name) of the key-pair should be the server’s hostname upon which the IS will be deployed (if you intend to use it as the key manager for api manager)
Extensions:
Key usage : Digital Signature , Key Encipherment , Data Encipherment , on Repudian
Subject Alternate name : IP address = IP address of this server
Step 2: Import the certificate chain from the keystore created in Step 1 into a truststore.
Create new trust store with same attributes
• Export the certificate from the Keystore (step 1) into the truststore
Step 3: Change the configuration files as follows, reflecting the new keystore and truststore that have just been created.
Change the appropriate values in the following files (in /repository/conf/):
File Line number/s
identity.xml 180
carbon.xml 310
326
343
axis2/axis2_pt.xml 272
280
396
404
axis2/axis2.xml 272
280
396
404
axis2/axis2_nhttp.xml 278
286
405
413
security/secret-conf.properties 21
30
sec.policy 1
More or less , just search the files for "jks"
Delete the old keystores
Step4: Restart
When deploying an APNS certificate in a .wlapp file in MFP 7.0, I'm seeing a null-pointer exception when it validates the end-date, even though it has one. ( openssl pkcs12 -in apns-certificate-sandbox.p12 | openssl x509 -noout -enddate returns a valid date in the future).
It seems others have made this work, so I'm guessing it must be something I am doing wrong...has anyone else resolved similar issues with valid Apple Push Notification Service certs failing to be deployed on MFP
Relevant lines from the log:
947: "com.ibm.worklight.admin.services.ApplicationService E FWLSE3000E: A server error was detected.",
"948: com.ibm.worklight.admin.common.util.exceptions.ValidationException: FWLSE3119E: APNS certificate validation failed. See additional messages for details.",
"949: at com.ibm.worklight.admin.util.PushEnvironmentUtil.validateApnsConfiguration(PushEnvironmentUtil.java:232)",
"950: at com.ibm.worklight.admin.util.PushEnvironmentUtil.validatePushConfiguration(PushEnvironmentUtil.java:220)",
[ ... lots more trace here .. ]
"1030: Caused by: java.lang.NullPointerException",
"1031: at java.io.ByteArrayInputStream.(ByteArrayInputStream.java:117)",
"1032: at com.ibm.worklight.admin.util.PushEnvironmentUtil.getCertificateExpiryDate(PushEnvironmentUtil.java:362)",
"1033: at com.ibm.worklight.admin.util.PushEnvironmentUtil.validateApnsConfiguration(PushEnvironmentUtil.java:230)",
Initial hurdle was that the .wlapp file was not being built, so no apns certificate was in the file (it is just in .zip format with a meta directory that should hold the .p12 file). The underlying issue was that the tag's password field in application-descriptor.xml wasn't exactly right: it was following the example from "Push Notifications in iOS applications" at https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/notifications/push-notifications-native-ios-applications/ :
<pushSender password="apns-certificate-p12 password"/>
when it really should just have the password:
<pushSender password="password"/> </code></pre>
with the file named either apns-certificate-sandbox.p12 or apns-certificate-production.p12 depending on which server is to be used.
Double dumbass on me for not checking the official docs at http://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.dev.doc/devref/c_the_application_descriptor.html , which has it described correctly.
Moral: "When in doubt, RTFM"