EWS-JAVA-API Self signed certificate for Exchange Server 2010 - exchange-server

i´am using ews-java-api and i need to use self-signed certificate to communicate with exchange-server, which is in same network like me.
Which name for self-signed certificate i should use to match with
exchange server 2010 entry ? it is domainname?
How can i use created certificate by my java-code, where i try to
autodiscovering the endpoint of exchange-server2010?
I´ve only created one certificate by keytool, but no idea how can i use it.
And i guess, that i have to create certificate with the correct name-entry, which is known by the exchange-server2010

Related

PowerShell to update webbinding SSL Certificate to a new imported certificate

I am trying to automate the certificate renewal process. I am able to generate the certificate then import the certificate to the server and now just need to update the SSL certificate to the new certificate imported for a particular application(ex : ABC). No changes in other property like port number or anything else. Just need to point the SSL Certificate to the new one added for a particular application. I tried doing a lot of research but no luck. Please help

How to Get Self Signed Certificate in Ec2

I am working in Ec2 instance. I have connected my php files like http://13.57.220.172/phpinsert.php. But it is not secured site. So i want to convert http into https://13.57.220.172.
I have cloudflare ssl. When i try to add ssl certificate. It shows
com.amazonaws.pki.acm.exceptions.external.ValidationException: Provided certificate is not a valid self signed. Please provide either a valid self-signed certificate or certificate chain. Choose Previous button below and fix it.
i have enclose the image with it.
So how can i get the self signed certificate. is there any online tool available.
I think the error message your seeing has to do with this sentence:
If your certificate is signed by a CA, you must include the
certificate chain when you import your certificate.
from https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-prerequisites.html.
Since it sounds like you're not yet in "production" mode, I'm guessing you're not particularly attached to your existing certificate, but just want a certificate to be able to do HTTPS on your web server (and don't really care if it's self-signed).
If you want to use AWS Certificate Manager, I think it would be easier to just let them (AWS) issue you a certificate instead of trying to import one from somewhere else. AWS doesn't charge anything for certificates. https://docs.aws.amazon.com/acm/latest/userguide/acm-billing.html
Even if you get the certificate setup in AWS Certificate Manager, that's not going to be installed directly on your EC2 instance, but rather (most likely) on a load balancer in front of your web server, which will add a little complexity to your setup. https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
If all you want to do is use HTTPS on your web server, Let's Encrypt (also free) is probably a simpler option. If you are using AWS Linux 2, there are instructions for getting a certificate here - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html
Well, add to the points which #jefftrotman has already mentioned.
If your expectation is to just secure your IP address using HTTPS you can achieve that using the below approaches:
A SELF SIGNED certificate that you can create using OpenSSL.
You can also get an SSL certificate from a trust signing authority like (GoDaddy or VeriSign) or Let's encrypt.
The only requirement in the second point is that for getting a certificate from a valid signing authority you need to have a domain name like "myphpapp.com" and then use this domain to get the SSL certificate.
The below details are in case you want to use AWS ACM(Amazon Certificate Manager)
If you prefer ACM, you can get the free Public SSL certificate which you can map to the IP address and your web application will be secured.
If your requirement is to add SSL certificates (like PEM files) to a web server like
NGINX or Apache then you first need to create a Private CA using in ACM and then you using this CA you will be able to create Private SSL certificates. After creating those you can export the files and add those files to the configuration file. (try to use Amazon Linux 2) ec2 image for ease.

BizTalk 2010 Send FTPS - when is client certificate hash "thumbprint" needed?

Based on this post, it's very unclear if a certificate is needed or not. The most important quote I got out of that post is this:
"I reached out to MS BizTalk support and they asked me not to use the
certificate and just use FTP over SSL without certificate. We also
changed the ftp firewall mode to passive and allocate storage to no."
Also consulted this post.
If FileZilla client can connect and send a file to a customer/vendor without a local certificate, then why would BizTalk need one in an FTP SendPort?
And secondly, if it is not needed, in what circumstances would you use it on an FTP SendPort.
It's my understanding that the certificate is some certificate related to the BizTalk host account's personal store on the BizTalk machine, and not the thumbprint of the customer/vendor we are communicating with.
For BT2013 this is MSDN's mysterious definition:
Specify the SHA1 hash of the client certificate that must be used in
the Secure Sockets Layer (SSL) negotiation.
Based on this hash, the client certificate is picked up from the
personal store of the user account under which the BizTalk host
instance is running.
This statement gives no guidance as to when it is needed or desired.
This is the other good blog on the subject, but also implied cert is needed, in contradiction to Microsoft support in early link.
You need to use the client certificate, when the FTPS server requires authentication with the client certificate. And you do not use it, when the server does not require that (what is a way more common).
FileZilla does not support the client certificates at all. If you are able to connect with FileZilla, your FTPS server does not require authentication with the client certificate. So you just leave the respective field in BizTalk blank.

Windows Store App connect to HTTPS with an self-signed SSL certificate

I'm having a Windows Store App (Metro App) which I want to connect a web service I built through HTTPS. And I am using a self-signed certificate for my web service. But when I tried to connect it from my App through System.Net.HttpClient.PostAsync I got an exception said
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
Inner exception said
"The remote certificate is invalid according to the validation procedure."
I know this is because I'm using a self-signed certificate. I remembered in .NET I can use System.Net.ServicePointManager.ServerCertificateValidationCallback so that my application can pass the validation if the thumbprint is mine.
But I cannot find the relevant class/method in Windows Store runtime. How can I do that?
First, you should ideally be using Windows.Web.HttpClient. On that API, you can use httpClient.HttpBaseProtocolFilter.IgnorableServerCertificateErrors to set the cert errors that you're willing to accept. You can choose to ignore the Untrusted error, for example, but you should then manually check the thumbprint before actually sending any data.

Windows Phone 7 in vs2010

When i tried to call .Net web service http://....using windows 7 API's
Its working fine. But if i used with same web service https://... i got
security error like There is a problem with this website's security certificate.
Help me out for this query...
You're probably using a test certificate or other certificate not supported by the phone.
If that's the case then your question is a duplicate of Making a WP7 HttWebRequest POST with an untrusted cert?
The solution to your problem is that you can't and must get a certificate from a trusted root certificate authority.
The site you're accessing needs to have a valid certificate from an issuer recognised by the platform. The latest list of these issuers I've seen is here.
push notifications from authenticated services
Note Geotrust will give you a 30 day trial certificate which is handy for testing.
Update: New documentaiton of trusted certificate issuers.

Resources