I have VPN .mobileconfig file with certificates onto it. I want to apply this configuration with new NetworkExtension framework, so I need to programmatically install (and trust?) this certificates. I can`t get how I can apply this certificates.
Related
We use Advanced Installer and at the moment we sign the .exe and installer package with a Standard Code Sign Certificate for token using a Safenet USB token. We want to move to the cloud and use Azure Key Vault there. Azure Key Vault needs a HSM certificate and we need to buy a new one. Is it possible to switch from token to HSM and will the old deployed Windows Services signed with the token certificate accept new update packages signed with the new HSM certificate?
As far as I understand it, the private key is stored on the usb token and we can't get it, so HSM will use a new private key?
We use GlobalSign certificates.
There should be no problem if you switch to a new certificate.
The only case you should be aware of is if you use the Install only digitally signed update packages signed with the same certificate as the Updater option from the Updater view of your setup project. Check this article.
When you use the Updater feature with this option enabled you should make sure that the new certificate has exactly the same subject as your old one.
I have company provided Samsung S20. I have successfully installed Microsoft's Intune Company Portal App.
Then I was also able to register company portal. However after connecting to company portal, it suppose to download certificate from the company portal. But its not downloading any certificate or i dont see any notifications that it is downloaded.
Once i have the certificate, i will use it to connect to Access Point. But that's next step after i have the certificate.
1>What could be the potential issue for not downloading certificate?
2>Where and how can i view the logs?
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
4>I am connecting from home. Is there any settings i need to do on router.
Note that, I also have company provided iPhone. and I was able to install and configure everything without any issue.
1>What could be the potential issue for not downloading certificate?
It depends on what you need the certificate for. How are you issuing the certificate to the device? via configuration policy?
2>Where and how can i view the logs?
Plug the device into a computer and allow USB to transfer data and files. Should be under Android\Com.microsoftintunecompanyportal\data
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
refer to previous answer
4>I am connecting from home. Is there any settings i need to do on router.
Sounds like you're trying to get a trust certificate on the device but I would need to understand more about what you're trying to do. RIght now I'm working on a wifi profile for android devices and am using SCEP certificates to do that. But you're welcome to read this to try to gain a better understanding.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-configure
I am trying to automate the certificate renewal process. I am able to generate the certificate then import the certificate to the server and now just need to update the SSL certificate to the new certificate imported for a particular application(ex : ABC). No changes in other property like port number or anything else. Just need to point the SSL Certificate to the new one added for a particular application. I tried doing a lot of research but no luck. Please help
The background
We have been using certificates to access a third party service from a windows 2003 box. The certificate recently expired so we went about getting a new one from the third party(Experian). We were provided with two certs to be installed in the "Trusted Root Certication Authorities" and two to be installed in the "Intermediate Certification Authorities" and then the main one that gets installed to the Personal\Certificates.
I know the certs are working when I can access a URL. If I install the certs allowing the cert decide where to install themselves (local Computer or Current User) they install to the current user store. I can then access the URL ... all is well.
The Issue
However I need the certificates to work on a computer level rather than a user level. So I move the certs to the relative Local Computer store locations however this does not work. I now cannot access the URL as any user. I tried deleting them all out and importing them directly into the required local computer cert location... still no joy. I tried installing them as the local admin .... still no joy. Tried granting access to the certs via winhttpcertcfg to everyone/specific users etc, still no joy.
Is it possible that the cert is designed to work for only one user? Is there something I am missing to make this work? Any suggestions would be greatly appreciated.
As admin you should:
run mmc
add snapin for certificates (for local computer)
add root CAs to "Trusted Root Certication Authorities"
add intermediate CAs to "Intermediate Certification Authorities"
add end entity certificate with private key (it should be a .p12 or .pfx file) to Personal\Certificates
grant rights to user that can access the private key using winhttpcertcfg utility
and it should work (at least it did for me every time).
If you don't have private key corresponding to end entity certificate (because you deleted them all) then you need to get a new one from third party(Experian).
Our organization developed some application on java before 8 years and we have some customers who have installed our product in their environment and providing services.
In java 7 update 51, java has updated their security, so it is asking us to sign the jar files using public certificate.
Customer is not fine with ask every user to reduce the security level or add the site in exception list in control pannel java.
The question here is, do all the customer needs to buy one certificate for them self and sign the jars or as an organization we buy a certificate and the single certificate can be used for all the customers?
If you get a certificate for your organization, you can use it to sign any Java applications that you wish to deploy. A different certificate is not needed for each application or customer.
It's not even necessary to avtually "buy" a certificate. You could create a self-signed certificate using the java keytool and use it to sign your code. Then your customers would have to install that certificate into their java trusted certificate store and everything should be fine.
"Buying" a certificate is only necessary when you need every computer with a standard-trustlist to be able to run your application, but if you're in close contact with your customers - as it seems you are - you should be able to hand them a self-created certificate for installation on their machines.