as StartCom SSL Certificates are not preinstalled on WP7: is there a way to include the SSL Certificate from StartCom (StartCom Inc, Israel) in the App on the Marketplace, thus enabling the App to use this certificate to make ssl connections (HTTPWebRequest) to our server?
As we are already have the Webservice running with this certificate for iOS and Android devices we don't want to change the whole thing for WP7..
Thanks and happy X-Mas,
Frank
Follow this steps if you want to install certificate in Windows Phone 7 since there is no way to escape the certificate check.
http://joymonscode.blogspot.com/2011/11/installing-ssl-certificates-to-windows.html
Related
I have a 3rd party development tool that was written in Golang. My company uses Netskope which injects self-signed certificates in any SSL traffic from my machine so they can monitor all traffic for security purposes. The application is failing with the error
"self signed certificate in certificate chain" when it tries to connect out to a site on the public internet, I assume because of these self-signed certificates in the chain
I found some comments that say the logic for certification verification on Windows can be found in https://go.dev/src/crypto/x509/root_windows.go, but I cannot find any documentation for Windows about this (only Linux). From looking at that code, my understanding is I need to have the CA certification set up in the local machine store as a Trusted Root CA but that isn't working for me. The screenshot here shows the CA certificates in my Local Machine trusted root CA store. I deploy to Linux containers, in JVM or other applications to allow them to trust these self-signed certificates.
Am I doing something wrong in setting up the CA certs in my Certificate Store? Is there any documentation on this? Is there another way I can configure on Windows any Golang application running on my machine to trust the CA for these self-signed certificates? I see on Linux you can similarly add the CA to your store, or use environment variables SSL_CERT_FILE and SSL_CERT_DIR, and I've been able to do this for other Golang applications in Linux containers.
Full disclosure, I asked this question over at Ask Different (https://apple.stackexchange.com/questions/96776/always-get-a-security-error-for-internal-https-website) but didn't get much helpful feedback. I'm hoping this question fits better here.
My company recently changed an internal site to use HTTPS instead of HTTP (it is our Jira site in case that matters). From what I can tell, this site is using an internal certificate. On our work computers this certificate appears to be pre installed so the website comes up without trouble in IE, Firefox, and Chrome. However, my personal computer is a Mac (OS X 10.8.4) and I am having major troubles accessing the site through any browser. I have followed instructions to install the certificate in my Keychain and I believe I have successfully done that, but I am still not able to access the site.
When Accessing the site I Get:
Chrome: Invalid Server Certificate You attempted to reach jira.surescripts.local, but the server presented an invalid certificate.
Safari: Safari can't open the page Safari can't open the page "https://jira.local:8081/" because Safari can't establish a secure connection to the server "jira.local"
In Chrome when I view the certificate information it I see: Intermediate certificate authority. Expires: Thursday, May 21, 2015 1:19:28 PM Central Daylight Time. This certificate is valid
To make sure that it wasn't something strange with our company's VPN, I installed a Windows 7 virtual machine on my Mac and installed the certificate in Windows and am able to successfully log on to the site how I always would.
I am not much of an expert with certificates and I really don't know where to go from here. Any help would be greatly appreciated! Thanks.
It almost sounds like you need to trust a self-signed certificate? Perhaps follow: https://confluence.atlassian.com/display/SOURCETREEKB/Resolving+SSL+Self-Signed+Certificate+Errors
Sefl signed certificate always triger warnings in web browsers.
To validate a server certificate you must have in the client browser the CA certificate wich was used to sign the SSL server certificate.
Your company should create a CA cert, then create a server SSL cert. signed with the CA and put it on the web server. The clients install public part of the CA cert in "Trusted CA" certificate store. When client conect to the web server the server sent the signed SSL certificate, the client check if it is a "trusted" cert (was signed by a trusted CA) and if everithing is Ok the client doesn't show the warning.
You ended with this cert chain:
CA cert->SSL cert
CA cert public part is installed in client broser as trusted CA. SSL is put in the web server. Client validate SSL cert agaist its Trusted CA certs installed in its Certificate Stores.
It is like CyberTrus CA. You can see how you have Baltimore Cyber Trust Root and Cybertrust Public SureServer SB CA installed in your computer and when you enter into https://www.bancosantander.es/cssa/Satellite?pagename=SantanderComercial/Page/SAN_Index you can see that *.bancosantander.es certificate is valid because you are trusting in the chain.
Your company needs to create the root, then create the SSL signed by the root. The root (public part) is distributed to the client for install. The server sends the SSL to client in HTTPS protocol.
Check this link for more info.
The problem is probably the encryption protocols that your Mac and the company web site don't match up.
Safari Browsers for OS X before Safari 7 (up to 6.0.7 which was on OS X 10.8.4) use the SSL 3.0 protocol, which has vulnerabilities and is considered insecure. Most newer and well-designed web sites use TLS 1.1 and/or TLS 1.2.
Browser encryption capabilities for Safari 6.0.4
Find out from your company if that is what is set up. The same site that has the specs I linked to allow you to enter a web site, and they'll throw a battery of test transactions at it to test it's security and what will connect, but I doubt you can use that for an internal site. Ask your IT folks what encryption protocols they are using.
As a solution, I believe there are versions of Firefox and/or Chrome that can run on 10.8.4 that use TLS 1.2.
List of major browser versions that support TLS 1.2
I'm trying to add a signature to my usb driver for windows 8 64 bit.
Is it possible to use any SSL-certificate for signature or should I use some special certificate for drivers?
Does anybody have experience with GoDaddy Standard SSL for multiple domains (I've heard this certificate allows to add digital signature for driver)?
First, certificates are not "SSL certificates". They are X.509 certificates.
In your case you need a code-signing certificate. But not each code signing certificate will work. Only those from Verisign and GlobalSign CAs will. GlobalSign seems to be cheaper.
Also check http://www.microsoft.com/whdc/driver/install/drvsign/crosscert.mspx for cross-signing certificate (you'll need to add one to your signature).
I'm developing WP7 application. It connects by WebClient to secured by certificate https address. Cert is provided by not registered in phone certificate center. When application connect by https no error occurr because cert is not valid - for WP, but really it is. Calling address in browsers says that cert is not valid by any registered CA center. How to register CA center on innstalation process or how install this cert if CA registration is not possible. I can not found anything about that.
Follow the steps listed here: And then email the certificates to yourself (you'll need a physical device). The email app is the only way to install a certificate.
StackOverflow: What Do I need to do to get... self-signed certificate
When i tried to call .Net web service http://....using windows 7 API's
Its working fine. But if i used with same web service https://... i got
security error like There is a problem with this website's security certificate.
Help me out for this query...
You're probably using a test certificate or other certificate not supported by the phone.
If that's the case then your question is a duplicate of Making a WP7 HttWebRequest POST with an untrusted cert?
The solution to your problem is that you can't and must get a certificate from a trusted root certificate authority.
The site you're accessing needs to have a valid certificate from an issuer recognised by the platform. The latest list of these issuers I've seen is here.
push notifications from authenticated services
Note Geotrust will give you a 30 day trial certificate which is handy for testing.
Update: New documentaiton of trusted certificate issuers.