Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Because I'm awesome I'm trying to run the latest WIF demo app using VS2k10 B2 on my 7 boxen... 64bit of course (my neckbeard is strong) I'm having a problem getting it running.
Part of the whole demo thing requires I install some certificates on the local machine. Problem is that they ask me to install some of the website certs into a certificate store called LocalMachine/My. Well, there doesn't appear to be any /My anymore. There appears a suspiciously similar store called Personal, but the app doesn't work if I install the certs there and change the configurations to look in LocalMachine/Personal.
If I install the certs in TrustedPeople (it's mentioned as a valid location by the exception that was thrown when I attempted to use Personal), is that sufficient? Would doing this be considered bad form on a production machine?
The Windows Identity Foundation test project can be found at: http://claimsbasedwpf.codeplex.com
The exception:
Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique
certificate that matches the criteria.
StoreName: 'My' StoreLocation:
'LocalMachine' X509FindType:
'FindBySubjectDistinguishedName'
FindValue: 'CN=busta-rpsts.com''
The .NET refers to the stores differently than windows does. Which is a right pain in the butt. When .NET talks about the My store Windows refers to it as the Personal store.
Where you put certs depends on their purpose. The Personal store is for certificates you will use, where you have both the public and private key. The Trusted People store is for certificates where you (normally) only have the public key and want to add an explicit trust for those certificates.
Also remember if you are using a certificate to encrypt your user account must have access to the private key. For certificates installed in LocalMachine/My then administrators will but, for example, NETWORK SERVICE will not. You will need to specifically grant access to the private key.
You need to install the certificates in the Local Computer store not the Current User store. If you double-click them to install, they go in Current User. Use the mmc snap-in to install them in Local Computer. Also if you have access permissions run VS as Administrator.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
This post was edited and submitted for review 4 days ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I have ssl certificate file downloaded from GoDaddy which contains .pem file .crt file and .p7b file. I have a private key generated in .key extension. I need to assign the same to the certificate i received from Godaddy and install the same in IIS certificates.
The issue actually is, when I install the certificate in IIS using the option complete certificate request and add the details it is showing in the certificate list. But when refresh or go to other options and return to the certificates list I cannot see the new certificate I just added. By googling I can understand the issue is due to private key not associated with the certificate. When I checked in the certificate itself, I can see there is no key Icon showing. I have tried adding via openssl command to make it as a p12K file with key also attached but 'Its result is password is required' and exits the command line asper the search findings it should ask for the password (I doubt there is a password already set in that key file or something). I have also tried certutil -repairstore my "serial number" command but it asks for smart device connect.
First i have tried creating a new key since this private key was an old one and am not sure in the creatin time whether someone put password in it that is why pasword is asking. So i created a new key file 'newkey.key' and try to make .pfx file with that but it shows this key is not the correct one associated with .cer/crt file. Then I have tried creating a .key file from the the pem file i have received but it still says cannot retrieve data from pem file
I have downloaded and installed PostgreSQL 12 (64 bit) on a developer machine running Windows 10 Pro Education (64 bit).
When the installation came to the Stack Builder download application list step, an error occurred as follows:
A certification verification problem was encountered whilst accessing https://www.postgresql.org/applications-v2.xml schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. This means that the source download cannot be verified. It is recommended that you do not continue with the download as it may be coming from a site that is pretending to be the intended download site and may contain viruses or malware.
Do you wish to continue?
I have tried to use Proxy servers referring to this answer. https://serverfault.com/questions/555125/postgresql-stack-builder-installation-proxy-setting-on-windows
I have also tried both solutions from that question. Still, I can not get the application list downloaded.
I want to install PostGIS. It seems the stack builder is safe and easy to use. What should I do to get the PostGIS installed?
Looks like https://www.postgresql.org/applications-v2.html link has some strong security. And it blocks some traffic. As #ay__ya has mentioned, in his case he made it work though VPN access. And in my case I was already behind the VPN and it was not working. So disabling VPN worked for me.
Go to https://www.postgresql.org/applications-v2.html and save as a *.CER file the certificate of the the webpage.
Using "certmgr.msc" import the *.CER file into your local certificates repository to the Trusted People store or/and Enterprise Trust store.
Rerun Stack builder and retry download application list step.
Should works now.
I am currently working on a scripted program which tracks changes in the operating system by taking snapshots of certain things. One of these are the certificates. The goal being to see what changes an installed program makes to the system. The current issue is that I keep seeing certificates being added that the program did not add, Windows did. My goal was to prevent Windows from downloading certificates during the test. By installing a brand new Trust Root Authority certificates store using the commands:
CertUtil -GenerateSSTFromWU <filename>
Followed by:
updroots.exe <filename>
The issue is that after installing this new store, while I do see fewer certificates being added, I continue to see a number of time-stamp certificates being added to the CurrentUser/CA store. I was hoping someone knew where these certificates we coming from and how I could perhaps pre-install them so they do not appear during the test. Thank you for your advice.
Edit:
Examples of certificates include,
Microsoft Time-Stamp PCA 2010
Microsoft Code Signing PCA 2010
Microsoft Time-Stamp PCA
GlobalSign Timestamping CA - G2
Microsoft Code Signing PCA
Edit 2.0:
Was looking around, I had mentioned that it installed the certificates in the Current User/CA store, which appears to correspond to the Intermediate Certificate Authorities store in certmgr. I believe that AuthRootAutoUpdate applies to the Trusted Root Certificate Authorities store. The question I am looking into now, is there a separate service responsible for updating Intermediate Certificate Authorities?
Windows try to get certificates from ctldl.windowsupdate.com. Firstly it try to get following files:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
And then it can take root certificates if it needs them to check identity of certificates from folder:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/
So I had a certificate from Comodo and bought via KSoftware that I use to sign my software so it does not generate a warning when users download it, this has been working fine but the 2 year certificate expired last month. I purchased a new certificate last week and applied to a new version of my application but now when I download it warns me unknown publisher, and wierdly when I click on more info it shows my full address instead of just my company name JThink.
I have looked at my old and new certificate in browser and noticed I had Jthink ltd in old certificate and JThink in new one, would this cause an issue ?
Update
Comodo tell me there is a period of time before Microsoft start accepting new certificates and it would still be a problem even if the company information was identical because the certicate no is different.
Is this true, and what length of timescale are we talking about here ?
You need to just wait some time. Windows collects different data for your new certificate (total downloads count, etc.) and in some near future (depends on downloads rate) it will mark it as white listed (if it's all OK). And all your downloads signed using this new certificate will not be blocked anymore.
The same mechanism applies (as I think) on downloads without certificates at all. Windows collects the file reputation and after some critical amount of "good-experience" downloads it marks the file as OK. The same logic applies to certificates. Thus you do not need to wait anymore if your certificate has a "good reputation".
You need to use Extended Validation Code signing certificate which provides more trusted security certificate for your Windows binary. Regular code signing certificates are not validated by Windows smart screen protection.
I had the similar issue when Windows 10 was released with Windows smart screen protection with more advanced security features.
https://www.digicert.com/code-signing/ev-code-signing.htm
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I was attempting to follow this tutorial in order to test Delphi Xe5 IOS app development using Mac in the Cloud
http://www.youtube.com/watch?v=zORe2voUHIU
I received the following info in email
Your server name is: L108
Your Mac username is: userXXXX
Your Mac password is: pasXXXXX
I also received a remote desktop connection link on my desktop :)
When clicked, the remote Mac machine is launched (says I am connecting to LA204) and my PA server (PA3609) terminal window is available.
No sure why the email says my server is L108 and the remote connection link is connecting me to LA204 (I need a New York Server)
Using the following commands:
? for help
p = port and i = ip address
port = 64270
ip address = 74.80.228.166
Using Delphi Xe5 "connections profile manager"I created my profile Platform OS X, Host: 74.80.228.166, port # 64211 (also tried 64270)
However, Test connection failed
Any help would be greatly appreciated - I am burning up all my test time trying to do this on my own.
For future information for those you seek it, this is what the support team claims has happened (although I dispute the claim :) )
"Sir,
From your previous description, you appear to have received two
accounts:
#1: an account on server LA204 (please review which particular email has this information sent to you)
#2: an account on server L108 and username userXXXX (if you review the email that was sent to you with this login information, there is a
download link right below the login information that you should use
with this particular account)
From your description, you mentioned that "I also received a remote
desktop connection link on my desktop" This only happens through
Embacadero's integrated signup process, which creates a connection
file on your desktop.
If you sign up through our own website, and if you download through
the download link provided in the email, the connection file will be a
zip file in your download folder, no connection file will be
automatically created on your desktop.
Here we attach a screenshot of the email we issued to you, as you may
see in this email, the download link that was provided is "Please
download your MacinCloud connection files from the following link:
http://www.macincloud.com/images/MacinCloud_Lion_L108.zip"
The connection profile that is pointing to LA204 can only come from a
different source. Our best guess is that you have also signed up
through Embarcadero's integrated trial process. It is not uncommon
that this happens and this could be the cause of the confusion."
NOTE: I never signed up from Embarcadero's site or IDE, I only signed up from Mac In the Cloud website. In any case, this is what they claimed happened and as far as I am concerned, as long ad it is working, I am happy.