w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
OpenSSL + Self Signed Cert = OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Extracted from here So basically all you have to do is this ENV['SSL_CERT_FILE'] = "your certificate path" and I guess all will work You might find this Reference useful : http://mislav.uniqpath.com/2013/07/ruby-openssl/ Who reads the value of ENV['SSL_CERT_FILE']? Hope this help

Categories : Ruby On Rails

Using a self-signed certificate to create a secure client-server connection in android
There is different ways to solve your problem but here is the one I use: All the steps are in this link http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/ but some parts can be confused so I will explain all the process: 1.-Store your mycrtfile.crt in a know path I will say c:BKS/mycrtfile.crt. 2.-To create your BKS or key store you will need the file bcprov-jdk15on-146.jar, this class will do all the work for us, there are different versions but this one works for me http://www.bouncycastle.org/download/bcprov-jdk15on-146.jar also store this file into C:BKS/ 3.-Now you will use the Keytool (keytool comes with the Java SDK. You should find it in the directory that contains javac) to generate our keystore and to make sure that is working go to your cmd and type "Keyt

Categories : Android

How to use self signed certificate at iOS app
looking at the first tutorial you linked to you should be able to use that or some more advanced form of that and once you have tested and have it working then all you have to do for a client to create and add their own certificate would be to override/replace the localhost.cer file in the apps folder where the file localhost.cer "or whatever name scheme you use" is located. there are many ways to do this but one could be telling the app a link where the certificate is online for download and once downloaded, then replace. Any questions I'll try and help further but hopes this helps you in the right direction.

Categories : Iphone

Using JavaMail with a Self Signed Certificate
Get rid of the socket factory stuff: Setting various socketFactory properties. Long, long ago JavaMail didn't have built in support for SSL connections, so it was necessary to set these properties to use SSL. This hasn't been the case for years; remove these properties and simplify your code. The easiest way to enable SSL support in current versions of JavaMail is to set the property "mail.smtp.ssl.enable" to "true". (Replace "smtp" with "imap" or "pop3" as appropriate.) See these Gmail examples. The Gmail certificate needs to be in your trust store, not your key store.

Categories : Java

WCF client self-signed certificate
You can do that by configuring your service over two separate end points one secured (with certificate) and one without certificate. Check this post for general understanding (not specific to WCF) over Self signed certificate vs CA certificate - Self-signed SSL Cert or CA?

Categories : Wcf

How to verify that app was signed by my certificate?
Use your code for collecting the fingerprint on the device in "test" mode -- meaning you have temporary code to emit that fingerprint to the log (or elsewhere). Be sure to test this using your production signing key, not the debug key! Once you know from the device's perspective, you can remove the temporary code and elsewhere you can compare to what you've previously determined to be the key. Be aware though that you're probably doing this to prevent someone from modifying your app and re-signing it with another key, but someone with the ability to do that also has the ability to modify your key checking. This is a problem that can be addressed with additional obfuscation but you'll need to come up with your own solution to minimize the chance of an attacker knowing what to look for.

Categories : Android

AJAX and self-signed certificate
I have had this same problem several times. The best I could come up with was something like this: check for a cookie, if they have it, do nothing, if they do not have it, issue a re-direct to the site that generates the cert warning, user accepts the self-signed cert, then the user just needs to go back to your site. If you had any control over the api side, you could probably make it so that you have a bounce back url or something that ends up getting the user back to your site. There really is no elegant way to handle this short of just getting a real SSL cert. On another site, we ended up having to put a link to the service on our page for this very reason, fortunately it was temporary as we had control over the server side too, and planned on replacing the self-signed cert with a real

Categories : Ajax

TLS: How to verify a certificate self-signed with an RSA key
Certificates bind a public key and additional information (such as a identifier and other attributes) together. What makes this association between the public key and the additional information a certificate is the fact it is signed. The reason X.509 certificates are signed and issued by a CA is because the CA asserts the binding between the public key and the rest of the content of the certificate (in particular its subject). The purpose of this is to let a party that knows the CA but doesn't necessarily know the entity to which the certificate was issued verify that the content of the certificate is true, in particular that the public key belongs to the certificate's subject. Since your authentication scheme relies on pre-established knowledge of who or what owns the public keys anyway

Categories : C

curl self-signed certificate web service over SSL
please refer to that following answer: http://stackoverflow.com/a/28927268/1290438 to sum up: % openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' | grep -m1 -B-1 -- '-----END CERTIFICATE-----' > cert.pem % curl --cacert cert.pem https://example.com and tada, you connect securely to a self-signed website.

Categories : Rest

How i can create a self-signed certificate using phpseclib
You need a private key, plain and simple. Otherwise, what are you going to sign it with? The signature field of an X.509 cert is mandatory. I mean, if all you want is a public key, you don't need to bother with the X.509 overhead. You can just pony up a public key that looks like this: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0 FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/ 3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB -----END PUBLIC KEY----- But X.509 is more than just a public key - it's a signed public key. Technically, a CSR is, too, but CSR's are always self-signed whereas X.509 certs can be signed by anyone.

Categories : PHP

Can't set a signed SSL certificate on NodeJS/expressJS
I found the issue, it was my mistake the server.key didn't match the server.crt. A simple test found it. See: http://www.madboa.com/geek/openssl/#cert-test openssl s_server -cert mycert.pem -www

Categories : Node Js

Self-signed certificate with Demo DocusignAPI
Are you talking about including an SSL cert for the event notifications? The only mention I see from their documentation when I search for "SSL" is the signMessageWithX509Cert property on the eventNofication object. This can be viewed on several of their api guide pages like this one. In any case, with all of the comments that have come in on this thread so far I believe your issue is related to your certificates and not with the DocuSign API. Were you able to resolve this yet?

Categories : Misc

Getting ssl_error_bad_cert_alert on firefox after installing self signed p12 certificate
The ssl_error_bad_cert_alert error in this case means the server doesn't trust your self-signed cert. One way to solve this is to generate certs and CSR's, and then sign them with a local development CA. Then you just add your dev CA to the JVM truststore. It is slightly more setup, but is more flexible (e.g., you can create signed certs for a whole development team, test revocation via OCSP/CRL, etc). These steps are copied from my history and probably require changes: Create a local dev CA openssl genrsa -out ca.key -aes256 -passout pass:changeit 4096 openssl req -new -x509 -key ca.key -config openssl.conf -days 3560 -sha256 -out ca.pem -passin pass:changeit openssl rsa -in ca.key -out ca.key -passin pass:changeit Generate client and server keystores with a keypair in each keytool

Categories : Eclipse

Self signed certificate honoring both, Machine Name & IP Address
You should create a certificate with multiple Subject Alternative Names. What you put in the CN at that stage doesn't really matter (it's only a fallback solution when there are no SANs), but putting the host name should help you identify the certificate in various lists. Note that the entries for host names should be of dNSName type, but the entries for the IP address should be of iPAddress type, so you need a certificate creation tool that supports both. There are more details in this question (not specific to Java). Note that IP addresses can be OK in a development context, but host names are often better anyway. Few (if any) CAs will issue you with a certificate tied to an IP address.

Categories : Ssl

Apache couchDB CA signed certificate issues
For anyone who is interested this is how we finally solved the problem: Seems that we couldn't get couchDB to work properly with our intermediate certificate. Since we are running our couchDB server on an AWS EC2 instance, I just created an ELB (Elastic Load Balancer) instance and uploaded my certificates to the ELB, then added the EC2 instance under my load balancer and rerouted my DNS to the load balancer (using Route53 here too). I then turned off SSL completely on couchDB and handed the SSL handshake to the load balancer which supports the use of an intermediate certificate. This does mean that the comms between the ELB and couchDB is insecure but for us that is fine. This also means that we now can add in more couchDB servers under the ELB for scalability so 2 birds 1 stone solut

Categories : Apache

How to create self-signed certificate programmatically for WCF service?
I could not make this work, but I found an alternate solution. (Update December 2014: I have now gotten it to work using the accepted answer.) I was able to use the PluralSight.Crypto library to achieve what I need. I had to modify the source code slightly to get the private key to store in the LocalMachine store. The changes I made were to the file CryptContext.cs. I changed the CreateSelfSignedCertificate method. Following is a snippet of code including the change that I made. In essence, I set the Flags member of the CryptKeyProviderInformation structure to set it to 0x20 (CRYPT_MACHINE_KEYSET) if the CryptContext object contains this value in its Flags. byte[] asnName = properties.Name.RawData; GCHandle asnNameHandle = GCHandle.Alloc(asnName, GCHandleType.Pinned);

Categories : C#

Android: How to create a HttpClient with self signed certificate and a SSL cache
public class SimpleSSLSocketFactory extends org.apache.http.conn.ssl.SSLSocketFactory { private javax.net.ssl.SSLSocketFactory sslFactory = HttpsURLConnection .getDefaultSSLSocketFactory(); public SimpleSSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(null); try { SSLContext context = SSLContext.getInstance("TLS"); TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; } public void checkClientTrusted(X509Certificate[] chain,

Categories : Java

Generating self signed certificate for testing nginx via vagrant vm
Author of PuPHPet here. I'm actually trying to solve this issue within PuPHPet itself :) The problem is that the self-signed cert would be generated each time you $ vagrant up a new instance. I don't know what kind of warnings your browser would throw at you, but I'm certainly willing to try. Follow me on twitter @juantreminio and I'll make sure to spam all my followers when the feature has been added!

Categories : Ssl

Php SoapClient verify_peer=>true fails with ca-signed certificate
The problem was that php has by default insecure settings to handle https requests. It will not verify the certificate or check that the domain in the certificate is correct. You have to download the file that is used to verify the certificate yourself too. You can download one at: http://curl.haxx.se/ca/cacert.pem The settings to handle them properly are <?php $client = new SoapClient("my-wsdlfile.wsdl" ,array( "location"=>"https://examplesoapserver.com" ,"stream_context"=>stream_context_create( array( "ssl"=>array( "verify_peer"=>true ,"allow_self_signed"=>false

Categories : PHP

Perform soap request via https with self-signed certificate by cURL
The error doesnt seem to be on the client side but on the server side. The server says that some security check failed. If it was a client error, you would get nothing but an error by cURL. You get an XML answer. You should look at the server side.

Categories : PHP

Creating a truststore to only validate certificate signed by a custom CA in JAVA
I can only answer part of your questions: The truststore should contain your CA, you can generate it with keytool: http://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html No problem you can implement this in android in the same way than in java using java.security.* and org.apache.http.* classes. One warning, for android versions <=2.3, you could need to implement a workaround as some public CA are missing and it doesn't support miss-ordered certificates chains. I can give you more details if needed. I don't know Edit: A good turorial: http://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html

Categories : Java

Create an x509.v3 self-signed Certificate for SAML signing and encryption, Windows 8 R2
This required creating a Certifying Authority installed in the localmachine Trusted Root Certifying Authority and then using it to sign a certificate used by the application. This link provided the details that allowed me to accomplish this: http://www.digitallycreated.net/Blog/38/using-makecert-to-create-certificates-for-development

Categories : Xml

signed jar file-- jnlp fails to prompt user to accept certificate
In answer to your specific questions: It is handled automatically by the jar signer tool, don't sweat the names. The Java version of the server is not relevant, unless the server is compiling the code. But even then, Java apps. should be 'forward compatible'. I.E. an app. compiled in 1.5, should run in 1.5, 1.6 & 1.7.. I don't think the jar signer tool does anything different in the file writing since it was first made, so the version is irrelevant. Irrelevant based on point (3).

Categories : Java

Puppet ssl errors " SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"
Tried puppetdb-ssl-setup -f that took care of the cert missmatch. more details in https://groups.google.com/forum/#!topic/puppet-users/VqpGAxw7-Fo Thanks Ken for helping

Categories : Ruby

Retrieve PEM cert: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
you can disable certificate verification for a given instance of Net::HTTP: stock.verify_mode = OpenSSL::SSL::VERIFY_NONE or you can disable SSL verification globally in your process using: OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE Note: Ruby interpreter will give you warning that constant is already initialized. Sometimes you might get hard error. if that's the case you can unassign constant and initialize it again using following code: OpenSSL::SSL.send(:remove_const, :VERIFY_PEER) OpenSSL::SSL.const_set(:VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE) This is not a perfect solution for your problem, but if security is not a big cocern, you can use above methods to bypass SSL Cert verification. You will still have encrypted secure connection to server.

Categories : Ruby On Rails

How to programmatically get server's certificate and add to the truestore, and check the certificate
I haven't tried it but this looks promising: https://github.com/cesarferreira/Android-Self-Signed-SSL-certificate-example

Categories : Android

Squid3 URL Block
You can try this method : delete this line : acl bad_url dstdomain .msn.com You have already added this line : http_access deny bad_url Make sure that you wrote your own dns blacklist related to bad_url acl here : /etc/squid/bad-sites.squid if you have no idea to implement, it looks like this : .test.com .badurl.net For some website like facebook, it's better to use regex. Add this on your squid conf acl fbban dstdom_regex facebook http_access deny fbban restart your squid /sbin/service squid stop /sbin/service squid start or /etc/init.d/squid stop /etc/init.d/squid restart

Categories : Linux

Android 2.2: javax.net.ssl.SSLException: Not trusted server certificate - Android 2.3: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/System.err(1201): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate What cipher suites are you using? Anonymous Diffie-Hellman (ADH) will cause the server to not send a certificate. W/System.err(22569): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. It sounds like you did not trust a CA's root certificate required to validate the chain. Has it been loaded? Is it the correct root to trust? Certificate chain 0 s:/C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charle Marx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130 i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Asurance Secure Server CA [Repeated three times] This looks malformed in practice. There

Categories : Android

Why is my certificate not valid unless I put the Sub CA certificate in the trusted root certificate authorities?
To elaborate on Erik's comment, trusting the Root CA certificate means that you will trust what the Root CA directly signs. If you have an intermediate Sub CA in the middle, its certificate is signed by the Root CA, and the Sub CA signs your certificate directly. Root CA ---signs/verifies---> Sub CA ---signs/verifies---> End user certificate As Erik said, if you do not have the Sub CA certificate present, then there is no way to link the Root CA to the End user certificate. The Root can verify the Sub CA certificate, and the Sub CA can verify the End user certificate, but there is no way for the Root to skip over the Sub CA and verify the End user certificate because the root did not sign the End user certificate. 2 ways to resolve this are: include the Sub CA cert in your tru

Categories : C#

How to use UnboundID SDK to connect to an LDAP server with the SSL server certificate?
If there is a specific certificate or set of certificates that you want trusted, then you could just create your own custom javax.net.ssl.X509TrustManager implementations that examines the presented certificate chain and determines whether it represents one of the expected certificates. You could hard-code information about those certificates into your code (or better yet, put it in a config file so you could change it without altering any code) and do something like comparing certificate fingerprints to get an appropriate degree of assurance that it is actually the legitimate certificate. If you don't know what the individual certificates will be but know that they all have a common issuer, and you trust that issuer to only issue good certificates, then you could include trust informati

Categories : Ssl

Signed applet write file in server
Applets live there own sandbox, where they require special permission to perform certain operations, like read or write the disk of a client machine. Remember, applets execute within the context of the client machine, they are guests and need to follow the house rules. Reference - here

Categories : Java

ASPNET. Signed PDF file saved to sql server, problems when retrieving
Finally I've decided not to use response object and open a link to the virtual directory in the server where I store the file created with File.WriteAllBytes method. I haven't been able to make it work through response.

Categories : Asp Net

Java Server with Multiple SSL Certificate
Being able to use two server certificates on the same IP address and port is possible via the Server Name Indication (SNI) extension, which must be supported by the client and the server. Java supports this on the client side since Java 7. Unfortunately, this is not supported on the server side yet. This is planned for Java 8. Meanwhile, if you do need SNI support on your server, you may be able to use another server to handle the SSL/TLS connection and forward the plain text connection to your application. Typically, this can be done with Apache Httpd (with a reverse proxy) for HTTP(S). Alternatively, it looks like the HTTPS-SNI-Proxy project may be more flexible for other protocols (despite having HTTPS in its name). I haven't tried it, but according to its README, it looks for the S

Categories : Java

Redmine 2.3.2 svn HTTPs Server SSL certificate untrusted
Make sure that the certificate on VisualSVN Server matches it's hostname (it's case-sensitive)! --trust-server-cert won't automatically accept certificate with non-matching hostname since it's considered insecure.

Categories : Apache

MailCore SMTP Invalid Server Certificate
You can use openssl to connect to smtp.live.com:587, proceed with SMTP, issue STARTTLS, and view the certificate chain: openssl s_client -starttls smtp -crlf -connect smtp.live.com:587 The certificate chain looks fine to me: . It looks like the certificate that they are using is signed by GlobalSign. I'm wondering if there is a setting that needs to be made in MailCore to specify that GlobalSign is a trusted CA.

Categories : Iphone

SharpSVN - Server certificate verification failed
OK. I solved this problem and now I get an other error. What you need to do is this: client.Authentication.SslServerTrustHandlers += new EventHandler<SharpSvn.Security.SvnSslServerTrustEventArgs>(Authentication_SslServerTrustHandlers); void Authentication_SslServerTrustHandlers(object sender, SharpSvn.Security.SvnSslServerTrustEventArgs e) { // Look at the rest of the arguments of E, whether you wish to accept // If accept: e.AcceptedFailures = e.Failures; e.Save = true; // Save acceptance to authentication store }

Categories : C#

Push Notification - Do we need to update p12 on server for new certificate?
The certificate is not packaged into your app. It's only required by your server in order to send push notifications. Therefore you should only update the p12 file on your server. It will work for both users who use the new version and users who use the old version of your app. If you don't update the certificate on your server, you won't be able to send push notifications to any version of your app, since, as you said, the old certificate has expired.

Categories : Iphone

Authenticate WCF by matching client and server certificate together
You don't have to write code to perform certificate authentication - this can be handled by configuration. From this article: http://msdn.microsoft.com/en-us/library/ff648360.aspx There are a number of ways to specify the location of the certificate. This example is using the certificate store for the service: <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceCredentials> <serviceCertificate findValue="CN=tempCertServer" /> </serviceCredentials> </behavior> </serviceBehaviors> And this one is using a certificate that is encoded directly in the config fi

Categories : C#

How to send a client SSL certificate to server by using CFStream in my iOS app?
After a lot of study and trying, I can answer myself now. Also hope it'll be useful for you. Actually, what I need is implementing client SSL authentication by using CFStream. So I need to do these: Put PKCS #12 file in my app bundle Read this file as NSData to pkcsData Use method SecPKCS12Import to import pkcsData Get identity and cert from the data you imported above, and generate a certificates array Set the array to key kCFStreamSSLCertificates in kCFStreamPropertySSLSettings of your CFWriteStreamRef Sample code below: // Read .p12 file NSString *path = [[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"]; NSData *pkcs12data = [[NSData alloc] initWithContentsOfFile:path]; // Import .p12 data CFArrayRef keyref = NULL; OSStatus sanityChesk = SecPKCS12Import

Categories : IOS

Manually check server's certificate using HttpWebRequest
I have read some tutorials about manually checking SSL certificates in .NET using ServicePointManager, and when I started implement it in Windows Phone 8 application, I realized that .NET Framework for WP8 (and 7) just has not got API to handle SSL certificates validating. We just can't have access to ServicePointManager... Then I found this post: "Self Signed Certification SSL HTTPS" on wpdev.uservoice.com, where developers are asking Microsoft to add this API into next WP SDK updates, of course I have spent my 3 votes on that, so if you want to see ServicePointManager in WP .NET framework, please vote for that. Also, I want to notice you about strange behavior of HttpWebRequest on WP, when you trying to work with self-signed https resource, HttpWebRequest will throw 404 exception! Very

Categories : Windows Phone 8



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.