Is it possible to create a cert.pem and key.pem which works on different computers?
I'm working on an angular application which have an environment type that launches the application on HTTPS mode and I would like to share the same cert keys to other all developers who are working on the git "development" branch.
I don't know if it is possible and my attempts were unsuccessful.
Thank you all.
Related
I know this is known issue. I am trying to do the git pull in my android studio with current project and I get this warning. So I generated my key on macbook with command:
ssh-keygen -t rsa
than I copy it and added to bitbucket profile in ssh keys. Also I added certificate to the android studio settings (tools -> server certificates).
Still I get this issue. I tried with changing git.config but also without success.
with command:
git config --global http.sslVerify false
it works well, but I don't want solutions like this since it is bad and not secure.
Does anyone has any good suggestion. Thanks!
After long time spent I found the solution. This can be very helpful so try it out if you have same problem.
Situation was that in my android studio I added HTTPS URL (e.g., https://bitbucket.org/username/repo.git) instead of SSH URL (e.g., git#bitbucket.org:username/repo.git). You can change this in Git -> Manage remotes. Copy the SSH URL from bitbucket (or any other VCS by clicking on clone option and selecting ssh instead of https)
So Even though everything is set up well, SSL protocol (used to transfer securely data) is unable to connect (in these situations SSH protocol is used. It allows executing commands, not only sending data like SSL. It is usually used for log in situations like this)
Hope this helps, have a good day coding.
The app bundle was generated by the first PC (Ubuntu 18.04) using keystore and its password. Google Play accepted app bundle and application was updated successfully.
After that same process was repeated in another PC (same project, same keystore, same password) and successfully generated app bundle. But Google Play did not accept it and showing error:
App bundle was signed with wrong key. Choose appropriate key: SHA1: C9:AF....
I tried different ways to solve this problem:
Tried to create app bundle on Windows and MacOS machine. Could not try on Linux machine because there are no Linux machine available
Besides the app bundle trying to create the apk which was generated successfully, but when uploading Google Play showed error: signature is invalid
Developer who owns Linux machine is leaving project and we need to generate app bundle in another machine.
What is the reason for this problem if app bundle is created by same keystore and password? How can I solve this problem?
I'm pretty sure even though you think it is being signed with the same keystore, you have made a mistake somewhere. You can check this for yourself though. App Bundles are just signed using the same scheme as jarsigner. So you can print them using keytool.
keytool -list -printcert -jarfile mybundle
If the values are the same for the bundles produced on both PCs then they are signed with the same key in the same keystore. Otherwise you are doing something wrong. Maybe using a release key on one, and a debug key on another, or the keystore has two different keys with different names. Or maybe you think you are using the keystore when you aren't.
Google play accept the apk generated by same keystore file. So please check you have made some mistake. Use the previous keystore and compare it with the current one to check and verify the SHA! and SHA256 Signature
if upload an Application on play-store with one Keystore you don't need to create another keystore for the same project, just use the same keystore for your next version uploading.
NOTE: Google not allow to create multiple keystore for same project.
Remember the selection of signature of version what you selected. this must be the same for your next release.
Asking here because I have scoured the web and haven't found a tutorial that is simple enough for me to understand. I am trying to create a local web server with https so that I can access the camera stream from my phone. For my web server I am using Node.js on a windows machine. I am accessing my web server from my phone using my computers local IP address. I don't have a domain name. I'm not trying to make a fully fledged website, just a demo for a hackathon.
I have tried LetsEncrypt but during the setup for win-acme, it asks for stuff like what kind of certificate I want to create and what is the web root, and I'm not sure what to put there (localhost? my ip address?). When I try to follow the instructions on this SO question, I tried the command
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
but I don't know where the .key and .crt files went. Can anybody provide a simple and easy to understand tutorial on what to do? This is my second time running into this problem and it seems like nobody around me knows how to solve it either.
Hi Im working on a system where the user can store important information on a website.
Using Ws2012, and IIS8
Im using EFS to encrypt the data in normal files.
It need to be secure from the Admin on the server. (at least make it difficult to get the information)
The files need to be en/decryptet in-flight.
It's actually working fine. Just by setting the folder as EFS and then the files saved by IIS are encryptet and the Admin cant get the content.
So far so good.
Problem: But if the IIS is reinstalled, or the server needs to be rebuild/reinstalled then the files are not avalible for the "new" IIS, as the certificate is different.
Normally I can login as a user and backup the EFS certificte, but how do i do this with IIS.
The idea is to have only one Admin (super trusted) to export the certificate and keep it safe. So all the "normal" admins cant get to it.
So after a rebuild of the server the certificate can be reinstalled and the new IIS can access the files Again.
I have looked at several ways to get the certificate, but all explanations / examples uses a local logged in user, and not a "service" user like the IIS uses.
There could be 2 ways:
One is when creating the site, a certificate would be installed for the IIS to use. This way export is not nessesery, and all sites uses the same certificate. But How?
Second way is to export the certificate the IIS uses, but How?
Hopefully this is a simple task, i just can't find it.
Regards
Jesper
I have thwte certificate to sign my InstallShield setup. When we updated our certificate this year, it now depends on intermediate certificate "thawte code signing ca - g2".
We fear that many of our customers might not have this intermediate root certificate installed (in fact our own build server did not have it and so build had started to fail after renewing the certificate) and thus they will get the "unverified publisher" error.
What is the best practice to distribute that intermediate certificate? Is there any way to change the certification path so that it just depends on more common "thawte code signing ca"?
I would greatly appreciate any help.
Thanks,
Sanjay
I finally figured out the issue. It turns out there is an option to include certificate roots in the pfx file when you export it. Following is what i followed on my Windows machine where I had installed the certificate that i got from thawte.
1. Open certificate store from Start->Run->certmgr.msc
2. Export the certificate.
3. Ensure to select to include private key as well.
4. Then you get an option to include root certificates - this is unchecked by default. Check it.
Micrsoft has a trusted root program that current contains the following memebers:
Windows Root Certificate Program - Members List (All CAs)
For applications distributed to the general public, the best practice is to get a code signing certificate backed up by one of these roots. For internal enterprise applications ( IT, DoD ectera ) you can use others provided that you have a means in place of distributing the roots for your cert. InstallShield cannot currently do this directly but it's possible using custom actions that call CAPI / CAPICOM / .NET X509 classes.
BTW, when you look at the certificate details, look all the way up to the first entry to know who the root is. For example my cert says COMODO Code Signing 2 but then above that it says USERTrust. When I view the USERTrust certificate is says "UTN-UserFirst-Object". That name is then found on the Microsoft web page linked above.