The certificate provide me with the files mentioned above but I don't remember how to create a certificate file to install on iis, I remember using the openssl tool
Related
I want to sign an apk file using keytool , I have a public certificate .cer file and a private key .pem
I used to use the android studio wizard to sign apk , now I have no idea how to do it.
You can't sign an APK with keytool.
You can use jarsigner (doc) or apksigner (doc).
I highly recommend you sign with the latter (apksigner), since it has additional protections, is faster and is the recommended approach by the Android team.
apksigner is distributed via the SDK Build tools which you can download using the SDK Manager.
Then, the command line is:
apksigner sign --ks keystore.jks app.apk
where:
"keystore.jks" is the path to your keystore.
"app.apk" is the path the APK you want to sign.
You'll be prompted to enter the key alias from the keystore, then the password of the keystore and the password of the key. You can also enter those values on the command line if need be, e.g.
apksigner sign --ks keystore.jks --ks-key-alias AndroidDebugKey --ks-pass pass:android app.apk
I am working on an embedded Linux IoT device that utilizes the aptitude interface for doing its package downloads. The packages are stored in a Debian-type Artifactory repository. This is all fairly straightforward, and Artifactory even gives you a handy guide for what deb line to add to your sources.list. Where I'm getting stuck is when calling the normal apt get update, it will fail for the CA certificate:
error setting certificate verify locations: CAfile: none CApath:
My understanding is that I need to store a .pem file somewhere, but I am not sure where that comes from (or even what to appropriately Google here). Is this something that is generated by Artifactory, or generated on the client device itself?
Is this perhaps what I'm looking for?
Using openssl to get the certificate from a server
Some times wget will refuse to download the specified file. Adding the --no-check-certificate, I am often able to download the file anyway.
1) Briefly, what is this certificate which wget checks by default? How does it perform this check?
2) Does the need of --no-check-certificate for some particular URL vary from machine to machine? That is, if I'm able to download some file using wget www.website/file, can I be sure that my friend using some other machine can do the same, also without the --no-check-certificate option?
When hitting a website that is secure (https) wget will attempt to validate the certificate. In order to trust certificates, wget would need access to a certificate store which is essentially an SSL directory to store trusted certs (see here for more info: https://wiki.openwrt.org/doc/howto/wget-ssl-certs) This can be bypassed as you have seen by using the --no-check-certificate option
Using the --no-check-certificate option should work regardless of which machine you are using wget from.That option is specific to the wget program itself and is not machine dependent
I don't understand why, in every tutorial or book I read about authenticating clients to servers using SSH keys, they recreate the pair of SSH keys?
Isn't the pair already created when you install ssh client? like in ubuntu, after doing: apt-get install ssh openssh-client, when you go to /etc/ssh, you find your keys!
So why regenerate them? and why ssh-copy-id doesn't use these keys, in /etc/ssh directory?
Thank you
Isn't the pair already created when you install ssh client?
No, it is not.
like in ubuntu, after doing : apt-get install ssh openssh-client, when you go to /etc/ssh, you find your keys!
These are not authentication keys, but server host keys. If you would install only openssh-clients, these keys will not be created. They are created only if you install openssh-server!
So why regenerate them? and why ssh-copy-id doesn't use these keys, in /etc/ssh directory?
Answered above. They are not authentication keys, but server host keys. Authentication keys are per-user and in your home directory (~/.ssh/).
I'm trying to use gSoap to connect to a web service secured with https. However, when I run wsdl2h with an https url, it throws the following error:
Cannot connect to https site: no SSL support, please rebuild wsdl2h with SSL or download the files and rerun wsdl2h
I'm building on Fedora Core 14. I have installed openssl-devel and zlib-devel using yum. What have I missed?
By default wsdl2h is built without support for SSL. The README.txt file in the wsdl code folder of the gsoap distribution contains the following:
USING SSL FOR HTTPS TRANSFER OF WSDL FILES
You must build the WSDL parser with 'make secure' to build an
SSL-enabled version of wsdl2h that can access HTTPS secure sites.
If you don't have OpenSSL installed, you cannot build an SSL-secure
version of wsdl2h. In that case we recommend downloading the WSDL and
schema files for processing with the non-SSL-enabled wsdl2h tool.
So you need to either download the .wsdl file manually and run you existing wsdl2h on it or rebuild wsdl2h with make secure so that it knows to include the SSL libraries and support for https.
Well, at least with 2.8 "make secure" just does not work.
The trick is to define BOTH CFLAGS and CPPFLAGS to be -DWITH_OPENSSL, and LDFLAGS to be -lssl like:
CFLAGS='$(CFLAGS) -DWITH_OPENSSL' CXXFLAGS='$(CXXFLAGS) -DWITH_OPENSSL' \
CPPFLAGS='$(CPPFLAGS) -DWITH_OPENSSL' LDFLAGS='$(LDFLAGS) -lssl' ./configure \
--prefix=/usr \
--exec-prefix='$${prefix}' \
--mandir='$${datadir}/man' \
--infodir='$${datadir}/info' \
--enable-ipv6 \
--enable-samples
I solved the problem by building wsdl2h.exe using Visual Studio 2005 and run the script with the new wsdl2h.exe I compiled.
The project location in gsoap (2.8.17) is "gsoap-2.8.17\gsoap\VisualStudio2005\wsdl2h"
I had to add 'WITH_OPENSSL' in preprocessor of project properties.
Also, I had to add some include and lib directories and some .c files in the project to resolve compile errors.
The point is to build wsdl2h.exe using 'WITH_OPENSSL' option. That will resolve the issue.