I have simplesamlphp working with a production site. There are three forms of credential used: a cert file and pem file in the same folder, and a string from a pem file provided by the government active directory folks, which is inserted in the the meta file saml20-idp-remote.php. In getting SAML working with this site when assigned the task, all 3 files were already present.
Now I am needing to get SAML working with the staging environment, as well. I received the file that's content gets inserted in the meta file. What I cannot figure out is what the source of the other two files would be, and whether they would be unique for this environment or the same as the production environment.
These are the SAML signing or encryption certificates for your installation and you can generate them yourself. They are unique per environment. See the manual for how to do this: https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_1_1
Related
Currently, I am working on a web app. The backend would frequently communicate with the Docker Engine API and I am using certificate signing (client/server key) to authenticate. However, where should I store the certificate PEM file? Should I store it in the database, or should I store it as a file then store the file path in the database?
Storing into a database would mean that I have to access the database every time there is a command being sent. Am I correct?
I feel storing the PEM files on disk would be less resource-intensive. As you have stated, if it is stored in the database, you will need to make a request any time you wish to access it.
If you do store the PEM file on disk, ensure it is not within a web-accessible directory e.g. nobody should be able to goto https://yourapp/your.pem file
From within a Dynamics365 CRM (in the cloud) plugin code base (in C#), I need to call an external web service that is secured with a X.509 certificate.
I can easily call that web service from a command line utility I created, and I can provide the certificate (loaded from a .pfx file on disk) and everything works just fine.
I have also managed to store the certificate into a newly created Azure Keyvault - but that's where I'm beginning to experience trouble.
In order to access the Azure Keyvault, I need to have some kind of an Azure AD app registration or something, and I need to add some kind of "application identity" to that app registration so that I can grant that "system identity" access permissions to the keyvault. But how do I then access the Keyvault to fetch the certificates from my Dynamics plugin code? I'm not seeing the solution for all the possible options, config settings, permissions and what not to consider....
Does anyone have an insight to share? Blog post with a code snippet to point to? Anything to get me a step or two closer to making this all work?
Or is there a totally different approach I could take to make those certificates available to my plugin code in a safe, secure fashion?
1)
You can store encrypted (e.g AES256) pfx as base64 format in some entity as multiline tex field and in plugin retrieve that record , base64 data convert to bytes then to x509Certificate2 object
2) you can store encrypted (e.g AES 256) pfx as web resource and retrieve web resource in the plugin
I am using tfsbuild 2010 this arguements "/p:VisualStudioVersion=12.0;ToolPath="C:\Program Files (x86)\MSBuild\12.0\Bin"" to build windows store app. There is no issues in signing packages when using a test certificate with no password.
But it fails with below error for a certificate from third party with password.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\AppxPackage\Microsoft.AppXPackage.Targets(1781,9): error APPX0105: Cannot import the key file 'XXXX.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user’s personal certificate store.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\AppxPackage\Microsoft.AppXPackage.Targets(1781,9): error APPX0102: A certificate with thumbprint 'XXXXX' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
I have imported the certificate to personal certificates and also to trusted root certificate authorities, still no luck. Is there anyway I can pass in the password? Or if there any better way to resolve this issue?
I had the same problem (not with TFS but with a dedicated build machine). In my case i tried to import the certificate with a different user than i was building with. Importing to the whole machine did not seem to work for some reason. I specifically signed in with the "building user" and imported the certificate from there.
I am not able to upload a .p12 for APN. and this is the error message I received. Any idea what cause this error?
SubCode=40000. Failed to validate credentials with APNS. Error is The credentials supplied to the package were not recognized..TrackingId:b18f483e-6285-9d5b-895c-12e2fcc26dcf_M1_G12,TimeStamp:4/21/2014 3:16:19 AM
I was having the same issue while uploading the certificate on the backend and finally found the solution after lot of struggling. Do the following:
Select keys from your keychain
Locate desired push private key
Click the small arrow to expand the key & profile
Now select the certificate only (this is a crucial step) no both the key & certificate ONLY SELECT CERTIFICATE and click for export
Set password for your exported certificate and upload
Have a look at this picture for reference:
This is an old question but I thought I would post something that worked for me as well. Seeing as the .p12 file was created by another part of our company I was not able to get the .p12 file re-exported in the correct manner.
Instead I imported the .p12 to my local certificate store (windows) and then re-exported as a pfx.
Take a note of where the certificate is stored
Then, Use the MMC tool to view and export your certificate, making sure to export the private key as part of the pfx.
(You should probably delete the certificate from your local machine after the export is complete.)
After that you should be able to import your new pfx file into azure via the portal.
I need to create a Web Role in Azure with an https endpoint with a real SSL certificate (not self-signed). So I need my own domain, which I have, and have pointed it at my "me.cloudapp.net" URL via a CNAME in my hoster's DNS.
I have purchased a certificate for that domain also. I need to upload that into my Azure portal for the web role, but I can't - Azure gives me an error when I try.
The certificate came in the form of 2 zip files (I'm new to buying certs). One zip has 3 .crt files, and the other has 1 .cer file. Azure requires a .cer or .pfx, so I tried the .cer. It fails with the error "The certificate is not valid, or the password is incorrect."
There is a .crt file in the zip folder that has 3 files that has the same name as the .cer file. If I change the extension of this .crt file to .cer, it will upload, but when I try to publish my deployment, I get the error
"Certificate with thumbprint 3329398FB72BFCC7EF89C90B950D722C6047C2A1 associated with HTTPS input endpoint EndpointForThat does not contain private key. The long running operation tracking ID was: 010a29856c1948f39e71620446223b4e.".
You have to first complete the certificate request process on the machine from which you initiated the request. The process for doing this varies by technology stack. Here is a page from Comodo on how to install certificates on various platforms.
After you have completed the request on the machine that initiated it, then you can export the certificate. That new file is what you need to upload to Azure.
For HTTPS endpoint you need to upload a PFX file.
PFX file is combination of Private Key + Public key.
What you have now is
.cer - public key
.crt - private key
You need to combine the .crt file that matches the name of .cer file into a single .pxf file.
Check this SO question and its answers to get it done.