I need to sign jar files using Google Cloud HSM. The standard tool for signing jar files that comes with the JDK is jarsigner. I see that AWS Cloud HSM has documentation on using AWS Cloud HSM with jarsigner to sign jar files.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/keystore-third-party-tools.html
However, I could not find any documentation directly addressing how to use Google Cloud HSM with jarsigner to sign jar files. If there is no native support for this in Google Cloud HSM, what would be required to make jarsigner work with Google Cloud HSM to do the jar signing? Any pointers are welcome.
Related
My Google Cloud (load balancer, certificate, etc.)configuration has all of the required steps completed but the certificate is still provisioning.
I fixed it. The solution is to create a domain mapping and DNS record using the gcloud tool instead of Google Cloud Console.
I'm in the process of implementing IdentityServer4 into my ASP.NET Core web application, which will be deployed to a Kubernetes cluster using Continuous Deployment.
The documentation talks about adding signing credentials (AddSigningCredential) and most tutorials/guides demonstrate how to use this by loading a .pfx file from the file system, or by using the local certificate store and searching by the subject name.
Is there a commonly accepted way of storing, retrieving and rotating the signing credentials when deployed to a Kubernetes cluster with minimal intervention?
I think using a secret is the best option in Kubernetes.
K8s have a secret kind that can be deployed with other ressource, here is a link to the official doc: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/
Or you could also use another secret manager , like Vault.
If I am not mistaken , I think it's the best practice.
I looked around IdentityServer4 official GitHub for configuring signing credential (certificate) for production, but i can't find any example. Specific thing for my environment is that it runs on Docker, so i need a cert to be generated in runtime for Linux machine, and then used for validating tokens.
In development mode i use AddDeveloperSigninCertificate helper in Startup.cs and it does the job, but i need a cert for production.
Did anyone have same issue?
Thanks!
Is it possible to crawl S3 file encrypted using CSE-KMS in AWS Glue? I know that Athena can do that, but haven't found similar functionality in Glue crawler
I do not think AWS Glue supports reading from client-side encryption. They have just added server-side encryption support, which is much simpler to support compared client-side encryption.
Glue Does not support Client Side Encrypted data. It only supports AWS KMS-managed keys (SSE-KMS) or Amazon S3-managed encryption keys (SSE-S3). these are the only two currently available in encryption models in Security Configuration in Glue [1].
[1] https://docs.aws.amazon.com/glue/latest/dg/console-security-configurations.html
We are trying to integrate Xero API in our web system, however, we are experiencing a particular problem which has not been responded at Xero forum pages, therefore, I had no choice to share it here.
It is a partner application integration and it requires to have some certain files & password within the software.
We have generated the .p12 and pfx files and addressed in the configuration file.
We have downloaded the wrapper solution from Github which is officially supported by Xero and all we did is to change the settings in the configuration file and run the Console App which is named "Xero.Api.Example.Counts" and OAuthTokens.css class throws an exception which is IIS 7.5 Detailed Error - 403.7 - Forbidden.
This response is generated from Xero API and we can retrieve more information in detail as "The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes"
The certificates are confirmed by Xero and we are using the correct Consumer Key & Secret in the configuration file.
We have also tried some other simple solution which does talk to Xero API using the partner application that has got the same result.
Is there any advise that you can share with us? Thank you
Install the certificates on your client machine and then use them.
For Partner Application of Xero, you need
Xero Entrust Certificate - Called Partner Certificate (issues by Xero)
and Signing Certificate - Generated by yourself and registered with Xero.
The Client Machine where you are trying to connect, you need to install these certificates in the Certificate Store.
If it is Windows, you can find instructions to install certificates over here:
Instructions