I'm have compatibility issues with WebRTC implementation and our Oracle (AcmePacket) SBC. I think I could work around the issue that they confirmed and will fix somewhere next year, by using a certificate that is signed by a CA for DTLS.
I have been looking around but couldn't find any reference: would it be possible to load my own RTCCertificate from a file?
I know that from a security perspective this is a bad idea, but it's for a proof-of-concept application, and by the time we would use this in production, the bug on the Oracle SBC would be fixed OR we can run rtpengine inbetween which would handle the self-signed random certificate correctly.
I don't believe this is possible (in the browser). RTCPeerConnection does allow you to pass a certificate, but can only be generated using generateCertificate
Running a bridge I think is your only option in this case unfortunately.
Related
I am using HTTPRequest node to make requests using TLS. Is there a way to skip certificate validation (checking the certificate chain, the expiration date) with standard IIB settings? I know this is risky.
In order to do this kind of things, there is a lot of workaround, but they are not that easy and quite horrible. I would suggest you to use a JavaCompute Node, using unix curl/wget commands for example (if running on Unix), or any other solution that is working on Java.
But I can confirm, you cannot use the default IIB nodes (like HTTPRequest) for this purpose.
According to this, you have to handle the exception yourself because IBM will not provide you a flag since it is a major security risk.
I am trying to monitor a https URL using VirtualUser Generator, I have the pfx certificate of the user which is used to login as a user on the portal. I used the Openssl utility with Loadrunner to convert the same to PEM and used web_set_certificate_ex on my script but still I see the script demands user certificate for the user. Please help...
I am trying to monitor
I don't know exactly what you mean by trying to "monitor" the URL using vugen but the latter part of your question sounds like you're trying to record a script and play it back. Since this is generally the function of vugen I'll answer this question. I'm also going to assume you're recording in the web/http protocol and not something like truClient.
Here's the thing - vugen will generally take care of the certificate exchange for you. The primary exception to this is mobile testing. I also actually made the same mistake I think you're making when I first started perf testing. I spent quite a bit of time futzing with certificates, but that is generally unnecessary.
You should make an attempt to record a very simple script, like login, and play it back. If it works, you're set. If you happen to be testing a middleware application you should consider recording in clear text and adding an 's' to your http:// URI.
Very simple advice, but if I understand the nature of your inquiry, it should work.
Try recording without certificate and see weather you can see the request bodies, if not, then you can think of placing client certificates also make sure you are using the right socket, SSL version and cipers to record the application.
Sometimes this appears, sometime not. Its since two days in former good running apps.
CurlException: 60: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed thrown in
With a former Version of the php SDK, I disabled CURLOPT_SSL_VERIFYPEER generally besause that never works. But the last two versions, now its the newest, worked until yesterday.Shout I disable something again? Is it the same method in the actual SDK? Writing from home, can't look inside.
Is it a message from the cert coming with the sdk or are that problems with the cert of https on my server?
You shouldn't disable CURLOPT_SSL_VERIFYPEER because of the security implications. The PHP SDK usually contains the needed certificate, but in your case it seems to have problems.
The best way to solve it is:
Download the Facebook SSL certificate here
Put it somewhere accessible by PHP
Tell the Facebook PHP SDK to use it:
Facebook::$CURL_OPTS[CURLOPT_CAINFO] = '/path/to/fb_ca_chain_bundle.crt';
I just ran into this same error (coworkers didn't have it) and the solution was to download a new copy of the Facebook API SDK from https://github.com/facebook/facebook-php-sdk. Apparently my version (and the certificate) was outdated.
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.
I need to see how a web application will work with HTTPS. But I can't really find much information around about it. I tried to set up my local Apache but I can't find a CA autorithy to sign my certificate... Hints? Suggestions?
The possibilities to consider are:
Generate your own certificate (self-signed certificate)
Get a certificate issued by a known issuer
Get a certificate issued by an issuer not recognised by the browser
Nr. 1 is probably the most widely used solution. You can find instructions here. The only disadvantage is that browsers will complaint about the unknown CA. In Firefox, you can just add a permanent exception and get rid of the warning. (Neither Chrome nor Internet Explorer seem to provide such option.)
Nr. 2 normally costs money so it isn't a popular choice for dev environments.
Nr. 3 can be obtained for free (see https://www.cacert.org/) but they also trigger a browser warning. A difference with nr. 1 is that you have the possibility of adding the CA to your browser's trusted authorities; however, that's a serious decision that requires serious consideration because of its security implications. In general, I would not recommend it for mere testing.
Self-signed certificates (as already mentioned) are probably the easiest option for a single host.
If there are a few hosts, you could create a mini CA of your own. There are tools for this, for example:
CA.pl: a script provided with OpenSSL.
TinyCA: a tool with a GUI.