When trying to delete certificates in Xcode, there is a dialogue pop-up that says Write permission error
I am looking to delete these old certificates to add new ones. It seems they must be deleted in order to use the new certificates that were generated. Is it possible to delete these?
Related
From time to time I run into this error when trying to get a Let's Encrypt certificate via the acme.sh script.
Sometimes it's the first time trying to get a Let's Encrypt certificate, and sometimes it worked previously but now suddenly doesn't work.
The error message is similar to:
domain.com:Verify error:Invalid response from https://example.com/.well-known/acme-challenge/1kSTnls6_vcku98gwLEUMQNnbl1cSY1pdBrPi7sJdos
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Adding the --debug option, reveals some log entries similar to:
Changing owner/group of .well-known to username:nobody
chown: changing ownership of /home/path/to/example.com: Operation not permitted
What's the solution?
Hopefully this will save others some time googling, or poring over the documentation, or reading through the closed GitHub issues.
First thing to check: does the website folder have an .htaccess file in it?
(By "website folder" we mean where the actual website files are stored, such as /home/youruser/public_html/path_to_your_domain.com
(Note that dot files like .htaccess are hidden by default in CPANEL file manager, so you might need to use an FTP app to check - or enable showing hidden files in the CPANEL file manager (there is a Settings button at top right))
If so:
a) Rename the .htaccess file (to .xxxhtaccess or etc)
b) re-run the acme.sh script
c) When successful, rename the .htaccess file back again
Some References:
acme.sh GitHub Issues
acme.sh Documentation
I and another guy are developing an add-in project for PowerPoint using C# and VSTO. Our project is being kept in a repository and every time when one of us gets a newest version from the repository, updated by another one, he gets a compiler problem with signing. Up to now, we solved this compiler problem by generating a test certificate on the corresponding machine every time after updating from repository.
My question is: Is it possible to avoid somehow this every-time generating of a test certificate after taking the solution, compilable on other machine, from the repository in order to have it compilable on both machines?
We tried everything:
We used the same .pfx file for both of our PC's (i.e. we sent this file to the repository).
We tried to uncheck the checkbox "Sign the ClickOnce Manifest" in the Properties window of the Solution and to remove the .pfx file at all.
We tried to use our own .pfx files with putting them into the ignore list.
But there was no result!
We have a similar scenario and we are doing the following:
'Sign the ClickOnce manifest' is signed with a locally generated .pfx key that is checked into the repository.
The assembly is signed with a strong name key.
On the build server the manifest is re-signed using the company's digital certificate for deployment using the instructions provided in this article - http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx
Let me answer my own question. The solution is probably found. The steps are the following:
One developer should generate a new .pfx file defining the password. As a result, he can already develop the add-in correctly, on his machine; but other developer still can not, on their machines.
Using the same tab of the project's "Properties" window, this developer has to select the same .pfx file with the "Select from File..." button, giving the password.
The .pfx file should be sent to the repository (i.e. one shouldn't include it into the ignore list). As a result, other developers will not be required to generate anytime other .pfx files anymore.
We are ready!
The "magic" is that knowing the password by all developers is crucial. When the .pfx file is added to the project as it is described in the item 2, it means that all developers know the password.
This is a follow up to this issue HERE.
After creating new ssl certificates, I created new certs specfically for PayPal use. I have three certficates in play for PayPal which are the private key set to 440, public key set to 644, and PayPal key that I downloaded after uploading the public key, and that key is also set to 644. I also copied over the Cert ID.
All keys are being used as proven by my logging, however I am getting the infamous:
"We were unable to decrypt the certificate id"
There shouldn't be any copy paste issues (as I've seen others discuss) since I downloaded and uploaded everything without needing to copy/paste anything.
I am miffed at to what could be the problem. Any ideas?
This is resolved. The issue was just a configuration mis-step. I still wonder why and wonder if it is safe to allow a www-data readable on one of the private keys.
I am having a strange problem which I've googled and googled with no result. I'm attempting to setup a certificate for a wcf service application on windows server 2008 R2. I've imported the certificate into the localmachine personal store, and I'm getting the dreaded
"Keyset does not exist...the certificate ... must have a private key that is capable of key exchange. The process must have access rights for the private keys."
I have tried to set the permissions on the private key, using the "Manage private keys" option in mmc, also tried setting the permissions on the private key file manually that is located in C:\programdata\microsoft\crypto\rsa\machinekeys. I verified I'm modifying the right file by using the findprivatekeys tool, and also tried using the WSE X.509 Certificate tool. For sanitys sake, I even gave read access to "Everyone" on the file, still doesn't work.
Is there something I'm missing here? I'm using IIS7 and I normally give access to the file for the IIS_IUSRS group. All of this has worked fine in other testing on VMs. I've even used the exact same certificate on other machines, and they work there...
I'm lost...The one thing I've noticed is that if I edit the permissions in the 'manage private keys' dialog, the security settings changes don't reflect when I look at the permissions for the file, and vice versa. Where else could the file be? Regardless, I gave max permissions from both places with no luck.
Not sure what was going on here, but over the course of testing, the permissions on the MachineKeys folder was drastically modified - so I removed permissions for all the users listed there except the Administrators group, deleted the problem certificate (through mmc) and re-imported it again. Then, I added IIS_IUSRS read and execute permission only for that private key, and I seem to be back up.
On a related note, I was using aspnet_regiis -pi to import a key pair for something else, which was failing with "Safe handle was closed." Fixing the permissions on the MachineKeys folder fixed that as well...
I have created my own key (public/private) via keychain access.
But my company already have created a provisioning profile and developer certificate,which i downloaded (after logging) and installed it in my Xcode and iPhone as well.
But when i try to run on iPhone,it says "There are no valid certificate/private key pairs in the default keychain".
I have also set bundle identifier name correctly in info.plist,but what am i doing wrong?
Is it that i should somehow add my own mac key pairs to somewhere as to match it since it is already created by company?
Could anyone help or suggest where m i going wrong,i have searched forums they all are simply not matching my problem and misleading other ways.
Thankx in advance.
You need the private key for the developer certificate that you have downloaded. The error "There are no valid certificate/private key pairs in the default keychain" means you don't have the private key.
You say "my company already have created a [...] developer certificate", which sounds like they have created a developer certificate for you. If that is the case, they need to send you the private key because you won't have this by default.
Generally it should be up to each individual developer to make a certificate signing request and gerenate the development certificate in the provisioning portal. There's no reason for the company to do that for you.