I am developing .Net Core 2.1 Web App and a Xamarin Android app that communicate with each other using SignalR. When running the web app on my machine I need to change the app url from localhost to 127.0.0.1 so I can access it from the android emulator.
The issue is that when i change the url IIS express still uses the localhost certificate and SignalR doesn't trust the site and cant connect to hub. I have created a self signed certificate for 127.0.0.1, but IIS doesn't use that one.
Is there a way to force IIS express to use specific certificate? Or can i redirect 127.0.0.1 request to go to localhost instead?
Related
I have a desktop bridge app which uses a worker service to host a PWA and WebAPI with Kestrel over https
User runs the worker, and browses to the service from ff/chrome/edge
This works fine in development as the development machine has a trusted certificate installed
However, when I package it up and deploy to test machine, there is no cert and the app crashes
So, how what is the best way to do this?
Options
Bundle a cert with the app, install it in the containers local
store? How would this work with the browser, which wouldn't trust the
cert as its not installed in the browser users context
Buy a cert from a CA. How would I distribute it?
Magic UWP trusted certs I can add to kestrel?
So, it seems you can't
In 2015 certs can not be issued to IPv4 or IPv6 address and must be a FQDN with a public top level domain
TLS is not just about encryption, but also identification, private ips can't be publicly identified
And PWA's need https to work, so options..
Self-signed certificate, which won't be trusted and show the user a
nasty message
Publicly host the PWA and certify that domain, then
call back to the loopback address 127.0.0.1 over http to communicate
with the running worker, this is considered secure. I have done this
and it does work, but means my app can only communicate with the user
on the same machine
There are other options that need you to have control of the network dns - which I won't have
I have a MERN application.
My client is hosted by Netlify.
My server is hosted by Heroku.
And how can I provide SSL for my web app? Do I need SSL certificate only on my client or only on my server or client and server? I don't fully understand this moment.
So,
I currently have a net core web api running in a windows VPS (amongst other things). When I make requests to this api, I would like to do so using https. It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP).
The https API is on xxx.xxx.xxx.xxx:443
The net core application is published into a self-contained package and run as an .exe (i think using IIS express)
Ideally I would like to use a free SSL cert from something like zerossl.com or any viable alternative you may suggest
How can I go about making it so that if I access xxx.xxx.xxx.xxx:443/api/values, I get a secured icon in my browser?
Thanks
It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP)
It is impossible to bind SSL Certificate to IP address.It must bind to domain.
I want to build a desktop app, which accepts triggers from the browser (my web application runs in https). As a solution i have implemented self hosting web api with OWIN which uses self signed certificate.
Registered the certificate for https using netsh command
netsh http add sslcert ipport=0.0.0.0:4443 certhash=40514d4576059d0c1c205c7b820cc0a407915b65 appid={163ea903-b9fd-4019-9c5c-7cdf158111a6}
Now when i try to send http request, browser complains that the certificate is not valid.
https://localhost:4443/api/download
Is it possible to create/buy valid certificates for localhost? (my app will be running on different user machines) Is there any other way i can solve my situation ( solving browser to local app communication)?
Basically i found that we cannot self host webapi in https. Because we cannot get a SSL for localhost, browser will not allow http request to that.
We have a HTTPS RESTFul service running in IIS. We are able to successfully call it using the browser. However, when we call the service from a worklight adapter, we are getting the following exception:
"javax.net.ssl.SSLPeerUnverifiedException"
The worklight adapter was working perfectly fine when we were using HTTP instead of HTTPS.
We have followed all the steps mentioned in the documentation:
Create certificate using keytool in the IIS server. Bind it to the RestFul service.
Exporting the public key to a .cert file
Importing the file into Worklight keystore
Mentioned https as the protocol in the adapter.xml.
We have even verified the default.keystore of the worklight, it is matching with the certificate present in the IIS server.
We don't need mutual authentication. We just want to use SSL in the RestFul service deployed in the IIS.
Thanks,
Pavan
You forgot to add the certificate to your device's trust store. Since it is self signed, devices will not trust them by default. To do so, follow the steps here for your device's OS: http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.installconfig.doc/admin/c_ssl_config.html?lang=en
Specifically, look at this for iOS and this one for Android.