I've follow Configuring the MobileFirst Server Keystore.
However the app still able to direct update even the public key is not included in the app.
Is that any steps I missed out to enable the secure direct update?
Related
We would like to improve security for our app, so we want to restrict SSL/TLS protocol 1.2 or higher version.
Our app detail:
Standard App Engine
Configured Custom Domain
Use Google Managed SSL certification
Not use Load Balancer
For the current config, the app engine supports ['TLS_1_3', 'TLS_1_2', 'TLS_1_0', 'TLS_1_1'] protocols.
We want to keep it simple, so don't want to use Load Balancer or self managed ssl certification.
Is there any solutions for this case?
If you want to use Google-managed certificates, to change the minimum TLS version or restrict some cipher sets, then you'll have to contact Google Cloud Platform Support to ask for that change.
Refer to this link and click 'File a case' to ask for these changes.
We are using Mobilefirst 7.1 for hybrid application. We have implemented certificate pinning in the application. The certificate got expired and we replaced it with the new one. But the application is taking old certificate from Application cache and it is blocking the application to connect to server. After we remove the app cache and app data the application is working fine. Kindly suggest any solution for this?
Can you check if you have kept the same public key as before. Otherwise you will have to release a new version with the renewed certificate. Check this link for further details
We have a HTTPS RESTFul service running in IIS. We are able to successfully call it using the browser. However, when we call the service from a worklight adapter, we are getting the following exception:
"javax.net.ssl.SSLPeerUnverifiedException"
The worklight adapter was working perfectly fine when we were using HTTP instead of HTTPS.
We have followed all the steps mentioned in the documentation:
Create certificate using keytool in the IIS server. Bind it to the RestFul service.
Exporting the public key to a .cert file
Importing the file into Worklight keystore
Mentioned https as the protocol in the adapter.xml.
We have even verified the default.keystore of the worklight, it is matching with the certificate present in the IIS server.
We don't need mutual authentication. We just want to use SSL in the RestFul service deployed in the IIS.
Thanks,
Pavan
You forgot to add the certificate to your device's trust store. Since it is self signed, devices will not trust them by default. To do so, follow the steps here for your device's OS: http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.installconfig.doc/admin/c_ssl_config.html?lang=en
Specifically, look at this for iOS and this one for Android.
I'm getting the above mention error when my client update their device to iOS 7.1, and then try to update our app from the AppCenter.
After some searching, i found a post with a similar problem here. But then since i'm in an environment where by the client is using AppCenter to update the apps, i can't be using USB to plugin and install the app for them.
Is there any workaround for downloads via AppCenter until a support is released?
A change was introduced to iOS as of iOS 7.1 that requires OTA application installation to take place over HTTPS (rather than HTTP), and no provision exists to allow the user to continue to accept the old behavior (i.e., to permit application installation over HTTP). It is my understanding that this was done as a security enhancement.
In order to do application installations on iOS 7.1 from Application Center, you would need to configure your Application Center to use HTTPS rather than HTTP, using a certificate that will be accepted as valid by your iOS device - that is, either issued by a recognized public CA, or issued by a private CA that you have set up your mobile devices to accept. You can find more information about how to perform this configuration here:
http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html
I would add some details. (Just work out this question)
We use self developed app center for our customers, to distribute demo/report apps.
You need SSL certificate. (see the post above)
You can buy any kind of public certificate . In some cases you can use self signed certificate previously installed on iOS device by Apple Configurator.
It seems that you don’t have to use https everywhere. Secure URL (https) must have a link to .plist only. The app center web site url and package .ipa url can still be under http.
… and shame on Apple that invents new ways to make developer life hard.
I can't for the life of me find how to configure client certificate validation with Heroku SSL endpoint. Is is supported at all? Is there an alternative add-on that does support it?
I asked their support about this and this was their answer: https://help.heroku.com/tickets/128194
So it would appear that server side verification of client certificates isn't supported by heroku right now if you rely upon their web server. I.e. having a server hosted on heroku check the client certificate provided by the connecting client. This requires a check at the web server level.
However I did come across this for nodejs:
https://www.npmjs.org/package/client-certificate-auth
which would lead me to believe that for nodejs is should be possible, since you have full access to the http(s) server. I haven't tried it though