I seem to be having a problem with uploading a wildcard go daddy ssl certificate in the domains section in IBM Bluemix. If I upload without the intermediate certificate it seems to upload fine. But with it it times out (with error BXNUI0068E: The operation on the client timed out. Try again later.) and the upload is incomplete.
Any advice?
So it seems like the zip file from GoDaddy has a corrupted intermediate certificate.
After talking with #carlosTweets he suggested it seemed like the zipped certificates were corrupt. Surely enough compared the md5 for the zipped certificate vs the one from the repository below, both were different.
Get the proper one from their repo. Link below
https://certs.godaddy.com/repository
make sure to download the certificate with the name
"GoDaddy Certificate Bundles - G2 With Cross to G1, includes Root"
Related
SimCom SIM7600 Series use AT+CCERTDELE to delete certificates. Also here is AT+CCERTLIST command to get list certificates. Can we check the same in SIM7000?
If you're trying to verify the modem or you're hosting a domain with the IP of your modem, then you should upload your certificate and list of trusted CA's to the device in the customer folder. You can then set them with the AT+SHSSL command.
If you're just trying to make HTTPS requests you don't need to do anything with certificates on the SIMCOM modems. See this Gist for a walkthrough
We are developing a local server app (written in nodejs for now), used by our web site to manipulate local files and folders (browse, upload, download...).
Basically, the customer installs the nodejs app, which starts a local server listening on 127.0.0.1.
Then, when (for instance) a list of local folders is needed on the web site, a JS script queries the local server, which returns the local folders, and they are displayed on the web site.
The problem is when the web site is configured in HTTPS, the web site's JS refuses to communicate with the HTTP-non-S nodejs app.
We are exploring various options :
using self-signed certificates deployed with the app, and trusting them on the machine during install, but I feel there will be a LOT of times when it won't work
using "proper" certificates for local.example.com, with a DNS entry where local.example.com points to 127.0.0.1, but it seems that distributing private keys to the general public is prohibited by the CGU of most (if not all) certificate authorities.
Now I thought of maybe another mean. Can a "packaged" HTTPS server (written in any language, I don't care), "living" inside an exe file, which is signed with a proper SSL certificate, use the certificate of the app?
I'm not sure if I'm making any sense, I don't know certificates very well...
Thanks!
We ended up adding a self-signed root CA using certutil :
certutil.exe -user -addstore Root "mycert\rootca.cer"
Since we're adding a root CA, it generates a warning popup that the user has to accept, but it has been deemed acceptable by the powers that be.
There is a "check config" screen that can try to add the certificate again if it hasn't been properly added the first time.
There is a case when the group policies (GPO) prevent trusting self-signed certificates. In this case, certutil has a return code of 0 (the certificate is added) but the root CA is not trusted, so the local server does not work. So, after install, we have to check that the certificate is trusted using:
certutil.exe -user -verifystore Root xxx
(xxx being the certificate serial number). This command does exit with error if the certificate is untrusted either, so we parse the output for CERT_TRUST_IS_UNTRUSTED_ROOT or 0x800b0109.
I have a free domain,sayexample.ml, and I hosted my files at byethost.com. I am trying to implement free ssl on my site. I have logged into cacert website. Added and verified my domain. And now I am stuck. I dont know how to set up an ssl certificate from this stage.
A step by step explanation will be quite a lot helpful.
Generate a private key and save it in your file system safely.
Generate a CSR with it.
You can use openSSL for 1 and 2.
Refer : http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl
Get the signed server certificate from cacert.org by copying the contents of your CSR to Server certificates -> New. Save it in your file system.
You need to point your Appserver/Webserver to the location where your private key and signed server certificate is stored. Read documentation.
If it is a Apache webserver you can refer: https://techstrum.wordpress.com/2014/11/25/how-to-enable-ssl-for-ohs-oracle-http-sever/
First, you need the CSR (your public key with some information).
To generate it you have to use the tool that your server provide would be easier (such as Apache Tomcat :: using keytool, Linux :: using openssl)
Then, sending your CSR file to the certificate vendor to verify and insert Root certificate.
They will send you back certificate file.
So, you need to use this certificate file for import into your secret key which you get it from the key-pair generate process on the first step.
Finally, setup your key into your server and config some property in web server config file.
These are the concept, for the technical you need to know what platform you used and find the way to use their provided tool.
So I am trying to setup a test environment for bittorrent file tranfers with SSL protection and I am having some troubles and would need some guidence.
My setup:
PC1: Running opentracker and is acting as the Certificate Authority.
PC2: Running libtorrent example client compiled with support for SLL encryption. Also acts as the publisher of the torrent file.
PC3: Same as PC2 but is not publishing any file.
When I use this setup without SSL torrents everything works as expected. The file gets transferred and if you go into the trackers stats page (trackerip/stats) it shows that 1 torrents is beeing served and there are 2 peers connected.
However, when I use my SSL torrent this is not happening. First of all, no file is being transferred. Second of all the tracker doesn't seem to recognize the torrent file i.e the tracker tells me it is currently not serving any torrents.
What could be wrong with my setup? And how do I start troubleshooting this?
Could it be that the tracker have to support HTTPS? Maybe I can't use open tracker. Do anyone have experience with this?
It is very likely that something is missing in the torrent file, but should I not be getting any errors in that case?
I am using the libtorrent example project "make_torrent" to make my ssl torrent and when I inspect it, it contains my certificate.
EDIT:
So a big part of my problem I assume is that I have zero experience from working with SSL stuff. So this is probably where I fail. I have read through both http://www.libtorrent.org/manual-ref.html#ssl-torrents and http://blog.libtorrent.org/2012/01/bittorrent-over-ssl/
and I am not sure I fully understand it.
I will try to explain how I have interpreted it and you guys can explain why I am wrong :) .
My interpretation:
The publisher of the torrent will include a x509 certificate signed with the publishers private key.
When a peer receives this torrent it will use the publishers public key (installed at an earlier time) to verify it's authenticity.
If everything is OK, the peer will generate a Certificate Signing Request and sign it with the peers private key and then send it to the publisher who signs it and returns a certificate. This is then the certificate that the peer will present to other peers.
Is this correct?
I'm trying to setup ssl on modulus.io but the guide says to bundle four files:
http://help.modulus.io/customer/portal/articles/1701165-ssl-setup-guide
The problem is rapid ssl only gives me two and they aren't named anything like those.
They only give me a web certificate, intermediate CA and then link to some bundled CA.
Anyone else do this in the past that can link me in the right direction?
You will need to bundle all the provided certs in a specific order. The order depends on the SSL provider. The Modulus guide is showing Namecheap. The likely order based on the info you provided is:
Domain specific cert - usually has your domain name in the filename.
The intermediate CA.
The contents of the bundled CA.
Simply concatenate all of these into a single file and provide that to Modulus. You can then use ssl-checker to verify the certificate chain is complete and in the right order.
Disclaimer: I'm a Modulus employee