Trying everything to improve GPS on Android, so I decided to convert *.pem certificate to SuplRootCert.
But I can't understand: which certificate supl.google.com:7252 uses:
GeoTrust Global CA or GeoTrust Global CA 2?
And by the way, which SUPL version supl.google.com supports?
Related
I can connect fine with Python to any external https site without this error:
SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
But I have a local webserver on my laptop with a self-signed certificate that works fine in itself but Python generates an _ssl.c:1108 error when I try to connect to it.
Any ideas?
The python client does not have access and trust the CA certificate that signed the web server certificate. In your case that is the self-signed web server certificate.
To get the python client working, you can do the following:
disable certificate verification. That is not a good idea but I guess is ok for a quick test. The emphasis is on "it is not recommended".
Download the self-signed certificate and make it accessible to the python client and specify it as trusted CA certificate.
Download and install a certificate from well known CAs such as LetsEncrypt (free) or commercial CAs. This is the recommended approach.
You could go into depth on the items mentioned herein and get a conceptual understanding how TLS operates.
EDIT 1: You could also get a free certificate from LetsEncrypt CA. Or you could get a free test certificate from most of the commercial CAs like DigiCert etc. See this link for getting and installing a free test certificate signed by a DigiCert test CA.
See this for details on python client configuration for TLS.
I do not find the letsencrypt certificate in the trusted list published by Sonos (http://musicpartners.sonos.com/node/339 - CERTIFICATE AUTHORITIES TRUSTED BY SONOS PLAYERS).
Do you if Sonos supports the https://letsencrypt.org certificates even if they are not listed (yet)?
Thanks.
Let's Encrypt is cross-signed by DST Root CA X3, who we trust (https://letsencrypt.org/certificates/), so it's OK to use it. We do have some partners that use Let's Encrypt.
PayPal recently announced that they upgrade the certificate to SHA-256 with VeriSign G5 Root Certificate.
https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US
Does AppHarbor have this root certificate installed?
Does it support SHA-256?
Thank you
Yes SHA-256 is supported, and root certificates are updated regularly and automatically. I can also confirm that the VeriSign G5 Root Certificate mentioned in the PayPal article is installed and trusted on the platform.
Generate self-signed root certificate using makecert.exe and imported in Trusted Root Certification Authorities.
Since, Mozilla Firefox has it own list of Certification Authority (CA) certificates,
imported self-signed certificate into Firefox's Authority certificates list.
Generate derived certificate with CN=*.test.com
Setup proxy server which uses self-signed certificate.
Browsing something.test.com with Internet Explorer and Chrome, certificate is accepted and no security issue warning is shown. Firefox shows error message
'something.test.com uses an invalid security certificate.
The certificate is only valid for *.test.com
(Error code: ssl_error_bad_cert_domain)'.
Problem seems to be about using wildcard in CN, because if i generate derived certificate with CN=something.test.com no error is shown for none of the browsers.
Solved problem by using Multi-Domain (SAN) Certificate.
makecert.exe is unable to generate SAN Certificate. at least i can't find out how.
Used OpenSSL to generate SAN Certificate and it worked.
OpenSSL PKI Tutorial is good resource to know how generate SAN Certificate.
I'm trying to build a simple client-server application using Netty which uses SSL certificates .
I looked around and I could only find the secure chat example [here]. It uses bogus certificates.
How to do a proper implementation of SSL certificates (self-signed) in Netty?
I would recommend against self signed certificates. It's not worth the trouble. You can get signed certificate for free from StartSSL. Check out the link below on how to convert a signed certificate into PKCS12 format and use it in SSLContext to be used with Netty.
http://blog.hintcafe.com/post/33709433256/https-server-in-java-using-netty-and-keystore