I am trying to encrypt the push sender password in application-descriptor following Storing properties in encrypted format section of the tutorial.
However, when building the wlapp for iOS, I see following error message in Worklight Studio.
FWLST1040E: iphone build failed: com.worklight.common.util.WorklightCertificateException: Certificate error: Unable to process certificate: apns-certificate-production.p12
It appears that Worklight Studio trying to decrypt the p12 certificate using '${xxxx}' as the password during build process. If I put the password as clear text, build passes. Replacing push sender values for GCM with ${xxx} passes also since there is no iOS-like certificate to decrypt. Only iOS build has problem here.
As far as I understand, the encrypted/configurable fields should be decrypted/replaced at server side during run time, not during the build. Right now, I am not able to build a new wlapp for ios because of this issue.
I am not sure what have I done wrong here. Is there a setting to skip the p12 decryption during build process?
Worklight 6.2:
Created a test=1234 in worklight.properties
Using <pushSender password="${test}" /> in application-descriptor.xml
This passes w/out any errors.
MobileFirst 6,3 7.0:
The same steps as above fail with:
[2015-05-20 10:30:01] FWLST1040E: iphone build failed:
com.worklight.common.util.WorklightCertificateException: Certificate
error: Unable to process certificate: apns-certificate-sandbox.p12
I have opened a bug for it.
Are you sure about the version you're using?
Related
I've got a WebSphere 9 server for testing web apps on my laptop. I also have Hybris running under Tomcat on my laptop (for testing also). I wrote a Java web app to test punchout functions in Hybris, that runs on my WebSphere server. It had been working, but I had to reinstall WebSphere. Since then, when I try to run my web app in WebSphere, I get this error in WebSphere:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path
building failed: java.security.cert.CertPathBuilderException: unable
to find valid certification path to requested target
whenever my app tries to post to Hybris.
In the administrative console of WebSphere, I used the "receive from port" button to get the self-signed certificate from Hybris into the nodedefaultTrustStore in WebSphere. Hybris is at applied.local:9002 on my laptop and the certificate looks like this:
CN=applied.local, OU=applied.local, O=applied.local, L=applied.local,
ST=WI, C=us Valid from Jul 17, 2019 to Apr 11, 2022.
All of this was working previously, but I must have broken something. I must be missing something. I don't understand why it can't "find a valid certification path" to applied.local, since the CN is applied.local, and the certificate is in the trust store in WebSphere.
I got it working, but I don't know why I had to do this to get it working. If someone can explain why - that would be great. Anyway here's what I did:
Added custom variables to WebSphere to define where cacerts was, but default values should have worked, so not sure if this had any effect. In admin console, application servers > server1 > Java and Process Management, process definition, Java Virtual Machine, Customer properties: javax.net.ssl.truststore (path to cacerts in WebSphere), javax.net.ssl.truststoretype jks, and javax.net.ssl.trustStorePassword changeit.
Used a browser to export the self-signed certificate Hybris was using to a file.
Used Ikeyman to import the certificate into cacerts. (There are instructions on how to do this in IBM's pages).
Restarted WebSphere and Hybris and posting from WebSphere to Hybris worked again.
What doesn't make sense to me is that I had previously imported the Hybris self-signed certificate using the "Retrieve from port" button in the admin console for the NodeDefaultTrustStore. That used to work, but now apparently I have to import it into cacerts also or instead?
I was trying to establish a ssl connection to the sever in my application. for this, I generated self-signed certificates and added them to the keystore as well as the java cacerts which is the trust store.
But When I launch my application, I keep getting PKIX path building failed validatorException: unable to find valid path to requested target error
Hence unable to login to my java application.I use java1.8.0_144 version.
Try to login to the website which IDE is complaining about, and see if you are able to access it through the browser.
If so, then check for the certificate being used in the browser and check that certificate is present in your java cacerts.
Hi i usually generated the root CA with openssl and never worked importing that into the cacerts with keytools. You can instead generate it with this application i made out of desperation (it's a Java 11 app):
https://github.com/kendarorg/JavaCaCertGenerator
Its only purpose is to replace the generation of the private key and the root certificate, in a form "fit" for cacerts. From there you can produce the various certificates for the addresses
We are developing an hybrid application ( Android , iOS )
and we are facing an issue communicating with our backend services.
We are using untrusted certificate in the development environment and this lead to an error invoking the services using WLResourceRequest in the hybrid code.
The error on the android platform is the following:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
And reading from android logcat comes out this:
04-20 12:50:04.300 9427-9450/com.myApp D/wl.resource_request: WLResourceRequest.handleOnFailure in WLResourceRequest.java:658 :: Unexpected errorCode occurred. Please try again.
04-20 12:50:04.308 9427-9450/com.myApp D/com.worklight.androidgap.plugin.WLResourceRequestPlugin: WLResourceRequestPlugin$1$1.onFailure in WLResourceRequestPlugin.java:92 :: inside WLResourceRequestPlugin failure
How can we manage to pass through the certificate validation? or is there something we can do to properly invoke the services?
You can overcome this by adding the CA certificate to your device.
Go to Settings -> Security -> Install from SD card and install the CA certificate to the device.
I have successfully gotten the module 41 sample running with eclipse and the local server. Attempting to deploy on my liberty server returns the error.
Failed to deploy application 'PushApplication-all.wlapp'. : application descriptor uses a security test:PushApplication-strong-mobile-securityTest. However, authentication config xml does not contain a security test element with that name.
I am on Worklight 5.0.5 with a successful app running on the server and now trying to add push notifications. I have checked the war file and it does contain the authentication-config.xml with the specified test.
I saw a smilier post a few momths ago but am unable to find whether it got answered
thanks in advance.
From the sound of it, you are trying to deploy your .wlapp to a server that is already running an instance of Worklight, but this instance does not have the required securityTest settings in authenticationConfig.xml
This leads me to believe that you did not replace the .war file you already had deployed in the Liberty-profile application server with the .war file from your Push Notifications project, which contains the up-to-date authenticationConfig.xml
I am new to Adobe AIR and I was following the steps given in the site :
"http://net.tutsplus.com/tutorials/tools-and-tips/introduction-to-adobe-air/", to create my first AIR application.
I was almost successful in creating my first AIR application but at the last step of Deploying AIR Application, after the successful creation of certificate when I am trying to create the.air file. I am getting the error :
"Could not generate timestamp: Connection refused: connect".
Can you please help me in resolving the issue as soon as possible.
As a short-term workaround, you can specify "-tsa none" on the ADT command line. (If you are using Flash Pro or Builder, there should be an option in the UI). -tsa none disables timestamps.
A timestamp requires an internet connection in order to get a signed timestamp token from a server. This is used to verify that your certificate was valid when the app was signed. Without a timestamp, your app won't be installable after your code signing certificate expires. With a timestamp, your app installer will not expire.
Proxy connections are sometimes the issue. Since ADT is a Java program, you have to configure the Java proxy settings if this is the source of the trouble.