We develop extensions for Safari. I installed our Safari Developer Certificate on Windows, but I can't install it on mac (we have two certificates). I tried to download and install them from the Apple website but it doesn't work. What do I have to do?
When you download the certificate from the web you only get the certificate. The private key is usually on the machine from which you created the certSigningRequest.
The certSigning request (you can create one by using KeyChain Access app) creates the private key and adds it to your login keychain.
If you don't have access to the original machine, then I'd suggest you revoke your certificate on the portal and create a new one.
The only way to export a certificate is to export it along with the private key. Usually folks do this using KeyChain Access app. You can export the p12 format key which can be used to import on a different machine.
Without the private key, downloading the cert from the portal is useless. This is true for not just Safari certs but for all Mac development certs.
Related
I have a question about an IIS SSL certificate issue that I see repeatedly.
When I import a CA issued SSL certificate into IIS, I have found that it does NOT WORK unless I import it with the private key marked as exportable.
The default certificate import setting for every version of IIS for as long as I can remember is to mark the private-key as NOT exportable.
So if I import the certificate into IIS with private-key not exportable, web browsers like Chrome and Edge will reject it and refuse to load the web page and users get an error message.
(I confirmed the SSL certificate is the problem because the page loads correctly by enabling http/80).
I found that I have to mark the certificate as private key exportable to make it work.
Does anybody else find the same problem ?
Has anyone been able to get IIS to work correctly without the private key marked exportable ?
Why does Microsoft set the default IIS certificate import setting so that by default it DOES NOT WORK?
Does anybody know why IIS requires the private key to be marked exportable when it is installed in order to function properly?
You can install it manualy instead of using IIS Manager.
Double click the .pfx file, that will start the import wizard
Select "Local Machine" as "Store Location"
The file path will be right, just continue
Enter password and do not click "Mark Key as Exportable"
Place it in Personal store (Web Hosting may also work, had not tested)
Complete de Wizard
You can also do that using certlm.msc.
The certificate will then be available in IIS Manager and will work just fine.
If you want to use the certificate by the web server, you must export the private key along with the certificate. Without the private key, data encryption (and therefore secure communications) is not possible.
When exporting the server certificate from the server's personal certificate store, you may not have the option to export the private key. If this is the case, when the certificate was imported, the option to allow the private key to be exported may have been unchecked. This is a security measure to prevent a possible compromise of the server's private key. Since this could be a potential security risk, the option to mark the private key as exportable is not checked by default.
Make sure during the import process that you select the box "mark the private key as exportable."
Every Certificate that you install on the IIS website must have a private key associated with it. Without the private key, the certificate won't work at all - it won't be able to complete the initial SSL handshake.
I deployed an UWP app on Raspberry with Windows IoT Core.
What will happen when the temporary PFX certificate expire?
the app can still to run on device as the default/startup App?
From: https://msdn.microsoft.com/en-us/library/ff369721.aspx
What do I do if my certificate has expired?
So you have already deployed your application, and now your certificate (purchased or unpurchased) has expired, and you’ve examined the flowchart and determined that your customers are going to have to uninstall and reinstall the application. You can’t even issue an update. Visual Studio will not let you deploy your application with an expired certificate. So what do you do now?
If you need to extend an existing certificate, you can use a program called RenewCert. For details, you can check out my blog post How to extend an existing certificate, even if it has expired.
You can also find a version of RenewCert code on MSDN. I have not tested that specific version, but I’ve heard that it works with test certificates but not purchased certificates. Here’s the link if you want to check it out: http://support.microsoft.com/kb/925521
If you are already using a test certificate, extending it solves your problem. You can sign your deployment with the extended certificate, issue updates, and it will work fine. You can go to lunch, and the rest of us with known publishers can eat at our desks while we continue on. (Can you bring something back for us?)
If you are using a purchased certificate and it has expired, you can use an extended certificate to sign and deploy an update to your application, but it will look like a test certificate. This will seem just like any other update to your customer who already has the application installed, because it does not show the trust dialog when installing an update. New customers will see “Unknown Publisher” in the trust dialog because you are now using a test certificate.
So if your purchased certificate has expired, this enables you to issue an update to the application that programmatically uninstalls the current version and installs a new version signed with the new purchased certificate.
I am beginner of iPhone. I have no idea of upload app in itunes. I have make certificate and provisioning profile but when i downloaded certificate at that time no with private key.. so, give any suggestion which is apply in my app.
You can do 2 things:
1. Create a new certificate identity via the apple devloper portal In this case you'll need to log into the apple developer portal and use the assistant, as part of this you will need to create and upload a CSR (Certificate Signing Request) which will also create the public and private keys on the machine. Apple sign the request and voila, a signed public/private certificate pair : guide
2. Export the private key from the machine originally used to create the Certificate This case is when your signing with an identity previously created, probably on an old machine or if (as in my case) your developing for a client that has their ID's already created. If you can't access the machine originally used to create the certificate identity you'll have to create a new identity as per the guide/assistant.
To do this, you will need to export your private key (a .p12 file), or public/private key pair via Keychain Access, and install the private key or key pair to the machine your developing on: guide
I am developing an html application where an user has to first login using his digital certificate. After login he has to perform encryption and decryption of data using his digital certificate.
Now in case when the certificate is available in the form of .pfx file then we can just install it and the certificate appears in the container and we can use it during login and during encryption and decryption.
This works fine in case if we have .pfx for our digital certificate.
But now i want to enhance it for etoken's(security token). I dont know much about etoken's. The problem is that how can i use the digital certificate stored in it while login?
Also how should i use the private key stored in it while decryption?
Can anyone please tell me about any tutorials (if any) which will explain the usage of etoken and the CryptoAPI's.
As I mentioned in the answer to your previous question, Windows CSPs map the certificate from hardware to Windows certificate storage, so this is transparent to you. If you can access the certificate via Windows certificate storage API, then you don't need to care where the certificate is actually located.
Note that you can't transfer a private key to the server, i.e. you would have to use a client-side module (either ActiveX or Java applet) that will perform operations locally. This is not specific to certificates on hardware, but also to certificates which have non-exportable private keys.
I'm using SharePoint 2010 and I'm configuring a web part using ChannelFactory and Certificate to access a WCF service.
But I'm getting this error message:
Error occured: Could not establish secure channel for SSL/TLS with authority 'my FQDN'.
How could I configure my SharePoint web application to have access to read this installed certificate?
(I'm sure the certificate is installed correctly on the server where sharepoint is installed and all the WCF configurations are correct)
Many thanks in advance,
Are you talking about a client certificate that SharePoint would use to authenticate itself when connecting out to some service? If that is the case, then you would need to install a certificate along with a private key. Otherwise, if you are just talking about a root certificate to validate some server certificate on a remote service, you do not need the private key.
Assuming that you mean a client certificate with private key (I don't know how SharePoint uses certificates), then you would have to install the certificate along with a private key, and then, make sure SharePoint has access to the private key.
It's not enough just to install with the private key -- you have to either install logged in as the Windows account that the code using the private key will be running under, or, if you install the certificate into the Local Machine "Personal" store, for example, you have to set an ACL on the certificate to give another Windows account access to the private key. To do that, you can use the WinHttpCertCfg tool. Cf. here for the general idea, and here to download the tool. Or from the MMC Certificate snap-in, select the certificate in the Local Machine, Personal store, right-click, select All Tasks, Manage Private Keys, and grant access from there.
Have you tried uploading it to the Manage trusts area?
http://centraladmin/_admin/ManageTrust.aspx
Rebooted the server?
Installed on all servers in the farm? Into the machine store (not service or personal)?