Can my WP7 app use Open SSL? - wcf

I have a WP7 app that communicates with the back-end via a WCF service.
A customer has asked if the app can be made more secure by communicating via an ISA server using Open SSL.
The ISA server would be public facing with the IIS Server hosting the WCF service behind a firewall. I will have to load the public cert onto the phone and have read that this can be achieved by emailing the cert then running the attachment.
I'm not clued up on ISA, Open SSL or certificates and am hoping someone can tell me if this is possible or not.
Any ideas?
Edit
I'm hoping for a little about how to configure the WCF proxy on the phone.

You need the the Root CA of the cert on the phone. You can do this a couple of ways. The simplest would be to email it to the phone as an attachement (p7b format). On the phone simply open the attachement and the phone will prompt you to install the cert (p7b). This will install the cert into the cerificate store. A good way to test if it is working right is to hit an HTTPS web URL in IE from the phone, if you dont get any security prompts about an untrusted cert it is working correctly.
You will need to have your SSL terminate at the ISA/UAG box. This would have the server cert set up on it and use it to secure the SSL channel for the web app.
More information on configuring publishing with UAG (next gen of ISA) is here: http://technet.microsoft.com/en-us/library/ee406221.aspx

Related

Separate SSL Certificates for Web Application and API

I have a data collection / reporting web application hosted on an AWS Lightsail instance with Ubuntu 18.04 OS and Apache2. I use a 'Lets Encrypt' SSL certificate on the site. This all works fine.
I also have an embedded device which uploads data to the website via an API. The embedded device is currently not operating on SSL, but I need to change this. The embedded device can communicate on SSL but its not easily updateable in the field. My concern is that the CA certificate that is embedded into the device cannot be updated, and so using the same 'Lets Encrypt' certificate, means that a change in the Lets encrypt certificate will render the remote embedded device unable to connect to the server.
The common solution to this problem is a self signed certificate over which I have total control, and yes this would fix the problem, but it would create another problem. If I use a self signed certificate, then any user connecting to the site to view data from their PC would get an Untrusted Certificate warning on their browser, which is not acceptable.
So, to fix this ideally I would have my web app protected by 'Lets Encrypt', but the API protected by a separate self signed certificate. However, both web app and API need to be on the same domain. Also they should ideally also both be on the same standard 443 https port.
Is there a way to setup the web app and API to serve different SSL certificates?

How to configure https for a UWP Desktop Bridge app hosting a PWA via a Kestrel Server

I have a desktop bridge app which uses a worker service to host a PWA and WebAPI with Kestrel over https
User runs the worker, and browses to the service from ff/chrome/edge
This works fine in development as the development machine has a trusted certificate installed
However, when I package it up and deploy to test machine, there is no cert and the app crashes
So, how what is the best way to do this?
Options
Bundle a cert with the app, install it in the containers local
store? How would this work with the browser, which wouldn't trust the
cert as its not installed in the browser users context
Buy a cert from a CA. How would I distribute it?
Magic UWP trusted certs I can add to kestrel?
So, it seems you can't
In 2015 certs can not be issued to IPv4 or IPv6 address and must be a FQDN with a public top level domain
TLS is not just about encryption, but also identification, private ips can't be publicly identified
And PWA's need https to work, so options..
Self-signed certificate, which won't be trusted and show the user a
nasty message
Publicly host the PWA and certify that domain, then
call back to the loopback address 127.0.0.1 over http to communicate
with the running worker, this is considered secure. I have done this
and it does work, but means my app can only communicate with the user
on the same machine
There are other options that need you to have control of the network dns - which I won't have

wcf https works on my local pc but not in android

I have WCF Service hosted in IIS using https and self sign certificate created from IIS for my local pc
If i enter in my desktop browser the following link:
https://MyHostName:MyPort/MyService.svc WORKS and is secured.
The same link in different pc in my local LAN gives me warning that this site is not secure and asks me to click and verify that i want to proceed and when i do it i can see the service .. ( which i assume has something to do with my certificate)
MAIN PROBLEM
The same link again FAIL using android google chrome with out give me a warning . Just fail with the error "This site can't be reached.... ERR_NAME_NOT_RESOLVED"
Please help.
I am trying to connect to the service from my xamarin Forms android application (https) but before that i try to test the wcf service from my android browser to verify that the service is available before trying to connect
if this is due to certification how can i configure it correctly to be secure? should i buy one?
i was hoping to test my service before proceeding buying one.
anyone has any ideas?
using valid certificate fixed the issue.

SSL Certificate IIS

I have researched a lot before posting this question. I have a website that runs on HTTP. We are currently using ASP.NET webforms.
My boss wants to update the payment gateway to use Stripe. Stripe wants the payments page to be running on HTTPS rather than HTTP. So I want to make my website HTTPS.
There are a lot of articles out there to make your website https with your own self signed certificate. However, I couldn't find relevant Microsoft docs for doing the same thing in a live production environment.
My question is how would I do that in a production environment where you do not have ISS control?. I understand that I will have to buy an SSL certificate from a verification authority. Currently I am using FTP to replace the bin files and the modified files to make changes to the website.
I was wondering if there are any C#,ASP.NET veterans out there who can guide me in the right direction.
To run a web site with a certificate, which is a requirement to use HTTPS, you must be able to use IIS administrator to install the certificate on the web server and bind it to the web site on port 443. You could maybe possibly get it done without IIS admin by using PowerShell, but the user account running PowerShell would need the same permissions as if you did it with IIS admin.
Bottom line-- if you do not have any access to IIS admin at all, it is not possible to complete this task by yourself.
If your web site is hosted, you will need to approach the hosting service provider for instructions on how to request and install an SSL certificate for your web site.

IIS force asking for certificate to a client node.js application

I have an application running on IIS 8.5 on my Windows Server 2012 and I have configured it to use this certificate I just bought. So now I can access the website using https protocol.
I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate. I've been googling around for a couple of hours and I was not able to have the picture of what I need to do.
My goal would be to do the HTTP POST from client and only the clients using the certificate would be allowed to upload data to my https://example.com/upload url.
Firstly, I need to configure IIS so that requires a certificate when doing the handshake but I have no option for that in the authentication panel inside my webapp. I only have these options:
What am I doing wrong?
Click on SSL Settings
Then tick Require SSL