I installed a certificate on the server machine for a WCF service. It installed in the Local Computer area of the Certificates Manager. However, when I run the service it says it can't find the Private Key file. When I locate the Private Key, it is in my user account area. For the WCF to run (it is running HTTP), it is my understanding that it has to have the private key in the All Users area for permissions. How can I install the certificate to have the private key in the All Users area instead of my login username area? The makecert command does not seem to have any setting for this.
You should install the certificate to the Service Account or the Machine Account. You can do this by adding a Certificate snap-in to the management console:
Start->Run->MMC
File-> Add/Remove Snappin
Select Certificates, Click Add.
Select Service Account, and follow the prompts to select the account your service is running as.
You should now be able to import the certificate by right clicking on the tree and selecting All Tasks -> Import.
Related
I have been tasked to fix an old VB.NET project. I was successfully able to get all the forms loaded and the project running. When I try to deploy the project I get "default certificate could not be created. publish aborting." I also started VS.NET in admin mode and got the same errors. When I go to Properties > Signing > Sign the Click-Once manifest, I try to create a test Certificate and I get "error: The compute must be trusted for delegation and the current user account must be configure to allow delegation". I went into gpedit.msc > Computer Configuration > Security Settings > local policies > User Rights Assignment and have added my Administrator account to "Enable Computer Account and user account to be trusted for delegation" and added my admin account. I am still getting the same error. Thanks in advance for any assistance you can give.
I have one issue when trying to connect to the LDAP server through code. It works fine when I use admin tool to connect to it.
it works fine when using this admin tool to connect to it.
it doesn't work when I use this code to connect to it, it says
The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
My code:
Using context As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, SingleSignOn.ADDomain, SingleSignOn.ADSecurityGroup, DirectoryServices.AccountManagement.ContextOptions.SecureSocketLayer Or DirectoryServices.AccountManagement.ContextOptions.Negotiate, UserName, Password)
Using foundUser = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(context, UserName)
Return foundUser IsNot Nothing
End Using
End Using
My question is:
how to set up the code to use version 3?
Thank you in advance for your help/ideas.
Windows needs to trust the SSL certificate, otherwise the connection will fail. Unfortunately the error message doesn't tell you that.
You have a couple options:
Change the certificate being used on the server to a certificate from a trusted root authority. This is the best way to do it, especially if this is a production server.
Tell Windows to trust the self-signed cert. This would have to be done on every computer that will connect. To do this, use the PowerShell script in this answer to download the certificate (change the URL to match your server). This will give you a .cer file. Then follow the instructions here to import it on the computer that you are running this code on. In that article, start at the heading "To start the certificate import process through Microsoft Management Console (MMC)". In step 4, you have the option to import it for the current user only, or for the whole computer (which requires local admin rights).
I created a VB Win Forms app using VS2010 that used ClickOnce deployment.
Sign ClickOnce Manifests was checked. (VS created the certificate and I had no idea what the password was)
The Certificate Expired so I created a TemporaryKey.pfx (This expires in 1 year, and I have the password)
I was able to publish and deploy with the Temporary certificate.
I now have a new pc. I copied the solution folder from the old pc.
If I try to build the app I get the following error:
"Error 1 Cannot import the following key file: SimmStock_TemporaryKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_B3DF0282FC97BF34 SimmStock2"
I unchecked "Sign ClickOnce Manifests" and the application can build and run.
As soon as I try to Publish then "Sign ClickOnce Manifests" keeps changing to checked. and get the following error:
"Error 1 Cannot import the following key file: SimmStock_TemporaryKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_B3DF0282FC97BF34 SimmStock2
"
Question: How can I stop signing completely?
I'm trying to setup SSO using OWin and Thinktecture Identity Server but I am not having any luck getting the SSL certificate to work. At least I think that's the problem. All works fine when I'm in visual studio, but if I try to use IIS on my machine it gives me the error "The remote certificate is invalid according to the validation procedure". I've also tried using IIS as the client treat the instance running in visual studio as the token authority but I still get the same error. Anyone have any ideas on what I'm doing wrong?
In my case I was just trying to work through the samples (for ID3v2) and getting the cert errors running locally. Since some samples even do self hosting via owin I'm not even sure where it's getting the certs for host side??
Anyway my fix was to copy the cert to the Trusted Root:
Windows => Start => run MMC.EXE
File=> "Add/Remove Snap-In..." => Certificates
Use Computer Account => Local computer => Finish => Ok
Go under Personal / Certificates
Right click "localhost", Select Copy
Paste to "Trusted Root Certificate Authorities"
Done. Enjoy.
After spending a lot of time for me the solution was pretty simple
I just opened the Certmgr.msc ---> deleted the localhost certificate from the Trusted Root certification authorities.
Then opened my solution (after I had run the identity sever)
clicked run the visual studio asked fro me if I want generate new certificate to iis express (ssl),
I had clicked yes and then it started to work properly:)
You need to add whatever certificate IIS is using to your Trusted Root Certification Authorities store on your local computer.
That can be caused by bad configuration on a previous certifications (sometimes can happen when you disagree to install a certification) :
Windows Start and open Certmgr.msc
Under Personnel/Certificats, find all localhost certificats and delete them
Same thing to do under Trusted Root Certification, and then close.
Start your application, you will get an exception.
Open the Package Manager Console and excute: dotnet dev-certs https --trust
Restart your application, normally you have a valid certificat now.
Adding certificate to Trusted People store should be enough according to readme file in examples provided by the authors.
In a production scenario it should be better because Root store is for CAs and when you add something there that authority is not only trusted, but any certificate signed by it is automatically trusted.
You can check this an further details from the microsoft reference. An extract of the 2 store short description:
Root: Certificate store for trusted root certification authorities (CAs).
TrustedPeople: Certificate store for directly trusted people and resources.
P.S: I tested it an it works. In my scenario I have IS on machine A and a set of web applications using IS on machine A and B. IIS certificate on machine B is different from the one used in A and by IS, but I just added it on machine B Trusted People store and the "certificate error" disappeard.
Some times it doesn't work though the above settings were done and you have given the URL as "https://localhost", instead give the URL as "https://MachineName".
i.e machine name should match certificate's "issue to" value
For .Net Core change TrustServerCertificate=False to TrustServerCertificate=True and that will solve your problem like I have it below.
"DataConnect": "Server=tcp:127.0.0.1,1433;Initial Catalog=dbName;Persist Security Info=False;User ID=username;Password=password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;"
I have implemented a windows service that runs every 3 minutes and polls a database for notifications that are ready to be sent. I collects them into a list determines whether it is an ios or an android notification and then call the PushBroker (PushSharp solution is included as a compiled solution in my solution project) I then iterate the items in the list to process as follows:
static void ProcessIOS(List<Client> IOS)
{
PushBroker push = new PushBroker();
push.OnNotificationSent += NotificationSent;
push.OnChannelException += ChannelException;
push.OnServiceException += ServiceException;
push.OnNotificationFailed += NotificationFailed;
push.OnDeviceSubscriptionExpired += DeviceSubscriptionExpired;
push.OnDeviceSubscriptionChanged += DeviceSubscriptionChanged;
push.OnChannelCreated += ChannelCreated;
push.OnChannelDestroyed += ChannelDestroyed;
foreach (var entry in IOS)
{
string dev = entry.Device_Id.ToString();
string load = entry.Push_Payload.ToString();
int count = entry.Unread_Count;
var appleCert = File.ReadAllBytes(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "../../../productionfile.p12"));
push.RegisterAppleService(new ApplePushChannelSettings(true, appleCert, "password")); //Extension method
push.QueueNotification(new AppleNotification()
.ForDeviceToken(dev)
.WithAlert(load)
.WithBadge(count));
}
}
The messages are sent successfully, however, the issue I am having is
1. trying to retrieve the responses when message was sent successfully, or failed, reason for failure etc... these are delegates within the pushsharp code so that I can log the responses to our database. For clarification... I need to know what entry attempt(deviceID) the error responses are from. I am unable to tell by the generated messages from the notificationsent delegates since the data is not linked to any particular deviceid delivery attempt.
2. I also want to be able to keep the pushsharp code as is without modifications and call methods from my code to reduce merging issues when any updates are made to pushsharp code in future.
Any Suggestions?
If anyone can give me any examples on how to use the response events and delegates to retrieve information for each notification send attempt, I would appreciate it.
thank you.
I did not get any replies but with further research I was able to resolve my issue with the failed sucesses and was able to successfully send out notifications with no errors. The solution was to regenerated my certificates. Since I am using a windows server for my push notification server The following steps will guide you to generate an APNs certificate from a Windows Server.
If you have already generated your certificate from a Mac OS X workstation, you can skip this
section and upload your certificate to the Push Notification Server.
Step 1—Generating a Certificate Signing Request (CSR)
1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager, and select the
server name.
2. Double-click Server Certificates.
Note: The version of IIS server is 7.0 in this document.
From the Actions pane on the right, click Create Certificate Request. The Request Certificate
wizard appears.
In the Distinguished Name Properties window, type the following:
• Common Name—the name associated with your Apple Developer account
• Organization—the legally registered name of your organization/company
• Organizational unit—the name of your department within the organization
• City/locality—the city in which your organization is located
• State/province—the state or province in which your organization is located
• Country/region—the country or region in which your organization is located
Click Next. Cryptographic Service Provider Properties window appears.
Select Microsoft RSA SChannel Cryptographic Provider in the Cryptographic service provider
field and 2048 in the Bit length field, and then click Next.
Select a location where you want to save the certificate request file. Make sure to remember
the filename and the location where you save the file.
Click Finish. You have now created a CSR request and are ready to upload it to your Apple
development portal.
Step 2— Uploading CSR to your Apple development portal and generate the
APNs certificate
Step 3— Downloading and Installing your APNs certificate
Click Download to save the .cer file to your computer.
Copy the .cer certificate file to the same Windows Server computer where you created the
certificate request file.
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager, select the
server name, and then double-click Server Certificates
From the Actions pane on the right, click Complete Certificate Request. The Complete
Certificate Request wizard appears.
Select the .cer certificate file that you downloaded from the Apple Developer Portal, and type
the name of your application (e.g. com.xxxx.xxxxx) in the Friendly name field.
Tip: The friendly name is not a part of the certificate itself, but is used by the server
administrator to easily distinguish the certificate.
6. Select OK. The certificate will be installed on the server.
7. Verify that your Apple Production Push Services certificate appears on the Server Certificates
list.
A. If you can see the certificate, follow the next steps to export the certificate and upload it to
the Push Notification Server.
8. Right-click on the certificate in the Server Certificates list, and then click Export.
Select the location where you want to save the file, choose a password for exporting, and then
click OK. (Export as a .pfx)
Tip: If you only have the option to save as a .cer file rather than a .pfx, then you are not
correctly exporting the certificate. Make sure you selected the correct file to export. If you still do not have the option to export as a .pfx go to step B. below.
Note: Make sure to remember the password, or keep it in the secure place. The password will
be required when uploading the certificate to the Push Notification Server.
After completing all these steps, you should have the following items:
• APNs certificate (.pfx format, not .cer format)
• The password that you set when exporting the certificate
You are now ready to upload your certificate to Push Notification Server if you are not on that server already.
B. If you DON’T can see the certificate in the Server Certificate UI as shown above or DO NOT have the option to export as a .pfx from that UI, follow the next steps to export the certificate and upload it to the Push Notification Server.
8 . Go to Microsoft Managenment console
9. On the Start Menu, click Run, type MMC, and then click OK. Microsoft Management Console opens with an empty console (or administrative tool) as shown in Figure 1 below. The empty console has no management functionality until you add some snap-ins. The MMC menu commands on the menu bar at the top of the Microsoft Management Console window apply to the entire console.
Click File->Open and select Console1.msc and Open
Right click on the certificate you want to export select All Tasks-> Export
Click Next on the Certificate Export Wizard
Choose Yes, export the private key
Warning: DO NOT select Delete private key
Select, Personal Information Exchange - PKCS #12 (.PFX) if not already selected by default.
Browse to the location where the .cer is residing on your machine
Select the location where you want to save the file, choose a password for exporting, and then click OK. (Export as a .pfx)
Go to the exported .pfx file and rename extension to .p12.
Place file in root directory where Push Notification Engine is installed (e.g. C:\ or D:)