Server certificate change issue for Huawei PushKit Uplink message - huawei-mobile-services

Currently, if you want to apply "Uplink message sending" for your apps in Huawei PushKit, you must provide a Url and it's Https certificate
If the certificate gets expired or changed, an update is needed for the uplink to keep working.
However, the issue gets serious when the number of apps becomes relatively large. This would make the update process difficult.
Is there anyway to apply the uplink message without worrying about the certificate change over time?
Is there a reason that Huawei does not try to get the certificate of the passed Url itself and check it periodically and update it?
Thanks in advance

Is there anyway to apply the uplink message without worrying about the
certificate change over time?
How many apps do you have and and how frequently do you change your server certificate? According to the instruction here, it is just a matter of changing the URL and upload the PEM file. Per Shirley's suggestion, the developer server monitors the certificate validity period and will remind you to update the certificate before it expires.
Sign in to AppGallery Connect.
Select My projects, find your project from the project list, and
click the app for which you need to send messages. Go to Grow > Push
Kit > Settings. Find Receive uplink message and click Enable.
Set Destination URL and HTTPS certificate (in PEM format).
Is there a reason that Huawei does not try to get the certificate of
the passed Url itself and check it periodically and update it?
Huawei AppGallery Connect treats security and communication seriously so it is important to make sure that the developer follow the security best practice to update their own HTTPS URL & certificate.

Is there anyway to apply the uplink message without worrying about the certificate change over time?
If the uplink message fails to be sent, the device will receive an error code. After receiving the error code, the device instructs the device to update the certificate.Alternatively, the developer server monitors the certificate validity period and reminds you to update the certificate before it expires.
Is there a reason that Huawei does not try to get the certificate of the passed Url itself and check it periodically and update it?
To meet security compliance requirements, Huawei must check the validity of certificates.

Related

GitHub page 'Your connection is not private'

I have searched for this and found answers that do not work in my case. I would appreciate some thoughts on this
I have set up a github page at: https://ir-ischool-uos.github.io/mwpd/
Some users reported that when they visit the page, an error about security is displayed, like this on Chrome:
- However, many users say it works ok for them.
I have found some sources say that this only happens if your link contains 'https' instead of 'http', but tested on two computers, one mobile phone and one tablet they both work fine. I also found source that say I should use GitHub page's https support, and I checked my setting this already is ticked.
Is there anything I can do to fix this for every user?
Thanks
This error could happen because of numerous of reasons. For example:
The server certificate (or at least one of the certificates in the chain of trust) is not among the trusted certificates that the browser/system maintains (maybe an outdated list?). Try to update the browser/system.
The date/time on the system is not configured correctly.
The connection is being intercepted (by an attacker?) and the certificate is manipulated, hence the SSL connection handshake process could not complete.
Your connection is not private error appears on websites using the SSL / HTTPs protocol when a browser is unable to validate the SSL certificate issued by the website.
Basically, any website using SSL / HTTPs protocol sends a security certificate information to users browsers upon each visit. Browsers then try to validate the certificate using the public key accompanying the certificate.
If it checks out, then users browser encrypts the data using the private key sent by your website. This encryption secures the data transfer between a user’s browser and your website.
I have checked it accross 3 different connections and they all worked just fine.
I believe the problem could be from the users. They may need to clear their cache, check if their clock is set correctly, their antivirus could be stopping it. And their browsers may be outdated.
What I will advice is just (https://support.github.com/contact). They could check to verify if this is an issue from the server or not.
But from what am looking at, this may be an issue with the user's device.
Also here are a few links you could refer and see if all settings on your own part are rightly set;
[1] https://github.com/docsifyjs/docsify/issues/236
[2] https://help.github.com/en/github/working-with-github-pages/securing-your-github-pages-site-with-https
[3] https://help.github.com/en/github/working-with-github-pages/troubleshooting-custom-domains-and-github-pages#https-errors
I hope this helps. Let me know!
If you are using a school/college wifi, most probably someone has your credentials and he/she is using it at the same time as you so basically when he/she is using the web you'll get this message, you should probably change your password or switch on VPN.
If the WiFi/other network used to access the website in question is a school or public network, some 3rd-party software used by it's administrator might be trying to prevent or override the connection to your website.
That might happen in order to display an error message (e.g. "Website access prohibited"), a captive portal (network login window), or just to watch the data being sent around.
Since you're using HTTPS it was prevented when the certificate check failed, because with HTTPS in place that software has no way of presenting it's own page or eavesdropping, other than creating it's own certificate with your website name in it on the fly. Which, of course, was rejected by the browser, since either the user didn't expect it, or, if it's indeed a school/company network, the PC wasn't properly enrolled for use on the said network.
Either way, there is no problem with your webpage itself. Because Github manages the server for your Pages, chances you could create something causing that problem yourself are pretty much zero.
Sometimes it happens because of the wrong IP/DNS settings. Checking the below places might help resolve the issue:
Make sure you are using a common public DNS server. How to check the DNS server you are using depends on your operating system. Moreover, if you are using a VPN client and it has a DNS configuration, check that setting too.
Check if there is an IP address associated with GitHub in the system's hosts file. In Linux and macOS you may use sudo vi /etc/hosts. If there is one, turn that line into a comment by adding # at the beginning of the line. Save, exit, and check if you see that error again. Do step 3 only if you are still getting the same error.
Go to https://www.ipaddress.com, search for github.io, and add its IP address at the bottom of /etc/hosts file like this example: 140.82.114.4 github.io.
Hope this helps.

Inconsistent notifications watching files with Google Drive REST API V3

I'm using this endpoint to subscribe for changes on a file: https://developers.google.com/drive/v3/reference/files/watch. While I'm receiving callbacks, some notifications don't happen right away and others seem to be dropped completely. I'm trying to figure out whether this is an issue with the service or something I'm not understanding about the API.
I've tried testing our setup with several different types of files and have gotten similar results with inconsistent notifications.
Wonder if anyone has done tests or has insider information about the reliability of change notifications? Is it around 99% or more like 50%? What is the expected distribution of delays? (it's definitely not instantaneous)
Without knowing what you have already done, I can only suggest that you check Push Notifications and see if you've missed some of the important things.
It was discussed that, to use push notifications, you need to do three things:
Register the domain of your receiving URL.
Set up your receiving URL, or "Webhook" callback receiver.
Set up a notification channel for each resource endpoint you want to watch.
In addition to that, note that there are required properties when making watch requests:
An id property string that uniquely identifies this new notification channel within your project. We recommend that you use a universally unique identifier (UUID) or any similar unique string.
A type property string set to the value web_hook.
An address property string set to the URL that listens and responds to notifications for this notification channel. This is your Webhook callback URL, and it must use HTTPS.
Also, Drive API will be able to send notifications to this HTTPS address only if there is a valid SSL certificate installed on your web server. Invalid certificates include:
Self-signed certificates.
Certificates signed by an untrusted source.
Certificates that have been revoked.
Certificates that have a subject that doesn't match the target hostname.
Hope that helps.

iPhone app submitted with developer certificate

I've just accidentially submitted an update for my app via organizer -> distribute, not noticing that my build settings still had the developer certificate set instead of the distribution certificate.
will the update still work on the users devices, or will it fail to install? I did not find any option to reset the submitted app, so I will probably have to wait until its published. Or will it even be rejected for not beeing signed with a distribution certificate?
App Store will likely reject if you have the wrong certificate. Send Connect an email and explain, they're usually pretty helpful.

Will HTTPS + ASIHTTPRequest get approved by App Store?

I know ASIHTTPRequest works perfectly well with HTTPS. All we need is this one line of code:
[myASIHTTPRequest setValidatesSecureCertificate:NO]
Here's my question, I don't have any HTTPS certificates approved by any authority, including the US government. And I am not a US citizen, and my app isn't targeted at the US market. When I submit an app containing the above HTTPS code,
Do I need to check the encryption box when submitting?
If I don't check that box, will the HTTPS code be detected? (Like an private API?)
If I check that box, will I get rejected? (since I don't have any certificates approved by any authority)
If I have to get a certificate approved by someone before my app get approved by the App Store, how long will this apply-and-get-approved process be, and what about the cost?
Thanks in advance!
Do I need to check the encryption box when submitting?
No. Your not encrypting any data on the device, it's only transport encryption provided by apple so don't have to tick the box.
If I don't check that box, will the HTTPS code be detected? (Like an
private API?)
As above, it doesn't matter.
If I check that box, will I get rejected? (since I don't have any
certificates approved by any authority)
If you tick the box you have to fill out a lot more information and your in for a long long wait just getting the legal stuff squared away before you even get to the app review..
If I have to get a certificate approved by someone before my app get
approved by the App Store, how long will this apply-and-get-approved
process be, and what about the cost?
You buy a certificate from any root certificate authority. Certificates expire, so you have to renew it when it runs out. The cost depends on who you buy the certificate from. I would recommend that you shop. You can also get wildcard certificates e.g. *.example.com that would allow you to setup any site ending in .example.com.
The accepted answer is simply wrong, and following its advice puts your app in danger of being removed from the App Store. You should look at the FAQ for Worldwide Trade Compliance on the iTunes Connect site. It clearly states that even if you use iOS-provided HTTPS, you still need to submit an ERN request to the US government. Also, it does not matter that you live outside the US, as your app is distributed by a company (Apple) in the US.
See this blog post for more details, especially the comments, as BIS has recently made it easier to apply.

Certificate creation for Apple push notifications

I need to integrate apple push notifications. I am not clear about the certificate needed for the server. As I know this is a generated certificate form server end and does it needed to be signed by a valid certificate authority? If so how does APNS going to validate this?
For the apple sandbox cant we proceed with a test certificate?
Is there any chance to test this APNS process in the simulator?
Thank you.
You need to generate the certificate on the iOS Provisioning Portal, according to the instructions on the docs (also available on the portal). You don't need to worry about the details of the certificate; the Provisioning Portal takes care of all the details for you. You need to do this for each of you App IDs and you need to be the Agent of your organization to do this.