I have a root certificate for self signed localhost certificate and need to be installed in localmachine Trusted Root Certificate Authorities. I have the following command to do the work
certmgr.exe -add -all -c rootCert.cer -s -r localmachine trustedrootcertificationauthorities
In command line, it shows CertMgr Succeeded, but I cannot find the certificate.
Then I double Click the root certificate and use Certificate Import Wizard. After certificate is imported, I can see the certificate in Trusted Root Certificate Authorities.
Can anyone please help on it? I want to get the certmgr.exe working.
Thank you
Finally I got it. The command should be
certmgr.exe -add -all -c rootCert.cer -s -r localmachine root
Related
When running ./bootstrap in a freshly-cloned repository (https://github.com/coreutils/coreutils), it seems to either
not find some files it wants to or doesn't trust https://translationproject.org.
./bootstrap: Bootstrapping from checked-out coreutils sources...
./bootstrap: consider installing git-merge-changelog from gnulib
./bootstrap: getting gnulib files...
Submodule 'gnulib' (git://git.sv.gnu.org/gnulib.git) registered for path 'gnulib'
Cloning into '/home/vagrant/coreutils/gnulib'...
Submodule path 'gnulib': checked out '0ac98783691bbf8212537ebe18ddb68feb22a760'
./bootstrap: getting translations into po/.reference for coreutils...
ERROR: The certificate of 'translationproject.org' is not trusted.
ERROR: The certificate of 'translationproject.org' has expired.
So what I am going to do to make the certificate be trusted by my system and make it compilatioin successfully?
First, to get the certificate:
wget --mirror --level=1 -nd -v -A.po -P 'po/.reference' https://translationproject.org/latest/coreutils/
and then make the certificate trusted:
a) ask openssl to trust:
openssl s_client -connect translationproject.org:443 -CApath /etc/ssl/certs -showcerts </dev/null 2>/dev/null
b) ask cert tool to trust
certtool --verbose --verify --infile=/tmp/translationproject.org.certs
Finally, you can use ./bootstrap sucessfully.
I have been using play framework as my server and react webpage as a client. I have already created and set up certificate for react webpage using letsencrypt. But, now i have to configure this certificate work also for play application. How can i configure application.conf to use it?
I myself found answer answer to my Question.
First create certificate for nginx from https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04#step-5-enabling-the-changes-in-nginx
After creating certificate, follow following step:
1) First stop your play server
2) Do sudo su
3) Do ssh and go to the location where your sslcertificate is which will be like: /etc/letsencrypt/live/example.com
4)Type following command
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert_and_key.p12 -CAfile chain.pem -caname root -passout pass:your_password
5)Type following command
keytool -importkeystore -srcstorepass your_password -destkeystore keyStore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -storepass your_password
6) After .jks is created put following code in your application.conf file:
play.crypto.secret="changethissosomethingsecret"
play.server.https.keyStore.path = "Path to your .jks file"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = "yourKeyStorePassword"
5) Now change your play run command to following
nohup /home/ubuntu/webserver/manpowercompany-1.0-SNAPSHOT/bin/manpowercompany -J-Xms128M -J-Xmx1024M -Dplay.crypto.secret=anyKey -Dhttps.port=9002 &
Note: Change the directory according to your file locations
6) Start the server with the file containing above run command. You might need to do sudo.
7) You are good to go. Now your server is served as https at port 9002
Above procedure are the step i did according to my project. So, do reference this and make changes according to your project.
Thank you!!!
I am trying to generate a self signing certificate but am unable to accomplish it. I am using this command to create a self signing certificate authority:
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
Which by all accounts works, and I can view the new entry under the Trusted Root Certification Authorities.
Next I use the following command to create a signing certificate:
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root1.cer
But the command fails with:
Error: Can't load the issuer certificate ('root1.cer')
Failed
I was of the impression that the -ic switch would create the root1.cer file, but the error seems to indicate that it can't load it? Where am I going wrong with this?
When attempting to creating a Self Signed Certificate it does not require another certificate to generate it. Because as the name states, it is Self Signed (it is signed by the private key that belongs to the public key it contains).
When creating a common certificate you should provide a parent to make use of it. When verifying authenticity of this child certificate you should also have the parent certificate installed on your machine. This is the concept of Chain Trust.
See in your 'Local Machine' store, under trusted root certificates, you should have .cer from many Authority Agencies, such as Verisign for instance.
-iv Stands for Issuer's Private Key. (Parent .pvk)
-ic Stands for Issuer's Certificate. (Parent .cer)
In your first command, you created root.cer.
makecert [...] -r -sv root.pvk root.cer -ss Root -sr localMachine
In your second command, you told it that the issuer certificate was in root1.cer (with the parameter "-ic root1.cer"). That is what led to the error message that it could not find root1.cer.
So, change the 'root1.cer' in the second command to 'root.cer'. It should look like this:
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer -sv powershelluser.pvk powershelluser.cer
This does the following:
Generates a new key, placing it in powershelluser.pvk.
Uses the key in root.pvk to sign the new certificate, and uses the information in root.cer to set the Issuer of that new certificate.
Writes the new certificate to powershelluser.cer, and also writes it to the "Personal" certificates store in CurrentUser.
I need to encrypt an XML file with a x509 certificate on one computer and be able to decrypt it with the same certificate on another computer. It doesn't seem to work for me like Microsoft suggests:
http://msdn.microsoft.com/en-us/library/ms229744.aspx
The decryption process always fails on another computer!
I create a certificate by using the following command:
makecert -r -pe -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer
Then I install it by using:
certmgr /add deep.cer /s root
And try to get its private key with the FindPrivateKey.exe utility:
FindPrivateKey My CurrentUser -n "CN=DEEP_201X"
Works great. However, when I perform all the same actions to install the certificate on another computer FindPrivateKey will fail with
No certificates with key 'CN=DEEP_201X' found in the store.
when I use
certmgr /add deep.cer /s my
the error message will be like this:
Unable to obtain private key file name
Could someone please give me a piece of advice on how to make it work?
I suspect that you only need the private key on the decrypting computer.
However...
If you really need the private key on both computers, be aware that The .cer file does not include the private key.
(I think) makecert adds it to the local machine when it generates the cert. You can write it out using the -sv option. Then build a pfx container for the certificate that contains it.
makecert -r -pe -sv myprivatekey.pvk -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer
pvk2pfx -pvk myprivatekey.pvk -spc deep.cr -pfx deep_private.pfx
I haven't been able to convince certmgr to import private keys from the commandline. Use it in gui mode or use the certmgr.msc snap-in.
I need to make two certificates: CA sert and Server cert.
I use this commands.
makecert -r -pe -n "CN=CACert" -a sha1 -sky signature -cy authority -sv CACert.pvk CACert.cer
certutil -addstore Root TGCA.cer
makecert -pe -n "CN=ServerCert" -a sha1 -sky exchange -ic CACert.cer -iv CACert.pvk -sv ServerCert.pvk ServerCert.cer
pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx
Then I import ServerCert.pfx to certificate storage.
Why they do not contain private key in storage?
Why don't you try to generate pfx file by passing the private key password as an argument?
Try it this way
pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx -pi password
As the documentation says:
/pi pvkpassword
Specifies the password for the .pvk file.
Source: http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672(v=vs.85).aspx
So, after a long dance with a tambourine I found a solution. Problem was in UI. My goal was to import pfx to localmachine storage. It's impossible to do by starting pxf file from folder.
When pxf imports wihout pvk pass, the internal private key do not imports. Password do not requests when importing to localmachine storage by MMC.
What I made:
Import pxf-file from file explorer to CurrentUser "My" strorage (entering pvk password).
Export certificate from storage to new pxf with password.
Import new pxf to localmachine "My" storage with MMC.
I don't know other ways.