I wonder if it is possible to automaticaly renew all the certificates that are in server, then we dont need be worry if the cerficates date are about to expire.
I tried to configure auto Enrollment but im not 100% sure if i did correct.
I've followed this link to configure:
https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment
Related
I am using cert-manager ACME workflow to manage my certificates in K8s. Seems like cert-manager does not give me control on when the certificate gets re-issued (usually happens when expirations comes near).
Does cert manager revoke the previous certificate once it has issued the new one? And can you control this behaviour?
I tried looking for it in documentation, couldn't find the answer. Next up is an experiment.
Cert manager will renew certificates generally when there's 30 or less days left on the validity. It does not "revoke" older certificates, it renews them (where applicable)
The exception to this is if you change the hostnames on the certificate. Certmanager will issue a NEW certificate containing the updated names, but it will not revoke the old certificate. The old certificate will simply just not be renewed and will expire naturally.
Is it possible to have Wazuh Manager served through custom SSL certificates? The wazuh-certs-tool gives you a self cert, and every other way to get it served through SSL has failed.
The closest I've gotten to getting this to work is I've had the dashboard being served by a custom SSL, I had agents connecting to it successfully and providing a heartbeat, but had zero log flows or events happening. When I had it in this state, I saw the API calls were coming from what appeared to be a Java instance, erroring out complaining about receiving certificate. I saw a keystore file located at /etc/wazuh-indexer. Do I also need to add the root-ca cert here as well?
It seems that your indexer's excepted certificates do not match the certificates in your manager or the dashboard.
If you follow the normal installation guide, it shows how and where to place your certificates, that are created using the wazuh-cert-tool. But, certificates can be created from any other source, as long as they have the expected information, you can check that informationenter link description here here.
I would recommend you follow the installation steps in the installation guide, from scratch to make sure you copy each excepted certificate in it's place and that the configuration files for your indexer, dashboard, and manager take into account the correct files. All you would need to change, the creation of the certificates, to have your own custom certs.
In case of further doubt, do not hesitate to ask.
We're just going live with the Intuit API feature on our live application. We finished the last step of the process by uploading the X.509 certificate signed by Comodo PositiveSSL CA. Though our production access status shows up as ready now, we are having a problem using the production OAUTH credentials. We get an unauthorized exception using these credentials. The development OAUTH credentials work fine though. We also tried using Thawte SSL 123 but no luck even with that.
Also, the actual expiry date of the X.509 certificate, we uploaded is 16-Mar-2014 but when we upload this to the Intuit settings page, it shows expired (0/1/1). Please advice.
Adding the update here to this question- issue was with pointing to the wrong PFX file.
I'm stuck with my app. I can't upload it to iTunes because, after the "Archive" step when I have to choose an application record and a Code Signing Identity it says:
"My Name" is a valid identity. However, the associated package identity "My Name" has expired.
Looking in the popup menu of Code Sign Identity I notice that the problem comes from the "MyProgram_production" certificate, and in fact in the provisioning portal, when I go to create the developer certificate profile for Production I get this error:
You must have a valid Mac Application Certificate to create a Provisioning Profile.
But I already created a valid provisioning profile, as you can see in the image it is there, but the expired one is also there.
My problem is that in the certificates page of the Apple site, the old expired one is not there. There are some old certificates but I have no chance to delete them:
What can I do about this?
After 2 days of total desperation... (I should be used being an Apple Dev for some years now...) I finally resolved my problem...
For who is having the same difficulty the problem was I could not see the expired certificates in my Keychain Access and that is because there was the (strange) option "Hide Expired Certificates" in my comp... I changed Mac and had no idea there was this option...
Why someone should want to hide an expired certificate and not just delete it???
Anyway deleting the expired certs and doing all the certificates again on Apple site did the trick!
You have to revoke and have to create new certificate. It clearly says "You must have a valid Mac Application Certificate to create a Provisioning Profile. So you have to generate valid certificate starting from keychain.
I am trying to create certificates that will allow me to send push notifications on my device and I am total lost. I have used certificates for BETA and distribution but adding push notification is pain.
When I do create certificates for BETA testing, I do the following steps.
From keychain, Request a certificate from a certificate authority.
In Apple Provisioning Portal under Certificates, create a certificate uploading file keychain file.
Assume APP ID is created perfectly and devices are ready.
In Apple Provisioning Portal under Provisioning, I create a new profile and download mobile provisioning file to add to the XCode organizer.
That above steps works and I can BETA test. Now in order to enable push notification, I have setup server which is tested with push notification and is 100% working. When I configure for push notification, I need to upload keychain file. Is that the same file I uploaded under Certificates? There is a file in return which I double click and it gets added to the keychain, am I doing it right?
If I understand your question correctly, the answer is no, it should not be the same file. I'll explain the entire process in detail and hopefully that will clarify the situation (and what you need to do next).
When you enable push notifications, you need to do four things:
Create a private/public key pair.
Create a certificate signing request (CSR), signed with your private key.
Submit the CSR to Apple and download a signed certificate.
Create a file containing your certificate and private key, for validating each APN request.
Some points:
I recommend you use different keys for development (sandbox) and production APN. You can re-use the keys if you are sending notifications to different apps, but it is safer if you don't re-use keys between development and production.
The file you "submit" to the provisioning portal is the certificate request. You will have one CSR file for each certificate. You will create a two CSR for each app (bundleID); one for development, one for production. The CSR created with your development key should be submitted for development and the CSR created with your production key should be submitted for production.
Note: Keep the CSR files. You don't have to have them, but it will save you some time when you need to re-send the certificate requests.
After submitting your CSRs, you will be able to download the actual certificates. They aren't ready immediately, so give Apple a minute or so and then refresh your browser. The difference between the CSR and a certificate is important: the certificate is signed by Apple; it validates your ability to send push notifications. Download the certificates and load them into your keychain (double clicking is fine).
Note: the certificate is useless without your private key; so you will need to safely export your private key if you switch computers.
Any computer sending an APN request will need both the private key and the certificate. You can export them as a single .p12 file using Keychain Access. (I name mine MyAppCertKey.p12 to indicate that the file contains both the certificate and the key.)
Last, I wrote up a detailed explanation on testing / verifying communication with Apple's servers (from the terminal). It's a little complicated since you need to have some root certificates set up for openssl to validate against; however, it will tell you if you are communicating correctly with the servers, without requiring any work on the receiving app itself.
Couldn't able to connect to APNS Sandbox server
Hope that helps.