I am currently trying to get the MirrorLink example Application up and running.
When using the MirrorLink Plugin for Android Studio one can make use of the Wizard when creating a new Project.
https://causeway.carconnectivity.org/wg/DevWG/document/folder/570
This Wizard automatically creates a Gradle Script that generates a required self-signed.ccc.crt certificate to get Apps MirrorLink aware.
When I check the .apk with the provided Validator Tool https://causeway.carconnectivity.org/wg/DevWG/document/folder/570
I always get the following log output:
Checking com.mirrorlink.android.app.LAUNCH intent - OK
Checking com.mirrorlink.android.app.TERMINATE intent - OK
Checking com.mirrorlink.android.service.ACCESS_PERMISSION permission - OK
Checking DEVELOPER entity - OK
Checking if developer certificate exists for serverID="" - FAIL.
Provided serverID is empty
Checking application id - OK
Checking self signed certificate - OK
The APK is not configured correctly.
The official documentation does not describe how to add a serverID to the certificate.
Any Help is highly appreciated.
The server ID is not used in the certificate, but is used by the Validator tool to check if the Developer Certificate Mechanism is configured correctly. If you put a Server ID in the text field labelled "Server ID for checking developer certificate" and then press the "Verify application" button, the Validator will use the server ID provided, and check to see if it is in your Developer Certificate.
Here's an example of what it looks like when all goes well (with part of the Server ID obscured):
Related
Is it possible to have Wazuh Manager served through custom SSL certificates? The wazuh-certs-tool gives you a self cert, and every other way to get it served through SSL has failed.
The closest I've gotten to getting this to work is I've had the dashboard being served by a custom SSL, I had agents connecting to it successfully and providing a heartbeat, but had zero log flows or events happening. When I had it in this state, I saw the API calls were coming from what appeared to be a Java instance, erroring out complaining about receiving certificate. I saw a keystore file located at /etc/wazuh-indexer. Do I also need to add the root-ca cert here as well?
It seems that your indexer's excepted certificates do not match the certificates in your manager or the dashboard.
If you follow the normal installation guide, it shows how and where to place your certificates, that are created using the wazuh-cert-tool. But, certificates can be created from any other source, as long as they have the expected information, you can check that informationenter link description here here.
I would recommend you follow the installation steps in the installation guide, from scratch to make sure you copy each excepted certificate in it's place and that the configuration files for your indexer, dashboard, and manager take into account the correct files. All you would need to change, the creation of the certificates, to have your own custom certs.
In case of further doubt, do not hesitate to ask.
As requested by Preston PHX, I uploaded a full copy of my
code to Dropbox:
My test ASP.NET Web App
I hope this helps someone to identify what I may have done wrong
#####################################
I am trying to use the sample code at https://github.com/paypal/Checkout-NET-SDK/tree/develop/Samples to make contact with the Sandbox but it doesn't work for me. In order to find out why, I ran my code in Visual Studio under Localhost in debugging mode, using several breakpoints.
This line of code in my test page ...
var createOrderResponse = CreateOrderSample.CreateOrder(true).Result;
... displayed the following error:
Inner Exception 2:
HttpException: {"error":"invalid_client","error_description":"Client Authentication failed"}
However, it was the environment function in PayPalClient.cs (modified to use my PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET) that appears to have generated the error:
public static PayPalEnvironment environment()
{
return new SandboxEnvironment(
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_ID") != null ?
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_ID"):"<<PAYPAL-CLIENT-ID>>",
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_SECRET") != null ?
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_SECRET"):"<<PAYPAL-CLIENT-SECRET>>");
}
I very carefully copied my PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET from the REST API app I created via the PayPal Developer Dashboard. Apart from that, the GitHub sample code has not been modified. I could see no requirement in the GitHub code to specify a Sandbox URL and assume that this is provided by the PayPalCheckoutSdk via the use of "return new SandboxEnvironment()".
It's not obvious to me why my attempt to connect to this Sandbox account is failing the authentication process. What might I be doing wrong? Is it anything to do with my use of Localhost?
EDIT on 1 Nov 2021 in response to Preston PHX
Creating a new Sandbox Client ID and Secret made no difference. Prompted by another forum post I read some time ago, I also tried using ngrok (for the first time) to open http port 80 to facilitate PayPal testing via Localhost, but the connection to the Sandbox still failed authentication.
Sandbox Client ID: AZcb8XrqhJEUO7lS_JtKSe3sdNDLESmo3ekhupDKTL1J9vQCKVOzacCjO3PBQwSfngYkLGa-qS7EUrGV
Secret:
EBEcuPewHdzCB8p0qE1Yszjk2eMyFCstzkL0Diz2WC5IQREsu6cDHr7yFG9a-GDIyljb-KRb2DA6Hoey
I installed curl (plus Bash and Git) on my Windows 10 PC and ran the curl command specified on the get-an-access-token page. I couldn't find a way to post the result here in an easily readable form so I put it in a Word doc and uploaded that to Dropbox.
https://www.dropbox.com/s/knia3y2ighfzxpa/Result%20of%20PayPal%20curl%20command.docx?dl=0
Edit on 2 Nov 2021
As requested by Preston PHX, I have uploaded a copy of the ASP.NET Web App I have been using for my tests to Dropbox.
https://www.dropbox.com/sh/4uclfs2lexv4v42/AAAjoZIN5cEMV1mu0cYi24zKa?dl=0
I've only uploaded the project folder, as I'm guessing that it is unnecessary to upload my Solution files.
Create a new sandbox client ID and secret in the developer dashboard. Test with the new client ID and secret.
If issues persist,
Update your question with both the new sandbox client ID, and the new sandbox secret.
Update your question with a sample curl command to get an access token, showing the entire command and the entire response in your question.
FOR DEVELOPMENT: I configured my site to run without SSL for my development box and it all works great.
Now I am moving this to our dev testing server so I can test it there.
I first ran it as a non ssl intranet site to confirm configuration and etc....
It works perfectly.
Now I am in the process of creating a cert for the site and plan to use self signed certs for developer testing.
I have read many post ( google search ) on the topic related to the error I am getting.
Basically, I am 110% sure I am not creating this cert correctly for the site to which I need to bind it to.
The error:
The remote certificate is invalid according to the validation procedure.
So I am trying to understand what they mean by answers like this:
When working with self-signed certificates: add them to the trusted root authorities & use the hostname instead of localhost. ]
So if your computer name is "mypc", the uri should be "https://mypc/..." instead of "https://localhost/...".
This is what is confusing to me...
For example , if computer name is: svr-d-web-003
So the uri: https: //svr-d-web-003/?????
Looking at the advanced settings Bindings could I extrapolate the uri as: https: //svr-d-web-003/webhost.oauth.xyz.org ?? This seems wrong to me...
Site settings and etc....
Used these steps to create the cert:
1. C:> certlm.msc
2. Right-click on Certificates, then click All Tasks/Request New Certificate
Click Next, Next
Click on link as shown under the template you need.
Select Common Name from drop down
Enter the machine name dns name (example: svr-v-wus-001), then click Add button
Click OK,
In the Requests Certificates window check the box for xyz, click Enroll
Look in the certificates store and it’ll be there – you may need to click Refresh button
Follow up In IIS – you’ll bind the certificate there to your site. Remember the name needs to match the url. (This might be my issue here...)
See attachment...
I finally got it to work.
When creating the cert I had to match the name of the cert (common name) to the site.
For example: the site is https://identService.oauth.xyz.org so the cert name needed to be identService.oauth.xyz.org.
Then it all worked. I was confusing the site name with the machine name. Doh...
It may seem to be asked several times, but I could not find answers to my doubts.
As one needs to setup an MDM server, what are the things that need to be available or installed on this server. Is there a specific configuration?
Is SCEP (which I think needs to be available on the server) required to setup MDM. If yes, how to go about with it.
When I set the Server URL inb the MDM config profile to any of the servers I have, the profile fails to install with the error in console as "The identity certificate for com.abc.mdm.mdm1 could not be found."
It'll be helpful if anyone could redirect me to the detailed steps to setup MDM server. I could not find any such thing in Apple's WWDC 2010 video.
Edit: Some more stuff I've tried
I'm trying to configure MDM server for iPhone and have tried the following steps till now.
I have installed a trial certificate from RapidSSL. When I open my site as https://example.com, I can see a lock at the address bar - hence I believe that the certificate is valid and working.
In iPCU, I create a credentials payload and select my certificate from the list.
In the MDM payload, when I try to select an Identity, the dropdown list is disabled with a message as Add credentials in the credentials payload.
In the credentials payload when I select any other certificate from the list - VeriSign for example - in the MDM payload I get the Identity dropdown list enabled and can select the configured credential, but this is an Invalid certificate.
Edit: Images added
Edit: Moved further more
With some hits here and there, I'm now able to get the 'Identity' field enabled. But when I try to install the profile, I get an error as 'Profile failed to install' with the message in console as
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MDM|Cannot Authenticate. Error: NSError 0x1ddb8f50:
Desc : A transaction with the server at https://example.com has failed with the status 405.
US Desc: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCHTTPTransactionErrorDomain
Code : 23001
Type : MCFatalError
Params : (
"https://example.com",
405
)
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MC|Cannot install MDM com.example.ota.mdm2. Error: NSError 0x1ddb9120:
Desc : The payload com.example.ota.mdm2 could not be installed.
Sugg : A transaction with the server at https://example.com has failed with the status 405.
US Desc: The payload com.example.ota.mdm2 could not be installed.
US Sugg: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
Params : (
"com.example.ota.mdm2"
)
Edit: Continuing after a long break
Here's a summary of what I've done till now.
Configured a Windows 2008 server with an SSL certificate from a CA. ie. The server can be accessed as https://example.com
Hosted a .Net webservice that listens to PUT.
Generated an MDM certificate from the iOS Developer portal.
Generated a Push certificate from Apple. The topic is something like com.apple.mgmt.External.035e7xxxxx
Added the server certificate to the Credentials payload of iPCU. This was done by
- Exporting the server side SSL as a .pfx file
- Adding this file to the Windows Certificate store
- Selecting this certificate in the credentials payload.
I've hosted this profile on the server. When I download it on the device, I'm presented with Profile Installation on the device. When I install this profile, I end up with an error saying "The profile MDM could not be installed". On looking at the device logs, I found
<Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc : A transaction with the server at “https://example.com” has failed with the status “400”
IMP: I noticed that the Push certificate generated says "This certificate was signed by an unknown authority". There's also no private key associated with it.
I suspect something wrong is selecting the certificate in the Credentials payload (Step 5).
Also when the Profile Installation screen is presented, I get "Not Verified" just below the the profile name.
Solved
For the "unknown authority" issue I installed Apple's Application Integration certificate.
I'm now able to execute the MDM commands.
Complete Steps
https://drive.google.com/file/d/0B9vJDmfd2qb9RmdGNlp4OUR3eVk/view?usp=sharing
https://drive.google.com/file/d/0B9vJDmfd2qb9eGlkUk44ajZrWjg/view?usp=sharing
You need just 3 things
1) mdm payload with mdm url starting with https://
2) certificate which you download using apple developer portal. This is detailed on apple site
3) Link this certificate (.p12) file in the identity section of the mdm payload
Your server needs to have the necessary ports open - this is also documented. The server needs to listen on PUT method and not GET or POST.
If you do above - you will see that your device sends the deviceToken, pushMagic etc.
First up, the 405 status from the server means that you are attempting to POST to a URL that does not accept the POST method. It has nothing to do with the certificates at this point. The certificate in MDM is only used for signing the MDM messages so anything that is put in there is unused if you are not signing your MDM messages from the device (I would recommend not signing your MDM messages while you are testing/setting up) which is configured using the 'Sign Messages' tick-box in the iPCU.
The general idea with MDM is that you tell the device to 'phone home' to the 'Server URL' configured in the configuration profile when it receives an MDM APNS message. You will either have to write or purchase the code that lives on this server to respond to the device and do the right thing. You can also configure the 'Check In' and 'Check Out' URLs to talk to different URLs and, therefore, different code components on the server to handle the different messages.
I'm creating a new CSR (Certificate Signing Request) using the Keychain Access tool:
Certificate Assistant -> Request a certificate from a certificate authority...
In the certificate information I fill in my email address and name,
selecting the "Save to disk" option.
I save the CSR to the desktop
The wizard completes successfully, but no file is saved to disk!
I've done this before, but this time it just isn't working. I tried restarting the
Keychain tool, restarting the computer, no luck.
Any ideas?
You have an existing private key selected in the main window of Keychain Access. That is also why it says "Request a certificate from a certificate authority using {some id}" in the menu. Deselect the private key by selecting something else, and then it will work. Apple if you're reading this, you need an error message at the end of the sequence described above.
I had the same problem. I noticed (after reading the first answer above), that I had the Keys category selected. I then selected the Certificates category, ensured I did not have any of the available Certificates selected, and I started my request and this time it worked like a charm.
Had the same problem. Here's the solution (for me at least).
You can have only one developer certificate installed on one machine - delete your old certificate from the keychain and you will be able to create the new one normally.