I have a specific need inside my organization and want to know if it would be possible. Any suggestion would be appreciated;
Inside my organization, for several reasons, there are distributed a lot of certificates installed inside each worker computers. Each worker may have maybe 5 or 6 certificates to access several webs, sign documents, etc. Each time a computer is broken and reinstalled, or a new worker is hired or someone is fired, the management of that certificates, become a real headache; removal, re-installation, etc.
I am proposing to my organization to develop some kind of certificate repository to centralize the several certificates of my organization.
My questions are about to the possibility to develop and change or implement the keystore o a new CSP or KSP so this new crypto provider could access a central service/server/repository to present (authenticate), and sign documents every time a specific user needs it.
In the case of computer reinstallation, just installing the developed driver/csp, would give access to the central certificate repository.
The concrete questions are if you think it would be possible to develop that driver/CSP/KSP piece of software and what is your opinion about the possibilities to implement it successfully in a maintainable way into MS-Windows environments. How would you focus this development?, just some tips about what it would be possible or not.
Regards,
Definitely it can be done because there are solutions like RedTrust from Evolium that do exactly this.
A centralized certificate store that also allows to manage the usage of the certificates.
Related
I've been developing a web app locally on my local MAMP computer for the last few months. Now I am ready to launch it while continuing to add enhancements/fixes. So, I am wondering what is a good way to implement a development AND production server in order to efficiently manage updates, prevent overwrites, and seamlessly add other developers into the workflow. I also want something that has a minimal learning curve for me. Personally, for whatever reason, I've never been able to fully grasp version control systems like Git or SVN so I am hoping for an easier solution until I am able to invest more info the business.
As I see it, the options that I have are:
Spend more time learning Git before launching. And hoping that I don't break anything while further developing my app.
Buy two hosting accounts. One for Dev and one for Prod, where only I can do the deployments into Prod. I suppose I'd have to keep track of all files we've modified in a spreadsheet that are deemed ready for deployment.
Editing right on the FTP (no Dev server).
Are there any other options that you can recommend? I've heard that there are some new types of Web Hosting companies that can do the heavy lifting...
While personally, I have had good experiences using svn/git for multi-developer websites, I can understand your reticence to start relying on something you are not entirely familiar with. Unfortunately, I do believe that is your best option, but failing that, you might try using subdomains. My former employer would create test area on the disk and point beta.thedomainname.com at it. When bug fixes or upgrades were complete and verified to be working in the beta directory, the entire directory would be copied over to the live domain. Not the most elegant solution, but it worked. It certainly is cheaper than buying two hosting accounts.
I'm going to be creating a few small mobile applications and have managed to find a great online Git repo hosting services that is free. It even comes with online issue tracking software but appears to be mainly geared towards the development team. I was hoping it would also have an interface for end-users to log issues/features and allow them to vote on what they wanted but it does not have this. It does expose an RESTful API but I didn't want to go down that path and wanted something ready to go (once configured).
I don't think I need it to be integrated with the Git repo so having something that is purely standalone would be great but I would definitely want something that is online as I don't want to install software on my local PC.
In summary, my requirements are:
Free or very cheap
Simple end-user interface to allow users
to submit issues/features
Allow end-users to vote on their own or other users issues/features
Visible status of issues/features (i.e. whether they are pending, in progress, rejected, fixed etc)
A more advanced management system for me as a developer to manage the
issues
Some basic reports/charts/graphing would be great
Email/RSS notification of new issues/suggestions would be great too
Something that is ready to go after some configuration/settings.
Can anyone recommend something that would be suitable for this?
TIA
I based my question on a website I saw a while back but couldn't find it. Anyway, I've now found it again (it's called http://www.uservoice.com/). It's not really issue tracking but more of a way of letting end-users report features and allow them to vote on them. The important thing is that it is a very user friendly interface which is perfect for end-users. Obviously, I would then need to maintain issues/features in my own system (e.g. Mantis) and then manually sync features requested in uservoice to Mantis but that shouldn't be a big issue. Anyway, this perfectly meets my needs for my low volume applications at the moment.
It's hard to fully understand all this certificate stuff for IOS development and it's implications.
One piece of info I can not find in the docs or via google: In order to join multiple developer programs (when working on software for different clients), should I create a unique developer certificate for each, or can I use the one I already have?
Is there an advantage/disadvantage in either way?
You can use the one you have, but I suggest you make specific ones for each client. Certificates expire, so multiple certs gives you more flexibility when re-creating, re-building, and re-submitting apps. You also may want/need to share creds with other devs or testers. With multiple certificates, you can share specific ones without sharing all of them.
But you're right, this stuff is very confusing.
My best advice: name things carefully and well.
I want to know if there is a possibility to add a team member in iPhone Developer Portal that will have permissions (see / modify / update) ONLY to one application.
The reason - there is a big company (that has many applications in the App Store) that uploaded one of my applications and I have hard time to send an update to the application (can't access the guy that is responsible for all the iPhone applications).
I want to ask them to add me as a team member, but they might agree only if I won't be able to see/touch any other application except the one that I have developed...
Thank you.
I don't believe this is possible; there are no per-app permissions.
The available "roles" are explained here:
http://developer.apple.com/programs/roles/index.php
It seems a bit odd if they trust you to write an application that they've published under their corporate identity, but don't trust that you'll only change what you're meant to. Either way is seems the only solution to your problem is likely to be a non-technical one; you need to find a way to get to that guy, whether it's appealing to his better nature, or finding a path to someone more senior who can lean on him.
I am a developer working on several iPhone apps. I am an administrator in our Apple dev portal team. The Agent of our team is NOT a developer. I understand that ONLY the Agent can request an ad hoc deployment cert, and prepare an app for ad hoc distribution.
I assume that the Agent can generate the certificate and pass them to me so that I can provision and build the app for ad hoc distribution, but I have read horror stories about using multiple certificates in xCode. Just getting set up for development testing on the device was complicated enough!
Has anyone dealt with this issue? What pitfalls are there in using multiple certs in xCode? I suppose that I would also need to have the Agents public and private key in my keychain.
It's not a nightmare, it can just get a little confusing, especially if you give your profiles unhelpful names like "distribution profile." If you expect to have multiple sets of profiles, certificates, and keys on your computer, make sure they are named so that you know what goes with what and belongs with what.
I posted some recommendations in this area a while ago.
My number one piece of advice is to give your private keys descriptive names. Fortunately, you can do this at any time in Keychain Access. By default they are simply named "Private Key" and if you lose the certs you'll have to resort to some openssl geekery to figure out which key goes with which.
You are expected to use separate development and distribution certificates; you actually set up different configurations for them. The "nightmare" comes when you use several different development certificates. If anyone touches the certificate setting on the Debug configuration, it must thereafter be set manually (which is a pain in the ass, of course).
So no, there's no problem with the Team Agent giving you his distribution certificate and private key (you'll need both). He needs to realize that Apple will hold him responsible for your distribution of packages, though.
The main issue is that you'll need the Agent to export the private key they used to generate a certificate request for on the portal. The portal has instructions for backing up and transferring that private key... only when you have that key on your system can you make use of the certificates they create for Ad-Hoc.
The docs at this point for the whole process are pretty good, but you must read through them very, very carefully and follow eery step to the letter.