I am supposed to fulfill a common-for-most-developers request to build/consume secure services using ssl/tls... via various communication protocols, not necessary wcf (web) services.
My problem is that I don't know much about certificates and I have been trying to get my background knowledge up to speed on the entire process.
The organization I am coordinating with issued 3 files for me to use:
AppName.cert.pem
AppName.csr
AppName.Key.pem
and also gave me a password for these.
The organization also gave me another certificate:
Organization.cert.pem
which is supposed to be used with their test tools.
The scenario is that the organization provided a test suite that runs on one vm, and the software I am building on another. I am supposed to import both of the certs into the vm with my software, and I think the organization's cert into the vm with the test software.
Problem is I don't know how, and the help links they provided are pointing to OpenSSL and some Java2SE tracing the secure requests/responses from either side....
Well, my code is written in C#, and both VM's use Windows Server 2008R2 x64 Standard/Enterprise. I am not sure how to import the certs, and configure them a) on a per application basis for a specific PORT and b) per domain basis?
Thanks,
Any help and guidance would be greatly appreciated!
Well, I downloaded the OpenSSL windows client and converted the AppName.cert.pem, AppName.csr AppName.Key.pem into a single consolidated AppName.PKCS12.
I later imported the result using the Cert Manager (MMC Snap In) in each WS2008R2 VM environment and it worked just fine.
It turns out that the Cert Manager also does understand what is a *.cert.pem file so I was able to import the Organization.cert.pem as well on both VM's.
Thanks
PS: Never read instructions about Windows config written by a Linux/Unix nut-job. This whole exercise of certificate management would've been easier if the person that wrote the test software manual (which I ported from Linux by the way...) didn't send me on a wild goose chase due to his lack of understanding of the capabilities of the Windows Server Environment... No need for OpenSSL.
<bleepzter/>
Related
I am trying to use PowerShell DSC to deploy our software to client PCs; in most of the DSC tutorials or examples that I have seen, DSC seems to be used to deploy server software.
Does it make sense to use DSC for client PCs?
Notes :
I have already tried deployment with the classic .MSI packages; it doesn't work very well in our case for various reasons, and we would really benefit from the fact that DSC deployments can automatically "heal" in case of problems.
I use puppet to deploy the server-side software; it works fine, but puppet doesn't seem to be a good fit for client PCs (therefore PowerShell DSC).
DSC does ship in the client. When we say DSC is for configuring servers it means we will target scenarios specific to the server. However, with the existing features if you can solve a scenario in client, feel free to do so.
Dsc is oriented for server , where a configuration is global for the system (like a database , web or file server).
Users can have differents settings on the same machine , dsc is not the best solution to deal with that usecase.
Anyway, for package deployment you can look at Oneget or Chovolatey ;)
All,
I have a C# ServiceStack console listener application running on Ubuntu using Mono. Within that application I have one service that must authenticate first at Appcelerator Cloud Services (ACS). I have tested the code locally(Xamarin .NET on OSX) and can see the code is fine. Based on the error and investigation using the almighty Google, Mono doesn't trust any secure sites by default.
So far I have tried using mozroots to import all mozilla root certs, and have used certmgr -ssl to import the certs directly from https://api.cloud.appcelerator.com. Nothing has worked so far.
I don't want to put code in place to bypass SSL in order to accomplish this as I think that is a cheap/insecure hack. There has to be a proper way to make this work.
Any and all suggestions appreciated!
Bruce
All,
I had it right. I was just missing the reboot which allowed Ubuntu to load up all the certs in the store.
Victory is mine, sayeth the coder...
I work at a company who does 3rd party iOS development for various enterprises. I've been tasked with researching a better way to build and deploy code to these enterprises. Based on the Apple TOS, they cannot use an application signed with our Enterprise certificate (they're not "in house"). The code needs to be signed with their (our clients) Enterprise certificate. Here are a few possible solutions I've seen -
1) Send the code to the client, and have the client build it. This is a no-go.
2) Create a library with the application code and send the .so file, and the headers, to the client for building. We're currently doing it this way but are looking at making this easier on the client/us.
3) Have the client send us their certificate, mobileprovision, and .p12 file and then we build the application using their certificate. This could work but could become a management nightmare.
We've come up with an idea that is kind of a mix of these ideas. The idea involves building a customer portal where the client can upload their files (cert, p12, provision) to our Mac server and the Mac will automagically build their application, properly signed. The problem I'm having, however, is I can't seem to find out how to automate the installation of certificates and provisions.
So with that said, does anyone know of a way to install a CodeSign certificate (with a .p12 file) and a mobile provision file from the command line? Once installed is there also a way to remove the items from the command line?
Any help, ideas, and/or input would be greatly appreciated. Thanks!
You should be able to manage those resources in the keychain using the security (http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/security.1.html) command. The script I'm using to control command line builds might be a useful reference: https://gist.github.com/949831
Admittedly I've only ever had a maximum 2 external clients plus my own stuff at one time, so it was mostly only the same nightmare that it usually is by default, but how bad would it be if you had to manually do everything EXCEPT the provisioning profiles? In my experience once the client certs got added I never really messed with them again even with new projects (from the same clients.)
You could handle the provisioning profiles by simply copying the files into ~/Library/MobileDevice/Provisioning Profiles, and deleting them when no longer needed. It sounds like you are already set up to automate that process.
If you're currently installing the provisioning profiles by "dropping them onto xcode" I'd suggest you do it by copying into the folder anyway, because then the file names are preserved and so you actually can tell what you have installed by simply looking at the folder.
General question to experienced developers:
I want to develop a secure an area on my local machine which I will then roll up to the remote server.
I am using IIS 6 with MVC2 on VS 2008.
I understand that the SSL provider will only issue a certificate to a given domain, which while I find this logical, cannot figure out how to build locally.
How do you guys do it?
Its a oddly long and tedious process, but you can create your own certificate and install it on your machine and then use it to develop with SSL running locally.
Michele Leroux Bustamante has the steps listed on several places online, this is just one:
http://www.devproconnections.com/article/security-development/working-with-certificates.aspx
This is an interesting challenge and I am not sure if anyone out there has undertaken it. I work for a software vendor, selling a large enteprise scale Microsoft.NET based software. Most of the production issues are triaged using DebugDiag or ADPlus dmp files. Our customers often ask us if we could publish our symbols public like Microsoft's http://msdl.microsoft.com/download/symbols site. Any guidance here is much appreciated.
thanks
You need to set you Symbols Store using Symstore.exe. Then you can expose it over HTTP by configuring IIS. You can optionally use SymProxy to expose multiple stores as one HTTP symbols server. You can also use SymSrv to connect to different public symbols server, setup local cache and other advanced stuff.
And of course, you can even build your own symbols server DLL through the Symbols Server API.
There is an app for that: SymStore.exe. It is part of Windbg suite. You should also include the symbols drop step to your build process so it publishes symbols for every release.