I want to install the cacert ssl certificate on a server on which i want to host secure (https) facebook applications .I want to know if facebook allows https server to have cacert certificate to fetch facebook app
Yes. As long as you have a valid browser cert you will be fine. I have specifically used GoDaddy's ca certificate chain with a secure Facebook app with no difficulty.
For the majority of cheap shared hosting environments you don't necessarily need to purchase individual ssl as long as the server has a shared SSL as discussed here.
Related
Say I have a flutter app and an intranet server. The flutter client will try to talk to the server in TLS. I understood that we can generate a self signed certificate in server and I can have flutter client app load the certificate to talk to the server. I am thinking that if I store that certificate in asset, would that be secure ?
Seems that if someone got the certificate from asset, they can then talk to the server. Is that true ? If that is true that it seems that self certified certificate is not very secure.
Certificates are public, you're storing a copy of your self-signed certificate locally for your TLS client to trust it, as it'll only trust the system CAs by default. So no, nothing will be compromised if you store your certificate client-side.
What you shouldn't store client-side are private keys, they typically start with
-----BEGIN PRIVATE KEY-----.
Since recently I can not test applications on localhost. There is no canvas url anymore to be set, only secure canvas url and it asks for https url. Even test apps do not have this option. So I have to buy another ssl and domain for testing pourposes only? If someone has the same problem or a solution please let me know. Cheers!
Just put in https://localhost and accept the unsafe message in the browser, you donĀ“t need to buy a certificate.
You can also use a self-signed certificate, as explained in other threads:
create a trusted self-signed SSL cert for localhost (for use with Express/Node)
How do I allow HTTPS for Apache on localhost?
Thank you luschn for pointing that about self signed stuff out because just putting https://localhost will not work anymore.
It seems that facebook made some changes and that you can only test your apps on localhost if you create a self signed certificate with openssl tool. Then you can enter in secure canvas url something like https://localhost:3000/ and in app domains localhost and it seems to work. Other than creating selfsigned certificate I could not make it work on localhost.
I am implementing a push notification system for one of my apps, so I am following this tutorial and generating a SSL certificate for that.
This app of mine involves also, some exchange of data between the app and the server and I would like it to be SSL protected and I was wondering of getting a SSL certificate from verisign or other company like that.
My question is: is this SSL certificate created for push a regular SSL certificate, so in that can use it also to establish a https connection to the server (and save a couple hundred dollars to order a third party certificate)? I don't know much about SSL certificates, but I hope it can be used for that...
This will be amazing!
Since each certificate is tied to a specific domain, I'm not sure how this would work. There is a concept of wildcard certificates, but I still think they have to be for the same domain.
In your case, it sounds like you will have the Apple push certificate, which validates the connection between your server and Apple's push notification server. The other certificate would be to validate/secure the connection between your iOS app and your server. Both of these are assigned a different domain (gateway.sandbox.push.apple.com vs. yourserver.com).
One option you do have depending on how your iOS app is structured is to use a self-signed certificate between your iOS app and your server. I'm guessing the end-user will not be seeing the certificate anyway. This might be a way to save you money before deciding on a third party certificate.
I have a mobile app that will be communicating with my webserver over https. My question is, do I even need to worry about installing a certificate since all traffic to this api will be headless?
In my understanding, SSL provides the encryption for a request, and a certificate establishes trust for the end user. Because these calls to my webserver will essentially be headless, I'm thinking I don't need to worry about the trust establishment.
Am I correct in this thinking?
You will either need a self-signed certificate or a CA-signed certificate in order to use HTTPS on your server.
If your certificate is not assigned to you by a certificate authority, then any connection you make will trigger an error in your URLRequest that you will have to handle. The problem with an untrusted certificate is that a malicious man-in-the-middle could fake data to and from your server with his own self-signed certificate, and possibly pick up authentication credentials or data that he should not have access to.
If you are dealing with any authentication credentials or other private data, I'd recommend just requesting a signed certificate. If you shop around, you can find cheap signed certificates for $10-20 a year, which is a trivial cost to protect your users.
However, if this is just a personal project (the only data you have to worry about is yours), or any data that you will be sending is freely available, a self-signed certificate may be enough.
I have a few sites that have SSL Certificates installed. When an SSL request is made with my employer's iPhone, this error message is displayed:
Accept Website Certificate
The certificate for this website is invalid. Tap Accept to connect to this website anyway.
I've pulled up the same pages in other browsers, including Safari, and they do not show any issues with the certs.
These two URLs exhibit the problem:
https://www.powerlunchbunch.com/index.php?template=join&nav=20
https://www.councilonagingmartin.org/index.php?template=donate&nav=257
Additional Information:
Both SSL certs are issued by Network Solutions
The sites are hosted on Rackspace Cloud Sites
Update:
I now have an open ticket with Rackspace for this issue. I browsed the same sites in Firefox 4.0 Beta 7, and got this warning page, telling me that "The certificate is not trusted because no issuer chain was provided.":
I think it's because you (or your hosting company) haven't configured the full certificate chain on your web server.
Take a look at a report from an ssl checker, such as this:
http://www.sslshopper.com/ssl-checker.html#hostname=www.councilonagingmartin.org
...
I can see from this report that you're using Apache2.2. Configuring 'intermediate certificates' on Apache2 goes something like this:
SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/chainCert.xxx
I don't know if you configured the certificate yourself, or your hosting company configured it, so you'll either need to contact your hosting company, or the certificate provider, who can provide the intermediate certificate(s).
Hope That Helps
Unfortunately, the Root CA for both those certificates, Network Solutions, L.L.C. is not a trusted certificate authority on the iPhone.
If you look at the certificate chain, it does end up at AddTrust, which is a trusted CA on the iPhone.
So you likely have one of the following problems:
1) Your certificate is not installed correctly on the web server
2) You need to work with Network Solutions (the SSL cert issuer) to get a cert that properly chains to AddTrust.