When I debug my application on device,it alert the info "
Codesign error: no certificate was found in your keychain for the specified identifier "(null)"
You may not have an application identifier set. Make sure that in your Target Settings > Properties, you have a valid reverse DNS identifier (com.apple.myapp, for example) entered into your Identifier field. Also make sure your Code Signing Identity is set to the correct certificate (Target Settings > Build).
Related
I am working on a phone Windows 10 Universal Application. I am trying to connect to an OAuth server with auto-signed certificate.
When I open a web view to that server I get the error :
"Security certificate required to access this resource is invalid"
I wanted to use the following intstruction but ServicePointManager does not exist on Universal App.
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Any idea how to bypass ssl validation on these apps ? Thanks.
In Windows Runtime the webview should not ever go to an untrusted page, so you will meet the above exception.
In order to solve your problem, you need to include the Certificates on your UWP app or you have to Ignore SSL Certificate errors.
For how to include the Certificates on your UWP app, you need to add the “Certificate” Declaration to your Package.appxmanifest.
For more information, please try to refer to this article:
http://blogs.msdn.com/b/wsdevsol/archive/2014/06/05/including-self-signed-certificates-with-your-windows-runtime-based-windows-phone-8-1-apps.aspx
Yes, ServicePointManager is not available in the Windows Runtime app, in order to ignore SSL Certificate errors, we can use the HttpBaseProtocolFilter.IgnorableServerCertificateErrors | ignorableServerCertificateErrors property to help us.
For more information, please try to refer to the following two articles:
http://blogs.msdn.com/b/wsdevsol/archive/2013/10/17/how-to-ignore-self-signed-certificate-errors-in-windows-store-apps-8-1.aspx.
https://bernhardelbl.wordpress.com/2013/06/28/ignore-ssl-certificate-errors-in-windows-8-1-apps/.
i want to create a debug token for my dev device with the native SDK (momentics), but it fails without any error message (just: "error creating debug token).
Now i use the command line tools.
But:
1. If i want to request a token:
./blackberry-debugtokenrequest -storepass xxxxx -devicepin xxxxx -csjpin xxxxx client-RDK-00000.csj
i get:
Error: Not yet registered to request debug tokens
2. So i want to register (i'm already registered, but ok...):
./blackberry-debugtokenrequest -register -storepass xxxxx -csjpin xxxxx client-PBDT-00000.csj
Error: Error: Unable to register client '00000' because there are no
more registration attempts. If you have already registered with this
server, then you should restore your signing keys from backup. If you
don't have a backup of the keys, then you can order a new set of keys
at www.blackberry.com/go/codesignin
I have a backup, but what should i do with it?
I want to create a debug token, but the message says: not yet registered.
So i want to register, and it says: already registered...
First things first, you only need the CSJ files to register with RIM, which you only need to do once. You can then safely delete them and your CSJ PIN.
If you have a backup file it means you have already registered which means you shouldn't be using the -register flag when attempting to create a debug token.
To restore your backup code signing key follow these instructions: http://supportforums.blackberry.com/t5/Testing-and-Deployment/Backup-and-Restore-BlackBerry-Code-Signing-Keys/ta-p/837925
Once you have restored your code signing key you can create a debug token using the following command:
blackberry-debugtokenrequest -storepass developercertpass -devicepin 50F2D211 dt.bar
You can use the CSJ files to register only one time. After that it cannot be used. Can you try getting new set of CSJ Files from blackberry server? I think it might solve the issue.
If you know Spanish I recommended this post.
In the pdf, in page 9, you´ll found a bat to get a debug token of blackberry 10. This is the code:
set LOCAL_DATA_PATH="c:\Users\<user>\AppData\Local\Research In Motion"
set CSK_PASSWORD=Pass of CA
set CERT_STORE_PASSWORD=Pass of web key
set DEVICE_PIN=PIN of device
E:
cd "eclipse\plugins\net.rim.ajde_1.5.2.201302260701\blackberry.tools.SDK\bin"
blackberry-debugtokenrequest -cskpass %CSK_PASSWORD% -keystore %LOCAL_DATA_PATH%\author.p12 -storepass %CERT_STORE_PASSWORD% -devicepin %DEVICE_PIN% %LOCAL_DATA_PATH%\debugtoken.bar
pause
Profiles installed by MDM service are showing as "Not Verified" after upgrading the device to iOS 6. These profiles were signed by a InCommon cert issued by AddTrust before being pushed to the devices. They were showing as "Verified" before the upgrade. Any ideas what might have caused this?
I got exactly the same problem so it is probably a bug in the iOS profile system because the very same SSL certificate is trusted by the browser. Note: Our certificate is of the "*.host.org" type.
This might be an untrusted CA in the certificate chain from the cert provider you bought it from. Looks like some CAs are untrusted or missing from iOS6. I had the same problem and included the whole of the cert chain in our cert signing bundle and the issue was resolved.
Suggest you open a support case with your cert provider to see if it's a known issue or dig around to see if you can find a list of trusted CAs used in iOS6 - I couldn't find one. Synching the device to iTunes may also refresh the CA list but this didn't work for me this time.
I have exactly the same problem as your.
My chain is GeoTrust -> RapidSSL -> MyCert. I have included the full chain in my .crt, but it stills show "not verified" when I try to install the configuration profil.
I don't know how to insert the whole path.
I use an openssl command to sign my file :
openssl smime -sign -signer #{crt_path} -inkey #{private_key_path} -nodetach -outform der -in #{file_to_sign_path} -out #{file_signed_path}
My crt_path is a .crt file, including the three certs.
EDIT
I found out the problem with my openssl command. My full chain was in the #{crt_path} but was not used by the command. I added the *-certfile #{crt_path}* and things works well !
Including the intermediate cert in the pkcs7_sign call (php openssl_pkcs7_sign() in my case) revolved the problem.
Yes! Adding the entire path (-root) did the trick.
Verify that the signature created by the MDM SW actually contains the path. Since it wasn't needed before...
I'm tearing my hair out trying to get push notifications to work! I'm following this tutorial to basically no avail. I've deleted xcode several times, redone the whole apple dev certificate, cleaned out my login keychain a few times. This has helped a few issues, but at the end I'm still stuck.
What I think I need to do (from reading other people's experience with this):
1) My openssl cert and key need to be talk to the apple server
2) The app id with this openssl cert has a provisioning profile associated with it.
3) The build (in xcode) needs to have the proper provisioning profile associated with it
4) The build identifier (in xcode) needs to have the same text as the application id with the provisioning profile
4) ???
As far as I can tell, all of this is ok:
My ssl certificate + key talk nicely to the apple server (ignore the error, I still get a prompt eventually):
MacBook-Pro:apple_dev_certification nflacco$ openssl s_client -connect
gateway.sandbox.push.apple.com:2195 -key xxx.pem -cert xxx.pem Enter
pass phrase for xxx.pem: CONNECTED(00000003) depth=1 /C=US/O=Entrust,
Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009
Entrust, Inc./CN=Entrust Certification Authority - L1C verify
error:num=20:unable to get local issuer certificate .....
2,3,4) When I create a new project, it never gets the right app ip (build settings->info-bundle identifier). If my provisioning profile matches 'com.xxx' then the app will always be 'com.xxx.FOO', so the default IOS Team Provisioning Profile is selected. I run the app like that, and get:
2011-10-22 22:42:45.086 VVV[3552:707] Failed to get token, error:
Error Domain=NSCocoaErrorDomain Code=3000 "no valid 'aps-environment'
entitlement string found for application" UserInfo=0x16d140
{NSLocalizedDescription=no valid 'aps-environment' entitlement string
found for application}
4 contd) I want to use my provisioning profile that uses my app id with push enabled, so I change the app identifier to 'com.xxx', and select the proper profile in the code signing option in the build menu. Install it on my iPhone, same thing :(
The only things I can think of:
My provisioning profile is not correct? I've made a new one several
times, deleted the all existing ones in xcode organizer, but this
hasn't helped.
Code is still getting signed with the Team Profile instead of my new
one? Is there a way to ensure this?
Any ideas on what I should do here? This can't be this complicated. Should I just wipe my HD and reinstall from scratch and hope it works?
You know what it was? My app id.
foo.bar is treated as foo.bar.* (which is not permitted)
you have to have foo.bar.xxx
I think for push you need an Entitlements.plist file that has an aps-environment key, with a value of "production". I just got finished getting this working (again) for my app. Some other answers here helped me get the Organizer window to pop up after I did the Archive, but then I was getting your error.
I also had to quit & restart XCode with some frequency, touch settings that didn't actually change, delete the old, pre-push certificate and add the new one, etc etc. A lot of the settings in XCode didn't actually change, but it seems like touching them caused it to start working.
I am not able to Sign in to the application as it is throwing the following exception:
com.ibm.wsspi.channel.framework.exception.ChannelException: java.io.IOException: Keystore was tampered with, or password was incorrect
at com.ibm.ws.webservices.engine.xmlsoap.builders.WebServicesFaultProcessor.createFault(WebServicesFaultProcessor.java:415)
at com.ibm.ws.webservices.engine.xmlsoap.SOAPFault.getFault(SOAPFault.java:486)
at com.ibm.ws.webservices.engine.SOAPPart.getFault(SOAPPart.java:1090)
at com.ibm.ws.webservices.engine.SOAPPart.getFault(SOAPPart.java:747)
at com.ibm.ws.webservices.engine.Message.getFault(Message.java:883)
at com.ibm.ws.webservices.engine.Message.ifFaultThrowSelf(Message.java:863)
at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:279)
......
How to solve this issue?
Copy the newly added Cert data to a file and save it as “rsa.cert” or get the cert and name it as "rsa.cert"
Then open “ikeman.bat”
Open Key file(jks format) and then look for that certificate which you want to update (may be expired or near to expiry date or changed cert). Save the name of the cert which you want to change (for example these are the names of the certificates). Then click on that Cert and press the Delete button. Then Click on Add button and open the “rsa.cert” file which you save previously. Then give the name same as the name of the cert which you deleted.
Repeat the same process for the Trust File(jks format)
Restart the app server and run the application