I'm developing an ios (ipad) application with swift. I'm able to send an http request with a URLSession object and it works well. Now I would like to know how send an httpS request using my .crt and .key files. Does someone has a simple piece of code to do this ? Thanks in advance.
There is a good solution here but it works with p12
To convert to p12 I used this in the terminal)
openssl pkcs12 -export -in server.crt -inkey server.key -out cert.p12
https://github.com/MarcoEidinger/ClientCertificateSwiftDemo
Related
The following code worked fine on Heroku-18 stack
p12_file = File.read(uploaded_p12_file_path)
pkcs12 = OpenSSL::PKCS12.new p12_file, password
but after upgrading to Heroku-22 Stack the same code throws the following error:
PKCS12_parse: unsupported
The user can upload its p12 file with its password via an input form on the web.
We're using Ruby 3.1.2. Strangely, it works on the local development machines but not on Heroku. Does anyone have a clue? Any help is appreciated.
I just got bit with the same error. There were a number of updates to the PKCS12 API in OpenSSL 3, among them a deprecation of legacy algorithms and that's what got us. Depending on your setup, if you are able to convert your certificate to X509 you should be able to get back on track. First thing is this: a p12 certificate contains both the certificate and its key in the same file. With X509 certificates, they need to be separate files. You can export them both with these commands:
# Export certificate
openssl pkcs12 -legacy -in my_certificate.p12 -clcerts -nokeys -out my_certificate.pem
# Export key
openssl pkcs12 -legacy -in my_certificate.p12 -clcerts -nocerts -out my_certificate.key
I'm using them in an SSLContext which is the place where I add the private key:
OpenSSL::SSL::SSLContext.new.tap do |ctx|
ctx.add_certificate(
OpenSSL::X509::Certificate.new(File.read("my_certificate.pem")),
OpenSSL::PKey::RSA.new(File.read("my_certificate.key"), #cert_password),
[#root_cert]
)
end
I hope you can use the same concepts in your app.
I did a protection for my Web Service calls with Man-in-the-Middle Attacks in iOS with SSL Pinning tuto
I would like to renew my certificate on the iOS each two month because this the time my server has to renew his certificate.
For now I do it manually by taping on my mac command line:
openssl s_client -connect <server>:443 </dev/nullsl x509 -outform DER -out <name.der> with OpenSSL under Swift ?
The problem is that I have to send to my customer a new app for install, with a new certificate in the bundle each month.
For this, I would like to use the OpenSSL GitHub for iOS to generate it locally on the ipad/iphone.
I cannot find the way to use it, do you know what is the code I must write to execute that command in Swift by using this github?
Thanks in advance.
I am trying to create a FPS (Fair play streaming)certificate but I am getting this error when I upload CSR file which I create by keychain access of mac system
These are some screenshots of creating CSR file using keychain access.
I am not able to understand what is the solution of this error ?
Use the instructions you have received in <FPS_Credential_Creation_Guide.pdf> as part of the Deployment package to generate certificate signed request (CSR). Then upload this file as CSR file.
OpenSSL
Apple provides the OpenSSL application on macOS. Use openssl from the command line to generate the public/private key pair, certificate signed request (CSR).
Generate key pair
openssl genrsa -aes256 -out privatekey.pem 1024
Generate CSR
openssl req -new -sha1 -key privatekey.pem -out certreq.csr \
-subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"
In you screenshots you are choosing 2048 RSA, but the error message states 1024 RSA is expected. Did you try generating a key using 1024?
As the error message indicates, the Certificate Signing Request requires the RSA-2048 algorithm. As an alternative, you can use openSSL to generate the CSR via the following steps:
Execute the following openSSL command to create a private key:
openssl genrsa -out privateKey.key 2048
Execute the following openSSL command to generate a certificate signing request (CSR) from the private key:
openssl req -new -key privateKey.key -out certificateSigningRequest.csr
I bought an SSL certificate and all I've got is a .crt file.
I need to configure a https server on Delphi correctly. I use a module named sgcWebSockets 3.2. As I can see in manual, I need to set the following parameters:
1) SSLOptions/ CertFile/ KeyFile/ RootCertFile: you
need a certificate in .PEM format in order to encrypt
websocket communications.
2) SSLOptions/ Password: this is optional and only
needed if certificate has a password.
3) SSLOptions/ Port: port used on SSL connections.
But I have only a .crt file. I think I can convert it to .pem format using openssl. But what is this file will be? Is this a CertFile or RootCertFile? I haven't a KeyFile anyway. Will it works only with one cert file? I also haven't got any password. Should I leave this field empty? Please help.
You can convert your crt file to a pem file with OpenSSL as follows:
openssl x509 -inform der -in certificate.crt -out certificate.pem.
But that isn't the only file you need. You also need your private key which was used to generate your csr that you sent to the certificate authority and that also has to be in pem format. I'm not sure how you generated your csr, so I'd need more information to help you extract that or convert it to pem format.
i am working push notifications .i downloaded all required certificate csr and ssl certificates all things and also converting .pem format my webservices team providing services in asp.net
so now we need to convert .pem format to .pfx format.how can we do this thing
i am using following commands and links. but it is not working for me
openssl pkcs12 -export -in Certificates.cer -inkey key.pem -out Certificates.pfx -certfile CA.cer
And i was follow these link also but i got error.
https://support.servertastic.com/convert-pem-to-pfx/
i have these files
Certificate.p12
key.p12
Certificates.pem
key.pem
ck.pem
Certificates.cer
What i will suggest is, Instead of converting the .PEM file to .PFX on your end , send the .PEM file to server from your side and ask the Web-Service developer to change the .PEM to .PFX on his end.