I'm using mitm on ios to test some app, but since yesterday I can't log in any website, or even use google.
It seems that the certificate has expired on the 28/06.
I've tried to download a new one on mitm.it, but it's already expired.
Do someone have any idea how i can bypass that ?
You can force mitmproxy to generate a totally new root CA certificate by simply deleting the old one.
Mitmproxy stores the root CA certificate and it's key in the directory ~/.mitmproxy (mitmproxy config directory in your home directory on the computer running mitmproxy).
If you rename or delete that directory and restart mitmproxy a new root-CA certificate will be generated.
Then you can install this new certificate as usual via http://mitm.it
Related
I have been trying for the solution for so many days but not worked. Please help me.
I got this error "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" and termination status as "KO" with triples loaded 0 when I run :play nlp_knowledge_graphs in that i run Software system query, I got that certificate error..
I did..
downloaded OpenSSL and created mykey.pem(private key) mykey_crt(public certificate) that are required to solve that error. But I dont know somehow there is certificates folder generated and there are public certificate and private key already present in the database folder which i was working on. So decided to use those files and renamed it as private.key and public.crt all 2 are PEM files only.
From here i did some other things but nothing worked.. still getting the same error. After resolving the error
Please help here.. what should i do now? should i need to change anything in setting/ config file... SSL configurations..??? or anything.. please help.
According to the documentation of the InstallAppleCertificate task, there is a certSecureFile parameter that looks for the certificate in the "Secure Files":
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/install-apple-certificate?view=azure-devops
However in my organization I don't have the permission to upload secure files:
Any other way to select a certificate that isn't uploaded to "Secure Files" for this task?
They did gave me a separate keyvault which I can perfectly link to the pipeline build and get files/secrets from in bash scripts. Yet this InstallAppleCertificate task doesn't allow me to use those instead. I wouldn't even mind to put the certificate in my source repo (I know I shouldn't do this).
The certSecureFile field in InstallAppleCertificate task needs to use the .p12 file in secure file.
I am afraid that files that are not in the secure file cannot be used.
Based on my test, when I use the file from local machine, it will show the following error:
This means that before running the build, it will retrieve the files in the secure file. And the file needs to exist in secure file.
Since you could get the files/secrets , you could try to install the Apple Certificate(.p12 file) via script.
security import ./xxx.p12 -P secretPassword
Here is a thread about install .p12 or .cer in console macos.
We have a docker container running artifactory at my job and we need to add a custom keystore with the self-signed certificates to use Crowd authentication mechanism.
What we did was remove the old docker container and run a new one with the following launching argument :
-e EXTRA_JAVA_OPTIONS="-Djavax.net.ssl.trustStore=/var/opt/jfrog/artifactory/keystore/selfsignedcerts.jks -Djavax.net.ssl.trustStorePassword=selfsignedpassword"
This worked and we could use the crowd auth mechanism but it broke the npm-remote repository (https://registry.npmjs.org) (and other https repos too)
We get the following error when the launch argument is used trying to test the npm-remote repo :
Connection to remote repository failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My hypothesis is that using the argument overwrites the default keystore but i am unsure. Instead of replacing it, is there any ways to use two keystores at once or append the self-signed certificates to the existing one? (I can't even locate the keystore).
We managed to find a solution with the following :
https://jfrog.com/knowledge-base/how-to-resolve-unable-to-find-valid-certification-path-to-requested-target-error/
Quick explain: We had to add out intermediate and root certificates to the regular cacerts file that comes with artifactory. We realized the best way to do this was through making a custom docker image based on artifactory :
Dockerfile :
FROM docker.bintray.io/jfrog/artifactory-pro:<your version or latest>
COPY cacerts_with_your_intermediatesAndRoots /etc/ssl/certs/java/cacerts
Then run this new image instead of the barebone artifactory and it'll work.
Note that if you currently have a custom image you should simply add the COPY line to your existing Dockerfile. Also, if you're not running artifactory using Docker, then just add your certificates to the file and restart.
You may also notice i'm using a different path than the one used in the link above. That's because their path is a symbolic link and not the actual file.
In case you have a question feel free to contact me.
I am following the directions here: https://learn.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway.
When I create the certificates using OpenSSL and the 'New-CACertsEdgeDevice myGateway' commands, I end up with an Elliptical Curve based private key which fails when I configure the edge gateway with the message
"Currently RSA is only supported".
I modified the New-CACertsCertChain script in ca-certs.ps1 (set the $useEcc var to $false) and reran. The script succeeds, but now the New-CACertsEdgeDevice script fails with:
New-SelfSignedCertificate : Cannot convert 'System.Object[]' to the
type 'Microsoft.CertificateServices.Commands.Certificate' required by
parameter 'Signer'. Specified method is not supported.
Any idea what I am doing wrong?
I found an answer to this, although I am still not sure of the root cause.
These steps allowed me to create certificates that worked...
I kept the change I made to the New-CACertsCertChain (mentioned above)
I erased all the previous certs from the machine cert store
Then I closed the existing PowerShell console and started a new admin one.
I installed OpenSSL from here: https://sourceforge.net/projects/openssl/ # this directory: C:\utils\openssl\bin
I set up the environment paths as follows:
$ENV:PATH += ";C:\utils\openssl\bin"
$ENV:OPENSSL_CONF="C:\utils\openssl\bin\openssl.cnf"
After that I continued with the articles directions and it worked. I did get a warning about not finding C:/OpenSSL/openssl.cnf, but I ignored it.
I do not think you are doing anything wrong.
It appears that there is a problem with the powershell scripts. The good news is that there is a fix to the instructions at the Azure IoT C SDK GitHub branch CACertToolEdge which you can sync out and re-try.
I have filed an issue here: https://github.com/Azure/azure-iot-sdk-c/issues/337 to have this corrected.
Edit:
Jan 09 2018: It appears that the scripts have fixed and you shouldn't run into this specific problem.
Closely related to How to generate CSR when IIS is not installed.
I also do not have this installed. I am developing a mobile application for iOS, and i am trying to obtain a provisioning file so i can test my app locally. In the process of acquiring this, i am asked for a .csr file, and it instructs me on how to build this on my Mac. Except i don't have a mac, i have a PC, and my company exclusively uses PCs. I need this certificate, without having access to a Mac.
i have seen and used this CSR generator, but it gives me the key and request in long strings of characters, and i need a .csr file to upload to Apple.
Pasting it in notepad and changing the extension to .csr didn't work either :/
Does anyone have any insights on this?
You can install OpenSSL for windows and generate CSR file with this command:
openssl req -nodes -newkey rsa:2048 -keyout private_key.key -out cer_sign_request.csr
You'll be asked for a few questions which are optional (press ENTER).
This will generate a private key (such in keychain access) and a certification signing request as csr file.
For those who want an easy to use graphical interface, Digicert has a "Digicert Utility" that is pretty solid. You can use it to create a CSR. It doesnt give you back a private key, so you need to import your self signed or CA certificate to complete the installation of the certificate. Once installed, you can export it as a pfx or crt/key bundle.
set OPENSSL_CONF=c:\OpenSSL\openssl.cnf
if saved in c:\openssl
You can download this example fileopenssl-dem-server-cert-thvs.cnf
rename openssl
ren cert-thvs.cnf openssl.cnf