I was trying to figure out what I did wrong when uploading a new custom certificate to my rails application, and for whatever reason I thought it would be a good idea to rerun this command into my digitalocean #deploy user, even though I had already done this command and did all the steps for generating an ssl key with namecheap.com, and got PositiveSSL Certificate. Now, the private key does not match up with my positivessl certificate, and I cannot find the old privatekey anywhere. Does anyone have any suggestions on what I should do about this?
openssl req -new -newkey rsa:2048 -nodes -keyout myapp.net.key -out myapp.net.csr
If you lost your private key, you need to reissue the SSL Certificate.
The process is free in most Comodo (Sectigo) resellers like namecheap.
Just follow instructions on https://www.namecheap.com/support/knowledgebase/article.aspx/811/70/how-do-i-reissue-my-ssl-certificate
Related
I am trying to follow the instructions for creating DEP Server Tokens in Apple's Device Enrollment Program manual ( https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/4-Profile_Management/ProfileManagement.html ) , but I don't really know how to "Generate a public/private key pair in PEM format for the MDM server"
I have a certificate from a trusted certificate authority, but how do I create the certificates from that ?
The idea of a certificate for DEP is that Apple don't want to provide you the DEP token over SSL (unlike VPP token).
To retrieve that, they ask that you provide a PEM formatted public key via their portal (this is basically any openssl self-signed cert, like so:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
when uploading, use cert.pem file)
Then, when they return the result, use the private key to decrypt the CMS (PKCS7 Envelope):
openssl smime -decrypt -inform pem -in fileFromApple.p7 -inkey key.pem
Note that we use file from Apple and the key that we generated in the first command.
Note: it has been over a year since i've done this in practice, but in principal these commands should work.
I am trying to create a FPS (Fair play streaming)certificate but I am getting this error when I upload CSR file which I create by keychain access of mac system
These are some screenshots of creating CSR file using keychain access.
I am not able to understand what is the solution of this error ?
Use the instructions you have received in <FPS_Credential_Creation_Guide.pdf> as part of the Deployment package to generate certificate signed request (CSR). Then upload this file as CSR file.
OpenSSL
Apple provides the OpenSSL application on macOS. Use openssl from the command line to generate the public/private key pair, certificate signed request (CSR).
Generate key pair
openssl genrsa -aes256 -out privatekey.pem 1024
Generate CSR
openssl req -new -sha1 -key privatekey.pem -out certreq.csr \
-subj "/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"
In you screenshots you are choosing 2048 RSA, but the error message states 1024 RSA is expected. Did you try generating a key using 1024?
As the error message indicates, the Certificate Signing Request requires the RSA-2048 algorithm. As an alternative, you can use openSSL to generate the CSR via the following steps:
Execute the following openSSL command to create a private key:
openssl genrsa -out privateKey.key 2048
Execute the following openSSL command to generate a certificate signing request (CSR) from the private key:
openssl req -new -key privateKey.key -out certificateSigningRequest.csr
I'm attempting to follow these instructions to set up my S3 API to send push notifications to my iOS app.
I'm making a mess of the certificate issues, so I was hoping someone could help sort me through them.
So far, I've created a CSR, uploaded it to Apple Dev portal, and downloaded a .cer file. I then converted the cer into a pem
openssl x509 -in apns-dev.cer -inform DER -out apns-dev.pem
Then I ran into the instruction to "Open Keychain Access, select Keys, and then highlight your app private key." Not knowing what my "app private key" was, I've tried a couple things:
Grabbing the preexisting private-key file in the app's cert folder (an RSA private key which was not, to my knowledge, used to generate the above CSR).
Exporting my default system private key as a p12 and then converting it, per AWS instructions, into a pem key.
Trying to generate a new CSR directly from my system private key in Keychain Access
However, whenever I follow the instructions to "test" the private/public key pair (openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert apns-dev.pem -key apns-private.pem), I get this:
error setting private key
41047:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/crypto/x509/x509_cmp.c:406:
I've looked at the following questions, but haven't been able to use their answers to figure this out:
Does the apple push notification distribution certificate signing request need to be the same as that used for the distribution cert to sign the app? - When I try to "expand" the cert in Keychain Access, all I see is info. There is no private key info, and I can't "Export 2 items"
Apple Push Notification error setting private key (the self-given answer here conflicts with the above, and at any rate, I no longer have the original CSR)
Unable to load client certificate private key file - My private key file isn't empty, and I did enter the passphrase correctly
Any idea what could be going on? I'm just shooting in the dark here.
Don't use Apple's instructions to generate the CSR.
Generate key:
openssl genrsa -out $app.key 2048
Generate CSR:
openssl req -new -key $app.key -out $app.csr
And enter the relevant data.
Upload CSR to Apple. Download certificate.
Convert certificate to PEM:
openssl x509 -inform DER -in $app.cer -out $app.pem
Now you have the key in $app.key, and a PEM-encoded certificate in $app.pem. You can then install both on the box that will be connecting to APNS (depending on the software you use, they might be separate files, or you may just append the key to the certificate file).
I am using ruby 2.0.0, rails 3.2.6 and running my project in EC2 server.
Now I want to generate ssl certificate to my project.
Where I can find the certificate and how should I include into my project.Can anyone guide me?
Now I want to generate ssl certificate to my project.
I am presuming that you are talking about creating self-signed certificate. Follow these steps to generate a self -signed certificate:
Generate a Private key and CSR: openssl req -newkey rsa:2048 -nodes -keyout key.pem -out req.pem
Above command will create your private key key.pem and a CSR req.pem
Generate a self-signed Cert: openssl x509 -req -days 365 -in req.pem -signkey key.pem -out cert.pem
Above command will use key.pem and req.pem and will create certificate cert.pem.
You have to follow the prompts given by above commands and provide answers accordingly.
If you do not want a self-signed certificate, then you need to buy SSL certificate from a vendor. There are numerous companies which provide SSL certificate. You need to create a private key and a CSR (certificate signing request). you can follow 1st command above to achieve this. Once done, then you have to provide the CSR to the SSL vendor who will get you the certificate.
There are a lot of details around this process. Please check http://www.sslshopper.com/ for more information around SSL.
how should I include into my project
please check below links:
http://www.buildingwebapps.com/articles/79189-using-ssl-in-rails-applications
How to include SSL Certificate in Rails 3 project
I am trying to convert my rails application to work as https://. For testing purpose I created a self signed certificate using openssl. I am using nginx as web server. Then I configured the nginx using this certificate.
But while taking the application it shows https:// before the address but showing a result as
This webpage has a redirect loop, This webpage https://myapp.com has resulted too many redirects in chrome and another browsers are also showing redirect issues.
After too many research I found a clue like need to use chained certificate to fix this problem. Then I tried to create chains of certificate. The way I used is explaining below.
openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
The I copied the ca.pem to
/etc/ssl/certs
and ca.key to
/etc/ssl/private
Then edited the openssl.conf as per needs and created two new directories CA and newcerts inside /etc/ssl.
and provide new serial and database file by running the following commands.
sudo sh -c "echo '01' > /etc/ssl/CA/serial"
sudo touch /etc/ssl/CA/index.txt
Then I created a client certificate by running the following commands.
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl ca -in client.csr -out client.cer
This certificate is depends on ca.pem
Then I created a 3rd cerificate from the second cerificate means client.cer and that not depends on ca.pem using the following command.
# Create a certificate request
openssl req -new -keyout client1.key -out client1.request -days 365
# Create and sign the certificate
openssl ca -policy policy_anything -keyfile client.key -cert client.pem -out client1.pem -infiles client1.request
and changed the openssl.conf option
[ usr_cert ]
basicConstraints=CA:TRUE # prev value was FALSE
Now I have a certificate chain like
ca.pem -> client.pem -> client1.pem
How can I bundle these three certificates to create a chained certificate properly. I tried in my own way but it shows the same error.
Can anyone please help to solve the issue, Past one week am working on the problem.
Thanks
Regards
Redirect loop has nothing to do with certificate chain or certificate format for that matter. You have an error in either web server configration or application logic. I am guessing you are trying to redirect to https from http, but redirect is also served from https, so this results in a loop.
Google Chrome (and other browsers to some extend) caches redirects, so it might be hard to properly debug and fix the issue with loops (it might still redirect even though you fix the issue on the server/app side). Make sure your requests are hitting the backend, clear browser caches or tools like curl to properly debug the issue.