I found this question about how to use a self-signed certificate with ActionMailer on stackoverflow.
According to an answer, it can be done with the code below.
config.action_mailer.smtp_setting = {
...
ssl: true
enable_starttls_auto: false,
openssl_verify_mode: OpenSSL::SSL::VERIFY_PEER,
ca_file: "/etc/ssl/certs/ca-certificates.crt",
...
}
As you can see, a ca_file can be specified with this line ca_file: "/etc/ssl/certs/ca-certificates.crt".
Though the answer is really concise and helped me figure out how to send emails with a self-signed certificate using ActionMailer, it still left me the two following questions.
1) Is it possible to set more than one ,in my case three, different self-signed certificates? If the answer is yes, how?
2) Is it possible to use a .der file as a self-signed certificate instead of a .crt file? or Should I always convert a .der file into a .crt file when I use it as a self-signed certificate?
I couldn't find much information regarding this matter, I would appreciate any help!!
1) Is it possible to set more than one ,in my case three, different self-signed certificates? If the answer is yes, how?
The ca_file can contain multiple CA certificates in PEM format. Just put them one after each other into the file, i.e. cat cert1.pem cert2.pem > ca.pem. Make sure that each of the input files has a line end at the end though.
2) Is it possible to use a .der file as a self-signed certificate instead of a .crt file? or Should I always convert a .der file into a .crt file when I use it as a self-signed certificate?
DER and PEM are both essentially the same data only with a different encoding (binary vs. base64 with some ASCII envelope) and it is easy to convert one into the other. ca_file expects a list of PEM, not DER.
Related
I have a .cnf file for certificate generating, but i didn't find method, which can help me to use it in certificate generating. How i can do it?
I've tried to import it into X509CertificateBasicConstraintExtension, but i got exception of bad asn1 encoding data...
I used https://github.com/ronaldhoek/SOAPStuff for Username/Password connections.
But now I have to use a keystore file.
Could you help ? How I can use a keystore file? The contents is more than 255 elements.
Greets, Romy
is there any way to export .pfx certificate files to a key vault using ARM Templates. I found on github that we can add secrets and even certificates by adding the content-type property and the base64-encoded representation of the certificate. But in my case I would like upload the pfx file.
Is this possible?
Thanks
No, this isn't exposed to the arm templates yet. You can create secrets, thou. That's about it.
If you base 64 encode the certificate and then insert it as a secret with the content type application/x-pkcs12 it should work.
I am generating pdf using wicked_pdf and I am also using prawntable for pdfs which needs to be password protected. Since wicked pdf doesnt supports password protected pdf generation.
Is there any way to add a digital signature which is in .pfx format to pdf.?
Passwording pdf files vs digitally signing them
Passwording a pdf file encrypts the file. You will need to find a pdf library/toolkit to do that for you. If you can't find one with a ruby API, then you can call it as a command from ruby. The latter is not as elegant but works fine. (Be sure to catch and handle errors.)
Digitally signing a pdf is completely different than encryption. The result of signing is a pdf with one or more digital signatures. You use either a library to sign a file locally or, for a more dependable system, sign the file via a dedicated appliance that also holds the signer's private key and certificate.
Unlike password protection/encryption, anyone who receives a digitally signed pdf file can read the file's content. The digital signatures provide the relying party (the recipient) with assurances about:
the identity of the person who signed the file
the integrity of the file (confirming that it wasn't changed since signing)
the non-reputability of the file (confirming that the signer can't claim that they hadn't signed the file)
An important issue is that having a signer's private key on the file system of a regular computer/server is not secure enough to provide any guarantee against repudiation by the signer--she could truthfully say that there is no way to assure that her "signature" was not forged by un-authorized use of the pfx file.
The Origami library has a very basic support for PDF digital signatures and there is sample code for this at https://github.com/gdelugre/origami/blob/master/examples/signature/signature.rb.
I'm finding many articles on the web where it is implied that you can view the .mobileprovision file contents in a text editor. For example, this Urban Airship post:
When push notifications are enabled for an app, the aps-environment key will appear in the .mobileprovision file specifying the provisioning profile:
<key>Entitlements</key>
<dict>
<key>application-identifier</key>
...
However the mobilprovision files I have (obtained within the last few days) contain 466 1/2 rows of 8 groups of 4 hex digits, (e.g. 4851 3842 4176 2845 0a09 01a2 404d 4382). How can I view this type of file?
Provisioning Profiles are encoded. To decode them and examine the XML you can use this via command line:
security cms -D -i #{#profilePath}
where #{#profilePath} is the filepath to your .mobileprovision file.
A fuller Ruby example is:
require 'plist'
profile = `security cms -D -i #{#profilePath}`
xml = Plist::parse_xml(profile)
appID = xml['Entitlements']['application-identifier']
If you want Sublime Text 2 to be able to read .mobileprovision profiles this is the setting
"enable_hexadecimal_encoding": false,
You are using a text-editor that is a bit too clever for you :D.
Your editor finds out that the file actually is binary and shows it as a hex-dump - for example Sublime 2 does it that way. Open that same file using TextEdit. You will see a couple of lines of binary garbledegock and then some plain-text (XML) that should contain the information you are looking for.
However, do not edit that file using TextEdit, that will render it unusable!
You can use openssl to output the contents of the signed profile.
openssl smime -in /path/to/your.mobileprovision -inform der -verify