Connecting SFTP server using the certificate - adapter

One of our vendor is updating their Server certificate and provided us with the certificate file which when I open gets installed. Not sure where it gets installed. Earlier we were just using the username/password credentials for connecting to the server. But I am trying to check if we can the connect to the SFTP server using the certificates through the SFTP adapter. If so how do I link the SFTP adapter settings with the installed certificates.

Installed certificates will be in your certificate store, run certmgr to see what certificates are installed. However the BizTalk adapter seems to want the location of the .ppk file.
To use the certificate you will have to configure the Client Authentication Mode to PublicKeyAuthentication and you must enter the private key of the user in the PrivateKey property.
See the Microsoft documentation SFTP Adapter and this blog BizTalk Server 2013 R2: SFTP Adapter Tricks and Pitfalls

For clarity, SFTP does not use Certificates. The options are U/P with server provider key or Private Key.
So, seems they will be sending you a Private Key File they generate which you can import using the Private Key Property on SFTP Transport Properties.

Related

neo4j docker image (vps managed with plesk), cannot assign certificates for secure bolt connection with Let's encrypt certificate

I'm trying to run neo4j community on a vps via a docker image managed with plesk.
I am however having issues configuring the SSL certificate so I can connect to it securely from nodejs.
Currently, the error I'm getting is quite straightforward in node:
Neo4jError: Failed to connect to server.
Please ensure that your database is listening on the correct host and port and that you have
compatible encryption settings both on Neo4j server and driver. Note that the default encryption
setting has changed in Neo4j 4.0. Caused by: Server certificate is not trusted. If you trust the
database you are connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the signing
certificate, or the server certificate, to the list of certificates trusted by this driver using
`neo4j.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This is a security measure
to protect against man-in-the-middle attacks. If you are just trying Neo4j out and are not
concerned about encryption, simply disable it using `encrypted="ENCRYPTION_OFF"` in the driver
options. Socket responded with: DEPTH_ZERO_SELF_SIGNED_CERT
I've mapped the volumes as follows:
/certificates to the letsencrypt live folder for the domain db.example.com
Then I'm trying to connect to it via: bolt://db.example.com:32771
When i check via browser, the certificate being served is self-signed. I have try to add this certificate to the trusted certificates in windows but it didn't do anything at all.
Also added the path to the trusted certificates when instantiating the driver:
this._driver = neo4j.driver(process.env.Neo4jUri, token, {
encrypted: true,
trustedCertificates: ['ssl/neo4j.crt'],
});
I've also tried to copy the files within that certificate folder so that the appropriate files are named as mentioned in this article.

Trusted Certificate fails after upgrade from 4.6.1 to 4.7.2

After upgrading a service written in F# from 4.6.1 to 4.7.2 i startet getting a classic SSL/TLS error "The request was aborted: Could not create SSL/TLS secure channel".
TLS 1.2 is enabled on all servers.
I verified with Fiddler that the old version and the new version of the application both uses TLS 1.2 as they should and have done for a long time.
The requests appears to be identical.
The service runs as a Network Service, however i get the same error if i run it as admin.
The certificate is selfsigned and placed in Trusted Root Certification Auth.
The certificate is only used to internal https between our services.
If I add the certificate to Personal certificates in certmgr the error disappears and the service works!
From my view it is as if after upgrading to 4.7.2 the Trusted Ca certificates are "ignored".
Adding the certificate to Personal when its placed in Trusted Certificates is not a solution.
I havent been able to identify the change which somehow must have been introduced in 4.7.2.
What am i missing?

Access Development server with self-signed SSL Certificate

My app needs to connect to an internal web server through https.
The server has a self-signed certificate that is valid until next year:
I have installed this certificate in the iOS Simulator and on the device (Certificate.cer):
I am watching the traffic with Charles and the request does not even "leave" my computer.
The problem seems to be due to the SSL Certificate because when I can access the server through the internal url and the port 8080 everything works fine.
I did try the hack with the category allowsAnyHTTPSCertificateForHost:. This did not work in the simulator as well as on the device.
There seems to be official API to do this: How to use NSURLConnection to connect with SSL for an untrusted cert?
However, since this is only my development environment I would prefer not to change my code base for now. Plus I am using a framework to parse my data and I might have to deeply interfere with that framework to get to the API described above.
So my question is, should it not be possible to install the certificate and then use the server as if there was an official SSL certificate.
Email the self-signed certificate to yourself then open it on your iPhone. You will be taken through the steps to install the certificate on your phone.

APNS setup for the server

I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...
The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.

Grails SSL certificate error

I'm using the acegi security plugin and I run the app -https. The cert is generated but I get a certificate warning when i visit the web page. I have then download the weak ssl plugin and added weakssl.trustAll =true to Config.groovy. But still getting the same warning. Have I left out anything?
The warning is normal. You can just accept the self-signed certificate. The weakssl module allows the Grails server to trust itself even if it provides a self-signed certificate. It has no effect whatsoever on the client. (Think what a horrible security hole it would be if you could just install some code on the server and get a client to accept a self-signed certificate without a warning!)
To solve your problem you need to either
manually tell your browser the certificate is OK by adding the certificate to your truststore
or
get a certificate from a trusted CA (Certificate Authority) a list of trusted CAs is stored in your browser. To get a certififate from a CA you need to proof your identity and pay (a lot) some money.
so I recommend you just accept the untrusted certifcate unless you want to buy a CA certificate.
The config you changed tells only the server to accept all certificates. i.e. if your server is connecting to another server

Resources