I have bought my domain from whois and my site (Asp.Net MVC) in deployed in Azure. I want to add SSL which I want to buy from GoDaddy.com. To do that I have to generate CSR (certificate signing request) in Azure so that I can use it to get my SSL certificate from GoDaddy.
So how can I generate CSR in Azure?
We can't generate CSR in Azure. We could used IIS ,Certreq.exe or makecert.exe to generate your certificate request, install the certificate to your local machine, and then export the certificate to PFX. More details about how to bind custom-ssl, please refer to official tutorial. The following is details about how to use makecert.exe to create CSR:
Create a cert with makecert.exe that is under the VS folder after install the VS. The following code is just for demo
makecert -sky exchange -r -n "CN=[CertificateName]" -pe -a sha1 -len 2048 -ss My "[CertificateName].cer
After that we could export Base64-encoded .cer file
Update:
Requirements for your SSL certificate, the following is the snippet from the tutorial
To use a certificate in App Service, the certificate must meet all the following requirements:
Signed by a trusted certificate authority
Exported as a password-protected PFX file
Contains private key at least 2048 bits long
Contains all intermediate certificates in the certificate chain
If we want to use self signature certificate we need to Export a Certificate with the Private Key. And then we could follow official tutorial to upload the .PFX file to Azure WebApp.
Note: If we use self signature certificate , it will be not trusted.
Azure doesn't provide any mechanism to generate CSR. There are several ways to generate CSR:
Using certificate MMC
Using IIS Manager
using certreq.exe
using openssl
and many more
I would suggest you to use the Digicert's CSR generation tool. It can be used to generate a CSR and then you can use this to submit to GoDaddy. Here are the instructions on how to do this: CSR Creation in Azure App Service
Once you submit the CSR to the CA, they will provide you a .cer/.crt/.der file, which doesn't contain the private key.
You will first need to import this certificate to bind the private key with the cert. Once done, export the certificate with the private key so that you can generate a .PFX file, which the Azure App Services needs. You can again use Digicert's certificate utility to export the certifiate in pfx format. See this: How to Export Your SSL Certificate w/Private Key Using the DigiCert Certificate Utility
Or you can use the certificate console via MMC. See this:
Add the Certificates Snap-in to an MMC
Export a Certificate with the Private Key
Related
I'd like to create a certificate from Apple developer account and use it to sign Apple Wallet passes / passbook. So I can implement a server to generate the wallet passes to serve up my mobile app.
The challenge to me is I'm on linux (Ubuntu to be specific). There are a bunch of npm modules as far as I can see, that can be used to implement a server to generate the pass but the first step is to create a certificate from Apple. So my question is it seems to me that is not even possible without a Mac? Does anyone know if it is even possible to create that certificate from a linux machine like Ubuntu?
Thanks
You do not create the certificate yourself, you create a private key and certificate signing request and upload the certificate signing request to Apple. They then issue a certificate that matches your private key.
This can be done on any operating system using OpenSSL. When creating the CSR you can provide any values as Apple will ignore them and replace with the PassTypeIdentifier, Team Name and Team Id.
The OpenSSL commands you need are:
openssl genrsa -out /path/to/my-private-key.pem 2048
openssl req -new -key /path/to/my-private-key.pem -out /path/to/my-request.csr
I read this tutorial: http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1
He is generating the certificate signing request on his Mac using Keychain Access:
For Production, we are using an Ubuntu Server. Do you have to generate the CSR on the Ubuntu Server directly, or can you use the certificate generated on my Mac?
If you have to generate the CSR on the Ubuntu server, how can this be done?
You can use the CSR generated on the Mac. Once you have the signed certificates (one for development and one for production) from the Apple Developer portal you will need to export them (including the private key) for use on your server, as per your second screen shot.
I am trying to install a MDM configuration profile via iPhone Configuration Utility. This is what I am doing -
Build a simple mdm server in asp.net and host over SSL. (This server does nothing for now apart from listing to input requests.)
Generate a p12 certificate from the asp.net server's SSL certificate
Specify the url of the server in MDM configuration
Set the p12 certificate in the identify of MDM profile.
Install the profile
During installation I am getting the error The server certificate for "https://myservername/mdmserver/api/" is invalid.
I already tried lots of things which I found over internet but could succeed. Any kind of help will really be appreciated.
Detailed error -
NSError:
Desc : The payload com.mycompany.test01.mdm2 could not be installed.
Sugg : The server certificate for https://myservername/mdmserver/api is invalid.
US Desc: The payload com.mycompany.test01.mdm2 could not be installed.
US Sugg: The server certificate for https://myservername/mdmserver/api is invalid.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
Params : (
"com.mycompany.test01.mdm2"
)
Two problems:
1) You should include device identity in your MDM profile. It's either PKCS12 or SCEP. In the case, if you are using PKCS12, usage of server PKCS12 is wrong (because it's server PKCS12 vs device identify PKCS12). Create new cert and private key, pack them into PKCS12 and use it as device identity.
2) Most likely, you forgot to include your server certificate in MDM profile. So, iOS can't validate whether it's contacting to appropriate server or not.
There is another possibility that your server certificate is truly invalid (as example, expired or common name doesn't match "myservername"
The problem is solved!
The issue was because I was using self-signed certificates.
In case anyone facing similar issues then you can check more details here
I am going to use a linux server for push notifications.
Is the following correct?
Generate a CSR of the linux server
Upload the file to Apple to generate a cert
Change this cer to pem and then conbine with my private key pem of linux
Use the combined pem in my code
Is this correct? Since I get confused by the Apple document, I can now only test push notifications in my mac book, and can't test on other servers.
You don't have to generate the CSR on your linux server.
You can use the pem or p12 file you created (using your mac book) on any server.
If your code works when you test it on your mac book, it will work on any server. You just have to copy the pem or p12 file to that server.
I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...
The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.