I have an app that contains an UIWebView and I need to authenticate the user with the correct certificate.
Is it possible to get access to an imported/installed certificate in the keychain? I didn't find something that's similar to my problem.
Related
After downloading my certificate from the apple developer portal, I successfully create a p12 file but whenever I try to create a platform application on aws, enter the certificate password, I just keep getting the error below.
There was an error reading the selected certificate. Verify the
password and try again.
I have tried with short and no passwords but nothing seems to accept the password.
Any ideas?
I was able to make this work, by doing the following:
Delete all old keys related to previous attempts in your Keychain > login (macos)
Request a new certificate from Request Certificate from Authority. Make sure no keys are selected when you execute this function.
I chose a single word in lowercase for Common name.
Add certificate to Apple Developer Portal
Download the CSR
Double click on the CSR to import the keys into your Keychain.
Your private key should have a dropdown with the certificate listed. My previous attempts did not have this. Export the p12.
The p12 worked in AWS SNS when entering the password, the public and private keys were extracted from the p12.
I generate .certSigningRequest file via Keychain Access (Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority..., I fill in my mail and I save it to disk).
When I log into Apple developer account and try to generate Certificate with it I get message: "Invalid CSR - Invalid Certificate"
I did this number of times previously with my previous Mac but it is not working on my new system.
What am I doing wrong? I have followed exact steps https://help.apple.com/developer-account/#/devbfa00fef7
I think this is a Apple error. you just need to simply refresh the website again and again or need to use another browser.
Just forgot to input 'Common name' in Certificate Assistant form.
So, make sure you filled
User Email Address
Common Name
Saved on disk check
As many already know, Google App Engine by default hosts its apps on an appspot.com subdomain and their wildcard (*.appspot.com) SSL certificate allows any apps to use https over this subdomain.
Enter iOS 9 with Universal Links and Web Markup which now requires hosting a 'signed json file' with designated applinks in it. The key word there is 'signed'. This file needs to be signed with a valid SSL cert and private key. (Listing 2-7 and 2-8)
On twitter, I've been told that the signing certificate does NOT have to match the actual website's domain SSL certificate BUT a self-signed certificate will not work.
So one workaround is to simply buy your own SSL certificate and sign it with this cert.
I'm curious what other options there are to those of us hosting APIs and websites on Google App Engine and/or using Google Cloud Endpoints because I assume Google isn't going to hand over their wildcard ssl cert and private key for us to use ;)
Update 8/5/2015
To host the apple-app-site-association file, I had to manually open it and spit it out when called for using the webapp2 handler like so:
class GetAppleAppSiteAssoc(webapp2.RequestHandler):
def get(self):
showAppleAppSiteAssoc(self)
def showAppleAppSiteAssoc(self):
logging.info("Enter showAppleAppSiteAssoc()")
path = os.path.join(os.path.dirname(__file__), 'apple-app-site-association')
fileContents = open(path).read()
self.response.headers['Content-Type'] = 'application/pkcs7-mime'
self.response.out.write(fileContents)
return
app = webapp2.WSGIApplication([('/', MainHandler),
('/apple-app-site-association', GetAppleAppSiteAssoc)],
debug=True)
Currently having issues similar to this post and have tried both signing with my iOS Distribution cert as well as with a valid cert from work.
Update 8/10/2015
Had our dev-ops guy at work sign this with both the CA and intermediate certs from work and uploaded it and it worked!
Still curious about other solutions though.....it does seem odd that the iOS Distribution cert wouldn't have worked.
You don't have to sign apple-app-site-association unless your implementing Activity Continuation for devices running iOS 8. Universal Links are new to iOS 9 and Apple no longer requires apple-app-site-association to be signed.
Well one answer to this question points to the fact that any valid domain certificate (with CA cert) can sign the file (even if that certificate is NOT for the domain the file will live on).
I ended up buying one for one of my domains and signing the file for another domain.
https://developer.apple.com/library/ios/documentation/General/Conceptual/AppSearch/UniversalLinks.html
If your app runs in iOS 9 or later and you use HTTPS to serve the apple-app-site-association file, you can create a plain text file that uses the application/json MIME type and you don’t need to sign it.
For implementing push services for iOS Apps , we need to export push certificates from Keychain access as Certificates.p12 file and upload that to APN server. While exporting it asks for a password. What is the difference between a Certificate.p12 file exported with password and a blank password ? The cloud services like parse.com which supports push messages does not accept a .p12 file exported with a password. When We are coding our own APN server, should we use a .p12 file exported with password or without password ? For me, with a p12 file exported without password, I get "UnrecoverableKeyException: Get Key failed" error.
Thanks in advance for your help.
Answer is simple, Will explain with an example.
Consider your p12 file as a ATM Card (Debit/Credit card) and think if you don't have passwords for that, what happens if someone get your card ?
Same here, if you won't password protect that p12, anyone who have that p12 file can send push notifications (malicious) to your apps, using that p12 file.
The p12 file is an encrypted container for your X.509 Push Notification Certificate and it's corresponding Private Key. Because nobody should be able to use your certificate/private key for malicious purposes, it is strongly recommended that you protect your p12 file with a password. Else anybody who gets your p12 file will be able to communicate with Apple's Push Servers using your Developer Identity (which is defined by the certificate).
I'm configuring stuff on the provisioning portal for a new app which will use APNS.
When I went to configure the App Id for pushes the web site popped up a dialog saying I had to use Keychain Access and request a certificate from a CA.
However this is a step I've already been through with a previous app, therefore is there any need to do so again? If there's no need, is it still a good idea, and if so why?
If there's no need to generate a CSR again, then I no longer have the CSR file from previously, so is there anyway to recover it?
Certificates belong to hostnames.
If the hostname is the same, yes you can.
If it is a subdomain, and the certificate is a wildcard, yes you can.
If the hostname is different, you can generate a new csr and apply for your new certificate.