After testing and research it seems the NotificationURL parameter requires a fully valid SSL certificate or the subscribe call fails.
I am wondering if there is a way I have not found or a clever workaround to use the Office 365 Notifications with a self-signed SSL certificate installed on the NotificationURL during development?
Thanks!
Steve
I won't mark this as answered yet in case there is a better way, but here is my work around for the issue.
I created a small webapi project that takes a base64 encoded url as a parameter, ie: https://site.azurewebsites.com/Notify/aHR0cDovL3NvbWVob3N0OjEyMzQ1L05vdGlmeQ==
It proxies the request to that encoded URL and plays back the response.
I hosted this "proxy" as a free azure website making use of the SSL provided and can now subscribe to notifications via my proxy.
It works well enough and means I can work from anywhere.
I'll see if better ideas come along, but if not will accept this as the answer as it seems to work for my development purposes.
Steve
I've used Ngrok. The free version is sufficient to debug WebHooks
Related
I've come to the "Export Compliance" part of the itunes connect app submission form and although i've been reading different sources on the internet about it for the last few hours i'm still unsure as to what is applicable for my case.
I'm wondering if you can help me gain some clarity on whether I need to get a ERN cert or not or what I need to do.
I've found lots of information but also thinking that it might be outdated so not sure which information to follow:
Note:
I read here that since sept 2016 things have changed so it's no longer necessary to get an ERN for https requests. Is this correct?
This is all the encryption I'm using in my app:
Using php password_hash() on registration
Ajax requests are made to a remote server using https
Some requests in the app are made using just http
(eg. requests using the phonegap file-transfer to upload photos) to a remote server.
My app is for users to communicate with each other and ajax requests are made for things like submitting comments and submitting a contact form.
Thanks for any help :)
I have set up an API endpoint on my Digital Ocean VPS to receive incoming SMS to my Twilio number. It was working.
Then I started using CloudFlare. I believe that it stopped working after that, but since I receive SMS so infrequently, I am not absolutely sure. Although Twilio's website indicates that they sent an HTTP request and received a 502 Bad Gateway error, my server logs never registered any incoming requests from Twilio. I know that my API endpoint works because when I manually enter the API endpoint in my Chrome browser, my server receives it and logs the GET request as expected.
I tried asking Twilio's support for the full details of the supposedly failed request, but they refuse to give it to me.
Does anyone know which setting in CloudFlare to adjust that may fix this? I've tried turning off and reducing all the security settings as I thought it may be a firewall issue. How else can I go about debugging this problem without turning off CloudFlare completely (I need it on for other purposes)? I will accept the first answer or advice that leads to the solution. Thanks!
EDIT: this is the response from CloudFlare
One thing to ask them, is whether they support the SSL configuration
of Universal SSL - which uses SNI and ECDSA. We have seen instances of
3rd party services not supporting one or both of these, and therefore
failing to make calls via HTTPS.
Universal SSL support is defined by the client machine's support for
two newer features:
Server Name Indication (SNI) Elliptic Curve certificates (ECDSA) What
browsers work with Universal SSL?
If you need broader browser compatibility for older browsers/operating
systems, our Pro plan plan provides this.
Also, if you want to get full information about what your browser
supports, this site will run a check on your browser and tell you the
support your browser has for protocols, ciphers and SNI:
https://cc.dcsec.uni-hannover.de/
Twilio developer evangelist here.
Good news, Twilio now supports SNI! So, this should no longer be a problem.
You might want to check Server Name Indication (SNI) Twilio does not support this, so as a result you get 502 Bad Gateway. Same thing was happening to me. I was able to fix this using Cloud flare Pro see this post
Twilio - TwiML with SNI Support
I am currently developing a Ruby/Rails app that will be used in-house as a sort of Enterprise application to support our business.
Our company uses Quickbooks Online to do almost all of our accounting, most importantly for invoicing.
I am looking for a way to automatically generate invoices from our Rails app into Quickbooks, as well as be able to pull customer balances and some other "basic" information into the Rails app to display on a customer information screen.
I have done a lot of research on the topic, and have yet to find an acceptable solution to what we're trying to accomplish.
Quickbooks Web Connector - Not applicable since are not running Quickbooks Pro
Intuit Anywhere app - The app we are using is certainly not a SaaS App, as it is specifically designed for our business, and the only Quickbooks file/account it will ever see is our own
Quickbooks Online/qbXML Gateway application - This seems to be the best fit
So I have spent considerable time with Keith Palmer's Consolibytes wiki, and Intuit's Official Documentation (which is great to get started, but doesn't really provide much help for the details), and have been unable to even link my application to quickbooks using the https://qbo.intuit.com/redir/addsdkapp?appid=YOUR-ID-HERE&appreferer=&appdata=1 link.
My server does have a GoDaddy generated SSL certificate, and I have visited the connection callback URL and have confirmed that everything is in working order there. However, I keep getting a "Failed to notify third party application about this connection" error. There is no evidence of a request from QB to my server in any of my logs.
So what I'm getting at here is this:
Is what I'm trying to do possible and/or practical?
Am I going the right way about it?
I'd really love to find someone out there who has done something like this before and maybe shed some light on the whole process.
Thanks!
So what I'm getting at here is this: Is what I'm trying to do possible and/or practical?
Yes.
Am I going the right way about it?
Almost. :-)
From what you posted:
My server does have a GoDaddy generated SSL certificate, and I have visited the connection callback URL and have confirmed that everything is in working order there.
It sounds like you registered in HOSTED mode.
Unfortunately, the Intuit servers don't consider GoDaddy certificates valid, and thus won't be able to HTTP POST your connection ticket to those servers. That's why you're seeing this:
Failed to notify third party application about this connection
Additionally, I believe they do reverse DNS checks, which will most likely fail because GoDaddy generally doesn't set up rDNS entries.
The solution is:
Do not register in HOSTED mode
Instead, register in DESKTOP mode.
Once you've registered, use this URL to register get your connection ticket:
https://login.quickbooks.com/j/qbn/sdkapp/confirm?appid=YOUR-APPLICATION-ID-HERE&serviceid=2004&appdata=1
(make sure to plug your actual application ID into the URL)
Instead of Intuit HTTP POSTing the connection ticket to you, the connection ticket will be displayed and you can copy/paste it. From there on in, it's as simple as HTTP POSTing additional HTTP requests to Intuit's servers.
Sample XML requests can be found on our QuickBooks integration wiki - make sure you use the DESKTOP mode examples.
Hope that helps clear things up!
I created an app to be used in a page tab. I have it hosted on my server which has a SSL protocol associated. However, the https url hasn't the usual naming (you can see it below):
https://secure395.websitewelcome.com/~rexdot/discoverylocker/
Is there any reason FB doesn't accept this? I'm sure this is the https url, it was given from my server support. And I'm also sure the app is there and fully working.
Thanks!
according to hostgator only solution is to pay for your own SSL. I've used other hosting services with reseller accounts and never had this issue before. In fact, the apps were running fine on those shared SSL certs from other companies.
So, one big reason why hostgator is not the way to go... their shared SSL is for websitewelcome.com which has been flagged as spam.
I want to encapsulate UIWebView which can handle both http and https request on ios platform, especially for https, it should handle both trust and unverified (developer defined) certificates. Any open source available to take reference?
Thanks in advance.
Graham Lee discusses some of the things you can do at On SSL Pinning for Cocoa [Touch]. Its about as close as you are going to get to open source - its sample code that shows you how to do it with NSURLConnection and NSURLConnectionDelegate.
Lee's article discusses how to pin a public key, which improves security on the channel. Public Key Pinning is equivalent to StrictHostKeyChecking in SSH. In addition, I believe you can use NSURLConnection and NSURLConnectionDelegate to trust your [otherwise] untrusted certificates (I don't observe the practice, so I'm not sure of the details).
Be careful of lessening (ruining?) the security built into the channel. A survey and analysis of dumb developer decisions was recently published at Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. Its not limited to Android.
Create network connection to handle SSH challenge, untrusted certification.
This bit of code may be of help https://github.com/dirkx/Security-Pinning-by-CA - it does exactly that.