I've written a utility app for loading data into shopify through the rest API.
Having a strange error where the api only works when I'm running Fiddler.
Any idea what's going on? I'm sure it's a configuration issue rather than a code issue.
When Fiddler is running web access is through a proxy on 127.0.01:8888.
I'm not advanced enough on SSL to figure this one out. Do you need a self signed certificate to connect to an SSL API.
I found a few posts suggesting setting ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls but that didn't fix it!
>> Do you need a self-signed certificate to connect to an SSL API.
We faced similar issue with our application. If API has any certificate errors (In our case, we are using self-signed certificate), Browser will not allow you to interact with API.
Solution : Install your root Certificate, so that browser will start honoring your self-signed certificate.
>> Having a strange error where the api only works when I'm running Fiddler. Any idea what's going on? I'm sure it's a configuration issue rather than a code issue.
Whenever you enable HTTPs traffic decryption in fiddler (see below image for enabling this setting in fiddler), below things will happen.
Fiddler will automatically install its root certificate
"DO_NOT_TRUST_FiddlerRoot" to Browser's CA list.
Fiddler will use your API's self-signed certificate to decrypt HTTP traffic.
Again fiddler will encrypt same HTTP traffic using fiddler signed
certificate, i.e, for all your API calls will have fiddler signed
certificate
As fiddler signed certificates are trusted by user browser (due to step#a), you will not see any certificate errors.
Hope this information helps you!
Turns out I was setting SSL type to SSL3.
i.e. I had this code
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
and shopify doesn't use SSL3 any more.
Turns out it was nothing to do with installing certificates.
Related
While applying an iOS app developed by me to FUT. They were able to intercept, view and modify all traffic between the app and the server even though the traffic was sent over SSL.
A selfsigned certificate was installed on the phone prior to testing. The app traffic was then redirected to a proxy server which presents the self-signed certificate.
In order to bypass the SSL Pinning, the team has hooked on the runtime of the application (process) and have injected code on runtime, which has disabled the function which checks for the SSL Pinning to be made with the corresponding server.
In case this help. I am using Alamofire 4.7.2, Moya 11.0.2
I have no idea about how to do the ssl pinning, please help.
How do I install a certified TLS certificate on an iOS app?
I assume there also needs to be the ability to send a new certificate over the network to the app in the future, if need be, and how exactly would that work?
I assume once it's installed that Apple will handle the entire handshake process of the device side?
Had some trouble finding explicit answers to these questions online.
Assuming that what you are describing is a signed SSL certificate for your domain name, the only thing you will need to do is install it on your web server. When your application makes a request to your web server, the server will send the certificate to the client during the initial HTTPS handshake, and the client will verify it automatically.
When i try to access my ruby site from android mobile device i get following error, can anyone help me solving this problem.
With following added error NET::ERR_CERT_AUTHORITY_INVALID
You need to add intermediate certificate file in your nginx configuration. Here is the powerfull tool by zakjan to obtain the intermediate certificate files using your main certificate, Store obtained crt file to your server and mentioned it in the nginx.conf in ssl_certificate
If it's not self-signed then one of certificates in your ssl certificate chain may use vulnerable encryption algorithms like SHA-1. Check what encryption each certificate uses (you may do it on PC). Probably you will need to find ssl registrator which does not uses old encryption algorithms.
you may use https://www.ssllabs.com/ssltest/ to check if your site has issues with SSL configuration or certificate itself.
In fact i just checked it and here's result http://i.imgur.com/X9dPX8Q.jpg . The vulnerabilities it output could be the reason why mobile chrome is not trusting the certificate and shows you warning.
Another possible issue is man in the middle attack on your device. What network are you using? is it the same as your PC network? if not, it could be mitm attack on you.
I have this setup:
A tomcat server configured to use ssl client certificate authentication (clientAuth=true)
An ipad with a valid client certificate installed on it (emailed as a .p12 file and visible under profiles)
When browsing via ios safari, the ipad uses the client cert and authenticates against the server fine.
However in code, using a NSURLConnection, it won't connect. Debugging on the server shows the client isnt sending and cert at all.
On the client I get an error like this:
Request(https://192.168.1.5:8443/device/security/policy>, 0, 0)) didFailWithError:Error Domain=NSURLErrorDomain Code=-1205 "The server “192.168.1.5” did not accept the certificate." UserInfo=0xe2eae30
{NSErrorFailingURLStringKey=https://192.168.1.5:8443/device/security/policy>, NSErrorFailingURLKey=https://192.168.1.5:8443/device/security/policy>, NSLocalizedDescription=The server “192.168.1.5” did not accept the certificate.,
NSUnderlyingError=0xe2eb250 "The server “192.168.1.5” did not accept the certificate.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0xe6ab010>}
I understand I can implement the delegate method for the challenge for the NSURLAuthenticationMethodClientCertificate protection space, but if I do that I dont have the certificate to send, its installed on the device and that isnt accessible via code (is it??)
I tried calling [challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge] but that appeared to have no effect.
I was expecting that NSURLConnection would behave as per safari and access the installed certificate, but it appears not. I dont want to have to install the certificate into my app somehow - thats what the built in certificate management is for!
Or am I missing something? Any help appreciated.
Fundamentally you can't get at globally installed certificates from within an app in iOS (as of iOS 8), and the operating system won't help you out by sending them with an NSURLConnection. Safari has special rights to access the certificates. So the only way to use them from within an app is to install them into the app somehow, which makes the whole thing difficult.
I'm trying to add a web reference to an asmx web service with ssl. I'm getting this error:
Error getting response stream:(Write: The authentication or decryption has failed.)SendFailure
I have self a signed certificate.
Is there a solution to this problem? Thanks.
It's a trust issue. Your application depends on Mono and the iOS certificate stores to deice if an TLS/SSL connection is acceptable. By default self-signed certificates are not (because they are unknown to both Mono and iOS).
Like mentioned in the comments, using System.Net.ServicePointManager.ServerCertificateValidationCallback is likely the easiest solution - but blindly returning true is not :-)
There's a wiki article on the Mono-project web site that describe several options:
http://www.mono-project.com/UsingTrustedRootsRespectfully