I am trying to generate a certificate request for an iOS Developer certificate. I get the error below (Unknown option CN=...). I am able to generate the private key just fine, it is the next step - generating the cert request that is failing.
openssl req -new -key privatekey.key -out CertificateSigningRequest.certSigningRequest \
-subj “/emailAddress=myaddress#yahoo.com, CN=MyAccountName, C=US”
Results in:
Unknown Option CN=MyAccountName
The way you have formated your request is incorrect.
Use / to separate subject information. Use ' instead of "
openssl req -new -key serverkey.pem -out CertificateSigningRequest.certSigningRequest -subj '/emailAddress=myaddress#yahoo.com/CN=MyAccountName/C=US'
Related
I am attempting to use the IoT SDK to communicate to DPS and then IoT Hub.
When I load a valid certificate PEM file, it looks correct in debug window shown below:
After loading the cert, I am unable to use it in the IoT SDK, getting the error below:
[note I have already configured DPS to trust the ca.cert.pem and have created an enrollment group.
My certificate is a v1, as shown below:
I am using a very simple CA from OpenSSL:
openssl genrsa -aes256 -out ca.key.pem 4096
openssl req -key ca.key.pem -new -x509 -days 3650 -sha256 -out ca.cert.pem
openssl req -nodes -new -subj /CN=device4 -sha256 -out verify.csr -keyout private.pem
openssl x509 -req -in verify.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out public.pem -days 180 -sha256
Here is the code I am using:
certificate = X509Certificate2.CreateFromPemFile(publicKeyFileName, privateKeyFileName);
SecurityProviderX509Certificate securityProvider = new SecurityProviderX509Certificate(certificate);
ProvisioningDeviceClient = ProvisioningDeviceClient.Create(DPSURL, DPSScopeId, securityProvider, provisioningTransportHandler);
DeviceRegistrationResult registrationResult = ProvisioningDeviceClient.RegisterAsync().Result;
There appears to be an issue in the SDK. There is a workaround if you export to PFX and then import the PFX. Submitted the Bug here: https://github.com/Azure/azure-iot-sdk-csharp/issues/2150
With iOS 13, the "Add to Home Screen" icon is no longer populating, and remains a screenshot of the page:
Image for iOS 13 on iPad: https://i.ibb.co/StxckYP/20191017-125540.jpg
With iOS prior to 13, the icon is created normally:
Image for iOS 12 on iPod: https://i.ibb.co/JqVFZgd/20191017-125423.jpg
It appears to be a certificate issue, as it populates normally over HTTP. Also it works with a global CA signed certificates (GoDaddy). With a private CA signed certificate it does not.
Server is IIS in both cases. Page otherwise works normally over HTTPS.
Meta tag for the icon:
<link id="apple-touch-icon" rel="apple-touch-icon" href="resources/images/app-test114.png">
Batch script for creating CA:
openssl req -x509 -newkey rsa:1024 -sha256 -days 3650 -nodes -keyout ca.key -out ca.crt -config ca.conf
openssl pkcs12 -export -out ca.pfx -inkey ca.key -in ca.crt
pause
Config file for CA:
[req]
distinguished_name=information
prompt=no
x509_extensions=v3_ca
[information]
C=...
ST=...
L=...
O=...
OU=...
CN=...
[v3_ca]
subjectKeyIdentifier=hash
extendedKeyUsage=critical,serverAuth,clientAuth
basicConstraints=CA:true
keyUsage=cRLSign,keyCertSign,digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
Batch script for creating web hosting certificate:
openssl req -newkey rsa:1024 -sha256 -nodes -keyout cert.key -out cert.csr -config cert.conf
openssl x509 -sha256 -req -in cert.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert.crt -days 365 -extfile cert.conf -extensions extensions
openssl pkcs12 -export -out cert.pfx -inkey cert.key -in cert.crt
pause
Config file for certificate:
[req]
distinguished_name=information
prompt=no
[information]
C=...
ST=...
L=...
O=...
OU=...
CN=...
[extensions]
subjectAltName=#alt_names
[alt_names]
DNS.1=localhost
IP.1=192.168.77.132
Prior to getting the correct certificates, when I had to allow for a certain URL to open with an unsecure https connection, the behaviour was the same. Once certificates were fixed, the icon populated normally. With update to iOS 13, icon stopped working normally.
Is there any way to find out why the icon is not loaded?
The link from Hudgi resolved the issue.
https://support.apple.com/en-us/HT210176
It was the required key size of 2048 bit, and my key was 1024 bit.
The reason the page was otherwise working is that it was cached.
I am generating a certificate like so:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem
I want secTrustEvaluate to pass when I send in the key. I am converting the cert.pem to a SecTrustRef. Then I am adding it to the list of anchor certificates like so:
SecTrustSetAnchorCertificatesOnly(trustRef, true);
My question is if I then do:
SecTrustEvaluate(trustRef);
It is currently evaluating to false, which I believe is correct. All I want is to be able to create a certificate, then get that certificate to evaluate true via SecTrustEvaluate. Is this possible, or do I have to get my certificate signed by a CA? Note, this is just for testing that my SSL certificate validator is working.
I have a certificate and private key that I want to put together, in code, into a PKCS12 file with the OpenSSL library (libcrypto). I know how to do this via the command-line tool:
$ openssl x509 -in developer_identity.cer -inform DER -out developer_identity.pem -outform PEM
$ openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
$ openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12
But how can I do it in code?
If you are willing to use C code in your objective-C code and you have OpenSSL library for iOS then you can do it.
You can use PKCS12_create function to create a PKCS12 structure and write it to file using i2d_PKCS12_bio function.
PKCS12_create takes the certificate, private key, passphrase, chain of CA certificates and other parameter.
It is explained in a pretty well manner in documentation.
I hope this will help you to start coding.
I am writing iOS Application. Server sends RSA public key to application. Now application has to encrypt some information using RSA algorithm
Kindly provide me some reference.
Thanks
iOS has no special API for RSA, but there are some APIs about Certificate. You can use these APIs to encrypt your data by RSA.
First, you must use openssl to generate your RSA private key and public key. The most important thing is that the public key must be signed. Here is a instruction to generate the keys.
openssl req -x509 -out public_key.der -outform der -new -newkey rsa:1024 -keyout private_key.pem -days 3650
However, if you already has a private key(.pem file), you can follow the instructions:
openssl req -new -out cert.csr -key private_key.pem
openssl x509 -req -in cert.csr -out public_key.der -outform der -signkey private_key.pem -days 3650
You can check the public_key.der by opening it in xcode.
When you get the correct public_key.der file, you can view the RSA.h and RSA.m here. I'm sorry that I have no time to rewrite this post by English again.
This Pod encapsulates the encryption: https://github.com/xjunior/XRSA
I don't know much about iOS but the Certificate, Key, and Trust Services Reference seems to be what you need. It appears the SecKeyEncrypt will be used by you at some point.