APNS setup for the server - ios

I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...

The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.

Related

Self Signed Certificate in GitHub Webhook

I have got Jenkins server setup in Azure VM with self-signed certificate, when I tried to setup a webhook from GitHub server I getting error "We couldn’t deliver this payload: certificate signed by unknown authority".
Do we have any way to import my CA file into GitHub trusted entry? I have tried searching in different forums but could see any response.
Thanks,
If you have admin access to the server you can install into it's cert store.
Most likely will never work for github.com, only for github enterprise.
https://docs.github.com/en/enterprise-server#3.4/admin/configuration/configuring-your-enterprise/troubleshooting-ssl-errors#installing-self-signed-or-untrusted-certificate-authority-ca-root-certificates

SSL Certificate from RapidSSL with Heroku and CloudFront

I missed the end date of my SSL certificate few days ago but I did buy the renew last month. My app runs with Ruby on Rails using Heroku and CloudFront for the assets. My SSL certificate come from RapidSSL.
Here is the process I did:
I got the RapiddSSL key by email that i store in a crt file
I ran the Heroku command line heroku certs:update cert.crt server.key -- app remote production
The command line heroku certs --app remote production results with a trusted status but when I open the URL browsers warns about that untrusted certificate.
At the same time none of application assets stored on CloudFront are available (net::ERR_INSECURE_RESPONSE).
I asked for help on Heroku assistance, they told me that the SSL certificate for the app is OK but it's seems to need an update for assets certificate.
So I went to AWS console in aim to find CloudFront SSL configuration, I ended on ACM console page to give the RapidSSL certificate to resolve the problem but I cannot be sure to take the right files to do this.
What I need is to solve the access to the website and to the associated assets to ensure trust of my customers.
What did I wrong? Am I missing something?
Thanks for any help you can provide!
Generally net::ERR_INSECURE_RESPONSE error occurres in SSL certificate when the browser found the mixed content warning. Which simply means few of your content is active with HTTP and others are active with HTTPS.
Please check your content portion, if you find any content which is active with HTTP, turn in into HTTPS.
It sounds like maybe the issue might be an outdated certificate on CloudFront.
If so, you can either upload your RapidSSL certificate using aws iam upload-server-certificate, or (I'd prefer) request a new certificate that you'll only use with CloudFront from AWS Certificate Manager. The latter is free, and AWS will autoupdate the certificate before it expires.
You can start this simple and quick process by going to your CloudFront distribution in AWS Console, and clicking Edit > Request or Import a Certificate with ACM
Once that is done, you will be able to choose the certificate from the Custom Certificate dropdown at the same location (screenshot).
Note: If you upload your RapidSSL certificate, it must be uploaded to eu-east-1 (N. Virginia) in order to be used with CloudFront. Requesting ACM Certificates must also be done in this region
If you provide an URL to your website, it's easier to confirm this issue.
I scribbled some notes on this here with more details on uploading your own/RapidSSL certificate.

Access Development server with self-signed SSL Certificate

My app needs to connect to an internal web server through https.
The server has a self-signed certificate that is valid until next year:
I have installed this certificate in the iOS Simulator and on the device (Certificate.cer):
I am watching the traffic with Charles and the request does not even "leave" my computer.
The problem seems to be due to the SSL Certificate because when I can access the server through the internal url and the port 8080 everything works fine.
I did try the hack with the category allowsAnyHTTPSCertificateForHost:. This did not work in the simulator as well as on the device.
There seems to be official API to do this: How to use NSURLConnection to connect with SSL for an untrusted cert?
However, since this is only my development environment I would prefer not to change my code base for now. Plus I am using a framework to parse my data and I might have to deeply interfere with that framework to get to the API described above.
So my question is, should it not be possible to install the certificate and then use the server as if there was an official SSL certificate.
Email the self-signed certificate to yourself then open it on your iPhone. You will be taken through the steps to install the certificate on your phone.

Can I use self-signed SSL certificate server to deploy Enterprise app over air?

After iOS 7.1 ,if we want to deploy our Enterprise app over air, the URL for the manifest.plist file has to be HTTPS.
For example:
itms-services://?action=download-manifest&url=https://example.com/manifest.plist
In my server I use a self-signed SSL certificate. When I tap the URL on an iPhone, it says Could not connect to <ip-address> and logs the typical
NSUnderlyingError=0x15d37040 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be `<ip-address>`, which could put your confidential information at risk.
So, I want to know whether I can use the self-signed SSL certificate or not?
If I can, how do I resolve the problem the problem I've encountered?
First have the user install the self-signed SSL certificate on their device. Or use a free verified SSL service.
You will need to have the user install this file https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
I believe this service provides browser-validated SSL certificates. https://www.startssl.com/?app=1

Grails SSL certificate error

I'm using the acegi security plugin and I run the app -https. The cert is generated but I get a certificate warning when i visit the web page. I have then download the weak ssl plugin and added weakssl.trustAll =true to Config.groovy. But still getting the same warning. Have I left out anything?
The warning is normal. You can just accept the self-signed certificate. The weakssl module allows the Grails server to trust itself even if it provides a self-signed certificate. It has no effect whatsoever on the client. (Think what a horrible security hole it would be if you could just install some code on the server and get a client to accept a self-signed certificate without a warning!)
To solve your problem you need to either
manually tell your browser the certificate is OK by adding the certificate to your truststore
or
get a certificate from a trusted CA (Certificate Authority) a list of trusted CAs is stored in your browser. To get a certififate from a CA you need to proof your identity and pay (a lot) some money.
so I recommend you just accept the untrusted certifcate unless you want to buy a CA certificate.
The config you changed tells only the server to accept all certificates. i.e. if your server is connecting to another server

Resources