EzDevInfo.com

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows message error as below.

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Convert .pfx to .cer

Is it possible to convert a .pfx (Personal Information Exchange) file to a .cer (Security Certificate) file? Unless I'm mistaken, isn't a .cer somehow embedded inside a .pfx? I'd like some way to extract it, if possible.

Xcode 4 - "Valid signing identity not found" error on provisioning profiles on a new Macintosh install

I had a Macintosh I used to develop iPhone apps with using XCode 4. I now have a new Macintosh with a new install of... everything.

When opening Xcode projects built on the old Mac, I cannot run the app on the iPhone that was configured as a development iPhone.
Xcode 4 organizer tells me "Valid signing identity not found" on my provisioning profiles.

I guess this is something to do with the .certSigningRequest file I had generated before on the old Mac (I have a backup of that file), but what do I have to do with it on the new Mac?

Another strange thing, I don't see my 5 existing provisioning profiles (defined on Apple provisioning portal) in the organizer, even after a refresh and after having entered my provisioning portal login and password :

How can I deploy an iPhone application from Xcode to a real iPhone device?

How can I deploy an iPhone application from Xcode to real iPhone device without having a US$99 Apple certificate?

Convert .pem to .crt and .key

Can anyone tell me the correct way/command to extract/convert the certificate .crt and private key .key files from a .pem file? I just read they are interchangable, but not how.

How do I fix certificate errors when running wget on an HTTPS URL in Cygwin?

For example, running wget https://www.dropbox.com results in the following errors:

ERROR: The certificate of `www.dropbox.com' is not trusted.
ERROR: The certificate of `www.dropbox.com' hasn't got a known issuer.

SSL certificate is not trusted - on mobile only [closed]

My site is working great over SSL in my desktops (chrome) I have a green lock near the address bar saying "Identity verified"

But using a mobile mobile browser (Chrome/Safari)I see the following message - "The identity of this website has not been verified" and the lock (in chrome near the address bar) has a red x mark on it Any idea why it happens?

How to create .pfx file from .cer certificate and private key

I need .pfx file to install https on website on IIS.

I have two separate files: certificate (.cer or pem) and private key (.crt) but IIS accepts only .pfx files.

I obviously installed certificate and it is available in certificate manager (mmc) but when I select Certificate Export Wizard I cannot select PFX format (it's greyed out)

Are there any tools to do that or C# examples of doing that programtically?

How to give ASP.NET access to a private key in a certificate in the certificate store?

I have an ASP.NET application that accesses private key in a certificate in the certificates store. On Windows Server 2003 I was able to use winhttpcertcfg.exe to give private key access to the NETWORK SERVICE account. How do I give permissions to access a Private Key in a certificate in the certificate store (Local Computer\Personal) on a Windows Server 2008 R2 in an IIS 7.5 website?

I've tried giving Full Trust access to "Everyone", "IIS AppPool\DefaultAppPool", "IIS_IUSRS", and everyother security account I could find using the Certificates MMC (Server 2008 R2). However the below code demonstrates that the code does not have access to the Private Key of a certificate that was imported with the private key. The code instead throws and error everytime the private key property is accessed.

Default.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Import Namespace="System.Security.Cryptography.X509Certificates" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Repeater ID="repeater1" runat="server">
            <HeaderTemplate>
                <table>
                    <tr>
                        <td>
                            Cert
                        </td>
                        <td>
                            Public Key
                        </td>
                        <td>
                            Private Key
                        </td>
                    </tr>
            </HeaderTemplate>
            <ItemTemplate>
                <tr>
                    <td>
                    <%#((X509Certificate2)Container.DataItem).GetNameInfo(X509NameType.SimpleName, false) %>
                    </td>
                    <td>
                    <%#((X509Certificate2)Container.DataItem).HasPublicKeyAccess() %>
                    </td>
                    <td>
                    <%#((X509Certificate2)Container.DataItem).HasPrivateKeyAccess() %>
                    </td>
                </tr>
            </ItemTemplate>
            <FooterTemplate>
                </table></FooterTemplate>
        </asp:Repeater>
    </div>
    </form>
</body>
</html>

Default.aspx.cs

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Web.UI;
public partial class _Default : Page 
{
    public X509Certificate2Collection Certificates;
    protected void Page_Load(object sender, EventArgs e)
    {
        // Local Computer\Personal
        var store = new X509Store(StoreLocation.LocalMachine);
        // create and open store for read-only access
        store.Open(OpenFlags.ReadOnly);
        Certificates = store.Certificates;
        repeater1.DataSource = Certificates;
        repeater1.DataBind();
    }
}
public static class Extensions
{
    public static string HasPublicKeyAccess(this X509Certificate2 cert)
    {
        try
        {
            AsymmetricAlgorithm algorithm = cert.PublicKey.Key;
        }
        catch (Exception ex)
        {
            return "No";
        }
        return "Yes";
    }
    public static string HasPrivateKeyAccess(this X509Certificate2 cert)
    {
        try
        {
            string algorithm = cert.PrivateKey.KeyExchangeAlgorithm;
        }
        catch (Exception ex)
        {
            return "No";
        }
        return "Yes";
    }
}

iOS Keychain Security

we want to use certificates on the iPhone to authenticate for MS Exchange Sync. We are not sure how the security concept is implemented to protect this certificates.

e.g. is it possible to get "full" Keychain access on the iPhone if no ScreenLock is enabled? (or with an Jailbroken iPhone).

Does anybody has some links about this?

How are ssl certificates verified?

What is the series of steps needed to securely verify a ssl certificate? My (very limited) understanding is that when you visit an https site, the server sends a certificate to the client (the browser) and the browser gets the certificate's issuer information from that certificate, then uses that to contact the issuerer, and somehow compares certificates for validity.

• How exactly is this done?
• What about the process makes it immune to man-in-the-middle attacks?
• What prevents some random person from setting up their own verification service to use in man-in-the-middle attacks, so everything "looks" secure?

Cheapest Java code signing certificate? (not self-signed) [closed]

Where can I get an inexpensive Java code signing certificate?

Everywhere I look they want USD200 to USD300 per year! Unfortunately I cannot use a self-signed one as I'm trying to get rid of the scary warnings so that users will be more likely to accept my application. And as far as I know (per Stack Overflow question Are Java code signing certificates the same as SSL certificates?), it has to be a code signing certificate, it cannot be an SSL certificate.

How to create a self-signed certificate for a domain name for development?

I have subdomain.example.com that I use for development purposes. My web application solution contains a web API etc, that I need to call from external systems, hence I am not using localhost.

I now need to test for SSL and need a certificate for my subdomain.example.com development domain name.

I have tried creating a self-signed certificate as outlined in http://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx, but this certificate only works for localhost. Can this certificate be used for my purpose or will I have to create a self-signed for my development subdomain? If I have to create a self-signed certification for my development subdomain, what utility or online service (Free) can I use for this?

Xcode - iPhone - profile doesn't match any valid certificate-/private-key pair in the default keychain

I tried to add my iPhone to Xcode4 to test my Application on it. I added the device in the Apple Developer-Center and downloaded the Provision-Profile. We pay 99$ per month for the account and I'm not the only person who use this account. So there is already an "older" certificate present which I tried to add to my keychain-manager. But I see a red-text above it (translated from german) "This certificate has been signed by an unknown instance.".

In my XCode-Device Manager in the Provisioning-Section there's also an error: "XCode could not find a valid private-key/certificate pair for this profile in your keychain."

I really don't understand what I have to do now. These keys may really not exist in my keychain, I can't find them. So how I have to create them know and how can I use them if there is already one certificate in the Apple Dev-Center?

How to import a .cer certificate into a java keystore?

During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer format. When I inspect the file using a text editor, it has the following contents:

-----BEGIN CERTIFICATE-----
[Some base64 encoded data]
-----END CERTIFICATE-----

I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.

I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool command). When I list the entries in the keystore, this entry is of the type trustedCertEntry. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication...

A workaround I have found is to import the certificate in IE and export it as a .pfx file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer file directly into Java. Any thoughts?

Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later. Maybe that helps...

Thanks in advance,

Jan-Pieter