I'm having issues with creating a certificate to use with XAMPP. I've been looking everywhere for a solution but I can't seem to find one that works for me.
So I'm following this guide (reading to the comments not a lot of people are happy with it tho but I don't find anything else): https://gist.github.com/nguyenanhtu/33aa7ffb6c36fdc110ea8624eeb51e69
And in the first step they ask you to run the makecert.bat that's located in the C:\xampp\apache directory.
When I run it I get this error:
Generating a 2048 bit RSA private key
......................+++
........+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:testen
2684:error:28069065:lib(40):UI_set_result:result too small:.\crypto\ui\ui_lib.c:831:You must type in 4 to 511 characters
2684:error:0906406D:PEM routines:PEM_def_callback:problems getting password:.\crypto\pem\pem_lib.c:116:
2684:error:0907E06F:PEM routines:DO_PK8PKEY:read key:.\crypto\pem\pem_pk8.c:130:
unable to load Private Key
1204:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:708:Expecting: ANY PRIVATE KEY
server.csr: No such file or directory
Could Not Find C:\xampp\apache\server.csr
Het systeem kan het opgegeven bestand niet vinden.
Het systeem kan het opgegeven bestand niet vinden.
-----
Das Zertifikat wurde erstellt.
The certificate was provided.
As it says, there is no server.csr located in that directory, it's located under \xampp\apache\conf\ssl.csr
If I go to chrome and go to https://localhost/project I get the warning that the connection is not secure, if I click on advanced and move on I can continue on https eventhough the browser doesn't show the green safe thingy.
Problem is I'm working on with a woocommerce shop and the API, the API needs a secure connection.
Anyone that can help me solve this issue please? Thank you! I'm eager to learn. :)
Related
For quite some time we have been getting the following error from yahoo:
mail.log:6452:Apr 22 19:21:06 aegir postfix/smtp[8997]: 87BCF4C93F: host mta7.am0.yahoodns.net[67.195.228.110] said: 421 4.7.0 [IPTS04] Messages from 188.93.125.68 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to end of DATA command)
If someone did get the similar, how did you solve this issue?
I've been trying to contact Yahoo but everytime I get automated response and ticket closure as I send it.
What other thing I can offer is DMARC report if its relevant:
https://mxtoolbox.com/DmarcReportAnalyzer.aspx?id=F-9a3a8364-6cba-41f9-b93f-cfc32155a3f6
Test for headers and every check seems to be working alright:
https://www.mail-tester.com/test-m5ytebosm
Google email is showing everything is pass:
gmail email
gmail header
For now I've tried changing OpenDKIM to relaxed/relaxed from relaxed/simple.
Removed p=quarantine and added p=none
Sorted out SPF record for official signing domain just in case, added another IP address where resourcecenter is found.
Will provide additional info if needed.
Operating System Win server 2012 R2
I am creating Root CA in Active directory certificate service.
I am using my custom RSA KSP, (Key Storage Provider) based on CNG(Cryptographic Next Gen. API).
My certificate is created in c:\windows\system32\certsrv\certenroll\mycert.crt
All seems well, I open and see my certificates, it seems ok and signatre is also ok.
.........................................
My certsvc is not starting is is saying.
Signature is not valid.
The cryptographic sinature is invalid, oxc000a000.
Also, .crl is nor created.
When I verify my certificate using
certutil -verify
is says..
cannot check leaf certificate revocation status.
I am not able to check, what's going wrong.
Can I get some hint, what's going on with my CA.
Thanks In Advance.
I figured it out, just after posting the question.
When Microsoft ROOT CA is passing signature, in CNG signinig api.
It is expecting that we must prepend the NID, or oid and then sign it.
and return the same signed bytes.
I'm using WCF webservices with WIF. More specification, I'm using WS2007FederationHttpBinding. All works well on the localhost machine used for development.
However, when trying a remote install with the server deployed on IIS and the client being launched from an other PC, my channel Open method fails with the following exception :
The X.509 certificate CN=MyOwnCertificate chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.
(MyOwnCertificate being a self-signed certificate using makecert; the certificate has been inserted in Trusted Root Certification Authorities).
So I first tried to remove this constraint by the following code, for test purposes :
this.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
this.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
which indeeds removes the initial exception fault. However the InnerSecurityTokenProvider now returns its own exception :
"Le message n'a pas pu être traité car l'action
'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT' n'est pas
valide ou non reconnue."}
(sorry for the french message).
Is there a way to make self-signed certificates work in such a remote scenario ? (which I would prefer since I only need the certificate for internal use)
Would it work with a certificate generated with openssl (http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php) ?
Your help will be most welcome. Thanks.
EDIT 06/01/2012 : Also tested with a signed certificate as suggested (+ revocation list), works in local but fails in remote. Certs have been defined as explained here. I have the CA certificate deployed under Trusted Root. The IP and Server certificates are deployed in MY (with pfx) and Trusted People (with cer). Also IIS has been setup so that the NETWORK account can access private keys deployed under LOCALMACHINE MY.
EDIT 07/01/2012 : It works when the certificate is issued by an official CA (i.e verisign, thawte ...)
Try creating a certificate called, say, "SelfCA"; then inserting that into your Trusted root store. Then create a new certificate for your use, but this time sign it with "SelfCA".
Refer to this page:
http://msdn.microsoft.com/en-us/library/ms733813.aspx
I'm working with outlook and I got a problem.
I dont know why and how, but my outlook project lost the Certificate.
so I go on vba->tool->tools->Personal Digital Signature
I set a Certificate.
I try to save and got an error.
in french "Une erreur est survenue lors de la signature du projet. Le projet non-signé a été enregistré."
this means : an error occurred during Signature of the project. the project unsigned has been saved.
after the digital sign is empty.
and I still cant use macro.
I dont know what to do.
help me
I found a way: I use an old VbaProject.OTM.
I need to generate a CTL for use with IIS7.
I generated a CTL file using MakeCTL (on Win2k3 SDK) and put only my own RootCA certificate in the CTL.
However, when I then use adsutil.vbs to set my website to use this CTL, I get:
ErrNumber: -2147023584 (0x80070520)
Error Trying To SET the Property: SslCtlIdentifier
I'm using adsutil.vbs like this:
cscript adsutil.vbs set w3svc/2/SslCtlIdentifier
where is the friendly name of the CTL
The problem is, I am not able to set a friendly name. At the end of the wizard it says "Friendly Name: ".
In IIS6 I can create a CTL with a friendly name (showing in Certificates MMC) but if I export it from there, when I import it, it no longer has a friendly name.
Can anyone show me how to do it please?
This should work on IIS 7.0 but probably not on IIS 7.5.
Let us know if this page is helpful please - http://www.rethinker.net/Blog/Post/14/How-to-Create-and-Use-a-CTL-for-IIS-7-0
I'm experiencing exactly the same problem and am having the same trouble finding an answer.
There appears to be no documented way to create a friendly name for Certificate Trust Lists using MakeCTL. And the only documented way to add a CTL to IIS7 uses the adsutil script Neil references above, yet it requires a friendly name. I assume we could dig into a programatic way to do this but I'm not looking to get that deep.
The core of this problem is that IIS7 seems to have lost favor for CTL's, else it would have some UI support for them. Are people using some alternative to CTL's in combination with Client Side Certificates?
I find it odd this isn't a bigger problem for IIS7.
Update:
I finally came back to this and have figured out the Friendly Name issue. To get a friendly name assigned you must store the CTL in the Certificate Store rather than to a file (I had always used the file approach previously). So, using MakeCTL in the wizard mode (no arguments) and choosing to 'Certificate Store' on the 'Certificate Trust List Storage' page results in a new page that let's you specify a Friendly Name.
So I now have a CTL in the 'Intermediate Certification Authorities' certificate store of LocalMachine. Now I am trying to use 'netsh http add sslcert' to assign the CTL to my site.
Before I could use this command I had to remove the existing SSL cert that was assigned to my site for server authentication. Then in my netsh command I specify the thumbprint of that very same SSL cert I removed, plus a made up appid, plus 'sslctlidentifier=MyCTL sslctlstorename=CA'. The resulting command is:
netsh http add sslcert ipport=10.10.10.10:443 certhash=adfdffa988bb50736b8e58a54c1eac26ed005050 appid={ffc3e181-e14b-4a21-b022-59fc669b09ff} sslctlidentifier=MyCTL sslctlstorename=CA
(the IP addr is munged), but I am getting this error:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
I am sure the error is related to the CTL options because if I remove them it works (though no CTL is assigned of course).
Can anyone help me take this last step and make this work?
UPDATE 01-07-2010: I never resolved this with IIS 7.0 and have since migrated our app to IIS 7.5 and am giving this another try. I installed IIS6 Compatibility on my test server and tried the steps documented here using adsutil.vbs. I immediately ran into this same error that Niel did above:
ErrNumber: -2147023584 Error trying to SET the Property: SslCtlIdentifier
when running this command:
adsutil.vbs set w3svc/1/SslCtlIdentifier MyFriendlyName
I then went on to try the next adsutil.vbs command documented and it failed with the same error.
I have verified that the CTL I created has a Friendly Name of MyFriendlyName and that it exists in the 'Intermediate Certification Authorities\Certificate Trust List' store of LocalComputer.
So once again I am at a dead standstill. I don't know what else to try. Has anyone ever gotten CTL's to work with IIS7 or 7.5? Ever? Am I beating a DEAD horse. Google turns up nothing but my own posts and other similar stories.
Update 6/08/10 - I can now confirm that KB981506 resolves this issue. There is a patch associated with this KB that must be applied to Server 2008 R2 machines to enable this functionality. Once that is installed all works flawlessly for me.
The question is about IIS7, but for anyone looking for this information - from IIS8 you no longer need to use CTLs, but rather use "Client Authentication Issuers" in the certificate store.
This is documented in more detail: http://technet.microsoft.com/en-us/library/hh831771.aspx