Problem
I am experiencing a problem setting up Apple APNS on centos.
I have my Apache tomcat deployed and working fine. Also I am using Javapns to send push messages.
My Push notifications are working fine on windows, (within eclipse and on Apache standalone). but once I deploy the application to the server(centos 6) I get the Error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
I am using a p12 certificate that works perfect on Windows as I said. but with no luck on Centos.
Environment:
Apache Tomcat with a Spring 4 deployed webapplication. running on centos 6. with Java 1.7.57.
Using Javapns of course for initiating the Push notifications. And I think it is worthy to mention that my P12 certificate is placed inside the WEB-INF/certs/certificate.p12.
-I do not have a SSL certificate for my webserver.
My Questions:
despite the fact that Javapns documentation states that Javapns is designed to work as part of a webapplication or even standalone, Is there any special configuration I have to modify on the server to allow my Service to run?
What is confusing me is that the same p12 certificate works locally but not on linux?
Is this something related to security chains on the server? or settings of Apache tomcat to allow such service to run?
I tried almost everything, posting this as I feel really stuck with this problem.
Thank you in advance.
When using APNS your server is connecting via SSL to the Apple APNS servers. The message you're receiving means that your used Java environment isn't aware of the issuing certificates - and hence cannot build the trustchain to validate the server certificate.
Check first with the following command <javabin>/keytool -list -keystore <javahome>/jre/lib/security/cacerts if you find the Apple certificates in the JVMs keystore.
If you don't find the Apple certs in there you can import them using this command.
<javabin>/keytool -import -noprompt -trustcacerts -alias <an_alias> -file <the_cert_file> -keystore <javahome>/jre/lib/security/cacerts -storepass changeit
You'll get the Apple root and intermediate certificates here: https://www.apple.com/certificateauthority/
Thank you muenzpraeger for your suggestion, but it was not the solution.
I could solve this through the great post found on http://cloudfields.net/blog/ios-push-notifications-encryption/
The problem as stated is related to authenticating the certificate to do communication over SSL. I had to command-line the Apple APNS certificate. and things worked like magic.
I am happy though for what you have posted as it lead me to read more about keystores.
Thank you for your help.
Related
I am currently using Symfony with react and webpack to build an application. I use the Symfony CLI development server. I would like to turn this application into a Progressive Web Application (PWA) according to the cookbook at PWA Workshop. However, according to the information I'm gathering, a fully trusted SSL certificate is required for mobile testing, etc. and the use of mkcert is recommended (or maybe Let'sEncrypt). I've already followed the process to enable TLS on the Symfony CLI server. However, the certificates generated appear to be self-signed and are not a fully trusted. Is there a way either call the trusted mkcert certificates from the Symfony CLI server command line or reference them in Symfony config files so that the server uses them instead of the self-signed ones generated by the symfony server:ca:install command? (mkcert appears to generate two .pem files and other non-php development servers such as http-party/http-server can call them direct from the command line.) My work around is to configure my local apach2 server with the certificates, but I'd like to keep using the Symfony server for debugging.
UPDATE
I failed to mention that my development environment is WSL2 on windows 10. That seems to be the problem with getting trusted certificates to work. Since the browsers run in Windows and the servers run in WSL, the windows browsers don't accept the certificates. My current work around for mkcert and apache2 running on WSL is to:
Install mkcert on both WSL and Windows, Running mkcert -install in both WSL and Windows,
Copy the windows root certs from the Trusted Store created in Windows to the Trusted store created in WSL. You find these stores in both environments by running mkcert -CAROOT in the respective environments,
Run mkcert localhost 127.0.0.1 and add cert pair to a folder somewhere according to mkcert's instructions,
Then configure apache2 to use SSL and the mkcert cert pair according to instructions found all over the internet.
I found this workaround at mkcert solution.
However, this issue still remains for the Symfony Server. It is unclear where the certificates (root or otherwise) are installed when symfony server:ca:install is run and whether there is a way to make copies of those certificates such that the servers can be run in WSL and windows will accept them. Also, the Symfony docs don't indicate whether those certs are just self-signed or if they are trusted root certs like mkcert.
When I am try to connect the ROS using Realm Studio its says "The servers certificate could not be trusted"
Below is the screen-print :
I faced similar issue as you. But after reading Realm Studio does not trust SSL certificate of Realm Cloud on Linux #898 issue
Clicking "Reconnect, trusting the certificate" reloads the window but the same error is shown, endlessly. This was fixed with #905 but the issue of not automatically trusting the Realm Cloud certificate persists.
Users can now (once again) choose to trust the a certificate, but the issue remains that Studio does not automatically trust the Realm Cloud certificates of Realm Cloud.
I upgraded the realm studio to version 2.7.0 and attempted to reconnect. It worked.
I searched a lot to find any source how to publish.net core projects to free hosting (shared) servers. But I couldn't find anything about it.
I don't talk about to publish linux vm servers. Free web servers does not have any console. Are they?
I know they use ftp solutions.I couldn't find any article to publish aspnet core to linux public server via ftp.
Is it possible?
In general, you would just enable port 22 on your hosting site's config, scp your published project to copy it there, then run dotnet restore and dotnet run on your remote server with ssh -t. The particular company you mentioned, 000webhost, only allows ssh on their paid tier, and it looks like they are focused primarily on php and mysql anyways. I would suggest you get an AWS instance, or some other full server hosting company, and move your app there.
I am developing my new project in symfony 2 in built-in Symfony2 sever (app/console server:run). Is it possible to run my website with https on this server?
now it is possible using the symfony cli, you can install a ssl certificate
symfony server:ca:install
https://symfony.com/blog/local-web-server-reloaded-for-symfony-apps
To install symfony client if you are on a Mac run:
curl -sS https://get.symfony.com/cli/installer | bash
Otherwise check this link for other OS: https://symfony.com/download
The php app/console server:run use the PHP built-in web server that was designed to aid application development and isn't supposed to support SSL, just plain HTTP requests.
You can try to use this https://stackoverflow.com/a/12946566/3059764
I am able to start Glassfish through command line. However, when I try to start the server through Eclipse I encounter the following error:
The Eclipse plugin cannot communicate with the GlassFish server, status is :CREDENTIAL_ERROR
I have checked my login credentials (admin/adminadmin) and they are correct (I'm able to login into the admin console on port 4848 with the same user/pass). Here is my system info:
OS: OS X 10.6.7
Eclipse: Indigo Service Release 1
Glassfish V3.0.1
Glassfish Plugin: GlassFish Server Open Source Edition 3 (Java EE 6)
GlassFish user/pass: admin/adminadmin
Please let me know if there is a solution to the problem.
Here is what worked for me - after some googling I saw a post saying the error message is misleading and it might be a port conflict. In my Eclipse I have a proxy server entry which uses port 8080 (same as GF). So I changed port to 9090 in domain.xml and GF started no problem. My system is Win7x64, Eclipse 3.7.1, GF 3.1.1
In the "Servers" view, right-click on the glassfish server and choose "Open"
Within the section "Application Server", ensure that "Use Anonymous Connection for Administrator Commands" is NOT checked off.
Application Server
You can edit some runtime properties fro the Application Server(GlassFish or Sun)
Domain Directory
Admin Name
Admin Password
Admin Server Port Number
_ Use Anonumous Connection for admin Commands.
^
If checked, eclipse plugin does not use your login credentials (admin/adminadmin) .
kill java process from task manager if it not show java process then restart your pc >> it work for me
As has been stated a few times here, the port conflict will cause this. I found that I could not edit the port information in Eclipse, I had to edit the domain.xml file. I searched for 8080, which took me straight to the tag. In here, i changed http-listener-1 form 8080 to 8000.
I then had to remove the GlassFish Server from the Servers tab in eclipse, and re-add it back. (this was many times faster than restarting Eclipse). now the new port is identified, and I was able to start GlassFish server.
Note: I am using the Oracle Enterprise Pack for Eclipse, not the generic eclipse plug-in.
In my case, i did "ps -ef | grep java" and realized there was a glassfish process already running. I think it started as part of the installation. I killed it and started the server from Eclipse again and it worked like a charm
There is another service at 8080 (or your port definition in GF settings).
For me, stop this service and try start GF by Eclipse.
Check for Tomcat running, or others apps.
Take a look at your Anti-Virus Web Scanning settings. Mine had an entry for port 8080 to be scanned for http traffic. I removed it and the server could then be launched without a problem from within Eclipse.
Regards
Chris
This is caused to me from AVG Network Scanner Service.
This service is occupying port 8080 !
I had the problem. Fixed by changing permissions of the domain folder to be writable.