Showing posts with label certificate. Show all posts
Showing posts with label certificate. Show all posts

Thursday, November 10, 2022

[FIXED] How to prepare for magento certification?

      , ,      No comments   

Issue

Currently i am working as Jr.Magneto developer since past 10 month and now i want decide to take exam of Magneto certified developer is it good idea to take exam ?Is there make difference during my next job interview? If yes then please provide some guidance about tutorial to learn and how much time require to preparation?please provide some guidance.

Thank you


Solution

First you need to go through Magento Video tutorials at least twice and then checkout below links

http://blog.belvg.com/tag/certification

http://blog.magestore.com/category/magento-certification

http://inchoo.net/ecommerce/magento/magento-mysql-database-structure/

http://www.ecomdev.org/blog

http://blog.magestore.com

http://ka.lpe.sh/2012/12/27/magento-certified-developer-exam/

http://quizlet.com/20443995/magento-certification-preparation-study-guide-answers-flash-cards/

http://ka.lpe.sh/2013/01/04/magento-certification-preparation-interview-questions-answers/



Answered By - MagentoDiary
Answer Checked By - Terry (PHPFixing Volunteer)

Wednesday, September 21, 2022

[FIXED] how to export private key from Godaddy certificate and use with Apache SSL

      , , ,      No comments   

Issue

I purchased a Godaddy Certificate, I correctly installed it on my Mac Server, so now I see 2 entry within Keychain Application:

  • Go Daddy Secure Certification Authority
  • mydomain
    • mydomain (private key)

Then I added the certificate (mydomain.com) to a VirtualHost of httpd.conf file, so:

<VirtualHost *:443>
     DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
     ServerName mydomain.com
     ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
     CustomLog "/private/var/log/apache2/mydomain.com-access_log" common
     SSLCertificateFile /etc/apache2/mydomain.cer
     JkMountCopy On
     JkMount /* ajp13
</VirtualHost>

Then, I guess, I also need the private key file, otherwise Apache fails to handle the certificate. How to do this? I can save the certificates from Apple Keychain into .pem and .cer file.


Solution

In the Keychain, export your private key and certificate in PKCS#12 format (.p12 file, Personal Information Exchange). You should be able to do this using by expanding your private key entry (in Keychain Access), right-clicking on its certificate and using Export. It will probably ask you for a password to protect this p12 file.

Then, in the Terminal, extract the private key using OpenSSL:

 umask 0077
 openssl pkcs12 -in filename.p12 -nocerts -nodes -out filename-key.pem
 umask 0022
  • Note that you should protect this file, since the private key will not be password protected (so that it can be used by Apache Httpd).

Similarly, for the certificate (although it seems you may already have it in PEM format, so you might not need this step):

 openssl pkcs12 -in filename.p12 -clcerts -nokeys -out filename-cert.pem

Then, set the SSLCertificateFile (cert) and SSLCertificateKeyFile (private key) options to point to these files in your Apache Httpd configuration.



Answered By - Bruno
Answer Checked By - Timothy Miller (PHPFixing Admin)

[FIXED] How to configure multiple SSL certs on Apache virtual host with aliases?

      , , , ,      No comments   

Issue

I have a web-app that runs on several country domains with the same code. Apache is configured with aliases. This works, except for the point of configuring individual SSL-certs:

    ServerAlias *.server-at
    ServerAlias *.server-ch
    ServerAlias *.server-es

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/rex.server-de.crt
    SSLCertificateKeyFile /etc/ssl/private/rex.server-de.key

Is it possible with apache2 to configure more than one SSL certificate inside a virtualhost container?


Solution

You can configure the individual certificates easily using a virtual host for each domain differentiating requests by ServerName. For example

listen 443

<VirtualHost *:443>
    ServerName rex.server.de:443
    SSLEngine on
    SSLCertificateFile " /etc/ssl/certs/rex.server-de.crt"
    SSLCertificateKeyFile " /etc/ssl/certs/rex.server-de.key"
</VirtualHost>

<VirtualHost *:443>
    ServerName rex.server.at:443
    SSLEngine on
    SSLCertificateFile " /etc/ssl/certs/rex.server-at.crt"
    SSLCertificateKeyFile " /etc/ssl/certs/rex.server-at.key"
</VirtualHost>


Answered By - pedrofb
Answer Checked By - Robin (PHPFixing Admin)

Saturday, July 30, 2022

[FIXED] How to validate a SSL certificate with C#

      , , , ,      No comments   

Issue

maybe one of you can help me answer my question about validating certificates in the .NET framework. Unfortunately I found only superficial answers to my questions during my research on the Internet, but no exact explanation.

Meanwhile I know that I can check in my software with the following code whether a certificate is valid.

ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;

private bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
{
   return policyErrors == SslPolicyErrors.None;
}

But I would now like to know what Microsoft is checking here exactly? What checks were performed by the framework to make the result SslPolicyErrors.None?

For example, is the root certificate also validated here and where it comes from? If so, how?

In your opinion is it still necessary (or useful) to add additionally my own checks to these checks, which the .NET Framework hasn't made yet?


Solution

This is partially just a repeat of c# Validating an X509Certificate2: am I doing this right?, the short form answer from there is that the checks you get for free (with no custom handler, or that are already done before your handler):

  • The certificate chain is valid (otherwise SslPolicyErrors.RemoteCertificateChainErrors is set)
    • The certificate chains up to a trusted root authority
    • The certificate is not expired (or from the future)
    • The certificate indicates that it is intended to be used as a TLS server certificate
    • If revocation was enabled on the request (it's off by default), no certs in the chain are revoked.
  • The certificate applies to the hostname you were connecting to (otherwise SslPolicyErrors.RemoteCertificateNameMismatch is set)

For example, is the root certificate also validated here and where it comes from?

The certificate verification here uses the same root trust list as Internet Explorer, Chrome, Edge, Outlook, et cetera use, which is centrally managed in Windows. (Firefox uses a different root trust list, which is managed only by Firefox.)

In your opinion ...

Opinion questions are off-topic on StackOverflow.

it still necessary (or useful) to add additionally my own checks to these checks, which the .NET Framework hasn't made yet?

That depends.

If you are contacting one of your own servers, and you know something to expect about the certificate chain, you could add an extra check. For example, you could know that your server uses Let's Encrypt, and you embed in your application both "Let’s Encrypt Authority X3" certificates from https://letsencrypt.org/certificates/ then you could pin the intermediate... you just need to be sure to react when they move to a new intermediate.

private bool ValidateRemoteCertificate(
    object sender,
    X509Certificate cert,
    X509Chain chain,
    SslPolicyErrors policyErrors)
{
    if (policyErrors != SslPolicyErrors.None)
    {
        return false;
    }

    if (chain.ChainElements.Count != 3)
    {
        return false;
    }

    byte[] foundCert = chain.ChainElements[1].Certificate.RawData;

    return s_letsEncryptX3Direct.SequenceEqual(foundCert) ||
        s_letsEncryptX3Cross.SequenceEqual(foundCert);
}

If you're not going to perform additional checks (or do custom logging, et cetera) then it's better to not even register the callback, because the implementation is a bit nicer with memory and CPU when there's no callback registered.



Answered By - bartonjs
Answer Checked By - Terry (PHPFixing Volunteer)

Thursday, July 14, 2022

[FIXED] How can I convert a parsed json file from json then back to json?

      , , , ,      No comments   

Issue

I am generating a parsed JSON file using powershell ConvertTo-Json. Everything is fine until here, because now I want to convert it from json, use the values and then convert it back to json with the values like they were before. But when I convert the file back to json, it only shows null for the values... Is there any way to solve this?

Here is my code for creating the parsed file:

$secFile = "C:\some\folder\creds.json"
$in = Get-Content $secFile | ConvertFrom-Json
[ordered]@{
        pcname='ENTER HERE';
        share='\\$in.pcname\C$';
        filename='ENTER HERE';
        destfilepath='Scripts\Cert';
        destfile='$in.share\$in.destfilepath\$in.filename';
        RDdestfile='C:\$in.destfilepath\';
        Username="ENTER HERE";
        Password="ENTER HERE";
        EncryptedPassword=""
    } | ConvertTo-Json | Foreach {[System.Text.RegularExpressions.Regex]::Unescape($_)} | Out-File "$secFile"

Here is the code for converting the file back to json:

[ordered]@{
            pcname=$in.pcname;
            share=$in.share;
            filename=$in.filename;
            destfilepath=$in.destfilepath;
            destfile=$in.destfile;
            RDdestfile=$in.RDdestfile;
            Username=$in.Username;
            Password="";
            EncryptedPassword="$secString"
        } | ConvertTo-Json | Out-File "$secFile"

and here is the file after converting it back to json:

{
    "pcname":  null,
    "share":  null,
    "filename":  null,
    "destfilepath":  null,
    "destfile":  null,
    "RDdestfile":  null,
    "Username":  null,
    "Password":  "",
    "EncryptedPassword":  "01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f6d3ce161a681428efe68b51827a6640000000002000000000003660000c0000000100000002a6a1ff60cb280662a9578cb47926a4d0000000004800000a000000010000000a65a1cd7137935dbfcd22bcdc685f52a20000000b87554b4f6f6dbe655cd525a894e1c7d1180b4db121385e57b218fa772ad1d441400000048453bb6e137ed437de3e4ecbd855429ddfc1fba"
}

This worked before I parsed the file. So that can't be the error, right?

I'm neither a powershell or json pro, so I really am hoping for good help

Greetings

Martin


Solution

If I take your example and export and reimport, I get an error.

[pscustomobject]@{

    pcname='ENTER HERE';
    share='\\ENTER HERE\C$';
    filename='ENTER HERE';
    destfilepath='some\folder';
    #destfile='$in.share\$in.destfilepath\$in.filename';
    RDdestfile='C:\$in.destfilepath\';
    Username="ENTER HERE";
    Password="ENTER HERE";
    EncryptedPassword=""

} | Convertto-Json -OutVariable results |
    Foreach {[System.Text.RegularExpressions.Regex]::Unescape($_)} |
        Out-File $secFile

Get-Content $secFile | Convertfrom-json

Error

At line:14 char:28
+     Get-Content $secFile | Convertfrom-json
+                            ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

However if I simply remove the regex unescaping, it works fine.

[pscustomobject]@{

    pcname='ENTER HERE';
    share='\\ENTER HERE\C$';
    filename='ENTER HERE';
    destfilepath='some\folder';
    #destfile='$in.share\$in.destfilepath\$in.filename';
    RDdestfile='C:\$in.destfilepath\';
    Username="ENTER HERE";
    Password="ENTER HERE";
    EncryptedPassword=""

} | Convertto-Json -OutVariable results| Out-File $secFile

Get-Content $secFile | Convertfrom-json

Output

pcname            : ENTER HERE
share             : \\ENTER HERE\C$
filename          : ENTER HERE
destfilepath      : some\folder
RDdestfile        : C:\$in.destfilepath\
Username          : ENTER HERE
Password          : ENTER HERE
EncryptedPassword :

Is that required?



Answered By - Doug Maurer
Answer Checked By - Candace Johnson (PHPFixing Volunteer)

Friday, June 24, 2022

[FIXED] How to force Apache 2.2 to send the full certificate chain?

      , , , ,      No comments   

Issue

We are using Apache 2.2.25 with mod_ssl in the reverse proxy mode using mod_proxy. It has a server certificate we use for testing purposes, issued by GoDaddy. There are 3 certificates in the chain, server cert -> GoDaddy intermediate CA -> GoDaddy Root CA. The intermediate CA (Go Daddy Secure Certificate Authority - G2) is not always found in clients' list of trusted CA.

The SSL connection to the server works well for browsers (at least for some), but not for some other clients. We noticed that our server does not send the full certificate chain, by using the following command: openssl s_client -showcerts -connect SERVER_URL:443, and indeed the command reports the error Verify return code: 21 (unable to verify the first certificate)

We use the SSLCertificateFile directive in each VirtualHost:

SSLCertificateFile certificate.crt

Where the certificate.crt file contains the private key and all the certificates in the chain. We tried to split it into the following:

SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
SSLCertificateChainFile chain.crt

But this didn't change anything.

Thanks for your help!

EDIT
The plot thickens - it seems to be some combination of the certificate and the server.
(testing is done with the SSL Shopper tool)

  1. Go Daddy certificate (as above) on Apache 2.2 (RHEL) - does not work
  2. same certificate, on IIS7 - works
  3. customer's certificate (from Comodo) on Apache 2.2 RHEL - works

Solution

You are on the right track.

SSLCertificateFile server.crt      >> Your public certificate
SSLCertificateKeyFile server.key   >> Your private key
SSLCertificateChainFile chain.crt  >> List of intermediate certificates;
                                 in your case, only one - GoDaddy intermediate CA

Check your server configuration with a tool like SSL Labs to determine if you are sending the correct intermediate certificate.



Answered By - Anand Bhat
Answer Checked By - Terry (PHPFixing Volunteer)

Thursday, May 19, 2022

[FIXED] How to invoke a Web Service which requires a certificate in C#?

      , , ,      No comments   

Issue

I need to communicate with a third party which has a .asmx web service. This web service is using https. I have the required certificate (.pfx).

When first trying to add this service using Add Service Reference in Visual Studio, I got an error. I got passed this error by importing the certificate into the Personal store. After I did that, I tried to add the Service Reference again and it works. So now I can create an instance of the web service. Nice.

But now I want to invoke the service. And when I do that I get this error:

302 Notification: Digital Certificate Missing

So how can I tell my service to use the right certificate?


Solution

I finally managed to fix my problem as follows:

var service = new Service1SoapClient();
service.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.TrustedPublisher, X509FindType.FindByIssuerName, "name_of_issuer");
((BasicHttpBinding)service.Endpoint.Binding).Security.Mode = BasicHttpSecurityMode.Transport;
((BasicHttpBinding)service.Endpoint.Binding).Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

Please use Certificate.pfx and install it with password.



Answered By - Martijn
Answer Checked By - David Goodson (PHPFixing Volunteer)

Friday, December 31, 2021

[FIXED] curl error 60 while downloading https://repo.packagist.org Certificate issue on Ubuntu?

      , , ,      No comments   

Issue

I've installed composer globally (and locally - just for testing) according to https://getcomposer.org/download/

Then, I'm trying composer create-project laravel/laravel and I receive an error:

composer create-project laravel/laravel Creating a "laravel/laravel" project at "./laravel"

[Composer\Downloader\TransportException]
curl error 60 while downloading https://repo.packagist.org/packages.json: SSL: no alternative certificate subject name matches target host name 'repo.packagist.org'

So I've tried this one including the answer: https://stackoverflow.com/a/59339136/2110476

curl.cainfo = "/etc/ssl/certs/cacert.pem"
openssl.cafile = "/etc/ssl/certs/cacert.pem"
openssl.capath = "/etc/ssl/certs/cacert.pem"

into the 7.4 CLI php.ini: php --ini

Configuration File (php.ini) Path: /etc/php/7.4/cli
Loaded Configuration File: /etc/php/7.4/cli/php.ini
Scan for additional .ini files in: /etc/php/7.4/cli/conf.d
Additional .ini files parsed: /etc/php/7.4/cli/conf.d/10-mysqlnd.ini,
...

which seems to be fine? php -i | grep -i openssl

SSL Version => OpenSSL/1.1.1f libSSH Version => libssh/0.9.3/openssl/zlib openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1f 31 Mar 2020 OpenSSL Header Version => OpenSSL 1.1.1f 31 Mar 2020 Openssl default config => /usr/lib/ssl/openssl.cnf openssl.cafile => /home/hpn/Software/cacert.pem => /home/hpn/Software/cacert.pem
openssl.capath => /home/hpn/Software/cacert.pem => /home/hpn/Software/cacert.pem
Native OpenSSL support => enabled

I've even gone so far and tried Composer Require 'package' throws OpenSSL error

composer config disable-tls true
composer config secure-http false

But the error still remains.

Then I've found this one: http://manpages.ubuntu.com/manpages/bionic/man8/update-ca-certificates.8.html and did: sudo update-ca-certificates - still with the same error.


Solution

I've had a static IP set in my /etc/hosts file. After I've commented that one out, things worked as expected.

Sorry for the confusion - maybe it'll still help someone in the future.



Answered By - Chris

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...