Search Results

Search found 1414 results on 57 pages for 'signed'.

Page 18/57 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Trouble on setting SSL certificates for Virtual Hosts using Apache\Phusion Passenger in localhost

    - by user502052
    I am using Ruby on Rails 3 and I would like to make to work HTTPS connections on localhost. I am using: Apache v2 + Phusion Passenger Mac OS + Snow Leopard v10.6.6 My Ruby on Rails installation use the Typhoeus gem (it is possible to use the Ruby net\http library but the result doesn't change) to make HTTP requests over HTTPS. I created self-signed ca.key, pjtname.crt and pjtname.key as detailed on the Apple website. Notice: Following instruction from the Apple website, on running the openssl req -new -key server.key -out server.csr command (see the link) at this point Common Name (eg, YOUR name) []: (this is the important one) I entered *pjtname.com so that is valid for all sub_domain of that site. In my Apache httpd.conf I have two virtual hosts configured in this way: # Secure (SSL/TLS) connections #Include /private/etc/apache2/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> Include /private/etc/apache2/other/*.conf # Passenger configuration LoadModule passenger_module /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2/ext/apache2/mod_passenger.so PassengerRoot /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2 PassengerRuby /Users/<my_user_name>/.rvm/wrappers/ruby-1.9.2-p136/ruby # Go ahead and accept connections for these vhosts # from non-SNI clients SSLStrictSNIVHostCheck off # Ensure that Apache listens on port 443 Listen 443 # Listen for virtual host requests on all IP addresses NameVirtualHost *:80 NameVirtualHost *:443 # # PJTNAME.COM and subdomains SETTING # <VirtualHost *:443> # Because this virtual host is defined first, it will # be used as the default if the hostname is not received # in the SSL handshake, e.g. if the browser doesn't support # SNI. ServerName pjtname.com:443 DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public" ServerAdmin [email protected] ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on # Self Signed certificates # Server Certificate SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt # Server Private Key SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key # Server Intermediate Bundle SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt </VirtualHost> # HTTP Setting <VirtualHost *:80> ServerName pjtname.com DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"> Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost *:443> ServerName users.pjtname.com:443 DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public" ServerAdmin [email protected] ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on # Self Signed certificates # Server Certificate SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt # Server Private Key SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key # Server Intermediate Bundle SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt </VirtualHost> # HTTP Setting <VirtualHost *:80> ServerName users.pjtname.com DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"> Order allow,deny Allow from all </Directory> </VirtualHost> In the host file I have: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost # PJTNAME.COM SETTING 127.0.0.1 pjtname.com 127.0.0.1 users.pjtname.com All seems to work properly because I have already set everything (I think correctly): I generated a wildcard certificate for my domains and sub-domains (in this example: *.pjtname.com) I have set base-named virtualhosts in the http.conf file listening on port :433 and :80 My browser accept certificates also if it alerts me that those aren't safe (notice: I must accept certificates for each domain\sub-domain; that is, [only] at the first time I access a domain or sub-domain over HTTPS I must do the same procedure for acceptance) and I can have access to pages using HTTPS After all this work, when I make a request using Typhoeus (I can use also the Ruby Net::Http library and the result doesn't change) from the pjtname.com RoR application: # Typhoeus request Typhoeus::Request.get("https://users.pjtname.com/") I get something like a warning about the certificate: --- &id001 !ruby/object:Typhoeus::Response app_connect_time: 0.0 body: "" code: 0 connect_time: 0.000625 # Here is the warning curl_error_message: Peer certificate cannot be authenticated with known CA certificates curl_return_code: 60 effective_url: https://users.pjtname.com/ headers: "" http_version: mock: false name_lookup_time: 0.000513 pretransfer_time: 0.0 request: !ruby/object:Typhoeus::Request after_complete: auth_method: body: ... All this means that something is wrong. So, what I have to do to avoid the "Peer certificate cannot be authenticated with known CA certificates" warning and make the HTTPS request to work? Where is\are the error\errors (I think in the Apache configuration, but where?!)? P.S.: if you need some more info, let me know.

    Read the article

  • A new method of supporting FOSS?

    - by James
    I have been kicking an idea around for sometime and wondered if something of it's nature hadn't already been invented. The premise is a website that integrates code management, project/team management, and micro-transactions. Donations, in and of themselves, are a sporadic, and unreliable method of supporting developers. Furthermore most free software that accepts donations is started by programmers ,be it to learn, because of a hobby, or because they saw a niche that needed to be filled. There is no method in place of of saying "hay, the FOSS community needs this kind of software, will someone develop it, and accept donations!?" Programmers should be programming, not busy begging for money. Basically the idea is people can go to the site in question, and start a project or make a request. Anyone signed up with the site can start a request. Each member account is free to support or "upvote" a project request. Requests and the associated number of votes let programmers in the community know the needs of the community. When a project is started a request for developers can be put forth. Developers have a ranking based on commits to other projects. The project founder can send invites to known Developers, or accept invites from members based on developer ranking. Once the project has at least one team-member, an objectives sheet or "draft" can be put out, listing design, goals, and features. The founding member and each team-member may contribute to this sheet. Each "milestone", or "Feature" is represented by an article. An article is any unit of a draft that can be voted on by The Project Founder, Team-members, and contributors...which brings me to the next half of this idea. --Microtransactions-- People signed up with this hypothetical website can purchase credits which then can be transfered to projects they would like to support. Anyone who transfers credits to a project is known as a contributor to that project. At anytime a Founder, or the lead team-member may submit an article, or a design (multiple articles) for consideration. All team-members, as well as the Founder, can vote once for each article freely. Contributors may vote yes or no on a number of articles (independent of any given meeting where a particular design or article is considered) equal to the number of credits they have placed into a contributors fund for that particular project. A contributors fund is a proxy between a sites credit account, and a projects credit account. It is sort of like a promise to contribute, instead of an actual contribution. Contributers may place constraints on particular articles such that if those constraints (a yes or no vote) are satisfied then a manually specified amount of credits is automatically transfered to the project account. This allows a project to develop based on the needs of those who may (in the future) financially rely on the project. --- Code commits & milestones --- When a team-member makes a commit, they may specify if it's a minor commit, a bug fix, a compatibility patch (i.e. for a new platform), or a milestone (an article voted on previously). People signed up with the website, may download the updated project and test it to see if the programmer's assertion is true about the commit. A report may then be filed on a small form, giving a one or two paragraphs, and a positive or negative confirmation of the programmer's goal for that particular commit. After all milestones for a particular draft are complete, a new draft is submitted for voting. Also funds may withdrawn by each team-member based on the proportion of commits and milestones confirmed (fulfilled the stated purpose) for each programmer. --- voting --- Members, contributor, and non-contributor, may make priority requests for particular articles of a draft. The project founder may or may not opt to fill those requests based on the volume of upvotes. A fulfilled priority request means that any team-member that makes a community-confirmed commit for an article is, when all articles for the draft are fulfilled, granted a portion of project credits in proportion to the average priority of all the articles he committed. ---- Notes --- While this is horribly prone to design-by-committee the one saving grace is that the lead team-member may place constraints on a draft such that some, or ALL articles must be voted yes. Commits may not begin until a draft satisfying said constraints is approved. What does SO think, is this idea feasible? Does anyone see major problems with this? Is there any insights, or improvements that could be made?

    Read the article

  • “Being Agile” Means No Documentation, Right?

    - by jesschadwick
    Ask most software professionals what Agile is and they’ll probably start talking about flexibility and delivering what the customer wants.  Some may even mention the word “iterations”.  But inevitably, they’ll say at some point that it means less or even no documentation.  After all, doesn’t creating, updating, and circulating painstakingly comprehensive documentation that everyone and their mother have officially signed off on go against the very core of Agile?  Of course it does!  But really, they’re missing the point! Read The Agile Manifesto. (No, seriously - read it now. It’s short. I’ll wait.)  It’s essentially a list of values.  More specifically, it’s a right-side/left-side weighted list of values:  “Value this over that”. Many people seem to get the impression that this is really a “good vs. bad” list and that those values on the right side are evil and should essentially be tossed on the floor.  This leads to the conclusion that in order to be Agile we must throw away our fancy expensive tools, document as little as possible, and scoff at the idea of a project plan.  This conclusion is quite convenient because it essentially means “less work, more productivity!” (particularly in regards to the documentation and project planning).  I couldn’t disagree with this conclusion more. My interpretation of the Manifesto targets “over” as the operative word.  It’s not just a list of right vs. wrong or good vs. bad.  It’s a list of priorities.  In other words, none of the concepts on the list should be removed from your development lifecycle – they are all important… just not equally important.  This is not a unique interpretation, in fact it says so right at the end of the manifesto! So, the next time your team sits down to tackle that big new project, don’t make the first order of business to outlaw all meetings, documentation, and project plans.  Instead, collaborate with both your team and the business members involved (you do have business members sitting in the room, directly involved in the project planning, right?) and determine the bare minimum that will allow all of you to work and communicate in the best way possible.  This often means that you can pick and choose which parts of the Agile methodologies and process work for your particular project and end up with an amalgamation of Waterfall, Agile, XP, SCRUM and whatever other methodologies the members of your team have been exposed to (my favorite is “SCRUMerfall”). The biggest implication of this is that there is no one way to implement Agile.  There is no checklist with which you can tick off boxes and confidently conclude that, “Yep, we’re Agile™!”  In fact, depending on your business and the members of your team, moving to Agile full-bore may actually be ill-advised.  Such a drastic change just ends up taking everyone out of their comfort zone which they inevitably fall back into by the end of the project.  This often results in frustration to the point that Agile is abandoned altogether because “we just need to ship something!”  Needless to say, this is far more devastating to a project. Instead, I offer this approach: keep it simple and take it slow.  If your business members or customers are only involved at the beginning phases and nowhere to be seen until the project is delivered, invite them to your daily meetings; encourage them to keep up to speed on what’s going on on a daily basis and provide feedback.  If your current process is heavy on the documentation, try to reduce it as opposed to eliminating it outright.  If you need a “TPS Change Request” signed in triplicate with a 5-day “cooling off period” before a change is implemented, try a simple bug tracking system!  Tighten the feedback loop! Finally, at the end of every “iteration” (whatever that means to you, as long as it’s relatively frequent), take as much time as you can spare (even if it’s an hour or so) and perform some kind of retrospective.  Learn from your mistakes.  Figure out what’s working for you and what’s not, then fix it.  Before you know it you’ve got a handful of iterations and/or projects under your belt and you sit down with your team to realize that, “Hey, this is working - we’re pretty Agile!”  After all, Agile is a Zen journey.  It’s a destination that you aim for, not force, and even if you never reach true “enlightenment” that doesn’t mean your team can’t be exponentially better off from merely taking the journey.

    Read the article

  • The perfect DotNetNuke Christmas present

    - by Chris Hammond
    Are you racking your brain trying to come up with that DotNetNuke person in your life? If so, I’ve got just the solution! You can buy them my book! DotNetNuke 5 User’s Guide: Get your website up and running ! It’s the perfect item for the DotNetNuke love of your life. If you buy a copy and want it signed, I’ll even offer to sign it if you mail it to me. Please be sure to include postage both ways. You probably won’t be able to get it to me and back in time for Christmas but the signing can happen...(read more)

    Read the article

  • Signing redistributed files

    - by Garan
    In order to submit a desktop application for the Windows 8 app store, you need to digitally sign any driver or .exe associated with the application. However, the application I was trying to submit contains several files that are redistributions of other companies' software, and some of these are not signed. My application was rejected on these grounds. Is it legal (or ethical) to sign other companies' work so that we can submit our application? I think it might be considered some form of false representation but I'm not sure.

    Read the article

  • How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet

    - by mv
    How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet In this blog I will write about how to extract a cert and key from NSS Db and import it to a JKS Keystore and then import that JKS Keystore into Oracle Wallet. 1. Set Java Home I pointed it to JRE 1.6.0_22 $ export JAVA_HOME=/usr/java/jre1.6.0_22/ 2. Create a self signed ECC cert in NSS DB I created NSS DB with self signed ECC certificate. If you already have NSS Db with ECC cert (and key) skip this step. $export NSS_DIR=/export/home/nss/ $$NSS_DIR/certutil -N -d . $$NSS_DIR/certutil -S -x -s "CN=test,C=US" -t "C,C,C" -n ecc-cert -k ec -q nistp192 -d . 3. Export ECC cert and key using pk12util Use NSS tool pk12util to export this cert and key into a p12 file      $$NSS_DIR/pk12util -o ecc-cert.p12 -n ecc-cert -d . -W password 4. Use keytool to create JKS keystore and import this p12 file 4.1 Import p12 file created above into a JKS keystore $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v But if an error as shown is encountered, keytool error: java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available        at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source)         at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)         at java.security.KeyStore.getEntry(Unknown Source)         at sun.security.tools.KeyTool.recoverEntry(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStoreSingle(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStore(Unknown Source)         at sun.security.tools.KeyTool.doCommands(Unknown Source)         at sun.security.tools.KeyTool.run(Unknown Source)         at sun.security.tools.KeyTool.main(Unknown Source) Caused by: java.security.NoSuchAlgorithmException: EC KeyFactory not available         at java.security.KeyFactory.<init>(Unknown Source)         at java.security.KeyFactory.getInstance(Unknown Source)         ... 9 more 4.2 Create a new PKCS11 provider If you didn't get an error as shown above skip this step. Since we already have NSS libraries built with ECC, we can create a new PKCS11 provider Create ${java.home}/jre/lib/security/nss.cfg as follows: name = NSS     nssLibraryDirectory = ${nsslibdir}    nssDbMode = noDb    attributes = compatibility where nsslibdir should contain NSS libs with ECC support. Add the following line to ${java.home}/jre/lib/security/java.security :      security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg Note that those who are using Oracle iPlanet Web Server or Oracle Traffic Director, NSS libs built with ECC are in <ws_install_dir>/lib or <otd_install_dir>/lib. 4.3. Now keytool should work Now you can try the same keytool command and see that it succeeds : $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v [Storing ecc.jks] 5. Convert JKS keystore into an Oracle Wallet You can export this cert and key from JKS keystore and import it into an Oracle Wallet if you need using orapki tool as shown below. Make sure that orapki you use supports ECC. Also for ECC you MUST use "-jsafe" option. $ orapki wallet create -pwd password  -wallet .  -jsafe $ orapki wallet jks_to_pkcs12 -wallet . -pwd password -keystore ecc.jks -jkspwd password -jsafe AS $orapki wallet display -wallet . -pwd welcome1  -jsafeOracle PKI Tool : Version 11.1.2.0.0Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.Requested Certificates:User Certificates:Subject:        CN=test,C=USTrusted Certificates:Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=USSubject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=test,C=US As you can see our ECC cert in the wallet. You can follow the same steps for RSA certs as well. 6. References http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356 http://old.nabble.com/-PATCH-FOR-REVIEW-%3A-Support-PKCS11-cryptography-via-NSS-p25282932.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

    Read the article

  • Maps for Business: Generating Valid Signatures

    Maps for Business: Generating Valid Signatures This video shows developers how to generate signed requests to Google Maps for Business Web Services such as the Geocoding API. It also points Maps for Business developers to pertinent documentation like developers.google.com and shows an example of the Maps for Business Welcome Letter. To get a response from the Maps for Business API Web Services, developers need to know: how to find their Maps For Business client ID; how to include that client ID in requests; how to retrieve their Maps for Business digital signing key from the Maps for Business welcome materials; and how to use the key to generate a signature. The video will walk developers through the signature generation steps using Python, and provides pointers to examples in other languages. From: GoogleDevelopers Views: 7 0 ratings Time: 10:42 More in Science & Technology

    Read the article

  • Details of 5GB and 50GB SQL Azure databases have now been released, along with new price points

    - by Eric Nelson
    Like many others signed up to the Windows Azure Platform, I received an email overnight detailing the upcoming database size changes for SQL Azure. I know from our work with early adopters over the last 12 months that the 1GB and 10GB limits were sometimes seen as blockers, especially when migrating existing application to SQL Azure. On June 28th 2010, we will be increasing the size limits: SQL Azure Web Edition database from 1 GB to 5 GB SQL Azure Business Edition database will go from 10 GB to 50 GB Along with these changes comes new price points, including the option to increase in increments of 10GB: Web Edition: Up to 1 GB relational database = $9.99 / month Up to 5 GB relational database = $49.95 / month Business Edition: Up to 10 GB relational database = $99.99 / month Up to 20 GB relational database = $199.98 / month Up to 30 GB relational database = $299.97 / month Up to 40 GB relational database = $399.96 / month Up to 50 GB relational database = $499.95 / month Check out the full SQL Azure pricing. Related Links: http://ukazure.ning.com UK community site Getting started with the Windows Azure Platform

    Read the article

  • How do I make my purchased music be synchronized on Rhythmbox and in ~./ubuntuone/Purchased from Ubuntu One?

    - by dln9
    I am signed up for the Ubuntu One service, and have my computer added. Under System ? Preferences ? Ubuntu One, I have enabled all synchronizations, including for music. System ? Prefereneces ? Ubuntu One, it shows this message: "Synchronization Complete". But, when (via Rhythmbox) I purchase a song, no synchronization occurs. I can see the purchased song on the Ubuntu One web page, but the "Purchased Music" folder in Rhythmbox is empty, and the folder ~/.ubuntuone/Purchased from Ubuntu One is also empty. (So, the only way I can get at the song is to manually download it from the Ubuntu One web site to my computer.) I thought that these synchronizations should just happen automatically, but it appears that is not the case for me, and I can't figure out why. Thanks in advance for any help.

    Read the article

  • Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error on localhost

    - by Ne0
    Background: I set up a cloud server and have have a website running SSL, it was all pretty strait forward following these instructions and following the instructions given by the SSL certificate issuer. I then went to set up development site on my local machine the same way but using self signed certs using these instructions. I have checked that port 443 is open and this post suggests it is a bad configuration on the server. I have gone through the set up process twice, yet I have been unable to find out what I have done wrong or missed. Does anyone else know what I may have have missed to get this error? Note: As the links suggest this is on 12.04.

    Read the article

  • iPack -The iOS Application Packager

    - by user13277780
    iOS applications are distributed in .ipa archive files. These files are regular zip files which contain application resources and executable-s. To protect them from unauthorized modifications and to provide identification of their sources, the content of the archives is signed. The signature is included in the application executable of an.ipa archive and protects the executable file itself and the associated resource files. Apple provides native Mac OS tools for signing iOS executable-s (which are actually generic Mach-O code signing tools), but these tools are not generally available on other platforms. To provide a multi-platform development environment for JavaFX based iOS applications, we ported iOS signing and packaging to Java and created a dedicated ipack tool for it. The iPack tool can be used as a last step of creating .ipa package on various operating systems. Prototype has been tested by creating a final distributable for JavaFX application that runs on iPad, all done on Windows 7. Source Code The source code of iPac tool is in OpenJFX project repository. You can find it in: <openjfx root>/rt/tools/ios/Maven/ipack To build the iPack tool use: rt/tools/ios/Maven/ipack$ mvn package After building, you can run the tool: java -jar <path to ipack.jar> <arguments>  Signing keystore The tool uses a java key store to read the signing certificate and the associated private key. To prepare such keystore users can use keytool from JDK. One possible scenario is to import an existing private key and the certificate from a key store used on Mac OS: To list the content of an existing key store and identify the source alias: keytool -list -keystore <src keystore>.p12 -storetype pkcs12 -storepass <src keystore password> To create Java key store and import the private key with its certificate to the keys store: keytool -importkeystore \ -destkeystore <dst keystore> -deststorepass <dst keystore password> \ -srckeystore <src keystore>.p12 -srcstorepass <src keystore password> -srcstoretype pkcs12 \ -srcalias <src alias> -destalias <dst alias> -destkeypass <dst key password> Another scenario would be to generate a private / public key pair directly in a Java key store and create a certificate request from it. After sending the request to Apple one can then import the certificate response back to the Java key store and complete the signing certificate entry. In both scenarios the resulting alias in the Java key store will contain only a single (leaf) certificate. This can be verified with the following command: keytool -list -v -keystore <ipack keystore> -storepass <keystore password> When looking at the Certificate chain length entry, the number next to it is 1. When an executable file is signed on Mac OS, the resulting signature (in CMS format) includes the whole certificate chain up to the Apple Root CA. The ipack tool includes only the chain which is stored under the alias specified on the command line. So to have the whole chain in the signature we need to replace the single certificate entry under the alias with the corresponding full certificate chain. To do that we need first to create the chain in a separate file. It is easy to create such chain when working with certificates in Base-64 encoded PEM format. A certificate chain can be created by concatenating PEM certificates, which should form the chain, into a single file. For iOS signing we need the following certificates in our chain: Apple Root CA Apple Worldwide Developer Relations CA Our signing leaf certificate To convert a certificate from the binary DER format (.der, .cer) to PEM format: keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert -file <certificate>.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert -rfc -file <certificate>.pem To export the signing certificate into PEM format: keytool -exportcert -keystore <ipack keystore> -storepass <keystore password> -alias <signing alias> -rfc -file SigningCert.pem After constructing a chain from AppleIncRootCertificate.pem, AppleWWDRCA.pem andSigningCert.pem, it can be imported back into the keystore with: keytool -importcert -noprompt -keystore <ipack keystore> -storepass <keystore password> -alias <signing alias> -keypass <key password> -file SigningCertChain.pem To summarize, the following example shows the full certificate chain replacement process: keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert1 -file AppleIncRootCertificate.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert1 -rfc -file AppleIncRootCertificate.pem keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert2 -file AppleWWDRCA.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert2 -rfc -file AppleWWDRCA.pem keytool -exportcert -keystore ipack.ks -storepass keystorepwd -alias mycert -rfc -file SigningCert.pem cat SigningCert.pem AppleWWDRCA.pem AppleIncRootCertificate.pem >SigningCertChain.pem keytool -importcert -noprompt -keystore ipack.ks -storepass keystorepwd -alias mycert -keypass keypwd -file SigningCertChain.pem keytool -list -v -keystore ipack.ks -storepass keystorepwd Usage When the ipack tool is started with no arguments it prints the following usage information: -appname MyApplication -appid com.myorg.MyApplication     Usage: ipack <archive> <signing opts> <application opts> [ <application opts> ... ] Signing options: -keystore <keystore> keystore to use for signing -storepass <password> keystore password -alias <alias> alias for the signing certificate chain and the associated private key -keypass <password> password for the private key Application options: -basedir <directory> base directory from which to derive relative paths -appdir <directory> directory with the application executable and resources -appname <file> name of the application executable -appid <id> application identifier Example: ipack MyApplication.ipa -keystore ipack.ks -storepass keystorepwd -alias mycert -keypass keypwd -basedir mysources/MyApplication/dist -appdir Payload/MyApplication.app -appname MyApplication -appid com.myorg.MyApplication    

    Read the article

  • Wordpress html email plugin that doesn't merge with your users?

    - by christian
    I just launched a wordpress site as a redesign of my strictly html site and added my blogger blog to Wordpress to keep it all in one place. I am trying to send an html email from my Wordpress site to all of my blogger subscribers encouraging them to subscribe to my new blog and join my newly created membership program, but every html email plugin (that I have found) imports your your users with you Wordpress users before you can send them an email. Is there a plugin that allows me to send an html email to a list of email address without adding them as users? otherwise I will have to go through and delete all of my users (after importing the list and sending the email) and try to pick out my legitimate users who have already signed up all the while watching for new ones to make sure I don't delete them.

    Read the article

  • Dummy Guide to NetBeans Android Development

    - by Geertjan
    Start by setting up the Android SDK (fantastic Ubuntu instructions here), then install NBAndroid. Now you can create a new Android project: Having set up the Android SDK, you're able to select your Android platform in the IDE: The project structure created by the above templates is nice and easy to understand: Build the project and you have your APK file and everything else generated in the Files window: Nice features are included, such as code completion in Android XML files: Several other features are included, as described here, such as "Export Signed Android Package", as well as deployment to the Android emulator. Now that I have everything set up (took literally about 10 minutes from start to finish), I'm going to be experimenting a bit with Android development via NetBeans IDE.

    Read the article

  • Installing drivers using DPInst

    - by Sreejith S
    You can use DPInst (Driver Package Installer) to install driver files for your device on Windows Operating Systems. DPInst.exe is part of DIFx (Driver Install Framework tools) which comes along with the Windows Driver Kit (WDK). You can find DPInst redistributable inside the redist\DIFx\DPInst folder of the WDK. Using DPInst to install driver: 1)  http://msdn.microsoft.com/en-us/library/ff553601(VS.85).aspx  2) http://blogs.technet.com/svengruenitz/archive/2008/07/02/driver-installation-and-updating-made-easy-dpinst-exe.aspx How to ? 1. Copy dpinst.exe to the folder where the driver files (sys, inf, dll) reside. 2. Optionally create a dpinst.xml file which is used to configure dpinst (http://msdn.microsoft.com/en-us/library/ff550803(VS.85).aspx) If your drivers are not signed you must use the <legacyMode/> tag in dpinst.xml. 3. Run dpinst.exe to install drivers using a 'device driver update' wizard.

    Read the article

  • Computer Boot/Installation Failure

    - by Marcus
    I recently tried to insatll Kubuntu and it failed. It completely removed everything off of my HDD and there is no operating system. Everytime I try to install a Distro it fails during instillation. I got Ubuntu 13.04 to work but it required a reboot and after that it did not work. I tried to re-install Ubuntu but it failed. I have tried Ubuntu, Kubuntu, and Xubuntu and they all failed. With Kubuntu and Xubuntu I get an error saying, "The 'grub-efi-amd64-signed' package failed to install into /target/. Without the GRUB boot loader, the installed system will not boot". When I select try (distro) it loads up but the installation won't finish. I do not want to have to try the distro everytime I want to get on it. Any help?

    Read the article

  • How should programmers handle email-username identity theft?

    - by Craige
    Background I recently signed up for an iTunes account, and found that somebody had fraudulently used MY email to register their iTunes account. Why Apple did not validate the email address, I will never know. Now I am told that I cannot use my email address to register a new iTunes account, as this email address is linked to an existing account. This got be thinking... Question How should we as developers handle email/identity theft? Obviously, we should verify that an email address belongs to the person it is said to belong to. Why Apple did not do this in my case, I have no idea. But lets pretend we use email address for login/account identification, and something slipped though the cracks (be it our end, or the users). How should we handle reports of fraudulent accounts?

    Read the article

  • How to avoid Hotmail/Live rejections for (legit) large volume eMailing?

    - by vmarquez
    While qualifying eMail for Spam, Hotmail/Live checks the historical records of numbers of eMails sent by a sender (FROM, eMail Server, IP, etc.). Some times, perfectly valid bulk eMails that are not Spam, (i.e. double opt-in list, from a server with proper SPF Record, signed with DKIM, unregister links and contact info, etc.) are rejected and not delivered to destinataries. Not even to their Junk folder. I guess we can avoid this situation by progressivelly "training" Hotmail/Live about the reputation of our sender and sending small quantyties of eMails innitially and increasing the quantity for some amount/percentaje during each delivery. Are there guidelines or do you have any experience on these quantities, strategy, solutions? Thank you in advance. EDIT: This question with a bounty is still unanswered. 8 hours to be automatically awarded! Do you have the answer?

    Read the article

  • The SQL Beat Podcast-Capturing a SQL Rockstar

    - by SQLBeat
      This is the first permissible (waiting for signed disclaimers) episode of the SQL Beat Podcast featuring the gracious and famous Thomas La Rock. We talk about gay marriage, abortion, SQL community and a 9 inch pipe with a hole in it at the tip. No really. If there ever was a gentleman, SQL Rockstar is one and I want to thank him from the bottom of my digital recorder for agreeing to talk to me and my audience. All forty of them will appreciate the candor. Enjoy World. I did. Oh and a special rock start drum intro from me to you. CLICK HERE TO PLAY >>

    Read the article

  • Does anyone else not enjoy this 'Required 15 Reputation' to vote situation? [migrated]

    - by Oliver Hyde
    I know, it's most likely the reason stackexchange has become so popular, by forcing people to actually contribute. But as a full-time lurker, and long time user (only recently signed up), it kind of bums me out that I don't get to give credit where credit is due. I don't generally asks questions because I always find a related question before I get myself into the situation where I need to ask and I don't like to answer questions myself as I don't consider myself experienced enough to be contributing effectively. Hopefully the first response to this post is a quick solution to getting 15 reputation points that I haven't seen, and I can just quickly delete this useless question, or maybe a concise paragraph explaining why my question is redundant and that I should go back to my lurky shadows of which I came from. All I want to do, is give credit to helpful comments/questions.

    Read the article

  • How should programmers handle identity theft?

    - by Craige
    I recently signed up for an iTunes account, and found that somebody had fraudulently used MY email to register their iTunes account. Why Apple did not validate the email address, I will never know. Now I am told that I cannot use my email address to register a new iTunes account, as this email address is linked to an existing account. This got me thinking, as developers, database administrators, technical analysts, and everything in between, how should we handle reports of a fraud account? Experience teaches us never to re-assign identifying credentials. This can break things and/or cause mass confusion, especially in the realm of the web. That is, if we are are needing to reassign an identifying user credential we can very likely break a users bookmark by making a page render data that previously did not exist at that location. So if we have been taught not to re-assign details like these, how should we handle such a case where an account is discovered to be a fraud and the owner of the identity (e-mail or user name) wishes to claim this detail for their account?

    Read the article

  • How to decide how much to charge for development?

    - by rik
    So two other friends and I are a very small game dev studio. So far we haven't released a game but we have 2 games almost ready to launch. A bigger studio saw our work and now they want to work with us; they need people to develop mobile games for them (iOS, Android). They want us to set the price for the projects (can't tell the specifics we signed a NDA). They will give us all the assets (graphics/sound) so we only have to code. And because they only work with Unity3D we have to learn it. How do we decide how much to charge for the projects?

    Read the article

  • The SQL Beat Podcast–Capturing a SQL Rockstar

    - by SQLBeat
      This is the first permissible (waiting for signed disclaimers) episode of the SQL Beat Podcast featuring the gracious and famous Thomas La Rock. We talk about gay marriage, abortion, SQL community and a 9 inch pipe with a hole in it at the tip. No really. If there ever was a gentleman, SQL Rockstar is one and I want to thank him from the bottom of my digital recorder for agreeing to talk to me and my audience. All forty of them will appreciate the candor. Enjoy World. I did. Oh and a special rock start drum intro from me to you. CLICK BELOW TO LISTEN >>>>>>>>>CLICK HERE TO PLAY >>>>>>>>> CLICK ABOVE TO SPEAR A FISH INSTEAD

    Read the article

  • Warning about SSL ceritificate, am I under attack ?

    - by Bunny Rabbit
    Lately I've been getting a lot of warnings about SSL certifications on my pc, Empathy keeps telling me that Facebook's certificate is self-signed and can't be trusted, and also, there are occasional warnings in Google-Chrome about security. I remember the last one saying that that the page is secured but some of the resources that the page is using are not from a secure connection, something like that. Is my pc hacked / under attack? How can I check that, and if so, how can I safeguard myself? PS: One thing that comes to my mind is that I might be under an arp poisoning / spoofing attack.

    Read the article

  • Amazon Web Services Free Trial: query about get and put requests

    - by abel
    Amazon recently introduced a free tier for its cloud offering. I signed up for AWS and while signing up for the free tier of S3, i found this As part of AWS Free Usage Tier, you can get started with Amazon S3 for free. Upon sign-up, new AWS customers receive 5 GB of Amazon S3 storage, 20,000 Get Requests, 2,000 Put Requests, 15GB of bandwidth in and 15GB of bandwidth out each month for one year. source:aws.amazon.com , emphasis mine. 20,000 GET requests & 2000 puts mean , 20,000 page views(max) and 2000 file uploads per month. Isn't that lower than what App Engine offers 43,200,000 requests per day.Am I missing some thing, please help.

    Read the article

  • PSA: OpenJDK OCA Submission E-Mail Address

    - by $utils.escapeXML($entry.author)
    If you're coming new to OpenJDK and are reading How to contribute page, you'll quickly notice that item 0 contains the following section "If you haven't yet signed the Oracle Contributor Agreement (OCA) then please do so, scan it and e-mail the result to oracle-ca_us(at)oracle.com."That e-mail address here used to be a sun.com address back when OpenJDK started, but that changed a little while ago. So if you encounter e-mail trouble trying to submit your OCA in order to hack on OpenJDK, please check if you're trying to send it to the correct e-mail address.

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >