I've built a WPF application using Visual Studio 2019.
I'm using a Windows Application Packaging Project to create the MSIX Bundle.
I had been signing it with a self signed certificate (only good for debugging) and it works fine.
I recently purchased an EV Code Signing certificate from SSL.com (it's a .crt file) and can't seem use it to sign the application. It comes in a YubiKey or you can download the file.
The problem is that if I try to select a certificate using the "Select from file" option it only lets me pick .pfx certificates.
If I try to select a certificate using the "Select from store" option my certificate doesn't show up. (The only ones I see are the ones that I created while debugging).
If I view the certificate store using Microsoft Management Console I can see the certificate in there but for some reason VS doesn't recognise it.
Is there any way around this?
Related
I am trying to connect PostgreSQL database to Power Bi. Database is hosted on Heroku. I am getting the following error -
An error happened while reading data from the provider:
'The remote certificate is invalid according to the validation procedure.
I think i am getting this error because it needs "sslmode=require". but I am not sure how to proceed.
Can someone help me with this problem.
Thanks in advance.
These steps should help you connect to Power BI desktop via ODBC. Note, you should probably create a follower database in heroku so you're not using your production database credentials.
Download PostgreSQL ODBC driver and install. Note, be sure to check the GAC option during installation (https://www.postgresql.org/ftp/odbc/versions/msi/).
Restart computer.
Open Power BI and click "Get Data" button in the ribbon.
Click "Other" and then select "ODBC".
Choose "None" as the data source name.
Click the "Advanced options" and enter this connection string:
Driver={PostgreSQL Unicode};Server=HEROKU_HOST, where HEROKU_HOST is the "Host" from your heroku database credentials (example: ec2-xx-xxx-xx-xx.xxx.amazon.com).
On the next screen, enter the user name (user from heroku db credentials), password (password from heroku db credentials), and for connection string enter the following (with HEROKU_XXXX replaced with your info:
PORT=HEROKU_PORT;DATABASE=HEROKU_DATABASE;POOLING=True;MINPOOLSIZE=1;MAXPOOLSIZE=20;HOST=HEROKU_HOST;COMPATIBLE=2.2.3.0;USER ID=HEROKU_USER;PASSWORD=HEROKU_PASSWORD;SSLMODE=require
I don't use Heroku but had a similar problem with AWS and had to configure the db provider and certificates as described below. I would think that something similar is needed for Heroku.
I did some digging and found 2 possible solutions for Heroku:
Supply the additional settings sslmode=Require;Trust Server Certificate=true in the database connection. This does not seem to be an option with PowerBI, because even under "Advanced Settings" there is nowhere to provide these.
Download the certificate for you database as described here and then follow much the same process as I did below to register the certificate with Windows. If Heroku supplies a P7B (PKCS#7 or pfx (PKCS#12) format certificate you can register that with Windows without having to do the conversion I described.
My setup of the Npgsql provider and AWS Certificates
PowerBI and Excel support connections to Postgres using the Npgsql .NET Data Provider. This provider is not installed by default on Windows. Here's how to install it:
Download the appropriate .msi installer from the Npgsql releases page. The version you need depends on your version of Excel. I am running Office 365, which required version 4.0.x (I installed 4.0.10, download here).
Run the installer. During the install there is an option to install to the GAC which is switched off by default - you must select to have the files installed to the GAC.
Reboot your computer and you should be able to connect setup a Postgres connection in PowerBI or Excel.
AWS RDS Postgres - additional requirement
If you are connecting to a Postgres cluster running in AWS, when you attempt to connect to Postgres after installing the Npgsql provider you may get an error saying:
"The remote certificate is invalid according to the validation procedure"
Here's how to fix it:
Download the public keys for AWS RDS regions: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Convert the bundle to a Windows certificate in P7B/PKCS#7 format. There are many ways to do this, and easy one is to use https://www.sslshopper.com/ssl-converter.html.
In Windows, search for the "Manage User Certificates" utility and open it.
Right-click on "Trusted Root Certificate Authorities", "All Tasks", "Import..."
Select the .p7b file which was the output of converting the AWS keys to P7B format.
Choose to place all certificates in the Trusted Root Certification Authorities store.
You will probably have to confirm for each certificate - there is one per AWS region
You should now be able to connect to your AWS RDS Postgres database from PowerBI or Excel.
You need to check if the host based authentication in your postgres database is allowing this from connection from POWERBI.
[https://www.postgresql.org/docs/current/auth-pg-hba-conf.html][1]
The file is usually available in the postgres data folder and the structure is like below. Make sure the client host, username have the right permissions to access the database.
local database user auth-method [auth-options]
Note: If you are using a cluster manager like patroni, the pg_hba.conf file will be overwritten by Patroni every time you edit it. you will have to edit this configuration from the patronictl command.
I am using Visual Studio 2015 with SSDT to develop reports with Report Services project. I would like to create Shared Data Sources that use "Windows Authentication with a specific user name and password" in this VS SSRS project, (not "Windows Authentication with integrated security", which authenticates as my user account).
The data source is setup the desired way on the report portal already ("Windows with stored USER and PWD"). But I want it configured this way in the Visual Studio project so that all developers can open the project & develop with the data source connections, and also so that deployment of the project files to the server is more accurate. I don't want to have to deploy it with "Windows integrated" then go the portal and manually configure the Shared Datasource-- that is a more error-prone deployment method.
It looks like the "Data Source Properties" screen is very similar for Report Builder and Visual Studio-- except Visual Studio is missing the missing the "Use as Windows credentials" checkbox option.
Does anyone have an answer for this Visual Studio option on the Data Source Property for "Windows Authentication with a specific user name and password"?
****Here are some screenshots:****
VisualStudio-SharedDatasource-Properties.png --> option missing
VisualStudio-Datasource-SQLServer-AuthenticationOptions --> We are not using SQL Server User in our environment, it is Windows user.
ReportBuilder-rdl-Datasource-DatasourceProperties.png --> option is there
ReportPortal-SharedDatasource-Properties.png --> option is there
Hi #SherlockSpreadsheets,
I can bring you a workaround: Choice "Windows Authentication" and then add the required credentials at Credential Manager with the below steps:
Open Control Panel.
Open User Accounts.
Click Manage My Network Passwords on the Related Tasks panel (on the
left side of the window). You'll get a dialog box listing all of
your stored usernames and passwords. Add another username and
password, or remove the existing ones or change their properties.
I am creating a simple client to connect to the LDAP servers running on one of my windows 2008R2 Active Directory Domain Controllers.
I have successfully connected to the LDAP server over a non TLS connection. However, whenever I attempt to make a TLS connection, the handshake fails. After some digging, and downloading the certificate using the following command:
openssl s_client -connect <domain controller>:636
I found that the certificate being served from the LDAP server is invalid. I can see that the certificate is signed by our CA and my local system, that runs the application already has this trust established with the CA. However, It is missing all of the subject information in the certificate. The client application does not allow for this.
After speaking with the administrator, he indicated that the certificates being generated for the domain controller systems to serve TLS certificates over LDAP is automatic and is created by our internal Microsoft Certificate Server. He was not sure how to address this.
After numerous Google searches, I have come up pretty empty on how to resolve this. Is it something that is addressed on the certificate server? Is it something on the domain controller which is stripping the subject information? Is it some setting or configuration? Since, I do not have direct access to these systems I am at a loss on where to begin.
Any assistance would be appreciated.
Blindly trusting a certificate that is invalid is not an acceptable solution.
Ask your admin to export the root certificate for your environment (like, to a .cer file). Then you can use that file to add it as a trusted root certificate on the computer that needs to access it.
That's how we do it in our environment when we've needed to access an external domain over LDAPS.
Of course, that only works if the application accessing LDAPS uses the Windows certificate store. Some applications, like Java-based apps, don't, and you need to do it another way.
I was able to assist my Admin with updating the template the certificate server was using to include the subject and subject alternate name.
I found the following articles that helped determine the problem
https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/
https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
https://support.microsoft.com/en-us/help/931351/how-to-add-a-subject-alternative-name-to-a-secure-ldap-certificate
Ultimately going over each setting until we found the right solution that solved the problem of why the certificate server was sending and invalid certificate.
I'm trying to install the preview of Azure AD Connect:
https://connect.microsoft.com/site1164/program8612
During the setup, you can configure the sign-in method for users, synchronization or a federation with ADFS. I want to use ADFS, and I want the setup to configure a new ADFS farm. The setup wants a SSL certificate, so I've made a self-signed certificate and exported it as a .PFX file. However, the setup won't accept the certificate, it states "The certificate is invalid or corrupted. Please try another certificate"
I selected another certificate which I've used for a website, and I get the same result. The certificate chain is OK, I've tried to install the certificate, but no matter what, the setup keeps rejecting the certificate. I can't find any further info in the eventlog or setup log file, and since the Azure AD connect software is quite new and still in preview, there's not much info on the web regarding the installation.
Any ideas on how to make this work?
It is mandatory for AD FS to use a third-party signed certificate. If you don't want to pay for a certificate, you can use one from wosign which is free and publicly trusted (as an intermediate certification authority from VeriSign or similar I think).
My Silverlight web site is supposed to let the client download a zip file. The zip contains two pdf files that are copied to a temp folder, plus a third pdf file created using crystal reports. On debug in my computer this is working perfectly. However, I've just published the project on a remote server and I can't download the file.
I don't know if the problem is with silverlight or the server, since I wasn't the one that configured it. When I run fiddler, it throws an 'Access to folder is denied' error.
Both me and the server Administrator already set permissions to write and read from that folder to every account of the server, and still does not work.
Can anyone help with this, I can't seem to figure if the problem is with the server or silverlight. The server is running Windows Server 2008 R2 Standard.
Thanks
Seems it has nothing to do with Silverlight.
The IIS worker process must have the rights to access this folder (mostly it's a group called {MachineName}\IIS_IUSRS).
If you're using Single Sign On/Impersonation, then the actual user as currently authenticated by the Network's (Windows) Domain Controller has to have access rights to that folder, which is not a recommended security architecture.