I am using Rest Api to make calls to the https domain and salesforce is giving me
System.CalloutException: java.security.cert.CertificateException: No name matching certificate found
So I asked for certificate from Cleint. Client provided us with .CER certificate files. How will i use them? I converted them to JKS using Java KeyTool but all in vain.
Certificate import in salesforce to be used with named credentials/ callouts , only supports .jks file extensions.You need to ask your certificate provider to give one in .jks.
You can import certificate in Salesforce Panel.
Setup->Security Controls->Certificate and Key Management
Related
With a windows desktop app, I am trying to access Exchange calendar resources using confidentialClientApplicationBuilder using the WithCertificate option. When we call AcquireTokenForClient, we get a Microsoft.Identity.Client.MsalException "The provided certificate has a key that is not accessable."
When we use WithClientSecret option it works fine.
On the client side, the certificate is obtained from one of our DLLs that is code signed with our code signing certificate. On the Azure side, our code signing cert (PFX) is converted to CER (using Windows Credential manager import/export) and then uploaded to our app registration on the "Certificates and Secrets" page. When I debug, the certificate thumbprint extracted from the DLL matches the thumbrpint of the cert loaded into Azure.
Here is the code:
assemblyPath = #"C:\Programs\MyProgramLibrary.dll";
var cert = X509Certificate.CreateFromSignedFile(assemblyPath);
var cert2 = new X509Certificate2(cert);
_Application = ConfidentialClientApplicationBuilder.Create(QuicklaunchAzureAppRegistration.ClientId())
.WithCertificate(cert2)
.WithAuthority(new Uri(string.Format(msalAuthFormat, TenantId)))
.Build();
result = await _Application.AcquireTokenForClient(_Scopes).ExecuteAsync();
I Is it complaining about the certificate on the client side or the server side or both? What Key is it looking for? Can a code signing certificate be used?
From what you're saying, it sounds like on the client side. it sounds like the client side needs access to the private key which it doesn't seem to be able to .
and yes a code signing certificate i believe must be used. here's an example of it working with a self signed cert: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/tree/master/2-Call-OwnApi#optional-create-a-self-signed-certificate
i'm looking for a solution for 4 days but i have found nothing.
What i want is to get an access token from my Identity Server with a client_credentials grant_type. I found that you can do this but nowhere is explained how to make the certificates, how the request is made etc.
I tried a lot of ways but with no success.
From the documentation:Our default private key JWT secret validator expects the full (leaf) certificate as base64 on the secret definition. This certificate will then be used to validate the signature on the self-signed JWT . That base64 is the content of the .cert file i believe. On the request should i put the .pfx file in base64 too?
Are there any changes that i need to make on the program.cs file for the Kestrel? I found this too, but all are outdated and doesn't work.
Now i'm trying with postman, after this everything should be called from an Azure Logic App.
I followed this example : but doesn't work.
The error:
Postman:
Program.cs
And the Config.cs from Identity
I will be very glad if you can help. Thanks in advance
As said you can use a client secret instead of a client certificate which is more common/easier. If you really need certificate authentication: I found more information on http://docs.identityserver.io/en/latest/topics/mtls.html
I want to use SSl certificates in codename one.Currently I am using below code for connecting to server
ConnectionRequest req = new ConnectionRequest();
req.setUrl("http:/something");
But I want to use https instead of http.I want to import customize SSL certificates and want to use it in my app.
How to import and use SSL certificates ?
You should just change this to HTTPS but you can't use a custom (invalid) SSL certificate. Your certificate must be valid and must be from a valid certificate authority for it to work.
If this is just for debugging you can add your debugging certificate to the device in the device settings which usually allows you to customize the root certificates.
I'm building a web service to allow salesforce to call to it, the two way SSL is used for security, and salesforce has provided its client certificate: sfdc-client.cert.
In order to test whether salesforce client certificate work or not, I have setup a very simple web on MAC apache and enable SSL and client authentication on ssl config file /etc/apache2/extra/httpd-ssl.conf as below (use self-signed):
SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"
SSLCACertificateFile "/private/etc/apache2/ssl/sfdc-client.cert"
SSLVerifyClient require
SSLVerifyDepth 10
The first browsing by Chrome, I got "SSL Connection Error", I supposed it's correct in this case.
Then, I have tried to import sfdc-client.cert to key chain access, but it does not work at all because it just supports p12/pfx format.
I also tried to use CURL:
curl https://test.com --cert-type der --cert sfdc-client.cert
but got the error:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
I'm totally newbie on this stuff, does anyone know how to test client certificate to make sure it works as above?
First you need to have both the client's certificate and certificate private key to be able to test 2-way SSL authentication.
To test with web browser, follow instructions here: Is there a way to test 2 way ssl through browser?
I have setup Custom Domain "https://developers.google.com/appengine/docs/domain"
I have uploaded "An SSL certificate and private key" (to create those i am using "XCA" on Ubuntu, available in the Ubuntu Software Center" )
Result ..."Assign all matching URLs" or "Add" Button is inactive.
What are the details to follow setting up SSL for AppEgine Custom Domain?
HELP: following the link on "http://support.google.com/a/bin/answer.py?hl=en&answer=2644386" refers to a login see: (moma single sign on) ???->
https://login.corp.google.com/saml_idp?KeyID=w1n&SAMLRequest=fVJNT%2BMwEL0j7X%2BwfM8nYoWsJqgLQluJhYgGDtwcZ1KctT3B47Tw70lTEN3DcvTz8%2FsYz%2BLi1Rq2BU8aXcGzOOUMnMJWu03BH%2Brr6JxflD9OFiStGcRyDM%2FuHl5GoMCml47EfFHw0TuBkjQJJy2QCEqsl39uRB6nYvAYUKHhbHVV8N4hdoPq26a1%2FeYvmB6taXXTY9%2FIRjfN4IbOSsXZ42esfB9rRTTCylGQLkxQmuVR%2BjPKz%2BvsVJzm4ix94qz6cPql3aHBd7GaA4nE77quoupuXc8CW92Cv53YBd8gbgzECu3evpJEejvBnTQEnC2JwIcp4CU6Gi34NfitVvBwf1Pw5xAGEkmy2%2B3iL5lEJscHRbycJyvmcv5opN9Hl5%2FWvPzSWyRHUuXHj%2B2LrK4qNFq9saUxuLv0IMPUIvhxKnGN3srwf7cszmZEt1E3U8XoaAClOw0tZ0l5cP13NaaFeQc%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fgoogle.com%2FServiceLogin%3Fservice%3Dah%26passive%3Dtrue%26continue%3Dhttps%253A%252F%252Fappengine.google.com%252F_ah%252Fconflogin%253Fcontinue%253Dhttps%253A%252F%252Fdevsite.googleplex.com%252Fappengine%252Fdocs%252Fssl%26ltmpl%3Dga%26shdf%3DCioLEgZhaG5hbWUaHkdvb2dsZSBEZXZTaXRlIENvbnRlbnQgU3RhZ2luZwwSAmFoIhRMUzrDPeZIM0WftD9x6Ag2ike0YCgBMhQmSRWl793zR9on0qxjQb8iedMy3Q
This is the correct documentation link:
https://developers.google.com/appengine/docs/ssl
when adding an app engine app to use SSL over your custom domain. Create the PEM encoded X.509 certificate and Unencrypted PEM encoded RSA private key with openssl:
openssl genrsa -out rsaprivkey.pem 1024
openssl req -new -x509 -key rsaprivkey.pem -out dsacert.pem
when open ssl asks you questions for your app's name, make sure to include the entire url as in your answer, www.abc.com to secure https://www.abc.com
-Ben
It's simple the domain i am using should use CN -> www.abc.com and not just abc.com.
"All subject names on the host certificate should match or be subdomains of the domains associated with the account in the Google Apps Control Panel."
Thank's for the documentation link :-)
Under Google App Admin console -> select App Engine apps -> select app -> Add New URL