I have setup Custom Domain "https://developers.google.com/appengine/docs/domain"
I have uploaded "An SSL certificate and private key" (to create those i am using "XCA" on Ubuntu, available in the Ubuntu Software Center" )
Result ..."Assign all matching URLs" or "Add" Button is inactive.
What are the details to follow setting up SSL for AppEgine Custom Domain?
HELP: following the link on "http://support.google.com/a/bin/answer.py?hl=en&answer=2644386" refers to a login see: (moma single sign on) ???->
https://login.corp.google.com/saml_idp?KeyID=w1n&SAMLRequest=fVJNT%2BMwEL0j7X%2BwfM8nYoWsJqgLQluJhYgGDtwcZ1KctT3B47Tw70lTEN3DcvTz8%2FsYz%2BLi1Rq2BU8aXcGzOOUMnMJWu03BH%2Brr6JxflD9OFiStGcRyDM%2FuHl5GoMCml47EfFHw0TuBkjQJJy2QCEqsl39uRB6nYvAYUKHhbHVV8N4hdoPq26a1%2FeYvmB6taXXTY9%2FIRjfN4IbOSsXZ42esfB9rRTTCylGQLkxQmuVR%2BjPKz%2BvsVJzm4ix94qz6cPql3aHBd7GaA4nE77quoupuXc8CW92Cv53YBd8gbgzECu3evpJEejvBnTQEnC2JwIcp4CU6Gi34NfitVvBwf1Pw5xAGEkmy2%2B3iL5lEJscHRbycJyvmcv5opN9Hl5%2FWvPzSWyRHUuXHj%2B2LrK4qNFq9saUxuLv0IMPUIvhxKnGN3srwf7cszmZEt1E3U8XoaAClOw0tZ0l5cP13NaaFeQc%3D&RelayState=https%3A%2F%2Fwww.google.com%2Fa%2Fgoogle.com%2FServiceLogin%3Fservice%3Dah%26passive%3Dtrue%26continue%3Dhttps%253A%252F%252Fappengine.google.com%252F_ah%252Fconflogin%253Fcontinue%253Dhttps%253A%252F%252Fdevsite.googleplex.com%252Fappengine%252Fdocs%252Fssl%26ltmpl%3Dga%26shdf%3DCioLEgZhaG5hbWUaHkdvb2dsZSBEZXZTaXRlIENvbnRlbnQgU3RhZ2luZwwSAmFoIhRMUzrDPeZIM0WftD9x6Ag2ike0YCgBMhQmSRWl793zR9on0qxjQb8iedMy3Q
This is the correct documentation link:
https://developers.google.com/appengine/docs/ssl
when adding an app engine app to use SSL over your custom domain. Create the PEM encoded X.509 certificate and Unencrypted PEM encoded RSA private key with openssl:
openssl genrsa -out rsaprivkey.pem 1024
openssl req -new -x509 -key rsaprivkey.pem -out dsacert.pem
when open ssl asks you questions for your app's name, make sure to include the entire url as in your answer, www.abc.com to secure https://www.abc.com
-Ben
It's simple the domain i am using should use CN -> www.abc.com and not just abc.com.
"All subject names on the host certificate should match or be subdomains of the domains associated with the account in the Google Apps Control Panel."
Thank's for the documentation link :-)
Under Google App Admin console -> select App Engine apps -> select app -> Add New URL
Related
I want to use SSl certificates in codename one.Currently I am using below code for connecting to server
ConnectionRequest req = new ConnectionRequest();
req.setUrl("http:/something");
But I want to use https instead of http.I want to import customize SSL certificates and want to use it in my app.
How to import and use SSL certificates ?
You should just change this to HTTPS but you can't use a custom (invalid) SSL certificate. Your certificate must be valid and must be from a valid certificate authority for it to work.
If this is just for debugging you can add your debugging certificate to the device in the device settings which usually allows you to customize the root certificates.
I have a custom domain setup for an AppEngine application. I have created the two required certificates using letsencrypt. I am aware that GAE requires a private key RSA file so I have done:
openssl rsa -in privkey.pem > privkey-rsa.pem
to create the privkey-rsa.pem. I am uploading that and the fullchain.pemfile. These are accepted and I can see the correct domain under "SSL Certificates" in App Engine Settings.
I have set secure: optional for every route in my app.yaml
However, looking at the "Custom Domains" tab in "Settings", there is a column titled "SSL Support" which says None. I have removed and readded the custom domain with both the certificates present, and with them deleted.
But the "SSL Support" column remains at "None". And when trying to access my index.html page with https, Chrome produces 'Site cannot be reached'.
I seem to have no further options to try to get this working...
App Engine console > Settings > SSL Certificates > you'll see a list of certificates, click yours > mark the subdomain you want to serve this certificate through > Save
I am using Rest Api to make calls to the https domain and salesforce is giving me
System.CalloutException: java.security.cert.CertificateException: No name matching certificate found
So I asked for certificate from Cleint. Client provided us with .CER certificate files. How will i use them? I converted them to JKS using Java KeyTool but all in vain.
Certificate import in salesforce to be used with named credentials/ callouts , only supports .jks file extensions.You need to ask your certificate provider to give one in .jks.
You can import certificate in Salesforce Panel.
Setup->Security Controls->Certificate and Key Management
I'm building a web service to allow salesforce to call to it, the two way SSL is used for security, and salesforce has provided its client certificate: sfdc-client.cert.
In order to test whether salesforce client certificate work or not, I have setup a very simple web on MAC apache and enable SSL and client authentication on ssl config file /etc/apache2/extra/httpd-ssl.conf as below (use self-signed):
SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"
SSLCACertificateFile "/private/etc/apache2/ssl/sfdc-client.cert"
SSLVerifyClient require
SSLVerifyDepth 10
The first browsing by Chrome, I got "SSL Connection Error", I supposed it's correct in this case.
Then, I have tried to import sfdc-client.cert to key chain access, but it does not work at all because it just supports p12/pfx format.
I also tried to use CURL:
curl https://test.com --cert-type der --cert sfdc-client.cert
but got the error:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
I'm totally newbie on this stuff, does anyone know how to test client certificate to make sure it works as above?
First you need to have both the client's certificate and certificate private key to be able to test 2-way SSL authentication.
To test with web browser, follow instructions here: Is there a way to test 2 way ssl through browser?
I am using libcurl in my C application to communicate with an HTTPS server that I have set up. I generated a self-signed certificate on that server that I wish to use with curl.
I am aware of setting CURLOPT_SSL_VERIFYPEER to 0 to bypass the SSL verification, but I wish to add the generated certificate to curl's "valid" CA certificates.
I have tried setting CURLOPT_CAPATH and CURLOPT_SSLCERT to the location of the server SSL public key, but it fails to pass the verification.
How can I add my own CA/Self-signed certificate so that libcurl will successfully validate it?
To add a self-signed certificate, use CURLOPT_CAINFO
To retrieve the SSL public certificate of a site, use
openssl s_client -connect www.site.com:443 | tee logfile
The certificate is the portion marked by ----BEGIN CERTIFICATE---- and
---END CERTIFICATE----.
Save that certificate into a file, and use curl in a manner like so:
CURL* c = curl_easy_init();
curl_easy_setopt(c, CURLOPT_URL, "https://www.site.com");
curl_easy_setopt(c, CURLOPT_CAINFO, "/path/to/the/certificate.crt");
curl_easy_setopt(c, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_perform(c);
curl_easy_cleanup(c);
First, you kind of mix "Certificate Authority" files and "Certificate" files which confuses me.
How can I add my own CA/Self-signed certificate so that libcurl will
successfully validate it?
This might be seen as a complementary answer to the one above.
In the case you want to add a self-signed CA (every root-CA is self-signed) so that libcurl will successfully validate a website's certificate, which has been generated by the CA, then continue reading.
With CURLOPT_CAINFO you need to pass the "Certificate Authority" file (CA) that was used when generating the (non-CA) certificate of the site you want to verify.
(I do not know if this option works by passing it a non-CA certificate, the documentation is not really clear on this, and the previous answer has 2 up-votes, so if anyone has tested it please comment)
You can also pass a Certificate Authority chain file that contains the CA that was used, in case it was not a root-CA.
Here's a little tutorial I've found that can help you test your solution:
Creating a private root CA:
http://www.flatmtn.com/article/setting-openssl-create-certificates
Creating a site certificate:
http://www.flatmtn.com/article/setting-ssl-certificates-apache