How can I send a certificate with Private.key?
I am sending only the certificate and it returns a 403 Forbidden error.
Certificate + Private.key
GetAccessToken Code
PegarCertificadoServicoPeloIndividuo - Code
I had the exact same problem with this API.
To solve it, I had to ''merge'' the two files (.crt and .key).
For this, it is necessary to download a program, follow this link: https://slproweb.com/products/Win32OpenSSL.html . I downloaded the exe from the first line from that link.
After merging the .crt and .key files, you'll get a .pfx file, that's what you'll use in code to make the call to the API.
Hope this helps
Related
This error shows up when I try to get data from the URI:
exception details
I did some digging on the web and I created a folder in resources called XML with a file networking_security_config.xml
and I added the certificate in the .pem extension on another folder called raw, I used OpenSSL to convert the certificate from .cer to .pemcertificate added
Then I went to the androidManifest.xml, in the application block I added the networkSecurityConfig.androidManifest.xml
However, the error is still the same!
Here is the main code! I need your help guys
I'm trying to send http requests with a cert,
when in using the SoapUi I'm adding a JKS file to the request and it works great, and now I'm trying to implement this in .Net Core code.
I'm using HttpClient for the request and I don't know how can I attach the JKS file.
Any Ideas?
Thanks
JKS is a Java proprietary format for key stores, used by default until Java8. Since Java9 the default format is PCKS#12.
C# can not read this kind of files, but it is easy to convert from JKS to PKCS#12 using keytool or KeystoreExplore
keytool -importkeystore -srckeystore <jks_file_name.jks> -destkeystore <pk12_file_name.p12> -srcstoretype JKS -deststoretype PKCS12 -deststorepass <password>
See this answer to invoke a http service using client certificates https://stackoverflow.com/a/10170573/6371459
The thing I want to achieve is to generate a singedURL pointing CloudFront distribution which originates from S3 bucket.
I have managed to sign the URL which points directly to the S3 bucket as described in following AWS spec - Generate a Presigned Object URL Using AWS SDK for .NET and it worked fine.
But what I really need is to generate signed CloudFront URL.
I assume my Distribution is properly configured as I'm able to access it using (https://d298o8yem5c56d.cloudfront.net/123.pdf) assuming Restrict Viewer Access: is set to No in Behaviors settings.
After switching it to Yes it can no longer be accessed without signedURL.
I was trying to use the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework
The URL was generated, but what I get is following error message:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>
Any ideas what should I check ?
Finally I've solved the issue using the sample code from AWS Developer Guide: Create a URL Signature Using C# and the .NET Framework
The issue seem to be related to the PrivateKey.xml
Remember to replace PrivateKey.xml with your PrivateKey (which can be generated / downloaded from AWS root account settings).
As a next step it has to be converted from PEM to XML (required by .NET)
Nice and easy way to convert from PEM to XML is by using an - online converter
I have a scenario where users are Uploading Transactions logs to Main Server Via ASMX Webservice. The application is clickonce .Net winforms app
Currently I am doing this To convert to List of Object to Json and Deserialize it on Service. over the SSL.
string data = JsonConvert.SerializeObject(Values_Static.logitems);
My Code is protected by SmartAssembly . And still I am getting some breach that attacker have access to the Network Connections and Can Deserliaze the Data.
Now i am thinking of a Scenario that I Encrypt the Json String with some private string key and then decypt it on the server .
e.g
private string salt = "$e7?8f#l4";
return ByteArrToString(Encrypt(TextValue + salt));
Hardcode the key in app and decode it in server.
will it work ?
Users are uploading the the logs to server every minute and there are possibly 20-30 entries per Upload.
is there any chances of broken Data or still the hacking ?
UPDATE :
According to Discussion Below . I understand that there is some issue with my Code. The code is accepting the invalid certificate . How i Can prevent to Accept only Valid Certificate from my https:// Web service .
ATM , every one can see the code through fiddler with Decryption HTTPS on .
I have a valid Certificate installed on my IIS 7. and its working properly
the issue is with code. and its standard auto generated web reference in Visual Studio.
UPDATE 2 :
The Final Result is , The Post data is not Encrypting , its Plain XML and readable by any software that can sniff , however the GET data is secure . I had serached bit not found some valid Answer.
Are you using SSL? If so, any application-level encryption is redundant. And, the key will have to be embedded in the code, so is readable by any attacker.
Fiddler (or other HTTPS proxies) can decrypt any HTTPS traffic.
You could prevent simple use of Fiddler by requiring a specific server certificate in your client code (rather than trusting any certificate the system itself trusts). However, this is only a weak deterrent because the user could just decompile your code and alter it so that your new certificate check is neutered.
This is called the "Untrusted client" problem, and it's the same thing that makes Digital Rights Management (DRM) software a "best effort" affair rather than an ironclad protection.
I am using this code to download file from server and parse data from JSON notation:
WebClient wcl = new WebClient();
Uri url = new Uri(tickurl);
string srlz = wcl.DownloadString(url);
var dict = (new JavaScriptSerializer()).Deserialize<Dictionary<string, dynamic>>(srlz);
When I use it with http://deepbit.net/api/ + my token (URI returns JSON data) it works well.
But with https://mtgox.com/code/data/ticker.php it stucks on 3rd line of the function(data downloading).
What am i doing wrong? Both URLs return same JSON formatted data.
[add] it's not issue with https, this code works well enough with other https services. i am wondering if this could be a problem with SSL cert.
SOLVED: turned off SSL certificate validation. thanks
I suspect it's failing due to a security problem. When I fetch with wget, I get:
ERROR: certificate common name www.mtgox.com' doesn't match requested host namemtgox.com'
It's fine when I fetch with wget using the --no-check-certificate flag.
I don't know whether you can persuade WebClient not to check certificates... but a better option would obviously be to get the certificate fixed.
Alternatively, try this URL instead: https://www.mtgox.com/code/data/ticker.php - note the www at the front. That fetches in wget without any issues.
The Url: https://mtgox.com/code/data/ticker.php doesn't even open up in browser. It starts downloading the 'ticker.php' file. Your server is misconfigured. The code is fine. Most probably the server is not properly configured to process .php files as scripts.
it is a certificate error like Jon Skeet said.
Have a look here to find a easy solution
WebClient + HTTPS Issues
you shouldn't use this for all request, only for debugging