I have designed a desktop application using windows forms app.
It will be receiving a pop-up message whenever an updated version is available on the server.
I have generated an API which consists of the updated version of the desktop application which is been used as the server with the help of the ngrok and I have enabled the SSL for the API. The SSL certificate is been installed into trusted root certification authority.
Now how to use the SSL for server validation(that is the clients who the SSL only need to hit the server and can download the updated version)?
Please, someone help me in solving this issue.
Related
I have an application that can be downloaded from our website and runs on user PC.
This application provides connection between our hardware and our web application. It uses SignalR for communication.
Basically, I run SignalR server under WinForms application and have javascript client that tries to access it through http://localhost:8084/signalR.
Everything works fine when I use HTTP version of the web application, but fails, when I use HTTPS for my web application:
Most of the browsers don't allow unsecured connections from a secure page.
So, my question is how can I have self-signed certificate included in my software which installs certificate on user pc during installation and how can I make it work in the way that browsers not complaining about unsecured connection?
If you run SignalR server on user PC each user must obtain the certificate for SignalR connection it launches. Self-signed certificate would be reasonable decision for an Intranet or development. It isn't safe enough for the internet. Another possible problem is retrieving name of the machine where SignalR is running. Certificate attaches to certain local machine(I could be wrong at this) and for connecting to client's application SignalR server you need to know the name of machine he uses. Migrating SignalR server from client to web app server will solve mentioned troubles.
I'm developing an HTTPS proxy server using titanium proxy server. I will monitor some websites and will modify the response of those websites. Some of those websites are https, that's why I'm using https proxy server.
Now here is the problem. As far as I know, to intercept an HTTPS site, we must have certificate and titanium proxy server has a dummy certificate. I think whenever the server is started, titanium proxy server tries to install that certificate as a root certificate so that browsers can trust that certificate. This approach is working perfect for all browsers except firefox.
I can see titanium root certificate installed in all browsers and I can successfully intercept HTTPS websites running in Google Chrome or Safari. But whenever I try to open a HTTPS website in firefox, it gives an error that the connection is untrusted.
I think certificate is not being installed in firefox or is being rejected by firefox as it is not signed by any CA authority. But why are other browsers not showing the same error?
My problem is that I need to intercept HTTPS websites too - it is requirement of the project. What if I buy a certificate from a CA authority and use that certificate with application, will it work or not? Can I use web server certificates with a desktop application? I really don't know much about SSL. any help will be much appreciated. Looking forward to you guys.
PS: I'm attaching a snapshot of firefox windows, for reference.
error window
Firefox uses it's own CA store, while Chrome, Safari and IE use the systems CA store on Windows and Mac. Thus you explicitly need to import the certificate into Firefox as trusted.
I checked a site that I'm deploying (IIS 8, Asp.net-C#, SSL), using ssllabs as suggested on Google. It showed that "This server accepts the RC4 cipher, which is weak.".
How can I prevent that? The site is hosted on a web hosting environment so I don't have direct control over IIS, and I couldn't find anything in IIS manager for that. Is there something I can do on the site? Some other way?
You may not be able to do this if you have a shared hosting environment, but you could contact your hosting company with the following information.
How to completely disable RC4
Clients and servers that do not want to use RC4 regardless of the
other party’s supported ciphers can disable RC4 cipher suites
completely by setting the following registry keys. In this manner, any
server or client that is talking to a client or server that must use
RC4 can prevent a connection from occurring. Clients that deploy this
setting will be unable to connect to sites that require RC4, and
servers that deploy this setting will be unable to service clients
that must use RC4.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
On Windows 7, for ASP Web API solution, not able to connect to https port (other than 443) because of missing SSL port certificates(44300 +) which I checked it using "netsh http show sslcert". I tried adding certificate manually but it didn't work with my solution.
The binding statements for those ports are correct in "applicationhost.config" of IIS express.
"".These certificates are automatically generated on windows server 2008.
In the browser it shows is "This webpage is not available".
Can Somebody help me?
In IIS you will need to add a binding to that site for the port you want to use.
See this for additional help
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
or
IIS Express
http://msdn.microsoft.com/en-us/library/ms733791.aspx
I have a client-server application written in c#. I am hoping someone can give some direction on where to look in order to set it up where a user could connect to the server from their workstation, most likely through http but that's not a requirement, and download the client. The mechanism would need the following features:
Check for updates on client startup and automatically apply them.
Allow multiple clients (connected to different servers) to download on the same machine
Client can be downloaded by a non-local admin
Possibly install any prerequisites needed on the workstation
I currently use ClickOnce but it isn't quite working out. Currently the server sits in IIS and uses WCF services.