I am investigating how to create a PKCS#10 certificate signing request (CSR), send it to a Certificate Autority (CA), and create an X.509 client certificate based on the response from the CA. I want to do this in a Windows 10 application (so, an app built on UWP). Can i do this without an extra server to run the "CertCli 1.0 Type Library"?
The only info I've found is this: MSDN Article
It's for Windows 8.1, and it says that I need to have a server "between" the application and the CA, in order to send the CSR to the CA and create the actual certificate. Then I send this certificate back to the application. Deploying and running an extra server simply to host an API seems wasteful, so I'm trying to find another way.
Is this still necessary in Windows 10?
Could I package the "CertCli 1.0 Type Library" as a DLL or something along with my application?
Are there open source alternatives (that will run in a UWP app) that can be used to handle the certificate and CSR instead?
Related
I have designed a desktop application using windows forms app.
It will be receiving a pop-up message whenever an updated version is available on the server.
I have generated an API which consists of the updated version of the desktop application which is been used as the server with the help of the ngrok and I have enabled the SSL for the API. The SSL certificate is been installed into trusted root certification authority.
Now how to use the SSL for server validation(that is the clients who the SSL only need to hit the server and can download the updated version)?
Please, someone help me in solving this issue.
I am trying to connect to my mosquitto mqtt broker in an Xamarin c# application using M2Mqtt.
I am having a difficult time creating the x509 certificate in my program
SEE --- My other question
Xamarin Visual Studio createcertfromfile path no working
But I wanted to float this question just to see if any one out there has done this. I have spent 2 days making absolutely no progress.
My only concern is encrypting the communication between the mobile device and my mosquito broker.
I have secured the broker with mosquitto-auth-plug and I can't be sending the credentials over the air.
One other question -- I am not concerned with verifying the mobile user I just want to create a secure encrypted connection with my broker, so I am not going to need my users to get any certificates or anything?? correct
-----Edit for hardilib
I have a mosquitto broker running on a centos 7 server. I have configured the broker to accept ssl/tls connections and have used mosquitto-auth-plug for user security.
I have a mobile application written in c# Xamarin with visual studio 2017 enterprise edition.
I have very good non encrypted communication between my mqtt broker and mobile application using M2Mqtt client.
I need encrypted communication between the mobile application and the broker for this to work in a real world situation.
I have tried to follow the only information I can find at
http://embedded101.com/Blogs/PaoloPatierno/entryid/366/MQTT-over-SSL-TLS-with-the-M2Mqtt-library-and-the-Mosquitto-broker
I have it all complete except the part
The CA certificate was included in a resource file (Resources.resx) and, once read as a byte stream is provided to the X509Certificate constructor class, in order to obtain a valid X.509 certificate for the MqttClient.
Client Connection String
MqttClient("ppatierno-PC", MqttClient.MQTT_BROKER_DEFAULT_SSL_PORT, true, new X509Certificate(Resources.m2mqtt_ca));
I haven't been able to create the x509Certificate because I don't know how to create the resource file.
And when I try to create the certificate from file none of the paths I try to use work -- See other question above.
Has anyone successfully done what I am explaining above or have another way to secure the communication between the application and the server if you have please help.
Thanks
I figured it out you can use AssetManager class to retrieve assets from you xamarin solutions directory.
see my other post for more complete instructions
Xamarin Visual Studio createcertfromfile path no working
We want to use the "Microsoft Platform Crypto Provider Key Storage Provider” APIs on Surface Pro devices and Windows Mobile Phone devices for Windows 8 and 10. The operations we need to support are provisioning new keys to the KSP (key storage provider) using a PKCS12 formatted “blob" and using one or more keys in the KSP as client credentials in a mutually authenticated TLS 1.2 exchange with a server.
We need to know the correct APIs to use in our client to import the certificate key with some name (alias) that we can use to reference it later - we presume that the correct APIs for this is CertificateEnrollmentManager.ImportPfxDataAsyn. If we use this API, will the resulting credentials be protected at rest by the Trusted Platform Module (TPM) or are there other APIs we must use to import and use certificates. We understand that CertificateEnrollmentManager.ImportPfxDataAsyn will import a pfx certificate to the app container. We really want to have our credentials is protected by TPM.
We also need to know the appropriate APIs to select the certificate/keys via its friendly name during a socket connection to a server using the TLS 1.2 protocol.
We know that in Windows 10 StreamSocket has a "Control" property and "Control" itself has a "ClientCertificate" property which we can use to pass in a client certificate for opening an SSL connection, but in Windows 8.1, Control property of StreamSocket doesn't have a "ClientCertificate" property. In Windows 8.1, where and which certificate will StreamSocket.ConnectAsync be looking for?
Any help or comment will be highly appreciated.
Josh
After certificate is generated, I've only exported the private key (without the certificate) in Keychain access, exported as .p12 and used the file, and it was not worked. I've exported only certificate and exported as .p12 and used the file, and it was also not worked.
The exception is:
You have selected the Production server, yet your Certificate does not appear to be the Production certificate! Please check to ensure you have the correct certificate!
If i use the same .p12 with MoonAPNS library it is working fine, but not with PUSHSHarp library. am using push sharp only for silent notifications.
Apple introduced a new unified Push Notification certificate that is valid for both Sandbox and Production servers. This new certificate has a bit different of a Subject Name (it used to contain either Apple Production IOS Push Services or Apple Development IOS Push Services and now it contains Apple Push Services).
PushSharp 2.x does not know about this new format and still expects the old Subject Names to verify against, so it thinks your certificate is invalid.
PushSharp 3.x (currently pre-release available on NuGet) is recommended and does properly validate the new type of certificate. I'd recommend updating to a 3.x version (of course there are some breaking API changes involved in that).
If you are still insistent on using PushSharp 2.x, you can override the certificate validation by setting the disableCertificateCheck parameter to true in the ApplePushChannelSettings class constructor.
In my Windows Phone application I need to accept an untrusted certificate by default to connect with SSL, how can I do this?
There's an project on Codeplex that allows you to trust otherwise untrusted root CAs.
It's called Windows Phone Certificate Installer, and you can re-use the TrustedRootCertificateInstaller.cs file in your projects.