create-cert | Super simple self signed certificates | TLS library

For the past week I am trying to connect a Winlogbeat(Which is on my host machine) To an elasticsearch Cluster that I set up on an Ubuntu VM using dockers.

Following this tutorial. (In the tutorial they don't explain how to connect a Beat)

My problem is with the SSL configuration (Of the Winlogbeat) I just can't get it right for some reason.

This is the error I get on the windows machine after running the setup command (.\winlogbeat.exe setup -e) -

Basically, I want to add a self-signed certificate (including complete chain with own CA and intermediate) to my Angular environment. The environment is reachable via pcname.fritz.box. That's the idea.

Now I created my own CA and intermediate certificates and the server/client certificates. Afterwards, I added the ca-chain-bundle.cert.pem to my Windows 10 root CAs.

Then I added the server.cert.pem and server.key.pem to my angular.json and started with ng serve --host pcsname.fritz.box --ssl.

If I open the URL https://pcname.fritz.box:4200/ with Firefox I get in the developer console MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT and in Chrome/Edge I get NET::ERR_CERT_AUTHORITY_INVALID.

What I'm missing? I don't want to add it as an exception. Instead it should appear as valid certificate locally.

I am trying to sign a UWP app, either debug or release, for the purpose of testing on some other devices. My certificate appears not to be valid.

Here are my steps:

• I right click on my UWP project, choose "publish", then "create app packages".
• In the popup, I choose "sideloading".
• Then I get a step asking whether I'd like to sign the package.
• I want to choose "yes". I have a certificate where the subject matches the publisher in my manifest. But, just below, it shows a message "this certificate is not trusted on this PC".

If I continue, VS will create a folder containing some installation files. If I click on "...x64.msixbundle", it shows a dialog that says "update ...?", with a note "untrusted app" and a message below "this app package is not signed with a trusted certificate..." (Alternatively, I can run the Install.ps1 script in the powershell, having the same results.) I cannot go further. And, this is on same PC that I'm doing my development.

I've attempted to follow the instructions on Create a certificate for package signing, and some of the adjacent pages. They infer that using the VS wizard should simply work.

P.S. I have never signed a Windows app before. Maybe I should be doing it in a completely different manner ?

I'm trying to replicate https://www.elastic.co/guide/en/elasticsearch/reference/7.x/configuring-tls-docker.html

The example shows how to turn on ssl for ES cluster with docker. it's running the instances in one machine

I am running docker container on multiple hosts and having trouble sharing the volume for certificate

relevant parts are

// create certification files and save in certs volume // create-certs.yml

Heres my if else Ansible logic ..

I am trying to set up a pipeline, which would:

• Deploy a KeyVault "my-keyvault" by using AzureResourceManagerTemplateDeployment@3 task
• Run a Powershell script (listed below) to create a self-signed certificate in the keyvault
• Finally deploy an SF cluster "my-cluster" by using AzureResourceManagerTemplateDeployment@3 task and providing the above certificate both for node-to-node and client-to-node communication (later I plan to introduce 2 different certificates).

My PowerShell script for generating self-signed certificates works well when called for the 1st time:

I've been at this for past 2 days and I'm getting weird errors from the store.

I'm trying to upload an update to my application "CoManga" via the store and it's not working out.

I'm working on Xamarin.Forms (UWP) and before making the appxbundle, I made sure and "associated my app with CoManga" from my developer account. All the information over there matches and should work fine without any issues.

Then I made a release of my UWP app, got the bundle and I tried to upload it to UWP. It said that the Publisher info is different, so it couldn't upload. This is weird because I tried signing the bundle with my developer account itself.

Now, I tried building and signing the app bundle from app center. I got the appxbundle and that I tried to upload. But, since today it's giving me weird error :

The package comic_dl.UWP_2.1.15.0_ARM_x86_x64.appxbundle is taking a long time to process. If this isn’t completed soon, try refreshing the page, or remove the package and then upload it again. If you continue to see this issue, contact support.

This package I tried to build from my system manually : https://drive.google.com/open?id=1VVvF6IB70R2DKNUgBJcqw-HryL1LIwgo

This is what I got from App center : https://drive.google.com/open?id=1o0sGKU2AKVgrcTelIoRFz7QCe8Do0WJ3

This is the Store ID : 9N81F8B5WW93

Can someone guide me what I might be doing wrong/missing something.

Thanks

EDIT Update : So, I followed the suggestion and contacted Microsoft's Team for help on this issue. After 3 months of multiple contacts, I was able to get someone to reply back and follow the case. Even they tried things on their end and I tried by deleting all the certificate files I had in my current project and tried to manually build the manifest file and then it worked. I'm not entirely sure what worked out in the end. But, you can try these things if you run into this issue. 1.) Clean your project.

2.) Delete .vs directory.

3.) Look for any certificate files in your project. Back them up somewhere else and then delete them from the project (Don't exclude from project, just delete them entirely). Clean and rebuild your solution.

4.) Check if the application is already installed on your system (When you debug, VS will install your UWP app on your machine to run it). If it's installed, uninstall it completely.

5.) Make a backup of your manifest file and try to create a new manifest file.

These are the links I received from Microsoft Help:

PFN and package publisher name must match values here: https://partner.microsoft.com/en-us/dashboard/products/{YourAppID}/identity

Update manually: https://docs.microsoft.com/en-us/uwp/schemas/appxpackage/how-to-create-a-package-manifest-manually

Update in VS: https://docs.microsoft.com/en-us/uwp/schemas/appxpackage/uapmanifestschema/generate-package-manifest

If these values were pulled from test certificate, partner needs to update their test cert: https://docs.microsoft.com/en-us/windows/msix/package/create-certificate-package-signing

I need to generate a proof of possession, signing a verification code with my private key.

I did not find a question related to this, here in Stack Overflow, and I am not finding some reference on Internet. I am following this tutorial, but I want to use OpenSSL.

My verification code is related to a X509 certificate, like this:

I am trying to access secrets in my Azure Key Vault from VMs running in my Azure Batch node pool.

However, I keep running into the exception:

Exception Message: Tried 1 certificate(s). Access token could not be acquired.

Exception for cert #1 with thumbprint MY-THUMBPRINT: Keyset does not exist

So far I have been following the instructions outlined here: https://docs.microsoft.com/en-us/azure/key-vault/service-to-service-authentication

The article outlines the scenario of Azure Batch, and indicates I should use a Service Principal. I would like to ensure no secrets or keys are in version control, so I am using the first method of a certificate in a local keystore to sign into Azure AD.

Running all of the below locally as an executable works fine, but fails when run on an Azure Batch pool node.

My steps so far to do the above are:

1. Create a service principal and associated certificate in keyvault: az ad sp create-for-rbac --name myserviceprincipal --create-cert --cert mycertname --keyvault mykeyvaultname. Keep the service principal app id and tenant id for use in the AzureServicesAuthConnectionString.

2. Create key vault access policy for the created service principal (done in the azure portal UI).

3. Download the created certificate in PFX/PEM format (done in the Azure Portal UI).

4. Ensuring a PFX password on the certificate (I am doing this as uploading the cert to azure batch in step 6 requires an associated password): https://coombes.nz/blog/azure-keyvault-export-certificate/