Comodo | Checkdomain/Comodo is a library to connect with the comodo

When I self sign my app packages, visual studio only allows me to create a security certificate that is valid for one year. How can I create a timestamp url or where can I find a free timestamp url to ensure the MSIX package can be installed, even after the used signing certificate has expired?

Update:

I tried many urls I could find online, most of them gave me the error:

SignTool Error: The specified timestamp server either could not be reached or returned an invalid response.

Finally I found one (http://timestamp.comodoca.com) that worked from this article https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server

How can I find a domain whose root certificate is AAACertificateServices? Note this is a Comodo certificate.

To prepare for a dependent server whose certificate will change soon, it looks my clients do have this certificate. However, I'd like to verify that my clients will work now by sending a request to a domain that is already using AAACertificateServices.

I've dug around and found several related questions mostly about Azure or Firebase, however, there are some users (myself being one of them) that directly send HTTP/2 push notification data to Apple.

Do we need all three Root CA's installed OR do we only need AAACertificateServices 5/12/2020?

On 2/10/21, we got the following email:

On March 29, 2021, token and certificate-based HTTP/2 connections to the Apple Push Notification service must incorporate the new root certificate (AAACertificateServices 5/12/2020) which replaces the old GeoTrust Global CA root certificate. To ensure a seamless transition and to avoid push notification delivery failures, verify that both the old and new root certificates for the HTTP/2 interface are included in the Trust Store of each of your notification servers before March 29.

Note that Apple Push Notification service SSL provider certificates issued to you by Apple do not need be to updated at this time.

Learn more about connecting to APNs.

If you have any questions, contact us.

Best regards, Apple Developer Relations

On the page linked above (also here) there are three certificates listed for download:

The Comodo RSA and USERTrust RSA certificates both have certification path dependencies on AAA Certificate Services:

Do we need all three Root CA's installed OR do we only need AAACertificateServices 5/12/2020?

Thank you!

Recently, I've been testing the certificate pinning implementation provided by OkHttp using version 4.9.0 + Retrofit 2.9.0; And I've noticed that the hash check is not conjunctive but rather disjunctive.

According to the example implementation the certificate chain of publicobject.com:

I have a VPS with Apache2.

I have installed SSL before in my websites, but always form freeSSL or ZeroSSL, they give me 3 files:

I use:

I purchased the domain name 'jimtough.org' directly from Amazon so I could use it with a Cloudfront distribution. Now I have a very simple vanity site at https://jimtough.org/ that uses the certificate. I also played around with AWS API Gateway and confirmed that I can use the same certificate to provide HTTPS secured URLs to work with API Gateway.

I am also running a Java/Spring Boot web application on an EC2 server. I have already associated a Route53 DNS name with the EC2 server that hosts my Spring Boot application, like this: http://instance-b.jimtough.org/. This works, but it is using unsecured HTTP. I get a bunch of warnings when I try to do basic authentication in the application, since it would be sending my username/password via an insecure connection. Fair enough.

So my next step is to enable HTTPS in Spring Security and force secure connections to the application. In order to do this, I first need to provide a certificate for the Java runtime on the EC2 host to use. I found examples of how to do so with a self-signed certificate:

• https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/
• https://www.baeldung.com/spring-boot-https-self-signed-certificate

Unfortunately, using a self-signed certificate is not what I'm looking for. I want the user to be able to browse my static content vanity site first (https://jimtough.org/), and then follow a link to my web app and keep using the same site certificate (my AWS-issued cert) for my Spring web app.

QUESTION: How can I use my AWS-issued certificate with my Java-based web application?

Inside the AWS Certificate Manager (https://console.aws.amazon.com/acm/home?region=us-east-1#/), I don't see any way to 'export' or save my certificate. Am I missing something? Maybe Amazon doesn't want me to use this certificate outside of their own services?

Note that I did originally set up the certificate with the domain name as 'jimtough.org' and the Additional Names field set to '*.jimtough.org' so I can use the certificate on sub-domains as I'm trying to do here.

EDIT

The accepted answer from julien-b is correct. I did some more research and found that SSL certificates aren't cheap, and come in different flavors. The cheapest is the 'DV' (Domain Validation) type, which only verifies that the SSL certificate is controlled by someone who also controls the DNS record for the associated domain (such as 'mydomain.com'). There are much more thorough (and expensive) certificate types that can be issued, where the issuer has to do background checks on the owning organization. Those are meant for sites that handle e-commerce, financial transactions, etc. Not at all what I need.

There are also multiple types of multi-site certificates to choose from. The very cheapest single-domain certificates only cover your primary domain and the 'www' subdomain (mysite.com and www.mysite.com). If you want all the subdomains of your primary domain covered (app.mysite.com, ftp.mysite.com, etc), then you'll need a 'wildcard' certificate. Those are significantly more expensive. The more exotic certificate types can cover multiple different domains. These seem to be aimed at making certificate management easier for organizations that manage a lot of different domains and don't need a different certificate for each. Not what I need, so I didn't investigate further.

I decided to go with a 'single-domain with subdomain wildcard' certificate from Comodo (recently renamed to Sectigo?), who appears to be the most affordable certificate vendor right now.

REFERENCE: https://www.techradar.com/news/best-ssl-certificate-provider

It seems like a missed opportunity for Amazon that they don't get in on this game and issue their own SSL certificates for a fee. AWS already has all the infrastructure in place to do so, at least for the DV-level certificates.

I work for a company that uses a Comodo/Sectigo SSL certificate. But suddenly our app started throwing this error when sending POST to the server, in versions with android 4 and 5, with Okhttp client.

I’ve changed the target platform of my WinForms application (a relatively large solution consisting of 10 interdependent projects) from x86 to x64. It is a ClickOnce application signed with a Comodo certificate; all assemblies are also signed with the same certificate. Everything went fine, no errors while I was in Release mode and I could produce a working distributable. However, I’ve got a plenty of undefined-type errors by just switching the solution configuration to Debug.

The type or namespace name '**' could not be found (are you missing a using directive or an assembly reference?)*

Apparently, Visual Studio could not properly process one reference (may be more than one). Errors remained the same even after I’ve deleted the contents of bin and obj directories and cleaned all projects. The strange thing is that I can start the executable in debug mode and extensively test it without any problems. However, the compiler errors remain. In other words, Visual Studio is detecting errors while showing sources in the editor and sees no errors while producing the code for executing in debug mode. The problem does not exist in the original x86 Solution which I still have on another machine. It seems that something went wrong while I was changing the configuration. To be more explicit I’ve produced 4 screenshots you can find here:

• https://www.soascape.com/issues/attachments/INT_001/release.png
• https://www.soascape.com/issues/attachments/INT_001/debug.png
• https://www.soascape.com/issues/attachments/INT_001/references.png
• https://www.soascape.com/issues/attachments/INT_001/FsB-namespace-SoaGui.png

Have I missed something while moving from x86 to x64? I’m using VS Community 2019 version 16.7.7.