E-Certificates | create E-certificates and store the E-certificates | TLS library

I am testing to install certs using azure demo certs at the IoT Edge Device as per the steps mentioned "https://docs.microsoft.com/en-us/azure/iot-edge/how-to-manage-device-certificates?view=iotedge-2020-11". But I am facing below error while running iotedge check command

We have several customers who would like to keep IoT Edge device running for several months without restarting operation in their use cases. The have already generated their own production certificates with 3-10 years lifetime. Due to the documentation, we got to know that there's a auto generated certificate IoT Edge Hub Server certificate which always has a 90-day lifetime, but is automatically renewed before expiring. The auto_generated_ca_lifetime_days value doesn't affect this certificate.

Reference link: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-manage-device-certificates?view=iotedge-2018-06#customize-certificate-lifetime

If the IoT Edge hub server certificate was auto generated and auto renewed, do we have to regularly restart edgeHub to apply new certificate ? Or edgeHub will auto reload and apply new certificate?

If we have to restart it, how to deal with the use case that IoTEdge cannot be restarted for more than 90 days?

I tried a lot and now putting it here .. so I have an app service in which API Identity server and UI(Blazor) is hosted in different folders inside the same app service now i generated the rsa signing cert from [https://damienbod.com/2020/02/10/create-certificates-for-identityserver4-signing-using-net-core/](this blog post) now everything works fine on development even when i set hosted identity server as provider and localhost(UI and Web API) even then its working but when i try to access the hosted API its throwing error (in log) and i am getting 401

please any helps would be appreciated

also

my identity server startup looks like this

I'm trying to set up a solution which includes an EC2 instance with Apache running NodeJS. I've already successfully created a working webserver-instance with a public SSL-certificate from Certifate Manager accessed on port 80 and 443. This server should be able to connect to my other instance but for some reason I keep running into dead-ends and I suspect the solution is not possible...

I've built a working setup using Let's Encrypt certificates but I would love to keep as much as possible in AWS.

Issue: In the LE-solution, I can access the local .pem-files on my server. I can include the local paths to the LE-certificates in the server-setup-file like this:

I am playing with EventStore. As a .NET user I prefer Windows as OS, only that I have home edition. In order to install Docker I need Windows Proffessional Edition - and I don't have it ... it's out of my budget.

Anyway, I kept trying to install (via Chocolatey) and I managed it. How do I start it? I can't find the command in the documentation.

I am having this code:

I am developing a chat application that makes use of socket.io for matchmaking. Clients using Windows machines and Android Devices are able to make a websocket connection. However clients using Safari on Desktop and iOS are unable to connect using both Safari and Chrome. My application works from socket.io client -> NGINX Proxy -> Node.js socket server

I have been able to track down the error by inspecting the iOS browser through a Mac and this error shows up [Error] WebSocket network error: The operation couldn’t be completed. (OSStatus error -9836.)

After doing some research into the error I found that Safari is picky when it comes to creating secure websocket connections. I am currently using a CloudFlare issues certificate and key which is in my NGINX configuration. I also tried adding the credentials to my node server but the same problem persists. Here is the NGINX server block:

To the people that close vote this post: it doesn't help if you don't comment why. We're all trying to learn here.

I want to have wildcard certificates for 2 domains of mine using Let's Encrypt. Here's what I did:

In Chrome it all works. In Firefox I get the error below:

So I tested here: https://www.ssllabs.com/ssltest/analyze.html?d=gamegorilla.net

I also checked this other post.

There's talk on making sure that "the server supplies a certificate chain to the client, only the domain certificate". I found validating the certificate chain here.

I then took these steps found here:

1. Open the Certificates Microsoft Management Console (MMC) snap-in.
2. On the File menu, click Add/Remove Snap-in.
3. In the Add or Remove Snap-ins dialog box, click the Certificates snap-in in the Available snap-ins list, click Add, and then click OK.
4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
5. In the Select computer dialog box, click Finish.

I already see "Let's Encrypt Authority X3" in the Intermediate Certification Authorities. So that should already be handling things correctly I'd presume.

How can I ensure the Let's Encrypt certificate chain is supplied to the client so it works in Firefox too?

UPDATE 1

Based on @rfkortekaas' suggestion I used "all binding identifiers" instead of supplying the search pattern. When Win-acme asked Please pick the main host, which will be presented as the subject of the certificate, I selected gamegorilla.net. After this gamegorilla.net now works in Firefox, however, on www.karo-elektrogroothandel.nl I now get an insecure certificate.

UPDATE 2

Alright, that seems to fix it. I do see that bindings for smtp/mail (e.g. smtp.gamegorilla.net) are now also added to IIS automatically: Should I leave those or delete those mail+smtp records here?

Also, the certificate is now [Manual], does that mean I need to renew manually (which woud be weird since nowhere during the certificate creation steps did I see an option for auto-renewal):

For testing purposes I'm trying to install certificates on my Edge Device (raspberry Pi) and following the Microsoft article - https://docs.microsoft.com/en-us/azure/iot-edge/how-to-manage-device-certificates

I create the test certifacates using this article: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-create-test-certificates#prerequisites and then I copy the 3 required files over to the raspberry pi into a folder called "certs",

After I copy over the required certifcates I update the config.yaml file with the file locations and restart iotedge but iotedge does not start up properly ie I don't see the modules load up and run

I'm not very familiar working in Linux so thinking that the issue could lie in 2 places currently:

1. My file URI is not formed correctly and so iotedge is not picking them up. How can I verify whether the below is correct?

2. iotedge does not have read access to the directory holding the certs. How do I make sure that iotedge has read access to the directory (ie certs)?

Currently I am doing the API load test using the LoadRunner, where the mTLS is implemented on the server side. Also I am able to include the certficates(2 pem files) using the web_set_certificate_ex function by passing the cerificate paths(clientA-crt.pem and clientA-key.pem) - the calls works perfectly fine.

Now we are planning to use jmeter for load testing. As first step, I converted pem into p12 format using the following command openssl pkcs12 -export -out Cert.p12 -in clientA-crt.pem -inkey clientA-key.pem -passin pass:root -passout pass:root

https://www.ibm.com/support/knowledgecenter/en/SSPH29_9.0.3/com.ibm.help.common.infocenter.aps/t_ConvertthepfxCertificatetopemFormat068.html

Then next step I am converting the cert.p12 into java keystore using the following command keytool -importkeystore -srckeystore Cert.p12 -srcstoretype PKCS12 -srcstorepass root123 -keystore dex.jks -storepass root111

https://www.blazemeter.com/blog/how-set-your-jmeter-load-test-use-client-side-certificates/

The below error is encountered: Importing keystore Cert.p12 to dex.jks... keytool error: java.io.IOException: keystore password was incorrect

Can someone let me know where I am going wrong.

Contents of clientA-crt.pem

-----BEGIN CERTIFICATE----- some alphanumeric values -----END CERTIFICATE-----

Contents of clientA-key.pem

-----BEGIN RSA PRIVATE KEY----- some alphanumeric values -----END RSA PRIVATE KEY-----