Whether your DNS entry uses a CNAME or an A record doesn’t matter. What matters is the host name the client is trying to connect to. It must match one of the Subject Alternative Names in the certificate of the server providing that resource (or, failing that, it must match the CN RDN of the … Read more
In case if you need to make a REST call you can use the next way. This will work for outgoing calls through RestTemplate. Declare the RestTemplate bean like this. @Configuration public class SslConfiguration { @Value(“${http.client.ssl.trust-store}”) private Resource keyStore; @Value(“${http.client.ssl.trust-store-password}”) private String keyStorePassword; @Bean RestTemplate restTemplate() throws Exception { SSLContext sslContext = new SSLContextBuilder() .loadTrustMaterial( … Read more
The easiest is probably to create a PKCS#12 file using OpenSSL: openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12 You should be able to use the resulting file directly using the PKCS12 keystore type. If you really need to, you can convert it to JKS using keytool -importkeystore (available in keytool from Java 6): … Read more
I also wanted to create OPEN SSL for Windows 10. An easy way to do it without running into a risk of installing unknown software from 3rd party websites and risking entries of viruses, is by using the openssl.exe that comes inside your Git for Windows installation. In my case, I found the open SSL … Read more
ServicePointManager isn’t defined in PCL but defined in platform specific classes. There are ServicePointManager in both Xamarin.iOS and Xamarin.Android with same usage. You can reference it inside any classes in your platform projects. However, currently there is no such class and seems no way to do so for Windows Phone app. Example: // Xamarin.Android public … Read more
As an alternative to using self-signed certificates, you can launch Chrome or Firefox such that it pretends certain domains are secure. For example, using Chrome on a Mac, you can launch it using: /Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ –user-data-dir=/tmp/foo –unsafely-treat-insecure-origin-as-secure=http://www.your.site Service workers should then work from http://www.your.site. More info can be found here: Options for testing … Read more
No, it is not possible. A wildcard inside a name only reflects a single label and the wildcard can only be leftmost. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org. But you can have multiple wildcard names inside the same certificate, that is you can have … Read more
This is just another version of this question: Using openssl to get the certificate from a server Or put more bluntly: Using curl –cert is wrong, it is for client certificates. First, get the the certs your server is using: $ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem (-servername is … Read more
You can access your files via SSL like this: https://s3.amazonaws.com/bucket_name/images/logo.gif If you use a custom domain for your bucket, you can use S3 and CloudFront together with your own SSL certificate (or generate a free one via Amazon Certificate Manager): http://aws.amazon.com/cloudfront/custom-ssl-domains/