i have developed an application in java (J2ME),
and i want trusted domain for that application using goDaddy's certificate.
can i obtain it ?
let me re describe the full scenario.
i have developed an application.in which i want FILE IO operations to be done without the permission of user (for every read write, it means user will be asked only once.)
so to obtain that i want trusted domain for my application.
for that i need to sign my application using code sign certificate.
now go Daddy's certificate is not listed under Nokia 3110Classic, so i have externally added it in CA list.
but still its showing app signing option disabled.
so my question is can i obtain trusted domain using the goDaddy's code sign certificate ?
For an explanation about the MIDP security model, see answers to StackOverflow questions Application Error Occurs in Nokia 6300 and Privileged operations in netbeans mobility.
If the certificate you used to sign your MIDlet wasn't on the phone, just adding it to the phone may not be enough.
You probably need to add the goDaddy certificate to the MIDP runtime "trusted third party" security domain. Somehow. I'm not convinced that's possible on a Nokia 3110 Classic.
Godaddy certificates usually depend on a Starfield certificate. Make sure that is in place too.
Also, the app-signing might be off because you've only installed the public key.
Edit: Actually, the private key is not necessary on the box (nor desireable). I wonder if the box is missing the Starfield certificate.
Related
I'm hosting a web game on github pages. It's a react app that connects to a websocket server (via wss) running off of a linux box in my living room. I've generated a self-signed certificate for the server, and github-pages already has a Let's Encrypt certificate by default. Presumably because the cert is self signed, the client refuses to connect to the "insecure" server and I am not prompted to install the certificate or anything, because the client does have it's own separate certificate. Would just buying a real certificate solve all my problems? Should I just host the website from the same server and figure out all the stuff associated with that (I realize this is probably the best answer)? What's the public opinion on having separate ssl certificates for client and server?
you can add your self signed certificate to your local truststore, but it's a little work and everyone connecting to your site would have to do it.
buying a certificate would solve this problem, because it is then signed by a trusted certificate authority which allows everyone to verify your servers identity.
on the other hand, if you move your ui to the self signed server too, the web browser will prompt (respectively warn) the user about the untrusted certificate and the user is about to say wether he wants to advance to the site or not. this would "solve" the problem too.
last, but not least. it's quite common to have ui and backend separated and therefore having separated certificates too, but not in such little applications. in a big environment definitely worth it, because it's a separation of concerns.
I'm trying to connect my iOS app to my java spring backend using ssl. As I am deploying my backend locally, I am trying to connect it using my own certificates for development.
For my spring backend, I have create my own CA, signed a certificate with it, and added them to a keystore.jks. I configured the app accordingly, and when I go to https://localhost:8082/blabla, AFTER trusting it, it works fine.
However, I have no way of trusting it on my iOS app, so it fails. I tried installing my Custom CA on my iphone, but still. The curious thing is on my iphone, on profiles, I can see my custom CA and it has the green tick and says verified. I thought this would have been enough to trust the other certificates
Any ideas on what I am missing/doing wrong?
Other info:
On my iOS app I am using Alamofire to make the requests.
Not a proper answer, but might be useful for someone:
I could not trust my own CA on an iphone, and could not connect unless putting the exception to ATS on info.plist.
However, Let's Encrypt now exists and it's on open beta! You can get a proper certificate there and forget about it (As #zaph suggested, you have to remember to renew it after 90 days, also you need to have a proper domain). This was a better option at least for me than creating my own certs.
I have a java applet on a website (http://martinogames.x10.mx/) but it gets blocked by java security settings. It is a signed applet created using the AppletMaker tool in processing. I know how to allow access on my computer (java security settings to medium/whitelist the site), but I want to know how to get Java to accept it for other users. I am the developer and should have access to all information needed to do this, if it is possible.
Thanks in advance,
-Peperononew
You need to buy a real certificate and sign it with that. Otherwise it would require users to trust your certificate, which is not secure at all (you're not a trustworthy entity).
3 questions:
1.Does anybody know a CA company which allows me to put the bought CA certficate inside SoftHSM (the same as an HSM but without any hardware, this is pure software)?
2.Is it hard to work with the PKCS11 interface? I have a Java application which will sign documents. But I need to communicate through the PKCS11 interface. Anybody had any experience with it before? Is there any tutorial on this?
3.If I buy an trusted certficate, why don't they deliver it in .crt? I have a trial certificate, but my browser just imports it. Don't see where to download this certificate so I can store it my hsm.
Please help to clear my mind.
Late answer, this did not get on my radar before:
Any company should do this. You generate a key pair and create a certificate request. Then they sign your request and give you a certificate. Where you store the private key is normally not their concern. For higher end certificates your identity is though.
If you just need to sign and you have an RSA or ECDSA private key then you can use the Java PKCS#11 provider. You then simply use the standard Signature class after configuration. To configure the HSM right is an art in it's own though.
You can normally export your certificate again, otherwise right click and download. The way it is handled is because of the MIME type. You could also use e.g. wget, which would just download using the link you provide.
I created a JApplet using Netbeans 6.5.1 that accesses a database. When the program is run by itself, it runs perfectly. The issue is when you try to put it online using a web application in Netbeans, it will not access the database. I was told by somebody that the problem is that Java security will not allow you to do this. Is this correct? How do I fix this problem? Thanks.
As already mentioned, an unsigned applet can only make network connection to the host from which the applet originated. However, if the database is hosted on a different server than the originating applet then you will have to make the applet signed. If the application is not for production use, you can self sign the applet (not suitable in production use where the signing has to be done by a trusted Certificate Authority. Certificate authorities typically charge a fee for the service of validating their clients' credentials.) However, for testing and demo purposes, you can create a self-signed certificate. With self-signed certificates, the browser displays a warning to the user mentioning that the information given in a self-signed certificate has not been validated by a trusted third party (Certificate Authority).
For self signing the applet take a look at the following links:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
The other things to keep in mind are the JDBC driver types to use. Type-1 and Type-2 drivers are not suitable to be used within applet due their dependence on native binary code. Type-3 and Type-4 are ones you should be using to connect to database from within an applet.
The best solution is to NOT make database connection from an applet (if possible) but instead use a server side application to connect to the database on behalf of the applet.
as Clint pointed out, an applet is only allowed to connect to it's origin server.
to work around this, you can sign your applet with a certificate from a root authority, but certificates cost 200-400$/year.