Could someone let me know whether the Azure IoT Java Service SDK has capability to register a device which authenticates using X.509 certificates?
Also, can the Azure IoT Java Device SDK send MQTT by authenticating using X.509 certificates?
Many thanks.
Pls Refer;
https://github.com/Azure/azure-iot-sdk-java
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates
jayaweera
This is work in progress and we expect to have CA signed certs support in both the device and the service clients by the end of the month.
You can track progress in the GitHub repo.
Related
I am a newbie developing an Android app. It implements a socket connection and has to bypass or allow all host for it to work with our self-signed certificate installed on a server.
I heard that google play store doesn't accept this kind of connection in the published app. Is it true? Or there is another way to do it?
Thank you.
and had to bypass or allow all host in order to work with our self-signed certificate installed on server
That was not a particularly good move, from the standpoint of security.
I heard that google play store doesnt accept this kind of connection in the published app
The Play Store has implemented a ban on apps that bypass SSL validity checking and blindly accept all incoming SSL certificates.
Or there is another way to do it ?
Android 7.0+ has support for self-signed certificates. I backported that code to work on Android 4.2+. There are other libraries that offer self-signed certificate support, such as this one. There have been articles written on using self-signed certificates.
We have an end-to-end iOS MDM implementation developed.
Now, I have a requirement that each customer (tenant) should have its own APNs certificate which will be used for sending push notification.
Using java I have created a .CSR referring the iOS Vendor CSR Signing Link which is used to create a Customer.CSR.
Using the Apple's Identity Portal then created the .pem file which is of format MDM_ <Vendor_Name> _Certificate.pem.
Query:
Say dated 28-10-2014, I uploaded the Customer.CSR to the identity portal and got MdM_Vendor_Certificate.pem (saved it on my local desktop as cert1.pem).
Say dated 29-10-2014, I uploaded the same Customer.CSR to the identity portal and got MdM_Vendor.Certificate.pem (saved it on my local desktop as cert2.pem).
Now when read both the certificate contents:
i find that cert1.pem has UID = com.apple.mgmt.External.26b... (lets call it as topic1)
and cert2.pem has UID = com.apple.mgmt.External.271.. (lets call it as topic2)
i.e. both the UID's are different.
So my question is:
As UID is used in Topic field of the MDM Payload which is internally used by APNs for sending push notifications.
Now Say I have installed an MDM Profile on the device with topic1 and till the time cert1.pem was used for APNs the device will receive push notifications as the UID match with topic in that case.
But,
Say When customer renews the APNs certificate the UID changes to topic2 and the certificate used will be cert2.pem, but the device still has mdm profile with topic1 installed (We will not be re-installing the MDM Profile on device i assume).
So how will the device (with topic1) receive push notifications as the APNs will now get certificate with topic2. Or is it handled by APNs that it will map all the devices with topic1 to topic2.
I am unsure about this behavior of APNs. Please help.
I hope i made myself clear.
Thanks.
Thanks
Samreen Shaikh
Whenever the customer renews a certificate using the Renew button in the apple's identity portal the Topic field does not change.
If ever the apns certificate has expired then the customer needs to redo the whole procedure. Right from getting the CSR uploading it to apple's identity portal and getting back a PEM certificate. A new topic is created.
All the devices which were enrolled with old apns has to remove the old profile and re-install the mdm payload with the new apns certificate created as the topic has changed and the device will not get any apns notifications.
I'm interested if Google App Engine provides a way to use a X.509 Certificate to create a HTTPS connection (the server where I have to connect provides the public certificate - to encrypt data that I send and the private key to decrypt the data received from that server).
According to this post https://groups.google.com/forum/?fromgroups#!topic/google-appengine-python/C9RSDGeIraE it's not possible but 3 years passed since this answer was posted.
SSL client certificates are not currently supported. The feature request is here.
AppEngine has the ability to work with SSL certificate on your custom domain, that means the you can assign a certificate to a domain that is running on the AppEngine.
You cannot AFAIK make a request and provide a custom certificate per request.
Documentation on AppEngine SSL.
I need to do this thing:
communicate using ssl from android terminal to a server;
each android client has its own certificate (we can say mutual authentication);
the ssl certificate must not be in the application (each person install his certificate on his phone).
How can I do it?
Obviously point 1) alone is easy (I build a keystore/truststore as explained in stackoverflow). The problem is in point 3).
Thanks,
Mario
If you are targeting Android 4.0 (ICS), you can use the system key store via the KeyChain API. For other versions, users need save their keystore somewhere (on the SD card/external storage, etc.) and let your app know where to find it.
I want users to be able to install their own personal certificate into my Android application after installation from a website which generates the certificates, but when I use a WebClient or the Android Browser to surf to it, the Secure Storage pops up and installs it, which is unavailable by API until version 14 (Android 4.0), which my users do not have installed.
An example of such a site is http://www.comodo.com/home/email-security/free-email-certificate.php .
Here you can request a personal certificate, and after confirming, you get a link where you can download the certificate.
I want users to be able to download certificates from this website, and others, into my application.
Can anyone tell me which intent to handle to be able to get the certificate into my own application, or how to modify WebClient such that it allows me to decide what it should do with the file?
Thanks in advance,
Patrick
Since the Android keystore API is not public before ICS (4.0), you need to save the key and certificate to some file your app can access to be able to use them. If you require a standard password-protected Java keystore file and require password input for crypto operations, it would be reasonably secure.
You can import a key/certificate pair in pre-ICS versions using Settings->Location and security->'Install from SD card', but there is no public API to access those from your app, the can only be used by the built-in VPN client.