I built an android application using expo build:android and when I upload the app to Google Play Console it returns an error saying that the certificate is wrong.
I go to App Integrity in Google Play Console and I can see the keys (App signing key certificate):
MD5 certificate fingerprint: XXXXXX
SHA-1 certificate fingerprint: XXXXX
SHA-256 certificate fingerprint: XXXX
I run the expo fetch:android:hashes and the values are different. How can I update the keys on Expo or Google Play Console for the keys to match?
Thanks
Related
I am using OpsWorks Chef 11, it was working fine till 15 march 2022.
now getting:
ERROR: You’re using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
Please see Improving Git protocol security on GitHub | The GitHub Blog 2 for more information.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I recreated Key with SHA-2 and updated in Github but unable to update in OpsWorks.
Is there any way to pass new SHA-2 key to OpsWorks?
If You mean accessing a GitHub repository using an SSH URL from OpsWork, then the relevant documentation would be "AWS OpsWorks/ Using Git Repository SSH Keys".
Reminder: AWS OpsWorks Stacks does not support SSH key passphrases.
Enter the private key in the Repository SSH Key box when you add an app or specify cookbook repository. Select Git under Source Control.
I am trying to send a 'hello world' message to an AWS IoT endpoint.
The Amazon documentation at
https://docs.aws.amazon.com/panorama/latest/dev/applications-awssdk.html
has this simple code sample:
import boto3
iot_client=boto3.client('iot-data')
topic = "panorama/panorama_my-appliance_Thing_a01e373b"
iot_client.publish(topic=topic, payload="my message")
This code works fine when I put it inside a Lambda function.
But When I try to run this code on my PC in a stand-alone Python application, I get the error message:
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1125)
I do have an .aws/credentials file with entries like
[default]
aws_access_key_id = xxxxxxxxxx
aws_secret_access_key = xxxxxxxxxx
I checked the endpoint is correct:
aws iot describe-endpoint
command returns a valid -ats end point like:
"endpointAddress": "xxxxxxx-ats.iot.us-east-2.amazonaws.com"
If I specify this end point while creating the client:
iot_client=boto3.client('iot-data',
region_name='us-east-2',
endpoint_url=xxxxxxx-ats.iot.us-east-2.amazonaws.com)
I get the error:
ValueError: Invalid endpoint: xxxxxx-ats.iot.us-east-2.amazonaws.com
What am I missing? Do I need to download any certificate files? If so, this code does not seem to use any certificates.
The same setup is working with S3 or DynamoDB:
s3 = boto3.resource('s3')
and
dynamodb = boto3.resource('dynamodb')
are working fine on my PC.
I had this same issue and adding https:// fixed it for me.
iot_client=boto3.client('iot-data',
region_name='us-east-2',
endpoint_url=https://xxxxxxx-ats.iot.us-east-2.amazonaws.com)
I would like to send windows events to AWS elastic search. The elasticsearch has api key and security key which is needed to connect. I cant find in winlog beat configuration. please find my yml code below.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
hosts: ["https://vpc-manufacturing-elasticsearch-celm5zj5gcf45hpghulnxshco4.ap-southeast-2.es.amazonaws.com"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
region:"where to specify"
aws_access_key_id:"where to specify"
aws_secret_access_key:"where to specify"
#User: es-mfg
Beats don't support AWS Authentication. Your options are:
Set up Fine-Grained Access Control in Amazon Elasticsearch Service and enable basic auth and proceed with elasticsearch output.
For IAM-based domain access policy set up Logstash, install logstash-output-amazon-es plugin and properly set your access credentials. Finally, configure logstash output in your beat pointing to this logstash instance.
I have .crt, .csr and .key file in ssl_cert directory of my gcloud VM. While creating a SSL Certificate I am using following command -
gcloud compute ssl-certificates create SSL_CERTIFICATE --certificate
/home/USER/ssl_cert/ssl.crt --private-key /home/USER/ssl_cert/ssl.key
and after executing the above command I get below error -
ERROR: (gcloud.compute.ssl-certificates.create) Some requests did not
succeed:
- Insufficient Permission
Can someone please help in resolving this basic error?
Run this gcloud command on your SSH terminal
gcloud auth login
A login link will be generated for you in the SSH, click on it, it will require you to login with the gmail account that owns the project. A code will be generated for you after login, copy and paste it back in your SSH terminal on the line where you have
Enter verification code :
Then hit the enter button, permission will be granted.
Try to rerun your initial command that returned insufficient permission.
Your issue seems to be related to this post:
gcloud compute list networks error: "Some requests did not succeed: - Insufficient Permission"
The solution suggested in the above post is to run the command: gcloud auth login. This will generate an authentication url. Copy and paste this url to your browser. It should return an authentication code. Enter this code in your command shell
"Insufficient permission" is returned by the web interface if you have not yet validated the domain for which you are uploading the certificate. I.e. if you are uploading a certificate for example.com you must have demonstrated that you own example.com.
To to this, using the GCloud web interface navigate to APIs & Services -> Credentials, and then click on Domain Verification. Then Add a domain. This will take you to a set of tools to allow you to validate that you own the domain. (In my case I added a TXT field in the DNS record.)
With this done, you can upload a certificate for that domain.
As per your question, you don't have full access to your server. Please ask your hosting provider to get you the full access for the same.
I'm using AWS CloudFormation to create an IoT Thing, Policy and Certificate. My stack creates successfully, however, I can't access the certificate file that CloudFormation creates.
Looking at the aws docs here the only output you can get from the certificate via CloudFormation is the ARN and the Certificate ID. However, there is no way to retrieve your certificate using the ARN or Certificate ID that I can see.
If you upload your certificate signing request (CSR) via the AWS IoT Console, it displays a download link that you can get your certificate file.
Unfortunately I need to use CloudFormation to create the IoT Certificate. However it looks like you can download the certificate after it's been created. Specifically it states:
Certificates can be retrieved at any time
I have been unsuccessfully scouring the docs and web interface to figure out how I can download my certificate "at any time". I'm relatively new to the whole world of certs and private keys so hopefully I missed something easy.
Does anyone know if it is possible to get your certificate from an IoT Certificate created by CloudFormation?
Certificates created using CloudFormation (Via a CSR) can be retrieved via the following ways
Aws IoT webpage
Just navigate to Security - Certificates, click on ... and select Download.
AWS CLI
As you mention the CLI is also an option
aws iot describe-certificate --certificate-id fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd3
Will return
{
"certificateDescription": {
"certificateArn": "arn:aws:iot:eu-central-1:xxxxxx",
"status": "ACTIVE",
"certificateId": "fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd3",
"lastModifiedDate": 1519840881.49,
"certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDsTCCApmg.....VsAzFQ==\n-----END CERTIFICATE-----\n",
"transferData": {},
"ownedBy": "123456789",
"creationDate": 1519840820.888
}
Amazon IoT SDK
Can also be used to retrieve the certificate content (PEM format) as a String based on a certificate ID (that you can output via cloudformation)
import com.amazonaws.services.iot.AWSIot;
import com.amazonaws.services.iot.AWSIotClientBuilder;
import com.amazonaws.services.iot.model.DescribeCertificateRequest;
import com.amazonaws.services.iot.model.DescribeCertificateResult;
DescribeCertificateRequest describeCertificateRequest = new DescribeCertificateRequest();
describeCertificateRequest.setCertificateId("fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd371fcd3");
DescribeCertificateResult describeCertificateResult = awsIot.describeCertificate(describeCertificateRequest);
describeCertificateResult.getCertificateDescription().getCertificatePem();
AFAIK it is not possible to output it as a variable within a cloudformation template.
Ah I found a way using the AWS CLI. But there really needs to be a way to get it via CloudFormation :(
http://docs.aws.amazon.com/cli/latest/reference/iot/describe-certificate.html