CertificateIsInvalid when trying to navigate to site with self signed certificate with WebView (Microsoft.Toolkit.Wpf.UI.Controls) - windows-community-toolkit

I want to display a site with a self signed certificate in WebView (Microsoft.Toolkit.Wpf.UI.Controls). I am using WPF on .net core 3.
I have the cert in my root store.
When I try to navigate to the site with WebView, it gives me the WebErrorStatus
CertificateIsInvalid.
When I open the site in Edge and view the certificate information, it says "Valid Certificate".
How can I get the site to render in WebView?

Related

Can't access secured (HTTPS) website using burpsuite and firefox as browser

I'm trying to access HTTPS website like facebook and google i'm using burpsuite to intercept the flow and it failed at each times
here is what i tried : i imported burp suite CA into firefox browser /refreshed firefox several times / tried this solution that i found on stack : SSLPeerUnverifiedException: peer not authenticated
i changed parrot OS from 4.4 to 4.5 i changed java version to 11.0.1
The result in browser when try to acceed Peer not authentificated i expected to get facebook page
In alert panel i have this : javax.net.ssl.SslPeerUnverifiedException:peer not authenticated
Did you install Burp's CA Certificate in your browser? If not, follow these instructions: https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

Chrome For Android - How to intercept certificate selection

I've got a problem with an enterprise intranet (accessible only on the enterprise network).
This website needs a certificate installed on the tablet to be called. At launch, the website calls more than 10 urls that are also secured.
The certificate is correctly installed on the tablet.
On chrome for Windows, we've got no problem at all.
But when we try to access the website from a chrome for Android, Chrome keeps asking wich certificate to use (same problem described there)
So actually, when you connect to the website, you have more than 10 popup that ask you wich certificate to use. When you restart the device, you have to do it again.
I found the http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls but it doesn't seem to work on Android devices
I wanted to make an APK with Chrome Custom Tabs, I wanted to "pre-laod" urls calling and intercept for certificate asking, then I wisked I would be able to give it the right one, but it doesn't seem to be possible...
So I wondering how I could do, I'm new in android coding, so I don't know all the possibilities....
Any ideas ?
Thanks !
The solution was to implement the WebView component, that allows you to intercept the certificate request from the server.
You'll have to implement the WebViewClient class, and to use the onReceivedClientCertRequest :
#Override
public void onReceivedClientCertRequest(WebView view, final ClientCertRequest request) {
Log.d(TAG, "Asking for certificate - url " + request.getHost() + " - " + request.getPort());
request.proceed(mPrivateKey, mCertificates);
}
I wanted to retrieve the certificate from the android keystore, I shared the solution here.

Cannot open https site in IE when user BrowserMob proxy with Selenium

Cannot open https page in IE11 with browserMob and selenium.
Getting error "There is a problem with this website security certificate".
In Chrome it works although there is a warning in details of SSL certificate "This certificate cannot be verified up to a trusted certification authority".(Certificate error There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID). )
Looks like browserMob changes ssl certificate issuer.
1) We have set driver to accept certificates capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
2) removed all possible security settings in IE settings (like "Check for publisher's/server certificate revocation"))..
3) Site url is added to trusted websites.
but nothing helps.
Does anyone know a solution for this issue?
thanks!
The reason you're getting certificate errors is because BrowserMob Proxy "man-in-the-middles" HTTPS requests so that it can inspect, log, and manipulate them. In order to do that, BMP has to terminate SSL and re-encrypt using its own private key.
Theoretically, setting CapabilityType.ACCEPT_SSL_CERTS to true should fix the warning. If it doesn't, it's possible that the IE driver doesn't respect that setting.
As an alternative, you could install BMP's root CA into the Windows trust store on the same system that IE is running on. The BMP readme contains links to BMP's default CA. However, it's much safer to generate your own CA private key and certificate and install that into the Windows trust store, and instruct BMP to use that custom key and certificate. You can find instructions on generating your own keys/certs in BMP's MITM module documentation.

What should I change the 'Authorized redirect URIs' to?

I am using a Cordova based web-app compiled for Android with Crosswalk.
In the Google Developers Console I have set up a:
Client ID for web application
With the Javascript origins as:
http://localhost
I'm wondering what I should change the Redirect URIs to the prevent the errors I am getting, such as:
redirect_uri_mismatch
I have used many to different results, but none have worked.
In some cases, I have managed to sign-in to Google+ through the app, but not request 'player details' or 'leaderboards' data.
Here is the downloaded JSON from the current settings:
{"web":{
"client_id":"XXXXX_clientID",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_email":"","client_x509_cert_url":"",
"client_secret":"XXXXX_clientSECRET",
"redirect_uris":["http://localhost/oauth2callback"],
"javascript_origins":["http://localhost","https://localhost"]}}

Android Webview to open session related page

i want to open a wordpress page in android webview
URL of the page is:
"http://www.mydomain.com/dashboard"
dashboard page comes after login is done by user and a wordpress session is maintained.
now my question to you is can i send login parameters or something else to maintain wordpress session to open dashboard page directly in android?
any help would be appreciated.
Thanks,
Finally i solved this issue myself,
Steps:
1) Created a php file on server that i used in android webview
2) in that php file i used wordpress function of auto login to create wordpress session as wp session are different then others.
3) after auto logging in i redirected user to dashboard board page
pretty simple hmm?

Resources