3rd party Certificate and AAA Authentication

Similar Messages

• Third party certificate and mobility express 526

  Hi!
  I want to get rid of the certificate warning for my guest users using webauthentication. With my 2100 controller i have the option to upload a trusted certificate but can´t find anything on this controller.
  Is it even possible on this controller?

  Hello,
  Kindly note that mobility express 526 controller have limted features and does not support 3rd party certificate.
  you can refer to this link for supported features on this model.
  http://www.cisco.com/en/US/docs/wireless/controller/526/1.5/configuration/guide/A3_feature_list.html
  Hope this answers your question.
  Best regards
  Talal
  ===
  Don't forget to rate answers that you find useful

• Exchange Server 2010 Edge Transport Subscription Issue while moving Internal CA Certificate to 3rd Party Certificate

  My Client have a Exchange 2010 Organization with Single Domain Single Forest.
  They were using Internal CA Certificate and a TLS Cert.
  As a POC we are doing a POC for Exchange 2010 Hybrid Office 365 Environment.
  For this 3rd Party CA is Mandatory and they have bought a Geo Trust Certificate.
  Now when they have installed cert on both HUB as well as EDGE servers, he was prompted to do edge subscription again.
  HUB and CAS are combined on the server at both Main and DR Site.
  When they try to do edge subscription again they are getting the following error.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.

  I was finding out the solution and got this.
  1-Certificate will import on both EDGE and HUB Servers.
  2-Edge Sync will use Self-Sign Certificate (but I an unable to find how do I configure this)
  3-some communication between Edge and Hub will be encrypted via 3rd party Certificate.
  Could anyone suggest, which services on HUB must based in this 3rd party cert.
  All the external communication must be encrypted via 3rd party CA and communication between HUB-EDGE will set on self-sign Cert. How do I do this.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.
  Hi,
  Please run Get-ExchangeCertificate | fl to check your Exchange certificate settings. Also confirm if the 5E470560626E313646730C177FCA66728E2BAFF7 certificate is your trusted 3rd party cert.
  Please use Enable-ExchangeCertificate cmdlet to assign SMTP service to your self-signed certificate in your Edge server.
  Regards,
  Winnie Liang
  TechNet Community Support

• PKI setup using 3rd party certificates

  I want to configure SCCM in our environment using are existing certificate creation infrastructure. I do not want to use Microsoft Certificate services. Instead I'd rather use our OpenSSL solution. However I cannot find good documentation to work with using
  3rd party certificates. Everything is related around Microsoft's certificate services.
  Has anyone had any luck implementing SCCM in this manor? Documentation available to aid?

  So we are planning to setup https across the board and going through the blogs and TechNet article - I see that internal PKI is a requirement and you just cannot do away with 3rd party/external certificate, correct ??
  I am working on a scenario where the customer does not want to implement internal PKI but use external certificate either by GoDaady or Thawte or VeriSign where possible at all times but looks like you can't use the external certificate to act as ConfigMgr
  Web Certificate or ConfigMgr DP Cert?
  given the following scenario
  https://social.technet.microsoft.com/Forums/en-US/ac34ebdf-c932-4075-b4a3-ebe572ffab0e/scenario-multi-tenant-configmgr-2012-r2-and-same-ip-address-range-for-multiple-customer?forum=configmanagerdeployment#868600a8-e8eb-471a-b767-761305636041
  for clients to communicate to DP's/Secondary Sites configured in HTTPS, we still need internal PKI ?
  I guess the answer is yes to all.. but just confirming :)

• Cisco IOS CA using 3rd Party Certificate

  Hi,
  Can I use 3rd Party certificate such as verisign, on Cisco IOS CA ? All i can see on cisco.com is self-signed certificate from router.
  Thanks
  -santo-

  Santo,
  That's fair enough. A key information to make sure customers understand that a private PKI infrustructure is (for the purpose of deployment such as GETVPN) as secure as provided by third part party.
  Private PKI is not based on self signed certificates - only the root CA might need something like it :-)
  That being said, for reliability and flexability I really suggest storing CA (ser, CRL, OCSP, backup of public/private keys) files on storage external to the router.
  Key takeway is that a properly managed private PKI solution for deployments like DMVPN/GETVPN others is as secure as external 3rd party services (and often time order of magnitude cheaper).
  M.

• Farm member not using 3rd party certificate

  I have a Microsoft server 2008 R2 RDS farm using a broker and NLB farm nodes.
  In the farm member node ( not the broker ), I open  “Remote Desktop Session Host Configuration” tool I selected “member of farm RD Connection Broker” and in the “general” tab under the “certificate” section I clicked “select” and picked the 3rd party
  Certificate.
  This is a Farm member. When I use a rdp client to go to farmName.domain.com I get a pop up with a certificate error and it shows the certificate as serverName.domain.com and not the name in the “farm” certificate.
  How can I troubleshoot this issue.

  Hi,
  Iniitally seems the certificate is not from valid trusted authority. So please check the trusted authority. Apart there is mismatch in certificate name with server name. 
  The name in the Subject line of the server certificate (certificate name, or CN) must match the FQDN, or the DNS name that the client uses to connect to the RD Gateway server, unless you are using wildcard certificates or the SAN attributes of certificates.
  If your organization issues certificates from an enterprise certification authority (CA), a certificate template must be configured so that the appropriate name is supplied in the certificate request. 
  The certificate must be trusted on clients. That is, the public certificate of the CA that signed the RD Gateway server certificate must be located in the Trusted Root Certification Authorities store on the client computer.
  In addition, please check beneath article for reference.
  Configuring Remote Desktop certificates
  http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• 3rd party certificate on WiSM controllers

  Hi,
  On my corporate wireless net, there is an SSID to allow guests to reach the Internet. They receive a voucher with 1-day valid credentials and are asked to open a browser, which is redirected to a login page https://1.1.1.1/login.html.
  The controllers in the acnhor group have a 3rd party certificate installed. It is generated for a company URL like: guest.companyname.com
  So when the browser hits the login screen, it stops and issues a warning about receiving a valid certificate but for a different URL.
  We have an external DNS-record which resolves the company URL to 1.1.1.1.
  I see a possible solution, if the URL of the Internal (default) URL can be changed to https://guest.companyname.com/login.html because if this is keyed in manually, I receive the login page right away without warnings. This is obviously what we want the guest to see.
  The controllers run 7.0.230.0 software as well as the WLC.
  Hope someone has the simple answer to this???

  Putting 1.1.1.1 (VIP address) is a test to bypass the certificate.  It is pretty simple, if you have done it a hundred times.  But to start of from the basic, make sure that the user is being anchored to the guest wlc.  You should see an entry of the client on the guest anchor and the client should be in the WEBAUTH_REQD state until they go through the login proccess in which they will be in the RUN state.  If you don't , then I can see why the 3rd party certificate is not working.  SO you should see the client on the foreign and the anchor wlc.  Make sure of this first.
  Did you not restart the anchors when you put in the FQDN in the VIP?
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Safari allows 3rd party cookies and all cookies even when prefernces are set to "never allow" with Mac os 10.6.8

  safari ALWAYS allows 3rd party cookies and all cookies even when set to "block cookies: always" and "from 3rd party and advertisers."  I have removed the website data, emptied the cache, reset safari, erased the history and it STILL dumps cookies.  (For example, if I go to the usgov weather website only I end up with 11 cookies, the top one being "addthis.com" listed as cashed in local storage.  But didn't I just empty the cache... multiple times??? Is my Safari application "broken" or "corrupt."  Can the application be renewed so that it actually does what it is commanded to do?

  Not using any extensions, Andy.
  Allowed a guest account and tested that.  Lots of cache/cookies showed up for my "guest" that on face value, appeared 3rd party:  the familiar "addthis.com" cache and others including a facebook cache and I did not, nor have ever, participated in facebook. But it could be that the "trusted" site my virtual guest visited had a relationship with facebook such that my COMPUTER "friended" facebook even though my guest and I most certainly would have declined the invitation :-)  But what I really don't get is why washington post cookies keep showing up every single time.  Isn't that the absolute definition of 3rd party cookies?!
  forgive my rant.
  On the other hand, when I logged out as guest, all data was automatically deleted, and when I relogged in as guest, it appeared that all the data, including cached data, had indeed been deleted.  But when I relogged in as myself, the same old garbage reappeared in the cache and cookie bin. The fact is, there appears to be no such thing as truly and completely emptying ones cache, resetting ones browser, or deleting ones cookies. They are here to stay.
  (And, oh yes, I have tried logging out, turning off and on the computer right after performing emptying tasks, etc.)

• WLC5760 - CSR request for 3rd party certificate

  I need to generate a CSR request to obtain a 3rd party certificate for my WLC.
  i am not sure how i can do that. all document availble are for wlc 4400.
  let me know if the same process will apply to wlc5760 as well.

  Thanks Matteo,
  I managed to get it done, Yes I used OpenSSL to generate CSR.
  Here what I have learnt about it, including WebAuth Cert installation on 5760. This may be useful to someone else.
  http://mrncciew.com/2014/07/30/5760-webauth-certificates/
  HTH
  Rasika
  **** Pls rate all useful responses ****

• SSL Certificate and SSL Authentication

  Hi-
  I'm hoping someone can shed some light on this issue.
  First off, is there a difference between SSL Certificate and SSL Authentication?
  I have a POP account. The Incoming port is set to 110. The Outgoing, 26. (This is according to Bluehost.com). The security settings for both incoming/outgoing are set to none. Everything works fine.
  But if I want extra security, I'll set the incoming to 995 and outgoing to 465.
  If I set the security settings to SSL, do I check "Use secure authentication", or do I have to purchase a SSL certificate to secure the authentication? This is where I'm confused. I tried asking the hosting company but they're not much help.
  Any advice would be appreciated.
  Thanks!

  Hi Imagine,
  You do not need to purchase your own SSL certificate to use secure authentication. The server handles this for you. You just need to make sure the port #s are correct and you simply check mark the SSL boxes and leave authentication on Password at least on most setups. Each host maybe different so you have to double check with them.
  Hope That Helps,
  Eric

• BT Mulitast on 3rd Party Routers and IP Addressing

  I know a few of us use 3rd party routers and have got BT Youview IPTV channels working fine.
  But I have spotted a possible issue and not sure if this is my box or not.
  When set the Youview box to static ip, every few seconds it is requesting an ip address from the DHCP range. This should not happen when using a static ip.
  When the unit goes into standby it is still requesting the ip address which is odd as this again should not happen.
  Even resetting the device to DHCP, I get the same issue of it constantly requesting an IP address.
  I have performed the 'Software Reset' and both 'Factory Reset' options in maintenance mode and get the same issue once the unit is back up and running.
  I'm more inclined to say this is a possible faulty unit as neither of the 'Internet/USB Recovery' options work and instead they both say 'Sorry, selected option failed'
  Can some users just check their logs files for their routers and see if their BT Youview boxes are doing the same. For info my Retail Youview box does not have this issue.
  regards
  Walkerx

  thanks Tim,
  I think my box is faulty as I've now tried 3 different routers and get the same issue
  The device is set to static ip, but is still requesting a DHCP address.
  The BT HomeHubs have no decent logging so can't check anything on that and my Retail Youview box is not inheriting this same issue.
  Just waiting to hear back from BT but don't think they will class it as faulty as it still works, but if the recovery options don't work and getting this issue with the ip address then you would think it was faulty

• Cannot enter 3rd-party certificate into SCUP 2011 on Server 2012

  Hello all,
  I am trying to deploy SCUP 2011 on Server 2012 with a SCCM 2012R2 primary site w/WSUS onboard.
  Client is using a 3rd-party Digisign cert from a CA that is trusted through the enterprise. This cert has been imported into the private store and exported as a .pfx to be loaded into SCUP 2011. The Digisign cert is in the TrustedPublishers and Trusted Root
  stores.
  Administrator registry hack applied for Server 2012
  Options of SCUP 2011: Successfully connect to SCCM local site server and local WSUS server. However, when I browse and select the exported .pfx, I am not prompted for a password for the cert, and no certificate information is displayed. Also, there are no
  entries in the Trusted Publishers tab.
  I am stumped at this point. Any suggestions? SCUP just isn't looking at the cert (which was ordered according to the requirements in the SCUP blog.
  Thanks,
  -P

  A couple of questions...
  1. How, and where exactly, did you import the PFX to the WSUS Server (SUP)? Most notably.. the fully-signed cert needs to be in a cert store named *WSUS*, which has been notably difficult to create except when using the WSUS API to create it.
  2. You don't need to export the PFX for SCUP, only the CER (provided that the PFX is properly held on the WSUS server); but even so, if you already have the original cert from Digisign, why bother exporting from the store to import... you already *had* the
  full cert that could be imported to SCUP?
  3. If you're not prompted for the password of the PFX, that suggests that it wasn't exported with a password, or, since no cert information is available, maybe the export failed completely?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Going from a self signed certificate to a 3rd party certificate....

  Hello all...
  I have an Apache webserver running both the GroupWise WebAccess and the
  Netware FTP server. Up until now, I have used self signed SSL certificates
  on each of them to provide security. Now, we are going to a 3rd party issued
  certificate for both of them.
  Any idea how I set up the apache server so it will use the 3rd party cert
  instead of the self signed one...?
  Also, if you know how to set it up with the FTP server as well, it would
  help.
  (And, yes I know this is not the right forum, but in the interest of not
  repeating my work, I was hoping to bend the rules some.....)
  Thanks in advance....
  Delon E. Weuve
  Senior Network Engineer
  Office of Auditor of State
  State of Iowa
  USA

  As far as the FTP goes, can you be more specific? Where is this ini file
  that I need to modify? And how do I modify it?
  Thanks.
  Delon E. Weuve
  Senior Network Engineer
  Office of Auditor of State
  State of Iowa
  USA
  >>> On 6/25/2008 at 2:34 PM, in message
  <[email protected]>, Richard Beels
  [SysOp]<[email protected]> wrote:
  > close enough on the group... :-)
  >
  > for apache, it's easy peasy, find the bit in your httpd.conf and where
  > it says:
  >>>>
  > SecureListen 443 "SSL CertificateDNS"
  >>>>
  >
  > change it to whatever you've neamed the new cert, such as:
  >>>>
  > SecureListen 443 "DigiCert"
  >>>>
  >
  > which should give you a clue as to what I recc. for 3rd party certs.
  > :-)
  >
  >
  > As to ftp, it should be the same, i.e. ini file fiddly bit...
  >
  >
  > --
  > Cheers!
  > Richard Beels
  > ~ Network Consultant
  > ~ Sysop, Novell Support Connection
  > ~ MCNE, CNE*, CNA*, CNS*, N*LS

• Installing 3rd party certificate in Cisco ASA

  Hi, 
  We have configured an CSR in Cisco ASA for 3rd party CA to generate the certificate, however, the CSR configuration was lost because of some reason.
  How can we install this certificate without the CSR in Cisco ASA.  Or we have to generate another certificate from CA, it will be chargebale for the new certificate.
  Anyone can help to advise ?
  Thanks
  Veon

  You don't need the CSR once you have received the certificate from the third party certificate vendor. Just upload the CA Root certificate and the identity certificate from the certificate vendor to the ASA.
  Here is configuration guide for your reference:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml
  Hope that helps.

• Are there any 3rd party LabVIEW and/or TestStand code analysis tools

  I am looking for any 3rd party tools to analyze LabVIEW and/or TestStand code. Looking for tools that will check for memory leaks, timing, and any other code performance problems. I know LabVIEW has the profiler tool, but I am looking for 3rd party tools.

  Hi wbolton,
  I am personally not aware of any 3rd party tools that do the same thing as the Profiler, but I can say that if you'd like to analyze a .VI or .seq file, the most straightforward way to do so would be with the appropriate National Instruments software.
  Regards,
  Dan Richards
  Dan Richards
  Certified LabVIEW Developer