Use public SSL certificate for WebAccess 8 on SLES10 Linux S

Similar Messages

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Using existing SSL Certificate for Web Dispatcher

  Hi,
  We've registered a SSL certificate with wildcard option via GlobalSign. The history of this process is as below:
  1. We created a Certificate Request with IIS and send it to GS (GlobalSign).
  2. They send us the certificate file Globalsign Primary Secure Server CA and Globalsign Server Sign CA files.
  3. Import all ceritifcates into IIS and then exported the certificate into a Cert.pfx file.
  4. By using this file, we are able to import the SSL certificate into J2EE WAS 640  of Portal system.
  5. Now we want to use same certificate to establish a web dispatcher installation as intermediate server for internet access.
  Web Dispatcher documentations says to create a pse and req file with sapgenpse program and then send it to CA (here globalsign) to get a certificate.
  But when we asked GS, they told us to use the certificate they send us before. They cannot create a certificate file for the ourput of web dispatcher. It will be billed us if we persist.
  So, we have to find a way to use the existing certificate to enable SSL of Web Dispatcher.
  Any idea?

  Hi Huseyin,
  I also have the same scenario. We also want to use the same certificate from verisign for our webdispatcher.
  Do you know how to do. Can you help me.
  Thanks and Regards,
  Sailesh K

• Renew Verisign ssl certificate for webaccess

  Hi, We have just had our current Verisign ssl certificate expire.
  We are running Groupwise 7.03 - on our cluster agents and postoffices & gwia.
  The webaccess application is running on a Netware 6.5 sp5 - which is running Apache ver 2.0.54 & Tomcat 4 and also has tomcat5 in the DMZ.
  I have come across a number of support Tids about renewing ssl into edir, but i am looking for some steps to run through regarding WEBACCESS.
  My web app team have just bought a new verisign ssl certicate.
  What do i do from here to renew the webaccess application with the new Verisign ssl certificate.
  Anything that can help with this regarding webaccess and verisign ssl renew certifcaite instruction steps would be helpful.
  regards
  Dennis

  Dennis,
  > My web app team have just bought a new verisign ssl certicate.
  > What do i do from here to renew the webaccess application with the new
  > Verisign ssl certificate.
  >
  > Anything that can help with this regarding webaccess and verisign ssl
  > renew certifcaite instruction steps would be helpful.
  If you still need to do this, drop me an email at hamish at haitch dot
  net and I'll send you a doc I did documenting the process.
  H.
  Hamish
  Run multi-processor NetWare VM's with vmBoost
  http://www.haitch.net

• Using an SSL certificate for Exchange 2013

  Hi,
  I am not sure if this is the correct forum to post this question in.
  Basically we are migrating from Exchange 2007 to Exchange 2013. Our 2013 machines have both roles installed and do everything. They are configured in a DAG. We have no hardware load balancing/reverse proxy or etc. inside or outside.
  We use an alias of mail.domain.com to connect to OWA/ActiveSync and etc from the Internet.. this alias would point to mail1.domain.com which is the IP of the first Exchange 2013 server.
  If that server were to break, we would point the alias of mail.domain.com to mail2.domain.com which is the IP of the second Exchange 2013 server. Clients would not need any changes before they started connecting to the remaining mail server (eventually)
  and email would continue.
  I know this is not an ideal setup, but for now it is what we have and would keep us running in the event of server failure.
  My question is, when I request a certificate, do I need two of them with mail1.domain.com and mail2.domain.com as their primary and SAN of mail.domain.com OR do I request one certificate with mail.domain.com as the primary host and SAN of mail1.domain.com
  and mail2.domain.com (and install the one certificate on both servers).
  I want to include mail1.domain.com and mail2.domain.com as this can be helpful for testing and/or during migration.
  I hope that makes some sense and appreciate any help people can offer.
  Thanks!

  You do not need server names in the certificate if you are using mail.domain.com only in all of the URL settings.  You will want autodiscover.domain.com, however.
  Consider configuring a different internal and external name for Outlook Anywhere so that Outlook knows whether it is connecting from the Internet or internally.  For internal Outlook Anywhere, use a name that you don't publish to the Internet. 
  For example, use mail.domain.com for everything except internal Outlook Anywhere, use mailinternal.domain.com.  Put mail.domain.com, mailinternal.domain.com and autodiscover.domain.com in the certificate.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Iplanet 6.0 creating a development SSL certificate for internal use

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

• Using internally created certificate for IP-HTTPS lisenter temporarily during testing. Any issues?

  We are planning our Direct Access environment now and plan to also use SSTP VPN on the same box.
  I understand that the best practice is to use a certificate published by a public CA for the outward facing IP-HTTPS listener and we plan to do this however during testing we would like to use a certificate created from our internal CA. If our testing phase
  is successful and we plan to go ahead we would then buy a public CA certificate and replace the internally created one.
  I would just like to know how much of an issue/hassle it would be to do this. I believe that during the DA setup wizard it automatically inserts the certificates you provide. Is it a problem to change it afterward? Do you have uninstall DA and run through the
  wizard again? Thanks.

  Or you can use a Public 30-day trial SSL that is supported on all Clients.
  The hassle of changing it, will be the same as when you are renewing a public SSL certificate in the future. And yes, you have to re-run the wizard again, after you have imported the new SSL certificate on the DA server.

• Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)

  Hi,
  I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
  My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
  For reskilling, I will assume I will have to do some command line stuff here ...
  eg: keytool -genkey -keyalg RSA -keystore hostname.key
  to create the key,
  keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
  to create the csr, and
  keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
  to import the new cert
  Suggestions or comments for anyone who has tried this before would be appreciated.
  Regards,
  Brian

  I've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
  david

• How we can get SSL certificate for any site?

  i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

  Hi,
  Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
  Based on your description, I’m a little confused with your question. Did you mean that want to know why need
  SSL certificate for website?
  Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
  and your server.
  An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
  a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
  Managing Certificates
  SSL and Certificates
  Understanding Self-Issued
  Certificates in SBS 2003 & SBS 2008
  Installing a GoDaddy Standard
  SSL Certificate on SBS 2008
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If anything I misunderstand or any update, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Changing SSL certificate for ICM

  Hello,
  I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
  Is there any possibility to change working certificate? What should I do to make such change?

  > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
  > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
  OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
  > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
  > (for internet use the certificate in on the reverse proxy in the DMZ).
  Here I've got another problem.
  I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
  As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
  In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
  If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
  Many thanks for your help,
  regards,
  Konrad

• SSL certificate for database

  Hi all,
  I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
  And also how to get SSL certificate for database form Godaddy?
  Any help would be great.
  Thanks
  Rajitha
  --------------------------------------------------------------------------------

  Pl refer to Oracle® Database Advanced Security Administrator's Guide
  10g Release 2 (10.2) from Oracle documentation.
  You will find useful information on that related to this.
  Dilipkumar Patel.

• Ssl certificates for a clustered environment

  Hi all,
  I have a rather large domain in one environment with one Admin Server and 6 Managed Servers.
  The Managed Servers are split on two physical machines with the first machine holding the Admin Server as well.
  Each pair of servers is joined in a cluster, so I have 3 clusters, each hosting one application.
  Now some of the communication needs to be done over ssl and I'm wondering about the configuration. First of all I should
  note that these certificates won't be seen by a client (browser), they will only be used for internal application communication.
  So, do I need one certificate for each managed server for his identity keystore? Or can I use the same certificate for all of them?
  They will all be accessible under the same url, under a couple of layers of routers. If I use the same certificate can I use the one on the
  router, which the clients see as well? Can I or Must I?

  You only need to tell nodemanager where to find its certs. If you've already chosen SSL for your nodemanager, then by default it uses the democerts that come with WL. But you really don't want to use those...
  So in your nodemanager properties, use something like:
  # SSL Configuration
  KeyStores=CustomIdentityAndJavaStandardTrust
  CustomIdentityAlias=your_cert_alias
  CustomIdentityKeyStoreFileName=full_path_to_your_identity_keystore_used_by_your_mgd_server
  CustomIdentityKeyStorePassPhrase=your_storepass
  CustomIdentityKeyStoreType=jks
  CustomIdentityPrivateKeyPassPhrase=your_keypass
  This tells your nodemanager to use the same identity as your managed servers. Since it's using java standard trust, it shares the same "cacerts" as the app server. In the console, your Machine -> Configuration -> Node Manager -> Type would be SSL.
  So that would be all that's required for the nodemanager.
  In your trust keystore, you can just add the signer / root ca cert for your certs, or you can add the individual server certs if you want to restrict the trust a little further. Normally identity certs expire more frequently than root certs, so I don't put identity certs into the trust store since it just means more maintenance when they expire.

• How to sign a java applet using iPlanet SSL certificate?

  Dear all,
  I have a IPlanet web server with SSL installed,
  can I use the SSL certificate to sign my java applet which will run on the server? how to sign a java applet in this scenario? somebody please help me! thanks!
  yours sincerely
  dashel

  Why can't you create jar files?

• RV120W SSL Certificate for Client

  Hello,
  When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
  Firmware:
  1.0.2.6
  Help?

  Hello Sir, My name is Eric Moyers. I also responded to your other thread.
  I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
  Thanks
  Eric Moyers
  Cisco Network Support Engineer
  SBSC WIreless and Surveillance SME
  CCNA, CCNA-Wireless
  1-866-606-1866

• Installing an SSL certificate for a CSS 11503

  I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
  I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!

  Allen,
  The portion of the configuration guide related to SSL certificates and keys can be found here:
  http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
  To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
  ~Zach