4710 Replacing Device Manager self signed Cert with New one

Similar Messages

• Replacing old iTunes library on desktop with newer one from Laptop?

  I have two libraries. My original's on a desktop that was linked to an iPhone 3s. When I got a 4s, I setup a new one on a laptop because my desktop was not available for several months.  So, I setup new library with 4s and have it configured the way I want it.  Is there a way to replace the old library on desktop with the one from the laptop?
  Sorry if this has been asked before, but I couldn't find my exact problem.

  Move the entire library to the desktop, launch iTunes with the Shift key held down, and point it to that library. If the library contains rented movies, they won't play on the desktop.
  (101838)

• Suggestions for replacing my 24 inch 2008 iMac with new one?

  I wish I could afford better, but this is the one I am looking at.

  kd4ko wrote:
  This is the specs. of the IMAC I am considering.
  Apple
  27” IMac - 3.2GHz
  3.2GHz quad-core Intel Core i5 (4th gen Haswell)
  8GB (two 4GB) memory, 1TB Hard Drive
  Turbo Boost up to 3.6GHz
  NVIDIA GeForce GT 755M with 1GB
  802.11ac Wi-Fi - Next gen. of wireless
  $1,699.99
  This will work pretty well. Just a few observations:
  - if you can afford it, the experience of using a mac under Mavericks or Yosemite is improved if the boot drive is an SSD, or at least a "Fusion Drive"; the responsiveness of the system in general is much better.
  - going with this model with 8GB of RAM is the right call; memory can easily be upgraded later, from reputable third party vendors like OWC or Crucial, for much less than it would cost at Apple
  - if you are serious about video work, do consider a fast external drive for your productions. USB3 works fine, and is usually much cheaper than Thunderbolt
  - you'll need extra drives (even lowly USB2 are fine) for backup

• EAP-GTC & self signed certs

  I am looking at deploying EAP-GTC with a novell ldap directory and ACS 3.3.4. Could I use a self signed cert with this or do have have to have a CA sign the cert? All clients will be Cisco aironet cards.

  Hi,
  Self signed certificate will be ok.
  Regards,
  Vivek

• Local, self-signed cert for SSL IMAP on Tiger?

  I have a co-located Xserve running Server 10.4.11 (Up time: 380 days!) with IMAP, where I have admin access to install SSL certificates, but I don't quite have the justification to purchase one from a CA.
  I also have several Mac computers where I read my email via IMAP with SSL encryption, and I was wondering if there is any way that I could install a self-signed certificate on my local computers that matches my Xserve and would be sufficient to make Mail.app stop complaining about my server.
  I've been searching the web for tutorials on SSL, thinking that there must be some kind of provision within SSL where I could just set up all machines to be aware of a self-signed certificate in a protected file somewhere on each computer, and I assume that it should be possible to make SSL happy to talk between my own computers. But it seems that most SSL tutorials focus on https, not IMAP or other non-web networking connections. Also, I have a sinking feeling that if I did find information, then it might not be appropriate for the exact directory structure of Tiger. If anyone can help or provide pointers, it would be most appreciated.
  P.S. I could potentially used a "free" signed certificate, but it is attached to a virtual domain that I am hosting on my Xserve, and I assume that it wouldn't match the domain of my email unless I juggle things around. Also, that free cert would eventually expire, and then I'll be back to the current situation of needing to use a self-signed cert.

  Never mind. I figured it out.
  First of all, my Xserve certificate did not have the full FQDN, just a convenient subset. I created another self-signed cert with the true FQDN. I saw some hints around the web saying that Mail.app will always complain if the DN does not match.
  Second, it turns out that Keychain Access is where the local certs live, and in Tiger I needed to drag the cert to my Desktop, open it, and store it in the x509 section.
  All is good. Now to see how my iPhone likes the new certs...

• Activate SSL with OpenSSL Self-Signed Cert

  Dear Expert,
  Anyone can give me guidance on how to activate and create ssl cert in Java IM using openssl self-signed cert.
  thanks

  Here how I make it work. Some of the tips is from jay in this forum
  Instant Messaging with SSL
  Let say I have Messaging, Directory, IM server in 1 box.
  Let's create a cert
  # cd /etc/opt/SUNWiim/default/config/
  a) Sun [TM] ONE Messaging Server 6.1 and Sun [TM] ONE Directory Server 5.2 were installed from JES2 on the same box
  b) The server_root directory for Directory Server is the default: /var/opt/mps/serverroot
  c) The server_root directory for Messaging Server is also the default: /opt/SUNWmsgsr
  1. Login to the console and do a Certificate Request
  a) cd /var/opt/mps/serverroot
  b) ./startconsole &
  c) Login to the main console as "cn=Directory Manager"
  d) Select and open the "Messaging Server" console
  e) Highlight the tab called "Tasks" at the top
  f) Select "Manage Certificates"
  g) Console will ask for a password for the security database. Please enter a password twice and make sure that you remember it. This will create the following two files under "/var/opt/mps/serverroot/alias" directory:
  -rw------- 1 mailsrv other 65536 Aug 12 13:57 msg-config-cert8.db
  -rw------- 1 mailsrv other 32768 Aug 12 13:57 msg-config-key3.db
  NOTE: Please make sure that:
  - either the owner of the files is the messaging server user ( mailsrv in this case ),
  -or the permission is appropriate for the mail server user to at least read it.
  h) Once you reach the "Manage Certificate" window, please make a "Certificate Request" by filing up the appropriate questions
  i) Once you are done, you get a CSR , which looks something like this:
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBszCCARwCAQAwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWE x
  DzANBgNVBAcTBm5ld2FyazEMMAoGA1UEChMDc21pMQ0wCwYDVQQLEwRhdGFjMSEw
  HwYDVQQ DExhwb3BleWUuYXRhYy5lYmF5LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEB
  BQADgY0AMIGJAoGBALF eXVTFDj/1eONPzV/dAZ0dBKdstl+u+L/DTdw1sCXXOdNG
  MzYeTUu9g/g0dXL/bniF31M0OkoW+6O 5mshySv/KXS9QcoPngSKS6wuL8kNlYKQR
  Dw97WCS1uaqubAK/kir4hDmL7X9Rf29EFHDSFOWjeOJ /M7aqFWCfR5sTeSIFAgMB
  AAGgADANBgkqhkiG9w0BAQQFAAOBgQCeYwptiL/j7Bcs0DtGYiOlMMs utezF1COC
  4+wHt/p+LtQkvQWBoXisqN6YlGfZPXOCdUyA+RwU7BxjX9IQLP+9HLHfQyLzvCKb
  boKKpjIc8Ci+tmibM5QkgTxu4L7yeCR/PiplgVPttHNT2Qr9cxHLLBvIO6N1GOE8
  VBoq0pC5SA= =
  -----END NEW CERTIFICATE REQUEST-----
  Please maintain and preserve this CSR , since you will be sending it to the Certificate Authority ( CA ) so they can issue you a Certificate
  # openssl genrsa -des3 -out ca.key 4096
  # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
  # openssl x509 -req -days 3650 -in file.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-cert.crt
  # cp -p /var/opt/mps/serverroot/alias/msg-config-key3.db key3.db
  # cp -p /var/opt/mps/serverroot/alias/msg-config-cert8.db cert8.db
  # cp -p /var/opt/mps/serverroot/alias/secmod.db .
  # cat sslpassword.conf
  Internal (Software) Token:password
  # cat /etc/opt/SUNWiim/default/config/iim.conf
  iim.comm.modules = "iim_server,iim_mux,iim_wd"
  iim.smtpserver = "www.esuria.com.bn"
  iim.instancedir = "/opt/SUNWiim"
  iim.instancevardir = "/var/opt/SUNWiim/default"
  iim.user = "root"
  iim.group = "root"
  iim.config.version = "1.1"
  iim_ldap.host = "www.esuria.com.bn:389"
  iim_ldap.searchbase = "o=esuria.com.bn,dc=esuria,dc=com,dc=bn"
  iim_ldap.loginfilter = "(&(objectclass=inetorgperson)(uid={0}))"
  iim_ldap.usergroupbyidsearchfilter = "(|(&(objectclass=groupofuniquenames)(dn={0
  }))(&(objectclass=inetorgperson)(uid={0})))"
  iim_ldap.usergroupbynamesearchfilter = "(|(&(objectclass=groupofuniquenames)(cn=
  {0}))(&(objectclass=inetorgperson)(cn={0})))"
  iim_ldap.allowwildcardinuid = "False"
  iim_ldap.userclass = "inetOrgPerson"
  iim_ldap.groupclass = "groupOfUniqueNames"
  iim_ldap.groupbrowsefilter = "(objectclass=groupofuniquenames)"
  iim_ldap.searchlimit = "40"
  iim_ldap.userdisplay = "cn"
  iim_ldap.groupdisplay = "cn"
  iim_ldap.useruidattr = "uid"
  iim_ldap.groupmemberattr = "uniquemember"
  iim_ldap.usermailattr = "mail"
  iim_ldap.resynctime = "720"
  iim_ldap.usergroupbinddn = "cn=Directory Manager"
  iim_ldap.usergroupbindcred = "password"
  iim_ldap.useidentityadmin = "false"
  iim.log.iim_server.severity = "INFO"
  iim.log.iim_mux.severity = "ERROR"
  iim.log.iim_wd.severity = "ERROR"
  iim_server.domainname = "esuria.com.bn"
  iim_server.useport = "True"
  iim_server.port = "5269"
  iim_server.usesslport = "False"
  iim_server.sslport = "5223"
  iim_server.enable = "True"
  iim_server.clienttimeout = "15"
  iim_server.usesso = "0"
  iim.policy.modules = "iim_ldap"
  iim.userprops.store = "file"
  iim_mux.listenport = "www.esuria.com.bn:5222"
  iim_mux.serverport = "www.esuria.com.bn:45222"
  iim_mux.enable = "true"
  iim_mux.numinstances = "2"
  iim_mux.maxthreads = "10"
  iim_mux.maxsessions = "1000"
  iim_mux.usessl = "on"
  iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
  iim_mux.keydbprefix =
  iim_mux.certdbprefix =
  iim_mux.secmodfile = "secmod.db"
  iim_mux.certnickname = "server-cert"
  iim_mux.keystorepasswordfile = "sslpassword.conf"
  iim_wd.enable = "true"
  iim_wd.period = "300"
  iim_wd.maxRetries = "10"
  -open http://www.esuria.com.bn/im/en/im.jnlp
  -click More Detail and enable Use SSL

• IMAP SSL doesnt work in iOS 8.0.2 with self-signed cert.

  Got several mailaccounts setup on my iPhone, four of them is LDAP SSL with the server running self-signed cert (expires 2039).
  When I upgraded to iOS 8.0.2 (iPhone 5S) I got problem with Network settings so I did a "Reset Network Settings" (General > Reset).
  After that all my LDAP SSL based emailaccount cannot be "Verified". I have tried reinstall them all but cannot even set them up anymore!!
  I then setup with EXACTLY the same settings in Mail on my MacAir and it did work like a charm instantly. (Im working as a IT Tech so this is peanuts).
  I have even tried to import the certificate (.pem) from Keyaccess Chain into my iPhone. So that one is installed.
  In older iOS you could tell "Continue" when it said "Certificate is not trusted". Just clicked Continue and it worked anyway!
  What to do?
  In iOS 8.0.2 this is not showing to accept the certificate! Now it only shows:

  Nothing anyone here can do, but you should report it to Apple: http://www.apple.com/feedback/

• Self-Signed Cert being advertised on load-balance ip for ASA VPN cluster

  We recently saw an issue potentially related to CSCul61231 when a self-signed certificate was applied to the internal interface of the lan (inside) connection.  For some reason, the public (outside) cluster ip address started handing out the self signed cert instead of the configured certificate.  Lan interfaces certificates for either of the ASA's in the cluster were not effected - only the VIP.  Even after removing the code, the issue still occurred until the cluster was broken.  After re-connecting cluster issue did not come back.  We are not using the 5500-X devices but instead 5550's.  We do have 9.1.(x) running - I think 9.1.2, but not confident.
  We were looking to add a self-signed static cert as best practice dictates - but if this is the issue we can't and will have to replace our UC cert with one that contains the inside interfaces dns as well.  Can anyone confirm this to be the case?  Below is the exact line that caused the issue.
  ssl trust-point TrustPoint_X INSIDE vpnlb-ip ssl trust-point TrustPoint_X INSIDE
  Thanks in advance!

  Just wanted to follow up and confirm we have 9.1(5)12 running on the devices.  A note in the bug report suggest a possible ip6 address is associated in some way.  I want to also point out the devices have only ipv4 address assigned.
  Anyone that can confirm this functionality would be greatly appreciated.
  Thanks!

• Old clients won't switch from Self-Signed Certs to PKI.

  Greetings.
  I am wondering if anyone can give me advise on problem I am having with some of my sccm clients.
  When I originally deployed SCCM i used self signed certs on clients.
  We needed to add MAC and Linux support and MAC clients won't work without PKI, so I following this http://technet.microsoft.com/en-us/library/gg682023.aspx to configure Certificate Authority.
  It all seemed work well, I can now join MAC client with auto-enroll and all machines are requesting client certificates and I had couple of machine with new push on windows site installed with PKI.
  So right now I have about 250 windows clients, only 22 of them use PKI and the rest keeps using self-signed certs.
  I foolishly switched main site settings, MP settings and DP point settings to use https only.
  As a result I lost all self-signed clients and have full log for mpcontrol saying that it's rejecting clients cause they certificate cannot be validated.
  I logged in to couple of those machines and MMC i can see that it did enroll machine with valid Client Cert but Configuration Manager client itself still saying that it's using self signed one.
  Am I missing a step that I need to do to make sure that all those clients switch to PKI?

  It is. but how can i redeploy them?
  I was under impression auto push won't reinstall them. If i do deployment - that seem to reuse existing configuration and still use self signed on old machines.
  How can i verify that it does push clients to machine that already have it correctly and start using new config and not reuse old one.
  I even tried removing clients from couple of machines and see if it gets pushed again on them with proper config and those machines don't seem to get client but used to get it fine before. I keep getting new machines being added to domain and they get client
  pushed to them, but anything that had client with self signed doesn't seem to be happy.

• Self signed cert in safari 4 and windows xp

  Hello there,
  in our company wi have an self signed certificate for testing purposes. over an automatic testing cenario will be tested an application with various browsers. safari under windows brings now an problem and does not accept the self signed cert. the running steps terminating at this point. importing in windows cert store is not helpful.
  has any one an solution to make this cert working with safari and windows? or exist an solution to disable the cert check in safari it self.
  thanks
  greetings
  vito21

  Hello Mick,
  sorry to be late, but may help someone other :)
  Setting:
  NumberFormat currencyFormat = NumberFormat.getCurrencyInstance();and:
  String value = currencyFormat.format(valToDisplay);you can now use value in any component and its view is correct.
  For some objects like files you also need to set the right charset (i.e. the one support the symbol you need).
  For the euro symbol try "windows-1250" as charset.
  Bye

• SCCM 2012 Default self signed Cert expired...

  SCCM 2012 Default self signed Cert expired - how do I renew it?

  The default selfsigned cert that gets generated with the installation - can be found in administration - security - Certificates  (This is Sccm 2012 RTM)
  Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
  I will bring this back to Kent point, which one of the Certs are you talking about. You can see form the screenshot that I have 6 certs, 3 DP and 3 Boot cert. You can also see that the 3 DP server have a 100 year life and the 3 Boot certs only have 1 year.
  If you are talking about the boot certs then just create the boot image.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• How do I allow self-signed cert for SecureAMF on iOS?

  I have spent the better part of two days trying to figure out how the dickens to do this. 
  Basically, I am using BlazeDS (using AMF as the protocol) to communicate with a Java backend (using tomcat with a self-signed cert).
  This works great in the browser version of the application (you usually get a little prompt saying that the site is untrusted when you try to access the website, you install the certificate and Bob's your uncle.)
  However, adapting the code over to iOS I am discovering a couple of problems.  The primary one being that the BlazeDS communication fails miserably when we are using SecureAMF with the self-signed certs.  It appears that it is similar to this issue: http://forums.adobe.com/message/3940214#3940214
  How do I get my iOS Air app to communicate with a self-signed certificate running on tomcat?
  Here are the things I've tried:
  1) Installing the cert using iPhone Configuration Utility
  2) Browsing to the site in Safari, and installing the certificate manually
  This is for development, so buying a certificate doesn't really make sense.
  So, any suggestions?

  Has anybody had any success here?  This is a real problem for testing internal applications inside of a local network.

• Two Solution Engines Sharing a single, common Self Signed Cert

  Does anyone know if it possible to have 2 solution Engines sharing a single, common self signed certificate generated by one of the Solution Engines? I have a certificate, actually two, that are about to expire. I am trying simplify the distribution and management by having just one certificate.

  This is the process to share SSL certs:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0c933
  But why do you want to do this anyway? They are self-signed certs anyway, you can generate them for as long as you like. Are you using it for some sort of end-user security like Wireless Encryption, NAC etc.?
  Regards
  Farrukh

• Weblogic self-signed certs

  Hi Guys, wanted to know whether it's ok to use self-signed certs in prod env when the weblogic server is sitting in DMZ including other down/up stream systems and end users will access the apps via protected proxy servers.

  Hi,
  Following is the standard way of creating self signed certificates..."keytool" is a utility which comes along with JDK installation.
  keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=aaa.bbb.com, OU=Customer Support, O=MyOrganization, L=Denver, ST=Colorado, C=US" -keypass mykeypass -keystore identity.jks -storepass mystorepass
  keytool -selfcert -v -alias <alias> -keypass -keystore .jks -storepass <store password> -storetype jks
  keytool -export -v -alias <alias;> -file <root cert>.der -keystore <key store>.jks -storepass
  keytool -import -v -trustcacerts -alias <alias> -file <root cert>.der -keystore <key store>.jks -storepass
  for detailed informations please visit: http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html
  Thanks
  Jay SenSharma
  http://jaysensharma.wordpress.com (WebLogic Wonders Are Here)
  Edited by: Jay SenSharma on Feb 4, 2010 5:00 PM

• How to install self-signed certificate with iOS 4?

  I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
  I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?

  I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
  I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?