About https certificate problem

Similar Messages

• HTTPS certificate problem on MPLS

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tableau Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Hi everyone,
  We are currently migrating our network from IP to MPLS and we encounter an issue with a only one application using security certificat through HTTPS. All other services are OK such as HTTP, FTP, Mailing, etc.
  Network description :
  The network architecture is composed by 4 core routers (which play the role of P and PE at the same time) and 2 borders routers (B1 and B2) linked to Internet via STM1 - POS interfaces.
  Each borders are both connected to two core routers (C1 and C2) by GigabitEthernet links.
  Please also note that there is a DPI (Deep Packet Inspector, model Arbor 100) between each border and core.
  Core routers C1,C2, C3 and C4 are connected to each other by GigabitEthernet links.
  B1 and B2 are linked to Internet by STM1 (POS) using eBGP.
  OSPF is used as the infrastructures routing protocol between all equipments.
  (cf the network diagram attached)
  Configuration :
  When migrating to MPLS, we fixed interfaces MTU at 9216 and the MPLS MTU at 1512 on all concerned interfaces from Core to Border routers.
  Below is a sample configuration.
  mpls ip
  mpls label protocol ldp
  mpls ldp router-id loopback0
  interface GigabitEthernet1/1
  mtu 9216
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 XXXXXXXXXXX
  ip ospf network point-to-point
  ip ospf cost 1
  ip ospf hello-interval 1
  mpls mtu 1512
  mpls ip
  Problem :
  The service application uses a server on the local network (linked via CE router) which send https requests and files to a server located in the Internet.
  When MPLS is activated only on the Core-To-Core interfaces (C1, C2, C3 and C4) the application is working properly.
  But when the MPLS is expanded on Core-To-Border / Border-To-Core interfaces, this specific application fails as it appears that the certificate server sees a corrupted frame, some bits have been added to the normal frame. But all other services (HTTP, FTP, everything,)
  Below are major differences between Border and Core routers connection schemes:
      A DPI equipment between Core and Border,
  GibabitEthernet are used for links Border-To-Core and Core-To-Core, STM1(POS) is used for links Border-To-Internet (IP)
  ­    The MTU size on STM1 interface is fixed at 4470, MTU size of 9216 is assigned to GE interfaces (Border-To-Core, Core-To-Core)
  Regards.

  Hi,
  Would it be possible to disable the functionality of the DPI (passthrough mode?) and test again?
  MPLS labels or not on the packet should not make a difference wrt HTTPS only (in theory).
  Since you mention corrupted frames, taking a packet capture should show you if this is true or not.
  Thanks,
  Luc

• Https Certificate Problem

  I'm working on an application that will contact several ISP websites, to retrieve the connections statistics.
  Several of those websites needs certificate authentication's.
  For the moment I found 2 solutions:
  * Getting the certificate and put it manually in my keystore
  * Bypass the security by overriding X509TrustManager()
  The first solution is not dynamic, cause I can not ask everyone who will use this application to create for each certificate a keystore.
  The second solution, well there is no authentication so I can not know if I'm really contacting the correct website.
  Is there a way to install a certificate from my java application to my virtual machine ? Or is there another way ?
  I'm making my application with Java 6.
  Thx

  Ok I think I found what I wanted ... But I don't know if this is the best way ...
  I don't really need the certificate on my machine, but I have to be sure its valid. So I think this is good enough.
                 TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                           return null;
                      public void checkClientTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {}
                      public void checkServerTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {
                           try {
                                for ( X509Certificate cert : certs) {
                                     cert.checkValidity();
                           } catch (CertificateExpiredException e) {
                                e.printStackTrace();
                           } catch (CertificateNotYetValidException e) {
                                e.printStackTrace();
                 SSLContext sc = SSLContext.getInstance("SSL");
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
                 HttpsURLConnection
                           .setDefaultSSLSocketFactory(sc.getSocketFactory());
                 URL url = new URL(
                           "https://...");
  ...

• About root certificates problem

  Dear friend,
     pls hlp m in this matter:
  i hv mistakenly delete (deletable)some authority certificates of my nokia 5300.before that i used to run java application like opera browser,mtorrent etc but after deleting,formating, i am unable to reinstalled those applications again.
  i hv updated my nokia 5300 to latest version 7.00,but due to absence of those certificates .i cant installed those program again.do you hv any solutions pls help.

  Resettin to factory settings will not restore any deleted files. If updating the software hasn't replaced the missing files, then the phone will need to be re-flashed by a Nokia service point.
  This is a valuable lesson in using third-party apps to view the hidden system files of the phone - don't touch anything unless you are 100% sure you know what you are doing.

• Problem about HTTPS

  Dear guys,
  I have a question about HTTPS. I try to run the midlet over HTTPS but I got an error something like they don't know this protocol. I think I heard that WTK104 supports HTTPS. So the problem might come from the midp1.0.3. I read the user guide it said like it is optional for midp1.0.3 to support HTTPS or I have to recompile this module specially. I really wonder whether we do have to do that or not. What's more is how to do that? In the user guide is not too clear. Any idea about this?
  Thanks!!
  Udsy

  Hi john wen
  Thanks a lot for your help. However, after I tried to use build to include HTTPs, I still get error following
  $ make INCLUDE_HTTPS=TRUE
  find: ./../../../kvm/api/src/java: No such file or directory
  find: ./../../../kvm/api/src/javax: No such file or directory
  find: ./../../../kvm/api/src/com/sun/cldc: No such file or directory
  find: ./../../../kvm/api/src/java: No such file or directory
  find: ./../../../kvm/api/src/javax: No such file or directory
  find: ./../../../kvm/api/src/com/sun/cldc: No such file or directory
  find: ./../../../kvm/tools/preverifier/src: No such file or directory
  find: ./../../../kvm/tools/jcc/src: No such file or directory
  find: ./../../../kvm/tools/preverifier/src: No such file or directory
  make: link: Command not found
  make: *** [bin/preverify.exe] Error 127
  I don't know why. I read from cygwin that I have to use make instead of gnumake. I also already change directory to c:/j2me/midp1.0.3fcs/build/win32 and then started building. Do you have any idea about this?
  thanks
  udsy

• I need help, pop up about Certificate Problems and facebook wont work

  i keep getting a pop up about Certificate Problems on every page, i just updated my soft ware and i cannot go on facebook.

  Trouble Shooting and related keyboard commands:
  Startup Manager: How to select a startup volume
  Mac OS X: Starting up in Safe Mode
  Resetting your Mac's PRAM and NVRAM
  "To continue booting, type 'mac-boot' and press return" Message
  Resetting Cuda/PMU on Power Mac G5, Power Mac G4, Power Macintosh G3
  Resolve startup issues and perform disk maintenance with Disk Utility and fsck
  Mac OS X 10.4, 10.5: Gray screen appears during startup
  Mac OS X 10.4 Help: I see a blank blue screen when I try to start up my computer
  Avoid unnecessarily resetting the SMC or PMU for troubleshooting purposes
  Note: There is NO magic time required to clear the PMU. A firm, complete push is all that is required.
  The PMU reset button is a momentary contact switch because the reset only requires momentary contact.
  Another myth is that more than 2 chimes during a PRAM reset resets better.
  A reset is a reset.
  If you need more than is done in a PRAM reset after 2 chimes, use the NVRAM reset in Open Firmware.
  Keyboard Shortcuts:
  Mac OS X keyboard shortcuts
  Keyboard shortcuts - Mac Guides
  Keyboard shortcuts in OS X | creativebits
  Mac OS X Keyboard Commands
  what does "DOS" mean ??  " boot in to DOS ", as you used it ??
  Disk Operating System
  That would be "DOS like" as in like the screen that you use in booting a Windows machine.
  It's the black with white text screen that you get when you boot to Open Firmware (CMD+OPT+O+F)
  Booting Mac OS X

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Wifi certificate problem - free public wifi

  Hi
  I use a free public wifi access point at work. When I connect, there is a popup that states:
  The certificate for this website is invalid. Tap accept to connect to this website anyway.
  If I accept, I get redirected to https://1.1.1.1/ , where I have to tap accept to the terms and conditions.
  On my macbook, I get the same error about the certificate, but I was able to install the certificate on the macbook, and I no longer have the problem.
  I then tried to install the certificate on the iphone, by exporting it from keychain, and emailing it to my gmail imap account.
  When I tap on the attachment, I get this error:
  "Profile could not be validated. Profile is missing Version Number."
  I use another university wifi access point, with which I have done the same procedure, with no issues.
  Is there any way to modfiy the certificate, or to force the iphone to accept it?
  Thanks

  System Preferences > Network > (click Airport in the list on the left) > click Advanced > Airport tab, select "Free Public WiFi" in the list and click the - sign at the bottom.
  If you're prompted to join that network in the future, click No.
  "Free Public WiFi" is a computer-to-computer network that's automatically created by some Windows machines. It's a nuisance, courtesy of Bill.
  http://blogs.chron.com/techblog/archives/2006/09/freepublicwif.html

• On Vista Firefox 6 incorrectly deals with security certificate problems

  After I installed Firefox 6, I tried to go to one of my web sites. I know that there is an https security certificate problem with this site when I go to https://staging.photoquestadventures.com rather than https://www.photoquestadventures.com. On XP, FF6 opens the site. on Win7, FF6 warns about a security certificate problem then allows me to create an exception and open the site. On Vista, it says that it can't find the server at www.staging.photoquestadventures.com and I cannot get past this point - only on VISTA!

  I downgraded to Firefox V4 (I didn't have a copy of V5 stored and couldn't find it on the net) and it asked the correct question: to allow connection even though there was a security certificate problem. Then I upgraded to V6, and it continued to connect just fine. So something in the V5 to V6 upgrade created the problem for me.
  I wonder if there is insufficient testing of Firefox on Vista, as I have had several problems with new versions while I have not had the problems on XP or Win7.

• Certificate Problem - Secure Connections Denied

  A friend just got her computer back from a loan and now finds that she can't gain access to any secure sites such as webmail. When she tries, she is greeted with the error message
  IDENTIFY CERTIFICATE IS NOT YET VALID
  UNABLE TO ESTABLISH A SECURE CONNECTION
  PROBLEM WITH THE SECURITY CERTIFICATE FROM THAT SITE
  I know nothing about security certificates. Any help would be appreciated.

  What version of OS X is your friend using? Certificates are referred to by the browsers as indicators of web site safety. If no certificate is present, then an alert message appears prior to the site loading. This gives the user a chance to decide if they want to go any further. Here is a more detailed explanation.l
  It's possible the previous user answered "no" to an alert.
  Certificates can be viewed, and deleted if necessary, by going to Keychains app. in the Utility folder. On the left panel (at least the Tiger version) you'll see Certificates. Select it, and delete the offending ones.
  Also, have her go to the Safari Menu and select "empty cache".
  Post back if you require any clarification.

• Windows certificate problem - at least for a better description

  I'm not sure where this should be posted.  I believe it's actually a Windows problem, so i'll try here first.
  Okay, I was installing SQL 2012 express server and I ran into a problem during the installation.  It's been too long ago, and too many correction attempts since to remember what the original problem even was.  But, anyways I uninstalled the installation
  and tried again, and again and again.   I was getting these errors:   Well damn, I've uninstalled my latest attempt and the error logs are gone.  Anyways it was failing on a certificate issue and then unable to find a start-up handle for the
  database engine. After this I tried all of the suggested fixes put forth on msdn,  Stack OverFlow and several blogs, nothing worked.  One of the suggestions was to create a new account/profile and try installing with that account. At that point I
  discovered that I couldn't create a functional new profile; every one failed when trying to log in.  That's why I think it is a Windows 8.1 problem and not a SQL installation problem, although it's likely that created the original problem. Anyways, I'm
  stuck.  Any ideas, beyond re-installing (I'll probably wait for the April 8th update and see if that happens to fix the problem before suffering the inconvenience of a complete re-install) win 8.1?  I can recreate the error logs by going through
  the installation again if they could help or I can pull the logs from one of the other blogs.
  Thanks,
  Ray

  After more digging around I found another instance of this problem reported here:
  http://social.technet.microsoft.com/Forums/en-US/43cb5946-9d82-4973-b8a1-4053aa688ba8/user-profile-service-failed-the-signin-user-profile-cannot-be-loaded-for-any-new-accounts?forum=w8itprogeneral
  ( it won't let me post a link, so we get plain text)
  As suggested in the mentioned post, checking my Event Viewer showed basically two type of Errors:  Event ID 1500 when trying to log in to Windows 8.1 with the newly created profile or creating a new profile; and Event ID 1511 when trying to install
  SQL 2012 Server Express.  Later on in the error logs, errors with certificates are mentioned.  Further digging showed that in each case the errors occurred when an attempt was made to copy files from the Default profile, specifically files in the
  \AppData\Local\Microsoft\VSCommon folder, to a Temp folder during creation of the new profile.  I copied these files to another temp folder and removed them from the offending location. After doing so, SQL 2012 Server Express installed properly and I
  was able to create a new user profile which could log into Windows.  I haven't seen any other problems since the files were removed, VS2013 works fine, but it did before these issues popped-up too. (VS2012 was upgraded several months ago, so maybe the
  files were left from that?).
  Hope this might help others who run into certificate problems when creating profiles, either during installation of programs or when creating a new user profile.

• Cisco ISE NDES EAP and HTTP certificates from different CA

  Hi guys, hope this is something you can help with…
  2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
  AD integration with customerdomain.local
  Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
  Corporate authentication is using EAP-TLS which is working fine
  BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
  I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
  As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
  This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
  Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
  Thanks
  Andy

  I have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine.  I am wondering if this is a certificate tier length issue.  My working example has a RootCA->IssuingCA->Cert.  It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
  Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
  Thanks

• I'm having website certificate problems.

  Recently, when I try to purchased anything on eBay, a box pops up stating:
  "The certificate for this website was signed by an unknown certifying authority. you might be connecting
  to a website that is pretending to be checkout.payments.ebay.com....."
  Is there something i can do about this? For now, I use Firefox and don't have any certificate problems but
  I'd prefer to use Safari.
  Thanks
  jt

  This question has nothing to do with iBooks, nor anything to do with OS X Server — this question is really getting bounced around the forums, too! — and probably nothing to do with the particular web browser you're using.
  This is either something weird with local DNS or the host you're connecting to (that would be bad), or something weird with the certificate being presented by the eBay web site you're accessing:
  Launch Terminal.app from Applications > Utilities and issue the command
  dig +short checkout.payments.ebay.com
  Here's an example of what that command looks like, with the $ prompt and with the output shown before the next $ prompt:
  $ dig +short checkout.payments.ebay.com
  66.211.180.57
  66.135.215.197
  $
  I've posted the two IP addresses that I get from that command.
  If you get those two addresses, it's probably eBay's error. 
  If not, post what you get for IP addresses.
  If you don't get anything output from the command, or if you get something different from those two hosts, you might have an issue with your local DNS setup.

• Safari client certificate problem w/ Canada Post website

  I am using OSX 10.8.5 and Safari 6.1.1
  I'm trying to use the Canada Post website for online shipping (ship-in-a-click) via the site:
  http://www.canadapost.ca/personal/tools/cst/intro-e.asp
  When I choose my option (in this case INTERNATIONAL) a pop-up opens asking to select a client certificate. A list of five certificates, which are all apparently valid and not expired, is given. No matter which certificate I select I cannot get past this pop up window. It just pops back up again.
  The certificates are all in the form:
  com.apple.idms.appleid.prd. then a very lengthy alpha numeric string
  From what I have read with certificate problems you can just delete them and next time you visit the site will ask you to select a new one. However, in this case, with all the certificates seemingly being valid, I don't think that will be the solution. Although, I am a complete novice when it comes to these issues.
  Can anybody suggest something other than using Firefox/Chrome etc. although if that is the ONLY choice then so be it. But surely this can be solved within Safari, no? The rest of the Canada Post site seems to behave OK with Safari.
  Thank you.

  Neither.  I am on Mavericks and it shows the exact same issue, so it neither fixes the problem or intoduces new ones, at least with my site.
  I also noticed that it is somewhat based on the loction (IP) of the server because on my local laptop (During development) and on our QA server would try and send a certificate that it should not send.  HOWEVER once we implemented the SSL client certificate on our production server it would no longer send the certificate.  I have no idea why and speculate that it is because our production server has a public IP.
  If you want you can use my site and see if the problem persists for you there (http://whf.to); however given the seemingly random why Safari decides to send certificates you may or may not see the issue.  If Safari does indeed send a certificate you should get an error page that details what happened (in somewhat lay-terms).
  Sorry that Mavericks doesn't fix the issue for you.

• Please tell me about Authority Certificates. I hav...

  Please tell me about Authority Certificates.
  I have misstake and Delet for this.

  Hi Themughal
  Thank you for posting and welcome to Nokia Support Discussions! 
  What is the model of your phone? If it belongs to S40 devices have a look in this link: http://discussions.nokia.com/t5/Pool-of-Knowledge/Certificate-not-on-phone-or-SIM-for-S40-phones/td-...
  If my post helped you, please don't forget to click on the "White Star" and if it resolved your issue click on "Accept as Solution"