Anyone use godaddy ssl certs?
I have been looking into changing ssl certificates, currently we use thawte. I have had some trouble with the godaddy ssl certificates but I think it is probably that it is just slightly different then what I was used to. My question is is anyone else out their using godaddy for your ssl certificates and have you had any issues or do you have any concerns with using them?
Yes, I havnt seen any issues with it.
If u need any help installing it in ur keystore let me knw.
-Faisal
http://weblogic-wonders.com
Similar Messages
-
Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)
Hi,
I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
For reskilling, I will assume I will have to do some command line stuff here ...
eg: keytool -genkey -keyalg RSA -keystore hostname.key
to create the key,
keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
to create the csr, and
keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
to import the new cert
Suggestions or comments for anyone who has tried this before would be appreciated.
Regards,
BrianI've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
david -
GoDaddy SSL Cert Signed by Unknown Authority
At my school we have one Apple server which we recently upgraded to 10.5. We're using it to run a blog for teachers. We switched the site to use SSL and purchased a GoDaddy SSL cert (the wildcard type). The common name on the certificate I created in Server Admin is for *.e-lcds.org, this is the same common name I gave to GoDaddy in the CSR.
I received both the certificate and the intermediate certificate from GoDaddy and installed both. Server Admin now says that the site is signed correctly by GoDaddy. The intermediate certificate (looking at Keychain Access) is not signed correctly though according to the server. The error is "This certificate was signed by an unknown authority"
In the process of originally trying to figure out SSL certs I deleted all of the GoDaddy ones which I (thought) had added to start with a new one and have it re-keyed (which worked). I unfortunately may have deleted whatever certs need to be installed to verify the intermediate cert from GoDaddy. Is there a way to re-add these? Or is this another issue altogether?
Thanks in advance,
-MRCURI ended up wiping the server since we switched it's roles with a Linux box. I'm now using the GoDaddy SSL cert on the Linux box and the XServe.
-
Use Wildcard SSL Cert to Monitor Non-Domain COmputers
Hello,
I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
TIA,
JimHi,
The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Help using Custom ssl cert in Aironet https web Interface
I spent a few hours learning how to import certificates, and I think I did ok with that part. If I use the selfsigned cert when HTTPS is enabled through the web interface, HTTPS works just fine, but the second I
ip http secure-trustpoint test
I get a connection reset error in my test browsers.
ip http secure-trustpoint TP-self-signed-3349201592
doesn't fix it, it just gives me an "invalid certificate" error. I'm going to include what I did to get to where I am now, and hopefully you can see where I'm going wrong.
In Linux:
openssl genrsa -out test.key 2048
openssl req -new -nodes -key test.key -out test.csr
got csr cert and root ca from CACert
openssl rsa -in test.key -des3 -passin pass: -out keyout.pem
password:12345678
scp root.ca [email protected]:flash:/root.ca
scp keyout.pem [email protected]:flash:/test.key
scp test.crt [email protected]:flash:/test.crt
In Aironet IOS
crypto ca trustpoint test
crypto ca import test pem url flash:/test 12345678
% Importing CA certificate...
Source filename [test.ca]? root.crt
Reading file from flash:root.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key
% Importing certificate PEM file...
Source filename [test.crt]?
Reading file from flash:/test% PEM files import failed.
ok so that didn't work, but I can see that the root.crt imported at least
show crypto ca trustpoints
Trustpoint TP-self-signed-3349201592:
Subject Name:
cn=IOS-Self-Signed-Certificate-3349201592
Serial Number: 01
Persistent self-signed certificate trust point
Trustpoint test:
Subject Name:
[email protected]
cn=CA Cert Signing Authority
ou=http://www.cacert.org
o=Root CA
Serial Number: 00
Persistent self-signed certificate trust point
I then tried to import just the keypair
crypto key import rsa test pem url flash:/test 12345678
% Importing public key or certificate PEM file...
Source filename [test.pub]? test.crt
Reading file from flash:test.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key% Key pair import succeeded.
Strangely, that worked, and now I have my keypair.
show crypto key mypubkey rsa
% Key pair was generated at: 03:39:07 GMT Jul 29 2009
Key name: BenCloud
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00CAC0D9 4C79D716 140D38BF C97C1120 8A0FDCED DDDF5438 8A4BDC5C 00629676 .......
Now to apply it to the trust point, I also tried to mimick the selfsigned TP's settings, and this is what I ended up with
show
enrollment selfsigned
subject-name cn=CA Cert Signing Authority
revocation-check none
rsakeypair test
end
vs
show
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3349201592
revocation-check none
rsakeypair TP-self-signed-3349201592
end
Then I tried applying this new TP to the HTTPS server
ip http secure-trustpoint test
Which caused the error I discribed earlierThat isn't the problem, it says "The connection was interrupted" when I use my own Trust Point.
As I said, if I disable HTTPS, then reenable it, through the WebUI, it regenerates the self signed keys and works just fine. I think I'm assigning the keys incorrectly, but I don't know where I'm going wrong. -
Why was my GoDaddy SSL Cert "Not from a Recognized Authority"
I've seen many reports here of people experiencing problems installing and renewing SS Certificates in OS X Server.
In my case a simple Certificate renewal turned into a Very Worrying Episode as the new certificate was "Not from a recognised authority" according to OS X Server 3.1.2 on Mavericks. Email clients could not log in etc. etc. without being told the server was insecure.
I tried several times to renew the certificate. Last year's was from GoDaddy and we had no problems. This year was not straightforward and has wasted 8 or so hours of my life.
This is of course only anecdotal, but it seems that OS X Server cannot properly install SSL Certificated generated from SHA-2 but can from SHA-1. SHA-2 is the default at GoDaddy now (SHA-1 can be chosen) as SHA-1 Certificates will no longer be created or accepted as standard in 18 months or so's time.
My solution was to generate an SHA-1 Certificate from my GoDaddy account.
All the necessary Root and Intermediate Certificated seemed to be in place but OS X Server could not correctly link up all the Certificates in the SHA-2 chain.@heinzfromconcord were you replacing a Cert with the same name by any chance? (i.e. Were you renewing an SHA-1 Cert with an SHA-2 Cert perhaps). I have absolutely no idea whether this matters or not but can only assume that not everyone is suffering this problem as there are so few forum posts about it. I am trying to gather diagnostic information tp pass on to the Apple Engineers who replied "cannot reproduce" to my bug report.
-
SSL cert error on exchange 2013.
Hi,
Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
Error Box 1
Security Alert
servername.localdomain.local
Information you exchange with this site cannot be viewed or changed...................
The security certificate is from a trusted certifying authority.
The security certificate date us valid
X The name on the security certificate is invalid or does not match the name of the site....
Error box 2
Microsoft Outlook
There is a problem with the proxy server's security certificate.
The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
Outlook is unable to connect to the proxy server. (Error Code 10)
Any quick help will be highly appreciated!
Many thanksHi,
Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
use the shell to view the internal and external URL's,
Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
Get-ECPVirtualDirectory | fl internalurl,externalurl
Get-OabVirtualDirectory | fl internalurl,externalurl
Get-WebServicesVirtualDirectory | fl internalurl,externalurl
Change all your internal URL's similar to the external URL's, use the Set command as the example below.
Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
Regards
Boniface -
Expired internal SSL cert on SGD 4.5?
Upgraded Solaris SGD from 4.41.to 4.5. I use a SSL cert for our site, which is working fine. SGD login prompt appears and cert can be viewed and verified.
However after logging in, I get a security warning on tcchelper saying that Sun's own Verisign certificate expired on 8/29/2010. Is a current cert available?yes, please open a case with Oracle Support and we will provide you an update on SGD 4.50.933.
-
SSL Cert Setup on the Palm Pre
I am having issues setting up my companies email on the Palm Pre. We use an SSL cert and for some reason I get Certificate Error. Is the time and date wrong. I looked at many blogs with other people having this issue and they say a root cert needs to be put on the phone. The only way it says to do this is to install the Microsoft Certificate Authority and then generate the cert that way.
Well, the issues that I am having is I have been generating my cert using the new-exchangecertificate -domainnames mydomain.domain.com, and I do multiples dns names. This cert works fine on all my computers and all other cell phones. When I put it on the pre I get the error above. I read that this is an IIS root cert and the palm does not allow this. I then installed the Certificate Authority and generated a cert and the pre worked fine, the only issue is the cert broke the rest of my external users connections. I need the cert to have dns resolution addresses in it. I found out how to get the Certificate Authority to have san:dns= domain.domain.com names. But when I generate this cert and put it as my primary cert it then brakes the palm and my other systems.
How can I get the Certificate Authority to give me a cert with all the DNS names I need and work on the palm and all my other systems.
Any help is great and thanks in advance.
Post relates to: Pre p100eww (Sprint)We keep any type of updates very close to us. So close in fact that I do not know and only the developers know about this. But if you feel that this should be included there is a feedback link at the bottom of my post click on that and leave the feedback
-
Hello,
Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?
Basically, can I use the same cert twice?
Thanks,
DaveHi Dave,
It should be possible to create multiple SSL Servers for a single VIP under a
single SSL-Proxy-List by specifying different ports.
Siva -
FTP with SSL cert on ACNS via WCCP
I have a client using an SSL cert to connect to an ftp server. The user is being redirected to a CE-511 via WCCP v2 but the FTP connection does not work. If I bypass the user (in my wccp acl) it works fine - following a default route to my PIX.
Any info, good or bad will be greatly appreciated.
- MattWhat is the software version running on the CE-511. Did you try upgrading to the latest version of the firmware. This should solve the issue.
-
ACE: Single SSL Cert for two domains with same VIP
At present I have a design that will use individual SSL cert per domain and link both certs to (two or one) serverfarm.
policy-map multi-match popvip_01
class POP_VIP01
loadbalance vip inservice
loadbalance policy POP-POp3_PMT or popPMT1
loadbalance vip icmp-reply
ssl-proxy server GINPOP_SSLPROXY
connection advanced-options TCP_PARAM_Y
class POP3_VIP02
loadbalance vip inservice
loadbalance policy POP-POp3_PMT or POPPMT2
loadbalance vip icmp-reply
ssl-proxy server GINPOP3_SSLPROXY
connection advanced-options TCP_PARAM_Y
however,
if I can get one single certificate to process both pop and pop3 domains, that use the same VIP/port, and if this will work with ACE, i'm inclined to design using this alternative.
ie,
pop.mydomain.com = 10.10.10.1 995
pop3.mydomain.com = 10.10.10.1 995
Any suggestions would be appriciated.Hello,
In order to achieve this then you will need to order a wildcard certifictae ie
*.mydomain.com
These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.
Regards -
Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8
I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
No matter what I do, it won't work.
I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
Can anyone help?Originally Posted by AndersG
Fmcunningham,
> > I am looking at installing a cert as well. I have NOWS SBE 2.0
> > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
> > need a Wild card cert to be able to accomplish this?
>
Only difference between a wildcard and a regular (apart from price) is that
a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
cert only covers a named host, homer.acme.com
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms
I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess. -
Dreaded "must be configured to use a valid SSL cert" - 2008 R2
Hello everybody,
I've been browsing through hundreds of topics on the dreaded "The RD Gateway server must be configured to use
a valid SSL certificate" error using BPA (Windows Server 2008 R2 Std), but still haven't found a proper solution.
Here's the issue: RDGW not operating properly and sometime accepting connections, sometimes not.
I have an external domain example.com and internally, the domain is example.local. I have one server serving Exchange and RD, this is the server responding to mail.example.com and I have an StartSSL issued cert for mail.example.com, which is properly configured
on the server (OWA is working properly with autodiscover etc.). SSL bindings seem alright, default site is using the mail.example.com SSL cert.
If I open the RDGW Manager and go to the SSL Certificate tab, the system looks happy by having the cert installed, everything looks fine. Sometimes I even manage to connect - connection is successful, I can normally connect to any of the servers or computers.
On a second attempt, I just get the message, that the logon attempt had failed. If I run BPA on the server, I get the error of not having a proper SSL cert. If I select a self-signed cert, then also the BPA goes through, but then I have problems with connections
since everybody would need this cert to have installed.
From what I read, my problems are related to the issue that the FQDN of my server is servername.example.local and the cert is issued to mail.example.com. How can I make the thing only to talk via the mail.example.com cert? I don't think I can get a cert
that'd also contain a SAN of servername.example.local from the CA.
What can I do?Hi Andrej,
Thanks for posting in Windows Server Forum.
Here providing you the article for BPA’s configuration logs, where you can check. It also states that certificate are main problem related to this error. Please check certificate which you have bound have FQDN name of gateway server, the certificate is SSL
certificate and it’s a trusted certificate. Also check that certificate which you have importing to RD gateway must be in local computer/personal store. For more information refer below article.
1. Using the Remote Desktop Services BPA to analyze a Remote Desktop Gateway
implementation
2. RDS: The RD Gateway server must be configured to use a valid SSL certificate
In addition, you need to specify the FQDN name of RD gateway under
DefaultTSgateway in IIS setting. Please go through below article for details.
RD Gateway/Web Access Outside the Firewall
Hope it helps!
Thanks,
Dharmesh -
SSL Cert used to sign Jars for distribution via WebStart
Hi,
I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
Certificate chain not found for: myalias myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
xxx.cabundle (this can be imported into keytool easily)
cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
private/xxx.key
My questions I suppose are:
1. Can I use a cert issued for SSL to sign jars for webstart distribution?
2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
Any help would be appreciated!
RichHi,
yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
Sent from Cisco Technical Support Android App
Maybe you are looking for
-
Can't boot properly in UEFI mode
Hi! After enabling "windows 8 feature" and booting in uefi only mode, no boot device is detected anymore. The efi shell comes up after the bios has started and I can't boot into windows. I tried a clear cmos but it didn't work. I have a Z87-GD65 (lat
-
I have no sound coming from LOGIC. All I have is the sound card that comes in a PowerMac G5. Nothing fancy. I checked "Core Audio" in the Audio Drivers pop-up. I then get this warning: The previously selected audio interface is not available. The bui
-
Temporarily offline for maintenance.
DW8, XP, check in, check out enabled. Customer updated the site from her local files. I downloaded everything to update my files. I updated the library item which is on each template page. Made changes to each template page. Updated the site, library
-
Terrible Transfer Experience - 10+ hours with bad customer service
I've been a Verizon Fios customer for 3 years. For the most part service has been good, though there were a few instances where I've lost internet and cable for no apparent reason for a few days here and there. However, my experience with Verizon Fio
-
Java. ARRAY: oracle-character-set-171
Hello! I need send array of String to Oracle stored procedure. I make Oracle ARRAY type ('CREATE OR REPLACE TYPE A_VALUES AS VARRAY(20) OF CHAR(500)'). Simple my java-code: 1: ArrayDescriptor descrVal = new ArrayDescriptor("A_VALUES", con); 2: ARRAY