Anyone using a signed certificate?

Similar Messages

• How to register iOS device when using self signed certificate with apple Server?

  Hi,
  I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
  Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
  Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
  Does anyone have an idea how to get around the problem with the self signed certificate?
  Best regards

  Try deleting the Server.app and download it again from the App Store, restart.
  My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first).

• Use self signed certificate

  Hi,
  I have got a theoretical question: Is it right to use self-signed certificate in production environment?
  We don't want to use this cert. for authentication but for SSL decryption. Is this a good solution?
  Thanks!
  V.

  Hi Rick,
  May be I was not completely clear in my wordings :)
  VPN connection is not a mandate. The VPN connection already existed between our organization and the provider service (instead of going over the internet) and hence the security person in our organization was fine with us using self signed certificates.
  I gave you a scenario where the use of self signed certs was authorized. And also once more scenario where using self signed certs in test environments is not allowed.
  Two contrasting thoughts, so basically it is up to the perception of the security people to assess the risk and give a go ahead.
  Personally I feel that if the communication channel is secure between the systems (2 way ssl) then using self signed certs for message encryption might be fine.
  If the channel is not secured (may be even 1 way SSL), I would prefer using CA certified certs.
  Hope I make more sense now :)
  Thanks,
  Patrick

• How to use self-signed Certificate or No-Check-Certificate in Browser ?

  Folks,
  Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
  [user@localhost bin]$ ./emctl start dbconsole
  The command returns the output:
  https://localhost.localdomain:1158/em/console/aboutApplication
  Starting Oracle Enterprise Manager 11g Database Control ... ...
  I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
  The connection to localhost.localdomain: 1158 cannot be established.
  [user@localhost bin]$ ./emctl status dbconsole
  The command returns this message: not running.
  [user@localhost bin]$ wget https://localhost.localdomain:1158/em
  The command returns the output:
  10:48:08 https://localhost.localdomain:1158/em
  Resolving localhost.localdomain... 127.0.0.1
  Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
  ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
  Self-signed certificate encountered.
  To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
  Unable to establish SSL connection.
  A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
  Website certified by an Unknown Authority. Examine Certificate...
  I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
  But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
  My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
  Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
  In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
  In Authorities tab, there are a few names as indicated in the above output of wget.
  My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
  Thanks.

  Neither problem nor solution do involve Oracle DB
  root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
  This thread is OFF TOPIC for this forum.

• Flyspray email notification using self signed certificates

  Hi all, I've been having an issue with flyspray sending notification emails through a SMTP server (running on localhost) which uses submission (port 587) and starttls with a self signed certificate. Whenever a notification would be sent I receive an error like the following:
  Notice: Undefined property: Swift_Transport_StreamBuffer::$_sequence in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 236 Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 102 Completely unexpected exception: Unable to connect with TLS encryption
  This should never happend, please inform Flyspray Developers
  For the time being I just disabled notification all together. But this is a pretty big problem for me as I would like to avoid having to come to the web to view bugs I'm working on. Eventually I will create my own personal CA and this problem will become a non-issue, but until the time comes I'd love a work around (preferably not too dirty if at all possible).
  Thanks for the help.

  H Jerome,
  The certificate may have been generated incorrectly but I would suggest logging
  a support case.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Jerome Cahuzac" <[email protected]> wrote:
  >
  >
  >
  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
  Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?

• Using code signing certificate results in classnotfoundexception

  We are running a certificate authority on windows 2012. Our programming section developed a java application on linux and wanted to code sign it. They created a csr and sent it to me. I created a duplicate of the built in code signing template and used it
  to create a code signing certificate, which I sent back to the programmer. He used the certificate to sign the application jar file, and everything seemed ok. But when we try running the application we get a 'classnotfoundexception' for the main class of the
  program. Just to be sure it was not a fluke I wrote a small test applet and went through the same procedure of creating a csr, creating the certificate, and code signing the jar file, and ended up getting the same exact error.
  The programmer tried creating a self signed certificate on linux and using that to code sign the jar file, and the program runs successfully. Of course there is a warning that the certificate is untrusted, which is why we ant to use the windows created certificate
  to sign the application since the root certificate in on everyone's computer.
  Is there anything special needed to be done to get  the windows created certificate to successfully sign a java application?

  Hi David, did you ever get it to work signing the applet with an Active Directory Certificate Services certificate?
  We are exeperiencing the same issue.  The odd thing is that after we get the ClassNotFoundException error, we click on the error and then click reload and then it loads fine.  At this point we are probably going to try purchasing a certificate
  to see if ADCS was the problem.  Curious to see if you had any luck.  Thanks.

• How to use self-signed certificate to verify others certificate?

  the self-signed certificate and keys acts as CA like VeriSign
  alias =SelfSignCA
  keystore = SelfSignLib
  certificate = SelfSign.cer
  certificate to be verify
  alias = companyCA
  certificate = companyLib
  csr file = company.csr
  how to use keytool to verify/sign the company certificate?thank you.

  Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
  Not sure how relevant it will be for 11g, sorry :(

• How to use Self Signed certificate with SSLServerSocket?

  Hello to all.
  I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
  The server must have it's own certificate, clients don't need one.
  I started with this
  http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  To generate key for the server and a self signed certificate.
  To sum it up:
       Create a new keystore and self-signed certificate with corresponding public/private keys.
  keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks
       Export and examine the self-signed certificate.
  keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer
       Import the certificate into a new truststore.
  keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jksThen in my server code I do
  System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
  System.setProperty("javax.net.ssl.keyStorePassword", "123456");
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );
  Socket s = sslServerSocket.accept();I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.
  Can it be a problem with the certificate? When using -validity <days> in keytool the certificate gets self-signed, so it should work if I'm not wrong.
  I have also tried this solution
  serverKeyStore = KeyStore.getInstance( "JKS" );
  serverKeyStore.load( new FileInputStream("/scratch/stores/server.jks" ),
       "123456".toCharArray() );
  tmf = TrustManagerFactory.getInstance( "SunX509" );
  tmf.init( serverKeyStore );
  sslContext = SSLContext.getInstance( "TLS" );
  sslContext.init( null, tmf.getTrustManagers(),secureRandom );
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );and still it doesn't work.
  So what am I missing?

  You were right. I corrected the mistakes in the server code, now it's
       private SSLServerSocket setupSSLServerSocket(){
            try {
                 SSLContext sslContext = SSLContext.getInstance( "TLS" );
                 KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
                 KeyStore ks = KeyStore.getInstance("JKS");
                 ks.load(new FileInputStream(_KEYSTORE), _KEYSTORE_PASSWORD.toCharArray());
                 km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
                  * Da usare con un truststore se serve autenticazione dei client
                  * TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
                 tm.init(ks);*/
                 sslContext.init(km.getKeyManagers(), null, null);
                 SSLServerSocketFactory f = sslContext.getServerSocketFactory();
                 SSLServerSocket ss = (SSLServerSocket) f.createServerSocket(_PORT);
                 return ss;
            } catch (UnrecoverableKeyException e) {
                 e.printStackTrace();
            } catch (KeyManagementException e) {
                 e.printStackTrace();
            } catch (NoSuchAlgorithmException e) {
                 e.printStackTrace();
            } catch (KeyStoreException e) {
                 e.printStackTrace();
            } catch (CertificateException e) {
                 e.printStackTrace();
            } catch (FileNotFoundException e) {
                 e.printStackTrace();
            } catch (IOException e) {
                 e.printStackTrace();
            return null;
       }and on the client code
  private SSLSocket setupSSLClientSocket(){
       try {
            SSLContext sslContext = SSLContext.getInstance( "TLS" );
            /* SERVER
            KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
            km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
            KeyStore clientks = KeyStore.getInstance("JKS");
            clientks.load(new FileInputStream(_TRUSTSTORE), _TRUSTSTORE_PASS.toCharArray());
            TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
            tm.init(clientks);
            sslContext.init(null, tm.getTrustManagers(), null);
            SSLSocketFactory f = sslContext.getSocketFactory();
            SSLSocket sslSocket = (SSLSocket) f.createSocket("localhost", _PORT);
            return sslSocket;
       } catch (KeyManagementException e) {
            e.printStackTrace();
       } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
       } catch (KeyStoreException e) {
            e.printStackTrace();
       } catch (CertificateException e) {
            e.printStackTrace();
       } catch (FileNotFoundException e) {
            e.printStackTrace();
       } catch (IOException e) {
            e.printStackTrace();
       return null;
  }and added a System.out.println(sslSocket); after every incoming message (server side) and SSL is now fully working!
  So my mistakes were:
  [] Incorrect setup done by code
  [] Incorrect and insufficient println() of socket status
  Now that everything works, I've deleted all this manual setup and just use the system properties. (They MUST be set before getting the Factory)
  SERVER SIDE:
  System.setProperty("javax.net.ssl.keyStore", _KEYSTORE);
  System.setProperty("javax.net.ssl.keyStorePassword", KEYSTOREPASSWORD);
  SSLServerSocketFactory f = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  SSLServerSocket sslServerSocket = (SSLServerSocket) f.createServerSocket(_PORT);
  CLIENT SIDE:
  System.setProperty("javax.net.ssl.trustStore", "/scratch/stores/client.jks");
  System.setProperty("javax.net.ssl.trustStorePassword", "client");
  SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket sslSocket = (SSLSocket) f.createSocket(_HOST, _PORT);
  And everything is working as expected. Thank you!
  I hope my code will help someone else in the future.

• Avoid an alert with using self-signed certificate

  Hi
  I want to publish a free product and I would like to use a free self-signed certificate
  But during installing, the Adobe Exstension Manager shows an alert
  Where is a way how to avoid this alert with using a self-signed certificate (I generated certificate with help of Adobe Exchange Packager) or I should only use a paid code-signed certificate?
  Best regards
  Maxim

  As I understund, "Show warning when instaling..." this option available only for end user in Exstantion manager, right? It means there is no way how to switch off this warning if I use ucf.jar tool for packing ZPX and an user uses default setting on this end. When, only one way is left - to buy a payed certificate, even for free product. Correct?

• MTLS using self-signed certificates

  We have a Expressway-C and Expressway-E setup in labs. While setting up a secure (TLS) traversal zone between C and E, can we use self-signed certs instead of trusted CA certs? (Import the C self-signed cert on to E and vice-verse will suffice for  MTLS?)

  H Jerome,
  The certificate may have been generated incorrectly but I would suggest logging
  a support case.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Jerome Cahuzac" <[email protected]> wrote:
  >
  >
  >
  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
  Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?

• Using self-signed certificates for HTTPS

  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?
  [dummy.cer]

  H Jerome,
  The certificate may have been generated incorrectly but I would suggest logging
  a support case.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Jerome Cahuzac" <[email protected]> wrote:
  >
  >
  >
  I want to enable HTTPS protocol with WebLogic Server 5.1
  I want to use a self signed certificate generated with the JDK keytool.
  I've successfuly generated it and exported a dummy.cer file.
  I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
  and I've got this exception
  java.lang.NullPointerException:
  at weblogic.security.RSAKey.toString(RSAKey.java:203)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.security.X509.toString(X509.java:261)
  at java.lang.String.valueOf(String.java, Compiled Code)
  at java.lang.StringBuffer.append(StringBuffer.java, Compiled
  Code)
  at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
  Compiled
  Code)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
  at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.Server.startServerDynamically(Server.java:99)
  at weblogic.Server.main(Server.java:65)
  at weblogic.Server.main(Server.java:55)
  at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
  at java.lang.Thread.run(Thread.java:479)
  mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
  Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
  What's the right way to do this ?

• ACS 4.1 PEAP using public signed certificate (verisign)

  Hi,
  Could you give me some advice about the PEAP implementation with ACS server. I undestand that self-signed certificate should work well but I have this thoughts. The self signed certificate is valid for 1 year and after this period a new self-signed certificate has to be created. What should be the impact on the wireless users at this point? What I undestand is that the new certificate should be also imported to the clients so they can validate the server certificate. If that is correct (not sure though) this will bring huge amount of work when the certificate is expired and having hurderds of wireless clients.
  Is it possible (and what are the requirements of the certificate itself) to install any publicly signed certificate like Verisign's one to the ACS for the PEAP process? Will that ease the workload when the certificate has to be renewed? I  assume that any windows machine for example, has by default trusted root certificates - Verisign in its store and no further interaction should be needed on the client side.
  kind regards
  Boris

  hi there ..
  First we need to understand why a cert is importnat. A cert is used to create a tunnel that allows the wireless client to send their logon in a secure fashion. So if you could image a tunnel over wireless/wired between your client and the radius server.
  The idea of trusting the cert is SPECIFIC to the wireless client . You can choose to TRUST the cert or NOT. Totally client independent. Why this is important, suppose for a moment that someone comes into your place of business and broadcast from their AP your SSID. Your clients could attach to this AP. And suppose the run FREERADIUS on a small box. From this radius server this person sends a BOGUS cert. If you client isnt trusting the correct cert or not trusting ANY, your client will accept the bogus cert, build a TLS tunnel, and send their logon.
  Can you get a signed cert. Yes, most folks do as it eases deployment. Or if you have a PKI you can push your own cert.
  Also, note you can have your client really analyze the cert and only trust specific certs and cert common namesl exmaple ACS01-ABC.
  I hope this helps ..
  Please support the rating system if you find any of this helpful!

• Can we run AnyConnect using self signed certificates?

  I have a lab that I want to build a laptop-to-ASA remote access tunnel, using AnyConnect.  
  I understand AnyConnect requires IKEV2, and certificates.  
  It does not allow for pre-shared passwords, like VPN-client.  
  Is there a way I can build the lab without getting a certificate?

  AnyConnect does not require certificates if you use SSL VPN (vs. IKEv2 IPsec VPN). On an SSL VPN you can use local authentication on the ASA or external authentication to AD, LDAP, RADIUS, etc. (in addition to or instead of certificates).
  If you want to use IKEv2 and certificate authentication you can use either the ASA itself the CA server or proxy (via SCEP) to an internal CA (e.g. a Windows servers with Certificate Services). There are some other possible methods (such as the way you asked about) but in my experience they are not commonly used as few users have the knowledge or desire to go that route. Most organizations using client certificates deploy them from an internal root CA.

• Xcode continuous integration, Subversion and self-signed certificate won't work altogether.

  Hi!
  I've installed on MacMini Maverick OS with OSX Server.
  Then I've configured the Xcode continuous integration with Subversion (using self-signed certificate), also created bots and etc.
  But It won't work.
  Attached is the log:
  Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:717 7c087310 +0ms] revision: (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:718 7c087310 +0ms] log: (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:719 7c087310 +0ms] checkoutError: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSCheckoutOperation.m:732 7c087310 +0ms] Error in SVN checkout Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} <stderr>= (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSOperation.m:33 7c087310 +0ms] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSOperation.m:28 7c087310 +0ms] Cancelling operation: XCSCheckoutOperation Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSBuildBundle.m:790 7c087310 +0ms] Got an error from the checkout operation: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildBundle.m:850 7c087310 +0ms] Starting upload files operation Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildBundle.m:1018 7c087310 +0ms] Updating bot run status to running, substatus to uploading Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Info>: [CSRemoteServiceClient.m:151 7c087310 +0ms] Connecting to https://localhost:4443/svc to execute [https]Request{AuthService.enterMagicalAuthRealm()} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildHelper.m:97 7c087310 +38ms] Updating bot run with GUID cccf1c74-6c5a-4fff-a57f-5e5bead09457 Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildHelper.m:102 7c087310 +0ms] Updating bot run (cccf1c74-6c5a-4fff-a57f-5e5bead09457): { guid = "cccf1c74-6c5a-4fff-a57f-5e5bead09457"; status = running; subStatus = uploading; } Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Info>: [CSRemoteServiceClient.m:151 7c087310 +0ms] Connecting to https://localhost:4443/svc to execute [https]Request{XCBotService.updateBotRun:({ guid = "cccf1c74-6c5a-4fff-a57f-5e5bead09457"; status = running; subStatus = uploading; })}
  Hope you'll be able to assist me find what I'm doing wrong.
  Thanks in advance.

  Did anyone find a way around this? I have the exact same error and tried the exact same solution.
  The Xcode 5 release notes described a problem that sounds similar.
  Communicating with a remote SVN repository over HTTPS can fail with an error similar to “Error validating server certificate for server name.” Edit the file /Library/Server/Xcode/Config/xcsbuildd.plist and change the TrustSelfSignedSSLCertificates key from false to true. Then, from a Terminal window, run: sudo killall xcsbuildd. 14639890
  https://developer.apple.com/library/ios/releasenotes/DeveloperTools/RN-Xcode/Cha pters/xc5_release_notes.html
  I haven't found a similar fix for Xcode 6 though.

• Self-signed certificate support

  Good morning everyone.
  I have a fair number of web-available applications that I make so using self-signed certificates. I've tried several of them, and it looks as though without a certificate authority, the iPhone's version of Safari won't support them. Has anyone else had any luck with this?
  I also tried an expired certificate, and the same occurred. Essentially the wheel just spins and nothing ever happens, almost as if there is a secret dialog somewhere that I can't see, and the process is waiting for me to click Ok.
  Interested in others' experiences.
  Thanks!
  Greg

  I'm having a similar problem. The Cisco wireless network here in my office has a log in page that should be displayed whenever a user tries to log in. When Safari on my iPhone connects, it redirects to the log in page, but I get nothing but the spinning wheel.