APNS cert errors

I've had a repeat of this error from a few days ago. Does any one know the correct way to name the push notification certs?
I got them accepted the other day, but I had to recreate them, then when I named them the same as before...error again
I named production: Production_push_notification.p12 this was accepted before, now it 's rejected!   Ah the joys!....I'm sure it's me as ever!!

I solved the problem, there seems to be a different way that DPS accepts the Certificates,
The certs I was using were created a year ago, and up till now, when in Keychain access I would click on the cert to get the drop down.
I would then click on the drop down cert, and export that one as a .p12 - that has worked for me for the last 12 months.
Now that I've renewed the certs, this process didnt work, and I was getting the error message shown in the attachment.
For some reason I decided to export the p12 cert from just clicking on the main cert in keychain, ie not click on the drop down version.
this works!
Dont know if DPS has changed, or keychain, or what. It would be interesting to hear anyones thoughts.
Hope all this makes sense :-)

Similar Messages

  • SSL cert error on exchange 2013.

    Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
    Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
    There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
    Error Box 1
    Security Alert
    Information you exchange with this site cannot be viewed or changed...................
    The security certificate is from a trusted certifying authority.
    The security certificate date us valid
    X The name on the security certificate is invalid or does not match the name of the site....
    Error box 2
    Microsoft Outlook
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
    Outlook is unable to connect to the proxy server. (Error Code 10)
    Any quick help will be highly appreciated!
    Many thanks

    Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
    You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
    use the shell to view the internal and external URL's,
    Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
    Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
    Get-ECPVirtualDirectory | fl internalurl,externalurl
    Get-OabVirtualDirectory | fl internalurl,externalurl
    Get-WebServicesVirtualDirectory | fl internalurl,externalurl
    Change all your internal URL's similar to the external URL's, use the Set command as the example below.
    Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
    make sure all your servername.localdomain.local URL's are changed to match primary certificate name.

  • ACS Cert Error

    Hi All
    I have a ACS SE, recently upgraded to 4.2. What I am seeing is a Cert error when trying to login to the admin interface using FireFox. I am can get throught after accepting a few waringins using IE but Firefox stops dead at the error <Error code: sec_error_reused_issuer_and_serial>
    Now I do have two ACS server, a primary and a secondary. If I delete the Cert from Firefox for the secondary ACS I can get into the primary until I loging to secondary then after importing the secondary cert the primary stops working again.
    I have already regenerated a Cert on the primary but it still seems to have the issue.
    It seems to be pointing to a duplicate serial number but both servers are SE's so it isn't like I imaged both servers and they are exact copies.
    Any help would be apreciated.

    Hi There,
    No I am not sharing the Cert and the Cert is self Signed. I am however replicating information between the two servers. Specifically the primary is sending "User and Group DB", "Distribution Table", "Interface Config", "Interface Security Setting", "Password Validation Settings" and "Network Access Profiles" to the Secondary.
    I am using Firefox 3.0.5.

  • Using REST Update Notification Hub to add APNS certs fails with 409

    Hi - I'm trying to use the Update Notification Hub REST call (https://msdn.microsoft.com/en-us/library/azure/dn223260.aspx) to add a valid APNS cert to an existing hub. When I do this, the update fails with a response code of 409 - which is not mentioned
    in the possible codes on that documentation page... Seems to be complaining that hub already exists.
    When I use the Create Notification Hub REST Call (https://msdn.microsoft.com/en-us/library/azure/dn223269.aspx) and include the proper <ApnsCredential> element it succeeds.
    I see no difference in the docs between the two calls.  The request body is described slightly differently. It appears to me that create and update are the same call? What causes a 409 when calling the Update method?
    How am I supposed to update the push certs of an existing hub?

    The answer is that the HTTP spec implies that for REST style calls for updating a resource at the same URI - you need to include the "If-Match" header set to '*'
    see: https://msdn.microsoft.com/en-us/library/dd541480.aspx
    and section 14.24 of RFC2616 ( http://www.rfc-editor.org/rfc/rfc2616.txt )
    In my opinion this is a documentation bug - the Request Headers section of Update Hub ( https://msdn.microsoft.com/en-us/library/azure/dn223260.aspx ) should mention it requires the "If-Match" header.  It is required because without it
    - this becomes a Create Hub call 

  • ACS 5.1 - EAP-PEAP - Imported public cert - Clients still get cert error

    We have ACS 5.1 up and running. Our company has a SuperCert purchsed with Thwarte so we requested a Certificate. Once we figured out the formatting we were able to successuflly get the certificate to bind to the CSR. For some reason our windows 7 users will be prompted the first time they connect with an option to terminate or continue. If they continue they are able to connect to the WLAN just fine. Our MAC users are always prompted with the cert error, even if they install the ceritificate. Unlike ACS 4.x and earlier I do not see where I can import the Root CA so we are thinking about purchasing another certificate from another public CA but who? Any thoughts are idea's would be greatly appreciated.

    Adverstisement apart, Verisign is widely used and trusted.
    However, even using your current CA, you should be able to install the Root CA and the ACS cert on the client machines under the trusted CAs and then the warning should not popup anymore.
    If this helps you and/or  answers your question please mark the question as "answered" and/or rate  it, so other users can easily find it.

  • Suddenly our windows 7 clients can't connect to our wireless network due to a cert error?

    Our company uses a Ruckus setup for our wireless network.  The laptops have to have a certificate on them issued from our CA and be a member of AD group.  Yesterday we noticed that nobody could connect to the internal wireless network.  In
    the security logs for the computers there is a this error:
    A request was made to authenticate to a wireless network.
        Security ID:        host/xxx-xxxxxxx
        Account Name:        -
        Account Domain:        -
        Logon ID:        0x0
    Network Information:
        Name (SSID):        Forest River Internal
        Interface GUID:        {53b8a5f4-e910-4e3e-ab88-eb4f46356e1f}
        Local MAC Address:    68:94:23:00:26:1F
        Peer MAC Address:    C4:01:7C:4A:88:58
    Additional Information:
        Reason Code:        Explicit Eap failure received (0x50005)
        Error Code:        0x80420202
        EAP Reason Code:    0x80420202
        EAP Root Cause String:    The authentication failed because certificate required for this network has expired on the server computer
        EAP Error Code:        0x80420202
    this cert was is supposed to be good for another year, is there anyway that I can get the CA server to renew this cert or do I need to issue a new one and distribute it?  The other issue I'm running into is I can't seem to get my CA to issue a new computer
    cert.  All the servers are 08 R2 boxes.

    Do you have any progresses on this issue by now?
    Here is a related KB article below:
    Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed
    Best Regards,
    Amy Wang

  • DPM 2012 setup to remote SQL 2012. SSL cert error

    First of all, the category I selected, which was for SQL server reporting services was as close as I could get. There wasn't a way to select System Center DPM server from the list. As this relates to the Report Server portion of the setup, I chose this category.
    I am setting up DPM 2012 SP1 on a single use server (Windows Server 2102 R2 Standard) and remotely connecting to a new DB server (MSSQL 2012). I keep getting error ID:812 when trying to install, and the logs show that it is trying to set up report server,
    but that it cannot establish a trust relationship for SSL/TLS.
     * Exception :  => System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
    secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    I'm not clear on how to proceed. Invalid cert means it wants something very specific.
    I have installed a domain issued cert from the DC on the SQL reporting server and have bound that cert to SSL using report server configuration. I then imported the cert into the DPM server in the trusted and personal certs. The DPM server has our DC as
    a trusted source. That clearly doesn't work.
    Thinking I may not be able to use a self-signed cert, I then installed our wildcard cert onto both the SQL server and the DPM server. I ran through the Report Server configuration again and bound that wildcard. This is a Godaddy wildcard cert.
    Same problem no matter what I do. Clearly, this is matter of a cert issue, but I'm lost. There are zero instructions I've found on how to ensure Windows server 2012 cert requirements are met as it relates to SQL and DPM.
    Thanks for your advice.

    Hi Kaden,
    This thread is for reporting service and I hope i can provide some useful informaiton from reporting service side while i don't work on DPM at all. You may still need to find out the forum for the DPM and check there.
    Regardingless of DPM, Reporting Service can usually create HTTP link and HTTPS link together. For the HTTP one, a certificate is needed. HTTPS is not needed excep you have the concern with  security.
    Usually application like DPM/SCOM will connect to the web service link provided by Reporting Service and work on that.
    If the application requires a HTTPS link, then same thing has to be setup on reporting.
    You need to install a certificate and add it to trust store and then configure reporting service to listening on HTTPs 443 port from the reporting service configuration manager.
    You can find the steps here.http://technet.microsoft.com/en-us/library/ms345223(v=sql.110).aspx
    After you create the HTTPS link successful, try to open the https web service link both remotely or locally from IE. If you can open it there without any error, reporting service is working fine.
    For some applications, they would need special  certificates installed on reporting service and used. You may check with the related product on this then.
    In a summary, if you can configure a HTTPS link for reporting service can open it correctly, configuration steps on reporting service is fine.
    If there is still any error from DPM, you would need check additional resource from DPM part.

  • Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

    Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
    a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
    b. On the middle of the page, download -
    DigiCert Assured ID Code Signing CA-1
    Valid until: 10/Feb/2026
    Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
    Thumbprint: B170A10819BEA936905D719E643399783E1F4567
    c. Install the cert in Firefox
    d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
    e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
    Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
    Reigner S. Yrastorza

    Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
    If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
    If you are using RoboHelp, which version?
    See www.grainge.org for RoboHelp and Authoring tips

  • WLC 5508- GUI Cert Error

    I tried installing chained certificate in for the https access in wlc 5508. It failed and later i came to know it will only accept unchained cert for management access. But now the problem is i could not get GUI access. It shows error like "This server security certificate is revoked "
    What should i do now..?

    Do you mean this link for unchained certs ?
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Push cert error with creating App

    The push cert should be expired on Jun 23, 2014
    But the App Builder give be this error, do anyone knows what's happening?
    I've tried to remove the cert in keychain and download them from Apple again. But got the same error message(the time did not change).

    This is a known issue with App Builder in release 26 where newly-created certificates aren't considered valid until several hours after the actual creation time. If you wait until the time listed in the dialog they will work. Some customers have had success setting their system clock forward to after that time and then building.
    We have a fix for this in release 27, due mid-July.

  • Import of gmail cert errors out - [ERROR]   - Failed import certificate: gmail

    I am trying to use javamail to read mail from gmail. When I try to import the ssl cert from the comman line it errorsout
    java -jar lib/javacloud.jar add-ssl-certificates -user user -serviceinstance serviceinstance -identitydomain identitydomain -path /Users/user/gmailssl/ssl.cer -datacenter us2 -alias gmail
    [ERROR]   - Failed import certificate: gmail, content: -----BEGIN CERTIFICATE-----
                -----END CERTIFICATE-----
    I noticed that the content within the CERT is different. Not sure if that is relevant.

    I am not sure what the "store.connect()" does, based on the exceptions seems to be trying to make non-https connection which based on the documentation is not supported:
    Unsupported Features
    Remote invocations with a transport protocol other than HTTPS (including plain text HTTP).
    Not applicable.
    Jani Rautiainen
    Fusion Applications Developer Relations

  • APNS certificate error

    I made it through to the end of the view builder menus and finally click on "Build." The system thinks for a little while and then comes back with "Unable to authenticate with the fulfillment server to upload your APNS cerificates." What exactly does this mean and what can I do to fix it? The system then does the build. Is this error the reason why I can't push my folio out to my viewer to test?
    Thank you,

    I have a similar problem. I am using professional edition on DPS. In viewer builder I proceed to the screen "provisions" all certificates except push-notifications are working. The .p12 files are from my apple developer account but viewer builder keeps warning "not finding expected label "apple IOS push services or "apple productions push services"
    Couldn't find anything on the web nor from this forum

  • Apple Push Notifications (APN) cert question

    Hey all,
    Anyone using APN on their AIR for iOS apps? I hopefully have a basic question.
    If I enable APN on an app, do I need to regenerate my main iOS Distribution cert (the .p12 you sign your app with)?
    I'm hoping not and I really see no reason why that would be the case. However my app simply refuses to use APN.
    Just to be clear my process was this:
    - Enable production APN on an existing (2 year old) app ID (non-wildcard)
    - Generate a production APN .cer
    - Deleted old mobileprovision
    - Recreated a brand new mobileprovision, pointing to the Distribution cert and the correct app ID
    - Generated .p12 from production APN .cer and provided to pushwoosh (who I use for pushes), success
    - Submitted app to store (peeked in payload embedded.mobileprovision, aps-environment set to production)
    App accepted in the store. I load it up on the iPad, it doesn't ask for permission to use notifications. No devices ever are registering themselves. Push doesn't work overall.
    I deleted everything except the iOS Distribution cert and app Id (of course), revoking everything I could. I then remade it all again, but this time as ad-hoc just to test. Push still doesn't work.
    Now, I developed the app and test on a completely different Apple developer account (my own). I did all these same exact steps. Push works perfectly fine in ad-hoc. I'm really totally confused why it works perfectly for me but when I try to sign with this other companies certs it fails, and they have OTHER apps with APN that work. The last remaining link is if I really need to regen the main iOS Distribution cert, and if I do, all the team developers will need a new .p12. That would be insane just to enable APN.
    Any other ideas?
    Thanks for any tips!

    Looks like on Windows Server 2008 apns certificates private key must have granted permission for user that wants to use it. 
    As I wrote before I've granted it for IIS_USRS but that's only for applications running under IIS. And since I was using windows service it wasn't working. 
    So what I did was check user for windows service (Services -> Log On As) and granted permission to certificates private key for this user.

  • Azure remote Cert error

    Hi all
    I have been trying to change my azure dns setting so I can specify a static DNS .
    followed the guide here http://blogs.technet.com/b/cbernier/archive/2014/11/14/azure-dns-and-static-ips.aspx
    then was getting an error connecting as I do not have a trusted third party cert installed.
    then followed the guide here https://gallery.technet.microsoft.com/scriptcenter/Configures-Secure-Remote-b137f2fe to run the ps script to install it I get the error
    VERBOSE: 10:04:11 a.m. - Completed Operation: Get Deployment
    Get-AzureCertificate : Cannot validate argument on parameter 'Thumbprint'. The argument is null or empty. Provide an
    argument that is not null or empty, and then try the command again.
    At C:\InstallWinRMCertAzureVM.ps1:54 char:83
    + ... me -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1
    +                    ~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Get-AzureCertificate], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.WindowsAzure.Commands.ServiceManagement.Certi
    New-Object : Exception calling ".ctor" with "1" argument(s): "Cannot find the requested object.
    At C:\InstallWinRMCertAzureVM.ps1:60 char:18
    +     $CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Ce ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
        + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
    Exception calling "Add" with "1" argument(s): "Value cannot be null.
    Parameter name: certificate"
    At C:\InstallWinRMCertAzureVM.ps1:64 char:2
    +     $store.Add($CertToImport)
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ArgumentNullException
    I then followed this up with trying to manually export and install the cert on my PC but get
    PS C:\> Enter-PSSession -ComputerName ***.cloudapp.net -Port **** -Credential [email protected] -UseSSL
    Enter-PSSession : Connecting to remote server ubtbes.cloudapp.net failed with the following error message : The server
    certificate on the destination computer (****.cloudapp.net:****) has the following errors:
    The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the
    about_Remote_Troubleshooting Help topic.
    At line:1 char:1
    + Enter-PSSession -ComputerName ****.cloudapp.net -Port **** -Credential troy@fi ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (ubtbes.cloudapp.net:String) [Enter-PSSession], PSRemotingTransportExce
        + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
    Would really appreciate any advice on either fixing this cert problem so I can connect or how I can connect not using ssl?
    Kind regards

    Hi Troy,
    Had the Azure VM been added into the a virtual network? If yes, you just need to add the IP address of a DNS server into the Virtual network in Azure management portal and then restart the VM to update the changes.
    Best regards,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • After upgrade to 10.10, can't send email (SMTP cert. error).  On previous version running on another machine, can still send find.  This new version is missing the "Usual Ports" checkbox option.  Can someone please help?

    I just upgraded to 10.10.  On the mail program, one of my accounts is having an issue sending email.  I am getting the following error message:
    The certificate for this server is invalid.
    Select a different outgoing mail server from the list below or click Try Later to leave the message in your Outbox until it can be sent.
    But on another machine running Mavericks, I can still continue to send email.  The same is try from my iPhone 5S.
    On that machine running Mavericks the SMTP is configured as SSL and for "Usual Ports" (25, 465, 587) but THIS OPTION IS MISSING ON THE NEW VERSION.  On the new version I have tried configuring the port to 25 and then 465 and 587 with no success.  I have used the Network Utility to see if my provider is blocking me -- it is not.  I have no third-party software on this machine (anti virus).  I can receive email fine.  On the new Yosemitie Mail there are new checkbox options of Automatically check my settings and Allow unsecure connections.  I tried to uncheck SSL for SMTP but then it says it cannot send securely my passowrd and i need to check the option "Allow to send unsecurely".  I did that but the same error message keeps appearing.  So I have tried nearly everything I have been able to, all to no avail.  Please can somebody help?

    Thanks for your reply.  Yes, it is a POP account.  Incoming mail is fine.  My port for incoming is also 110.  But the outgoing port should be 587 (or 24, 465 and 587 as on Mavericks' "Usual Ports" option).  I am using the same configuration across three different devices and only the machine running Yosemite is having issues.  I notice in the new version of Mail there is no longer the "Usual Ports" option.  I am not sure this is the culprit or not.  But the fact is no matter how I configure it, it will not send mail for these particular servers.  I have multiple clients and only one is affected, meaning I can send email from other email addresses (different hosting contracts) on Yosemite but on this one particular one I cannot. 

Maybe you are looking for

  • Delivery schedule absent in Service related PO

    Dear all       We have buget allocation for every month,so we need delivery schedule in PO,But in service PO there is no delivery schedule,even if it is there it is not allowing to enter the quantity,can any one suggest for suitable solution for the

  • Error : "Your purchase could not be complete" when gift app :(

    Hello , can you fix this problem for my account . I'm gifting app for my friends but i can't complete . It show me error : "Your purchase could not be complete" .Thank for your support

  • Is the Thunderbolt Port on Macbook Pro 15" 2011 onyl for monitor ?

    Hello community I have a MBP 15" from 2011, Is the Thunderbolt Port on on this only for monitor ? I'm considering to buy a TB extern HD for backup, want to be sure before I give my money away. Thanks in advance ! P.

  • Bookmarks have disappeared

    When I opened Safari this morning all my bookmarks had disappeared. The only ones showing were the "classic" ones that are pre-entered by Apple (Apple, yahoo, google maps... etc). I did a search for bookmarks.plist which gave nothing! I have however

  • Networking with window 7 computer

    Cannot get my MAcBook Pro to see another laptop running windows 7. That computer can see and access my computer. How do I add him to my network? My computer can see another machine which we have that runs XP.