Asa ssh/vnc plugins digital certificates expired

Hi,
we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
(ssh-plugin.08030, vnc-plugin.080130).
Are newer ones available?
Thanks
Dorothea

BTW this could be of help:
http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
You probably want to install a code signer certificate.
While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

Similar Messages

  • ASA-SSM-10 with IME: certificate expiration

    ASDM and IDM work fine with my SSM. I'm attempting to add my SSM as a new device into (just installed) IME 7.0.1. Dialog box says:
    IOException when try to get certificate: java.security.cert.CertificateExpired Exception: NotAfter: Tue Jul 28 04:44:51 EDT 2009
    What is the issue here, and how do I fix it?
    Thanks in advance,
    -- Bill

    Found answer to this, via Cisco Service Request. Used CLI on AIP-SSM:
    sensor# tls generate-key
    Then I refreshed sensor details in IME, tried adding a new device and all worked fine. IME has the AIP-SSM reporting I was after, so - good deal.

  • Digital Certificate of SAP AG from VeriSign expired on 26.02.2005 ?

    Hi,
    When we open BEx, Security Warning screen of office 2003 appears. Although SAP note says that "click 'Always trust macros from this publisher'", this check is grayed out.It is because Validity of Digital Certificate is 26.02.2005.
    Question is ;
    is there a newer version of *.xla with new Digital certificate? or any other comment which we don't encounter this screen everytime we start BEx without lowering the security settings?
    Thanks &B Regards

    Sinan,
      We are experiencing the same exact problem. How did you fix this issue??
    Regards,
    Vinay

  • WVC54GC V1.1 - Software Certificate Expired!

    I have this camera put away some time, and recently I installed it again.
    It was no problem finding it and setting it up both with cable and wireless.
    And no problems coming to the webpage where I should could see the camera.
    I choose "View Video" and it pops up with software install (NetCamPlayerWeb11gv2.cab)
    Then it says Unknown Supplier and something about Windows has blocked it to protect my computer.
    Under certificate it says that it's expired:
    Cisco-Linksys LLC
    Verisign Class 3 Code Signing 2004A
    From June 9th, 2006 to July 12th, 2009
    I can not install the software in neither in IE or Firefox.
    Newest firmware installed. Tried from Win7, XP and VirtualXP - no luck

    You are absolutely not reading anything I'm writing...
    You can change all the security settings you want.
    NOTHING WILL WORK as the software integrated in the camera's firmware is expired.
    Only solution is to change the time on the PC back to the time where the software was NOT expired.
    I have mounted video-surveillance as a technician in years. And obviously I know more about your product than yourself.
    Scary!
    I say again, It has nothing to do with IE security as I tried it as the first thing.
    IE ask your permission to install activex, but it is not helping as it does not change that the software is expired.
    But certainly I have realized what brand of products NOT to purchase at a later time.
    You can take a look at your own previously releasenotes:
    http://homedownloads.cisco.com/downloads/WVC54GC_V11_FW126,0.txt
    quote:
    Version v1.19, Jul 7, 2006
    - Fix: Unable to install ActiveX plugin to view video. Verisign digital signature expired.
    /quote
    Even noobs can see that this is the problem AGAIN, as the Verisign digital signature once again has expired.
    (As I said from the beginning)
    So try again!

  • Applet digital certificate is diplaying before applet loads

    Hi All,
    I have a drop-down in a jsp page. I want to display a signed applet when I select a particular option from that drop-down list.
    In http mode the digital certificate is displaying only when I select that particular option from dropdown list. (working fine)
    Problem:
    But in https mode the digital certificate is diplaying whenever that jsp loads.(i.e. certificate is diplaying before selecting an value from dropdown list)
    Suggestions please.
    Thanks,
    Krishna

    I am having a similar issue.  Clients using a system running an old version of Crystal Reports are encountering a warning that the digital signature has expired.  It appears to only affect clients using Java 1.5.0 and newer.
    Is there a way to update the digital signature?

  • VPN error when using Microsoft digital certificates.

    Hi,
    I tried implementing site-site VPN between Cisco Router and Cisco ASA using Microsoft digital certificates. After performing the following configurations, I was not able to ping to other site LAN. I enabled debug and got following out put. I sucessfully enrolled digital certificates.
    Cisco ASA config:
    access-list 100 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
    nat (inside) 0 access-list 100
    static (inside,outside) 1.1.1.10 10.1.1.10 netmask 255.255.255.255
    route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
    crypto ipsec transform-set myset esp-3des esp-sha-hmac
    crypto map mymap 1 match address 100
    crypto map mymap 1 set peer 2.2.2.2
    crypto map mymap 1 set transform-set myset
    crypto map mymap interface outside
    crypto ca trustpoint winca
    enrollment url http://10.1.1.10:80/certsrv/mscep/mscep.dll
    crl configure
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    tunnel-group 2.2.2.2 type ipsec-l2l
    tunnel-group 2.2.2.2 ipsec-attributes
    trust-point winca
    On router:
    crypto ca trustpoint winca
    enrollment mode ra
    enrollment url http://1.1.1.10:80/certsrv/mscep/mscep.dll
    crypto isakmp policy 19
    encr 3des
    group 2
    authentication rsa-sig
    crypto isakmp key cisco address 1.1.1.1
    crypto map mymap 10 ipsec-isakmp
    set peer 1.1.1.1
    set transform-set myset
    match address 100
    access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
    crypto ipsec transform-set myset esp-3des esp-sha-hmac
    Debug output on ASA
    CorpASA# Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Removing peer from peer table failed, no match!
    Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Error: Unable to remove PeerTblEntry
    CorpASA#
    CorpASA#
    CorpASA# Nov 15 02:13:06 [IKEv1]: Removing peer from peer table failed, no match!
    Nov 15 02:13:06 [IKEv1]: Error: Unable to remove PeerTblEntry
    Nov 15 02:13:11 [IKEv1]: Removing peer from peer table failed, no match!
    Nov 15 02:13:11 [IKEv1]: Error: Unable to remove PeerTblEntry
    Debug out put on router:
    R2#ping 10.1.1.10 source 192.168.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
    Packet sent with a source address of 192.168.1.1
    Nov 15 02:21:01.067: %SYS-5-CONFIG_I: Configured from console by console
    Nov 15 02:21:02.651: ISAKMP: received ke message (1/1)
    Nov 15 02:21:02.655: ISAKMP (0:0): SA request profile is (NULL)
    Nov 15 02:21:02.655: ISAKMP: local port 500, remote port 500
    Nov 15 02:21:02.655: ISAKMP: set new node 0 to QM_IDLE
    Nov 15 02:21:02.655: ISAKMP: insert sa successfully sa = 64597C20
    Nov 15 02:21:02.655: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.
    Nov 15 02:21:02.659: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success
    Nov 15 02:21:02.659: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1
    Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-07 ID
    Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-03 ID
    Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-02 ID
    Nov 15 02:21:02.659: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
    Nov 15 02:21:02.663: ISAKMP (0:1): Old State = IKE_READY  New State = IKE_I_MM1
    Nov 15 02:21:02.663: ISAKMP (0:1): beginning Main Mode exchange
    Nov 15 02:21:02.663: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
    Nov 15 02:21:02.703: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
    Nov 15 02:21:02.707: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Nov 15 02:21:02.707: ISAKMP (0:1): Old State = IKE_I_MM1  New State = IKE_I_MM2
    Nov 15 02:21:02.707: ISAKMP (0:1): processing SA payload. message ID = 0
    Nov 15 02:21:02.707: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:02.707: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
    Nov 15 02:21:02.711: ISAKMP : Scanning profiles for xauth ...
    Nov 15 02:21:02.711: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 19 policy
    Nov 15 02:21:02.711: ISAKMP:      encryption 3DES-CBC
    Nov 15 02:21:02.711: ISAKMP:      hash SHA
    Nov 15 02:21:02.711: ISAKMP:      default group 2
    Nov 15 02:21:02.711: ISAKMP.:      auth RSA sig
    Nov 15 02:21:02.711: ISAKMP:      life type in seconds
    Nov 15 02:21:02.711: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
    Nov 15 02:21:02.715: ISAKMP (0:1): atts are acceptable. Next payload is 0
    Nov 15 02:21:02.771: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:02.771: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
    Nov 15 02:21:02.775: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Nov 15 02:21:02.775: ISAKMP (0:1): Old State = IKE_I_MM2  New State = IKE_I_MM2
    Nov 15 02:21:02.783: ISAKMP (0:1): constructing CERT_REQ for issuer cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
    Nov 15 02:21:02.783: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
    Nov 15 02:21:02.783: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    Nov 15 02:21:02.787: ISAKMP (0:1): Old State = IKE_I_MM2  New State = IKE_I_MM3
    Nov 15 02:21:02.903: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
    Nov 15 02:21:02.907: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Nov 15 02:21:02.907: ISAKMP (0:1): Old State = IKE_I_MM3  New State = IKE_I_MM4
    Nov 15 02:21:02.907: ISAKMP (0:1): processing KE payload. message ID = 0
    Nov 15 02:21:02.979: ISAKMP (0:1): processing NONCE payload. message ID = 0
    Nov 15 02:21:02.987: ISAKMP (0:1): SKEYID state generated
    Nov 15 02:21:02.991: ISAKMP (0:1): processing CERT_REQ payload. message ID = 0
    Nov 15 02:21:02.991: ISAKMP (0:1): peer wants a CT_X509_SIGNATURE cert
    Nov 15 02:21:02.995: ISAKMP (0:1): peer want cert issued by cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
    Nov 15 02:21:02.995: ISAKMP (0:1): Choosing trustpoint winca as issuer
    Nov 15 02:21:02.995: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:02.995: ISAKMP (0:1): vendor ID is Unity
    Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID seems Unity/DPD but major 11 mi.smatch
    Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID is XAUTH
    Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:02.999: ISAKMP (0:1): speaking to another IOS box!
    Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
    Nov 15 02:21:03.003: ISAKMP (0:1:): vendor ID seems Unity/DPD but hash mismatch
    Nov 15 02:21:03.003: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Nov 15 02:21:03.003: ISAKMP (0:1): Old State = IKE_I_MM4  New State = IKE_I_MM4
    Nov 15 02:21:03.007: ISAKMP (0:1): Send initial contact
    Nov 15 02:21:03.067: ISAKMP (1): My ID configured as IPv4 Addr,but Addr not in Cert!
    Nov 15 02:21:03.067: ISAKMP (1): Using FQDN as My ID
    Nov 15 02:21:03.067: ISAKMP (0:1): SA is doing RSA signature authentication using id type ID_FQDN
    Nov 15 02:21:03.067: ISAKMP (0:1): ID payload
            next-payload : 6
            type         : 2
            FQDN name    : R2.cisco.com
            protocol     : 17
            port         : 500
            length       : 20
    Nov 15 02:21:03.067: ISAKMP (1): Total payload length: 20
    Nov 15 02:21:03.095: ISAKMP (0:1): constructing CERT payload for hostname=R2.cisco.com
    Nov 15 02:21:03.095: ISKAMP: growing send buffer from 1024 to 3072
    Nov 15 02:21:03.095: ISAKMP (0:1): using the winca trustpoint's keypair to sign
    Nov 15 02:21:03.215: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
    Nov 15 02:21:03.219: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    Nov 15 02:21:03.219: ISAKMP (0:1): Old State = IKE_I_MM4  New State = IKE_I_MM5
    Nov 15 02:21:03.375: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Nov 15 02:21:03.375: ISAKMP: set new node -1205710646 to QM_IDLE
    Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Nov 15 02:21:03.383: ISAKMP (0:1): received packe.t from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Nov 15 02:21:03.383: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Nov 15 02:21:03.383: ISAKMP: Info Notify message requeue retry counter exceeded sa request from 1.1.1.1 to 2.2.2.2...
    Success rate is 0 percent (0/5)
    R2#
    Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
    Nov 15 02:21:13.219: ISAKMP (0:1): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    Nov 15 02:21:13.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
    R2#
    Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
    Nov 15 02:21:23.219: ISAKMP (0:1): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
    Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    Nov 15 02:21:23.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
    R2#
    Nov 15 02:21:32.651: ISAKMP: received ke message (1/1)
    Nov 15 02:21:32.651: ISAKMP: set new node 0 to QM_IDLE
    Nov 15 02:21:32.651: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. (local 2.2.2.2, remote 1.1.1.1)
    Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
    Nov 15 02:21:33.219: ISAKMP (0:1): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
    Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    Nov 15 02:21:33.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
    R2#
    Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
    Nov 15 02:21:43.219: ISAKMP (0:1): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
    Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    Nov 15 02:21:43.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
    PLease assist me in sorting this issue, i need to implement on my live network.
    Thanks a lot in advance.
    Regards,
    Mohan.D

    HI Mate ,
    your ASA is sending the ASA certificate :
    but after that we are recieving an isakmp notify message which tears down the connection ?
    somehow the remote peer didn't like the ASA certificate
    do you have access to that peer ? is it a CISCO ASA?
    is the time synchronized with that side ?
    it the CA certificate installed on that peer?
    HTH
    Mohammad.

  • Adobe Dreamweaver + Air, Digital Certificate Missing?

    I was trying to test out the Adobe Air plugin for Dreamweaver. I have the SDK and the plugin installed but when i fill out the Air Application Settings a popup window appeared saying "Please specify a digital certificate and the coresponding password. So i did some googleing and saw a screenshot of the same window but the digital certificate thing was at the bottom of the window. My Air Application Settings window does not have that at the bottom so i cannot finish the form and finish my Adobe Air application. Does anyone know how to fix this or am i missing something?

    I don't know this error. I guess it is probably because
    Dreamweaver could not create the certificate file. In that case,
    you might change to another directory to output the certificate.

  • Digital Signature Expiration

    We are currently running 5.1 SP6 and are a little confussed with all the release notes that have been posted regarding the digital signature expiration as to whether or not our version will be affected by this.  From the most current release notes, it sounds like versions BPC 7M SP3, BPC 5.1 SP7, BPC 5.1 SP8, and CPM 4.2 SP05 Patch 1 are the only ones that will be affected.  Is this true?
    It also sounds like it is more of a nusance than anything because you will recieve a warrning message if your security level is set to very high so you would have to change your security to a lower level.  It doesn't sound like any system funcationality will be affected.  Is this also true?

    The digital signatures are for our excel components (add-ins). They must be signed (by verisign for example) in order for excel to allow them to run. The certificates expire, really they are not supposed to but there was a glitch in the these particular builds that allows them to expire, once they expire it could render BPC for Office unusable. This depends on Office's macro security, for example, if in excel your macro security is set to High, when you run BPC you will get a message that says the macros are unsigned and won't them be invoked. If you macro security is set to medium you will only get a warning and it will let BPC load if you click Ok on the warning.
    These are the only versions that are effected.
    Links to SAP notes with more information on the patch and to download the patch:
    4.2 SP5 - https://service.sap.com/sap/support/notes/1334222 
    5.1 SP7 - https://service.sap.com/sap/support/notes/1334157
    5.1 SP8 - https://service.sap.com/sap/support/notes/1334216
    7.0 SP3 - https://service.sap.com/sap/support/notes/1334217
    Hope this helps.

  • Multiple SAP Passports(Digital Certificates)

    Hi Guys,
    I want to know how i could have multiple digital certificates created to login to service.sap.com.
    My case is that i have 2 S IDs. I have created an SAP Passport(digital certificate) for 1 S ID, so that i dnt have to enter the user name and password every time i login to service market place. However i would want to create a digital certificate for my other S ID as well. How do i do that..
    Help appreciated
    Rgds,
    Prabinath

    Hi Aj,
    When your SAP passport expires SAP recommends to delete your old SAP Passport and create new passport. Since the new SAP Passport is valid already, there is no reason to retain the old one.
    Please check and let me know if you need any information.
    Regards,
    Kiran .V

  • When I try to export my digital certificate (make a backup copy), firefox says that backup PKCS # 12 could not be done due to unknown causes.

    I obtained new digital certificate, which is working without any problems. When I try to export backup copy of new or already existing certificate, I get response window that exportation failed due to unknown reason. I use Firefox 3.6.14

    The same problem occured with FF in Linux. The solution found there was to uninstall Torbutton, restart FF and try again. In my case I had to try twice. There may of course be other plugins that cause problems ...

  • CUCM - Tomcat.der certificate expired

     I got an RTMT alert related to tomcat.der certificate expired.
     At Mon Aug 04 21:00:16 CDT 2014 on node 10.203.12.10, the following SyslogSeverityMatchFound events generated: 
    SeverityMatch : Critical
    MatchedEvent : Aug  4 21:00:01 CUCM01 local7 2 : 195: CUCM01.TEST.COM: Aug 05 2014 02:00:01.21 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:tomcat.der Unit:tomcat Type:own-cert Expiration:Wed Aug 6 14:42:00:000 CDT ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CUCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 
    NodeID : CUCM01
     Could you please help me how to solve this problem.
    Regards
    Sathya

    How can I find whether the previous certificate is self signed or not.
    Two methods:
    1 - Go to OS Administration ( https://SERVER/cmplatform/ )  and login. (Remember, this is the operating system ID and password and NOT the ID/Password you use to login to ccmadmin with.) Go to Security -> Certificate Management and click find. This will list all your certificates. The tomcat one is usually at the top. The right hand column will tell you if it's self-signed or not.
    2 - Go to https://SERVER/cmplatform (no need to login) and click on the padlock to examine the certificate.
    whether the new certificate can be upload after the previous certificate is expired, will there be any problem.
    You can replace a certificate any time you want. You don't have to replace an expired certificate - but it's good practise too. (And it stops those annoying emails too!)
    Any services or server needs to be rebooted.
    For the Tomcat certificate, you have to restart the Tomcat service. This can only be done from the server CLI. So either login to the console, or SSH in (again, with the operating system ID & password) and type the command "utils service restart Cisco Tomcat" (NOTE: This is CaSe SeNsItIvE) Whilst this is restarting, all the web apps (ccmadmin, cmplatform, etc.) will be offline.
    How can we verify whether the certificates are proper.
    Not sure what you mean by this. If you mean: "How can I be sure the server is using the new certificate?" go to https://SERVER/ccmadmin and in your browser click the padlock to examine the certificate. HINT: You *may* have to restart your browser for it to notice the certificate change.
    GTG

  • WebVPN-Problem with Digital Certificate and AAA

    Hello everyone,
    I have a problem during configuring WebVPN on ASA 5520 using AAA and digital certificate of Microsoft. (MSCEP)
    Currently, The WebVPN service is enabled and it worked well with AAA (local or external) only,
    But now, I want to use both AAA and Certificate for most secure-I mean that the users will be authenticated 2 times (firstly, it is checked by valid certificate then user/pass is second one).
    Here are details:
    I tried installation CA server (Microsoft CA service combined with SCEP) and register ASA with CA server (ASA work as subordinate CA)-->these steps is ok, asa has registed, then client use web-browser request CA and it's issued by CA administrator then it is installed on web-browser.
    Testing:
    The Client tried to test with access SSL VPN, the welcome WEBVPN message prompt user/pass but the message is "Logon Failed" before I give user and pass,
    Does anyone know and advise ?
    Thanks
    Khanh

    Hi all,
    Here are attach files for my issuse,
    Khanh

  • How to renewal the Java Keytool DIgital Certificate programmatically?

    Hi,
    I created the self signed Digital certificate programmatically.My certificate got expired.I want to Renewal the Digital certificate programmatically.
    If any one is having idea to renewal the certificate,please share it to me.
    Thank you

    Whenever we want to renewal the certificate , we have to create new key store file and new certficate file .
    NO
    Absolutely not.
    I've just told you that.
    Instead of tcreating new certificate/keystore file, is it possible to update the +'valid from and Valid to date '+ alone in old keystore file?I've jsut answered that as well. I don't know what code you executed to generate the original certificate but you have to repeat the part that signed it.

  • Private key and digital certificate

    I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
    and i got,
    Keystore type: jks
    Keystore provider: SUN
    Your keystore contains 1 entry
    demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
    Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
    Question :
    I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
    If so , what are private keys and digital certificate in the above contents ?
    Message was edited by:
    Unknown_Citizen
    Message was edited by:
    Unknown_Citizen

    The content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .

  • Can XML Publisher add a digital certificate (cert.pfx) via the xdo.cfg file or do I need to upgrade and use BI Publisher instead?

    Hi Guys
    I need to add a digital certificate to a clients customer statements and invoices. XML Publisher 5.6.3 has been used originally to design the templates as RTF. I have the following questions please...
    1. Can an RTF template be used or do I need to convert it to a pdf template?
    2. Can XML publisher even be used or do I need to get the DBAs to install BI Publisher. XML Publisher doesn't even have the signature properties in the admin screens that BI Publisher has.
    Below is a copy of the xdo.cfg file which currently does not add the pfx file...
    <config version="1.0.0"  xmlns="http://xmlns.oracle.com/oxp/config/">
    <properties>
       <property name="system-temp-dir">/tmp</property>
       <property name="pdf-security">false</property>
       <property name="pdf-open-password">testpass</property>
       <property name="pdf-permissions-password">testpass</property>
       <property name="pdf-encryption-level">1</property>
       <property name="pdf-no-printing">true</property>
       <property name="pdf-no-changing-the-document">true</property>
       <property name="signature-enable">true</property>
       <property name="signature-pkcs12-path">/app/oracle/product/appldev/apps/apps_st/appl/xdo/12.0.0/resource/digcert.pfx</property>
       <property name="signature-pkcs12-password">testpass</property>
       <property name="signature-field-location">top-left</property>
       <property name="signature-reason">taxreasons</property>
       <property name="signature-signed-at">Cape Town</property>
       <property name="signature-display-style">detailed</property>
    </properties>
    </config>
    Any help will be greatly appreciated.

    thanks for the summary of the many posts and threads describing all of these steps.

Maybe you are looking for