Automatically accept VeriSign certs?

Similar Messages

• Non-Verisign certs in WS7

  Hello,
  I have a mix of server certificates from Verisign and Network Solutions CAs. Both types are stored in my Crypto accelerator (hardware token), from where I've been using them for WS6 and AS7 instances.
  In WS7, the Certificates tab in the admin interface shows certs of both types and the token that they are contained within. When I attempt to configure a listener with SSL enabled, the Certificate field has two types, "RSA Certificates" and "ECC Certificates". The latter says "No ECC Certificates Available", and the pick-list for the RSA Certificates only lists the Verisign certificates.
  For a server that I migrated from an older version (WS6.1), the server.xml lists the correct server-cert-nickname value for a NetSol cert, and indeed, the cert is properly loaded and the listener starts up fine using that certificate.
  Why is it that my NetSol certs don't show up in the admin interface? I can hack the server.xml file in vi to use the correct certs, but I'm thinking there should be a way that I can access these other certs with the admin interface.
  Thanks,
  Bill

  Output of wadm list-certs --verbose -all:
  nickname        issuer-name     expiry-date
  [email protected]:Server-Cert      Network Solutions Certificate Authority May 19, 2007 6:59:59 PMThere is no -h option to certutil -L:
  certutil -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]However, if I export it from the hardware token using pk12util then import it into the internal token, I can view the details:
  # pk12util -o xxx -d . -n [email protected]:Server-Cert  
  Enter Password or Pin for "NSS Certificate DB":
  Enter Password or Pin for "[email protected]":
  Enter password for PKCS12 file:
  Re-enter password:
  pk12util: PKCS12 EXPORT SUCCESSFUL
  # pk12util -i xxx -d $PWD
  Enter Password or Pin for "NSS Certificate DB":
  Enter password for PKCS12 file:
  pk12util: PKCS12 IMPORT SUCCESSFUL
  # certutil -L -d .   
  Network Solutions Certificate Authority - GTE Corporation    c,, 
  Server-Cert                                                  u,u,u
  # certutil -L -d . -n Server-Cert
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number:
              28:f5:87:82:b0:65:ff:58:08:63:b5:0e:69:07:ea:6d
          Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
          Issuer: "CN=Network Solutions Certificate Authority,O=Network Solutio
              ns L.L.C.,C=US"
          Validity:
              Not Before: Fri May 19 00:00:00 2006
              Not After : Sat May 19 23:59:59 2007
          Subject: "CN=*.qisc.com,OU=Secure Link SSL Wildcard,O="Quixote Intern
              et Services & Consulting, Inc.",L=Chippewa Falls,ST=Wisconsin,C=U
              S"
          Subject Public Key Info:
              Public Key Algorithm: PKCS #1 RSA Encryption
              RSA Public Key:
                  Modulus:
                      c4:87:81:66:77:99:c5:8e:f1:59:ff:59:c6:38:63:5a:
                      46:31:8e:13:38:5e:2e:71:d7:22:38:5b:df:c4:47:e9:
                      d3:c3:ff:52:3a:5b:21:c1:b5:01:0a:ec:81:3d:80:b4:
                      39:74:6a:7d:39:63:e1:06:a4:f1:45:cf:43:8d:6a:79:
                      49:4e:d9:22:d2:8f:08:6e:23:87:e3:14:7f:aa:c7:8f:
                      df:d7:d0:e1:e0:7e:1c:d7:64:d0:43:94:19:06:7d:48:
                      82:6f:e3:e1:05:69:cc:42:67:9f:db:e5:c7:6e:11:7a:
                      10:94:6c:95:f0:1e:5c:36:93:37:09:ea:b4:0d:4e:6f
                  Exponent: 65537 (0x10001)
  (stuff deleted for brevity - let me know if you need to see all of this output)Hmmm...this is interesting...after importing the cert from the hardware token into the internal certificate database, it now shows up as "Server-Cert" in the RSA Certificates list of the SSL->Edit HTTP Listener admin page. So it only shows certs from the hardware token when they are Verisign certs, even though the NetSol certs work just fine when they are stored in the internal database. This is NOT a work-around, however, as this defeats the purpose of having the crypto accelerator.
  BTW, I also sent a note to NetSol's support people, and they had this thought:
  As we use an intermediate, that could be the reason why they are not listed.
  Without the intermediate it will not find a chain to the trusted root.
  We would recommend contacting the software provider for details on
  importing the intermediate into the application server.I have already tried importing their certificates into the internal token, but that had no effect on this problem. Do I need to import their intermediate certs into the hardware token, rather than the internal one? If so, how do I do that? Or do I need to install these intermediate certs in the admin server's internal database, rather than my server instance's database?
  On the assumption that these intermediate certs were needed in the admin server's internal database, I used certutil to load them to see if that would help:
  # certutil -A -n 'AddTrust External Root' -t 'CT,C,C' \
  -d . -a -i /tmp/certs/AddTrustExternalCARoot.crt
  # certutil -A -n 'UTN-USERFirst-Hardware - AddTrust AB' -t 'c,,' \
  -d . -a -i /tmp/certs/UTNAddTrustServer_CA.crt
  # certutil -A -n 'Network Solutions Certificate Authority - GTE Corporation' -t 'c,,' \
  -d . -a -i /tmp/certs/NetworkSolutions_CA.crt
  # certutil -L -d .                                                                                     
  Admin-Server-Cert                                            u,u,u
  Admin-Client-Cert                                            u,u,u
  AddTrust External Root                                       CT,C,C
  UTN-USERFirst-Hardware - AddTrust AB                         c,, 
  Network Solutions Certificate Authority - GTE Corporation    c,, 
  Admin-CA-Cert                                                CTu,u,uHowever, after stopping and restarting the admin server, I still do not see my token-resident certs in the admin interface.
  Let me know what you'd like to see next.
  Thanks,
  Bill

• Automatically accept screen sharing from specific user ???

  My mother is a newbie mac user. To be honest, she's a newbie computer user - full stop. She did inherit my PC laptop when I switched, but within a week she had crashed it. The mac she has is still running. (And guess who got it for her. I'm a good daughter.)
  Anyway - her G4 Powermac is running Leopard like a dream. In fact it is much faster now than before. Still, she has a few issues. Like the other day, she couldn't get music through her speakers and I'm abroad at the time.
  I asked her to accept a screen share, she did. I fixed the speaker issue and closed the screen share. She is happy as larry. But that got me thinking. Is it possible to automatically accept screen share from certain users? That would be a great help if that would be possible.
  Thanks in advance.

  Musicsites, here is your answer. Just follow the instructions completely and it will work quite well. I have it running and it allows my iMac to automatically answer incoming Screen Sharing requests ONLY from my MacBook.
  <http://www.getstonered.com/2007/11/applescript-automatically-accept-ichat.html>
  Mike

• How do i stop Calender invites from automatically accepting?

  When i recieve a Calender invite it is automatically accepted?

  My fault, this is only to sound the alarm if you get an invite. I don't get invitations, because I did not subscribe to any calendars. This seems to be the only way not to get some.
  But there is a "respond" button right next to the Mounth view button, did you try this one?

• FYI. Verisign Cert & ACS

  for those who have troubles getting verisign cert working on the ACS box, i just spoke to a verisign tech support after facing issues with certs. He mentioned that when generating a CSR on ACS, it generates extra info that are not compatible with verisign. Verisign is working on the issue, it is expected to be rectified soon (in a day or two). The tech support refused to give me further info about what version of ACS causing the issue or so... I'm using ACS3.3 at the moment.

  I've installed a Verisign cert on the ACS with minimal difficulty, but it does take a couple of extra steps.
  When generating the cert request on the ACS, you have to enter the complete identification path in the Common Name field of the form. i.e., instead of just cn=Ciscoacs, you have to enter c=US,s=Florida,l=KeyWest,o=TheShirtShack,ou=Accounting,cn=Ciscoacs all on the same line.
  Also, if the certificate file format that Verisign sends back is not recognized by the ACS, you can import it into your web browser and then re-export it in the correct format (DER .509 if I recall correctly) and then upload the reformatted cert to the ACS.
  It works fine after all that =)

• Automatically accept FaceTime calls on my Mac OS X Yosemite, 10.10.2 from a specific phone number

  I would like to be able to call my Mac FaceTime and have it automatically accept my call so that I can check on my puppy. I tried using the Terminal and typing in syntax that I had seen on other forums, but it didn't work.
  Please help! I need foolproof instructions because I'm not all that tech savvy.

  Maybe some 3rd parties tools?
  Example: http://www.evological.com/evocam.html

• ACS SE w/ Verisign Cert

  I am using the CAS as an authenication server against AD for my wireless network. I have a WISM as my WLC and some of my users are getting a certifate error when I enable WPA. The error is coming from the ACS. I get an invalid cert error or cert not verified from the Iphone. The certificate is valid and I installed a intemediate CA. No matter what I try i can't get the error to go away.
  Could some please assist?
  Thanks
  mike

  I am using PEAP with MSCHAP. From the IPhone I am getting the cert is not verified, When I use the IntelPro supplicant on a Laptop, it refuses to log on even though I select use "any trusted CA". I called Cisco TAC and they say I have to install the cert on all my computer, I don't believe that is correct. I am using a Verisign cert and so should already be on my computers.
  Internet explorer is not having an issue with the cert, the dell wireless WLAN client does not have a problem either.
  Mike

• Automatically accept invitations in iCal?

  Hi,
  I'm running a MacMini as private fileserver in our family. I want to use iCal to collect dates and meetings of our family. Ical will then publish this calendar automatically on .mac so that we can see all dates from every pc or location.
  I have set up a certain mail account that the MacMini uses. If my wife or I send an invitation from our Outlook at work to this mail account, the MacMini receives it automatically and puts it into iCal.
  Now the missing piece: I want iCal to automatically accept those inivitations, so that the published calendar on .mac is uptodate without user interaction. Outlook offers such a feature, iCal not. So - is there any tool or hint to solve my problem?
  Best regards from Germany,
  Heiko

  They sent an invitation through their meeting invite feature.
  Meeting invitations to myself are fine. I believe this is an issue between Apple and Microsoft, though I'm not sure why this is an issue in the first place because both should be complying with the iCal standard (the meeting format standard, not Apple's program).

• Since IOS 5 my calender which syncy with google automaticly accepts invitations. Any known error, workarround ?

  My calender on iPad and iPhone syncs with google calender.
  Since i sync my Outlook as well with some tools, i will stay with google and not switch to iCloud (i use fotostream, email, ... However).
  Since IOS 5 email invites for dates are automaticly accepted and silently synced into the calender.
  Same storry with my Girlsfriends iPhone and a friend.
  Is this a now bug for apple ?  I was not able to find the knowledge base through the website any more... ?!?
  Any advice, bug fix ?
  Cheers,
  Ralf

• Skype to automatically accept calls on android pho...

  I want my samsung android phone to automatically accept Skype calls and preferably from a specific Skype account.
  I tried the automatic feature on the phone preference but the phone here would automatically launch however without video.
  Help needed

  Device: Samsung S5 unlocked  / 32GB SM-G900HAndroid version: 5.0Skype version: 5.6.0.12393 

• Is verisign cert "multi purpose"?

  If i get a certificate from thawte, I can get the multi-purpose authenticode cert, export it from IE, import it into netscape and be able to sign netscape objects as well as CAB files.
  Can I do the same thing with the verisign cert? Verisign doesn't talk about this on their website, but maybe they just want people to pay $800 instead of $400? Just curious if anyone has tried this. If you have tried it, let me know.
  (before anyone asks, yes, I would love to go with thawte, and have in the past, but my organization has recently made the decision that thawte is no longer an option, so I have to go with verisign)
  Thanks!
  Kirby

  To fully answer my own question,
  I got a verisign authenticode certificate, and was not able to export it in pk12 format that is necessary for netscape to be able to import it.
  I've got a verisign netscape cert on order that I am pretty sure will work for netscape and the java plugins/webstart, as has been mentioned.
  Re: my company's decision. With the disclaimer fully in effect that I'm not in a position of power and am just a programmer wanting a certificate and thus might not have all of the facts or even the correct facts on the issues at hand... From what I understood, thawte got quite a bit more restrictive on where the private key could be stored. From what I understand, the private keys would have to be stored in a central location for the entire organization which wasn't reasonable for our size of 5 - 10,000 as it would have caused undue hardship on the gatekeepers as well as people actually wanting something signed. Verisign apparently didn't have the same strictness.

• Make tcc permanently accepting a cert

  Hi,
  using sgd/ee 4.0 and 4.1 with an own CA cert, we get always popup dialog
  windows for accepting the
  cert. Experimenting with the TTA webservices API,
  I found, that it comes directly along with calling the method startTcc(),
  so changing
  webtop jsp-s wouldn't help.
  The remaining question is, who isn't trusting
  whom? It seems, that the tcc client is the one, who asking... aka bother
  the user again and
  again.
  Therefore, is there a way to make tcc accepting a certain custom CA
  permanently???
  Background about the certs used: the CA cert is created with openssl, the
  server certs (for tta and apache) are signed from this CA - again using
  openssl - (not self signed!). Both tta server and
  apche accepting the couple of server key/cert
  together with the CA cert.
  Regards,
  Tankred

  Tillmann Basien wrote:
  Rob schrieb:
  While we're on this issue, the only problem I had (have?) was related to
  the Windows Native Client which continued prompting the CA confirmation
  dialog box; I was told (but I've yet to test it) that you can download
  the above ca.pem file directly into the folder which holds the Native
  Client executable itself.
  Yes, and more.
  You can set the ca.pem into the execution directory. But I you have
  different ca.pem for different sides this fails, because you need two
  ca.pem in the diectory.
  Two solution to that:
  1) setup a link to your NC and define an own "Execution Directory" in
  this link. In this directory set the ca.pem form the other side.
  2) Append all you ca.pem into on ca.pem file.
  ca.pem:
  Side A
  -----BEGIN CERTIFICATE-----
  MIIDiTCCAvKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEBhMCY2gx
  DjAMBgNVBAgTBVN3aXNzMREwDwYDVQQHEwhSb3RrcmV1ejEXMBUGA1UEChMOQldP
  IFN5c3RlbXMgQUcxEjAQBgNVBAsTCVJPT1QgQ0VSVDEVMBMGA1UEAxMMYndvLmlu
  dGVybmFsMRowGAYJKoZIhvcNAQkBFgtpbmZvQGJ3by5zaDAeFw0wNTA2MDcxMjU3
  GAYJKoZIhvcNAQkBFgtpbmZvQGJ3by5zaIIBADAMBgNVHRMEBTADAQH/MA0GCSqG
  SIb3DQEBBAUAA4GBADzdAGuRiNX4jmzHb91GhLipWdeMZtl3W47sIXenVHSi5esv
  +/JzR8rmQRE4vtFPcsi9xOGCPgB0cS6CCDw2hKYtIGIHDH/OeXvNA3Fbr+qDQcnZ
  OY9b1DZUccZPkam3Zgi7Ku41NuFCnWSjpcn1S/Q5OzKlsVSK31Q6Fz+vhkbs
  -----END CERTIFICATE-----
  Side B
  -----BEGIN CERTIFICATE-----
  MIIDpDCCAw2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCZGUx
  EDAOBgNVBAgTB0dlcm1hbnkxEDAOBgNVBAcTB05hdW5ob2YxEzARBgNVBAoTCkhK
  oGyRueksFhEU/2a4nxv1F2d6wxbULlnxl4acOTn8dgSj9J+fHDPGBuSrl9IUlnCv
  b5BnmQWQ0fpTruEQZJ3RPirWB7uoBSg7JB+A8PZ3m0lBDx6G9uXUwTF9VCdNVZeA
  n1Js5ue72kN9N2r5uQKMXTpOzcsl3mEo
  -----END CERTIFICATE-----Good one to which I'd like to add that a) I've been actually able to
  verify what I suggested in my message and b) mind you that I've been
  told that, on the Windows side, the crypt dll may have a problem when
  dealing with multiple root CA when one is expired.
  At the minute I'm not able to check that against Microsoft's KB but I
  had a customer who showed me the article I'm looking for.
  Best,
  Rob
  Roberto Zini - r.zini<@AT@>strhold.it
  "Has anybody around here seen an aircraft carrier?"
  (Pete "Maverick" Mitchell - Top Gun)

• Automatically Accept Incoming Contact

  By default, when IC receives an incoming contact (call, email, etc) from a CMS such as Genesys, Avaya, etc., the Accept button in the toolbar will blink and the agent will have to click that button to initiate the interaction.
  In Maximizing Your SAP CRM Interaction Center, however, it states on page 56 that the system can be configured to either automatically accept the incoming telephone call, or to prompt the agent with blinking accept and reject buttons. 
  I'm trying to figure out where within SAP this option can be configured.  Normally I would be able to configure such a capability within the CMS, but there is a switch limitation that prevents it in this case, so configuring SAP to automatically accept the interaction is the only option we have.
  Can anyone point me to the right location to configure this?

  I do not use Genesys but found several places where the subject has already been mentioned, maybe they can inspire you:
  - Auto answer call SAP CRM with Genesys (G+) : http://scn.sap.com/thread/3182272
  - Genesys forum / auto answer call : https://forums.genesyslab.com/showthread.php?t=5988
  Hope it helps,
  Eli

• Automatic acceptance of Service entry Sheet

  Hi,
  We have requirement like whenever the service entry sheet create automatically through CATM it should get service acceptance automatically

  I think this is not possible through std SAP but you can use the user exit SRVESSR
  to accept the service in background once it is generated through CATM.

• Automatic acceptance of appointments in Outlook when using GW Integration

  Hi,
  we use Groupware Connector 2.0 with CRM 4.0.
  Here it is the case thatif you create an appointment in CRM this appointment is sent to Groupware to the calendars of the participants. If ou create an appointment manually in Outlook, all invited people get a Mail and can decide if they want to accept the appointment or not. If it is an CRM activity, this mail is answered automatically and the appointment is fix in one's calendar.
  Does anybody know if there is the possibiliy to change this behavior so that all invited persons also get a mail first that they can accept or not?
  Thanks a lot and best regards,
  Katharina

  I found it out by myself, it's a setting in the groupware connector.