CA-signed certificate for admin server

Similar Messages

• How to register iOS device when using self signed certificate with apple Server?

  Hi,
  I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
  Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
  Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
  Does anyone have an idea how to get around the problem with the self signed certificate?
  Best regards

  Try deleting the Server.app and download it again from the App Store, restart.
  My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first).

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Self Signed Certificate for Web Proxy 4.0.2

  Does anyone have instructions on how to create and install self signed Certificate for Web Proxy Server 4.0.2? My OS is RHEL 4.
  Shed.

  Unfortunately you will not be able to do that from the GUI.
  You will have to use certutil frin proxy-install/bin/proxy/admin/bin/certutil
  Make sure that your LD_LIBRARY_PATH includes proxy-install/bin/proxy/lib
  (start -shell will give you a shell with all necessary paths set.)
  create a file called password-file which contains your password to your cert database
  your cert database resides in the alias directory of proxy installation.
  certutil -S -s "CN=My Issuer" -n myissuer -x -t "C,C,C" -1 -2 -5 -m 1234
  -f password-file -d certdir

• Xcode - "The certificate for this server is invalid"

  Hi,
  I'm trying to log into my Xcode Server (with it's own self-signed certificate) from my work iMac, I receive the following message:
  "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “[server name]” which could put your confidential information at risk. Would you like to connect to the server anyway?"
  The only option is "OK" which just prompts the login screen again, it doesn't allow me to "connect anyway".  How do I get around this? :/

  What account are you trying to access? Skype or some other site and you are being redirected to Skype?

• Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

  In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
  on this computer" and un-checked "Use simple certificate selection".
  My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
  client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
  drop down.
  Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
  TIA,
  -Rick

  Hi Rick,
  Thank you for your patience.
  According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
  know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• Renew code signing certificate mountain lion server

  Hello to all
  Can you please let me know if there is a way to renew the self code signing certificate for server WITHOUT re enroll all devices?
  We have 500 iPads enrolled and the code signing certificate expires in 2 weeks...
  So it's really critical not to re enroll all devices .
  Is there any way to do this?
  Thank you for you help.

  When I put this in I am just getting the following response
  Usage: certadmin
      --get-private-key-passphrase [path]    
        Retrieve the passphrase for the private key at [path] from the keychain
      --default-certificate-path
        Retrieve the full path for the default certificate
      --default-certificate-authority-chain-path
        Retrieve the full path for the default certificate authority chain
      --default-private-key-path
        Retrieve the full path for the default private key
      --default-concatenation-path
        Retrieve the full path for the default certificate + private key concatenation
      --create-default-self-signed-identity
        Creates a default self signed identity (certificate + private key) using the hostname
      --recreate-self-signed-certificate subject serial_number
        Recreate an existing self signed certificate
      --recreate-CA-signed-certificate subject issuer serial_number
        Recreate an existing certificate signed by an OpenDirectory CA
  where you have "192173c1c is this meant to be the serial number?

• Erase All Content and Settings, continually says the certificate for this server is invalid

  Erase All Content and Settings, continually says the certificate for this server is invalid..
  How can I over come this problem

  Welcome to the Apple Community Siobhan.
  Please try the following...
  Go to Settings > iCloud > Delete Account (This removes your data from your device, but not from your account, it will be added back later).
  Restart the device.
  Sign in again (Settings > iCloud, don't use the 'Create New Apple ID' button).

• CA signed certificate for Jabber 4 windows

  Hi,
  I have a CA signed certificate for my J4W which is working my question is how can I get J4W when you login the first time after installation not to prompt for you to accept the certificate and it does it 4 times, after that you never get it a again, but for bulk roll out purposes is there a way I can bypass this issue?
  Thanks in advance.

  I'm just working through this too, with a Microsoft domain-integrated CA.
  Some of the other posts were not clear in regard to WHICH cert gets dealt with in which way. Someone please let me know if this process below is inaccurate or incomplete.
  Assuming you have three different severs and only one of each type: CUCM, IMPS, UCxN
  -Generate CSRs for the CUCM, IMPS, UCxN tomcat self-signed certs and export them as clearly named CSR files (3 of).
  -Generate a CSR for the IMPS xmpp self-signed cert and export it as a clearly named CSR file (1 of).
  -Sign all four CSRs with the CA web browser https://ipaddress/certsrv.
  -Export the CA's root certificate in Base64 format using the cert authority name as the file name (only for clarity) e.g. mydomain-AD-CA.cer. Do not rename the file after download.
  -Import the CA's root certificate into each Cisco UC server's tomcat-trust and into the IMPS xmpp-trust. This must be done before the next step.
  -import the CA-signed Cisco UC server SSL certs (that started out as CSRs) as tomcat certs. Import the CA-signed xmpp cert as an IMPS xmpp cert. This replaces the tomcat (and IMPS xmpp) certs with certs that have been signed by the CA.
  -restart the Cisco Tomcat feature service and the Cisco XMPP Router service on each Cisco UC appliance using the CLI "utils service restart Cisco Tomcat"
  -restart the Cisco XCP Router network service on IMPS.
  -Install the CA's root certificate into the client's (assuming Windows) Manage User Certificates > User > Trusted Root Certification Authorities cert store. If you have a domain-integrated MS CA, this will already exist (and should exist, or something else is wrong, or not completed yet with the PKI Infrastructure setup). Look in the User > Trusted Root Certification Authorities cert store - if you can see the CA's root cert that you just installed = great.
  -Test 1: Browse to CUCM by FQDN using IE. https://cucm.mydomain.com/ccmadmin. You should get a perfect alert-free connection to CUCM. This proves that the PKI infrastructure is good.
  -Test 2: Start J4W. It should start up without any popup alerts providing the UC Service Profile and CSF Device config only use FQDNs, that match the certificates you signed with the CA
  -BTW: If you've previously manually accepted J4W popup alerts, before starting J4W go into Manage User Certificates on the Windows client and find and remove all self-signed Cisco UC  appliance certs. Leaving them there will fool you into thinking you've done a complete job when in fact it's not the case.
  ---Well that 's the theory anyway.

• Verification Failed. The certificate for this server is invalid

  I am trying to backup my iPad to iCloud.  I get:
  Verification Failed.  The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
  I am logged onto the wifi at work and I can surf the Internet so the connection is OK.
  How do I begin to debug this issue?

  Hey everyone,
  I had this issue for few months already! I have a @me.com mail address, theoretically should be compatible with iCloud, just for some reason, it's not working!!
  The mail all work fine on my macbook and iPhone, just the ipad kept showing the error message, the "verification failed".
  The internet is wi-fi and it all working fine.
  Now here is the solution.
  Make sure you got internet connected fine.
  Go Setting --> Mail, Contacts, Calendars --> Add Account --> Other
  --> Add Mail Address -->
  in the description, it will auto showing "Me", don't change it!
  Go "Next" -->
  in the Incoming Mail Server
  Host Name --> Type "imap.mail.me.com"
  Then your user name and password
  in the Outgoing Mail Server
  Host Name --> Type "smtp.mail.me.com"
  Then your user name and password
  Then next and save it.
  This should work, it works for me,
  Hope this helps!!

• Verification failed certificate for this server is invalid

  I attempt to log into the iCloud on my iPod over a WiFi connection and it gives me the Verification Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
  Why am I getting this and how can I access the iCloud to backup my files?

  This happened to me because my router was configured to use Open DNS servers (Primary 208.67.222.222, Secondary 208.67.220.220). Temporarily adjusting the DNS settings on the router to 4.2.2.1 and 4.2.2.2 did the trick. Open DNS does weird things with certain certificates. Even if your router is configured to used something else, try the ones listed above to see if it makes a difference.

• The certificate for this server is invalid skype

  I am attempting at access My Account on an iPhone 5, I am getting a message saying the certificate for this server is invalid.  You might be connecting to a server that is pretending to be "secure.skype.com" which could put your confidential information at risk.
  My date, time and time zone are all correct.  Any suggestions?

  What account are you trying to access? Skype or some other site and you are being redirected to Skype?

• Mobile Me Verification Failed - it says the certificate for this server is invalid.  What does that mean?

  Trying to set up a 2nd device on Mobile Me and it's telling me "Verification Failed, Certificate for this server is invalid, I might be connecting to a server that is pretending to be setup.me.com which can put my confidential information at risk."   Please tell me what this means and how to correct it.  My 1st device set up with Mobile Me just fine. 

  Check your date/time settings if correct.
  Happened to me when I changed the battery then I found out that the settings is not yet set.
  Works flawless now!
  Good luck!