Can't install a wildcard SSL certificate

Similar Messages

• Howto install a signed SSL Certificate

  Hi,
  I installed a new Novell File Reporter 2.0.
  When I open the Browser I get a self signed Certificate.
  Where can I install my signed SSL Certificate?
  Thank you
  Thomas

  TEggers,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Wildcard * SSL Certificates for TTA??

  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on the name
  for wildcard certs?
  Cyrus

  Hi Cyrus
  I was loosely referring to PKI rules e.g.
  http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
  http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
  Wildcarding isn't supported. I understand what you are trying to do now
  but it won't work because the software is looking for a certificate
  matching a single server.
  The certrequest command is just a wrapper script for openssl so it won't
  stop you doing anything the openssl command believes may be valid. You don't
  actually need to use this command it's just there for convenience, you
  could do everything just using openssl.
  The current documentation doesn't explictly state that you can't use
  wildcards in certificates but it does say you need a certificate for a
  SGD server. My understanding of the wildcard issue is that it is up to
  a particular application to decide what is appropriate.
  http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
  Regards
  Barrie
  On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
  May I inquire as to where these rules are listed regarding SSL Certs, I
  didn't see anything to the effect in the documentation. Also why weren't
  the rules enforced at certificate generation time. Even the validation
  command (tarantella security certinfo) had no problems.
  The CSR generation/signing went through flawlessly and created a wildcard
  cert that Apache could use. It's one thing if the whole cert process
  couldn't handle a wildcard, but it seems like everything would have worked
  if only the applet accepted a wildcard regex match.
  Regards,
  Cyrus
  barrie wrote:
  Hi Cyrus
  No, sorry. The rules say you can't do that. You are required to have a
  certificate for a node not a network.
  Regards
  Barrie
  On 2005-08-05, CM <[email protected]> wrote:
  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to
  name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on thename
  for wildcard certs?
  Cyrus

• SA520 Wildcard SSL Certificate?

  I have a wildcard SSL certificate for our domain from RapidSSL.  I installed the intermediary certificates fine but I can't get the acutal cert to install.  I get the message "Can't Upload Invalid Self Certificate" message.  Has anyone else ever successfully used a wildcard cert with an SA?

  Hello Mr. Williamson,
  In order to get a new SSL certificate please follow the next instructions:
  STEP 1 : Click Administration > Authentication.
  The Authentication (Certificates) window opens.
  STEP 2 For each type of certificate, perform the following actions, as needed:
  • To add a certificate, click Upload. You can upload the certificate from the PC
  or the USB device. Click Browse, find and select the certificate, and then
  click Upload.
  • To delete a certificate, check the box to select the certificate, and then click
  Delete.
  • To download the router’s certificate (.pem file), click the Download button
  under the Download Settings area.
  STEP 3 To request a certificate from the CA, click Generate CSR.
  The Generate Certification Signing Request window opens.
  a. Enter the distinguished name information in the Generate Self Certificate
  Request fields.
  • Name: Unique name used to identify a certificate.
  • Subject: Name of the certificate holder (owner). The subject field populates
  the CN (Common Name) entry of the generated certificate and can contain
  these fields:
  - CN=Common Name
  - O=Organization
  - OU=Organizational unit
  - L= Locality
  - ST= State
  - C=Country
  For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
  Whatever name you choose will appear in the subject line of the generated
  CSR. To include more than one subject field, enter each subject separated
  by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
  • Hash Algorithm: Algorithm used by the certificate. Choose between MD5
  and SHA-1
  • Signature Algorithm: Algorithm (RSA) used to sign the certificate.
  • Signature Key Length: Length of the signature, either 512 or 1024.
  • (Optional) IP Address, Domain Name, and Email Address
  b. Click Generate.
  A new certificate request is created and added to the Certification Signing
  Request (CSR) table. To view the request, click the View button next to the
  certificate you just created.
  Or you could check it on the next link. please check page 191
  http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
  hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Thank you

• Wildcard SSL Certificates with MFE?

  Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
  We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
  Before doing anything I figured I'd try a website that used a wildcard certificate.
  When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
  My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
  If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
  Thanks.

  This is interesting question. I look forward testing this myself
  What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
  Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

• Wildcard SSL certificates

  Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wildcard certificates comes with limitation of being able to install it on only one physical machine. I assume CSS would be considered one physical machine if SSL traffic is terminated on the CSS, however, wanted to find out whether wildcard SSL certificate is supported on CSS. We are using CSS11503 and depending on whether it supports wildcard certificate, we are planning on purchasing SSL accelerator.

  Thanks for the information, Gilles. Looking at the pricing structure of SSL certificates, I wonder why wildcard certs aren't widely used as one would expect based on the cost. Well, I guess I will find out when I implement one. Thanks again.

• Install GoDaddy wildcard SSL on WLC 2504 conroller

  I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
  I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
  What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
  Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

  Seth,
  I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.
  Kudos to Robert Wells for finding this:
  "I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."
  The Windows version of OpenSSL I used was the 0.9.8y Light version from:
  http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe
  I hope this helps someone out there with this problem.
     - Ken

• Can I reference 2 different SSL certificates in the same weblogic.properties

  Hello,
  Can I reference 2 different SSL certificates in the same
  weblogic.properties
  file?
  Reason is we have 2 groups of users for a web application: one will use
  a
  French-language DNS to access
  the application, and the other will use English DNS. Both DNS will point
  to
  the same application on the same
  server.
  Example of what we require:
  weblogic.security.certificate.server=mycert1.pem
  weblogic.security.key.server=mykey1.der
  weblogic.security.certificate.authority=rootCertificate1.pem
  ----and---
  weblogic.security.certificate.server=mycert2.der
  weblogic.security.key.server=mykey2.der
  weblogic.security.certificate.authority=rootCertificate2.pem
  mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
  both
  DNS1 and DNS2 point to the same application on the same box.
  Thanks,
  Ragu

  I think that you can only have one server certificate per server currently
  since the certificate establishes the server's identity and there isn't
  support for a server to have two identities at the same time.
  "RAGUTAM BOMMAREDDY" <[email protected]> wrote in message
  news:[email protected]..
  Hello,
  Can I reference 2 different SSL certificates in the same
  weblogic.properties
  file?
  Reason is we have 2 groups of users for a web application: one will use
  a
  French-language DNS to access
  the application, and the other will use English DNS. Both DNS will point
  to
  the same application on the same
  server.
  Example of what we require:
  weblogic.security.certificate.server=mycert1.pem
  weblogic.security.key.server=mykey1.der
  weblogic.security.certificate.authority=rootCertificate1.pem
  ----and---
  weblogic.security.certificate.server=mycert2.der
  weblogic.security.key.server=mykey2.der
  weblogic.security.certificate.authority=rootCertificate2.pem
  mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
  both
  DNS1 and DNS2 point to the same application on the same box.
  Thanks,
  Ragu

• URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

  Hi,
  I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
  I am trying to get work with url: https://reports.mydomain.com
  I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
  https://reports.mydomain.com/ReportServer - works fine
  https://reports.3pro.hr/Reports/ - I got error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  In rsreportserver.config I have:
  <Add Key="SecureConnectionLevel" Value="2"/>
  When looking my ReportServerService_date.log file I have something like:
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  Also, error shown in log file:
  appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
  ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
  Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
  -- Hrvoje Kusulja

  I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
  before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
  but I didn't roll them back either so they may have been necessary.)
  Step 1:
  Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
  file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
  SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
  Step 2: 
  In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
  <Add Key="SecureConnectionLevel" Value="3"/>
  Step 3:
  In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
  is valid for your certificate.  For example, if my cert matches *.mydomain.local:
  <UrlRoot>
  https://myserver.mydomain.local/ReportServer
  </UrlRoot>
  Step 4:
  Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
  the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
  broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
  Step 5:
  This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
  The corrected value should be the same as in step 3, for example:
  <ReportServerUrl>
  https://myserver.mydomain.local/ReportServer
  </ReportServerUrl>
  Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
  Good luck!

• Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

  I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
  I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
  I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
  Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
  No matter what I do, it won't work.
  I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
  Can anyone help?

  Originally Posted by AndersG
  Fmcunningham,
  > > I am looking at installing a cert as well. I have NOWS SBE 2.0
  > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
  > > need a Wild card cert to be able to accomplish this?
  >
  Only difference between a wildcard and a regular (apart from price) is that
  a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
  cert only covers a named host, homer.acme.com
  - Anders Gustafsson (Sysop)
  The Aaland Islands (N60 E20)
  Novell has a new enhancement request system,
  or what is now known as the requirement portal.
  If customers would like to give input in the upcoming
  releases of Novell products then they should go to
  http://www.novell.com/rms
  I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

• How do I install a CSR & SSL Certificate in Adobe Muse while hosting the website with GoDaddy, not Business Catalyst?

  I have designed a website and I want to host it with GoDaddy. I also want to install a SSL Certificate so I can get the HTTPS://mydomain.com instead of the HTTPS://mydomain.worldsecuresystems.com that I get with BC. Is there a way to install the SSL Certificate in Adobe Muse so that I can do this?

  This is something you'd have to do on Go Daddy, its not something that would be done in Muse.
  Go Daddy's page on their SSL service is: SSL Certificates | Secure Your Data & Transactions - GoDaddy

• Cisco ASA 5585-X SSP-20 SSL wildcard SSL certificate support ?

  Hello
  i want to verify if Cisco ASA 5585-X SSP-20 supports Wildcard SSL's.
  Cheers

  Supports them how?
  As certificates issued to the ASA and properly bound to it's interfaces to support SSL VPN or ASDM access - yes.
  You can configure a wildcard (or any other) certificate improperly and cause things not to work. However it's not a limitation of the device's operating system not supporting it.

• Installing a new SSL Certificate to Exchange

  Hi,
  We have a Windows Server 2008 R2 machine running Exchange 2010 (sorry, there wasn't an option for a 2010 forum). As a company which handles payments, we need to be PCI DSS registered and the scan has picked up a failing point being we don't have
  an SSL Certificate installed. I have purchased one via GoDaddy and followed the instructions on their site to install it, however the PCI DSS scan is still failing because of the following reason:-
  "The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority."
  The certificate at the top of the chain is the 'built-in' default certificate. How do I promote the installed GoDaddy certificate to the top of the chain?
  Thanks

  Hi,
  Please refer to this similar thread.
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/e80a77f8-4f88-439e-85dd-76463c7a69d3/certification-authority?forum=winserversecurity
  And try to Save your root CA(s) public certificate in PEM format into a text file to PCI DSS scanner.
  Hope this will be helpful for you.

• Nexus 7000 SSL wildcard SSL certificate support ?

  Hello
  i want to verify if Nexus 7000 supports Wildcard SSL's.
  Cheers

  I have the same problem on a 5515-X, and I've tried pretty much the  same things. The weird thing for me is that everything worked great  until I did an OS upgrade. Back on 8.6.1, my browser successfully  verified the certificate on my SSL VPN login page, and AnyConnect never  brought up any warning boxes. But after I upgraded to 9.1.3, the box was  back to using a self-signed cert. The wildcard identity certificate  seems to have just disappeared, though the GoDaddy CA cert and my local  CA cert both stayed intact.
  I've used OpenSSL to convert and verify my cert file  in a number of different ways, but all of my supposedly valid files  still get the import operation failed message. So it seems like there  was some OS change that suddenly made my wildcard incompatible, but I  haven't figured out what it is yet.
  Hope this helps, for both our sakes.

• How do I install a new SSL certificate?

  I am running Weblogic 6.1 on Windows 2000. I recieved a renewal notice from Verisign
  and purchased new certificates. I would like to put them in place but am a bit
  lost. I am new to Weblogic and am used to installing certificates in IIS. There
  seems to be no "install" feature under Weblogic.
  Do I just change the name of the path to point to the new certificate?
  Will I need to stop and restart the Weblogic services? Does this have the potential
  to take down the website?
  Any help would be greatly appreciated.
  Thanks in advance.
  ~Sheri

  This is something you'd have to do on Go Daddy, its not something that would be done in Muse.
  Go Daddy's page on their SSL service is: SSL Certificates | Secure Your Data & Transactions - GoDaddy