Certificate during reciving

Similar Messages

• EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake

  Hi All ,
               I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of  EAP_TLS under golbal authentication setup .
               I have downloaded client supplicant certficate file for my windows XP machine .
  When i tried to authenticated i am finding following error message under  failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
  Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
  Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..

  Hello,
  I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
  Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
  -          Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification                      Authorities\Certificates
  -          Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
  -          Delete the wireless network from the computer
  -          REBOOT!!
  -          Open the Microsoft Management Console, “mmc”.
  -          Go FILE\Add Remove SnapIn. Select Certificates ..
  -          If promoted, do it for “My User Account”.
  -          Make sure the certificates are where you put them. 
  -          If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification                      Authorities\Certificates, remove them.
  -          Redo wireless network setup again
  I hope this helps you.
  Mike

• Certificate during MIGO

  Gurus,
  When i do GR,the system should ask for  certificate from vendor.I have assigned Certificate E21,in MMR view.The system is asking for E21 certficate during GR.But what i require is it should ask for a Certificate of analysis(COA).
  How ro set this in MIGO.

  Actually you can mension the certificate you want in QM view -->certificate type.
  In MIGO there is only provision that whether certificate received or not.It will ask the same certificate which you have mesioned in QM view.
  MIGO is not wise enough to understand whether certificate received is of Certificate of analysis(COA) or any thing else.
  Practically so that how come store person will know which certificate he has received.
  The Best way is to use Q05 of certificate,which will ask confirmation during the UD.Inspector is best person to understand the cetificate type.

• Installing certificate during runtime?

  Hi,
  I'm trying to connect to https server. I ran InstallCert.java and it created keystore in my JRE's security directory and now when I am connecting to https it works. However, let's say I want to use my application on another machine that does not have certificate for the http server I try to connect to. Should the keystore be installed there during runtime by exporting created keystore and importing it into my application.
  thanks for you help,
  Alex

  FWIW, both JREs can exist without any issues and there's no need to remove them or any other Java components that are installed when installing OSX. Just leave them in place and worry about other things.
  Do note that when installing OSX, only the JRE isn't installed; all the other Java components are installed.
  27" i7 iMac (Mid 2011) refurb, OS X Yo (10.10.2), Mavs, ML & SL, G4 450 MP w/10.5 & 9.2.2

• Changing the MaaS360 MDM Apple ID and certificate during cert renewal

  Kumar (MaaS360) wrote:You cannot change your Apple ID to renew the certificate. For existing devices to continue working, you need to renew the same certificate under the same Apple ID you created during the initial sign up.If for some reason, you do not know the Apple ID you used or the owner is no longer with the company, reach out to our helpdesk with your account #. We can provide you details about your APNS certificate. Post this, you can reach out to Apple to see if they can move the original certificate to a new Apple ID.Kumar, thanks for information and luckily we still have access to the Apple ID that created the initial certificate. The reason I was asking is because the Apple ID that was used to create the first cert was someone's personal account and I was looking to see if I could change it to a new dedicated Apple ID...

  Has anyone who is using Spiceworks MaaS360 MDM, attempted to change their Apple ID during the certificate renewal process?
  In other words, has anyone attempted to use a different Apple ID (other than the one used to create the initial certificate) to create the new CSR during the certificate renewal?
  My certificate is up for renewal and I would like to use a different Apple ID for creating the new certificate. Just wanted to see if anyone else has successfully attempted this.
  This topic first appeared in the Spiceworks Community

• Why does extension loader check extension's certificate during each loading?

  Hello,
  We are having some problems with an expired code signing certificate.
  We sell a commercial extension which is signed with our code signing certificate. Recently our certificate expired, and we started to receive reports that our extension had stopped working in CS5.
  It looks like CS5 checks the extension's certificate not only during installation, but also at each loading.
  This behavior looks like a serious bug in Creative Suite extension loader since all certificates will expire sooner or later, and this means that all extensions are doomed to stop working at some point, unless they are timely updated.
  Why does CS5 check the certificate at each start up? This doesn't make sense at all, certificates are only used to check that the code is authentic during installation. An authentic extension cannot turn into malware after installation, so there is absolutely no point in checking the certificate after installation.
  Can someone from the CS SDK team comment on this issue? This turned into a major problem for us.
  Thank you in advance,
  Anatoly Paraev
  PixelNovel 

  Anatoly, let me summarise my thoughts/findings on this:
  - Your extension's signature is invalid now that your certificate has expired (as you have reported)
  - Your extension's signature is not timestamped with a timestamp certificate. A signature without a timestamp is only valid till the signing certificate expires. A signature with a timestamp is valid until the timestamp certificate expires, typically a much longer period.
       - As you can infer from this, Extension Builder does not create timestamped signatures and does not give any warning about this. Apologies that we failed to anticipate this problem during CS SDK and Extension Builder development. You will probably agree this is not good enough, and I have filed a bug (#2916071) to ensure this is dealt with in future releases.
  As I mentioned earlier, extension signature validation is performed on extension load to ensure an extension's footprint has not been maliciously modified since installation. I think it is very unlikely that we can remove this signature validation for security reasons, nonetheless I've started a conversation about it internally and can let you know the outcome.
  To help your users now, I think you will need re-sign and re-deploy your extension with a new certificate. So you can timestamp the signature, use ucf.jar in the Packaging and Signing Toolkitto sign the extension rather than Extension Builder. Pass the argument -tsa=<your_chosen_timestamp_server> to ucf.jar when signing and check the signature is timestamped

• Intune Company Portal application wants to install certificate during Android Enrollment

  I just tried to enroll an Android device into Intune. When I login into the Intune Company Portal application for the first time it prompts me to install a certificate and choose VPN or Wifi as Credential Use.
  Why is the Intune Portal application trying to install a certificate for VPN or Wifi use when I haven't setup or deployed any policies regarding VPN or Wifi certificates?

  This is our workplace join certificate that shows up on Non-Knox platforms.  The name and cert use info is not controlled by us.  You can ignore the VPN or WIFI information, it's just how Android catagorizes their certs.
  Thanks,
  Jon L. - MSFT - This posting is provided "AS IS" with no warranties and confers no rights.

• Certificate not Recived

  In Quality Info record I maintained lead time as 10 days.
  Will I get any message 10 days before purchase order delivery date that till now certificate has not received from Vendor and  I can send reminder to Vendor.
  And what is the use of lead time in Q info record.
  Thanks
  SD

  Hi,
  Will I get any message 10 days before purchase order delivery date that till now certificate has not received from Vendor and I can send reminder to Vendor.
  No there is no link between lead time and certificate,
  Thanks
  Shiva Patil
  Edited by: SHIVA PATIL on Jul 27, 2010 7:20 AM

• Does Anybody know how to keep the license files and Certificates in ISE-3315 During the upgrade.

  Hi,
  I have two ISE-3315 Appliances in production network.
  I need someone's help to explain, how to make the Secondary node as the primary admin note to reset-config.
  And then I would like to know how to keep the license files and Certificate during the Upgrade.
  Please help me to answer my questions.
  Thanks
  CSCO11872447

  The Cisco Identity Services Engine (ISE) provides distributed  deployment of runtime services with centralized configuration and  management. Multiple nodes can be deployed together in a distributed  fashion to support failover.
  If you register a  secondary Monitoring ISE node, it is recommended that you first back up  the primary Monitoring ISE node and then restore the data to the new  secondary Monitoring ISE node. This ensures that the history of the  primary Monitoring ISE node is in sync with the new secondary node as  new changes are replicated.
  Please  Check the below configuration guide for Secondary ISE- Nodes.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.pdf

• Certificate issues Active Directory Certificate Services could not process request 3699 due to an error: The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

  Hi,
  We have some problems with our Root CA. I can se a lot of failed requests. with the event id 22: in the logs. The description is: Active Directory Certificate Services could not process request 3686 due to an error: The revocation function was unable to
  check revocation because the revocation server was offline. 0x80092013 (-2146885613).  The request was for CN=xxxxx.ourdomain.com.  Additional information: Error Verifying Request Signature or Signing Certificate
  A couple of months ago we decomissioned one of our old 2003 DCs and it looks like this server might have had something to do with the CA structure but I am not sure whether this was in use or not since I could find the role but I wasn't able to see any existing
  configuration.
  Let's say that this server was previously responsible for the certificates and was the server that should have revoked the old certs, what can I do know to try and correct the problem?
  Thank you for your help
  //Cris

  hello,
  let me recap first:
  you see these errors on a ROOT CA. so it seems like the ROOT CA is also operating as an ISSUING CA. Some clients try to issue a new certificate from the ROOT CA and this fails with your error mentioned.
  do you say that you had a PREVIOUS CA which you decomissioned, and you now have a brand NEW CA, that was built as a clean install? When you decommissioned the PREVIOUS CA, that was your design decision to don't bother with the current certificates that it
  issued and which are still valid, right?
  The error says, that the REQUEST signature cannot be validated. REQUESTs are signed either by itself (self-signed) or if they are renewal requests, they would be signed with the previous certificate which the client tries to renew. The self-signed REQUESTs
  do not contain CRL paths at all.
  So this implies to me as these requests that are failing are renewal requests. Renewal requests would contain CRL paths of the previous certificates that are nearing their expiration.
  As there are many such REQUEST and failures, it probably means that the clients use AUTOENROLLMENT, which tries to renew their current, but shortly expiring, certificates during (by default) their last 6 weeks of lifetime.
  As you decommissioned your PREVIOUS CA, it does not issue CRL anymore and the current certificates cannot be checked for validity.
  Thus, if the renewal tries to renew them by using the NEW CA, your NEW CA cannot validate CRL of the PREVIOUS CA and will not issue new certificates.
  But it would not issue new certificates anyway even if it was able to verify the PREVIOUS CA's CRL, as it seems your NEW CA is completely brand new, without being restored from the PREVIOUS CA's database. Right?
  So simply don't bother :-) As long as it was your design to decommission the PREVIOUS CA without bothering with its already issued certificates.
  The current certificates which autoenrollment tries to renew cannot be checked for validity. They will also slowly expire over the next 6 weeks or so. After that, autoenrollment will ask your NEW CA to issue a brand new certificate without trying to renew.
  Just a clean self-signed REQUEST.
  That will succeed.
  You can also verify this by trying to issue a certificate on an affected machine manually from Certificates MMC.
  ondrej.

• Query on inspection/cert. during dispatch of goods to customer

  How to configure certificate type and assign certificates during pre-dispatch inspection. Could you kindly provide the process flow. What are the Config data that needs to be considered for the same. is Cust. info record required?
  Thanks in Advance.
  Regards,
  Tam

  Hi,
  Standard Certificate type basically complies with international norms. Like you issue type 3.1 to customer directly and type 3.2 when third party inspection is included.
  In ECC 6.0 EHP6, most of them are defined for European standards (EN) and if you need to certify material via ASTM, IS, JIS or other standard, you would need to customize it. Thus, it basically provides a pattern, or a format in which you certify the goods.
  Coming to logic part, I would shorty conclude from QM viewpoint. You can print the value either from Batch master or Inspection results. This is what you define here, the origin of values.
  QC20 is for Delivery, QC21 is for Inspection lot and QC22 is for Batch. So QC20 would work in your case.
  And please do a bit search and you would find several queries on Quality certificates. Go through them to find more queries and their resolution. That would definitely help you.
  ntn

• Certificate from vendor

  Hi, we want to have vendor mill test certificate along with the goods from the vendor when we do gr against PO? we set insp type as 01, qm active in procurement, pls advise which control key or setting is to be done to ensure the receiving vendor certificate at the time of gr? pls also advise how to verify the same.

  Hi
  Maintain QM procurement tick
  Select control key based on Certificate.
  Select certificate type Q03 --->for confirmation of certificate during GR.
  During MIGO ii willask for Certificate received or not.
  If you wanr confirmation during UD then
  QCC0>Quality Cert>cetifcate profile-->define certi type
  QCC0>QM in logistic>QM in procrement>Define Certificate Types>select Q005-->tick on Certificate check req.
  this will ensure confirmation during UD with "CTCM status"
  Regards
  Sujit

• Changing Administration Connector Certificate

  I have installed OUD using a CA issued certificate during installation using the --useJavaKeystore option and I see that the LDAPS connector is utilizing this certificate.  However the Administration Connector is still using a self-signed certificate.  I would like to replace this self-signed certificate with the CA issued certificate.  I tried finding instructions but all I found was this link (Managing Administration Traffic to the Server - Oracle Fusion Middleware Administration Guide for Oracle Unified Directo…) which had this small blurb: "You can manage the administration connector certificate using external tools, such as keytool."
  From doing a little digging I think I have come up with the correct sequence/steps to get this working.  Basically I have removed the admin-cert from the two keystores:/config/admin-truststore and /config/admin-keystore.  I then imported the keypair I created for the initial install.  I also changed the /config/admin-keystore.pin to match the pin I used when creating the keystore.
  This appears to be working but I would like to know if this is the correct method and if there would be any side effects to replacing the certificate used by the Administration Connector. 
  The exact steps I followed are below:
  Generate keypair and keystore: keytool -genkeypair -dname "CN=server-cert,dc=myorg" -alias server-cert -keyalg RSA -keypass 'myKeyPass' -storepass 'myKeyPass' -keystore mykeystore.jks
  Generate certificate request keytool -certreq -alias server-cert -keystore mykeystore.jks -file myCertRequest.csr
  Obtain x509 server certificate from CA (server.crt) and root CA public Cert (rootca.crt)
  Import root CA cert into keystorekeytool -import -trustcacerts -alias root -file rootca.crt -keystore mykeystore.jks -storepass 'myKeyPass'
  Import CA issued certificate into keystorekeytool -import -trustcacerts -alias server-cert -file server.crt -keystore mykeystore.jks -storepass 'myKeyPass' -keypass 'myKeyPass'
  Change keystore password of default OUD Admin truststorekeytool -storepasswd -keystore $OUD_INSTANCE/config/admin-truststore -storepass 'contents of admin-keystore.pin' -new 'myKeyPass'
  Change keystore password of default OUD admin keystorekeytool -storepasswd -keystore $OUD_INSTANCE/config/admin-keystore -storepass 'contents of admin-keystore.pin' -new 'myKeyPass'
  Change clear text password file to the new keystore passwordvim /$OUD_INSTANCE/config/admin-keystore.pin ## replace with new key [myKeyPass]
  Import root CA cert into default OUD admin truststorekeytool -import -trustcacerts -alias root -file rootca.crt -keystore $OUD_INSTANCE/config/admin-truststore -storepass 'myKeyPass'
  Import root CA cert into default OUD admin keystorekeytool -import -trustcacerts -alias root -file rootca.crt -keystore $OUD_INSTANCE/config/admin-keystore -storepass 'myKeyPass'
  Delete self-signed admin-cert from default OUD admin truststorekeytool -delete -alias admin-cert -keystore $OUD_INSTANCE/config/admin-truststore -storepass 'myKeyPass'
  Delete self-signed admin-cert from default OUD admin keystorekeytool -delete -alias admin-cert -keystore $OUD_INSTANCE/config/admin-keystore -storepass 'myKeyPass'
  Import CA issued keypair into default OUD Admin keystorekeytool -importkeystore -srckeystore mykeystore.jks -destkeystore $OUD_INSTANCE/config/admin-keystore -srcstorepass 'myKeyPass' -deststorepass 'myKeyPass' -srcalias server-cert -destalias admin-cert -srckeypass 'myKeyPass' -destkeypass 'myKeyPass'
  Import CA issued keypair into default OUD truststorekeytool -importkeystore -srckeystore mykeystore.jks -destkeystore $OUD_INSTANCE/config/admin-truststore -srcstorepass 'myKeyPass' -deststorepass 'myKeyPass' -srcalias server-cert -destalias admin-cert -srckeypass 'myKeyPass' -destkeypass 'myKeyPass'

  There is a report in sap in which you can create the ticket

• Certificate selection and PIN entry include username/password

  Our users are using Windows 7 and Internet Explorer.
  When they visit a page that requires client authentication, they're prompted to "Select a certificate". However, their certificates are loaded below a username/password prompt.
  When they select a certificate, during the PIN prompt, it also has a username/password prompt. They can't enter a PIN without clicking below to the PIN prompt, which is very irritating for users.
  How do I disable the username/password prompt when selecting a certificate?
  Thanks.

  Hi,
  Did you use IIS?
  If yes, try the methods in this article:
  Why do I still get a user/password Login prompt with Integrate Authentication (for Virtual server 2005 Administration website)
  Remove Username-Password Prompts from the Web Module with Windows Authentication
  Meanwhile, please post this issue in asp.net forum for more professional help.
  http://forums.asp.net/
  If no, give us a screenshot about your issue.
  Karen Hu
  TechNet Community Support

• Error upgrading to 2012 R2 - SQL Server Certificate problems

  We are experiencing some strange errors during the installation of Config Mgr 2012 R2. The installer does not provide any errors, it just exits during the final steps. The c:\configmgrsetup.log file shows:
  INFO: Testing SQL Server [SQL01.ad.edu] connection ...  $$<Configuration Manager Setup><11-21-2013 13:47:25.427+360><thread=1984 (0x7C0)>
  INFO: SQL Connection succeeded. Connection: SQL01.AD.EDU MASTER, Type: Unsecure  $$<Configuration Manager Setup><11-21-2013 13:47:25.433+360><thread=1984 (0x7C0)>
  INFO: Tested SQL Server [SQL01.ad.edu] connection successfully.  Any preceding SQL connection errors may be safely ignored.  $$<Configuration Manager Setup><11-21-2013 13:47:25.438+360><thread=1984 (0x7C0)>
  INFO: Certificate: 3082022B38D<!Removed characters for readability!>C1D9C921A058D19F  $$<Configuration Manager Setup><11-21-2013 13:47:25.443+360><thread=1984 (0x7C0)>
    ERROR: Failed to open certificate store (HRESULT=0x5)  $$<Configuration Manager Setup><11-21-2013 13:47:25.451+360><thread=1984 (0x7C0)>
  Failed to write sql server certificate to store (TrustedPeople) on site server (SCCM.ad.edu).  $$<Configuration Manager Setup><11-21-2013 13:47:25.457+360><thread=1984 (0x7C0)>
  ERROR: Failed to configure SQL Server Certificate.  $$<Configuration Manager Setup><11-21-2013 13:47:25.462+360><thread=1984 (0x7C0)>
  Failed to create SQL Server Certificate, ConfigMgr installation cannot be completed.  $$<Configuration Manager Setup><11-21-2013 13:47:25.468+360><thread=1984 (0x7C0)>
  <11-21-2013 13:47:25> Failed to create process of SetupWpf.exe.
  We are running SQL on our enterprise 2008R2 SQL server and SCCM runs on a dedicated 2012 Server. Certificates are generally signed by our CA but the SQL certificate for ConfigMgr is self signed and appears to be trusted by the SCCM server (it appears in
  the TrustedPeople store). We have been running properly using HTTPS and the only errors prior to attempting the upgrade were with a secondary distribution point that had been removed prior to install. A new SQL certificate has been generated and tested but
  yields the same error messages. All suggestions are appreciated. Thanks,
  -Brandon

  Hi,
  I found a similar article for your reference.
  Fail to create SQL Server Certificate" during installation
  http://henkhoogendoorn.blogspot.nl/2013/01/fail-to-create-sql-server-certificate.html
  Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.