Certificate name.p12

Similar Messages

• Certificate device_cert_key.p12 is near expiration.....

  Is there a way I can delete a self assigned local cert so It don't have to worry about it expiring? I had created it for testing purposes.  When I tried to delete it using the common name "server.domain.com", it doesn't let me.
  Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings    
  Issued To
  Common Name:
  server.domain.com
  Email:
  [email protected]
  Organization:
  Cisco Systems
  Organization Unit:
  WAAS
  Locality:
  San Jose
  State:
  California
  Country:
  US
  Serial Number:
  1279988218916
  Issued By
  Common Name:
  server.domain.com
  Email:
  [email protected]
  Organization:
  Cisco Systems
  Organization Unit:
  WAAS
  Locality:
  San Jose
  State:
  California
  Country:
  US
  Validity
  Issued On:
  Sat Jul 24 16:16:58 UTC 2010
  Expires On:
  Sun Jul 24 16:16:58 UTC 2011
  Fingerprint
  SHA1:
  E3:04:2E:C0:6A:C4:7C:44:DB:56:C9:3F:51:D8:5F:C7:8E:BA:D1:DA
  Base64:
  4wQuwGrEfETbVsk/Udhfx4660do=
  Key
  Type:
  SHA1WithRSAEncryption
  Size (Bits):
  1024

  The factory self assign is not the one that has expired. It's the one that I've created for testing purposes. I figured out on how to delete it. Thanks for the info on the bug ID CSCte05426.
          Alarm ID                 Module/Submodule               Instance
     1 cert_near_expiration      sslao/SGS/gsetting           cert_near_expiration    
       Jun 25 01:40:17.657 UTC, Processing Error Alarm, #000076, 26000:26005
       Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
  crypto delete pkcs12 device_cert_key.p12
  show crypto certificate-detail  factory-self-signed
  Bag Attributes
      localKeyID: 2A 2A BA 01 B8 C0 17 8C 9B A9 7F 23 43 D8 66 DA 3C B3 02 07
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 29 (0x1d)
          Signature Algorithm: sha1WithRSAEncryption
          Issuer: C=US, ST=California, L=San Jose, OU=ADBU, O=Cisco Systems, CN=NO-HOSTNAME/emailAddress=[email protected]
          Validity
              Not Before: Jan 15 19:55:12 2009 GMT
              Not After : Jan 14 19:55:12 2014 GMT

• How to disable Outlook for checking for IMAP/POP3 Certificate Name Mismatch?

  I have outlook clients that are connected to an IMAP/POP3 server that's off-site provided by company A.
  Company A requires me to enter imap.companya.com for imap server address and 993 for the port.
  I must also enable SSL for the connection.
  When I do this, Outlook pops up an error message (shown below), that must be reacted to every time it checks for mail.
  The reason is that the certificate is for myserver.companya123.com and that's different than imap.companya.com but company A wont change it. They said I need to disable my email programs certificate check so it doesn't keep prompting
  me. Now I can do this with my iphone, and other email programs without incident. But I cannot find where to disable it in outlook.
  If I change the imap server address in my account settings for outlook to instead use myserver.company a123.com, outlook can't connect and as the vendor said I must use imap.companya.com as the imap server address.
  I need to be able to connect via SSL (so nobody can swipe my password over the wire) but not have to react 1000x a day to the certificate warnings.
  I don't want to use Eudora, or another email client that allows me to easily disable the warning. I want to use outlook. How do I set outlook so it doesn't keep popping up these certificate server name mismatch warnings?
  I spent days searching for a fix, and it seems there are fixes via the registry for just about every type of certificate issue, but NOT THIS PARTICULAR ONE.
  I am hoping someone knows exactly what I am talking about and knows of a easy fix. I must use SSL so please don't tell me to disable SSL.
  What I need is to disable outlook from presenting that alert. That's what I need to do. No other solution will suffice. I hope outlook does not have a product limitation that prevents such a thing from being done. I am ok with a registry fix if need be, but
  being able to disable outlook from presenting certificate name mismatch alerts is critical. Hope its possible! Thanks!

  Hi,
  I would suggest we try the registry key mentioned in this
  article (Method 4) to configure Outlook to allow the connection to the mismatched domain name, and see if it works:
  HKEY_CURRENT_USER\Software\Microsoft\Office\<var>xx</var>.0\Outlook\AutoDiscover\RedirectServers
  Let me know if this doesn't work.
  Regards,
  Ethan Hua
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• Certificate Name and Expirty Date is not saved in Certificate Manager

  The following scenario is happening for few cases:
  * Firefox shows "Add Exception" for the certificate
  * The certificate is added as permanent exception.
  * Go to Firefox -> Tools -> Options -> Advanced -> View Certificates
  * Go to Servers Tab
  * The certificates which I had stored, doesn't show the certificate name and expiry date. For certificate name it shows <Not Stored>, and for expiry date it is empty.
  * Also, when I select it, Export, View is all disabled. Only "Import", "Delete" and "Add Exception" is enabled.
  * If I click on "Add exception" again, it says it is verified as it is already there in database.
  * However, if I add it as "Temporary", then everything "Name, Expiry Date" is saved.
  Is it a known issue in Firefox or am I Missing something. Please confirm and let me know.

  Hi,
  Go to T Code :-SM31
  table J_1IEWT_ECFLAG -
  check " X" against your Company code.
  hope this will help
  SU*

• Help! Certificate name validation failed.

  Hi. Im new to Windows Server 2008 and Active Sync.
  I recently installed Windows Small Business Server 2008 which installed the Exchange Server Role Automatically.
  I have sucessfully created some mailboxes/users and now I need to access them from outlook and mobile devices
  My Company website is in the format www.mydomain.com. The MX records have not yet been directed to the server from the domain host.
  When i tried Microsoft Connectivity Analyzer to check connections with Active Sync, it passes all tests except where it says "Certificate name validation failed".
  It also states that "Host name www.domain.com doesn't match any name found on the server certificate CN=Sites."
  I do not know why this occurs. my internal domain name is in the format "domain.local". I wondered if i was supposed to make it the same as the public www.domain.com format.
  Please assist in any way you can.

  You need a certificate that is trusted by your mobile devices.  Unless you can put your root certificate or self-signed certificate in the trusted certificates store on every mobile device, which is really hard to do, you should buy a UCC SSL certificate
  with the Common Name (CN) of your Exchange server URL public hostname, e.g., mail.domain.com, not mail.domain.local, and a Subject Alternative Name (SAN) with Autodiscover.domain.com where domain.com is your e-mail domain.  Those are the
  minimum names that you need in your certificate and for most smaller customers they're all you need. 
  Consider deploying split-brain DNS so that you can use the same names, e.g., mail.domain.com, and quit using the AD domain name domain.local for Exchange URLs.  It will make your whole certificate experience much easier and probably make things easier
  for your users as well.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• IOS certificate name is wrong

  When creating a new certificate for iOS development, the name that is being used is not mine. I would expect to see "Bob Smith" in the name field when creating a development certificate, but instead I see "Bob Jones" where Jones is the name of another person in the group. I am using a brand new computer that Mr. Jones has never touched. Anyone know where the name comes from when requesting a certificate and why it wouldn't be my own?

  Updated the Apple ID, inputting the same values that were in there and it looks to have resolved the name problem.

• Client System health certificate name issue

  Hi,
  System health certificate is generated using HRA server name for clients system.
  There is no event log error for this. Can anyone suggest what can be the issue here.
  Thanks,
  Sridhar
  Sridhar

  Hi,
  Could you offer more information about your environment? Such as your HRA configuration screenshot, now we assume you are using the intranet enterprise CA, because the HRA
  will only request health certificates from the CA configured first in the order, unless that server is unavailable or has been identified as unresponsive, therefore maybe you have configure the incorrect CA order.
  You can use the following procedure to modify the priority of CAs used by HRA, or to remove CAs from the HRA configuration. HRA will only request certificates from the first
  CA configured in the list, unless that CA has been marked as unavailable.
  To configure the order or to delete certification authorities using the Windows interface
  1.Open the HRA console.
  2.In the console tree, click Certification Authorities .
  3.Right-click a CA name in the list of servers. Click Move Up to increase preference for this server in the order. Alternatively, click Move Down to decrease preference for
  this server in the order.
  4.To delete a CA from the list, right-click the CA name, and then click Delete .
  The related KB:
  Configure NAP Certification Authority
  http://msdn.microsoft.com/en-us/library/cc731916.aspx
  More information:
  The Cable Guy: DirectAccess with Network Access Protection (NAP)
  http://technet.microsoft.com/en-us/magazine/ff758668.aspx
  NPS Best Practices
  http://technet.microsoft.com/en-us/library/cc755120(v=ws.10).aspx
  Certificates and NPS
  http://technet.microsoft.com/en-us/library/cc772401(v=ws.10).aspx
  Overview of HRA
  http://msdn.microsoft.com/en-us/library/cc731872.aspx
  Resources for using certificates with NPS and NAP
  http://blogs.technet.com/b/nap/archive/2008/12/19/resources-for-using-certificates-with-nps-and-nap.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Certificate names

  Hello ,
  we have fresh installation for exchange 2013 with 4 accepted domains .
  we decided to buy 3rd party certificate 
  owa ,active sync, EWS,ecp,etc  names withbe converted to  mail.mydomain.com
  i have 4 accepted domains .( mydomain.com , xdomain.com ,ydomain.com , zdomain.com)
  when we buy cetificate it should contain this name : ( mail.mydomain.com , autodiscover.mydomain.com)
  need confirm .
  shall we buy certificate for others accepted domain or no need ?
  Thanks
  MCP MCSA MCSE MCT MCTS CCNA

  Hi,
  As what Andy says, if all users’ primary SMTP suffix are using mydomain.com, we can just use mail.mydomain.com and autodiscover.mydomain.com in your certificate.
  If you are using multiple SMTP suffix in your environment, we also can configure Autodiscover SRV Record or use Autodiscover redirection method for it.
  In the former one, you will use a single-name (mail.mydomain.com) on the certificate and will only be implementing several SRV records for autodiscover. You will only require 1 public ip address since the SRV record will point to the FQDN
  name on that certificate. For the second method, it needs one name in certificate but two Public IP addresses for autodiscover redirection to work.  The first IP address is for the Exchange Server and the second IP address is for the IIS Redirection Server.
  For more information about it, please refer to:
  Exchange 2010 Multi-Tenant AutoDiscover Service
  http://social.technet.microsoft.com/wiki/contents/articles/6818.exchange-2010-multi-tenant-autodiscover-service.aspx
  Exchange 2010 Multi-Tenant AutoDiscover and DNS Configuration
  http://social.technet.microsoft.com/wiki/contents/articles/5787.exchange-2010-multi-tenant-autodiscover-and-dns-configuration.aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Air app misconfigured

  I have taken over an app project. it has a publisherID in the descriptor xml to maintain updates and the current Air version is 1.5.3. so obviously was originally built on previous version.
  The certificate expired, the tech team purchased a new re-issued certificate.
  Current setup Flash Builder 4 on Max OS 10.6.5.
  A) I have signed the application with the new certificate.
  Upon installation of the .air file I get:
  The message I get is:
  "Sorry, an error has occurred.
  The Application cannot be installed because the installer has been mis-
  configured.  Please contact the application author for assistance."
  B) I used the java ADT -migrate to apply the old certificate.
  This goes through seemingly ok.
  Upon installation of the new migrated .air file, I get:
  "Sorry, an error has occurred.
  The Application cannot be installed because the installer has been mis-
  configured.  Please contact the application author for assistance."
  I am told the exact same App worked perfectly (for upgrades) on the old certificate before its expiration.
  I have tried changing the version no to eliminate that.
  Any suggestions please?

  The Solution:
  A recent Flash Builder Update has been forced through by Adobe.  Which means you cannot publish to air versions prior to 2.0.
  The Flex 4.1 + this 'adobe update' implies that we must be using at least Adobe 2.0.
  I had:
  <application xmlns="http://ns.adobe.com/air/application/1.5.3">
  Solution is:
  Replace <application xmlns="http://ns.adobe.com/air/application/1.5.3">
  with <application xmlns="http://ns.adobe.com/air/application/2.0">
  Also just in case you need to know where the adt tool is on a mac:
  I found the java version most reliable:
  Assuming the air app is on the mac desktop and the old certificate has been added to the mac keystore (jus opening the certificate should be enough to add it to the keystore if you select the appropriate oprtion when asked)
  cd directory to:
  /Applications/Adobe Flash Builder 4/sdks/4.1.0/lib/
  Then run
  java -jar adt.jar -migrate -storetype pkcs12 -keystore <old certificate name>.p12
  "/Users/<username>/desktop/MyAirApp.air" "/Users/<username>/desktop/MyAirApp_migrated.air"
  You will be asked for the old certificate password, enter this and you are done
  P.S. Strike through text on this does not work properly
  P.P.S Marking my own question as answered when adding this reply does not work

• Certificates .p12

  Can I create multiple certificates. P12 as a distributor?
  Why would I want to publish my applications with different labels.
  For example: the name of my Company is Rome, I would like to publish some applications tagged with "Rome" (the name of the certificates .p12 will be Rome.) and other Apps tagged with "Rome Today" (the name of the certificates will be "Rome Today")
  because I want to distinguish my productions, as if they were independent, and then clicking "View More by This Developer" should not be viewed together even if the company's development is the same.
  thanks

  Hi Shanmu,
  Yes, I have tried.
  The result was:
  <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_u1yCugp3FrVYXEs09G90Jg22"
  xmlns="http://www.w3.org/2001/04/xmlenc#"
  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
  <xenc:CipherData>
  <xenc:CipherValue>g0QiXdy145M/QYiT1LDs4qmH7kwjbYK8</xenc:CipherValue>
  </xenc:CipherData>
  </xenc:EncryptedData>
  But we can´t use this because he creates the element EncryptedData inside of the element that we want to encrypt.
  So, we have to do a workaround that we decide that is a Java class to encrypt the element.
  Now, I can use the public key to encrypt but I can't read the private key to decrypt ...

• The name of the security certificate is invalid or does not match the name of the site error?

  I am looking for some help folks. We are in a Outlook 2007/Exchange2010/Windows2008R2 environment.
  When users open Outlook off the network, and occasionally on the network, they get the error
  The name of the security certificate is invalid or does not match the name of the site error
  The CAS hostname is HRECAS.XXX.ORG. The URL that is listed on the SSL certificate (issued by VeriSign) is WEB.XXX.ORG. WEB.XXX.ORG is what users use to get to OWA and such.
  When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:
  Host name autodiscover.xxx.org doesn't match any name found on the server certificate CN=web.xxx.org.
  Does this mean somehow we have to add autodiscover.xxx.org on the certificate?
  I tried to add AutoDiscoverExternalUri using
  http://support.microsoft.com/?kbid=940726 &
  http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2d0c0f5f-e4ec-4f33-a37d-b94fd7a2319f on the CAS server.
  Set-ClientAccessServer -identity HRECAS -AutodiscoverServiceExternalUri
   https://autodiscover.xxx.org/Autodiscover/Autodiscover.xml 
  I get an error that says
  "a positional parameter cannot be found that accepts argument '-AutoDiscoverExternalUri'.
  Can someone point to me what I am doing wrong with the command and whether I should be concerning myself with adding that line? By the way the
  InternalUrl information is already configured on the system. Also should I edit the certificate to add autodiscover.xxx.org?
  Thank in advance for your support.
  TD
  TD

  Hi Tapera,
  Thanks for the question.
  SRV record is a good idea. You can set the SRV to
  https://web.abc.com/autodiscover/autodiscover.xml but you must make sure the
  url can be resolved from External clients.
  In addition, there is still a issue. It is hard coded that Outlook will find the autodiscover by the orders below:
  1. Access autodiscover via SCP in AD.
  https://web.abc.com/autodiscover/autodiscover.xml
  2. If SCP access fails, it will try:
  https://abc.com/autodiscover/autodiscover.xml
  3. Then
  https://autodiscover.abc.com/autodiscover/autodiscover.xml
  4. Local XML file
  5. SRV record
  As you can see, Outlook will try SRV record at last. Therefore, it will still try to access
  https://autodiscover.abc.com/autodiscover/autodiscover.xml each time you run Outlook. Then the certificate warning will still persists.
  I have a workaround solution. You can do a local policy to disable the autodiscover to access the
  https://autodiscover.abc.ocom/autodiscover/autodiscover.xml by:
  1.   
  On the Outlook client machine, open regedit and add the following key:
  HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
           "ExcludeHttpsAutodiscoverDomain"
           "ExcludeHttpsRootDomain"
  2.   
  Then set the value to “1” on the above two keys.
  Thanks,
  Simon  

• The name on the security certificate is invalid or does not match the name of the site exchange 2010

  We did an update to SP1 to SP3 for Exchange 2010 over the weekend and now I am seeing the following errors.
  "The name on the security certificate is invalid or does not match the name of the site"
  Any ideas why an update would effect this. I have looked at the names and everything seems to match up.

  Hi,
  Does the issue happen to all users? If it is, please run the following command to check your certificate configuration:
  Get-ExchangeCertificate | fl
  Generally, the certificate mismatch issue is caused by the name in URLs doesn't match the certificate names with IIS service. Please make sure all URLs that used to connect Exchange from internal and external should match the certificate names with proper
  services.
  http://support.microsoft.com/kb/940726
  Best Regards,
  Winnie Liang
  TechNet Community Support

• [FlashBuilder Burrito] Android export: which certificate (*.p12) and password?

  I've I tried to export an Android app in Flash Builder Burrito.
  For that I have to fill to fields for digital signature:
  certificate and password.
  I thought this would be my Android keystore and password
  and tried it. -> result: "Wrong password for this certificate"
  The presetting for the certificate field is to search for *.p12;*.pfx files.
  So I searched for p12 files and found the file debug-certificate-android.p12
  in a subdirectory of the flash builder install path.
  I think this must be the certificate to enter in certificate field.
  But which password?
  I think I can generate the password for debug-certificate-android.p12
  with the three files: Android keystore, password for Android keystore and
  debug-certificate-android.p12.
  But I don't know how.
  Can someone explain it please?

  When exporting the project, you will get the window where you need to choose a certificate, but in the same window you can also generate a self signed certificate, that is the one you need. Create a new Certificate with a new password and use that for deployment, keep in mind that a self signed certificate  is not the same like a certificate you buy from a company.

• How do I create a password-protected certificate

  I have installed a J2SE adapter engine. I have been asked to allow the browser to connect using the HTTPS protocol. I have found the relevant information in the documentation, but how do I create a password-protected certificate, and therefore how do I set the following parameters:
  HTTP.SSLcertificate=<p12-certificate name>
  HTTP.SSLcertificatePassword=<p12-certificate password>
  HTTP.SSLcertificatespecifies the complete file name of a password-protected certificate and HTTP.SSLcertificatePassword specifies the corresponding password.
  Thank you in advance

  Yechezkel,
  Please refer to the <b>SAP Security Guide for XI</b>
  I have provided a url to link you to <b>Network and Communication Security</b>
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/frameset.htm
  Regards,
  Mike

• Generate CSR for Third-Party Certificates

  Hi All,
  i have an issue when i tried to Generate CSR for Third-Party Certificates,
  i follow step by step in the document of cisco until this step:
  3.
  Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
  In order to copy and paste the information into the enrollment form, open the file in a text editor that
  does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
  to the website of the third−party CA for more information on how to submit the CSR through the
  enrollment tool.
  After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
  sends back the signed certificate via e−mail.
  4.
  Copy the signed certificate information that you receive back from the CA into a file.
  This example names the file CA.pem.
  my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
  Please help and Thanks you.
  Regards,
  Jasa

  you have to do more steps using openssl.
  before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
  Then you have to copy and paste on a notepad or gedit:
  SSL (the certificate that they give you)
  Intermediate (the certificate that you obtain from the company that gives you the certificate)
  Root (the certificate that you obtain from the company that gives you the certificate)
  name the text file like: allcerts.pem
  then... you have to run this commands:
  C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
  C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
  Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
  Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
  If you have doubts please contact me.
  Have fun!