Certificate name.p12
Hi all,
well can i know that how i can grep the cert, public key and private key from the certificate name.p12.
I have imported the certificate in thunderbird, but the issue is i am unable to grep the public and private key out from the name.p12.
As i have to offer my friends with the name.crt so that they can decrypt the emails which i send to them .
i am using sun java messaging server.
regards
Adeel
adeelarifbhatti wrote:
well can i know that how i can grep the cert, public key and private key from the certificate name.p12.
I have imported the certificate in thunderbird, but the issue is i am unable to grep the public and private key out from the name.p12.
As i have to offer my friends with the name.crt so that they can decrypt the emails which i send to them .You can extract the public key from a pkcs12 file by using OpenSSL as per the following web-site:
https://ca.cern.ch/ca/Help/?kbid=023010
Regards,
Shane.
Similar Messages
-
Is there a way I can delete a self assigned local cert so It don't have to worry about it expiring? I had created it for testing purposes. When I tried to delete it using the common name "server.domain.com", it doesn't let me.
Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
Issued To
Common Name:
server.domain.com
Email:
[email protected]
Organization:
Cisco Systems
Organization Unit:
WAAS
Locality:
San Jose
State:
California
Country:
US
Serial Number:
1279988218916
Issued By
Common Name:
server.domain.com
Email:
[email protected]
Organization:
Cisco Systems
Organization Unit:
WAAS
Locality:
San Jose
State:
California
Country:
US
Validity
Issued On:
Sat Jul 24 16:16:58 UTC 2010
Expires On:
Sun Jul 24 16:16:58 UTC 2011
Fingerprint
SHA1:
E3:04:2E:C0:6A:C4:7C:44:DB:56:C9:3F:51:D8:5F:C7:8E:BA:D1:DA
Base64:
4wQuwGrEfETbVsk/Udhfx4660do=
Key
Type:
SHA1WithRSAEncryption
Size (Bits):
1024The factory self assign is not the one that has expired. It's the one that I've created for testing purposes. I figured out on how to delete it. Thanks for the info on the bug ID CSCte05426.
Alarm ID Module/Submodule Instance
1 cert_near_expiration sslao/SGS/gsetting cert_near_expiration
Jun 25 01:40:17.657 UTC, Processing Error Alarm, #000076, 26000:26005
Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
crypto delete pkcs12 device_cert_key.p12
show crypto certificate-detail factory-self-signed
Bag Attributes
localKeyID: 2A 2A BA 01 B8 C0 17 8C 9B A9 7F 23 43 D8 66 DA 3C B3 02 07
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29 (0x1d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, OU=ADBU, O=Cisco Systems, CN=NO-HOSTNAME/emailAddress=[email protected]
Validity
Not Before: Jan 15 19:55:12 2009 GMT
Not After : Jan 14 19:55:12 2014 GMT -
How to disable Outlook for checking for IMAP/POP3 Certificate Name Mismatch?
I have outlook clients that are connected to an IMAP/POP3 server that's off-site provided by company A.
Company A requires me to enter imap.companya.com for imap server address and 993 for the port.
I must also enable SSL for the connection.
When I do this, Outlook pops up an error message (shown below), that must be reacted to every time it checks for mail.
The reason is that the certificate is for myserver.companya123.com and that's different than imap.companya.com but company A wont change it. They said I need to disable my email programs certificate check so it doesn't keep prompting
me. Now I can do this with my iphone, and other email programs without incident. But I cannot find where to disable it in outlook.
If I change the imap server address in my account settings for outlook to instead use myserver.company a123.com, outlook can't connect and as the vendor said I must use imap.companya.com as the imap server address.
I need to be able to connect via SSL (so nobody can swipe my password over the wire) but not have to react 1000x a day to the certificate warnings.
I don't want to use Eudora, or another email client that allows me to easily disable the warning. I want to use outlook. How do I set outlook so it doesn't keep popping up these certificate server name mismatch warnings?
I spent days searching for a fix, and it seems there are fixes via the registry for just about every type of certificate issue, but NOT THIS PARTICULAR ONE.
I am hoping someone knows exactly what I am talking about and knows of a easy fix. I must use SSL so please don't tell me to disable SSL.
What I need is to disable outlook from presenting that alert. That's what I need to do. No other solution will suffice. I hope outlook does not have a product limitation that prevents such a thing from being done. I am ok with a registry fix if need be, but
being able to disable outlook from presenting certificate name mismatch alerts is critical. Hope its possible! Thanks!Hi,
I would suggest we try the registry key mentioned in this
article (Method 4) to configure Outlook to allow the connection to the mismatched domain name, and see if it works:
HKEY_CURRENT_USER\Software\Microsoft\Office\<var>xx</var>.0\Outlook\AutoDiscover\RedirectServers
Let me know if this doesn't work.
Regards,
Ethan Hua
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here -
Certificate Name and Expirty Date is not saved in Certificate Manager
The following scenario is happening for few cases:
* Firefox shows "Add Exception" for the certificate
* The certificate is added as permanent exception.
* Go to Firefox -> Tools -> Options -> Advanced -> View Certificates
* Go to Servers Tab
* The certificates which I had stored, doesn't show the certificate name and expiry date. For certificate name it shows <Not Stored>, and for expiry date it is empty.
* Also, when I select it, Export, View is all disabled. Only "Import", "Delete" and "Add Exception" is enabled.
* If I click on "Add exception" again, it says it is verified as it is already there in database.
* However, if I add it as "Temporary", then everything "Name, Expiry Date" is saved.
Is it a known issue in Firefox or am I Missing something. Please confirm and let me know.Hi,
Go to T Code :-SM31
table J_1IEWT_ECFLAG -
check " X" against your Company code.
hope this will help
SU* -
Help! Certificate name validation failed.
Hi. Im new to Windows Server 2008 and Active Sync.
I recently installed Windows Small Business Server 2008 which installed the Exchange Server Role Automatically.
I have sucessfully created some mailboxes/users and now I need to access them from outlook and mobile devices
My Company website is in the format www.mydomain.com. The MX records have not yet been directed to the server from the domain host.
When i tried Microsoft Connectivity Analyzer to check connections with Active Sync, it passes all tests except where it says "Certificate name validation failed".
It also states that "Host name www.domain.com doesn't match any name found on the server certificate CN=Sites."
I do not know why this occurs. my internal domain name is in the format "domain.local". I wondered if i was supposed to make it the same as the public www.domain.com format.
Please assist in any way you can.You need a certificate that is trusted by your mobile devices. Unless you can put your root certificate or self-signed certificate in the trusted certificates store on every mobile device, which is really hard to do, you should buy a UCC SSL certificate
with the Common Name (CN) of your Exchange server URL public hostname, e.g., mail.domain.com, not mail.domain.local, and a Subject Alternative Name (SAN) with Autodiscover.domain.com where domain.com is your e-mail domain. Those are the
minimum names that you need in your certificate and for most smaller customers they're all you need.
Consider deploying split-brain DNS so that you can use the same names, e.g., mail.domain.com, and quit using the AD domain name domain.local for Exchange URLs. It will make your whole certificate experience much easier and probably make things easier
for your users as well.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
When creating a new certificate for iOS development, the name that is being used is not mine. I would expect to see "Bob Smith" in the name field when creating a development certificate, but instead I see "Bob Jones" where Jones is the name of another person in the group. I am using a brand new computer that Mr. Jones has never touched. Anyone know where the name comes from when requesting a certificate and why it wouldn't be my own?
Updated the Apple ID, inputting the same values that were in there and it looks to have resolved the name problem.
-
Client System health certificate name issue
Hi,
System health certificate is generated using HRA server name for clients system.
There is no event log error for this. Can anyone suggest what can be the issue here.
Thanks,
Sridhar
SridharHi,
Could you offer more information about your environment? Such as your HRA configuration screenshot, now we assume you are using the intranet enterprise CA, because the HRA
will only request health certificates from the CA configured first in the order, unless that server is unavailable or has been identified as unresponsive, therefore maybe you have configure the incorrect CA order.
You can use the following procedure to modify the priority of CAs used by HRA, or to remove CAs from the HRA configuration. HRA will only request certificates from the first
CA configured in the list, unless that CA has been marked as unavailable.
To configure the order or to delete certification authorities using the Windows interface
1.Open the HRA console.
2.In the console tree, click Certification Authorities .
3.Right-click a CA name in the list of servers. Click Move Up to increase preference for this server in the order. Alternatively, click Move Down to decrease preference for
this server in the order.
4.To delete a CA from the list, right-click the CA name, and then click Delete .
The related KB:
Configure NAP Certification Authority
http://msdn.microsoft.com/en-us/library/cc731916.aspx
More information:
The Cable Guy: DirectAccess with Network Access Protection (NAP)
http://technet.microsoft.com/en-us/magazine/ff758668.aspx
NPS Best Practices
http://technet.microsoft.com/en-us/library/cc755120(v=ws.10).aspx
Certificates and NPS
http://technet.microsoft.com/en-us/library/cc772401(v=ws.10).aspx
Overview of HRA
http://msdn.microsoft.com/en-us/library/cc731872.aspx
Resources for using certificates with NPS and NAP
http://blogs.technet.com/b/nap/archive/2008/12/19/resources-for-using-certificates-with-nps-and-nap.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hello ,
we have fresh installation for exchange 2013 with 4 accepted domains .
we decided to buy 3rd party certificate
owa ,active sync, EWS,ecp,etc names withbe converted to mail.mydomain.com
i have 4 accepted domains .( mydomain.com , xdomain.com ,ydomain.com , zdomain.com)
when we buy cetificate it should contain this name : ( mail.mydomain.com , autodiscover.mydomain.com)
need confirm .
shall we buy certificate for others accepted domain or no need ?
Thanks
MCP MCSA MCSE MCT MCTS CCNAHi,
As what Andy says, if all users’ primary SMTP suffix are using mydomain.com, we can just use mail.mydomain.com and autodiscover.mydomain.com in your certificate.
If you are using multiple SMTP suffix in your environment, we also can configure Autodiscover SRV Record or use Autodiscover redirection method for it.
In the former one, you will use a single-name (mail.mydomain.com) on the certificate and will only be implementing several SRV records for autodiscover. You will only require 1 public ip address since the SRV record will point to the FQDN
name on that certificate. For the second method, it needs one name in certificate but two Public IP addresses for autodiscover redirection to work. The first IP address is for the Exchange Server and the second IP address is for the IIS Redirection Server.
For more information about it, please refer to:
Exchange 2010 Multi-Tenant AutoDiscover Service
http://social.technet.microsoft.com/wiki/contents/articles/6818.exchange-2010-multi-tenant-autodiscover-service.aspx
Exchange 2010 Multi-Tenant AutoDiscover and DNS Configuration
http://social.technet.microsoft.com/wiki/contents/articles/5787.exchange-2010-multi-tenant-autodiscover-and-dns-configuration.aspx
Regards,
Winnie Liang
TechNet Community Support -
I have taken over an app project. it has a publisherID in the descriptor xml to maintain updates and the current Air version is 1.5.3. so obviously was originally built on previous version.
The certificate expired, the tech team purchased a new re-issued certificate.
Current setup Flash Builder 4 on Max OS 10.6.5.
A) I have signed the application with the new certificate.
Upon installation of the .air file I get:
The message I get is:
"Sorry, an error has occurred.
The Application cannot be installed because the installer has been mis-
configured. Please contact the application author for assistance."
B) I used the java ADT -migrate to apply the old certificate.
This goes through seemingly ok.
Upon installation of the new migrated .air file, I get:
"Sorry, an error has occurred.
The Application cannot be installed because the installer has been mis-
configured. Please contact the application author for assistance."
I am told the exact same App worked perfectly (for upgrades) on the old certificate before its expiration.
I have tried changing the version no to eliminate that.
Any suggestions please?The Solution:
A recent Flash Builder Update has been forced through by Adobe. Which means you cannot publish to air versions prior to 2.0.
The Flex 4.1 + this 'adobe update' implies that we must be using at least Adobe 2.0.
I had:
<application xmlns="http://ns.adobe.com/air/application/1.5.3">
Solution is:
Replace <application xmlns="http://ns.adobe.com/air/application/1.5.3">
with <application xmlns="http://ns.adobe.com/air/application/2.0">
Also just in case you need to know where the adt tool is on a mac:
I found the java version most reliable:
Assuming the air app is on the mac desktop and the old certificate has been added to the mac keystore (jus opening the certificate should be enough to add it to the keystore if you select the appropriate oprtion when asked)
cd directory to:
/Applications/Adobe Flash Builder 4/sdks/4.1.0/lib/
Then run
java -jar adt.jar -migrate -storetype pkcs12 -keystore <old certificate name>.p12
"/Users/<username>/desktop/MyAirApp.air" "/Users/<username>/desktop/MyAirApp_migrated.air"
You will be asked for the old certificate password, enter this and you are done
P.S. Strike through text on this does not work properly
P.P.S Marking my own question as answered when adding this reply does not work -
Can I create multiple certificates. P12 as a distributor?
Why would I want to publish my applications with different labels.
For example: the name of my Company is Rome, I would like to publish some applications tagged with "Rome" (the name of the certificates .p12 will be Rome.) and other Apps tagged with "Rome Today" (the name of the certificates will be "Rome Today")
because I want to distinguish my productions, as if they were independent, and then clicking "View More by This Developer" should not be viewed together even if the company's development is the same.
thanksHi Shanmu,
Yes, I have tried.
The result was:
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_u1yCugp3FrVYXEs09G90Jg22"
xmlns="http://www.w3.org/2001/04/xmlenc#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>g0QiXdy145M/QYiT1LDs4qmH7kwjbYK8</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
But we can´t use this because he creates the element EncryptedData inside of the element that we want to encrypt.
So, we have to do a workaround that we decide that is a Java class to encrypt the element.
Now, I can use the public key to encrypt but I can't read the private key to decrypt ... -
The name of the security certificate is invalid or does not match the name of the site error?
I am looking for some help folks. We are in a Outlook 2007/Exchange2010/Windows2008R2 environment.
When users open Outlook off the network, and occasionally on the network, they get the error
The name of the security certificate is invalid or does not match the name of the site error
The CAS hostname is HRECAS.XXX.ORG. The URL that is listed on the SSL certificate (issued by VeriSign) is WEB.XXX.ORG. WEB.XXX.ORG is what users use to get to OWA and such.
When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:
Host name autodiscover.xxx.org doesn't match any name found on the server certificate CN=web.xxx.org.
Does this mean somehow we have to add autodiscover.xxx.org on the certificate?
I tried to add AutoDiscoverExternalUri using
http://support.microsoft.com/?kbid=940726 &
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2d0c0f5f-e4ec-4f33-a37d-b94fd7a2319f on the CAS server.
Set-ClientAccessServer -identity HRECAS -AutodiscoverServiceExternalUri
https://autodiscover.xxx.org/Autodiscover/Autodiscover.xml
I get an error that says
"a positional parameter cannot be found that accepts argument '-AutoDiscoverExternalUri'.
Can someone point to me what I am doing wrong with the command and whether I should be concerning myself with adding that line? By the way the
InternalUrl information is already configured on the system. Also should I edit the certificate to add autodiscover.xxx.org?
Thank in advance for your support.
TD
TDHi Tapera,
Thanks for the question.
SRV record is a good idea. You can set the SRV to
https://web.abc.com/autodiscover/autodiscover.xml but you must make sure the
url can be resolved from External clients.
In addition, there is still a issue. It is hard coded that Outlook will find the autodiscover by the orders below:
1. Access autodiscover via SCP in AD.
https://web.abc.com/autodiscover/autodiscover.xml
2. If SCP access fails, it will try:
https://abc.com/autodiscover/autodiscover.xml
3. Then
https://autodiscover.abc.com/autodiscover/autodiscover.xml
4. Local XML file
5. SRV record
As you can see, Outlook will try SRV record at last. Therefore, it will still try to access
https://autodiscover.abc.com/autodiscover/autodiscover.xml each time you run Outlook. Then the certificate warning will still persists.
I have a workaround solution. You can do a local policy to disable the autodiscover to access the
https://autodiscover.abc.ocom/autodiscover/autodiscover.xml by:
1.
On the Outlook client machine, open regedit and add the following key:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
"ExcludeHttpsAutodiscoverDomain"
"ExcludeHttpsRootDomain"
2.
Then set the value to “1” on the above two keys.
Thanks,
Simon -
The name on the security certificate is invalid or does not match the name of the site exchange 2010
We did an update to SP1 to SP3 for Exchange 2010 over the weekend and now I am seeing the following errors.
"The name on the security certificate is invalid or does not match the name of the site"
Any ideas why an update would effect this. I have looked at the names and everything seems to match up.Hi,
Does the issue happen to all users? If it is, please run the following command to check your certificate configuration:
Get-ExchangeCertificate | fl
Generally, the certificate mismatch issue is caused by the name in URLs doesn't match the certificate names with IIS service. Please make sure all URLs that used to connect Exchange from internal and external should match the certificate names with proper
services.
http://support.microsoft.com/kb/940726
Best Regards,
Winnie Liang
TechNet Community Support -
I've I tried to export an Android app in Flash Builder Burrito.
For that I have to fill to fields for digital signature:
certificate and password.
I thought this would be my Android keystore and password
and tried it. -> result: "Wrong password for this certificate"
The presetting for the certificate field is to search for *.p12;*.pfx files.
So I searched for p12 files and found the file debug-certificate-android.p12
in a subdirectory of the flash builder install path.
I think this must be the certificate to enter in certificate field.
But which password?
I think I can generate the password for debug-certificate-android.p12
with the three files: Android keystore, password for Android keystore and
debug-certificate-android.p12.
But I don't know how.
Can someone explain it please?When exporting the project, you will get the window where you need to choose a certificate, but in the same window you can also generate a self signed certificate, that is the one you need. Create a new Certificate with a new password and use that for deployment, keep in mind that a self signed certificate is not the same like a certificate you buy from a company.
-
How do I create a password-protected certificate
I have installed a J2SE adapter engine. I have been asked to allow the browser to connect using the HTTPS protocol. I have found the relevant information in the documentation, but how do I create a password-protected certificate, and therefore how do I set the following parameters:
HTTP.SSLcertificate=<p12-certificate name>
HTTP.SSLcertificatePassword=<p12-certificate password>
HTTP.SSLcertificatespecifies the complete file name of a password-protected certificate and HTTP.SSLcertificatePassword specifies the corresponding password.
Thank you in advanceYechezkel,
Please refer to the <b>SAP Security Guide for XI</b>
I have provided a url to link you to <b>Network and Communication Security</b>
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/frameset.htm
Regards,
Mike -
Generate CSR for Third-Party Certificates
Hi All,
i have an issue when i tried to Generate CSR for Third-Party Certificates,
i follow step by step in the document of cisco until this step:
3.
Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
In order to copy and paste the information into the enrollment form, open the file in a text editor that
does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
to the website of the third−party CA for more information on how to submit the CSR through the
enrollment tool.
After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
sends back the signed certificate via e−mail.
4.
Copy the signed certificate information that you receive back from the CA into a file.
This example names the file CA.pem.
my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
Please help and Thanks you.
Regards,
Jasayou have to do more steps using openssl.
before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
Then you have to copy and paste on a notepad or gedit:
SSL (the certificate that they give you)
Intermediate (the certificate that you obtain from the company that gives you the certificate)
Root (the certificate that you obtain from the company that gives you the certificate)
name the text file like: allcerts.pem
then... you have to run this commands:
C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
If you have doubts please contact me.
Have fun!
Maybe you are looking for
-
What is the minimal number of open ports needed to use forms apps
Hi, Our network administrators are doing a network segmentation / security project and they want to make it so that only authorized users can ping or see my oracle EBS server on the network, but they also want to lock down all ports that users can se
-
I have three iPhone 5s. All are using my WiFi while at home. One iPhone is sending data over Verizon's network, not WiFi, every 6 hours or so. The time of this data transfer changes every few days. I see data usage number on my Verizon account rangin
-
Iphoto shows correct thumbnail but does not show master photo or shows wrong master photo
iPhoto has been working fine for me for 2 years. But yesterday I started noticing problems with the photos when scrolling thru all the photos in an event. When viewing the event, I can see all of the correct thumbnails for the photos in the event.
-
Is there a way to change the keyboard increment of text size?
Im using Photoshop CS5. This being the 12th version of photoshop. I still cant find a reason why they have not put the adjustments for keyboard increments in text or leading like Indesign and Illustrator has. I mean, Photoshop engineers have conclude
-
Why doesn't uprgrade from 10.2 to Tigerr work?
When I try installing Tiger as soon as the installation gets to "verifying destinatin volumes" it stops and I get "errors installing software, try again." What is supposed to be simple upgrade is now a mystery. In addition to the RAM that came instal