Certificates ERROR!!!

Similar Messages

• Certificate error while calling a webservices from application deployed in

  Hi,
  When we are trying to invoke a web service from a client application which was deployed in weblogic server we are getting the certificate error. We are using go daddy certificate. Here is the log file
  Anyone Please advice.
  FileName
  weblogic.log
  FileComment
  <Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
  <Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
  javax.xml.ws.WebServiceException: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:322)
  at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
  at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
  at javax.xml.ws.Service.<init>(Service.java:56)
  at wvudatacollection.wsproxy.scheduler.TimeClockScheduler_Service.<init>(TimeClockScheduler_Service.java:71)
  at wvudatacollection.wsproxy.scheduler.TimeClockSchedulerServiceWrapper.getStatus(TimeClockSchedulerServiceWrapper.java:96)
  at wvudatacollection.wsproxy.scheduler.GetSchedulerStatusWrapper.getStatusCode(GetSchedulerStatusWrapper.java:10)
  at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:561)
  at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2113)
  at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:3009)
  at oracle.adf.model.bean.DCBeanDataControl.invokeMethod(DCBeanDataControl.java:436)
  at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:256)
  at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1437)
  at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2120)
  at oracle.adf.model.bean.DCBeanDataControl.invokeOperation(DCBeanDataControl.java:464)
  at oracle.adf.model.adapter.AdapterDCService.invokeOperation(AdapterDCService.java:307)
  at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:693)
  at oracle.adf.model.binding.DCInvokeAction.refreshInternal(DCInvokeAction.java:47)
  at oracle.adf.model.binding.DCInvokeAction.refresh(DCInvokeAction.java:33)
  at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3107)
  at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
  at oracle.adf.controller.internal.binding.TaskFlowRegionController.refreshRegion(TaskFlowRegionController.java:145)
  at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3038)
  at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
  at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareRender(PageLifecycleImpl.java:548)
  at oracle.adf.controller.v2.lifecycle.Lifecycle$9.execute(Lifecycle.java:224)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:192)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.mav$executePhase(ADFPhaseListener.java:21)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$5.before(ADFPhaseListener.java:395)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:60)
  at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.beforePhase(ADFLifecyclePhaseListener.java:44)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:246)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:193)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:96)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.wls.util.JpsWlsUtil.runJaasMode(JpsWlsUtil.java:146)
  at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:140)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:70)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313)
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
  at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:312)
  ... 70 more
  Caused by: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
  at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
  at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
  at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
  at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:103)
  at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
  at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
  ... 72 more
  Thanks,
  Sajja
  Edited by: user13514455 on Jun 13, 2011 8:35 AM

  We resolved this problem for the same version of JDeveloper in the WebLogic Console. In the Domain Structure / Evironment / Servers / Settings for Default Server, click the Configuration and SSL tabs. Then change Hostname Verification to None and check the Use JSSE SSL box at the bottom.

• How do I remove the certificat error everytime I try to access the Cisco Unified CM Administration web-page?

  Hi,
  Every time I want to have access to the Cisco Unified CM Console (System version: 7.0.1.11000-2), I use the https://10.10.x.x/ccmadmin/showHome.do homepage on my client computer, but when I open the page, I get a SSL certificate error, stating no trust to this webpage security certificate and if I those "continue to this page (not recommended)", I get access to the Cisco Unified CM Console web page.
  I have tried to add the https://IP-adress to secure web pages in Internet Explorer 7, but this to no avail, it does not help.
  How do I add this certificate to a trusted something, so I do not get this warning every time I open the page?
  Kind regards,
  Carl-Marius

  Hi Michael,
  It worked when I change the IP-address to the name that was written in the certificate, and imported the certificate to Internet Explorer.
  Thank you for your fast and very precise help!
  Kind regards,
  Carl-Marius

• Certificate error when try to send mail

  Masters,
  First of all sorry for my poor english. Im not IT specialist, so please ...
  I need help to fix my problem. I know there are many post with this but i can't figure out.
  We had a working enviroment with no certificate issue.
  I tried to set the Outlook Anywhere, and so i messed up something. Now if user open outlook and send / or reply a mail got a certificate error message. I don't care Outlook Anyhere anymore but i need to fix my issue...
  I have not enough reputation point, so i can't attach image. I used Snag to attach picture.
  Certification error message:
  This is how exchange certs looks like:
  The problem is occure when start outlook and start or reply a mail. Certfication error pop-up, and inside the message windows on the Certification Chain tab i see: "mydomain".local
  When i try to configure outlook anywhere i create and enable new certificate. I think when i did this i have to allow owerrite some service... I deleted that certification already.
  If i install the cert to root CA, then works ok. But i don't want to install it all our server, because its workd earlier. How can i fix this?
  Thank you

  Hello,
   First of all thank you for helpin' me.
   I do not want to use outlook anywhere anymore, but now i know need 3rd certf for work...
   Only i want to get back everything.
   I know if i install to root CA than pop up disappear (i test this one of our server) but because earlier we have no installed this cert...so i don't understand what should i did...
    1. i installed a new self-sign certificate and associate service SMTP for it.
    2. after all test failed i decided to delete this cert...
    3. now outlook get pop up with certificated issued by: ourcompany.local
               - i did not seen any certificate in the certificate store with this name...
   Now i test it again and the no pop up in outlook?! What happend? I check and the mentioned certificate not in the store?!
   If i delete a certificate and assign service to another one, how many time need to affect this to the enviroment?
  Thank you

• SSL Offloading and Certificate Errors

  I am attempting to offload SSL on an F5 load balancer.  I made the certificate request from the load balancer, procured the certificate from Entrust, and installed on the load balancer.  I then followed SSL Offloading TechNet instructions here:
  http://technet.microsoft.com/en-us/library/dn635115(v=exchg.150).aspx.  My two CAS servers still have the self-signed certificates bound in IIS.  I am getting certificate
  errors when making RPC over HTTPs connections in Outlook and the self-signed certificate is popping up.
  My question is what do I do with the certificates on my 2 CAS servers?  Do I leave the self-signed certificates on there and export the Entrust certificate from my F5 and then import it to my CAS servers and change the bindings in IIS? 
  Or do I have to make the CSR from a CAS server, issue a new Entrust certificate from that, import to both CAS servers, then import to the F5 and make sure all bindings are correct in IIS?
  Or am I completely misunderstanding how this works and need to do something different entirely?
  Thanks in advance for any guidance.

  As I previously mentioned, I have already followed the SSL Offloading guide from technet, which included unticking Require SSL for all the various objects in IIS (OWA, ECP, EWS, RPC etc.) 
  Additionally I made sure SSL Offloading was enabled for Outlook Anywhere in Powershell.  See for example output of Get-OutlookAnywhere:
  RunspaceId                         : 1bdf6a03-d43d-4478-84cc-95e18806b11b
  ServerName                         : TSTEXCG2013
  SSLOffloading                      : True
  ExternalHostname                   : tstowa.XXXX.com
  InternalHostname                   : tstowa.XXXX.com
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  XropUrl                            :
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  MetabasePath                       : IIS://TSTEXCG2013.tstXXX.tstXXXX.tst/W3SVC/1/ROOT/Rpc
  Path                               : D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking    : None
  ExtendedProtectionFlags            : {}
  ExtendedProtectionSPNList          : {}
  AdminDisplayVersion                : Version 15.0 (Build 847.32)
  Server                             : TSTEXCG2013
  AdminDisplayName                   :
  ExchangeVersion                    : 0.20 (15.0.0.0)
  Name                               : Rpc (Default Web Site)
  DistinguishedName                  : CN=Rpc (Default Web
                                       Site),CN=HTTP,CN=Protocols,CN=TSTEXCG2013,CN=Servers,CN=Exchange
  Administrative
                                       Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=XXX XXXX,CN=Microsoft
                                       Exchange,CN=Services,CN=Configuration,DC=tstXXXX,DC=tst
  Identity                           : TSTEXCG2013\Rpc (Default Web Site)
  Guid                               : 9b2bc5e2-41c1-4219-9186-8e6b8cb63dc0
  ObjectCategory                     : tstXXXX.tst/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                        : 7/10/2014 7:38:58 PM
  WhenCreated                        : 6/23/2014 2:54:36 PM
  WhenChangedUTC                     : 7/11/2014 12:38:58 AM
  WhenCreatedUTC                     : 6/23/2014 7:54:36 PM
  OrganizationId                     :
  OriginatingServer                  : TSTXXXXDC02.tstXXXX.tst
  IsValid                            : True
  ObjectState                        : Changed

• Office Web Apps deploy certificate error

  IIS Using Domain Certificate, when access "https://fqdn/hosting/discovery"  with certificate error. 
  Office web apps using same CA with Front End Server.
  new web farm with this new certificate name.
  Any suggest?
  Thanks.

  When you get the certificate are you able to view the certificate details? Do they match the name of the site?
  Do you have the appropriate root certificate installed on the client that you are browsing from?
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Certificate Error while updating Maps in Nokia N95...

  Sir/Madam
  there is an error (certificate error: contact to supplier) occurring while updating nokia maps by using "nokia maps uploader".. please help me out

  Do you mean Nokia Maps Loader or Nokia Maps Updater?
  If you want to thank someone, just click on the blue star at the bottom of their post

• Certificate error while connecting to multiple web service

  I am having a web service test client through which I can connects and get reports from multiple web services.
  In Development unix box, we are using "self-signed certificate" using keystore type JKS. In Production server, we are using certificate from CA.
  The web service is running in Development and in Production.
  Now I have developed single test client with a drop down selection for different web services. For example, if we select "Development", the request will go the development web service and if we select "Production", the request will go to Production web service.
  Now while connecting to Develpment service, we are settings the below certificates details Because we are using the self signed certificate.
  System.setProperty("javax.net.ssl.keyStore",keyStoreFileLocation);
  System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
  System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
  System.setProperty("javax.net.ssl.trustStoreType",trustStoreType);
  System.setProperty("javax.net.ssl.trustStore",trustStoreFileLocation);
  System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
  I am clearing the System properties using the System.clearProperty() while pointing to Production service. because in Production we are using the CA certificate from Thawte so these details are not required at all and our JRE (java 5) is pre configured to support that CA certificate.
  I am using Resin-2.1.12, axis1.2 and java5.
  Now the problem is
  (1) for the first time, when I send the request to Production Service URL, the report gets generated. For the next time when we are running against Development, it's giving below certificate error.
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  (2) Now restart resin and run the test client against Developemnt service URL, here report gets generated and for the next time, run the test client against Production, it's giving the certificate error.
  So for the 2nd request, it always gives the error irrespective of the web service instance selected.
  Please suggest ....thanks in advance.

  Hi  ,
  No, due to the issue is happening only on one computer.
  The error "(401) Unauthorized" usually indicates that the connection has been established but the permission check fails.  InfoPath Form Services uses the application pool identity of the web
  application to connect to resources.
  Does the account  which login the computer have permission to connect to User Profile Service Application?
  For a workaround, you can go to IIS Manager , set the User Profile Application Pool to Anonymous Access and try again.
  Also you can have a look at the blog:
  http://sharepointconnoisseur.blogspot.in/2011/04/how-to-resolve-401-unauthorized-error.html
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• I am getting a certificate error message and there is no link on the page to add this site as an exception.

  I am trying to open up the web page where we log into our employee email. Evidently the security certificate has been changed. I am getting a certificate error message, but I am not seeing a link provided where I can click to add this web site as an exception.

  This is a user to user forum. You are defintely in wrong place.

• Certificate error when downloading itunes...

  I'm getting a certificate error in Internet Explorer when trying to download itunes on new computer.
  It's blocking the download.
  Help!

  worked like a charm!  I know PSE but don't know computers that well:))

• Iphone getting a certificate error logging into Lync 2013

  Hello,
  I am having a strange issue with Lync Mobility. Android seems to work just fine, but my IPhone clients are throwing certificate errors. Everything is showing up properly in the Lync Connectivity Analyzer. The LyncDiscover URL seems to work just fine.Any
  Anyone run into issues specifically with certificates and IPhone?

  Check the following KB about Lync Mobile users cannot sign in after they update to client version 5.4:
  http://support.microsoft.com/kb/2965499/en-us
  Lisa Zheng
  TechNet Community Support

• Autodiscover, domain controllers, and certificate errors

  I have just deployed and Exchange 2013 server in one of my sites. I'm having tons of issues with it, but one issue I'm having trouble thinking through goes like this:
  All users have email addresses that are [email protected] Domain.com is our internal domain name and also a public domain. Now, in a Windows environment, if you were to nslookup domain.com within our network it
  will resolve to any one of the domain controllers. On our infrastructure master DC there is an IIS website, with SSL, that handles certificate services for our internal CA.
  Here's my problem: When a user opens Outlook and autodiscover attempts to find their Exchange connection info it first tries to reach the site
  https://domain.com/autodiscover/autodiscover.xml. If that PC happens to resolve domain.com to the DC that has our certificate services website on it then the Outlook client sends a certificate error.
  If the client is prior to Outlook 2013, the mailbox configuration just halts and throws an error.
  What do I do to prevent this?

  Hi,
  Yes, we can have the following “switchers”
  PreferLocalXML
  ExcludeHttpRedirect
  ExcludeHttpsAutoDiscoverDomain
  ExcludeHttpsRootDomain
  ExcludeScpLookup
  ExcludeSrvRecord
  ExcludeLastKnownGoodUR
  Thanks,
  Simon Wu
  TechNet Community Support

• Best practice for licence server for RDS Farm & Certificate errors

  Hello,
  I am in the process of creating an RDS farm using Server 2008 R2.  I have three Session Hosts and a Connection Broker.
  I have a set of 10 user CALs available and also another 20 on our current RDS server which will need migrating once we go live with the farm.
  I understand the User CALs need to be installed on another Server 2008 R2 and I am wondering what is best practice.  We are running on an entirely virtual environment and it would be simple enough to create another server and install the CALs on there. 
  The only issue with that is that I would need to create a replica of this new machine for DR purposes, but this would take up valuable space which may not be necessary.
  We are planning on creating replicas of one of the Session hosts and the broker for DR, so I am guessing I would need to install some CALs on the Session Host which is going to be replicated.
  There are a few options and I am just wondering what is the best way to go about things.
  Also, as an aside, I am getting an annoying certificate error each time I log a test user onto the RDS farm - I think this is because I am using the DNS alias of the RDS Farm to log on. Is there an easy way to get around this, other than the 'Do not show
  this message again'. I have been doing some research and the world of Certificates is very confusing!!
  Thanks,
  Caroline
  C.Rafferty

  Hi Caroline,
  Firstly for your License related issue, you can perform the step on any VM or can create the new VM as replica for RDSH server also. But please be sure that you have installed RD License server on it, activate it and then install RDS CAL on it. But be safe
  if possible don’t install RD License server with RDCB, please make that out of it as little away. As you can also install RD License server with AD or make replica of that and install RDL on that.
  Best practices for setting up Remote Desktop Licensing (Terminal Server Licensing) across Active Directory Domains/Forests or Workgroup
  http://support.microsoft.com/kb/2473823
  What’s the specified certificate error which you are receiving?
  If you're going to allow users to connect externally and they will not be part of your domain, you would need to deploy certificates from a public CA. In meantime you can refer blog for getting insight for certificate case.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• OEM dbcontrol 10.2.0.4 64 bit on Windows 2003 / XP 64..certificate Error

  Hi
  When DB Control (OEM) is launched, raise the error "Certificate Error" and provides the option
  on click "Continue to this website" Login page appears with certificate error..
  How / where can i find certificate or fix this problem
  -Mustafa

  You can click on View Certificate, then you will have the option to install the certificate. Once you install the certificate, you won't be prompted again.
  Once the certificate is installed, you can check it under Internet Options/Content/Certificates/Other People tab - you will see one that's issued by your Grid Control server.
  HTH

• 5800 XM "Expired Certificate" error message

  For people who own a Nokia 5800 XM, the error message of "Expired Certificate" when downloading applications onto the device will be mean you cannot load on new apps, which can be frustrating.
  Firstly you should try to update the firmware on your phone by 1 of 3 ways.
  Using FOTA (Firmware Over The Air). Another thread of mine will explain this in detail. You can find it here.
  Downloading Nokia Software Updater(NSU) and connecting your 5800 to the computer using a data cable.
  Taking the handset to a Nokia Care point if you do not want to try the above 2 options.
  **NOTE: Always be sure to make a back up of your personal details that are held on the phone as updating firmware will most likely delete any data left on the phone.
  If you have used FOTA or NSU to update your firmware, or there is no new update available then doing the following will work and will allow you to install new applications without the expired certificate error message.
  With the phone switched on, press the power button key once.
  Scroll down to and select "Remove E: Memory Card". 
  Select Yes to remove the memory card.
  Press OK and remove memory card from phone.
  Press the Dialler on the main screen.
  Type *#7370#
  Enter security code. Default is 12345 unless it has been changed.
  The phone will reset, wait for this to complete and power back on.
  Select your country and type in the correct time and date.
  Wait for the phone to complete its configurations, you may receive "My Nokia" or tutorial messages.
  Power off phone.
  Insert the memory card.
  Power on the phone.
  Wait for the phone to install any pre-loaded content from the memory card
  Phone is ready to install applications, without "Expired Certificate" error message.
  I have done the above myself and downloaded the PDF reader from the "Download" application from within the handset and it installed with no error after these steps.
  I hope this helps.
  My posts are my opinion and in no way the direct views of Nokia.
  If my posts are helpful, please give me some KUDOS using the green star on the left.

  try to sign your app(s) through Opda site.
  If you want to thank someone, just click on the blue star at the bottom of their post

• How do you know if trust certificate error about imap.aol server is the result of an imposter or the "real" aol imap server?

  I keep receiving a trust certificate error about imap.aol server. Says it may be the result of an imposter or the "real" aol imap server?  How do you determine if the trust certificate is for an imposter?

  Please post a direct link to the page you're having trouble with.