Cisco NCS install signed certificate

Similar Messages

• Step by Step Instructions for Installing Self Signed Certificate using Certificate Modification Tool

  I am looking for some step by step instructions for installing the self signed certificate from my Microsoft SBS 2003 server on a Treo 755p and 750p.  In particular I need some help with the form of the actual certificate and how to use the Certificate Modification tool. 
  Some questions I have are as follows:
  1. When I install the certificate on a Windows Mobile device I used an exported version of the certificate.  This export is done using the DER x.509 format.  Is that the same form I’ll need for the Palm?  Do I need some other form? Can/should I just use sbscert.cer file that is generated when SBS is configured?
  2. Does the self signed cert need to be installed on the computer being used to update the Palm or do we just need to be able to access the appropriate .CER file?
  3. There are three things included in the PalmCertificatesTool.zip file:
                                  Trusted CAs (folder)
                                  Cert2pdb.exe
                                  PalmCertificates.exe
     How do I use these tools?
  4. It looks like the PalmCertificates.exe file opens an interface that will allow me to browse to the desired .CER file.  Then I suppose I use the < Generate PDB > to create something that needs to then be uploaded to the Palm device?  Not having any real experience with a Palm device how do I upload and install this file? 
  5. Once uploaded do I do something on the device to install it?
  If there is some white paper that provides step by step instructions on doing this that would be great.
  Thanks,
  Walt Bell
  Post relates to: Treo 755p (Verizon)
  Post relates to: Treo 755p (Verizon)

  Thanks for that.
  I have one question after reading the article 43375:
  The article has you "Turn of AutoSync" and then "Reset the device".  It then indicates the device should be left idle. 
  The next step relates to running the PalmCertificates.exe, navigate to the certificate file and add it and then run the < Generate PDB > button.  Should the device be connected to the computer during this process? If so, at what point after the reset do you connect it to the computer?
  Thanks!
  Post relates to: Treo 755p (Verizon)

• Installing self signed certificate

  I'm trying to install a self signed certificate in iPhone OS 3.1.3 so that I can securely access a web service at home via mobile Safari and an application that uses the same web service. I've tried emailing myself the certificate and installing it but Safari still prompts with it's "Accept Website Certificate" warning. The certificate is clearly installed under Settings->General->Profiles.
  I've also tried installing the certificate via iPhone Configuration Utility with the same result. I also followed these steps on my iPad and everything worked flawlessly which points to an OS issue. I was wondering if anyone else has seen this behavior?
  Thanks!

  I have a self-signed cert on my 5.2 DS. I used a version of certutil that ships with DS52. The cert DB files have the following name format under the alias directory, slapd-instancename-cert7.db. For auto startup you;ll need to create a slapd-instancename-pin.txt file that contains the string "Internal (Software) Token: yourDBpassword"
  If you have more questions, ask away.
  HTH,
  Roger S.

• Is it possible to install a self-signed certificate to a phone?

  I made a self-signed certificate with KeyTool and I use the corresponding private key sign a MIDLet with jarsign tool.
  Now I don't know how to install the certificate to my phone. I also want to is it possible to do this?
  thanks.

  Hi,
  Check out this
  http://www.spindriftpages.net/pebble/dave/2006/06/18/1150641917692.html
  thanks,
  anup

• Cisco Network Setup Assistant Unable to install the certificate on Android KitKat

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

• NSUserDefaults stopped working after installing code sign certificates (?)

  The following code has worked fine in the iPhone simulator.
  NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
  myFloat = [userDefaults floatForKey:@"myFloat"];
  myString = [userDefaults stringForKey:@"myString"];
  Today I installed the code signing certificates and all the updates necessary to deploy my code to a device. That part works fine, and I'm able to install and run my apps on the iPhone device.
  The problem is that the above code has stopped working. myFloat is now always 0.0 and myString is now always nil. If I go into the Settings app, my preferences UI is still there and I can change and persist the preference values. But my app no longer sees those values.
  I'm assuming this broke because of the changes related to code signing and device deployment, but I'm not sure since there is no way (?) to roll back those changes.
  Has anyone else encountered this problem?
  Thanks,
  Nick

  I have the same issue with SDK Beta 7, I can't get my preferences to persist (although in my case I'm not using the Settings app to alter settings). This is what I am doing:
  +(void) initialize
  NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
  NSDictionary *appDefaults = [NSDictionary dictionaryWithObject:@"YES" forKey:@"SomeValue"];
  [defaults registerDefaults:appDefaults];
  in initwithFrame:
  if ([[NSUserDefaults standardUserDefaults] boolForKey:@"SomeValue"]) {
  [[NSUserDefaults standardUserDefaults] setObject:@"NO" forKey:@"SomeValue"];
  } else {
  [[NSUserDefaults standardUserDefaults] setObject:@"YES" forKey:@"SomeValue"];
  and I synchronize in applicationWillTerminate. Settings just don't persist.

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• How to install self-signed certificate with iOS 4?

  I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
  I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?

  I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
  I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?

• How-to install a self-signed certificate on Sony Ericcson W350

  I am a developer and I am writing a j2me application for a Sony Ericcson W350 phone which needs to be able to use the phones SMS capabilities.  I have a signed .jar and .jad file with a self-signed certificate.  However, the phone is still treating my application as an untrusted third party app.  I think this is occuring because my self-signed certificate isn't in the java certificate store on the phone. Is there a way to load my self-signed certificate into the java certificate store?  I have tried copying it over to the phone via bluetooth and usb and installing it through the filesystem, however there isn't an option to install the certificate when browsing to it from the phone's filesystem.  Any help would be much appricated.

  Deactivating existing Java certificates prevented me from installing the .jad file.  I accessed the phone's file system using both Sony PC Companion with USB and using the OS file browser over bluetooth.

• Prime NCS: 3rd party Certificate for Admin Website

  Hey,
  i'd like to create a signing request on a NCS soft appliance to install a certificate from our corporate CA.
  NCS1/admin# ncs key genkey -newdn -csr server.cert repository TFTP
  The WCS server is running
  Changes will take affect on the next server restart
  Generating RSA key
  INFO: no staging url defined, using local space.        rval:2
  tftp: /opt/CSCOncs/migrate/restore/server.cert: No such file or directory
  i also like to modify the current Organisation and Organsiation Unit.
  any ideas?
  thanks
  alex

  Alex,
       The only thing I can find is the following referrence:
  http://www.cisco.com/en/US/products/ps6305/products_configuration_example09186a00808a94ca.shtml
  The NCS guide points to this example and you should be able to input the information.
  HTH,
  Steve
  Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

• ACS 5.3 / Self Signed / Certificate base auth

  Hello,
  Our ACS (5.3) has self signed certificate, we have exported it and declared it in Certificate Authorities.
  We have exported it to have a Trusted Certificate for client machine.
  This certificat has been installed on a laptop.
  The wlc is successfully setup for eap (peap & eap-fast has been tested > ok)
  I have this error in the log:
  12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in  the client certificates chain
  I think the Access Policies (identity & authorization) are misconfigured:
  > I allowed Host Lookup, PAP/ASCII, MSCHAPV2, EAP-MD5, EAP-TLS, PEAP, EAP-FAST
  > Identity: System:EAPauthentication match EAP-TLS
  id Source: AD in which AD, Internal Users, Password based, certificate based CN Username are enabled
  > authorization: System:WasMachineAuthenticated=True
  Thanks for your help,
  regards,

  Hello,
  I found the answer here:
  https://supportforums.cisco.com/message/1298039#1298039
  ACS self-signed certificate is not compatible with EAP-TLS
  Thanks,

• Self signed & CA signed certificate

  Hi Experts,
  Please consider below scenario.
  users -
  >Outer Firewall----.Portal with static content ->Cisco load balancer ->Inner Firewall>Apache>Web dispatcher-->SRM Portal with dialog instances -
  > SAP SRM -
  >Backend.
  Here user will directly hit Cisco load balancer ( public IP ) So we will be installing CA signed certificate from vendor like Verisgn , Entrust etc.
  But at Apache server ( private IP ) , do we really require  CA signed certificate from vendor like Verisgn , Entrust etc.
  I mean even if we install self signed certificate at Apache it will do encryption & decryption . Also user will  not directly access Apache. so they will not see warning  messages.
  So as  self signed certificate will do encrytion & decrytion , do we really require  CA signed certificate from vendor like Verisgn , Entrust etc  at Apache?
  Best Regards,
  Tushar.
  Edited by: TChavan on Jan 7, 2011 1:18 PM

  Quoting myself again , in [this thread|SSL Setup in a load balanced portal; I wrote: You probably don't need a signed cert on the portal (Apache in your case) server itself (depending on whether your LB validates the cert). You could just use the default self-signed cert, since users won't be connecting to it directly and so won't be troubled by warnings about untrusted certs: the traffic from the AS would still be encrypted, you would only lose out on the server authentication feature (which you don't need, since again users won't see it).
  Regards,
  Sean

• Any easy way to install SSL certificates

  Hello
  is there a easy to install SSL certificate on ASA, rather than enroll with a public CA?  ASDM has a place to import certificates.  Can I just upload a SSL certificate I got from my CA to ASA, withou setup CA enrollment?  And if yes, how can I generate a SSL certificate request from my ASA 8.2?
  Thanks a lot

  Hi,
  As for generating a certificate signing request, you might want to check the following:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml
  HTH

• Can ACE produce a self signed certificate?

  Hi people,
  I have used ace to create a csr and then send it to verisign and install the signed certificate on ACE so that it acts as ssl-proxy termination.
  But now I want to know if it's possible for ACE to create a self signed certificate. (instead of sending it to verisign to sign it).
  Can this be done?
  thanks,
  george

  HI George,
  As far as I know, there is no option to signed your certificates from ACE.  You'll have to create keys and certificates on a separate device using openssl and then import them into the ACE module.
  http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_Routed_Mode_Configuration_Example#Using_OpenSSL_to_Generate_a_Self_Signed_Certificate

• CA signed certificate for Jabber 4 windows

  Hi,
  I have a CA signed certificate for my J4W which is working my question is how can I get J4W when you login the first time after installation not to prompt for you to accept the certificate and it does it 4 times, after that you never get it a again, but for bulk roll out purposes is there a way I can bypass this issue?
  Thanks in advance.

  I'm just working through this too, with a Microsoft domain-integrated CA.
  Some of the other posts were not clear in regard to WHICH cert gets dealt with in which way. Someone please let me know if this process below is inaccurate or incomplete.
  Assuming you have three different severs and only one of each type: CUCM, IMPS, UCxN
  -Generate CSRs for the CUCM, IMPS, UCxN tomcat self-signed certs and export them as clearly named CSR files (3 of).
  -Generate a CSR for the IMPS xmpp self-signed cert and export it as a clearly named CSR file (1 of).
  -Sign all four CSRs with the CA web browser https://ipaddress/certsrv.
  -Export the CA's root certificate in Base64 format using the cert authority name as the file name (only for clarity) e.g. mydomain-AD-CA.cer. Do not rename the file after download.
  -Import the CA's root certificate into each Cisco UC server's tomcat-trust and into the IMPS xmpp-trust. This must be done before the next step.
  -import the CA-signed Cisco UC server SSL certs (that started out as CSRs) as tomcat certs. Import the CA-signed xmpp cert as an IMPS xmpp cert. This replaces the tomcat (and IMPS xmpp) certs with certs that have been signed by the CA.
  -restart the Cisco Tomcat feature service and the Cisco XMPP Router service on each Cisco UC appliance using the CLI "utils service restart Cisco Tomcat"
  -restart the Cisco XCP Router network service on IMPS.
  -Install the CA's root certificate into the client's (assuming Windows) Manage User Certificates > User > Trusted Root Certification Authorities cert store. If you have a domain-integrated MS CA, this will already exist (and should exist, or something else is wrong, or not completed yet with the PKI Infrastructure setup). Look in the User > Trusted Root Certification Authorities cert store - if you can see the CA's root cert that you just installed = great.
  -Test 1: Browse to CUCM by FQDN using IE. https://cucm.mydomain.com/ccmadmin. You should get a perfect alert-free connection to CUCM. This proves that the PKI infrastructure is good.
  -Test 2: Start J4W. It should start up without any popup alerts providing the UC Service Profile and CSF Device config only use FQDNs, that match the certificates you signed with the CA
  -BTW: If you've previously manually accepted J4W popup alerts, before starting J4W go into Manage User Certificates on the Windows client and find and remove all self-signed Cisco UC  appliance certs. Leaving them there will fool you into thinking you've done a complete job when in fact it's not the case.
  ---Well that 's the theory anyway.