Common Name on SSL certificate
I was wondering if anyone can tell me whether the Common Name on the SSL certificate (which I plan to request from Verisign) MUST be the same as the name of the Sun One 6.0 SP6 web server instance.
For example, if my server name in the Servers tab is "svr9999.mycompany.com" but I have a DNS alias giving the machine the name "www.mycompany.com", can I use the "www.mycompany.com" name for the certificate, or does is have to be the actual "svr9999.mycompany.com" name in the Server tab?
If that is possible, is there any "special" stuff I need to do to accomplish it?
Yes, I found today that it worked fine to make the Common Name on the certificate be the DNS name I want the world to use (even though it differed from the internal name of the server instance).
Similar Messages
-
Host name on SSL certificate did not match the alias name in the URL addres
To the XI gurus,
One of our vendors had problem to send us xml invoices because the url address had our server alias name and the SSL certificate we asked them to install had the server name.
To resolve this issue, can we install two certificates (one has the alias name and one has the server name) at our XI server or we can only have one SSL certificate installed at any time?
Thanks!
Fisher LiFisher Li,
> we can only have one SSL certificate installed at any time?
To my knowledge we can install only one certificate.
Cheers
Agasthuri -
SSL Certificates Update Error in ACE 4710
Hi,
I am facing a problem while updating the SSL certificates in ACE 4710. Our certificate is expired and we have purchased a new certificate from CA. Moreover the common name of the certificate is also changed.
I tried importing the certificate to the repository and change the SSL proxy likewise to use the new certificate. but still the new certificate with new CN is not recognised by the clients. they can see the old certificate only. I even tried deleting and creating a new ssl proxy service with the new cert and attaching it to policy map.
but still the new certificate is not used even after a reboot,
Attaching screenshots and running config. Any help will be appreciated.
BR//RajivRavi,
Here are the procedures for updating your certificate on the ACE.
1) Create New RSA Key
2) Create CSR
3) Send CSR to CA authority for a new certificate
4) Import Certificate into the ACE
5) Change the ssl-proxy to use the new Certificate and Key
6) Remove the SSL-Proxy from the policy map and reapply
Now if you created the CSR on a different box, you will need to import both the RSA key are the certificate. Another thing you should be aware of is a possible change in the Root and intermediate certicates that are used by the CA. In your configuration, you have
crypto chaingroup iotms-chain-gr-1
cert inter-root-new
Is the the correct certificates for your cert? If so, it seems odd that there is only on certificate in the Chaingroup. Most CAs use an intermediate and and a root certificate.
Verify that you have the correct chaingroup (with the correct root and intermediate certificates). -
SSL Certificate common name (host name field) is incorrect
When user open the Microsoft Office Project and connect to their PWA site, they will get the message "SSL Certificate common name (host name field) is incorrect".
Which area that I look start looking at? The client computer or the server itself? The cert expiration date was still long way to go.
teikboonWhat is the url user is accessing, hotname/pwa or mycompany.com/pwa
Certificate is issued by using hostname or something else?
Hrishi Deshpande – Senior Consultant DeltaBahn
Blog | < |
LinkedIn
Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you.This can be beneficial to other community members reading the thread. -
Hi, I have problems when I tried to open a PDF document with a police of RM generated in the Laundpad, I use a self-signed ssl certificates with the common name https://127.0.0.1:8443 and the base URL in the configuration is the same. I have tried to resolve this issue during a week but i could it and I do not understand how to solve it.
If anybody can help me, please. This is the picture when I try to open a PDF file with RM policies. ThanksSo the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this! -
Problem with OAS Instance Name y Host Name to create trial ssl certificate
Hi, everyone
I have a problem when creating a trial ssl certificate from Verisign page, affer a live assistance, that page rejected my CSR generated from OAS, saying thay my common name has invalid characters.
My Oracle Application Server installation name: Instance.HostName is:
IAS_IND01.ind-internet
So, Verisign told me this name can't contain "_" or "-" characters for example.
I need to know if it's possible to change the instance name and if OAS host name changes also if i change server's host name.
I wouldn't like to reinstall all over again.
Please help.
Regards
DavidHi,
No your AS server will not automatic. even if you change your host name.
If U 'll try to change your host name, be carefull when U 'll try to start you AS instacne
it ' not start anymore , AS user hosts fill to get full quallified name of your host.
U 've two choices
-1 delete your AS, then change your hosts name, then new installtion of AS
2- If U 've exprience with AS, just breng your AS down, change your hosts name,
U 'll need to do some changes in your AS, just read admininstrator Guide.
Cheers,
Hamdy -
How can I change an SSL Certificate display name on Firefox?
I have 6 SSL Certificate to install in order for an application to open in 6 ways. Each certificate represent a way. The problem is that the pop up window i am receiving to choose one of these 6 SSL displays the Issuer CN while i need it to display the friendly name / or the description since i can modify them.
Any way this is possible?
Thanks,This article may help you
https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&s=SSL+certificate+display+on+Firefox&r=7&as=s
regards,
Gautam sharma. -
How to get the Users Name from the SSL certificate?
Trying to achieve the following:
Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
Does SSO do this or something else?Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
File scriptFile = File.createTempFile("script", ".js");
FileWriter fw = new FileWriter(scriptFile);
fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
fw.flush();
fw.close();
BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
String uName = br.readLine();
br.close();
scriptFile.delete();
if (scriptFile.exists()) scriptFile.deleteOnExit();
return uName;
} -
Exchange Server Affected by SSL Certificate Organization Name Change
We recently underwent a name change of our company. We added a few new domain names for the new company to our Exchange Server 2007 and updated our address policy to include them and everything seemed to work okay for a while. We subsequently reissued
the SSL Certificate for our Exchange Server under the new organization name (per the CA's recommendation) . Shortly thereafter we experienced all sorts of issues necessitating a rebuild of our Exchange Server. Is there any dependency between
the organization name in an SSL certificate and the organization name that Exchange Server stores it's info under in Active Directory (which still had the old name) that would cause Exchange to go haywire?Hi,
Please confirm you were creating a new domain in your AD or creating an accepted domain in Exchange server.
If you directly create an accepted domain in Exchange, the new domain would be
considered authoritative when the Exchange organization hosts mailboxes for recipients in this SMTP domain. We don’t need to create a new Exchange certificate for this new accepted domain because the
SRV records can be used to connect to Autodiscover service. And the Exchange services URLs are not changed and they can still be authenticated by the original certificate (mail.domain.com, autodiscover.domain.com).
Certainly, we can reissue a new Exchange certificate, please make sure the new Exchange certificate has included all needed namespaces for your Exchange server such as:
Mail.domain.com, autodiscover.domain.com, autodiscover.newdomain.com
We can also run Get-ExchangeCertificate | fl to check it.
Regards,
Winnie Liang
TechNet Community Support -
The name ("common name") of a valid code-signing certificate in a keychain within your keychain path. A missing or invalid certificate will cause a build error. [CODE_SIGN_IDENTITY]
If you could ask a coherent question, maybe...
Perhaps you should be posting in the developers forums... -
NEED TO REFERENCE 2 DIFFERENT SSL CERTIFICATES BASED ON VIRTUAL HOST NAMES
Hi,
If you have a managed server in a cluster that has two virtual hosts running
on it how can you intsall the ssl certificates for both virtual hosts, in
the admin console.
any help would be great!I think that you can only have one server certificate per server currently
since the certificate establishes the server's identity and there isn't
support for a server to have two identities at the same time.
"RAGUTAM BOMMAREDDY" <[email protected]> wrote in message
news:[email protected]..
Hello,
Can I reference 2 different SSL certificates in the same
weblogic.properties
file?
Reason is we have 2 groups of users for a web application: one will use
a
French-language DNS to access
the application, and the other will use English DNS. Both DNS will point
to
the same application on the same
server.
Example of what we require:
weblogic.security.certificate.server=mycert1.pem
weblogic.security.key.server=mykey1.der
weblogic.security.certificate.authority=rootCertificate1.pem
----and---
weblogic.security.certificate.server=mycert2.der
weblogic.security.key.server=mykey2.der
weblogic.security.certificate.authority=rootCertificate2.pem
mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
both
DNS1 and DNS2 point to the same application on the same box.
Thanks,
Ragu -
Creating CSR with multiple common names in a single CSR
Hello Gurus,
We are configuring SSL for which we were in the process of generating CSR from Oracle HTTP server. But we want to use multiple URL's for a server. For example
domain.example.com will be our primary URL and domain2.example.com would be our secondary URL.
Following are the questions/doubts that I have -
1. Can we mention multiple Common Name [CN] in the single CSR.
2. IF we mention our primary URL in the Common Name field , while generating the certificate can we mention secondary URL in the Subject Alternative Field[SAN]?
3. If we can mention the secondary URL in SAN, will it create Certificate import error while we import the generated certificate in OHS.Any help will be highly appreciated and if that really helps will be marked as helpful/correct.
Thanks
SaurabhHello,
If you are certain then what does this line mean
Please note that in FMW 11g. regardless of how the Wallet is created or the Wallet type used, use of Wildcard Certificates e.g ".domain" are not supported as Oracle deems them insecure.*
This line is from My Oracle Support *Understanding Wallets and Keystores in Fusion Middleware 11g [ID 1218603.1]*
Edited by: hyperEPM on Jun 8, 2012 5:04 PM -
Is there a way to change the CSR for install SSL Certificate for CCMADMIN
HI there,
Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
For that, I have exported a csr to buy a ssl certificate from verisign.
The problem is the csr includes fqdn an not just the servername
But the users just have to type in the servername to reach the server.
Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
thanks
MarcoHi
You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
Command Syntax
set web-security orgunit orgname locality state country alternate-host-name
Parameters
• orgunit represents the organizational unit.
• orgname represents the organizational name.
• locality represents the organization location.
• state represents the organization state.
• country represents the organization country.
• alternate-host-name (optional) specifies an alternate name for the host when you generate a
web-server (Tomcat) certificate.
Note When you set an alternate-host-name parameter with the set web-security command,
self-signed certificates for tomcat will contain the Subject Alternate Name extension with
the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
contain Subject Alternate Name Extension with the alternate host name included in the CSR.
Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
Regards
Aaron
Please rate helpful posts... -
SSL certificate issue with WLS 10.3
Hi All,
I am facing this issue with my WLS cluster.
<21-Apr-2010 10:42:00 o'clock BST> <Warning> <Security> <BEA-090482> <BAD_CERTIF
ICATE alert was received from system.core.com - 10.15.135.30.
Check the peer to determine why it rejected the certificate chain (trusted CA co
nfiguration, hostname verification). SSL debug tracing may be required to determ
ine the exact reason the certificate was rejected.>
<21-Apr-2010 10:42:00> <Warning> <Uncaught exception in server handler: javax.ne
t.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from
system.core.com - 10.15.135.30. Check the peer to determine wh
y it rejected the certificate chain (trusted CA configuration, hostname verifica
tion). SSL debug tracing may be required to determine the exact reason the certi
ficate was rejected.>
Please suggest. I have also tried the below settings.
Node Manager:
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
Many thanks in advance.Hi Sandip,
I am facing this issue right after when I have configured the listen address to my system IP in Machine(NodeManager), earlier it was "localhost".
Also I have tried to generate the certificates e.g.
C:\bea\wlserver_10.3\server\bin>java utils.CertGen -cn system.core.com -keyfilepass DemoIdentityPassPhr
ase -certfile mycertificate -keyfile .keystore
Generating a certificate with common name system.core.com and key strength 1024
issued by CA with certificate from C:\bea\WLSERV~1.3\server\lib\CertGenCA.der file and key from C:\bea\WLSERV~1.3\server
\lib\CertGenCAKey.der file
C:\bea\wlserver_10.3\server\bin>java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePa
ssPhrase -keyfile .keystore.pem -keyfilepass DemoIdentityPassPhrase -certfile mycertificate.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
Imported private key .keystore.pem and certificate mycertificate.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
Tried the above but not wokring. Please advise.
Edited by: R Vashi on 21-Apr-2010 03:38 -
SSL Certificate Error in AIX server~~~SCOM 2012 R2
Hi Everyone,
While installing SCOM client i am getting below error. Plz suggest.
Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve.
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.Hi Pawan
Have you exported/imported scx certificates?
Check out Kevin Holmans blog on installation of UNIX/Linux agents:
http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
www.coretech.dk - blog.coretech.dk
Maybe you are looking for
-
Hello: I have JWS app I've been working on for a long time. I just added JavaHelp to it. I got it all working nicely on my local machine. When I went to deploy in JWS, I ran into a permission problem. JavaHelp is included as an extension, and I've se
-
Use of Dimensions in Multiprovider?
Hi Experts, Can any one let me know while creating Multiprovider,why we should again select the infoobjects(from sub cubes) in to Dimensions(in MP)?Is it necessary?what are the Pros and Cons of this concept? Thanks James
-
Turning sound off on camera shutter?
completely new to Droid here. I have looked every where for something that will turn the shutter sound off of the camera when taking pictures. Anyone have a clue?
-
CD importing and syncing problems
I imported a CD into my library but everytime I try to put the music onto my phone it says "Updating File" but stops after like a second. There's also a dotted circle next to the songs but I made sure there's sufficient space on the phone and the man
-
Reporting and Analysis server down need to move to another server
I lost my original server for RA and re-installed the components on another server, however, when I try to access from workspace, I receive the message *"Could not find a Hyperion Reporting and analysis server running on "old server name' at port 680