Comodo Certificate

Similar Messages

• How to install Comodo email certificate?

  Hi! I just obtained a brand new free email certificate from Comodo, but I can't make Mail see that!
  Before Lion I used certificates, but I don't remember how I got Mail to see them.
  I tried double clicking on the file, and it installs it correctly under "login / All items", but Mail doesn't seem to be affected. I read on the web that the certificate should be placed under "login / My Certificates", but copy/paste doesn't work!
  Is anyone using Comodo or similar certificates with Lion 10.7.2 and Mail.app ?
  Cheers!

  I can't seem to get this to work either.
  I downloaded an email certificate from Comodo.  It saved as a .p7s file, which I double-clicked to install into keychain. 
  In keychain, I have an apple certificate with a private key for my apple ID, which is the same gmail address as the address I used for the comodo certificate.
  However, there appear to be two separate certificates from comodo: one named for my gmail address, and one named "COMODO Client Authentication and Secure Email CA".  These show up under "Certificates" but not under "My Certificates"...
  When I launch Mail and check for TLS certificates in account preferences, I only see the apple ID one listed, not any of the ones from comodo...
  Any idea what's going on here?
  Thanks,
  Trevor

• Comodo InstantSSL

  Hi,
  I'm having a problem with my HTTPS website:
  - The site is secured by Comodo InstantSSL cert, which, itself is signed by GTE
  - a page contains an Applet
  When Java plugin (1.5.0_04) tries to load the applet over HTTPS it says that the certificate cannot be verified and asks you to either trust the site or not...
  It's working everywhere except for Java Plugin... When looking at the cert it's showing I only see two certs in the chain - my site and Comodo... GTE is missing... If I view it from Internet Explorer it shows all three and hence can find the trusted authority.
  I know of one solution - import Comodo CA cert into my java key store but I cannot ask all users of our website to do so.
  Why doesn't Java Plugin go all the way up the chain????
  Thanks!
  Artem

  The applet itself must probably be signed. You could not sign applet with comodo certificates.

• Yosemite Server Signed Certificate vs OD and Profile Manager

  Hello Again,
  For more info on my setup follow the thread exchange Yosemite Server forward zone vs SSL types
  I've purchased a Comodo Positive SSL that covers www.example.com and example.com
  I asked OS X Server to use it and it went on to set up this Comodo signed Certificates up for Calendar, Mail (Pop and iMAP), Mail (SMTP), Messages and Websites.....
  ... But not for Open Directory which uses the xyz.example.com OD Intermediate CA.
  In Profile Manager, Configuration Profile Sections, I have checked "Sign Configuration Profile" and the only choice if I click the "edit" button is the "xyz.example.com OD Intermediate CA".
  1- Should OD use the Comodo Certificate like all other services?
  2- Will the Comodo certificate appear in the Profile Manager If I tell OD to use it?
  Francois

  Sorry Here,
  Hope I understand this correctly.
  The Comodo Positive SSL is a Web certificate. Although I ask OD to use it, it didn't.
  Then Profile Manager expects a "code signing" certificate which is why all it saw was Open Directory's one.
  Francois

• Native signing not supported on mac!!

  To sign both the installer and its executable we're using Thawte and Comodo certificates. For MacOS we've Thawte and Apple. This following command builds a proper signed installer version (along with its executable .exe) with the combination of both the certificates, in Windows:
  adt -package -storetype pkcs12 -keystore myCert.pfx -target native -storetype pkcs12 -keystore myCert.pfx myApp.exe myApp.airi
  (http://help.adobe.com/en_US/air/build/WS789ea67d3e73a8b22388411123785d839c-8000.html)
  When running the same command to compile a .dmg file - ADT reported an error:
  Native signing not supported on mac
  I'm not sure if the adt doesn't has the ability to do such process in MacOS unlike Windows! Any idea?

  Hello Ken,
  Thanks for commenting. But that 'solution' already tested and its found not true with recent AIR SDK version.
  If you do this:
  adt -package -storetype pkcs12 -keystore myCert.pfx -storetype pkcs12 -keystore myCert.pfx myApp.exe myApp.airi -target native
  You'll have compiler error:
  "-storetype already specified", and you can see why in the command
  If you do this:
  adt -package -storetype pkcs12 -keystore myCert.pfx native -storetype pkcs12 -keystore myCert.pfx myApp.exe myApp.airi -target
  You'll again have compiler error:
  "not enough argument"
  I don't think this have a fix yet.
  I lodged a bug at: https://bugbase.adobe.com/index.cfm?event=bug&id=3655573

• Configuring PI SSL for communicating with third-party web services

  Hi,
  I'm trying to load a COMODO certificate into a J2EE environment running in NetWeaver 7 (no enhancement packs), in order to connect to an external web service using SSL
  I have been looking at this reference:
  http://help.sap.com/saphelp_nw70/helpdata/en/a0/a5d13f83a14d21e10000000a1550b0/frameset.htm
  and in this document (and many others i've read) it talks about requiring a server key pair to support SSL.
  http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  My question is - is there a way to use the self-signed root CA certificates instead of having to generate CSRs and sign certs?  I ask this because it seems completely impractical to have to generate key pairs for each SAP installation that is required to access a third-party web service.
  Furthermore, the SSL connection may only be for the web service and I'd rather not have to ask that the entire J2EE server is switched to SSL in order to make this secure connection. I've recently discovered the AXIS framework for the SOAP adaptor however I'm not familiar with it and can't identify whether you could use this for the SSL handshake and avoid having to a) generate certificate key pairs and b) switch your J2EE server to SSL
  Does anyone have experience connecting to a third-party service using VeriSign, COMODO or Thawte certificates and can clear this up for me?
  Regards,
  John

  Did you resolve your issue?
  I´m posting some comments that maybe can help newer administrators facing similar doubts.
  I´m using NW PI 7.1 EHP1 also and some interfaces were developed for using an external site providing web services through SSL (HTTPS) connection.
  As in browser navigation, secure sites protected with SSL has a certificate emited by a international CA. We didn´t perceive the "handshake" in the most of cases because normally the web browser has a group of trusted CAs loaded on its certificate store.
  With SAP PI and its WAS Java a similar procedure occurs with a small difference. The WAS Java didn´t have the trusted CAs loaded on KeyStorage. So, when the adapter tries to establishing a connection with an HTTPS site (it is a background process)  a "handshake" is required to accepting the certificate and produces a error.
  We completes the handshake importing the entire certificate chain (you can upload the site´s certificate to your browser and export it as file) on Keytore under the Trusted CAs view.
  Hope this can help someone. It´s an "easy" part of SSL communication.
  Now I´m trying to configure the inverse: Some third party consuming the PI web services using SSL. I have an additional component on inbound/ incoming connections that is the SAP Web Dispatcher.
  The Help.sap.com is the reference but as always its a little difficult to find the (sequential) path following the links (go ahead, go ahead, go ahead, go back, go back, go ahead)...
  Regards,
  Rodrigo Aoki

• Applet work with JRE 7_51 but NOT with JRE 7_45

  Hello,
  My major problem is, that my Applet signed with COMODO certificate DOES NOT WORK with JRE 7_45.
  The SAME applet works fine with JRE 7_45, if I sign this applet WITH A SELFMADE UNTRUSTED certificate.
  WHY the comodo signed applet doesn't run in JRE 7_45 ???
  If i launch the comodo signed applet with JRE 7_51 it works perfect !!!
  But in our company we got JRE 7_45 and I have to deal with JRE 7_45. That’s my problem.
  Could you please tell me a solution what I have to do that the comodo signed applet works also in JRE 7_45.
  Thank you!
  Philipp

  Thanks gimbal2.
  I agree the problem may be in the proxy or in the firewall but I don' to know how to prove it as if i call the servlet url from browser I dont have problems .
  The version im using is 6.45 but im sure the same problem occurs also with other versions of JRE6 .
  ... and the problem disappear with JRE7 ...
  trouble is my company want people to use JRE6
  any idea ?
  Gio

• The publisher of the extension cannot be verified.

  Hi there,
  I'm trying to sign a manually created ZXP file using the ZXPSignCmd application. As the plugin comes as a part of a software package and installed by it, I can't generate a dummy certificate and re-sign the plugin using Adobe Exchange facility. So I have to use a commercial certificate to make sure no warnings will be shown to the end user.
  Here is the command line:
  ZXPSignCmd.exe -sign src plugin.zxp certificate.pfx <password> -tsa https://timestamp.geotrust.com/tsa
  The "certificate.pfx" is a commercial Comodo certificate I use for signing applications. It is recognized on all modern operating systems without downloading any intermediate certificates.
  I get a signed ZXP-file as a result, but when I try to install it using extension manager I get the "can not be verified" error. Here's what ZXPSignCmd.exe -verify tells me (private data removed):
  c:\>ZXPSignCmd.exe -verify plugin.zxp -certInfo
  *********** Certificate Information ***********
  CN: <company name goes here>
  OU:
  DN: <certificate details goes here>
  OS Trusted: false
  Revoked: false
  Timestamp: Valid and within certificate validity dates
  Signature verified successfully
  I guess that the "OS Trusted: false" is the key, but have no idea what to do about this. The certificate is more than valid and I have no issues with it so far. Any ideas what to check or try?
  I have also tried to get a detailed log of the installation, just in case. Here are the most interesting lines, I guess (private info removed):
  [Warning] Tue Mar 04 20:21:01.904 2014 (..\Source\Util\SignatureValidator.cpp, 155) -CSignatureValidator::verifySignature: timestamp has an in-range date and is valid!
  [Trace] Tue Mar 04 20:21:01.905 2014 (..\Source\Util\SignatureValidator.cpp, 191) -CSignatureValidator::verifySignature: extension in C:\ProgramData\Adobe\Extension Manager CC\Temp\TMP_20140304202059550: dn-"<certificate details>", cn-"<company name>", ou-""
  [Trace] Tue Mar 04 20:21:01.906 2014 (..\Source\Util\SignatureValidator.cpp, 237) -CSignatureValidator::verifySignature: extension is 3rd_party_signed_untrusted!
  The second question is about the timestamping service. Not sure if it is related, but anyway. I tried to use another timestamping service, suggested by Comodo: http://timestamp.comodoca.com/authenticode, but got the error:
  Error - the timestamp returned from the chosen TSA could not be verified, so the ZXP created is likely to be rejected by other tools. Please recreate your ZXP with a different trusted TSA.
  The question is: should I worry about this at all, or I can simply use the standard geotrust time server? Can timestamp server affect the signature validation?
  Thank you.

  Hi ov-ov,
  Thanks for getting in touch.
  In answer to your second question, it is probably best to use the standard Geotrust time server when you see that error. Different timestamping services may use different formats for their timestamps - Geotrust's is definitely understood by ZXPSignCmd's verification process, but there are other formats which it cannot handle at present. Therefore, if ZXPSignCmd will be used to verify the ZXP's timestamp (e.g. before loading an Adobe Extension or installing via Extension Manager), it is important that it is able to verify the timestamp successfully.
  ZXPSignCmd immediately tries to verify the timestamp it receives from the timestamping server, so if this error is seen then it means that ZXPSignCmd will not be able to verify it later either.
  Regarding the "OS Trusted: false" output you are seeing - could you please email me your ZXP at fgregor at adobe dot com so that I can inspect it?
  I suspect that the problem may be to do with the ordering of certificates in the signature, but it is difficult to tell without looking at the signature itself.
  Best wishes,
  Fraser

• [Exchange 2010] Autodiscover on outlook 2010 doesn't work and OWA can't be browsed internally

  Hi,
  Since this morning, I'm getting weird issues with Exchange.
  1) Some people can open OWA with Firefox but with IE or Chrome can't. On Chrome, it says the certificate is malformed and hence it can't open the website. I can access OWA externally.
  2) Some users are getting security alert for OWA and autodiscover certificate.
  3) Autodiscover doesn't work and it failed to connect when I run test connectivity and configuration from Outlook client.
  Has anyone had any similar issues like this?
  Since that we didn't make any change to the environment and email is going through fine via outlook, I'm afraid to do some config changes on Exchange.
  Thanks,
  John

  It's fixed now. It was the issue with comodo certificate. Comodo issued a new intermediate cert yesterday morning. Some users didn't get the cert so we pushed out manually.

• Adobe Extension Builder signing error.

  We are trying to sign our own plugin for adobe indesign and we have a valid Comodo certificate but seems like it keeps showing a warning everytime is installed in the extensión manager of any computer. We have searched for different solutions but none seems to be working. Which steps should we follow to make sure it Works.
  Thanks,
  Cesar.

  Thanks Fraser.
  I'm signing with Extension Builder with Eclipse (Flash Builder)
  I'm installing with Extension Manager CS6. With Extensión Manager CC occurs the same problem.
  Here a screenshot of the error we get.
  Thanks!
  Cesar.

• S/mime not digitally signing

  Hello,
  I have this strange problem there Thunderbird simply doesn't sign or encrypt.
  I have added my s/mime comodo certificate to thunderbird, i have verified the certificate was valid inside thunderbird.
  the option to digitally sign is enabled by default
  digitally encrypt is set to "never" by default.
  now when i send out emails they do not contain any certificate.
  So it appears thunderbird is simply not digitally signing at all.
  I am using thunderbird from Ubuntu, i do not know if i need to do anything with security devices ( i left this default).
  Any help about this issue will be much appreciated.
  Regards,
  Marco

  hmm
  normally atleast in outlook it clearly shows you have a s/mime certificate.
  I checked in both OWA and Outlook after sending a mail to my self from TB --> nothing showed.
  If i chose to encrypt i can still read it on my mobile that doesn't have s/mime support (didn't enable the extra plugin for android there), if i do the same with my outlook s/mime it:
  1) becomes unreadable after encryption on devices that do not support s/mime
  2) shows a certificate icon
  So in all accounts i am pretty sure my TB doesn't do anything with s/mime.
  I actually seen similar complaints in the original addon before it was integrated in TB it self.
  Regards,
  Marco

• Will zeroizing and regenerating the Default-RSA-Key affect any other general purpose keys on my ASA 5545x?

  I have an ASA 5545x that is a production device for receiving all AnyConnect VPN traffic for our organization. We purchased and installed a Comodo certificate to create the trust level necessary for our employees to connect. I'm attempting to enable SSH on the device for management purposes, but the current <Default-RSA-Key> does not allow me to initiate a valid SSH session. I have encountered this issue on other ASAs within our organization, and it hasn't been an issue to simply zeroize the current key and regenerate it to restore the ability to SSH to the devices. Where the snag comes in is that this 5545x is the only ASA that has a key installed that wasn't self signed. With that in mind, I have a few questions about whether 3rd-party signed keys are dependent on the self-signed keys on the device. I intend to zeroize both the <Default-RSA-Key> and the <Default-RSA-Key>.server certificates if they will not affect my VPN-associated Comodo key.
  Does the Comodo key depend on other keys existing on the ASA?
  Am I free to zeroize only the <Default-RSA-Key> without affecting the VPN associated Comodo key?
  Here is the result of the command "show crypto key mypubkey rsa" :
  Key pair was generated at: 12:02:29 CDT Aug 19 2014
  Key name: <Default-RSA-Key>
   Usage: General Purpose Key
   Modulus Size (bits): 1024
   Key Data:
  <Redacted>
  Key pair was generated at: 10:16:52 CDT Sep 20 2012
  Key name: my.comodo.key
   Usage: General Purpose Key
   Modulus Size (bits): 2048
   Key Data:
  <Redacted>
  Key pair was generated at: 01:35:42 CDT Jul 30 2014
  Key name: <Default-RSA-Key>.server
   Usage: Encryption Key
   Modulus Size (bits): 768
   Key Data:
  <Redacted>
  Thank you to any and all that assist me in understanding how the ASA handles certificate keys.

  As long as the Comodo-signed certificate is bound to the my.comodo.key private key (i.e. you used that key when generating the certificate signing request), you should be fine to zeroize the Default-RSA-Key. The latter should ideally only be used for ssh access.

• Signing\Digital signature on JNLP file

  Hello,
  I have signed my JWS app jar files with a valid certificate (COMODO) and this works fine but the user still receives a warning message that states:
  'Part of the application is missing a digital certificate'.
  Inspecting the warning indicates that the JNLP file isn't signed.
  http://www.broughty.com/images/JNLPSigning.PNG
  My JNLP files are built and streamed on the fly via a servlet.
  It would appear this may be due to the property tags we use and that somehow magically prefixing the property name value with .jnlp or .javaws will help.
  http://docs.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/settingArgsProperties.html
  However this 'prefixing' doesn't seem to work - at least it made no odds to the warning I got when I altered the JNLP creating servlet to generate the reource property tag values with a .jnlp or .javaws prefix.
  There is another old thread on this issue but, as with a lot of threads on here, OTT admin's have locked it with a snarky final comment for posterity.
  I would imagine that a lot of web start apps are signed so how have other people got around this? It isn't a showstopper but I would be happier if at least the JNLP warning could be removed.
  Cheers
  Mat
  p.s has anyone managed to get the 'insert a link' button to work on this forum?

  Assuming that you have actually signed it properly using the private key associated with the COMODO signed certificate then it looks to me as if the COMODO certificate is not trusted so the signature on the jar files cannot be verified. Is the COMODO certificate in the Java trust store?
  P.S. I suspect your "property tags" comments are just a red herring.

• PSCS6 - licensing verification fails when installing an extension

  I receive the error message when using Extension Manager "this extension cannot be installed because licensing verification failed".  I have checked the My Products and Services section of the Adobe web site and it shows my correct serial number for PSCS6.  How can I overcome this problem so that Adobe knows I have a valid license and let me install the extension?
     Russell

  Hi Russel,
  I'm the panel developer; I'm investigating the issue even though it looks quite strange because (unless something weird has happened) the ZXP you've got is the very same that is distributed through Exchange.
  Jonathan, I'll keep you updated on the topic - please do the same if you happen to understand what could fire that licensing error. (by the way the package has been built with a Comodo certificate that will expire in October, so it shouldn't be a packaging problem).
  Kind regards
  Davide Barranca
  www.davidebarranca.com

• Amazon https does not load properly

  I cannot access my Amazon account (using '''https''') with Firefox.
  Images do not load ''when using https''. As the "Continue" button is an image, it does not appear on the page.
  This only happens with Amazon (.com, .co.uk and .fr) and no other secure website.
  To access my Amazon account, I have to use IETab, IE9 or Chrome, as the problem ''only'' exists with Firefox.
  I have restarted with all add-ons disabled: no change.
  I have updated all the plugins: no change.
  I do not use any "https-only" add-on.
  This problem used to happen very occasionally and would disappear, but it is now permanent.
  I see other Firefox users have been reporting the same problem for at least a year now, so this is not unique to me.
  Any suggestion welcome...

  Solution:
  There is problem with the SSL-Certificate of the Amazon images Server
  The SSL Website of Amazon want to load a Javascript form https://images-na.ssl-images-amazon.com and this gives an Javascript error in FF:
  ''fwcim is not defined
  Quelldatei: https://www.amazon.de/gp/css/homepage.html?ie=UTF8&ref_=topnav_na
  Zeile: 902''
  To solve this error open the page https://images-na.ssl-images-amazon.com/images/G/03/x-locale/common/login/fwcim._V182746877_.js direktly.
  FF will show a certifacte problem (see grafik).
  trust the site and add the Server to the trustet sites and all will work.
  Perhaps it is only a problem of Firefox, because IE and Chrome will work.
  It's a COMODO certificate.
  Wolfgang