Create self signed ssl cert
I'm trying to test the app server. Is there a quick way to install a self signed server certificate (I'm running Windows 2000 pro).
Thanks
Mark
Download the NSS tools from here:
http://wwws.sun.com/software/download/products/3e3afa8e.html
Documentation for NSS tools can be found here (see certutil):
http://www.mozilla.org/projects/security/pki/nss/tools/
Similar Messages
-
Http Analyzer connecting to server with self-signed SSL cert
When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
Am using JDeveloper 10.1.3.
Thanks,
JohnI fixed that by getting certs from: https://www.startssl.com/?app=1.
The certs are free and work fine.
Since Iphone 4 apple does not accept unknown CA Authorities. -
Create/install self signed ssl cert
I'm evaluating the platform edition server. Is there a quick way to create and install a self signed ssl server certificate (I'm running Windows 2000 pro).
Thanks
MarkDownload the NSS tools from here:
http://wwws.sun.com/software/download/products/3e3afa8e.html
Documentation for NSS tools can be found here (see certutil):
http://www.mozilla.org/projects/security/pki/nss/tools/ -
Accessing websites running on non-standard ports or with self-signed ssl certs?
I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
Anyone else noticed this?If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate. -
How to createa Self Signed SSL
Hi,
I am trying to create a Self Signed Certificate to enable SSL for Sun Directory Server 2005Q1 P4.
We donot have any External or Internal CA.
How do i generate a self signed certificate to use in my Directory Server
ThanksHi,
I have just followed the entire instructions. When i tried to enable the SSL from the directory console, it is not listed in the Certificate drop down list. any ideas why i am not getting the cert in the list?
Thanks,
Ramnath -
IMAP Mail Setup with self-signed SSL certs
I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case. -
Anyone having issues with Self-Signed SSL-certs on mail servers?
Can't get it to allow connecting via SSL to outgoing mail servers with self-signed certificates. Problem did not exist in earlier versions of OSX as far as I know.
YES. I have a cert from lunarpages, where my accounts are hosted. I'm seeing two issues, and they are different for the different servers at lunarpages:
1. Multiple logins from different machines --> problem
2. Multiple accounts accessing same server --> problem
So, with 1 account on one of lunarpages machines, I can have several machines running Mail with ssl on at the same time and get no problem (that is, once I've saved the certificate and marked it trusted). But as soon as another account (my wife's email on the same domain, for example) tries to access the same server, it gives me an ssl error, a choice to save that cert. and if I do then my account will generate the ssl error. Seems like only one account can have the certificate.
On another account on a different lunarpages machine, I can't have several machines running Mail at the same time, only the first will get through and the rest will give an SSL error.
Lunarpages says they can't find a problem, though my last email with them told me to use TLS rather than SSL. Of course, there's no way to specify that in Mail anyway, but I'd thought Mail automatically used TLS anyway, and I'm running the right ports (587 for smtp, 993 for incoming).
Feels like it's an issue with Mail or the OS's handling of certificates. Any clues on a fix will be most appreciated as this is getting annoying. I've had to turn off SSL on my wife's and daughter's accounts just so that I can use it. And I have to quit Mail so that on the other account I can get my mail on my iPhone. Having to quit Mail on my main work machine is frustrating -- if I forget to do it I can't get mail. -
Renew Exchange 2007 self signed SSL cert : Warning
Hi,
We are getting an issue with the new SSL certificate being created.
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
'1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
connectors match that FQDN: Send to Internet.
Heres the code below:
[PS] C:\Windows\System32>get-exchangecertificate | list
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
.com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
NotAfter : 7/23/2014 1:46:15 PM
NotBefore : 7/23/2012 1:46:15 PM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 52F90CEC000000000005
Services : IMAP, POP, IIS
Status : Valid
Subject : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
ph
Thumbprint : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
[mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
NotAfter : 7/23/2014 11:44:05 AM
NotBefore : 7/23/2012 11:44:05 AM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 5289341C000000000003
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
ph
Thumbprint : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
[PS] C:\Windows\System32>get-exchangecertificate 1B6705DB9755A75E94F5B05081AEDED
3A0065D4A | New-ExchangeCertificate
WARNING: This certificate will not be used for external TLS connections
with an FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate
with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
precedence. The following connectors match that FQDN: Default PPLOEX2K7.
WARNING: This certificate will not be used for external TLS connections
with an FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate
with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
precedence. The following connectors match that FQDN: Send to Internet.
Confirm
Overwrite existing default SMTP certificate,
'99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB' (expires 7/23/2014 11:44:05
AM), with certificate 'F835E526BC8D3805E7AA230A17C5971872D3759C'
(expires 7/22/2015 10:17:51 AM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):y
Thumbprint Services
Subject
F835E526BC8D3805E7AA230A17C5971872D3759C ..... C=ph, S=NCR, L=Pasig, O...
[PS] C:\Windows\System32>get-exchangecertificate | list
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
.com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
om
NotAfter : 7/22/2015 10:17:51 AM
NotBefore : 7/22/2014 10:17:51 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6B5A6E27C63C36A54FDD3E07FF982497
Services : IMAP, POP, SMTP
Status : Valid
Subject : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
om
Thumbprint : F835E526BC8D3805E7AA230A17C5971872D3759C
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
.com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
NotAfter : 7/23/2014 1:46:15 PM
NotBefore : 7/23/2012 1:46:15 PM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 52F90CEC000000000005
Services : IMAP, POP, IIS
Status : Valid
Subject : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
ph
Thumbprint : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
[mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
NotAfter : 7/23/2014 11:44:05 AM
NotBefore : 7/23/2012 11:44:05 AM
PublicKeySize : 2048
RootCAType : Enterprise
SerialNumber : 5289341C000000000003
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
ph
Thumbprint : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
Services: [PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint F835E5
26BC8D3805E7AA230A17C5971872D3759C -Service IIS, SMTP, IMAP, POP
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate with
thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The
following connectors match that FQDN: Default PPLOEX2K7.
WARNING: This certificate will not be used for external TLS connections with an
FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
'1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
connectors match that FQDN: Send to Internet.
[PS] C:\Windows\System32>Hi Jammizi,
I collect some information from the command results as below:
1. When run Get-ExchangeCertificate | FL command, it returned 2 certificates.
•Certificate01
Thumbprint : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
IsSelfSigned : False
Services : IMAP, POP, IIS
•Certificate02
Thumbprint : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
IsSelfSigned : False
Services : IMAP, POP, SMTP
2. When run Get-ExchangeCertificate 1B….4A (Certificate01) | New-ExchangeCertificate, got warning.
Overwrite Certificate02 (99…BB) to Certificate03 (F8…9C).
3. When run Get-ExchangeCertificate | FL command, it returned 3 certificates.
•Certificate03
Thumbprint : F835E526BC8D3805E7AA230A17C5971872D3759C
IsSelfSigned : True
Services : IMAP, POP, SMTP
•Certificate01
Thumbprint : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
IsSelfSigned : False
Services : IMAP, POP, IIS
•Certificate02
Thumbprint : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
IsSelfSigned : False
Services : IMAP, POP, SMTP
4. When run Enable Certificate03 command, got warning.
According to the information above, please notice that both Certificate01 and Certificate02 are not Self-signed certificate. And the New-ExchangeCertifiate command in Exchange 2007 server is to new an Exchange Self-signed certificate. I suggest double check
whether your org has self-signed certificates. If your org only need 3rd party certificates without self-signed certifcate, I suggest apply a new certificate from CA.
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
Problem with importing and creating self signed SSL certificate
Mac Pro, 10.7.2 Server. Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service. Server is acutally called server.domain.com but has an alias of ichat.domain.com. I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com. We have been using this type of mismatched certificate with success since 10.4 or so.
I am working through setup of 10.7 Server to replace our 10.6 server.
Tried upgrade of 10.6 to 10.7 installation. The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
Clean install and setup of 10.7 Server. Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
On import or manual creation of certificate get the following error:
Error
Check your server's logs for more information. The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
Log shows:
Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
"<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
I have tried importing and manually creating other certificates with a variety of names with success. I assume that there is something buried somewhere that is causing this particular one to be a problem. Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try. I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
Suggestions?
-ErichTake a look here.
https://bbs.archlinux.org/viewtopic.php?id=146649
Maybe it's a problem with your network. -
IOS 4.2.1 Causes "cannot verify server identity" for self-signed SSL Cert.
We are running Exchange 2007 SP3 with a self assigned certificate. After upgrading to 4.2.1 all users receive the message "Cannot Verify Server Identity" whenever the phone pulls down email/calendar/etc. Pressing "Continue" allows mail to download, however you have to press "continue" multiple times (apparently one for each message).
You can press "Details" and choose accept, however the problem continues. I have tried doing a hard reset, but this fixes nothing. I am sure it is a bug with 4.2.1 (4.1 worked just fine) specifically with self-signed certificates. If anyone has a fix please let me know. However, I'm sure that I should just be pleading to the Apple gods to quickly release a fix.Making it very irritating to log in to exchange owa. I currently have the root, Exchange server and personal certificates installed on the device and it acts like they do not exist. I basicly have to keep punching the cert to use, probably close to 30 times, until the page has loaded. Once the page is loaded the certificate requests stop. Strangely in the console i keep getting:
Thu Dec 2 09:45:21 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:26 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x9871fc0
Thu Dec 2 09:45:26 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x9871fc0
Thu Dec 2 09:45:28 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:28 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x986fd20
Thu Dec 2 09:45:28 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x986fd20
Thu Dec 2 09:45:28 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:30 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:30 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83e47f0
Thu Dec 2 09:45:30 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83e47f0
Thu Dec 2 09:45:30 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:31 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:31 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83a3b30
Thu Dec 2 09:45:31 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83a3b30
Thu Dec 2 09:45:31 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:32 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:32 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:36 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:36 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:37 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
Thu Dec 2 09:45:37 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
and this all started after the upgrade to 4.2.1
Makes me wonder if perhaps it is a problem with iPCU. -
Abandoning Self-Signed SSL Certificates?
Hello,
I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates. I'm not an expert on the subject, but I do know the following things:
1) An earlier finding lead to me disabling all forms of SSL on my servers and workstations
2) Workstations use certificates to identify themselves to other domain assets.
Now my servers all have their own certs signed by an outside authority. However, it would be a huge amount of work to go through the process for each and every workstation. So my questions are these:
1) Can I create a NON-SSL self signed cert for these machines to use?
2) How do I remove these current SSL certs without having to hover over each workstation?
Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
Thanks,
M.What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
an internal CA). -
Creating a self signed SAN Cert
Hi all,
I am wanting to create a self signed SAN cert. I am using the MMC snap-in to add the Certificates snap-in to create a custom request. However on the Private Key type, I don't see the option to select Key Type is Exchange.
This is the article I am following: http://blogs.msdn.com/b/andrekl/archive/2008/09/24/how-to-generate-a-csr-for-an-iis-website-using-the-windows-vista-server-2008-certificates-mmc-plugin.aspx
Anybody know why?> I am wanting to create a self signed SAN cert
self-signed? Then the rest of your post is irrelevant, since Certificates MMC snap-in is not intended for self-signed certificate creation. In order to generate a self-signed certificate, you can use
New-SelfSignedCertificate cmdlet in Windows Server 2012 and newer. For previous versions, custom PS script is available
http://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6
Note: self-signed certificates must not be used in a production environment.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool. -
Implementing self-signed SSL on the coldfusion webserver
We've just recently implemented a self-signed SSL on the coldfusion webserver and find that the scheduled tasks are not running.
They don't even appear to "kick off". I'm not receiving an error or notice.
I've attempted pulling-in the cert directly into the Coldfusion JRE folder, and running through the most common answers on the internet regarding use of the cert keytool import - no luck.I currently have the configureation you are talking about. To allow an iOS device to connect do the following.
1. From the iOS device go to your servers homepage in safari.
2. Login to the profile manager using that individuals userid and password. For some reason I have to login twice the first time I enter the userid and password it will not authenticate the second time it will log the user in.
3. Click the install button next to the "Trust profile" to install it to the iOS device. This will make the iOS device trust the certificate from your personal server.
4. After that you may also install the server profile which will install your vpn and calendar etc... profiles for connecting to the services you have setup on the server onto the iOS device.
5. Once you accomplish this you will be able to access your services via your local lan or vpn. -
How do we create self-signed certificate using java packages
Hi All,
I require some information on creating self-signed certificate using java packages.
The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even after loading a certificate you cannot regenerate some of its fields to embed the new public key – and hence regenerate the fingerprints etc. – and mention a new DN. Essentially, I see no way from java to self-sign a certificate that embeds a public key that I have already generated.
I want to do the equivalent of ‘keytool –selfcert’ from java code. Please note that I am not trying to do this by using the keytool command line option – it is always a bad choice to execute external process from the java code – but if no other ways are found then I have to fall back on it.
Regards,
ChandraI require some information on creating self-signed certificate using java packages. Its not possible because JCE/JCA doesn't have implementation of X509Certificate. For that you have to use any other JCE Provider e.g. BouncyCastle, IAIK, Assembla and etc.
I'm giving you sample code for producing self-signed certificate using IAIK JCE. Note that IAIK JCE is not free. But you can use BouncyCastle its open source and free.
**Generating and Initialising the Public and Private Keys*/
public KeyPair generateKeys() throws Exception
//1 - Key Pair Generated [Public and Private Key]
m_objkeypairgen = KeyPairGenerator.getInstance("RSA");
m_objkeypair = m_objkeypairgen.generateKeyPair();
System.out.println("Key Pair Generated....");
//Returns Both Keys [Public and Private]*/
return m_objkeypair;
/**Generating and Initialising the Self Signed Certificate*/
public X509Certificate generateSSCert() throws Exception
//Creates Instance of X509 Certificate
m_objX509 = new X509Certificate();
//Creatting Calender Instance
GregorianCalendar obj_date = new GregorianCalendar();
Name obj_issuer = new Name();
obj_issuer.addRDN(ObjectID.country, "CountryName");
obj_issuer.addRDN(ObjectID.organization ,"CompanyName");
obj_issuer.addRDN(ObjectID.organizationalUnit ,"Deptt");
obj_issuer.addRDN(ObjectID.commonName ,"Valid CA Name");
//Self Signed Certificate
m_objX509.setIssuerDN(obj_issuer); // Sets Issuer Info:
m_objX509.setSubjectDN(obj_issuer); // Sets Subjects Info:
m_objX509.setSerialNumber(BigInteger.valueOf(0x1234L));
m_objX509.setPublicKey(m_objkeypair.getPublic());// Sets Public Key
m_objX509.setValidNotBefore(obj_date.getTime()); //Sets Starting Date
obj_date.add(Calendar.MONTH, 6); //Extending the Date [Cert Validation Period (6-Months)]
m_objX509.setValidNotAfter(obj_date.getTime()); //Sets Ending Date [Expiration Date]
//Signing Certificate With SHA-1 and RSA
m_objX509.sign(AlgorithmID.sha1WithRSAEncryption, m_objkeypair.getPrivate()); // JCE doesn't have that specific implementation so that why we need any //other provider e.g. BouncyCastle, IAIK and etc.
System.out.println("Start Certificate....................................");
System.out.println(m_objX509.toString());
System.out.println("End Certificate......................................");
//Returns Self Signed Certificate.
return m_objX509;
//**************************************************************** -
How to Import Self-signed SSL server certificates in Adobe AIR applications
Hi,
I am using secure AMF endpoints for remote object communication from AIR client.
since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
Is there any mechanism to import the server certificate in AIR application..?
Please provide suggestions.
ThanksI have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????
Maybe you are looking for
-
Excise invoice without delivery - Milestone and Progressive billing
Hi all We have a scenario where we need to create excise invoice wihtout delivery We are using order based billing because we have PS(WBS) integration, milestone and progressive billing scenario. We dont want to use J1is, we want to use J1iin only,
-
Hi friends plz help me this is very urgent., what is the field name for " the name of posting job for the MATMAS IDOC processing." regards. venkat
-
In which context is data stored in web dynpro component
in which context is data stored in webdynpro component
-
Using Current FW Hard Disk with new Mac Mini..?
I'm using a G4 mini for over a year now, and intent to get an Intel version of it once the next product update occurs. But is it possible for me to actually use the external FW hard disk which I'm booting my current system from right now, and use it
-
Two questions - I have an iMac G5 with OS 10.4.11. OS 9 is also on the computer. Can I safely remove OS 9? Will removing it help my processing speed?