Create self signed ssl cert

Similar Messages

• Http Analyzer connecting to server with self-signed SSL cert

  When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
  Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
  Am using JDeveloper 10.1.3.
  Thanks,
  John

  I fixed that by getting certs from: https://www.startssl.com/?app=1.
  The certs are free and work fine.
  Since Iphone 4 apple does not accept unknown CA Authorities.

• Create/install self signed ssl cert

  I'm evaluating the platform edition server. Is there a quick way to create and install a self signed ssl server certificate (I'm running Windows 2000 pro).
  Thanks
  Mark

  Download the NSS tools from here:
  http://wwws.sun.com/software/download/products/3e3afa8e.html
  Documentation for NSS tools can be found here (see certutil):
  http://www.mozilla.org/projects/security/pki/nss/tools/

• Accessing websites running on non-standard ports or with self-signed ssl certs?

  I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
  Anyone else noticed this?

  If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
  That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
  If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
  In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
  In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

• How to createa Self Signed SSL

  Hi,
  I am trying to create a Self Signed Certificate to enable SSL for Sun Directory Server 2005Q1 P4.
  We donot have any External or Internal CA.
  How do i generate a self signed certificate to use in my Directory Server
  Thanks

  Hi,
  I have just followed the entire instructions. When i tried to enable the SSL from the directory console, it is not listed in the Certificate drop down list. any ideas why i am not getting the cert in the list?
  Thanks,
  Ramnath

• IMAP Mail Setup with self-signed SSL certs

  I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
  Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..

  If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
  And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case.

• Anyone having issues with Self-Signed SSL-certs on mail servers?

  Can't get it to allow connecting via SSL to outgoing mail servers with self-signed certificates. Problem did not exist in earlier versions of OSX as far as I know.

  YES. I have a cert from lunarpages, where my accounts are hosted. I'm seeing two issues, and they are different for the different servers at lunarpages:
  1. Multiple logins from different machines --> problem
  2. Multiple accounts accessing same server --> problem
  So, with 1 account on one of lunarpages machines, I can have several machines running Mail with ssl on at the same time and get no problem (that is, once I've saved the certificate and marked it trusted). But as soon as another account (my wife's email on the same domain, for example) tries to access the same server, it gives me an ssl error, a choice to save that cert. and if I do then my account will generate the ssl error. Seems like only one account can have the certificate.
  On another account on a different lunarpages machine, I can't have several machines running Mail at the same time, only the first will get through and the rest will give an SSL error.
  Lunarpages says they can't find a problem, though my last email with them told me to use TLS rather than SSL. Of course, there's no way to specify that in Mail anyway, but I'd thought Mail automatically used TLS anyway, and I'm running the right ports (587 for smtp, 993 for incoming).
  Feels like it's an issue with Mail or the OS's handling of certificates. Any clues on a fix will be most appreciated as this is getting annoying. I've had to turn off SSL on my wife's and daughter's accounts just so that I can use it. And I have to quit Mail so that on the other account I can get my mail on my iPhone. Having to quit Mail on my main work machine is frustrating -- if I forget to do it I can't get mail.

• Renew Exchange 2007 self signed SSL cert : Warning

  Hi,
  We are getting an issue with the new SSL certificate being created. 
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
  '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
  connectors match that FQDN: Send to Internet. 
  Heres the code below:
  [PS] C:\Windows\System32>get-exchangecertificate | list
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 1:46:15 PM
  NotBefore          : 7/23/2012 1:46:15 PM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 52F90CEC000000000005
  Services           : IMAP, POP, IIS
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                       [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 11:44:05 AM
  NotBefore          : 7/23/2012 11:44:05 AM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 5289341C000000000003
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  [PS] C:\Windows\System32>get-exchangecertificate 1B6705DB9755A75E94F5B05081AEDED
  3A0065D4A | New-ExchangeCertificate
  WARNING: This certificate will not be used for external TLS connections
  with an FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate
  with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
  precedence. The following connectors match that FQDN: Default PPLOEX2K7.
  WARNING: This certificate will not be used for external TLS connections
  with an FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate
  with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
  precedence. The following connectors match that FQDN: Send to Internet.
  Confirm
  Overwrite existing default SMTP certificate,
  '99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB' (expires 7/23/2014 11:44:05
  AM), with certificate 'F835E526BC8D3805E7AA230A17C5971872D3759C'
  (expires 7/22/2015 10:17:51 AM)?
  [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
  (default is "Y"):y
  Thumbprint                                Services  
  Subject
  F835E526BC8D3805E7AA230A17C5971872D3759C  .....      C=ph, S=NCR, L=Pasig, O...
  [PS] C:\Windows\System32>get-exchangecertificate | list
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                       ssControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                       om
  NotAfter           : 7/22/2015 10:17:51 AM
  NotBefore          : 7/22/2014 10:17:51 AM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 6B5A6E27C63C36A54FDD3E07FF982497
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                       om
  Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 1:46:15 PM
  NotBefore          : 7/23/2012 1:46:15 PM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 52F90CEC000000000005
  Services           : IMAP, POP, IIS
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                       [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 11:44:05 AM
  NotBefore          : 7/23/2012 11:44:05 AM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 5289341C000000000003
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  Services: [PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint F835E5
  26BC8D3805E7AA230A17C5971872D3759C -Service IIS, SMTP, IMAP, POP
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate with
  thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The
  following connectors match that FQDN: Default PPLOEX2K7.
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
  '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
  connectors match that FQDN: Send to Internet.
  [PS] C:\Windows\System32>

  Hi Jammizi,
  I collect some information from the command results as below:
  1. When run Get-ExchangeCertificate | FL command, it returned 2 certificates.
  •Certificate01
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  IsSelfSigned       : False
  Services           : IMAP, POP, IIS
  •Certificate02
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  IsSelfSigned       : False
  Services           : IMAP, POP, SMTP
  2. When run Get-ExchangeCertificate 1B….4A (Certificate01) | New-ExchangeCertificate, got warning.
     Overwrite Certificate02 (99…BB) to Certificate03 (F8…9C).
  3. When run Get-ExchangeCertificate | FL command, it returned 3 certificates.
  •Certificate03
  Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
  IsSelfSigned       : True
  Services           : IMAP, POP, SMTP
  •Certificate01
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  IsSelfSigned       : False
  Services           : IMAP, POP, IIS
  •Certificate02
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  IsSelfSigned       : False
  Services           : IMAP, POP, SMTP
  4. When run Enable Certificate03 command, got warning.
  According to the information above, please notice that both Certificate01 and Certificate02 are not Self-signed certificate. And the New-ExchangeCertifiate command in Exchange 2007 server is to new an Exchange Self-signed certificate. I suggest double check
  whether your org has self-signed certificates. If your org only need 3rd party certificates without self-signed certifcate, I suggest apply a new certificate from CA.
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Problem with importing and creating self signed SSL certificate

  Mac Pro, 10.7.2 Server.  Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service.  Server is acutally called server.domain.com but has an alias of ichat.domain.com.  I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com.  We have been using this type of mismatched certificate with success since 10.4 or so.
  I am working through setup of 10.7 Server to replace our 10.6 server. 
  Tried upgrade of 10.6 to 10.7 installation.  The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
  Clean install and setup of 10.7 Server.  Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
  On import or manual creation of certificate get the following error:
  Error
  Check your server's logs for more information.  The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
  Log shows:
  Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
                "<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
  I have tried importing and manually creating other certificates with a variety of names with success.  I assume that there is something buried somewhere that is causing this particular one to be a problem.  Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try.  I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
  Suggestions?
  -Erich

  Take a look here.
  https://bbs.archlinux.org/viewtopic.php?id=146649
  Maybe it's a problem with your network.

• IOS 4.2.1 Causes "cannot verify server identity" for self-signed SSL Cert.

  We are running Exchange 2007 SP3 with a self assigned certificate. After upgrading to 4.2.1 all users receive the message "Cannot Verify Server Identity" whenever the phone pulls down email/calendar/etc. Pressing "Continue" allows mail to download, however you have to press "continue" multiple times (apparently one for each message).
  You can press "Details" and choose accept, however the problem continues. I have tried doing a hard reset, but this fixes nothing. I am sure it is a bug with 4.2.1 (4.1 worked just fine) specifically with self-signed certificates. If anyone has a fix please let me know. However, I'm sure that I should just be pleading to the Apple gods to quickly release a fix.

  Making it very irritating to log in to exchange owa. I currently have the root, Exchange server and personal certificates installed on the device and it acts like they do not exist. I basicly have to keep punching the cert to use, probably close to 30 times, until the page has loaded. Once the page is loaded the certificate requests stop. Strangely in the console i keep getting:
  Thu Dec 2 09:45:21 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:26 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x9871fc0
  Thu Dec 2 09:45:26 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x9871fc0
  Thu Dec 2 09:45:28 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:28 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x986fd20
  Thu Dec 2 09:45:28 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x986fd20
  Thu Dec 2 09:45:28 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:30 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:30 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83e47f0
  Thu Dec 2 09:45:30 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83e47f0
  Thu Dec 2 09:45:30 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:31 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:31 unknown MobileSafari[1045] <Error>: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83a3b30
  Thu Dec 2 09:45:31 unknown MobileSafari[1045] <Warning>: CoreAnimation: ignoring exception: -[UITable flashScrollIndicators]: unrecognized selector sent to instance 0x83a3b30
  Thu Dec 2 09:45:31 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:32 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:32 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:35 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:36 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:36 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:37 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  Thu Dec 2 09:45:37 unknown securityd[1168] <Error>: CFReadStream domain: 4 error: -3
  and this all started after the upgrade to 4.2.1
  Makes me wonder if perhaps it is a problem with iPCU.

• Abandoning Self-Signed SSL Certificates?

  Hello,
  I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates.  I'm not an expert on the subject, but I do know the following things:
  1)  An earlier finding lead to me disabling all forms of SSL on my servers and workstations
  2)  Workstations use certificates to identify themselves to other domain assets.
  Now my servers all have their own certs signed by an outside authority.  However, it would be a huge amount of work to go through the process for each and every workstation.  So my questions are these:
  1)  Can I create a NON-SSL self signed cert for these machines to use?
  2)  How do I remove these current SSL certs without having to hover over each workstation?
  Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
  Thanks,
  M.

  What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
  using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
  Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
  If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
  internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
  Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
  the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
  an internal CA).

• Creating a self signed SAN Cert

  Hi all,
  I am wanting to create a self signed SAN cert. I am using the MMC snap-in to add the Certificates snap-in to create a custom request. However on the Private Key type, I don't see the option to select Key Type is Exchange.
  This is the article I am following: http://blogs.msdn.com/b/andrekl/archive/2008/09/24/how-to-generate-a-csr-for-an-iis-website-using-the-windows-vista-server-2008-certificates-mmc-plugin.aspx
  Anybody know why?

  > I am wanting to create a self signed SAN cert
  self-signed? Then the rest of your post is irrelevant, since Certificates MMC snap-in is not intended for self-signed certificate creation. In order to generate a self-signed certificate, you can use
  New-SelfSignedCertificate cmdlet in Windows Server 2012 and newer. For previous versions, custom PS script is available
  http://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6
  Note: self-signed certificates must not be used in a production environment.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Implementing self-signed SSL on the coldfusion webserver

  We've just recently implemented a self-signed SSL on the coldfusion webserver and find that the scheduled tasks are not running.
  They don't even appear to "kick off". I'm not receiving an error or notice.
  I've attempted pulling-in the cert directly into the Coldfusion JRE folder, and running through the most common answers on the internet regarding use of the cert keytool import - no luck.

  I currently have the configureation you are talking about.  To allow an iOS device to connect do the following.
  1.  From the iOS device go to your servers homepage in safari.
  2.  Login to the profile manager using that individuals userid and password.  For some reason I have to login twice the first time I enter the userid and password it will not authenticate the second time it will log the user in.
  3.  Click the install button next to the "Trust profile" to install it to the iOS device.  This will make the iOS device trust the certificate from your personal server.
  4.  After that you may also install the server profile which will install your vpn and calendar etc... profiles for connecting to the services you have setup on the server onto the iOS device.
  5.  Once you accomplish this you will be able to access your services via your local lan or vpn.

• How do we create self-signed certificate using java packages

  Hi All,
  I require some information on creating self-signed certificate using java packages.
  The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even after loading a certificate you cannot regenerate some of its fields to embed the new public key &#8211; and hence regenerate the fingerprints etc. &#8211; and mention a new DN. Essentially, I see no way from java to self-sign a certificate that embeds a public key that I have already generated.
  I want to do the equivalent of &#8216;keytool &#8211;selfcert&#8217; from java code. Please note that I am not trying to do this by using the keytool command line option &#8211; it is always a bad choice to execute external process from the java code &#8211; but if no other ways are found then I have to fall back on it.
  Regards,
  Chandra

  I require some information on creating self-signed certificate using java packages. Its not possible because JCE/JCA doesn't have implementation of X509Certificate. For that you have to use any other JCE Provider e.g. BouncyCastle, IAIK, Assembla and etc.
  I'm giving you sample code for producing self-signed certificate using IAIK JCE. Note that IAIK JCE is not free. But you can use BouncyCastle its open source and free.
  **Generating and Initialising the Public and Private Keys*/
    public KeyPair generateKeys() throws Exception
        //1 - Key Pair Generated [Public and Private Key]
        m_objkeypairgen = KeyPairGenerator.getInstance("RSA");
        m_objkeypair = m_objkeypairgen.generateKeyPair();
        System.out.println("Key Pair Generated....");
        //Returns Both Keys [Public and Private]*/
        return m_objkeypair;
  /**Generating and Initialising the Self Signed Certificate*/
    public X509Certificate generateSSCert() throws Exception
      //Creates Instance of X509 Certificate
      m_objX509 = new X509Certificate();
      //Creatting Calender Instance
      GregorianCalendar obj_date = new GregorianCalendar();
      Name obj_issuer = new Name();
      obj_issuer.addRDN(ObjectID.country, "CountryName");
      obj_issuer.addRDN(ObjectID.organization ,"CompanyName");
      obj_issuer.addRDN(ObjectID.organizationalUnit ,"Deptt");
      obj_issuer.addRDN(ObjectID.commonName ,"Valid CA Name");
      //Self Signed Certificate
      m_objX509.setIssuerDN(obj_issuer); // Sets Issuer Info:
      m_objX509.setSubjectDN(obj_issuer); // Sets Subjects Info:
      m_objX509.setSerialNumber(BigInteger.valueOf(0x1234L));
      m_objX509.setPublicKey(m_objkeypair.getPublic());// Sets Public Key
      m_objX509.setValidNotBefore(obj_date.getTime()); //Sets Starting Date
      obj_date.add(Calendar.MONTH, 6); //Extending the Date [Cert Validation Period (6-Months)]
      m_objX509.setValidNotAfter(obj_date.getTime()); //Sets Ending Date [Expiration Date]
      //Signing Certificate With SHA-1 and RSA
      m_objX509.sign(AlgorithmID.sha1WithRSAEncryption, m_objkeypair.getPrivate()); // JCE doesn't have that specific implementation so that why we need any //other provider e.g. BouncyCastle, IAIK and etc.
      System.out.println("Start Certificate....................................");
      System.out.println(m_objX509.toString());
      System.out.println("End Certificate......................................");
      //Returns Self Signed Certificate.
      return m_objX509;
    //****************************************************************

• How to Import Self-signed SSL server certificates in Adobe AIR applications

  Hi,
  I am using secure AMF endpoints for remote object communication from AIR client.
  since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
  Is there any mechanism to import the server certificate in AIR application..?
  Please provide suggestions.
  Thanks

  I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????