Creating "Valid" SSL Cert

Hi.
I have a small webserver and I want to run ssl for my webmail and I created a ssl cert by running
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
Firefox 2, and IE 7 both give me a nice warning that the cert might not be valid. Firefox 3 (cvs) however completely blocks from going the site. So how can I make a "valid" ssl cert?
Thanks!

Well I found how to do it...
http://boblord.livejournal.com/18402.html wrote:To override the error, you need to create an exception. The SSL exception dialog is located in the Preferences window, under Advanced/Encryption/View Certificates. Once there, click on the Servers tab, and then on "Add Exception...". The UI should be straightforward from there.
It suppose to be a new feature, but I do hope they add some button to easily add a cert or else I'm afraid the user base might drop drastically as there are many sites that have "untrusted" ssl certs.
For those interested in seeing what the error looks like... http://mezoko.net/stuff/fxsslcerterror.png

Similar Messages

  • Dreaded "must be configured to use a valid SSL cert" - 2008 R2

    Hello everybody,
    I've been browsing through hundreds of topics on the dreaded "The RD Gateway server must be configured to use
    a valid SSL certificate" error using BPA (Windows Server 2008 R2 Std), but still haven't found a proper solution.
    Here's the issue: RDGW not operating properly and sometime accepting connections, sometimes not. 
    I have an external domain example.com and internally, the domain is example.local. I have one server serving Exchange and RD, this is the server responding to mail.example.com and I have an StartSSL issued cert for mail.example.com, which is properly configured
    on the server (OWA is working properly with autodiscover etc.). SSL bindings seem alright, default site is using the mail.example.com SSL cert.
    If I open the RDGW Manager and go to the SSL Certificate tab, the system looks happy by having the cert installed, everything looks fine. Sometimes I even manage to connect - connection is successful, I can normally connect to any of the servers or computers.
    On a second attempt, I just get the message, that the logon attempt had failed. If I run BPA on the server, I get the error of not having a proper SSL cert. If I select a self-signed cert, then also the BPA goes through, but then I have problems with connections
    since everybody would need this cert to have installed.
    From what I read, my problems are related to the issue that the FQDN of my server is servername.example.local and the cert is issued to mail.example.com. How can I make the thing only to talk via the mail.example.com cert? I don't think I can get a cert
    that'd also contain a SAN of servername.example.local from the CA.
    What can I do?

    Hi Andrej,
    Thanks for posting in Windows Server Forum.
    Here providing you the article for BPA’s configuration logs, where you can check. It also states that certificate are main problem related to this error. Please check certificate which you have bound have FQDN name of gateway server, the certificate is SSL
    certificate and it’s a trusted certificate. Also check that certificate which you have importing to RD gateway must be in local computer/personal store. For more information refer below article.
    1. Using the Remote Desktop Services BPA to analyze a Remote Desktop Gateway
    implementation
    2. RDS: The RD Gateway server must be configured to use a valid SSL certificate
    In addition, you need to specify the FQDN name of RD gateway under
    DefaultTSgateway in IIS setting. Please go through below article for details.
    RD Gateway/Web Access Outside the Firewall
    Hope it helps!
    Thanks,
    Dharmesh

  • SPA122 1.3.2(014) HTTPS ssl cert profile problem

    Hello,
    I have a problem since upgrading SPA122 from 1.3.1(003) to 1.3.2(014). The profile rule is using https to get the config files every 1 hour or so
    this was never a problem: the rule is a FQDN, the SPA does DNS lookup gets the IP and asks the web server for the config file. both 1.3.1 and 1.3.2 do ask the file with the resolved IP address rather then the FQDN.
    now the web server has a valid certificate for that FQDN, but as the SPA122 is asking the file with the IP address the cert is not valid (CN Incorrect: CN is wildcard *.domain.com and IP address is not the FQDN)
    in 1.3.1 the SPA didn't seem to care too much , got the file and provisioned, the 1.3.2 nos gives error and sais cert err!
    I changed the FQDN for security reasons: here is what the log of the SPA says: prule is https://FQDN:9192
    Nov 15 14:37:13 Y.Y.Y.Y SCAPC_init(): provision_enable=1 prule=https://ruxxx1.axxxxxxxxxxs.com:9192/xm-$MA.ipr tftp=192.168.1.3
    but here is what the SPA asks then:
    Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Requesting profile
    Nov 15 14:40:43 Y.Y.Y.Y ssl cert err 20
    Nov 15 14:40:43 Y.Y.Y.Y create ssl connection failed
    Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
    Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
    Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Failed profile
    while in 1.3.1 it got it fine:
    Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:36:42 Y.Y.Y.Y FMM >>>> Requesting profile
    Nov 15 14:36:44 Y.Y.Y.Y ok=20
    Nov 15 14:36:44 Y.Y.Y.Y content len (hdr) =21056"
    Nov 15 14:36:44 Y.Y.Y.Y content len (pld) =21056
    Nov 15 14:36:44 Y.Y.Y.Y response code =200
    Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
    Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
    Nov 15 14:36:44 Y.Y.Y.Y Firmware downgrade limit()
    Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
    Nov 15 14:36:44 Y.Y.Y.Y FMM >>>> Successful profile
    IS this a BUG??:
    - Shouldn't the SPA do the https GET with the FQDN rather then the IP address?
    - Is this because the certificate is a wildcard?
    - the cert is from GEOTrust (RapidSSL), should be trusted
    Thanks
    Sven

    - the cert is from GEOTrust (RapidSSL), should be trusted
    Definitely no. Why you think RapidSSL certificate should be trusted ?
    If you are going to configure device in factory default state, then you need to have certificate issued by CA trusted by your device. Or you can add certificate of your preferred CA to device by hand, then you can use certificate issued by such CA as well (but not after reset to factory default).

  • Remote Desktop Services Single SSL Cert with multiple hosts

    I am trying to use a single SSL Cert from a third party issuer.  I have 3 servers in my deployement all are 2012R2.  One contains the RD Web Access role, RD Gateway role, RD Licensing role, and RD Connection Broker role.  The other 2 are
    RD Session Hosts.  I have the SSL cert for the server that has the Gateway and other roles.  My deployement is primarily focused on deploying RemoteApp to Windows 8 Thin clients with GPO through the default URL.  It works currently with the
    exception that the user gets a certificate mismatch error because it is seeing the cert for the gateway server but is connecting to the host servers so the names don't match.  Is anyone else using a similar setup and had success with it?  I am trying
    to avoid buying an expensive wildcard cert to cover all of them.

    Hi,
    Please verify that the .rdp file embedded in the RDWeb IE page matches the same one from RADC.  To do this, log on to RD Web Access using IE, right-click and choose View Source.  Find the goRDP function for the icon you want to examine and copy
    the text between the ' marks.  Next paste this into the escape text box the below page:
    http://www.web-code.org/coding-tools/javascript-escape-unescape-converter-tool.html
    Click complete unescape to get the plain text version.  After that you can select all of the text in the clear text box, paste it into a blank Notepad window, then save as a .rdp file.  Once you have the .rdp file created you can compare
    it to the other ones and see if any of the names are different, see if it gets the certificate error as well when you double-click it, etc.
    Do you have any proxy or other non-default network configuration on your Windows 8 embedded clients?
    Thanks.
    -TP

  • A fatal error occurred while creating an SSL client credential. The internal error state is 10011.

    Need help.  I have my pilot lync 2013 pool up (in coexistence with 2010 production environment) and can log into Lync 2013 environment with a lync 2010 client but am not able to with a lync 2013 client.  It just prompts for password but will not
    take it. I'm sseeing this on my front end server multiple times:
    A fatal error occurred while creating an SSL client credential. The internal error state is 10011.
    Came across this http://www.logicspot.net/index.php?id=50 and tried disabling TLS 1.2, which I did and verified but yet the issue still exists.
    All my certs are good coming from internal CA.  My signin logs show below but keep in mind, this works just fine if using a 2010 lync client to my lync 2013 servers.  Issue only occurs when trying to connect using a lync 2013 client.
    1 Login: FAIL (hr = 0x1) 
    this request needs authentication, trying webticket from: https://domain.com/WebTicket/WebTicketService.svc
    1.1 Get-NewWebTicket: FAIL (hr = 0x1) 
    CLogonCredentialManager::QueryForSpecificCreds() Credential user 0x069B64A0 id=15 querying for specific credentials, credSuccess=2, targetName=Microsoft_OC1:[email protected]:specific:LAD:1
    1.1.1 ExecuteWithMetadataInternal: FAIL (hr = 0x3d0000) 
    Executing wws method with windows auth auth, asyncContext=0A4FC348,
     context: WebRequest context@ :173931816
      MethodType:4
      ExecutionComplete? :1
      Callback@ :0A5A1864
      AsyncHResult:80f10041
      TargetUri:https://domain.com/WebTicket/WebTicketService.svc
      OperationName:http://tempuri.org/:IWebTicketService
     Error:
    There was an error communicating with the endpoint at 'https://domain.com/WebTicket/WebTicketService.svc'.
    The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.
    The requested resource requires user authentication.
    1.1.2 ExecuteWithWindowsOrNoAuthInternal: PASS
    1.1.3 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000) 
    Executing wws method with windows auth auth, asyncContext=0A4FC348,
     context: WebRequest context@ :173931816
      MethodType:4
      ExecutionComplete? :1
      Callback@ :0A5A1864
      AsyncHResult:80f10041
      TargetUri:https://domain.com/WebTicket/WebTicketService.svc
      OperationName:http://tempuri.org/:IWebTicketService
     Error:
    There was an error communicating with the endpoint at 'https://domain.com/WebTicket/WebTicketService.svc'.
    The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.
    The requested resource requires user authentication.
    1.1.4 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000) 
    Discovery task(0A4FF830) sent to URL http://domain.com completed with hr=0x80f10045
    1.1.5 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000) 
    Executing wws method with windows auth auth, asyncContext=0A4FC348,
     context: WebRequest context@ :173931816
      MethodType:4
      ExecutionComplete? :1
      Callback@ :0A5A1864
      AsyncHResult:80f10041
      TargetUri:https://domain.com/WebTicket/WebTicketService.svc
      OperationName:http://tempuri.org/:IWebTicketService
     Error:
    There was an error communicating with the endpoint at 'https://domain.com/WebTicket/WebTicketService.svc'.
    The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.
    The requested resource requires user authentication.
    1.1.6 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000) 
    CLogonCredentialManager::QueryForSpecificCreds() Credential user 0x069B64A0 id=15 querying for specific credentials, credSuccess=2, targetName=Microsoft_OC1:[email protected]:specific:LAD:1
    Rich

    Hi,
    Please check the server role and Web Services for Internet Information Services (IIS) are set correctly.
    For the detailed IIS configuration, please check:
    http://technet.microsoft.com/en-us/library/gg412871.aspx
    As Lync client 2013 attempt to query in order to perform autodiscover of the Lync registration server. First
    lyncdiscoverinternal.<sipdomain> Host (A) record and then
    lyncdiscover.<sipdomain> Host (A) record. If neither of these records are resolvable then the legacy DNS SRV and A record fall-back process is used. So make sure you have add the two A record in DNS server.
    More details:
    http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
    sure that you completely understand the risk before retrieving any suggestions from the above link.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • SSL Cert for 2008 R2 Reporting Services that is installed on a Failover Cluster - server address mismatch?

    I utilized the idea from
    http://www.mssqltips.com/sqlservertip/2778/how-to-add-reporting-services-to-an-existing-sql-server-clustered-instance/ to install 2008 R2 Reporting Services on a new Clustered SQL instance.  In short, create the new Clustered SQL instance on Node1,
    installing Reporting Services with it.  Then on Node2, Add a Failover Cluster Node (without choosing Reporting Services); following that up with starting the SQL setup.exe with a cmd to bypass a check so that I can then install the Reporting Services
    feature on Node2.  It points out using the SQL Cluster Network name for connecting to Reporting Services.
    I verified upon failover that I could still access the Reports and ReportServer URLs.  However, when wanting to add an SSL certificate to the RS configuration, I run into the warning of "mismatched address - the security certificate presented by
    this website was issued for a different website's address", where I can continue and get to the Reports or ReportManager URLs.
    I played with different certs (internal CA created) and SANs and other things, but I still get this error with the cert.  The Reports URL, for example, is <a href="https:///Reports">https://<SQLClusterNetworkName>/Reports, and the
    cert has a CN and Friendly Name of SQLClusterNetworkName (with SAN of DNS: SQLClusterNetworkName.<domain>), but the error still happens.
    What am I missing to eliminate the mismatched address warning when using the SQLClusterNetworkName as the base of the URLs?

    I got it working by using the FQDN as the common name on the SSL cert, with FQDN in RS URLs.

  • Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)

    Hi,
    I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
    My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
    For reskilling, I will assume I will have to do some command line stuff here ...
    eg: keytool -genkey -keyalg RSA -keystore hostname.key
    to create the key,
    keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
    to create the csr, and
    keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
    to import the new cert
    Suggestions or comments for anyone who has tried this before would be appreciated.
    Regards,
    Brian

    I've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
    david

  • How to get OS X to accept an SSL Cert the way other UNIX clients do?

    I'm hoping some of the network gurus can suggest a solution for me. My current config is 10.5.4 on PPC.
    I have a host that I need to connect to using SSL but their certificate has a host name mismatch (they are a small org, and can't afford another SSL cert for the moment). I know the cert is valid, so I'm not worried about the security implications of using it.
    On other *NIX clients, I simply have to add the cert into the root chain (e.g. /etc/ssl/certs/ca-certificates.crt), restart the application, and all apps will then accept it as valid.
    On OS X, I've imported the cert into Keychain Access, marked it as "Always Trusted" and set up a policy to "alias" it to the URL I need to access with my application (not a web browser) (ref: KB article: HT1679) in both the login and the System keychains, yet the client application still errors out and refuses to connect to the URL.
    How can I configure client SSL on OS X to work like other UNIX configurations? There doesn't seem to be a way to override the extremely restricted behavior.
    I have MacPorts installed and am open to an application specific "hack" if necessary, ala "LDLIBRARYPATH", if anyone thinks that's feasible (which is what I am looking at now). Conceivably I could recompile the client application since it's OSS, though I'd rather avoid that if possible.
    Any suggestions would be appreciated.
    Thanks in advance--
    =N=

    when you connect with a web browser to an https site that has a mistmatched cert it warns you and you have to tell the browser to ignore the security issue to let you carry on.
    what unix apps are you using to connect to this server?

  • Webserver refuses to take SSL cert

    My SSL cert is installed on my server and when I go to Settings pane in Server.app for the host and edit "SSL Certificate" and choose my cert, the UI will collapse the pane below showing the various services. This is because it applies the cert to all services. When I click OK to accept the setting, it should show my cert right after "SSL Cert:" because should now be applied to all services.
    Instead it shows "Custom". When click th "Edit" button again to see whats going on, it shows that all services are using my cert - except the last one - "Websites (Server Website - SSL)"
    For that, is simply shows "None". Changing it to my cert then clicking OK, has no effect. It just reverts back to "None".
    Apache wont start because there is no cert specified and specifying it manually in ..
    "/Library/Server/Web/Config/apache2/sites/0000_any_443_.conf"
    ..does no good because OS X simply overwrites it from some place.
    So at this point it's impossible to get Apache going on this host. The Server application refuses to accept my cert for the website. I dont get any errors and I dont see any in the logs either pertaining to some failure to apply the setting.
    Any ideas?

    I forgot to mention that when the Certificate Assistant ask for the Issuer in one of its screen, choose the Intermediate CA certificate. Also, the four PEM files is created in /etc/certificates.
    On a fresh Server app install after your get OD Master running or after you have done the web:command=restoreFactorySettings, visit Server app Certificates screen and Custom select the just created Leaf SSL Certificate next to the Web (Default Server - SSL). This will create the default SSL certificate in the Web service window.
    Also, if any one of the three *conf files are missing in the sites folder, Server app will hose the folder by renaming it as sites-unusable-nnnn and recreate a fresh sites folder with fresh copies of the *.conf files. In addition, if you read the comments within the 0000_any_80_.conf and 0000_any_443_.conf files, there are certain apache http directives which are off-limits to administrator as Server app will modify their values. It suggests that you create a .conf files with your amendments (of course, they must be within the Virtual Host context) and use an Include directive or through the use of the WebApps mechanism.
    Furthermore, you must not set a specific IP address for all your virtual hosts but use Any instead. Since I want to use the built-in Wiki service, I have added wiki.domain.com as Additional Domains for both the Default Servers (since the Default Servers refuse to use ServerName). For my case, since I have multiple IP addresses, I have to specifically amend the virtual_host_global.conf file with a static IP address for the Listen 80 and 443 directives, and since Server app will undo the amendment within the sites folder, I have to bring the virtual_host_global.conf file up one level to the apache2/ folder, amend httpd_server_app.conf to load this virtual_host_global.conf file instead...see below the relevant section of my httpd_server_app.conf file:
    <IfDefine WEBSERVICE_ON>
        Include /Library/Server/Web/Config/apache2/sites/0000_*.conf     <--- instead of "*.conf"
    </IfDefine>
    <IfDefine !WEBSERVICE_ON>
    #    Include /Library/Server/Web/Config/apache2/sites/virtual_host_global.conf
        Include /Library/Server/Web/Config/apache2/sites/0000_any_80_.conf
        Include /Library/Server/Web/Config/apache2/sites/0000_any_443_.conf
    </IfDefine>
    Include /Library/Server/Web/Config/apache2/virtual_host_global.conf
    Include /Library/Server/Web/Config/apache2/httpd_server_app_tweaks.conf
    The httpd_server_app_tweaks.conf file is my performance tweaks (e.g. StartServers, MinSpareServers, etc.)
    So Server app can happily modify the virtual_host_global.conf file within the sites folder but my settings remain safe one level up.

  • Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

    I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
    I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
    I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
    Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
    No matter what I do, it won't work.
    I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
    Can anyone help?

    Originally Posted by AndersG
    Fmcunningham,
    > > I am looking at installing a cert as well. I have NOWS SBE 2.0
    > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
    > > need a Wild card cert to be able to accomplish this?
    >
    Only difference between a wildcard and a regular (apart from price) is that
    a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
    cert only covers a named host, homer.acme.com
    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)
    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms
    I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

  • SSL Cert Renewal w/Org Name Change

    Hello,
    We get our SSL certs from a central agency that deals with Verisign. The central agency changed their name, which changes the Organization Name on the cert. That prevents the cert from being imported by the server. On the advice of a Windows admin, I tried to fake it by creating a new site on that server, importing the new cert (all good), but then the new server won't start.
    Is there a better way to get the new-org-named cert accepted by the original site?
    Steve Kayner

    Are you talking about changing your SMTP domain name? Or you want to change AD DS domain name? If you want to change/add SMTP domain that you Exchange is using, just add accepted domain that you wish to use.
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

  • SSL cert error on exchange 2013.

    Hi,
    Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
    Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
    There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
    Error Box 1
    Security Alert
    servername.localdomain.local
    Information you exchange with this site cannot be viewed or changed...................
    The security certificate is from a trusted certifying authority.
    The security certificate date us valid
    X The name on the security certificate is invalid or does not match the name of the site....
    Error box 2
    Microsoft Outlook
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
    Outlook is unable to connect to the proxy server. (Error Code 10)
    Any quick help will be highly appreciated!
    Many thanks

    Hi,
    Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
    You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
    use the shell to view the internal and external URL's,
    Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
    Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
    Get-ECPVirtualDirectory | fl internalurl,externalurl
    Get-OabVirtualDirectory | fl internalurl,externalurl
    Get-WebServicesVirtualDirectory | fl internalurl,externalurl
    Change all your internal URL's similar to the external URL's, use the Set command as the example below.
    Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
    make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
    Regards
    Boniface

  • SSL Cert used to sign Jars for distribution via WebStart

    Hi,
    I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
    Certificate chain not found for: myalias  myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
    xxx.cabundle (this can be imported into keytool easily)
    cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
    private/xxx.key
    My questions I suppose are:
    1. Can I use a cert issued for SSL to sign jars for webstart distribution?
    2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
    Any help would be appreciated!
    Rich

    Hi,
    yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
    Sent from Cisco Technical Support Android App

  • Rolling out SSL cert on CAS array

    Hi there, 
    I have an exchange 2010 CAS array with 2 servers in it. I need to roll out an updated SSL certificate as the old one has expired
    however, it only seems to allow me to install this certificate on the CAS1 server. 
    When I did was I (using the GUI) created a new Exchange certificate. Put in the FQDN of both my CAS servers when I created
    it (although only 4 SAN names appear on the cert on Godaddys website, that being imap, pop, mail and autodiscover). Got my SSL cert from the 3rd party. Completed the certificate and it seems to be ok one my CAS1 server. But then there is no SSL cert on the
    CAS2 server. I just wondered how I would go about installing it on that server, or even if it is necessary to have it on there. 
    I tried exporting/importing it from CAS1 to CAS2 but on CAS2 it just shows it as "The certificate is invalid for Exchange
    Server usage".
    Any help is appreciated

    First of all, you don't need the server names in the cert if your Exchange urls are configured to a load balanced url. Going forward, you will not be able to get a certificate from 3rd party with internal urls (server fqdn) in it.
    When you export the certificate from CAS1, make sure that you include the private key as well (there will be a check box to tick) and import it back on CAS2.
    If not, you can just import the certificate into CAS2 by selecting Import Exchange certificate in EMC and select the 3rd party cert (just like you imported on CAS1).
    Yes, you need the certificate on both servers, otherwise you will get certificate errors on clients (assuming that there is some form of load balancing in place - NLB or hardware).

  • WLC Virtual Interface config for a public SSL cert for Web Authentication

    I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
    In the document "Generate CSR for Third−Party Certificates and
    Download Chained Certificates to the WLC"
    Document ID: 109597 it states the following
    "Note: It is important that you provide the correct Common Name. Ensure that the host name that is
    used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
    entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
    you make the change to the VIP interface, you must reboot the system in order for this change to take
    effect.
    Here are my questions.
    1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
    2. In the "DNS Host Name" Field do I simply put the domain or the FQDN?  Example. Company.com or hostname.company.com

    Hi,
    1) You can change that if you want. Normally it is non-Public and non-routable in your network.
    2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
    Regards
    Dhiresh
    ** Please rate helpful posts**

Maybe you are looking for

  • Notes app not working properly on 3GS after 4.2.1 update

    The Notes app no longer works properly on iPhone 3GS after update to iOS 4.2.1 the other day. Now when in Notes app, found that I went into a Note, edited it and then couldn't leave it - the navigation has disappeared, so cant get out of the note bac

  • Restore/recovery mode loop

    Okay, here it goes. About a week ago, I turned on my iPod mini, and it came up with a folder. The night before it was perfectly fine, but at this time I got the folder. I plugged it into the computer, and after it yelling at me that I didn't have eno

  • Formatting a drive in HFS (Mac OS Standard)?

    I pulled my old Mac, an older G4, out of storage to attempt to install Ubuntu linux on it. There seems to be something wrong with the CD drive (DVDs mount, but CDs don't), so installing from the CD is out. I was going to go with the hard drive instal

  • Kerberos Ticket via Java to BW to access BW Querys with HTTP POST

    Hi and thanks for reading, im Working with 2004 and the NWDS SP10. We have a project which must show some reports from the HR system via backend and some BW Reports done with Web Application Designer 3.5. The user of the project application is able t

  • How to open all ports on a Windows Server 2012 VM

    Hi I am wanting to open a range of endpoints ports (approx 900) for my Windows Server 2012 VM on Azure. This is the range 54363 to 55263 how can i do this I know that azure has a limit of 150 endpoints. Can I open all ports instead? Please any help w