E-filing UK and Government Gateway Certificate expired

Similar Messages

• SSL Re-encryption with Portal and Web Dispatcher: certificate expired

  Hello,
  I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
  - is it correct that it uses localhost or am I missing anything?
  - How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
  Thanks,
  Ingrid

  Hi,
  Go thru the contents of SAP Note,
  685306 -Enabling SSL and renewing the J2EE certificate
  And also the help contents in,
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  These might of some help to you !
  Regards
  Srinivasan T

• HT201336 Hi I have a certificate expired and was wondering how can I update it ?

  I have an apple Iphone certificate expired and I was wondering how do you renew it?

  No answers, just some questions...  (I'm not sure what you're asking.)
  Where did the certificate originate?  An Apple iPhone certificate?  For what?  For iOS development?  For VPN?  For accessing remote web services, on a server?    This is the OS X Server 10.6 forum; are you working with certificates with that operating system, or with certificates on an iPhone?
  If your OS X Server system has an expired certificate, you'll need to either purchase a new certificate, or generate a new self-signed certificate and load that via the Certificate Assistant and Server Admin tools.

• Lync Internal and external certificate expiration alerts.

  Hello Everyone,
  We are supporting Lync environment for one of our clients.
  We a have fear of encountering certificate expiration if we somehow might not remember.
  Is there any possible way that we can monitor the Lync certificate(Internal or Public) expiration via SCOM.
  If yes, what could be the standard procedure for achieving and testing this.
  Thank you!!!
  BR,
  Ammi.

  Hi,
  Please also refer to the link below of “Monitoring Expiring Certificates using SCOM”:
  http://blogs.technet.com/b/sgopi/archive/2012/05/18/monitoring-expiring-certificates-using-scom.aspx
  If you don’t deploy SCOM, CertExpAlerter offers an easy and free solution to monitor your certificates.
  You can refer to the link below:
  http://blogs.technet.com/b/nexthop/archive/2011/11/18/certificate-expiration-alerting.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Our app wend down over the weekend and I found an expired certificate.

  Since 8/1/2014 we have been running an app in Azure. I helped the company who wrote the app launch it in azure and since have been managing our users and such. But, over this Thanksgiving Holiday something happened... I came to work Monday and my phone is
  ringing off the hook with users not being able to login- User Authentication Failed... I've tried to figure out what's wrong and finally I've found that one of my certificates expired on 11/26/2014...  If anyone knows what I need to do to fix this could
  you please respond?  I'm a pretty new user to the Azure environment but I catch on quick if you can point me in the right direction...
  Thanks All!
  Scott

  Hi,
  Please have a check on the below thread which has a similar issue.
  http://stackoverflow.com/questions/19577996/how-to-renew-ssl-certificate-on-an-azure-cloud-service
  More information :
  http://azure.microsoft.com/en-us/documentation/articles/cloud-services-configure-ssl-certificate/
  http://msdn.microsoft.com/en-us/library/azure/gg981929.aspx
  Regards,
  Mekh.

• If I've installed an app from the app store and the author's distribution certificate expires, my app will still run or not? Thanks a lot.

  If I've installed an app from the app store and the author's distribution certificate expires, my app will still run in my device or not?
  For example in the case that the author won't renew the certificate itself, i guess his app will be removed from the app store; but what happens to the apps installed in the devices?
  Thanks a lot.

  The author's certificate is only used to authenticate the author when the app is uploaded to the app store.
  The app is then signed by Apple before being added to the app store.
  Nothing will happen to your app except you won't get any updates.
  Evertually, iOS upgrades could stop the app from working if you upgrade iOS beyond what the app supports.

• Latest update reader installed today (8/13/14) 11.0.08 but certificate expired 7/25/14.  Is it okay and safe?  Previously, unmarked for discussion.

  Latest update reader installed today (8/13/14) 11.0.08 but certificate expired 7/25/14.  Is it okay and safe?  Previously, not marked for discussion.

  Hi jimya,
  Which certificate are you referring to here?
  Yes Reader update v11.0.08 is safe to install.
  Regards,
  Rave

• Gateway Certificates

  We are trying to replace the self-signed certificate that was created during the install of our portal 6.0 server, but are running into problems.
  The gateway doesn't start anymore.
  The srapGateway.default logfile contains the following error:
  org.mozilla.jss.ssl.SSLSocketException: Failed to locate private key: (-12285) Unable to find the certificate or key necessary for authentication.
  at org.mozilla.jss.ssl.SSLServerSocket.setServerCert(Native Method)
  at org.mozilla.jss.ssl.SSLServerSocket.setServerCertNickname(SSLServerSocket.java:235)
  at com.sun.portal.rproxy.server.HTTPSConnectionManager.makeServerSocket(HTTPSConnectionManager.java:298)
  at com.sun.portal.rproxy.server.HTTPSConnectionManager.listen(HTTPSConnectionManager.java:143)
  at com.sun.portal.rproxy.server.ReverseProxy$1.run(ReverseProxy.java:115)
  at java.lang.Thread.run(Thread.java:479)
  1/13/04 9:40:39 AM CET: Thread[HTTPSConnectionManager.listen(),5,main]
  ERROR: null:Service Network Error RProxyPort
  However, the gateway.log.default reports this:
  Tue Jan 13 09:40:34 CET 2004...
  Portal Server Gateway started.
  Gateway certificate status (server-cert) certutil: certificate is valid
  The certificate trust flags are: CT,C,C
  Could anyone tell me what we're doing wrong?
  Thanks!
  Michel.

  I'm not using verisign certificates, and the certificates that I am using all have an expiration date somewhere in januari 2005. So that should be okay. Also, the gateway.default.log file shows that the certificate is valid.
  As for the .jsspass and .nickname files: I haven't changed these. The .nickname file states that the certificate should have the alias named "server-cert".
  As for the DB files, I used the ones that were created during the installation. I then used the gwcertutil utility to delete the server-cert certificate (as it was not possible to do this with the certadmin tool). Next, I imported my root CA certificate, and the "certificate from certificate authority".
  As for the trust attributes, I set them to CT,C,C .
  Setting them to CTu,Cu,Cu would be impossible, as the "u" flag means that the certificate itself needs to be a CA certificate, which is undesirable, and I believe not required. If I am wrong here, someone please correct me!!
  Of course a selfsigned certificate does have the "u" flag, but I'm not using selfsigned certificates, nor do I want to :)
  So my problem still remains :(
  Michel.

• ISE - What happens when the on-boarded certificate expires?

  I'm trying to design a good BYOD deployment model but have a few questions that need direct answers.  I have down how to go about on-boarding and getting a certificate on a device, the ISE provides great flow for this to happen in many ways.  My questions come from a design perspective before and after the BYOD deployment is completed.
  1. Figuring out a method to validate the device is a Corporate asset or a BYOD asset.
       (I don't want to install a certificate on just any device, or perhaps I do but I need to give permissions to all resources if its a Corporate Device, and more resitrictions if it's BYOD, so how do I figure this out during the provisioning phase?)
       a. Use MDM (May not have one, or if you do we are still waiting on ISE 1.2 for that integration)
       b. Build a Group for provisioning admins, if user PEAP-MSCHAPv2 account is from this group install a certificate. (issue here is that the end user looses administration of the device in the my device portal as the device is now registered to the provisioning admin)
       c. Pre-populate MAC into ISE as all Corporate devices should be provisioned by I.T. before they go to the end user (I think this is good but can see push back from customers as they don't want to add more time to the process)
       d. Certs on any IOS or Android device, provide access based on user group and do not worry if device is Company asset or not (I believe that this is the easiest solution and seems to be what I find in the guides)
       e. Other options I have not thought about, would love input from the crowd
  2. What happens to the device once the Certificate expires?
       (I don't know the answer to this, my thought would be the user or device will fail during the authentication policy and this creates a mess)
       a. Tell the user to delete the profile so they can start all over again (creates help desk calls and frustrated users)
       b. Use MDM for Cert management (may not have one)
       c. Perhaps the client uses SCEP to renew based on the cert template renew policy and there are no issues (this is me wishing)
  Would appreciate some feed back and would like to know if anyone has run into these issues.                   

  Neno,
  Sorry but I don't have any other info on using a public CA, Cisco says to use internal CA's for PKI.  I think the best practice in 1.2 comes out will be to use one interface for Web Management and a different interface for Radius, profiling, posture, and on boarding.  This way you can use your private CA for EAP and a public CA for web traffic.  Have you tried a public CA bound to management and a private CA for EAP yet?
  I did do a session on EAP-TEAP, they explained how it will work and also discussed EAP-FASTv2.  EAP-FASTv2 is available now but you must use anyconnect as your supplicant.  Microsoft and all other vendors will have EAP-TEAP native once it is fully released and comissioned as it will be the new gold standard for EAP.  It will support TLS, MD5, and CHAPv2.  If you are interested I have the PDF of the presentation I attended that shows the flow of how EAP-TEAP will work.  This is much better than wasMachineAuthenticated and machine auth caching, which has many down falls.
  I currently do machine and user auth I just don't require them.  If Machine auth then allow machine on vlan-x with access to AD, DNS, and blah blah.  Then a seperate rule to say user auth gets more access, although I require EAP-TLS for both and if you think about it you are accomplishing the same thing if your PKI is setup correctly.  Make it so users and machines can only auto enroll, that way you know the only way they got their cert was from GPO policy.  I won't go into anymore detail, but there is lots you can do.

• Computer certificates expiring within 6 weeks disappearing from machines when computer certificates from two certificate authorities are present

  2008 R2 single tier enterprise certificate authority with root certificate expiring within 6 weeks, also domain controller
  2012 R2 single tier enterprise certificate authority with root certificate valid for more than the next year, also domain controller
  Both servers are approved as certificate authorities for the domain and can issue computer certificates using the computer certificate template. There is a group policy object applied to all workstations that contains an automatic computer certificate request,
  but the actual "certificate services client auto-enrollment" element is "not configured". This process seems to work like a round robin in that computers with no certificate can wind up with a certificate from either certificate
  authority. I need all PCs to have both certs for a DirectAccess migration. I have successfully used SCCM to ensure all PCs have both certificates using compliance rules and a script using certreq.exe.
  A machine will keep both certs until the older computer certificate moves into the 6 week window of expiration, then it gets purged. I have observed this behavior for over a month, even when the CA root certificate wasn't so close to expiring. I
  can't figure out what setting is triggering the purge, but need to stop it. Maybe it's coming from default settings in local machine policy for an element that should be disabled in the group policy object supplying the automatic certificate request?
  The worst part of this issue is that I can't recreate the purging behavior with gpupdates or restarts on my test machines.

  You should not be using Automatic Certificate Request Service (ACRS) for this - it was designed for Windows 2000 and is generally deprecated. Secondly, the reason it is acting like a round-robin as you describe it, is that templates are generally configured
  to attempt to renew within 6 weeks of their expiration. Since the 2008 R2 CA is expiring within 6 weeks, it cant issue anything longer than its own remaining lifetime. It is a well known issue that issuing a certificate within the renewal period will cause
  problems.
  What you should do it use AutoEnrollment and issue a certificate with a very small renewal period (1 week perhaps) by creating a custom V2 template and issuing that from your 2008 R2 CA. Then on the 2012 R2 CA you will need ANOTHER template, as the computer
  will only enroll for a certificate from each template. This one can be configured with a normal lifetime and renewal period.
  Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

• Portal Certificate Expired with NO VA running!!!

  Hi All,
  I got one issue about Portal certificate expiration, for which SSO is not working b/w Portal and R3.
  As working on Solaris, required to re-generate the Keystore Certificate via Visual Admin, but WHAT!!!
  I am not able to run it, it says that JAVA_HOME needs to be set.
  Done (Set) but still am not able to see that VA screen. Tried thru root and SIDADM (recommended) also, but couldnt... which is turning my head 360 degrees.
  Well request you all to share your good experiences thru which i may be able to resolve the issue which is pending past 2 days and no proceedings since...
  And i guess there is no way out to increase the validity of certificate without VA. OR is there any????
  Thanks
  Piyush

  hi Anil,
  i got,
  /usr/java
  we ran the command "./go" to start visual admin, which inturn shows the error as below
  4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : console output st
  ream will not be logged into a file; there was an error opening the log file
  java.io.FileNotFoundException: /usr/sap/EPD/JC01/j2ee/admin/log/console_logs/out
  put.log (Permission denied)
          at java.io.FileOutputStream.open(Native Method)
          at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
          at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
          at com.sap.engine.tools.launcher.Launcher.initLogs(Launcher.java:636)
          at com.sap.engine.tools.launcher.Launcher.init(Launcher.java:198)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:113)
  4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : unable to invoke
  main class  com.sap.engine.services.adminadapter.gui.AdminFrameView
  Exception in thread "main" com.sap.engine.tools.launcher.LauncherException
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:340)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  caused by -
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
  .0' as the value of the DISPLAY variable.
          at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
          at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
  34)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:141)
          at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
  ronment.java:62)
          at java.awt.Window.init(Window.java:231)
          at java.awt.Window.<init>(Window.java:275)
          at java.awt.Frame.<init>(Frame.java:401)
          at java.awt.Frame.<init>(Frame.java:366)
          at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
          at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
  37)
          at javax.swing.JWindow.<init>(JWindow.java:160)
          at javax.swing.JWindow.<init>(JWindow.java:112)
          at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
  ow.java:12)
          at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
  meView.java:234)
          ... 6 more
  caused by -
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
  .0' as the value of the DISPLAY variable.
          at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
          at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
  34)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:141)
          at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
  ronment.java:62)
          at java.awt.Window.init(Window.java:231)
          at java.awt.Window.<init>(Window.java:275)
          at java.awt.Frame.<init>(Frame.java:401)
          at java.awt.Frame.<init>(Frame.java:366)
          at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
          at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
  37)
          at javax.swing.JWindow.<init>(JWindow.java:160)
          at javax.swing.JWindow.<init>(JWindow.java:112)
          at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
  ow.java:12)
          at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
  meView.java:234)
          ... 6 more
  Regards
  Piyush

• What happens to Apps when the Distribution certificate expires?

  Our distribution certificate expires in mid March. Do I have to re-build all the apps that are on the App Store with the new certificate or will they continue to install without issues?
  My gut feel is that Apple would not expect developers to re-submit all their apps just because the certificate has expired but like a confirmation from someone since I am sure many have crossed this bridge.
  Thanks in advance.
  -TRS

  +>I assume that any new submissions will have to have to be built with a profile which includes a valid certificate.+
  Of course....just follow the money
  It is a solid process, but of course Apple, like any business that operates around time-based/recurring fees, wants to get the 'subscriber' to re-up sooner than later.
  The countdown in the dev center, etc. we see about our 'expiration' date is meant not only as a friendly reminder concerning whatever risk, it is a prod to get whatever monies out of our pockets and into theirs...sooner than later

• Distribution certificate expiring 3/12. Distribution profile expiring 9/12.

  Our Distribution certificate expires tomorrow but the profile is active till 9/12.
  So my Q is:
  a) If i build something on 3/13 will XCode error out at build time in the CodeSign step?
  b) If i build something on 3/12 and submit to Apple on 3/13 will it accept since the Profile is valid?
  I am just trying to figure out if i need to wait until i have a new certificate and a new profile before i build my apps.
  Thanks,
  -TRS

  I have not re-newed the certificate so my Q has no relevance now
  In any case the answer is that the certificate has to be valid otherwise XCode does not show the profile as selectable. It indicates a disabled information message in the drop-down menu.
  Thanks to those who spent their valuable time reading my original post.
  -TRS
  -TRS

• Asa ssh/vnc plugins digital certificates expired

  Hi,
  we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
  We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
  (ssh-plugin.08030, vnc-plugin.080130).
  Are newer ones available?
  Thanks
  Dorothea

  BTW this could be of help:
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
  You probably want to install a code signer certificate.
  While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

• Have come full circle---k9-4235 server(https) certificate expired

  Ok i have been running k94235's and idsm2's for a couple years and when I was munking around with a sig on one of the k9-4235 i discovered that the server certificate expired this past sat...When I tried to create a new sensor in IEV it gave the error "connection handshake failure"....
  where/how do I get/make a new server certificate for https sessions on k9-4235, is the latest and greatest
  sysinfo
  Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S178
  MainApp 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  AnalysisEngine 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Authentication 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Logger 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  NetworkAccess 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  TransactionSource 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  WebServer 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

  You can try removing the expired certificate from the sensor by logging into the sensor's CLI and entering the following commands:
  sensor# configure terminal
  sensor(config)# no tls trusted-host ip-address 10.1.2.3
  Next, tell the sensor to trust 10.1.2.3:
  sensor(config)# tls trusted-host ip-address 10.1.2.3