Error 0x80072f0d & Certificates

Similar Messages

• SignTool Error: No certificates were found that met all the given criteria

  I have a project which was developed with VS2010.
  I tried rebuild this project with VS2013 Professional and I got the error messages as indicated in the subject.
  What is this error? Why I got this error?
  Hyung-Ho Kim

  Hi Kim,
  As you said that it is the VS2010 project, so it worked well in VS2010, am I right? If so, which kind of project did you create?
  >>SignTool Error: No certificates were found that met all the given criteria.
  I did some research about it, it seems that it is related to the setup project.https://social.msdn.microsoft.com/Forums/en-US/143a914b-1c45-467f-9827-d38b95db11a1/signtool-error-no-certificate-were-found-that-met-all-the-given-criteria?forum=winformssetup
  Is it the Setup and Deployment project with the InstallShield tool?
  If so, as far as I know we didn't support this tool in VS2013 IDE now, but you could post this issue to this forum here:
  http://community.flexerasoftware.com/forumdisplay.php?133-InstallShield
  Best Regards,
  Jack
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Error installing certificate with Cisco 5508 7.4.110

  hi All,
  I am getting Error while installing the web certificate on a WLC.
  (Cisco Controller) >transfer download start
  Mode............................................. TFTP
  Data Type........................................ Site Cert
  TFTP Server IP................................... 10.225.5.11
  TFTP Packet Timeout.............................. 6
  TFTP Max Retries................................. 10
  TFTP Path........................................ ./
  TFTP Filename.................................... final-cert.pem
  This may take some time.
  Are you sure you want to start? (y/N) y
  TFTP Webauth cert transfer starting.
  TFTP receive complete... Installing Certificate.
  Error installing certificate.
  the Copy works fine but for some reason installation doesnt complete. I am having issues even with GUI mode.
  Please let me know what is should do.

  What I mean is that you can't take another customers certificate and load it onto another customers WLC.  The certificate is assigned to a FQDN (Fully Qualified Domain Name)  whcih will be a DNS entry for the customer who it was registered to, so you can't and shouldn't use it for any other client.  You need to generate one certificate per client.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Error installing certificate - help

  Hi
  I am trying to install a webauth certificate on a WLC (5508 6.0.188).
  I followed the "Generate CSR for Third-Party Certificates and  Download Unchained Certificates to the WLC" document.
  But when I try to upload the .pem file i get "the" "error installing certificate" promt.
  I did not have any errors using OpenSSL.
  Is there any debug commands that can help clearify the issue.
  The Solution provided in this discussion has been added in the following Blog:-
  https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/11/26/generate-csr-for-third-party-cert-and-download-unchained-cert-on-wireless-lan-controller-wlc

  I was having the same problem and worked on it for probably 8 hours trying numerous different solutions and this is what fixed it for me.
  The OpenSSL versions available from www.openssl.org do not create a final.pem that work with the WLC.
  I downloaded OpenSSL using this link http://www.ingate.com/files/Win32OpenSSL-0.9.6-1.0.zip and installed into C:\OpenSSL (It tries to install to program files, install location doesn't matter I just like it on the root of C)
  I then followed all of the steps outline on Cisco.com http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Uploaded the final.pem file and it install without any problems.
  My Cert was purchased from RapidSSL I don't know if that matters or not.
  This was a renewal cert, so it was my second time install a cert to my WLC and I made the mistake of not keeping my original copy of OpenSSL that worked for me the first time.  Don't make the mistake I made and KEEP a copy of the OpenSSL version that works for you.  That will make cert renewal much easier for you.

• Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Hi, William
  My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
  hope for your answer

• I can not publish my software I get "_An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: No certificates were found that met all the given criteria."

  Error 2
  An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: No certificates were found that met all the given criteria.
  Yesterday I could publish, today no code changes, but I get the above error.
  Help

  Hi El-sid,
  So glad that you have solved your issue, and thanks for your sharing.
  Have a nice day.
  Best Regards,
  Youjun Tang
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• CodeSign error: no certificate found in keychain for code signing identity

  I've been wrestling with this for a week. Can someone help. I have followed the instructions closely to get my iphone app ready for distribution, but I cannot compile my app due to the following error:
  CodeSign error: no certificate found in keychain for code signing identity 'iPhone Distribution: iPhone Developer (my name)
  However, it definitely is there. In my Keychain I see the proper certificate. Furthermore, in the build file my Code Signing Identity -> Any iPhone OS Device is set to iPhone Distribution: (my name) but under "Code Signing Provisioning Profile" there are no valid choices. The distribution certificate is grayed out.
  Any help/advice would be greatly appreciated!!

  For the build error, "codesign error: code signing identity 'iphone developer' does not match any code-signing certificate in your keychain":
  1) Open Keychain Access application.
  2) Select the "Systems" tab under the Keychains sidebar and "certificates" under the Categories sidebar.
  3) You should see the "com.apple.kerberos.kdc" and/or "com.apple.systemdefault" certificates with a red x in the icon.
  4) Double click them and under the "trust" node change the "When using this certificate: " tab to Always Trust. You may need to restart Xcode for this to work.

• Add VCenter adapter error retreiving certificate

  Hello,
  i've a problem with AppInsight 5 (Virtual Center 4.1.0) when start configuring and try to add a new Virtual Center adapter i receive "Error retreiving certificate" like as attached image. I've just tried with Vcenter IP, with another user, with domain\user or vcenter\user form but unsuccesfully ... i'm always receiving the same error.
  AppInsight server and Vcenter server communicate each other correctly ... Now what can I do?
  Thanks

  SOLVED
  On every FW present in segment Vcenter <> AppInsight (that are in different lan) i've openend all * port instead as described in document 80, 443 8443 etc ...

• Windows server 2012 update standalone installer error: the certificate for the signer of the message is invalid

  I have a windows server 2012 Hyper V machine which acts as a web front end for my sharepoint 2013 farm.
  It is set to install updates automatically.
  I have 4 patch to install to correct an issue with my search:
   KB
  2567680, KB
  2554876 , KB
  2708075 , KB
  2472264 
  These are Microsoft patches
  Whenever I try to install them I receive an error
  Googling the error, I have tried extracting the file and using CMD prompt to install the xml file to install but to no avail.
  I have installed Windows Identity Foundation as a role. It is necessary for this to be 
  I have also noticed that all updates for a couple of weeks have failed. I have 2 other servers in the farm, both of which are joined to the same private network cannot look for updates with another error. Not sure if these are related.
  Anyone know of anything like this?
  Thanks in advance

  right-click the file and select properties.
  On "Digital Signatures" the tab, select the "Microsoft Corporation" entry and click "Details"
  In the "Digital Signature Details" dialog, click "View Certificate"
  In the  "Certificate" dialog, click "Install Certificate..."
  In the "Certificate Import Wizard" dialog, select "Local Machine" (though current user might work, didn't use it, so I can not attest to it) and click "Next"
  Select the "Place all certificates in the following store" option and click "Browse"
  In the "Select Certificate Store" dialog, select "Trusted Publishers" and click "Ok"
  Back in the "Certificate Import Wizard" click "Next"
  You should now be at the "Completing the Certificate Import Wizard" step of the "Certificate Import Wizard" ... click "Finish"
  You should get "Import was successful"
  You should now be able to install the package.
  gimme some slamming techno!!!!

• Cisco ISE 1.2 - BYOD Guest Access Error with Certificate

  Hi all !
  I'm running on Cisco ISE 1.2. I'm trying to setup BYOD (dual SSID).
  Here's a walkthrough of what's happening:
  1. I connect to open SSID, enter username/password and register MAC 
  2. I download WinSPwizard, get trust root CA but WinSPwizard error
  This is spwprofilelog 
  [Wed Oct 01 11:27:17 2014] Installed [pvgas-DC-CA, hash: d0 ad c2 1e 19 b0 8b 61  8a 2d 81 88 da 8a a2 ca
  da d3 ab e8
  ] as rootCA
  [Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:17 2014] HttpWrapper::SendScepRequest - Retrying: [1] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:21 2014] HttpWrapper::SendScepRequest - Retrying: [2] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:25 2014] HttpWrapper::SendScepRequest - Retrying: [3] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:29 2014] Failed to get certificate from server - Error: [2]
  [Wed Oct 01 11:27:29 2014]  Failed to generate scep request. Error code:
  [Wed Oct 01 11:27:29 2014] ApplyCert - End...
  [Wed Oct 01 11:27:29 2014] Failed to configure the device.
  [Wed Oct 01 11:27:29 2014] ApplyProfile - End...
  [Wed Oct 01 11:27:32 2014] Cleaning up profile xml:  success 
  This is SCEP RA profiles
  Other Cert
  ACL On WLC
  and policy
  Please help me fix error.
  Thanks.

  you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.

• Error in Certificate Management tab in OCA Admin page

  I am following the instructions from this document in the process of getting the Oracle Portal configured with SSL:
  http://www.oracle.com/technology/obe/obe_as_10g/im/sslohs/ssl_ohs.htm
  In particular, in the section: "Approve the Server Certificate Requested by Using OCA Administration Pages" for number 2, instead of getting a certificate request to approve, I get an error:
  Error
  Certificate of the connecting SSL user does not exist in the OCA repository
  I have a wallet set up and defined in my e:\Oracle\Wallet directory and have the Wallet Manager pointing there.
  How can I resolve this issue or get more details about the problem to troubleshoot?
  Thanks,
  Winston

  Check this window version for you
  How To Create SSL Wallet Using Wallet Manager and Oracle Certificate Authority : Note:351340.1
  https://metalink.oracle.com/metalink/plsql/f?p=130:14:9735010441397633499::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,351340.1,1,1,1,helvetica
  Hope this helps
  Thanks
  Sundeep
  http://troubleshootingappsdba.blogspot.com

• SSL Protocol Error. Certificate is either invalid or common name...

  There is only one website I have found that has this issue for us.  It is collegesource.org.  I have worked with their support but so far we have no solution.
  I have Windows Vista with IE7, Firefox 3.6 and chrome 4.0 and Adobe Reader 9.3.
  When I attempt to open the course catalogs for any school on this website it gives me the error below. XP machines on the same network with IE7 can access the PDFs on this site just fine.  We could work around this by just downloading the PDFs and opening them outside of the browser but unfortunately when you right click and try to save the target it is a frame.htm.
  Every search I have done for this error only finds 1 similar post and that problem doesn't have a resolution.
  I also attempted to downgrade to Adobe Reader 8.1 and the error I received was "this computer must be connected to the network in order to open this document"

  So the CN  value should be without the ":8443" addition when creating the cert file?
  Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
  When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
  @ IE i get:
  Thanks for looking in to this!

• Receiver SOAP adapter SSL error - client certificate required?

  Hi all,
  Problem configuring SSL in XI 3.0 NW04 SP17....
  I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
  <b>Sender File -> <u><i>Receiver SOAP -> Sender SOAP</i></u> -> IDoc Receiver -> IDocs in R/3</b>
  The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
  The problem is when I set HTTPS <b>With</b> Client Authentication in the Sender. I then get the following error in the message monitor:
  SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: <b>client certificate required caused by: java.security.AccessControlException</b>: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
  Has anyone got any idea what this could be caused by?
  Many thanks,
  Stuart Richards

  Have you configured the https port with that keystore entry?
  Check out these links:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
  Regards,
  Henrique.

• HTTPS Without client authentication shows error of Certificate

  Hi Experts,
  I am trying to develop a SOAP to RFC scenario where in SOAP sender HTTP security level - HTTPS Without Client Authentication is selected.
  I have downloaded WSDL from Sender agreement and trying to test web service from SOAPUI.  Now as per my understanding simply placing request to HTTPS:<host>:<port>:XISOAPAdapter/....   with correct user should work and this scenario shouldn't need any certificates.
  However in SOAPUI and even in RWB SOAP Sender, I am receiving error that - Client Certificate required.
  Any comments on why would it be happening ?    In fact whatever option in HTTP Security level I select, error remains same. In NWA is there any other configuration to be done to make this work ?
  Is below understanding right ?
  -- >> HTTPS Without client authentication will not need certificate exchange and simply user authentication will do
  Thanks..
  regards,
  Omkar.

  Hello Omkar,
  What you are trying to do is Consume a SOAP->RFC scenario (synchronous) from SOAP UI and you want that to be secure. With this requirement, just having the certificates alone is not sufficient (sorry for late response..i just came across this post when i was searching something else )
  1)How did you generate the certificate and the private key? Because Key Generation plays a Big Part in it. The Key should have been signed by a CA. Though its not signed by a CA, a trick which would work is, at the time of Key generation, provide the Organization Name as SAP Trust Community and Country as DE.
  2) At the time of Key Generation definitely it shall ask for a password. You remember that.
  3) Export the Private Key as PCKS12 format and the certificate as Base64 format and have it in your local system, (shall be used later in SOAP UI and NWA)
  Here follows the major part
  4) Open NWA and go to Configuration Management->Authentication
  5) Go to Properties Taband click Modify
  6)  Under Logon Application select the check box "Enable Showing Certificate Logon URL Link on Logon Page" and save it.
  7) Now go to the Components Tab.
  8) Search for client_cert Policy Configuration name and Edit it it. Make sure the following Login Modules are maintained in the same Order
  ==> Name: com.sap.engine.services.security.server.jaas.ClientCertLoginModule
         Flag : Sufficient
  ==> Name: BasicPasswordLoginModule
         Flag: Optional
  9) Now Select the name com.sap.engine.services.security.server.jaas.ClientCertLoginModule and you can see lots of entries under the Login Module Options. Remove them all and add anew entry (case sensitive). Save it.
  ==>Name: Rule1.getUserFrom
         value : wholeCert
  10) Now search for the Policy Configuration name sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter
  and edit it.
  11) Under the Authentication stack select the template client_cert against the used template label. and save it
  12)If you are using AXIS Adapter, do the steps 11 for the Policy Configuration name sap.com/com.sap.aii.axis.app*XIAxisAdapter.
  13) Now in NWA navigate to Operation management->Identity Management
  14) Search for the user PIISUSER (or any user id which you thing has good amount of authorizations to access the service)
  15)Click Modify and go to the TAB Certificates and upload the certificate (not the private key) which you downloaded in step 3.
  16) With this setup what you have done is you have created proper certificate, enabled certificate based logon for SOAP and AXIS adapter and associated the certificate with a user id.
  17) usually in Dual stack PI, we will have the same certificate added to the server pse in strustsso2 tcode. But since its single stack, just make sure in the cert and keys you add this certificate to teh Trusted CAs and also to the Server Keystore.
  18) Now in SOAP UI Right Click on the Project Name->Select Show Project View->Under the WS Security Configurations->Go to Keystore and certificates and add the Private Key
  19) In SOAP UI under the operation name, in the Request, in stead of providing user credentials, choose the private key name against the SSL Keystore entry.
  20) Before you execute the scenario  make sure you have chosen the HTTPS url and https port is proper. Usually its 443, but some customers configure their own port.
  Scenario should work now. Else if you track it using XPI Inspector, you can find out easily at which step it has gone wrong.
  Good Luck!!
  Best Regards,
  Sundar

• FTPS error: Peer Certificate Rejected by Chain Verifier

  Hi,
  This scenario is a File to File - Outbound Async Interface. Receiver is configured FTPS with mostly the default parameters.
  However FTPS again haunted us with "Peer Certificate Rejected by Chain Verifier  " error.  We have configured one communication channel with FTPS and tested in DEV, QA clients and moved to production. The weird behavior is it works only certain time. Overall it works 50% of time ok and 50% of time failed with the above error.
  We kept opened all ports on the firewall for outgoing messages.
  We cannot understand the dual behavior. Appreciate any help to resolve this issue.
  Dharmasiri Amith

  Hi Amith,
  The main reasons for this error follows:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has
  to have certificate with CN equal to the requested site.  I mean if I
  request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in
  the ftp request. This can be the IP address or the full name of the
  host.
  Request the url with the IP of the SSL Server and the certificate to be
  with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio Cagnani