Error of SSL certificate

Similar Messages

• Error after SSL Certificat update

  I updated the SSL certificate on a Win2003 SP2 server with IIS6.0
  The initial certificat was a single URL certificate and is replaced by a wildcard one.
  After installing the certificate (and it's CA chain) using the mmc I changed the certificate in IIS and configured the SSLBinding using "cscript.exe
  adsutil.vbs".
  The result is an SSL ERROR.
  The CA chain and the certificate are two CRT files.
  Here is the result of the "certutil.exe -store my"
  command :
  C:\Documents and Settings\Administrateur.W2K79>certutil -store my
  ================ Certificat 0 ================
  Numéro de série : 4899717f3b1ba89dedb7c472d575cb01
  Émetteur: CN=Thawte SSL CA, O=Thawte, Inc., C=US
  Objet: CN=*.bourgenbresse.fr, OU=Collectivite, O=COMMUNE DE BOURG EN BRESSE, L=B
  OURG EN BRESSE, S=Ain, C=FR
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): eb 03 df 43 a8 03 e5 5f b1 52 fc e7 5b a9 0b 0c 19 2a 15 8a
  Aucune information sur le fournisseur de clé
  Pas de propriétés pour le jeu de clé dans le magasin
  ================ Certificat 1 ================
  Numéro de série : 023fcc
  Émetteur: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
  Objet: CN=www.portailenfance.bourgenbresse.fr, OU=Domain Control Validated - Qui
  ckSSL(R) Premium, OU=See www.geotrust.com/resources/cps (c)11, OU=GT68088061, O=
  www.portailenfance.bourgenbresse.fr, C=FR, SERIALNUMBER=R2RJ3sRPOrW0Q3XZYvvpcP05
  TqodNAru
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): 12 49 a6 95 9a 67 05 86 d9 a3 64 cb a7 a7 78 ee 6c eb 94 52
    Conteneur de clé = cecd6bee4621365b6e763b9bfcd773cf_b3f7eefb-5c14-4333-a5bb-29
  d40b271698
    Fournisseur = Microsoft RSA SChannel Cryptographic Provider
  Succès du test de cryptage
  CertUtil: -store La commande s'est terminée correctement.
  Please help !

  It seems that the key for the wild card certificate has not been found. The output shows a valid key for the other cert. ("1") but no key information for the wild card cert ("0"). I assume, that when you double-click the certificate in
  the computer's Personal store you don't see the message You have a Private Key...
  (on the bottom of the General tab), right?
  Windows 2003 sometimes needed some extra effort to "connect" key and certificate, in addition to just importing it (I am assuming that you imported it to the machine where you had created the key).
  Check if the command line tool certutil is available. If not, install the W2K3 admin pack (download e.g.
  here).
  Double-click the new server certificate, go to Details...
  Scroll down the list of attributes and locate the Serial Number. Copy the serial number value.
  At the command shell run as a local admin:
  certutil -repairstore my "<Serial Number>"
  If this has been successful you should now see the message You have a Private Key... when double-clicking the certificate.
  Elke

• SSL Certificate Error in AIX server~~~SCOM 2012 R2

  Hi Everyone,
  While installing SCOM client i am getting below error. Plz suggest.
  Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve 
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
  The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve.
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool. 

  Hi Pawan
  Have you exported/imported scx certificates?
  Check out Kevin Holmans blog on installation of UNIX/Linux agents:
  http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
  www.coretech.dk - blog.coretech.dk

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy

• Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

  Hello,
  I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
  Azure Management portal shows the status of Hybrid Connection as established.
  However, the website throws an error when trying to open a connection
  <
  addname="DefaultConnection"
  connectionString="Data
  Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
  providerName="System.Data.SqlClient"
  />
  (The same website, with the same connection string deployed on SQL Server machine works correctly).
  I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
  I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
  The certificate chain was issued by an authority that is not trusted             
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
  Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
  Stack Trace:
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
  System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
  System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
  System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
  System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
  System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
  System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
  System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
  System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
  System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
  System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
  System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
  System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
  System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
  System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
  System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
  System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
  System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
  System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
  System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
  System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
  System.Data.SqlClient.SqlConnection.Open() +96
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
  [EntityException: The underlying provider failed on Open.]
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
  System.Data.EntityClient.EntityConnection.Open() +104
  System.Data.Objects.ObjectContext.EnsureConnection() +75
  System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
  System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
  System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
  System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
  CloudShop.Services.ProductsRepository.GetProducts() +216
  CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
  CloudShop.Controllers.HomeController.Index() +1130
  lambda_method(Closure , ControllerBase , Object[] ) +62
  System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
  System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
  System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
  System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
  System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
  System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
  System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
  System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
  System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
  System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
  System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
  System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
  System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
  Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
  Regards,
  Michal
  Michal Morciniec

  Same issue here, looking for more information !

• Sequence tag error while importing the SSL certificate into ".keystore" fil

  I have created the ".keystore " file successfully and also imported the "root.cer".
  but while importing the SSL certificate it says like
  "keytool error: java.security.cert.CertificateException: IOException: Sequence ta
  g error" (I got the certificate from Verisign)
  How to resolve this Error?
  can anyone help me?
  mail to:: [email protected]
  Thanks in Advance

  Hi,
  I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked.

• [solved] dovecot errors after renewing SSL certificate

  System:
  OS X Server (Mountain Lion) 2.2
  Using a single SSL Certificate for all services.
  Symptom:
  Users can't log into their IMAP accounts hosted on OS X Server (Mountain Lion) after renewing SSL Certificate
  Diagnostics:
  Give you an indication whether it's this problem. Some or all may apply:
  Log shows all kinds of dovecot errors. e.g.
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  config: Fatal: Error in configuration file /Library/Server/Mail/Config/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf shows commented out lines:
  ssl_cert
  ssl_key
  ssl_ca
  Solution:
  Go to the Certificates pane of the Server App  and choose Secure Services Using: Custom
  Set IMAP and POP server certificates to to None
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf
  Now set Secure Services Using: <My single SSL Certificate for all services>
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf and you should now see all the ssl* settings as you would expect, and pointing to the correct SSL certificate  in /etc/certificates
  Hope this works for you too!

  I had something similar happen. When I do anything with SSL certificates it deletes any regular websites. Only the sites that are setup for https are listed.
  Couldn't understand why my website wasn't working and it turned out that the system had deleted it. The web server had multiple host set and I had to rebuild all the ones that had used port 80. All the ones that use 443 were fine.
  Hope this helps.

• IMAP SSL Certificate Errors

  Just got my iPhone today.
  My email server has a simple, self-signed SSL certificate (IMAPS and TLS on the MTA). The iPhone doesn't like this and refuses to work with my mail/imap server.
  This won't work for me and I'm wondering if there is a way around this.
  Thanks.

  This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.
  1) Enter Mail on iPhone
  2) Select Other from the list of mail provider options
  3) Enter all the Account specifics, in my case it was IMAP stuf
  4) Click Save, and get the invalid certificate message
  5) Click "CANCEL", an you get returned to the settings screen
  6) Click "SAVE" again, it says, "You may not be able to receive email..."
  7) Click OK
  8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
  9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.
  What a pain, but it works.

• SSL ERROR : The required certificate was not found

  I am using Adobe Javascript this.submitForm to submit FDF. This works fine in Windows. When the same pdf is opened in a Linux environment I get the following error:
  SSL ERROR : The required certificate was not found
  and am required to run acroread -installCertificate.
  This I do and it succeeds but the SSL error persists.
  The this.submitForm command is given below:
  /this.submitForm({cURL: 'https://some-webpath/FILE.cgi#FDF',bFDF: true,bGet: false});
  When reading the documentation for the submitForm I see that the Acrobat Web Capture plug-in should be installed: I notice this is the case in Windows but not in Linux. Where can I get this?

  Hi Ben,
  The behavior you have noticed with the newly installed certificate files in
  [home-folder]/.adobe/Acrobat/[version]/Cert folder
  and the
  [install-folder]/Adobe/Reader8/Reader/Cert/curl-ca-bundle.crt file is correct. Further, the behavior has not changed between Reader versions 8.x and 9.x
  It is possible that the problem may be of the installed certificate not linking up to one of the Root CA-s. An Intermedia-CA certificate may be needed to be installed.
  Could you mail me at " sanath at adobe dot com ", if possible, with more information about the problem (the PDF, the certificate in question - the file named like 123456.0 ), so that we at Adobe can work on resolving your problem
  Regards
  Sandip

• ISE: Guest SSL Certificate Not Trusted Error

  Team,
  We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
  I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
  Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
  Please advice
  Thanks in advance

  The only solution that can competely resolve your issue is to get a certificate from any trusted  CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may  appear sometimes.

• SSL certificate error when installing

  Hi,
  We are getting error when installing the SSL certificate on our web dispatcher. Please see screenshot attached.
  Kindly assist us on this.
  Thank you!
  Regards,
  AJ

  You have to specify the additional certificates with the "-r" parameter.
  E g
  sapgenpse import_own_cert -c <cert_from_eg_verisign> -p <PSE-file> -r intermediate-one.cer -r intermediate-two.cer
  You can specify "-r" up to 10 times.

• Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Hi, William
  My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
  hope for your answer

• When trying to get to a CUIC permalink report via a get XML document data step in UCCX, we get a SSL certificate error

  Has anyone found a way to overcome the SSL certificate error via UCCX editor?  See attached screenshots.  Thanks!

  Hi, not easily, no.
  But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
  G.

• When accessing Intranet sites that use SSL Certificates issued by our internal PKI, FF for Windows give an error of "improperly formatted DER-encoded message"

  When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
  Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.

  Hi Guigs2,
  From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
  registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
  The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?

• New SSL certificate with 2048 bit shows error: (Fehlercode: sec_error_unknown_issuer)

  installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
  == URL of affected sites ==
  https://www.dongil.at/

  I have also tried all the solutions mentioned - but no luck.
  I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
  Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
  If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
  https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
  - Lasse