Exchange Server Affected by SSL Certificate Organization Name Change

We recently underwent a name change of our company. We added a few new domain names for the new company to our Exchange Server 2007 and updated our address policy to include them and everything seemed to work okay for a while.  We subsequently reissued
the SSL Certificate for our Exchange Server under the new organization name (per the CA's recommendation) .  Shortly thereafter we experienced all sorts of issues necessitating a rebuild of our Exchange Server.  Is there any dependency between
the organization name in an SSL certificate and the organization name that Exchange Server stores it's info under in Active Directory (which still had the old name) that would cause Exchange to go haywire?

Hi,
Please confirm you were creating a new domain in your AD or creating an accepted domain in Exchange server.
If you directly create an accepted domain in Exchange, the new domain would be
considered authoritative when the Exchange organization hosts mailboxes for recipients in this SMTP domain. We don’t need to create a new Exchange certificate for this new accepted domain because the
SRV records can be used to connect to Autodiscover service. And the Exchange services URLs are not changed and they can still be authenticated by the original certificate (mail.domain.com, autodiscover.domain.com).
Certainly, we can reissue a new Exchange certificate, please make sure the new Exchange certificate has included all needed namespaces for your Exchange server such as:
Mail.domain.com, autodiscover.domain.com, autodiscover.newdomain.com
We can also run Get-ExchangeCertificate | fl to check it.
Regards,
Winnie Liang
TechNet Community Support

Similar Messages

  • SSL Certificate common name (host name field) is incorrect

    When user open the Microsoft Office Project and connect to their PWA site, they will get the message "SSL Certificate common name (host name field) is incorrect".
    Which area that I look start looking at? The client computer or the server itself? The cert expiration date was still long way to go.
    teikboon

    What is the url user is accessing, hotname/pwa or mycompany.com/pwa
    Certificate is issued by using hostname or something else?
    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < |
    LinkedIn
    Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you.This can be beneficial to other community members reading the thread.

  • SQL Server cannot Find SSL Certificate

    We need help solve an issue we are having with SQL Server 2008 recognizing certificates (for supporting SSL communications) we generate through the MakeCert.exe utility. We have followed all instructions available in the MSDN SQL Server 2008 online books, including using the mmc console utility to verify that the certificates are valid, but the certificates we make fail to be seen by the SQL Server 2008 Configuration Management application.

    Hi,
    I’m not sure what instructions you read from MSDN. Do you follow the steps described in http://msdn.microsoft.com/en-us/library/ms191192.aspx?  If not, please try it. Additionally, I suggest you refer to the following content from MSDN:
    For SQL Server to load a SSL certificate, the certificate must meet the following conditions:
    1. The certificate must be in either the local computer certificate store or the current user certificate store.
    2. The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
    3. The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
    4. The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
    5. The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
    If there are any more questions, please let me know.
    Thanks.
    ***Xiao Min Tan***Microsoft Online Community***

  • How can I change an SSL Certificate display name on Firefox?

    I have 6 SSL Certificate to install in order for an application to open in 6 ways. Each certificate represent a way. The problem is that the pop up window i am receiving to choose one of these 6 SSL displays the Issuer CN while i need it to display the friendly name / or the description since i can modify them.
    Any way this is possible?
    Thanks,

    This article may help you
    https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&s=SSL+certificate+display+on+Firefox&r=7&as=s
    regards,
    Gautam sharma.

  • Messaging Server: Problem Adding SSL Certificate

    We have a problem importing a CA certificate into Messaging Server 7 on Solaris 10 x86.
    Platform
    uname -a
    SunOS mail1 5.10 Generic_138889-03 i86pc i386 i86pcMessaging Server Version
    imsimta version
    Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec  9 2008)
    libimta.so 7.0-3.01 64bit (built 09:24:13, Dec  9 2008)We have created a certificate database and generated a certificate request, as follows:
    msgcert generate-certDB
    msgcert request-cert --name mail.domain.xxx  --org "University of XXX" --org-unit ITS --city XXX  --state "XXX" --country GB -F ascii -o /tmp/ssl.csrHowever, when we come to import the CA-supplied certificate we get the following error.
    msgcert add-cert Server-Cert /tmp/mail1.crt
    Enter the certificate database password:
    Unable to find private key for this certificate.
    Failed to add the certificate.I'm confused. What does the msgcert request-cert command use as a private key when generating the certificate request? Should I have used openssl to generate the certificate request with a known private key?
    Thanks
    Alan

    I solved the problem by converting certificate to pkcs#12 format and importing it.
    openssl pkcs12 -export -in cert.pem -inkey private.key -out cert.pkcs12 -name Server-Cert
    /opt/sun/comms/messaging64/bin/msgcert add-cert Server-Cert cert.pkcs12Alan

  • Updation of Organizational name changes in Business Partner

    Hi group,
    I need one clarification from anyone of you.It is regarding the updation of the Organizational changes made in "maintain Organization" (PPOMA_CRM) transaction (in Basic Data tab)in Business Partner (BP) transaction.
    For some organizations, it is working fine but for smoothers it is not.I have tried that both in Quality and Production systems. Actually I have to update this in Production system.
    I could not get why it happening so??
    I came to know that it is an SAP bug..
    Has anyone of you ever encountered this problem??
    If So, could you please suggest me something about this??
    Thanks in advance..
    You can mail me to [email protected]
    Regards,
    //Kishore..

    Hi Kishore,
    Changes are only possible from PPOMA_ORG and BP gets automatically data, in fact it is not possible to edit the partner in /nBP. Not sure if an execution of program HRBCI_ATTRIBUTES_BUFFER_UPDATE is required after changing basic data, but try this too. Also check if all steps from note 550055 are done.
    Regards, Patricia

  • Communicator is looking to incorrect exchange server for security certificate

    We are running Exchange 2010 and retiring a 2007 Exchange server. They are both still on our network but all mail routes through the 2010 server. The ssl certificate on our 2007 server expired today and Communicator is coming up with a warning when launched
    warning that the 2007's cert expired. How do I get communicator to use the 2010 certificate instead? 

    Where do your Exchange autodiscover records point?  Are all users on Exchange 2010?
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Use an existing certificate (we already own) on a Exchange server

    This has to do with certificates and email - so I'm uncertain whether it should go in the security section (here) or in one ofthe Exchange forums... (?)
    Anyway, here we go...
    Usually I create a certificate request for the Exchange server on the Exchange server itself, submit the request and when the certificate is available, install the certificate and enable it.
    What if an organization already has a wildcard certificate for its web servers...
    What obstacles would prevent it from being used on an Exchange server?
    The certificate is for "server authentication" - but probably not email (I know there are different certificate "types", "roles" or "templates" that may come into play here).
    I was not involved in the purchase of the certificate, so I'm not sure if there is a maximum number of servers on which it can be used, or other legal considerations. That is something that must be taken into account all the same.
    But from a technical standpoint, what would prevent a certificate (that can be exported, says the team involved in its acquisition) from being exported and imported to the Exchange server?
    Getting a certificate specifically for the Exchange server might make more sense (I'm certainaly more familiar with that option) but would the situation above even be feasible?
    One last note: there might be a migration to Exchange Online in the future.
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    On Thu, 27 Mar 2014 16:30:40 +0000, David M (LePivert) wrote:
    What if an organization already has a wildcard certificate for its web servers...
    What obstacles would prevent it from being used on an Exchange server?
    After reading your post, one of the Exchange forums would be a better place
    to post it.
    Thanks.
    Paul Adare - FIM CM MVP
    Systems programmers are the high priests of a low cult. - R. S. Barton

  • Windows Server 2008 R2 Standard "Certificate Authority Service" / Exchange Server 2010 EMC not starting and no AD connectivity for authentication.

    Hello,
    I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
    Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
    Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
    * Note. No back ups to work with aside from whats mentioned below.
    DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up. 
    The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
    "No Exchange servers are available in any Active Directory sites. You can’t connect to remote
    Powershell on a computer that only has the Management Tools role installed."
    Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc  per instructions only to discover I couldnt relaunch it because there was
    no way how. So I copied another msc file that happened to be on the DC Server 1  back to Exchange Server 2 and got it to launch again. 
    Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
    it is using the Certificate Authority Service.
    I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
    "The Trust Relationship between this workstation and primary domain failed."
    I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
    I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started. 
    I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
    https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
    and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
    Marty

    I recommend that you open a ticket with Microsoft Support before you break things more.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • Outlook no resolving Exchange Server name , resolving another name like SID Object

    Hello All ,
    I Have Exchange 2013 installed on windows server 2012 , Outlook no resolving Exchange Server name , resolving another name like SID Object . Please see the attached file below .
    how can fix the issue ?
    Thank you

    Hi,
    Please run following command to verify whether the Outlook resolved the correct Exchange Server GUID:
    Get-Mailbox MailboxName | FL name, ExchangeGUID
    Following Screenshot is the test result in my lab, for your reference:
    If we get the correct GUID, it means we have already connected to Exchange Server successfully.
    The GUID format for the server name in Exchange 2013 is an expected behavior.
    Found a similar thread for your reference:
    Outlook is not resolving CAS server Name
    http://social.technet.microsoft.com/Forums/exchange/en-US/5868d45a-ee93-4c55-927b-4dd2b9eaeec5/outlook-is-not-resolving-cas-server-name?forum=exchange2010
    Hope it is helpful
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • The following error occured when searching for on-premises exchange server

    I look after a company where I installed a new DELL server last year, The server is running Windows Small Business Server 2011 which we installed. Exchange 2010 was installed as part of the Windows Small Business Server 2011 installation. At the time we
    did not configure Exchange because they use external POP accounts for email. Eventually they wanted to move over to Exchange
    When we created the user accounts using Windows SBS Console, it created a local mailbox for each user
    No problems - [email protected]
    Since late last year every time I create a new user within SBS Console, it errors creating the mailbox
    Add a user account and assign a user role
    Getting "Unexpected error occurred" when Setting up an e-mail account for user
    Looking at the error "Unexpected error occurred" & MessagingManagement "Unexpected error occured"
    The user account is created ok just no e-mail address is created for the user
    I never thought much about this at the time as we weren't using Exchange email accounts. I decided to have a look at this issue over weekend
    When I try to open Microsoft Exchange Management Console I'm getting "Initialization failed"
    The following error occurred when searching for the On-Premises Exchange server
    When I try to open Microsoft Exchange Management Shell, I get a similar error
    I've download & run EMTShooter which just identifies there is an error & gives me the same error
    I've installed & re-installed WinRM IIS Extensions
    I've checked all the settings in IIS, Default Web Site, PowerShell, Modules & Paths...
    Still cannot connect to Exchange
    I've trawled through the internet for two days checking & testing every solution but no luck
    I've checked every setting against another Windows SBS 2011 Server we've installed & works
    I cannot find a difference
    Can someone help me or point me in the right direction?
    Peter Ralphs

    Thanks for the reply Cara
    Here's the original error I was getting when opening Exchange Management Console
    Initialization failed
    The following error ocurred while searching for the on-premises Exchange server:
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.
    For more information, see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.1 (Build 218.15)
    I got similar error when trying to access the Exchange Management Shell
    VERBOSE: Connecting to SERVER.myd.local
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.
    For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [],                          
    PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionOpenFailed
    When I opened the Exchange Management Console this week, the error had changed slightly
    Initialization failed
    The following error ocurred while searching for the on-premises Exchange server:
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information,
    see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.1 (Build 218.15)
    I could only run Exbpa from a command prompt (obviously no access from Exchange Management Console)
    This is the result of the Health Check Scan
    Organization: First Organization
    Default Global Address List Changed
    The 'msExchQueryFilter' attribute of the default Global Address List 'Default Global Address List' has been changed. Default: '(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass
    -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass - eq 'publicFolder'))'. Current: '((Alias -ne $null) -and (((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact') -or (ObjectClass -eq 'msExchSystemMailbox') -or (ObjectClass
    -eq 'msExchDynamicDistributionList') -or (ObjectClass -eq 'group') -or (ObjectClass -eq 'publicFolder'))))'.
    Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)
    The default public folder database is remote
    The default public folder database for mailbox database 'Mailbox Database' on server SERVER isn't local. Public folder database: CN=Public Folder Database 1529293969,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
    Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myd,DC=local.
    Server: SERVER
    Disk timeout changed
    Disk timeout on server SERVER.myd.local is not set at the default of 10 seconds. This is normal if third-party storage software is installed. Current timeout value is 160 seconds.
    Client RPC binding found
    The 'Rpc_Binding_Order' is set on server SERVER.myd.local. It is possible that either the Exchange or Outlook client is installed on the server. Current registry value: ncalrpc,ncacn_ip_tcp.
    One thing I've noticed from the start is that the error occurs when it is "searching" for the Exchange Server, it then goes on to name the server [server.myd.local] it knows it's there but cannot access it ?
    Another thing I've noticed is that it always refers to the "remote server" this server is Windows SBS 2011, it's the Domain Controller, DHCP Server, DNS Server & Exchange Server all in the same box
    I also noticed that the Health Check stated that "The default public folder database is remote"
    Has this something to do with it ?
    Regards
    Peter

  • The following error occured while searching for on-premises exchange server

    I've previously posted this under the Exchange Forums - Exchange Server 2010
    I look after a company where I installed a new DELL server last year, The server is running Windows Small Business Server 2011 which we installed. Exchange 2010 was installed as part of the Windows Small Business Server 2011 installation. At the time we
    did not configure Exchange because they use external POP accounts for email. Eventually they wanted to move over to Exchange
    When we created the user accounts using Windows SBS Console, it created a local mailbox for each user
    No problems - [email protected]
    Since late last year every time I create a new user within SBS Console, it errors creating the mailbox
    Add a user account and assign a user role
    Getting "Unexpected error occurred" when Setting up an e-mail account for user
    Looking at the error "Unexpected error occurred" & MessagingManagement "Unexpected error occured"
    The user account is created ok just no e-mail address is created for the user
    I never thought much about this at the time as we weren't using Exchange email accounts. I decided to have a look at this issue over weekend
    When I try to open Microsoft Exchange Management Console I'm getting "Initialization failed"
    The following error occurred when searching for the On-Premises Exchange server
    When I try to open Microsoft Exchange Management Shell, I get a similar error
    I've download & run EMTShooter which just identifies there is an error & gives me the same error
    I've installed & re-installed WinRM IIS Extensions
    I've checked all the settings in IIS, Default Web Site, PowerShell, Modules & Paths...
    Still cannot connect to Exchange
    I've trawled through the internet for two days checking & testing every solution but no luck
    I've checked every setting against another Windows SBS 2011 Server we've installed & works
    I cannot find a difference
    Can someone help me or point me in the right direction?
    Peter Ralphs

    Thanks for the reply Larry
    I've added more detail about the error, this server is exactly how I initially installed it. This was a clean install not a migration so Exchange was a new installation. I have not applied any service packs as I did not want to confuse matters
    or compound the issue. I was wondering whether to install Server 2008 Service Pack 1 & the Exchange Service Packs. I will check the event logs & report back with what I find.
    Here's the original error I was getting when opening Exchange Management Console
    Initialization failed
    The following error ocurred while searching for the on-premises Exchange server:
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.
    For more information, see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.1 (Build 218.15)
    I got similar error when trying to access the Exchange Management Shell
    VERBOSE: Connecting to SERVER.myd.local
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.
    For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [],                          
    PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionOpenFailed
    When I opened the Exchange Management Console this week, the error had changed slightly
    Initialization failed
    The following error ocurred while searching for the on-premises Exchange server:
    [server.myd.local] Connecting to remote server failed with the following error message : The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information,
    see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion 'Version 14.1 (Build 218.15)
    I could only run Exbpa from a command prompt (obviously no access from Exchange Management Console)
    This is the result of the Health Check Scan
    Organization: First Organization
    Default Global Address List Changed
    The 'msExchQueryFilter' attribute of the default Global Address List 'Default Global Address List' has been changed. Default: '(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass
    -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass - eq 'publicFolder'))'. Current: '((Alias -ne $null) -and (((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact') -or (ObjectClass -eq 'msExchSystemMailbox') -or (ObjectClass
    -eq 'msExchDynamicDistributionList') -or (ObjectClass -eq 'group') -or (ObjectClass -eq 'publicFolder'))))'.
    Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)
    The default public folder database is remote
    The default public folder database for mailbox database 'Mailbox Database' on server SERVER isn't local. Public folder database: CN=Public Folder Database 1529293969,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
    Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myd,DC=local.
    Server: SERVER
    Disk timeout changed
    Disk timeout on server SERVER.myd.local is not set at the default of 10 seconds. This is normal if third-party storage software is installed. Current timeout value is 160 seconds.
    Client RPC binding found
    The 'Rpc_Binding_Order' is set on server SERVER.myd.local. It is possible that either the Exchange or Outlook client is installed on the server. Current registry value: ncalrpc,ncacn_ip_tcp.
    One thing I've noticed from the start is that the error occurs when it is "searching" for the Exchange Server, it then goes on to name the server [server.myd.local] it knows it's there but cannot access it ?
    Another thing I've noticed is that it always refers to the "remote server" this server is Windows SBS 2011, it's the Domain Controller, DHCP Server, DNS Server & Exchange Server all in the same box
    I also noticed that the Health Check stated that "The default public folder database is remote"
    Has this something to do with it ?
    Regards
    Peter

  • Configuring SSL certificates on ALBPM Studio

    Hi,
    I am invoking a web service which is deployed on a web logic server which is a secure server and needs SSL certificates to communicate. I have the certificates but don’t know how to configure it to my ALBPM Studio.
    Can I configure those to studio or do I need to deploy my code on the Enterprise edition installed on application server having these SSL certificates? But in that case I would land up investing so much time in deploying the code on server after even a small change. Since I don’t have those certificates configured to my studio it is not allowing me to catalog the service in my project and throwing Introspection error. The details of the error are mentioned below:
    +[Error] Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..+
    +[Error] Instrospection exception: Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target...+
    Can anyone throw any pointers on this type of error
    Thanks,
    Akshay

    In order to communicate with SSL secured webservices (those with WSDL end point starting as https:// you need to have certificates from these servers.
    For BPM Standalone these are the steps
    1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
    2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
    3. Run the following command at a command prompt:
    C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
    4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
    5. You will then get the following message if all is successful - "Certificate was added to keystore".
    6. Restart Tomcat (inbuilt server in BPM Studio).
    This should solve your problem.
    Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
    http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File
    Arvind
    Visit my blog at http://soa-bam-bi.blogspot.com/ for more tips on BPM & SOA

  • What is my exchange server address?

    This is absolutely killing me. I successfully set up my exchange account on my iphone 3g before - but then i dropped it in water, had to get a new one and now i don't know how i set it up.
    i have owa access with https://server2.southeast.net/owa
    my username is shea
    i don't use a domain when i sign in, but in case it is southeast.
    i type in all my info, and when it asks for server, no matter what i type in always says exchange account verification failed.
    please help! btw, i'm using exchange 2007.

    Read this and post back if you have trouble.
    http://www.techsack.com/2008/08/19/getting-your-iphone-to-work-with-exchange-act ive-sync-ssl-certificate/

  • HTTPS SSL Certificate Signed using Weak Hashing Algorithm

    I am support one client for,  whom falls under Security  scans mandatory for new implementation of ASA 5520 device .  The client uses Nessus Scan and  the test results are attached
    The Nessus scanner hit on 1 Medium vulnerabilities, Could you pls review the statement and provide work around for the same.
    Nessus Scanner reports
    Medium Severity Vulnerability
    Port : https (443/tcp)
    Issue:
    SSL Certificate Signed using Weak Hashing  Algorithm
    Synopsis :
    The SSL certificate has been signed using  a weak hash algorithm.
    Description :
    The remote service uses an  SSL certificate that has been signed using
    a cryptographically weak hashing  algorithm - MD2, MD4, or MD5. These
    signature algorithms are known to be  vulnerable to collision attacks.
    In theory, a determined attacker may be  able to leverage this weakness
    to generate another certificate with the same  digital signature, which
    could allow him to masquerade as the affected  service.
    See also :
    http://tools.ietf.org/html/rfc3279
    http://www.phreedom.org/research/rogue-ca/
    http://www.microsoft.com/technet/security/advisory/961509.mspx
    http://www.kb.cert.org/vuls/id/836068
    Solution :
    Contact the Certificate Authority to have the certificate  reissued.
    Plugin Output :
    Here is the service's SSL certificate  :
    Subject Name:
    Common Name: xxxxxxxxxx
    Issuer Name:
    Common Name: xxxxxxxxxx
    Serial Number: D8 2E 56 4E
    Version: 3
    Signature Algorithm: MD5 With RSA  Encryption
    Not Valid Before: Aug 25 11:15:36 2011 GMT
    Not Valid After:  Aug 22 11:15:36 2021 GMT
    Public Key Info:
    Algorithm: RSA  Encryption
    Public Key: 00 AA AB 57 9C 74 FF E9 FB 68 E1 BF 69 90 8E D2 65 7F  DF 40
    D6 F6 29 E7 35 5E 16 FB 76 AA 03 3F 47 07 5A D0 6D 07 E0 EC
    06 7E  D4 9A 43 C6 B3 A6 93 B7 76 CC 58 31 25 36 98 04 30 E6
    77 56 D7 C3 EE EF 7A  79 21 5E A0 78 9B F6 1B C5 E6 2A 10 B5
    CB 90 3D 6D 7C A0 8D B1 B8 76 61 7F  E2 D1 00 45 E2 A1 C7 9F
    57 00 37 60 27 E1 56 2A 83 F5 0E 48 36 CC 61 85 59  54 0C CB
    78 82 FB 50 17 CB 7D CD 15
    Exponent: 01 00 01
    Signature: 00 24 51 24 25 47 62 30 73 95 37 C4 71 7E BD E4 95 68 76 35
    2E AF 2B 4A 23 EE 15 AF E9 09 93 3F 02 BB F8 45 00 A1 12 A9
    F7 5A 0C E8  4D DB AE 92 70 E4 4C 24 10 58 6B A9 87 E1 F0 12
    AE 12 18 E8 AB DF B9 02 F7  DA BE 3C 45 02 C4 1E 81 44 C2 74
    25 A2 81 E7 D6 38 ED B9 66 4C 4A 17 AC E3  05 1A 01 14 88 23
    E8 9F 3B 5C C5 B8 13 97 27 17 C3 02 5F 6E 7C DB 4C D3 65  B5
    C5 FC 94 62 59 04 E7 7E FB
    CVE :
    CVE-2004-2761
    BID :
    BID 11849
    BID  33065
    Other References :
    OSVDB:45106
    OSVDB:45108
    OSVDB:45127
    CWE:310
    Nessus Plugin ID  :
    35291
    VulnDB ID:
    69469
    and try with configure the ssl encryption method with " ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5" but it throws the same issue.
    Here is ASA log
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725007: SSL session with client production:xxxxxxxx/2586 terminated.
    6|Oct 19 2011 01:59:34|302014: Teardown TCP connection 3201 for production:xxxxxxx/2586 to identity:xxxxxx/443 duration 0:00:00 bytes 758 TCP Reset-I
    6|Oct 19 2011 01:59:34|302013: Built inbound TCP connection 3202 for production:xxxxxxxxxxx/2587 (xxxxxxxxx/2587) to identity:xxxxxx/443 (xxxxxxx/443)
    6|Oct 19 2011 01:59:34|725001: Starting SSL handshake with client production:xxxxxxxxxxx/2587 for TLSv1 session.
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxxxx/2587
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2587
    H

    Hi Ramkumar,
    The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
    If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
    If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
    The links you posted have more information on this as well. Hope that helps.
    -Mike

Maybe you are looking for

  • Replacing a hard disk: will any drive work?

    The 60GB internal hard disk on my 12" PowerBook G4 no longer works reliably. I know this because I can install OS X on my external Maxtor hard drive and boot up with no problem through firewire, but not with the internal one. I want to replace the in

  • CUCM 10.x Demo licenses

    Hello, it may be bug or something like that, but the fact is that when I try to get demo licenses for CUCM 10.0 via cisco.com/go/license and choose licenses for 10.x I get licenses for 9.x versions. Where can I get demo licenses for CUCM 10.x or may

  • Open in safari activity missing

    After upgrading to iOS 8.3 the "Open in Safari" activity is missing from the share sheet and is not available in the "more" list on my iPad mini. (It is still available on my iPhone 5s.) Is there a way to restore the "Open in Safari options?

  • STMS Import Queue Problem

    Hi All, I need to import an externall request in to my environment. The problem occur when I following steps: 1) Logon in Dev environment 2) Trx. STMS 3) Import Overview 4) Select Dev Queue 5) Extras->Other Requests->Add The Add option Menu is disabl

  • Transfer documents from on-premise SP 13 to online office 365

    My company has been testing the waters in on-premise SP 2013 and recently thought about saving some money and putting moving over to Office 365.  Our concern is the ease of transferring all documents (1000+), especially nested folders, from on-premis