Force Windows to use a specific certificate instead of another (802.1x)

Similar Messages

• SRW2024 - Forcing clients to use a specific IP address (based on port)

  With the SRW2024 managed switch, is it possible to force a client computer connected to a port to use a specific IP address (for example 192.168.1.30) and if the client tries to configure any other address which is not 192.168.1.30, the traffic is dropped and they essentially cannot access any LAN or internet resources? 
  Basically what I would like to do is associate an IP address with every port on the switch.  It sounds like this would be possible using the IP based access control feature, however I wanted to confirm. 
  Thank You
  Message Edited by RedWarrior on 12-05-2008 11:49 AM

  Well, I have contacted three different stores asking which hardware version they have in stock, (even providing instructions on how they can check)... Two of the three stores said they didn’t know what I was talking about and couldn’t check it for me, and the third one actually told me to contact Linksys and ask them... as if Linksys is supposed to know which hardware version their store carries!
  So I guess I will have to ask once more if anyone here knows how long hardware version 1.2 (for srw2024) has been out?

• How to force dg4msql to use a specific port

  I've configured an Oracle Database Gateway (Linux RHEL 5) to connect to my SQL Server boxes, but have a host based firewall (on the Linux box) in between them. Sniffing shows that the communication to port 1433 comes from a range of port numbers on the Linux box. Is there a way to force 'dg4msql' to only use a specific port?
  Removing the host based firewall is not an option, nor is opening up total communication between the two machines. Hopefully 'dg4msql' can be configured to use a specific port.

  Hi,
  It isn't possible to configure the gateway to onlyuse specific ports.
  This is not just a gateway issue but the way that SQL*Net works and you should see the same problem connecting from one Oracle database to another through a firewall.
  The only workround is to use a firewall which is SQL*Net compliant or a firewall which will limit the number of ports to a certain application.
  You could also review this note -
  Oracle and Firewalls: Answers to Frequently Asked Questions (Doc ID 2084440.6)
  Regards,
  Mike
  Edited by: mkirtley on Mar 2, 2010 8:45 AM

• Force window applications

  Hi all,
    I need any application where force window is used.
  I am doing project on labview, so for some part of the project i need any vi (application vi) where force window is used.

  Hello sir,
    force window is there in signal processing tool box- Windows- Force.
  I need any application where this window is used.
  for example please find the attachment, here they have used many windows like hamming, hanning and welch etc.
  i need application where only force or welch window is used.
  Attachments:
  examplewelch.vi ‏40 KB
  example.jpg ‏2305 KB

• When I import photos taken from my Windows PC using a flash drive, the photos in iPhoto are dated as the date last modified on PC instead of date picture taken.

  When I import photos to my iMac, taken from my Windows PC using a flash drive, the photos in iPhoto are dated as the date last modified on PC instead of date picture taken.

  Then you need to ask a PC forum how to export the photos there to include the Metadata (specifically the EXIF data)
  If there is valid EXIF data iPhoto uses it (the EXIF data is originally added to the photo by the digital camera) and if there is no EXIF data then the only inofrmaiton IPhoto have available is the file metadata and that is what is used
  You can correct the dates in iPhoto using the batch change data/time command
  LN

• How can I get a pdf. to open in Safari, all i'm getting is a new window with a black, blank page, instead of the pdf., and I don't want to save the file to the desktop, Safari didn't use to do that, and I don't have Adobe in the internet plug in folder.

  How can I get a pdf. to open in Safari, all i'm getting is a new window with a black, blank page, instead of the pdf., and I don't want to save the file to the desktop, Safari didn't use to do that, and I don't have Adobe in the internet plug in folder.

  Hi
  Please take a look to this thread Re: Can I refresh the browser rather than open a new tab?

• How can I purchase and download the standalone LR6 here at Hong Kong?  There's no such option for me instead of forcing me to use the CC!

  How can I purchase and download the standalone LR6 here at Hong Kong?  There's no such option for me instead of forcing me to use the CC!

  Try this link:
  http://www.adobe.com/products/catalog.html
  Otherwise I suggest you contact your local office for help:
  Hong Kong office
  Suite 4102, 41/F
  The Lee Gardens
  33 Hysan Avenue
  Causeway Bay
  Hong Kong
  Tel: +852 2916 2100
  Fax: +852 2970 2277

• Force iView to open in a new window when using NavigationTarget

  Scenario - Portal Version 6.0 - NW2004  SP16 - WAS 6.40
  A Custom iView is used to gain access to an application running outside of the portal.  The user's credentails to the target application are recorded in the portal's UME via user mapping.  
  I want a user to be able to click a hyperlink to this iView that has been embedded in an email, and have the user gain access to the target application by 'going via the portal'.  The url that I use is of the form:
  http //<my_portal_server>/irj/portal?NavigationTarget=navurl://49a8add355f836061e6279f389cdc72e&open=/page&id=100&proc=10067&flag=1
  This is working, the user is first taken to the portal's login page, and upon successful login to the SAP portal, user is then directed to the target iView, and is logged in automatically to the target application, and able to use the target application.
  >BUT EVEN though the iveiw is configured to open in a new window it does not. It always opens in the main content area, and it always opens in this area in a height of about 40 pixels.  The iView properties are set to FULLPAGE.
  >If I invoke this iView using the portal's standard built in navigation, it does open in a new window
  >It just won't open in a new window when using direct URL to the iView WHY?
  How can I get the target iView to open in a new window under all circumstances?
  Do I need to pass more information in the URL?
  Are there a standard list of URL parameters somewhere that influence the behaviour of the NavigationTarget?  I have seen reference to 'context', 'mode' etc but can't find a list of valid parameters?

  Hello justaquestion1112,
  Thank you for your post.
  You should know that these forums are specific to the
  Acrobat.com website and its set of hosted services, and do
  not cover the Acrobat family of desktop products.
  Please visit the following Acrobat forums for any questions
  related to the Acrobat family of desktop products:
  http://www.adobeforums.com/cgi-bin/webx/.3bbeda8b/
  Cheers,
  Pete

• Go Daddy UCC Certificate: "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update"

  Hello,
  I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
  by Microsoft Remote Connectivity Analyzer:
  "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
  Note: even if I got the error, Outlook Anywhere and
  ActiveSync services work fine.
  Environment:
  - Exchange 2007 with SP3
  - Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
  I already read and followed instructions on this TechNet post
  Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
  So after an investigation I understand the issue above is related to SSL certificate
  Certification Path (see screenshots below).
  NO ERRORS on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
  repository
  Starfield Technologies (http://www.valicert.com)
  is under Trusted Root Certification Authorities repository
  ERROR on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
  repository
  Can you add some useful information ?
  I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
  Regards,
  Luca Fabbri
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

  Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
  goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
  You can get rid of it
  https://certs.godaddy.com/anonymous/repository.seam
  Download the cert
  ◦gd_cross_intermediate.crt
  Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
  Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
  James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

• Can you force a Oracle Update Statement to use a specific database thread?

  We are attempting to write a Oracle Update Statement to update a value on all records in a single column. We are updating a column with a value found in a history table. Simple enough. We do it all the time. It works but we are having contention issue with users on the system using the main database threads and updating the same table at the same time. So what is happening is the update uses up all the available database threads and then the users just get timeouts and can't update. What we are trying to determine is can I write it to force the update statement to use a specific thread on the database when it is running?
  Here is the current update statement
  UPDATE
  TASK_DATA TSK
  SET
  dttSTATUS_WORK_IN_PROGRESS_TIM =
  SELECT
  HIS.T5
  FROM
  H2839 HIS
  WHERE
  TSK.REQUEST_ID = HIS.ENTRYID
  AND
  HIS.T5 IS NOT NULL
  AND
  TSK.dttSTATUS_WORK_IN_PROGRESS_TIM IS NULL
  Edited by: user11307503 on Oct 21, 2009 3:47 PM

  the update uses up all the available database threads and then the users just get timeouts and can't updateI'm not convinced that you're got a clear picture of how Oracle works and what is going on here.
  You're updating TASK_DATA, the whole table.
  Writers don't block readers - that's a key principle of Oracle.
  But if all the other users are trying to update a row or rows in TASK_DATA at the same time as your other process is updating all rows in the table, then there's going to be contention.
  This is not about "using up all available database threads" - that's nonsense.
  This is (probably) about sessions trying to update rows that your other process has locked.
  1. Get a clear picture of what the sessions are waiting on - it's probably TX locks.
  2. How many rows are you updating with this update on TASK_DATA?
  3. How long does it take? How often do you do it? Is there no quieter time when you can do it?

• Certify a Document using a Windows Digital ID in the Certificate Store

  How does one reference or use an installed certificate (*.pfx) in the Windows Certificate Store rather than using a certificate on a hard drive?
  Control Panel -> Internet Properties -> Content (tab) -> Certificates -> Trusted Root Certification Authorities
  Acrobat -> Menu Bar -> Advanced -> Security Settings... -> Digital IDs -> Windows Digital IDs
  Snippit:
  var myEngine = security.getHandler("Adobe.PPKLite");
  myEngine.login("PassWord", "/C/MyCert.pfx"); // use certificate in teh store, no on the drive
  if (typeof strVersion == "undefined") var strVersion = "1.0.2";                   // 2011.08.01
  if (typeof cerSolomon == "undefined") var cerSolomon = {};
      cerS.sigUserPwd = "";
      cerS.sigDigitalIDPath = "/C/RoggeHeflin.pfx";
      cerS.sigFieldname = "Signature";
      cerS.sigReason = "This document has been digitally signed by MyCompany.";
      cerS.sigLegal = "© 2011 MyCompany.";
      cerS.sigLocation = "Dallas, Texas, USA";
      cerSsigContactInfo = "www.MyCompany.com";
      cerS.MPDValue = "allowNone";
      cerS.sigHandlerName = "Adobe.PPKLite";
      cerS.TimeStamp = "http://tsa.starfieldtech.com/";
  function CertifyDocument()
      if (typeof curDoc == "undefined") var curDoc = this;
      if (typeof sigField == "undefined") var sigField = curDoc.addField(cerS.sigFieldname, "signature", 0, [0, 0, 0, 0]);
      CertifyDoc(sigField, cerS);
  // Trusted Functions
  if (typeof CertifyDoc == "undefined")
  var CertifyDoc = app.trustedFunction(function (SignatureField, CertificateInfo)
          app.beginPriv();
          var myEngine = security.getHandler(CertificateInfo.sigHandlerName);
          myEngine.login(CertificateInfo.sigUserPwd, CertificateInfo.sigDigitalIDPath);
          SignatureField.signatureSign(
                  oSig: myEngine,
                  bUI: 1,
                  cLegalAttest: CertificateInfo.sigLegal,
                  oInfo: {
                      password: CertificateInfo.sigUserPwd,
                      reason: CertificateInfo.sigReason,
                      location: CertificateInfo.sigLocation,
                      contactInfo: CertificateInfo.sigContactInfo,
                      timeStamp: CertificateInfo.TimeStamp,
                      mdp: CertificateInfo.MPDValue
          app.endPriv();

  the following is returned in the JS debugger:
  [ Creation of this signature could not be completed. ] -> [ You have not selected a valid digital ID. Try again. ]
  Here is my code... I think LoginParams needs to be adjusted to use an already-logged-into digital id.  When the PW and fulle root (\c\roggeheflind(sa).pfx) is supplied then the certification/encryptions works... the two requirements I have are 1) avoid have the PW in code, 2) not entering the PW each time (this is part of a batch sequence)
      var myEngine = security.getHandler(CertificateInfo.sigHandlerName);
  //    var policyOptions = {
  //        cHandler: security.PPKLiteHandler,
  //        cTarget: "RoggeHeflin(SA).pfx"
  //    var policyArray = security.getSecurityPolicies(
  //            oOptions: policyOptions
  //    var LoginParams = {
  //        oEndUserSignCert: policyArray
      var LoginParams = {
          cDIPath: CertificateInfo.sigDigitalIDPath,
          cPassword: CertificateInfo.sigUserPwd
      // Login into the security hander (*.pfx file)
      myEngine.login(
              oParams: LoginParams,
              bUI: 0
      // Set the properties for the signature
      var SignatureInfo = {
          reason: CertificateInfo.sigReason,
          location: CertificateInfo.sigLocation,
          contactInfo: CertificateInfo.sigContactInfo,
          timeStamp: CertificateInfo.TimeStamp,
          mdp: CertificateInfo.MPDValue,
          digestMethod: CertificateInfo.Hash
      // Certify and save the document
      SignatureField.signatureSign(
              oSig: myEngine,
              bUI: 0,
              cLegalAttest: CertificateInfo.sigLegal,
              oInfo: SignatureInfo

• Need to use a specific windows keyboard shortcut on Mac

  I need to use a specific keyboard shortcut for a program that I am running (via Parallels) but the same keyboard shortcut is used in OS X to take a screen shot of a window via dashboard, which takes precedence over the command I am attempting to use.
  The keyboard shortcut in "Windows-Speak" is Shift-Ctrl-W.  What are my options here? Can I deactivate that shortcut in OS X?

  CrossOver is a program that lets you run some Windows software withhout installing Windows. The emphasis is on some. At their website Crossover rates the supported software on a scale from Bronze to Gold - if the program you need to run is supported at the Gold standard you will probably be okay. Silver and Bronze ratings means the rated Windows software will run but with glitches or even missing functionality. (Silver being better support than Bronze, obviously.)
  Virtualization solutions such as VirtualBox (or the more capable and feature laden Parallels Desktop and VMWare Fusion) let you install another operating system (and software) to use at the same time as you use your Mac software. It is a nifty solution and while virtualization isn't quite as fast as running an OS totally native (BootCamp) the speed hit isn't all that significant and affects graphics rendering more than anything else.
  I'm an IT instructor and software trainer and about 80% of this work involves Windows software. I do it using a Mac computer running Windows in Parallels Desktop. If it weren't for the Apple logo on my notebook no one would know I'm using a Mac - and the notebook in virtualization feels faster than the cheap Dell computers we use.

• How to erase all self signed certificates and force Server to use Signed SSL

  I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
  I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
  Can I replace those self-signed certs with the new one some how?

  Don't delete those.  However, you are on the right track.  Follow these steps to resolve.
  1:  Launch Keychain Access
  2:  Select the System Keychain
  3:  Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
  4:  In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
  5:  Press Save Changes to save.
  6:  Reboot the server or kill the servermgrd process to restart the service.
  That should resolve your issue.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

• Window.open() will open separated windows even using the same window name?

  Hi, I have below two test html pages as below(could not find a way to insert a attachment, so paste the content below). The reproduce step is as below: (My environment is Win8.1 with IE11)
  1. Open print_test.html page in IE, here we call page1.
  2. Click "File -> New Session" menu from IE menu bar, which will open another new IE window which display another " print_test.html" page, here we call page 2.
  3. Click "Print" hyper-link in page1, and a popup window which display "print_test_open.html" page, counting begins from 1, here we call it page 3.
  4. Click "Print" hyper-link in page2, and another popup window which display "print_test_open.html" page, counting begins from 1, here we call it page 4.
  However, the behavior above is totally different on my Win7 (64 bit) with IE 10, which is in step 4, when I click "Print" hyper-link in page2, instead of open a new popup window, the window for page 3 will be reused and counting will restart from
  1.
  I googled and know from MDN for window.open() and get below information to indicate that in my test pages, I use the same window name, so that the existed window with the same name will be reused is as expected, but however, why IE behave differently in
  Win8.1 with IE 11? Why the existed window could not be reused anymore?
  If a window with the name strWindowName already exists, then, instead of opening a new window, strUrl is loaded into the existing window. In this case the return value of the method is the existing window.
  The behavior in Win8.1 + IE 11 is similar with what Google Chrome does, and Chrome's explanation is that two separated window using separated processes which do no share information, so that even using the same window name. twp separated windows will
  popup.. So I am confused here, IE 10 and IE 11 are both using multi-process mechanism right? I saw from the Windows Task Manager, when using "File -> New Session" to open another print_test.html page in step 2. both IE 10 and IE 11 are opening
  4 iexplore.exe processes, two of them are 64 bit, and two of them are 32 bit. I can't see any configuration difference between these two envs, but why the behavior is so different? 
  Could anyone give some help and clarify here? Great thanks in advance.
  Oh, btw, another colleague can reproduce the issue (open separated windows even using the same window name) in his Win7 64 bit with IE 10 env, but could not reproduce in his Win 32 bit with IE 10 env... Hope this information could also do help.
  ======================== Test pages ===============================
  (1) print_test.html
  <!DOCTYPE html>
  <html>
  <head>
  <title>Print test</title>
  <head>
  <body>
  <h1>Print test</h1>
  <p><a href="javascript:void(0)" onclick='window.open("print_test_open.html", "test");'>Print</a></p>
  <p><a href="javascript:void(0)" onclick='window.open("print_test_open.html", "test"); myWindow.location.reload(true);'>Print (force refresh)</a></p>
  </body>
  </html>
  (2) print_test_open.html
  <!DOCTYPE html>
  <html>
  <head>
  <title>Open</title>
  <head>
  <body>
  <h1>
  <div id="count">Test</div>
  </h1>
  <p>Test</p>
  <script type="text/javascript">
  var e = document.getElementById("count");
  sessionStorage['count'] = 0;
  function timedCount() {
      i = sessionStorage['count'];
      i++;
      sessionStorage['count'] = i;
      e.innerHTML = "Count: " + i;
      setTimeout(function(){timedCount()},100);
  timedCount();
  </script>
  </body>
  </html>

  Hi,
  please try in noAddons mode and with the IE Popup blocker turned off. Also ensure you are using the default IE Security zone settings. Internet Options>Security tab, click "Reset all zones to default"
  To debug your scripts in IE11.
  Tools>Internet Options>Advanced tab, check "Always record developer console messages".
  start your test and display the developer tool console to display suppressed errors and warnings.
  (I don't see where myWindow is assigned).
  "If a window with the name strWindowName already exists, then, instead of opening a new window, strUrl is loaded into the existing window. In this case the return value of the method is the existing window."
  window.open has an optional 'replace' parameter...
  http://msdn.microsoft.com/en-us/library/ie/ms536651(v=vs.85).aspx
  to reuses a tab or window
  window.open({url},[name],[placement],[replace])
  If possible can you please provide a publicly accessible link to your test pages as we need to inspect the response headers to monitor what is cached.
  or
  f12>Networking tab, click 'Start' button, then proceed with your test plan.
  Regards.
  Rob^_^

• Every time I try to open a new web page a window pops up saying the certificate for the page is invalid?? It won't let me on my emails or Facebook

  Every time I try to open a new web page a window pops up saying the certificate for the page is invalid?? It won't let me on my emails or Facebook

  This could be a complicated problem to solve, as there are several possible causes for it.
  Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
  Step 1
  From the menu bar, select
             ▹ System Preferences... ▹ Date & Time
  Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
  Check the box marked 
            Set date and time automatically
  if it's not already checked, and select one of the Apple time servers from the menu next to it.
  Step 2
  Start up in safe mode and log in to the account with the problem.
  Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.
  Step 3
  Triple-click anywhere in the line below on this page to select it:
  /System/Library/Keychains/SystemCACertificates.keychain
  Right-click or control-click the highlighted line and select
            Services ▹ Show Info
  from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
  Repeat with this line:
  /System/Library/Keychains/SystemRootCertificates.keychain
  If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
  Step 4
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
  In the Keychains list, there should be items named System and System Roots. If not, select
            File ▹ Add Keychain
  from the menu bar and add the following items:
  /Library/Keychains/System.keychain
  /System/Library/Keychains/SystemRootCertificates.keychain
  Open the View menu in the menu bar. If one of the items in the menu is
            Show Expired Certificates
  select it. Otherwise it will show
            Hide Expired Certificates
  which is what you want.
  From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
            Secure Sockets Layer (SSL)
  select
            no value specified
  Close the inspection window. You'll be prompted for your administrator password to update the settings.
  Now open the same inspection window again, and select
            When using this certificate: Use System Defaults
  Save the change in the same way as before.
  Revert all the certificates with non-default trust settings. Never again change any of those settings.
  Step 5
  Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
  Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
            Help ▹ Keychain Access Help
  from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
  Step 6
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ Certificates
  There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
  Step 7
  Triple-click anywhere in the line of text below on this page to select it:
  /var/db/crls
  Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
  Restart the computer, empty the Trash, and test.
  Step 8
  Triple-click anywhere in the line below on this page to select it:
  open -e /etc/hosts
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in the same way you launched Keychain Access.
  Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
  # Host Database
  # localhost is used to configure the loopback interface
  # when the system is booting.  Do not change this entry.
  127.0.0.1                              localhost
  255.255.255.255          broadcasthost
  ::1                                        localhost
  fe80::1%lo0                    localhost
  If that's not what you see, post the contents of the window.