Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

Similar Messages

• Remote Desktop Services Single SSL Cert with multiple hosts

  I am trying to use a single SSL Cert from a third party issuer.  I have 3 servers in my deployement all are 2012R2.  One contains the RD Web Access role, RD Gateway role, RD Licensing role, and RD Connection Broker role.  The other 2 are
  RD Session Hosts.  I have the SSL cert for the server that has the Gateway and other roles.  My deployement is primarily focused on deploying RemoteApp to Windows 8 Thin clients with GPO through the default URL.  It works currently with the
  exception that the user gets a certificate mismatch error because it is seeing the cert for the gateway server but is connecting to the host servers so the names don't match.  Is anyone else using a similar setup and had success with it?  I am trying
  to avoid buying an expensive wildcard cert to cover all of them.

  Hi,
  Please verify that the .rdp file embedded in the RDWeb IE page matches the same one from RADC.  To do this, log on to RD Web Access using IE, right-click and choose View Source.  Find the goRDP function for the icon you want to examine and copy
  the text between the ' marks.  Next paste this into the escape text box the below page:
  http://www.web-code.org/coding-tools/javascript-escape-unescape-converter-tool.html
  Click complete unescape to get the plain text version.  After that you can select all of the text in the clear text box, paste it into a blank Notepad window, then save as a .rdp file.  Once you have the .rdp file created you can compare
  it to the other ones and see if any of the names are different, see if it gets the certificate error as well when you double-click it, etc.
  Do you have any proxy or other non-default network configuration on your Windows 8 embedded clients?
  Thanks.
  -TP

• Use of Wildcard SSL cert with DRM

  DRM needs a URL to be embedded in the protected PDF document(e.g., mysite.mycompany.com).  The SSL certificate for the URL must be from a trusted provider (e.g., Verisign).  My question is will Adobe Reader accept for DRM a wild card SSL certificate (e.g., *.mycompany.com) from a trusted provider?

  Hi,
  The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
  certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• OIM SSL cert with AD

  I have a OIM on a cluster with two nodes running on WLS. I have a VIP URL that I connect to OIM with.
  i am going to upload the OIM cert to AD for provisioning etc and get AD cert in OIM jdk keystore.
  What I need to know is what hostname shall I use in the cert? The for VIP or hostname of a node? If its a node then I need two certs for OIM then?

  thx, I just added one cert which has the vip address and that worked fine. it stays ssl session validated successfully.
  However, when I provision a user to AD, I see Password is required while provisioning user with SSL. Do you know what this means?
  I have password in AD process form and password for admin user that will provision to AD. What am I missing?
  thx for your reply sir.

• Generating Outlook email with mailto signature is missing

  Hi all,
  i have to generate email in Outlook with a mailto: ...
  I have to put a message text into the content of the email, too and at least there should be the standard signature of my outlook.
  If i fill the body with the message text, the signature is not shown.
  I need a solution to get both into the email.
  Thx

  You can try to rename (or delete) the mimeTypes.rdf file in the Firefox profile folder to reset all file actions.
  *http://kb.mozillazine.org/mimeTypes.rdf
  *http://kb.mozillazine.org/File_types_and_download_actions#Resetting_download_actions
  You can check the network.protocol-handler.external.mailto prefs on the about:config page.
  If network.protocol-handler.external.mailto prefs are user set (bold) then right-click and Reset them to the default value.

• Generating a WSDL with bean signature

  Hi All,
  I have a webservice which takes a java bean as input, the java bean has two variables usersname n password respectively.
  is there a way to know or generate a wsdl which shows the name and signature of the variables?
  Thanks
  Sravz

  Hi,
  If the wsdl is referring to a Schema file you won't be able to see the schema definition in the WSDL file itself,for that you have to refer to the deployed jar which contains the XML schema.The default path for the deployed jar is <Oracle_SOA_Installed_Home>/bpel/domains/<domain_name>/tmp/<bpelprocess.jar>
  Otherwise if you have the source project you can always refer to it in JDev.
  Rgrds.

• Demostic SSL cert with no demostic WLS

  the ssl certificate is a full version. but the license of WLS is not is domestic
  version. How can I solve this
  Wed Oct 31 15:28:43 HKT 2001:<E> <SSLListenThread> Inconsistent Security Configu
  ration, java.lang.Exception: Attempting to use domestic (full) strength certific
  ates without a domestic (full) strength license.
  Wed Oct 31 15:28:43 HKT 2001:<I> <Security> Not listening for SSL: java.io.IOExc
  eption: Inconsistent Security Configuration, java.lang.Exception: Attempting to
  use domestic (full) strength certificates without a domestic (full) strength lic
  ense.

  Get a domestic license or an "exportable" certificate...
  "Kelvin" <[email protected]> wrote in message
  news:3bdfab69$[email protected]..
  the ssl certificate is a full version. but the license of WLS is not is
  domestic
  version. How can I solve this
  Wed Oct 31 15:28:43 HKT 2001:<E> <SSLListenThread> Inconsistent Security
  Configu
  ration, java.lang.Exception: Attempting to use domestic (full) strength
  certific
  ates without a domestic (full) strength license.
  Wed Oct 31 15:28:43 HKT 2001:<I> <Security> Not listening for SSL:
  java.io.IOExc
  eption: Inconsistent Security Configuration, java.lang.Exception: Attempting
  to
  use domestic (full) strength certificates without a domestic (full) strength
  lic
  ense.

• Do the Premiere templates come with 2014 install or do I have to get them from an earlier version of Premiere?

  I teach at a high school and my IT person just installed CC 2014, but I do not see Premiere templates.  Do I have to install them off of an earlier version?

  There are no template files for Creative Cloud, so the "workaround" is to use the files from the CS6 version. You can manually copy the content across into the CC folders:
  COPY these three folders:
  C:\Program Files\Adobe\Adobe Premiere Pro CS6\presets\Styles
  C:\Program Files\Adobe\Adobe Premiere Pro CS6\presets\Templates
  C:\Program Files\Adobe\Adobe Premiere Pro CS6\presets\Textures
  into:
  C:\Program Files\Adobe\Adobe Premiere Pro CC\presets\
  There are instructions at http://helpx.adobe.com/x-productkb/multi/library-functional-content-missing.html to get the CS6 files if you have deleted them from your system.

• Issuing CA's signature algorithm changed from sha1RSA to RSASSA-PSS

  Hi all,
  We found the root cause of why one of our Issuing CA's all of a sudden started issuing certs with a signature algorithm of RSASSA-PSS instead of sha1RSA (the signature algorithm it was originally set up to use).  Turns out one of our techs ran the following
  command a few months ago on the Issuing CA while trying to get it to issue a custom Polycom device cert:
  Certutil -setreg CA\csp\AlternateSignatureAlgorithm 1
  After that, the Issuing CA started kicking out certs with RSASSA-PSS as the signature algorithm.  I imagine the fix to get this Issuing CA back to using sha1RSA as the signature algorithm is to set that reg entry to 0 or just delete it altogether. 
  However, my question is, what about all the certs this Issuing CA has issued
  since the signature algorithm changed?  If I change it back to sha1RSA, will that somehow invalidate or cause an issue with all of the certs issued with RSASSA-PSS?  That could be an issue since this CA has issued many many certs to
  laptops for NPS 802.1x auth!
  Any help is appreciated!
  BD

  Hi,
  changing the CA signature algorithm will not invalid the existing certificates. They just stay as they are. That's why you haven't experienced any issues as your your tech made the change for RSASSA-PSS.
  @moderator: Please move this post to Windows Security forum - http://social.technet.microsoft.com/Forums/en-US/winserversecurity
  Hope that helps,
  Lutz

• Getting sec_error_inadequate_cert_type with Private SSL Cert

  Howdy,
  I run a Private Certificate Authority for my personal use and just to learn about SSL Certs. However, with the current build of FireFox I'm on ( 31 ) I can no longer visit sites I've secured with SSL Certs signed by this certificate authority, even though these SSL certs work just perfectly fine in Chrome and Internet Explorer. I keep getting a "sec_error_inadequate_cert_type" error. I can only assume that the certs I've been issuing are incorrect in some way, but the error is so vague and the error page doesn't specify more.
  I only discovered this when I realized some of my SSL certs had expired, and I went to re-issue them.
  One of the certs that hasn't expired yet but is experiencing problems can be found here:
  * https://forums.silicateillusion.org
  One of the Certs I've tried re-issuing, matching fields included as closely as I can to a Google SSL cert that I looked up is here:
  * https://phpmyadmin.endofevolution.com
  These certificates were generated using the application called SimpleAuthority, found here: http://simpleauthority.com/
  A Site like Networking4All.com seems to believe the Certs are valid, excepting the CA that is Self Signed: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=phpmyadmin.endofevolution.com&protocol=https
  Interestingly enough, using a different site like SSLShopper shows an error similar to FF31: http://www.sslshopper.com/ssl-checker.html#hostname=https://phpmyadmin.endofevolution.com
  The certs are running on an Apache Web server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.10
  The CA Cert is in FireFox's store as trusted.
  If needed, I can provide certs.

  ''SniperFodder [[#answer-626818|said]]''
  <blockquote>
  I however, do not. It's something specific to Firefox I seem to be having. Maybe I'm running an outdated version of Chrome? Which would be hard seeing as chrome itself says it's up to date: Version 37.0.2062.120 m
  I appreciate the link to Bug 1034124, However the SSL certificate itself IS NOT self signed. Only the CA is, which signed the SSL Cert. I guess what I mean to be asking is... Is Firefox Rejecting my SSL Cert, because my CA Is Self Signed?
  I also offer the CA Cert for download since no one would have the cert in their stores. Would this also affect it?
  I've attached a screen shot of the error I'm getting so that it's available for the ticket. The following is also the "plaintext" verison of the error I'm getting:
  "Certificate type not approved for application."
  </blockquote>

• Help!!input pfx,p12 to jks keystore get error "Signature Algorithm mismach"

  The following is the question that I met ~ Who can help me to solve the problem?
  use j2sdk1.4.02
  I'm tring to use keytool to input my company's pfx file to jks format keystore ,
  and I'm getting keytool error "Signature Algorithm mismatch" .
  I also tried to import the pfx file to Netscape and export to p12 format ,
  and still got error "Signature Algorithm mismatch".
  When I using following command ..
  keytool -list -keystore xxx.p12 -storetype PKCS12
  It still throws keytool error "Signature Algorithm mismatch".
  And I checked the pfx(p12) file with IE , the Signature Algorithm Name is RSA.
  What problem whith the p12 file?
  Is keytool can't support RSA Signature Algorithm, or anything else??
  Finally,maybe all the problems are that I have wrong idea, and hope someone can instruct me.
  Thanks for help..(I'm looking for this question several days.)
  Vincent ...(from Taiwan)

  I'd just purchase and use KeyStore Explorer. $30 for single-user.
  It easily converts between pkcs12 and jks formats. I had no problems generating keys/certs in this tool and exporting them to JKS keystores for use with Java as well as into OpenSSL for use with Apache, etc.

• Forced to close RoboHelp after generating SSLs in order to edit content

  I have reported this as a bug, but wonder whether any of you have had similar experiences and, if so, how you resolved it.
  Have to close RoboHelp after generating SSLs in order to edit content
  Steps to reproduce bug:
  Open project from Visual Studio Source Control (Team Foundation Server).
  Select a Single Source Layout and generate the output.
  Try to edit a topic. The Check Out dialog box says "To modify this document, the files in the list below need to be checked out from version control. Do you want to check out these files."
  Click Yes.
  Results:
  The Cannot Complete Operation dialog box appears. "The files in the list below could not be checked out from version control. Exclusive access to these files is required to modify this document."
  Click Close, close RoboHelp, and restart RoboHelp.
  Expected results:
  The files should be checked out from version control with exclusive access when I click Yes to check them out.
  When I look in Source Control Explorer, the file I tried to check out is not even checked out. Even manually locking the file for edit from Source Control does not free the file for editing in RoboHelp.
  Thanks.
  Carol

  ''Keep until: I close Firefox''
  That's what I use for all cookies. If you start a new session every time you start Firefox, i.e., you don't resume the same session over and over, websites cannot track you 'across sessions' using cookies; you are a new person to them during each session (unless/until you log in).
  Note that "Flash cookies" need to be managed separately.
  As for this particular site, if you want to spend some time research it, you could install an add-on such as Firebug or the external Fiddler2 proxy. Both will show you each request made by the browser when you load a page. Then you can see which third party sites are involved and if you like make a specific entry to allow them in the Exceptions dialog.
  * https://addons.mozilla.org/en-US/firefox/addon/firebug/
  * http://www.fiddler2.com/fiddler2/ (more difficult to use for HTTPS sessions)

• SSL Cert for 2008 R2 Reporting Services that is installed on a Failover Cluster - server address mismatch?

  I utilized the idea from
  http://www.mssqltips.com/sqlservertip/2778/how-to-add-reporting-services-to-an-existing-sql-server-clustered-instance/ to install 2008 R2 Reporting Services on a new Clustered SQL instance.  In short, create the new Clustered SQL instance on Node1,
  installing Reporting Services with it.  Then on Node2, Add a Failover Cluster Node (without choosing Reporting Services); following that up with starting the SQL setup.exe with a cmd to bypass a check so that I can then install the Reporting Services
  feature on Node2.  It points out using the SQL Cluster Network name for connecting to Reporting Services.
  I verified upon failover that I could still access the Reports and ReportServer URLs.  However, when wanting to add an SSL certificate to the RS configuration, I run into the warning of "mismatched address - the security certificate presented by
  this website was issued for a different website's address", where I can continue and get to the Reports or ReportManager URLs.
  I played with different certs (internal CA created) and SANs and other things, but I still get this error with the cert.  The Reports URL, for example, is <a href="https:///Reports">https://<SQLClusterNetworkName>/Reports, and the
  cert has a CN and Friendly Name of SQLClusterNetworkName (with SAN of DNS: SQLClusterNetworkName.<domain>), but the error still happens.
  What am I missing to eliminate the mismatched address warning when using the SQLClusterNetworkName as the base of the URLs?

  I got it working by using the FQDN as the common name on the SSL cert, with FQDN in RS URLs.

• Doc size with digital signature

  i've got 2 questions, please help:
  1) why do .pdfs with digital signatures have such large file size? how can i reduce the size?
  2) why do .pdfs with digital signature become text non-searchable?
  thnx
  brg

  actually the same signature size isn't such a problem when using Adobe software, but when using pdfCreator, the size increases... pls don't give me lectures on using another software, i need A5 and Adobe doesn't provide it...
  so i guess it's the problem within that other pdf maker...
  why i need to pdf print the file? one reason is i can print it ( otherwise signatures don' show, protection i guess), the other reason to protect the signatures that for that specific reason only need to be seen.
  thnx.
  brg

• Oracle SSL Cert for downloads has errors

  Not sure if this is a cause or effect?
  Owner: This web site does not supply ownership information.
  Verified by: Not specified
  I get this after clicking download link and failure of user/pass prompt.
  Edited by: user6774993 on Jan 18, 2010 9:26 PM

  I got it working by using the FQDN as the common name on the SSL cert, with FQDN in RS URLs.