Generating Self Signed Certificate for iPlanet Directory Server for testing

Hi Experts,
I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
Thanks in Advance,
Kalyan

Here's one I did earlier.
Refers to Solaris 10
SSL Security
add a new certificate that lasts for ten years (120 months).
stop the instance:
dsadm stop <instance>
Remove DS from smf control:
dsadm disable-service <instance>
Change Certificate Database Password:
dsadm set-flags <instance> cert-pwd-prompt=on
     Choose the new certificate database password:
     Confirm the new certificate database password:
Certificate database password successfully updated.
Restart the instance from the dscc:
DSCC -> start <instance>
Now add a new Certificate which lasts for ten years (120 months; -v 120):
`cd <instance_path>`
`certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
     Enter Password or Pin for "NSS Certificate DB":
Stop the Instance.
On the DSCC Security -> Certificates tab:
     select option to "Do not Prompt for Password"
Restart the instance.
On the Security -> General tab, select the new certificate to use for ssl encryption
Restart the instance
Stop the instance
Put DS back into smf control:
dsadm enable-service <instance>
Check the smf:
svcs -a | grep ds
# svcs -a|grep ds
disabled Aug_16 svc:/application/sun/ds:default
online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

Similar Messages

  • Self-signed certificate and Microsoft Git Provider for Vistual Studio 2013

    I am setting up an in-house Git server with a self-signed certificate for SSL.
    How do I configure Visual Studio 2013 with Microsoft Git Provider to allow connections to projects with a self-signed certificate?
    Visual Studio gives med the following error message: 
    "An error occurred. Detailed message: An error was raised by libgit2. Category = Net (Error).
    An error occurred while sending the request."
    When I use Fiddler to decode the SSL connection, everything works great.

    Hi,
    I think your issue isn't related to the forum. I will move the thread to "Where is the forum for..." forum.
    Thanks for your understanding.
    Regards.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Is there any hardware requirement guideline for iPlanet Directory Server?

    I plan to set up the iPlanet Directory server. I need to select the appropriate hardware platform for the DS capacity. e.g what CPU model, ram & hard disk size if entries is around 10000 etc.

    The upper limit for iDS 5.0 is 2G of RAM but for 100K users, expect about 80-85MB ldif file which correlates to about 290-300Mb importCacheSize. This means that you will need 64Mb+300Mb minimum.
    As far as network, 100BaseT is adequate but GBit or multiple 100BaseTs are better.
    SSL hardware is recommended if running securely.
    As far as processors, an Ultra60 1x440Mhz or a Dell PowerEdge 2400 1x776Mhz will work. Attaching 2x18G disk should be enough. Go with scsi over ide if possible.
    pat

  • Backup / Journaling function for IPlanet Directory Server?

    Hi,
    does the iPlanet Directory Server provide a journaling function (logging and restore possibility of all changes made between two backups) ?
    I can�t find anything in the docs, but I somehow can�t image that this feature is not supported ...
    Thanks
    Kris

    I'd be interested to know this, as well. Did you find an answer for this?

  • Getting self-signed certificates from an internal server...

    Hi!
    Thanks to the beautiful [Andreas Sterbenz's|http://blogs.sun.com/andreas/entry/no_more_unable_to_find] article I was able to download the two self generated certificates from the mail server and store them in a single file. So I expected things to work like a charm but soon I had to change my mind due to the (usual) error:
    javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
    nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:571)
    at javax.mail.Service.connect(Service.java:288)
    at javax.mail.Service.connect(Service.java:169)
    at com.agiletec.plugins.webmail.aps.system.services.webmail.WebMailManager.initInboxConnection(Unknown Source)
    at com.agiletec.plugins.webmail.aps.tags.WebmailIntroTag.doStartTag(Unknown Source)
    [etc etc]
    So here's the first question: Is it correct to store the certificates in the system properties with the following code?
    System.setProperty("javax.net.ssl.trustStore", certificateInUse); // <--- path of the file where I've stored the certificates
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); // password used
    System.setProperty("javax.net.ssl.trustStoreType","JKS");
    I haven't gone in the depth of the SSL theory but it seems to me that my webapp stores the certificates and keeps on connecting in the standard (non SSL) way....
    Thanks in advance for the time spent reading!
    Matteo

    Have you tried setting the "Always trust" property? Double click the certificate in Keychain Access and allow it to have always trust for email.
    Also, make sure that bundles are enabled for mail.
    (Forget the command, google for "defaults write com.apple.mail enableBundles")
    That did it for me.
    Br,
    T

  • Unable to generate self signed certificate on secondary ISE Identity Services Engine node

    certificate has expired,
    we can generate a new one on the primary node
    not on the secondary node that fails
    with
    "internal error - please ask your Administrator to review the error logs."
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
        ... 71 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 83 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 89 more
    2015-01-15 10:27:09,270 ERROR 2015-01-15 10:27:09,270  [http-443-15][] cpm.admin.infra.action.LocalCertAddAction- Unable to import certificate : com.cisco.cpm.infrastructure.certmgmt.api.CertMgmtException: com.cisco.cpm.nsf.api.exceptions.NSFEntitySaveFailed: com.cisco.cpm.nsf.api.exceptions.NSFEntityTypeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    2015-01-15 10:27:22,019 INFO  2015-01-15 10:27:22,019  [http-443-17][] cpm.admin.infra.action.TimeSettingsAction- retrieve server status: SEC(A), SEC(M)

    What version and patch level of ISE are you running?

  • Lion server erased self signed certificate

    Help!!! I accidentally deleted the self signed certificate that had the right keys for my third party SSL.  Now I cannot replace the self signed certificate with the new SSL.  Now what????

    I will begin my answer by making an emphasis that the best way to protect your data in-transit is using a 2048 bit certificate signed by a trusted certificate authority (CA) instead of relying on the self-signed certificate created by SQL Server.
     Please remember that the self-signed certificate created by SQL Server usage for data in-transit protection was designed as a mitigation against passive traffic sniffers that could potentially obtain SQL Server credentials being transmitted
    in cleartext, but nothing more. Think of it as a mitigation against a casual adversary.
     The self-signed certificate usage was not intended to replace real data in-transit protection using a certificate signed by a trusted CA and encrypting the whole communication channel. Remember, if it is self-signed, it is trivial to spoof.
    After making this clarification, the self-signed certificate generated by SQL Server uses a 1024 bit key, but that size may be subject to change in future versions of the product. Once again, I would like to strongly discourage relying on the self-signed
    certificate created by SQL Server for data in transit transmission.
    BTW. Azure SQL Database uses a 2048 certificate issued by a valid certificate authority.
    I hope this information helps,
    -Raul Garcia
     SQL Server Security
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • SQL Server 2008 self-signed certificate is 1024bit or 2048bit?

    When there is no user defined certificate available, SQL Server will generate a self-signed certificate when service starts, We have a tool scans and finds that in SQL 2005 the self-signed certificate is 1024bit,  does someone know the default self-signed
    certificate is still 1024bit or is it 2048bit in SQL 2008? Thanks a lot!!!

    I will begin my answer by making an emphasis that the best way to protect your data in-transit is using a 2048 bit certificate signed by a trusted certificate authority (CA) instead of relying on the self-signed certificate created by SQL Server.
     Please remember that the self-signed certificate created by SQL Server usage for data in-transit protection was designed as a mitigation against passive traffic sniffers that could potentially obtain SQL Server credentials being transmitted
    in cleartext, but nothing more. Think of it as a mitigation against a casual adversary.
     The self-signed certificate usage was not intended to replace real data in-transit protection using a certificate signed by a trusted CA and encrypting the whole communication channel. Remember, if it is self-signed, it is trivial to spoof.
    After making this clarification, the self-signed certificate generated by SQL Server uses a 1024 bit key, but that size may be subject to change in future versions of the product. Once again, I would like to strongly discourage relying on the self-signed
    certificate created by SQL Server for data in transit transmission.
    BTW. Azure SQL Database uses a 2048 certificate issued by a valid certificate authority.
    I hope this information helps,
    -Raul Garcia
     SQL Server Security
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Renewing Self Signed Certificate on IPN Nodes 1.2

    Dear Team
    I have just upgraded the ISE infrastructure to 1.2, IPN nodes have also been upgraded, a default self signed certificate is generated, which is for a validity of 90 days.
    on my ISE main units, i have self signed certificates with 2048 Modulas and SHA1-256 hash, validity = 12 years.
    1:  I want to generate self signed certificate on IPN with the same specifications.
    how it can be achieved, is it through "pep certificate server add" ?
    IPN2/admin# pep certificate server add
    Server Certificate change will result in application restart. Proceed? (y/n): y
    Bind the certificate to private key made by last certificate signing request? (y/n):
    but as such i am not generating any CSR, because we do not have any CA in our deployment.
    Thanks
    Ahad Samir

    Above requirement is necessary because we don't have an Enterprise CA in our Deployment. We have to rely on self Signed certificates.
    Further Self Signed certificates should be valid for a long period so that no communication issue happens, 

  • Safari could not establish secure connection to my localhost with self signed certificate

    was using maven+grizzly+jersey to start my own server. I created self signed certificate so that my server can support https. I case you are curious, following is how I generated my certificate
    I was testing this on my iMac (Running Mavericks) Now, I added the server.cert to the system keychain so that all users can trust this certificate. Also, I change the trust level to "Always Trust".
    I get this work in Chrome and Firefox. They asked me to add exception for this certificate, I did and then everything goes fine. However, I have never make Safari(7.0) happy. I always get the error saying that Safari cannot establish secure connection to my localhost.
    Does anyone have any idea why it happened? Or is there better way to debug this problem so that I will be able to tell at which step things goes wrong.
    Thank you in advance. I really appreciated it.

    Any help much appreciated!

  • Help w/ self-signed certificate in SunOne 5.2 P4

    I'm running SunOne 5.2 P4 and I'm very new to the whole SSL thing and want to enable SSL in SunOne for some testing.
    However, all attempts at generating and importing a certificate of varying lengths (512, 1024, 2048, 4096 bits) results in the following error in the Certificate Install Wizard of the Console:
    "Either this certificate is for another server, or this certificate was not requested using this server."
    Could someone point me to some instructions or walk me through the steps for generating self-signed certificates so they will import correctly? All the instructions I have seen so far say to send the "Certificate Request" to a CA for signing. I don't want to do that. I just need it for testing and would like to know how to do it locally. I assume this means self-signing it.
    Thanks!!

    It's not necessarily the server-certificate itself that is self-signed. My guess is that the CA that signed this certificate uses a self-signed certificate for itself.
    Your certificate chain might look like this:
    Your certificate <<signed by>> Your CA <<signed by>> Your CA
    Your CA isn't a trusted issuer by default, therefore you need to import the CA's certificate into the truststore.

  • Some clients migrated from 2007 is presented with the self signed certificate in 2013

    I have migrated from 2007 to 2013. I did a couple of test migrations and on the ones with domain member computers Outlook is giving a certificate warning. The certificate they are presented with is the default self signed certificate on the 2013 server.
    Even though I have added a trusted public certificate to Exchange and checked of to use With IIS.
    I see that the default certificate is also checked of to use With IIS and it cant be removed in ECS. Shouldnt this be removed from IIS all together when adding a New certificate? And why does some Clients gets presented With the self signed and some With
    the Public? For instance owa is presented With the Public cert. Also and Outlook I tested from outside the domain.
    Regards

    Only the UCC certificate should be bound to IIS.
    Are any clients using POP or IMAP, which also use SMTP?  In this case clients can be presented with the "wrong" certificate as well.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • How to successfully import ASA self-signed certificate?

    On ASA 9.1 i am trying to export an Identity certificate, self-signed certificate into p12 file so i can import it into laptop and used it for secure connection to ASA over ASDM. I can add certificate OK using ASDM, certificate show up OK in Certificate management/dentity certificate. Exported certificate into .p12 file with passphrase OK.
    In Win XP and Windows 7 every time i try to import certificate i got message that password is incorrect. Yes, i did type correct password.
    Even thru cli i got the same error when trying to import the file.
    ASA(config)# crypto ca export ASDM_TRUSTPOINT pkcs12 password
    Exported pkcs12 follows:
    -----BEGIN PKCS12-----
    MIIHPwIBAzCCBvkGCSqGSIb3DQEHAaCCBuoEggbmMIIG4jCCBt4GCSqGSIb3DQEH
    BqCCBs8wggbLAgEAMIIGxAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQItd0L
    7e5QezkgxXzmCJKpv3GqQV5/tfk66ySnBMCGrMzsQKBa32wzHYcSerSEePNXzudJ
    Frdyc3ETMXECvO83gujQZLyJ9DfPaDy4gZHwEs9fwGqpJel/NTwUo16dtzO2Vbko
    1kc8kd
    -----END PKCS12-----
    Any tips or tricks how to get this simple task completted? Is maybe file format not right?

    Hi
    Please show the error ASA is reporting during import.
    It's working correctly with 9.1(0)2, example:
    ASA9(config)# crypto ca trustpoint TP
    ASA9(config-ca-trustpoint)# enrollment self
    ASA9(config)# crypto ca enroll TP
    WARNING: Trustpoint TP has already enrolled and has
    a device cert issued to it.
    If you successfully re-enroll this trustpoint,
    the existing certificate will be replaced.
    Do you want to continue with re-enrollment? [yes/no]: yes
    % The fully-qualified domain name in the certificate will be: ASA9
    % Include the device serial number in the subject name? [yes/no]: yes
    Generate Self-Signed Certificate? [yes/no]: yes
    ASA9(config)#
    ASA9(config)# crypto ca export TP pkcs12 123456
    Exported pkcs12 follows:
    -----BEGIN PKCS12-----
    MIIGHwIBAzCCBdkGCSqGSIb3DQEHAaCCBcoEggXGMIIFwjCCBb4GCSqGSIb3DQEH
    BqCCBa8wggWrAgEAMIIFpAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIp8j1
    +5Rh9TQCAQGAggV4DUlYOI+VlGxuCXiGnDTYx+cR5XjPca7KW7L50D5lLQQHLr+U
    fV+QVEaELnQ1MKsMm87zl9AuycuI9EeOJnPTF9Ddxy32ODzaZ4/3BaXnHl2ETyzM
    IohydDJCfscT0r2TPNlE8XSknDfftK+3g3Aa0Gi+Nsq1+NXxTdYcfdXpZHvD9tk0
    QZInQy1UG+NhCERyOe6SIbynuCBfksk9g+rRjeNW4bTNRDpCJ1DnrtpN6BCq8VGN
    QMQagUZ1ONNLaFtQegd17RxWzXUZiWQgqf0jUZnr/BJQI9bPrISkA+JnysNU3MvS
    WVKKfyGQcsYD4ExH+wi6xkohKi7hj80s9cFOyq+xpXjikZw9gKMcpoY2lLs4ivIl
    4x9bB3EQ3xYW5nxbORwDx5xEyYLMUNkVRvC14ts+RB2QcEAXwq2JaaNuO6aBvjhj
    8mpHjXR+wkxV8Mm+UYEed2f1SuzjtZ966OPYW0YkmXGTH+wt/rxbCROAqnmh6HGz
    pU4H5/yhHgBIJOd6vZaKf5XlnX17wSniM+JRw4FsArVpuNOZFeCkDsHHFP6TPYII
    h2aS2jBEH2KW0KuzEP0rHOJ8WVjZgVucSu0pb+vVGw3MzsBl14CnL5kZcPe+81wJ
    XnFibhkucyo9arO/kcc7OtMcAuoktGfBVb1jrX6Se/SY8GFrzYbikNuT4DI4/dw+
    OinRXOX7S/Bhaefx4JSFYoL/7agD7f+kwzv7qAEyIQtjxoGgYuqY2lZVsbZL05dJ
    0D3xDkSDOc9H/5M5nZqP/xwnqVMoREPvt/a+ZdGezfzApUYUH/VAU4NzST44QcvM
    mdeeizpj0VwA7WdZOrMaJll927NGb1RikmtE+6ITgdiksuJVOeNWcXuq00sDAxvZ
    fv7tOQxgWX0+LNKaFd1Ef7PF9KqsJLQnbC28GC9GBNExcc9Pm+Kqfq6qj7HEosHt
    kPSfLFs0kkQQzq+G4xH6pzKQkG7Yt3xjLblI9IdWsCvuHLl8fgN0LHpVXPi9iftW
    PqGG8f9dCymAqHKFEnZzOiCcNlKKG+ddAN7Qb4mGVBYsaeROvVWBL2aAzIDpL7Uv
    8rFHsJVKk/yCruuNSDjmbbaTlYxb2iglo2MkgGsCO5X7fOPTCO3C+UikFyOi6/7c
    fSyn+LE6Za76kdRn4V2FHGG767nBxFBR/bB+uzngR+w/GzIgHQahpJ2xJlKumS2M
    yiy3kGYDhIN+WV6Lz91YwZpSobk1qrcn/7fzl2FFaY6+3+AgAXiOeVL7DyPHqm3N
    gX1EGBzwqeN9h7BeaTJvebhrvtLDU97UnPeyyFZTiSQWZhhRjqsr5mI69NvDybkq
    Db1Rx/Awnqg72RtnwOPxGNlTlRMUK7PjQNW6Kc2F7iy0byyNab9BEO6DNIN8RtXS
    WyioVOdFrFXIYPYnuvoPp46remUaaI4B4428cS7YfWHP5pq0j0PUj0gZnJM7aM0c
    VTHkVp2eZVSBFd9/Tv1q7+2tM5PhRE8ZCKcIIqJq2UJm4+HcIXGCgpIlfW3jL4t7
    qmkfu0ClnHgmoSJBycPxTPaU38FQk2ZmYcnV2RAZxtwL51q5WhAvXi0amATF2h6h
    FtcAP+Iq4Xx8s+wkcaK4I/puK0+wmMyslESWhq3RfB73BKyT9/J4FONliyAQP+4M
    JKkvkMAPx7Do6fqItHhbRR4FxQXg+al21UTLZ9aaY7PGjuqMZ40JY175qPG7CJFn
    bEOfHQGZjLbmqJfJByG6U5mQBoLr4XzTYPrtvErV/TrTGPK4RVATXgnQ/re7TD/G
    p0klPQcDHBkbnAuMVt88Q4QlqZKAov8ofLZr8IvlKsfmPFTFpfqCQCIMa1uGo6P9
    v8zGHGyvZwsOXwB1vMKAfpINCR0wPTAhMAkGBSsOAwIaBQAEFJb8DGrkwS6ApBkL
    0TXZXRY3WGx3BBSBXw+QkTTFm7BL+FS1KoeOupwmowICBAA=
    -----END PKCS12-----
    ASA9(config)#
    ASA9(config)#
    ASA9(config)# no crypto ca trustpoint TP
    WARNING: Removing an enrolled trustpoint will destroy all
    certificates received from the related Certificate Authority.
    Are you sure you want to do this? [yes/no]: yes
    ASA9(config)# crypto key zeroize rsa
    WARNING: All RSA keys will be removed.
    WARNING: All device digital certificates issued using these keys will also be removed.
    Do you really want to remove these keys? [yes/no]: yes
    ASA9(config)# crypto ca trustpoint TP2
    ASA9(config)# crypto ca import TP2 pkcs12 123456
    Enter the base 64 encoded pkcs12.
    End with the word "quit" on a line by itself:
    MIIGHwIBAzCCBdkGCSqGSIb3DQEHAaCCBcoEggXGMIIFwjCCBb4GCSqGSIb3DQEH
    BqCCBa8wggWrAgEAMIIFpAYJKoZIhvcNAQcBMBsGCiqGSIb3DQEMAQMwDQQIp8j1
    +5Rh9TQCAQGAggV4DUlYOI+VlGxuCXiGnDTYx+cR5XjPca7KW7L50D5lLQQHLr+U
    fV+QVEaELnQ1MKsMm87zl9AuycuI9EeOJnPTF9Ddxy32ODzaZ4/3BaXnHl2ETyzM
    IohydDJCfscT0r2TPNlE8XSknDfftK+3g3Aa0Gi+Nsq1+NXxTdYcfdXpZHvD9tk0
    QZInQy1UG+NhCERyOe6SIbynuCBfksk9g+rRjeNW4bTNRDpCJ1DnrtpN6BCq8VGN
    QMQagUZ1ONNLaFtQegd17RxWzXUZiWQgqf0jUZnr/BJQI9bPrISkA+JnysNU3MvS
    WVKKfyGQcsYD4ExH+wi6xkohKi7hj80s9cFOyq+xpXjikZw9gKMcpoY2lLs4ivIl
    4x9bB3EQ3xYW5nxbORwDx5xEyYLMUNkVRvC14ts+RB2QcEAXwq2JaaNuO6aBvjhj
    8mpHjXR+wkxV8Mm+UYEed2f1SuzjtZ966OPYW0YkmXGTH+wt/rxbCROAqnmh6HGz
    pU4H5/yhHgBIJOd6vZaKf5XlnX17wSniM+JRw4FsArVpuNOZFeCkDsHHFP6TPYII
    h2aS2jBEH2KW0KuzEP0rHOJ8WVjZgVucSu0pb+vVGw3MzsBl14CnL5kZcPe+81wJ
    XnFibhkucyo9arO/kcc7OtMcAuoktGfBVb1jrX6Se/SY8GFrzYbikNuT4DI4/dw+
    OinRXOX7S/Bhaefx4JSFYoL/7agD7f+kwzv7qAEyIQtjxoGgYuqY2lZVsbZL05dJ
    0D3xDkSDOc9H/5M5nZqP/xwnqVMoREPvt/a+ZdGezfzApUYUH/VAU4NzST44QcvM
    mdeeizpj0VwA7WdZOrMaJll927NGb1RikmtE+6ITgdiksuJVOeNWcXuq00sDAxvZ
    fv7tOQxgWX0+LNKaFd1Ef7PF9KqsJLQnbC28GC9GBNExcc9Pm+Kqfq6qj7HEosHt
    kPSfLFs0kkQQzq+G4xH6pzKQkG7Yt3xjLblI9IdWsCvuHLl8fgN0LHpVXPi9iftW
    PqGG8f9dCymAqHKFEnZzOiCcNlKKG+ddAN7Qb4mGVBYsaeROvVWBL2aAzIDpL7Uv
    8rFHsJVKk/yCruuNSDjmbbaTlYxb2iglo2MkgGsCO5X7fOPTCO3C+UikFyOi6/7c
    fSyn+LE6Za76kdRn4V2FHGG767nBxFBR/bB+uzngR+w/GzIgHQahpJ2xJlKumS2M
    yiy3kGYDhIN+WV6Lz91YwZpSobk1qrcn/7fzl2FFaY6+3+AgAXiOeVL7DyPHqm3N
    gX1EGBzwqeN9h7BeaTJvebhrvtLDU97UnPeyyFZTiSQWZhhRjqsr5mI69NvDybkq
    Db1Rx/Awnqg72RtnwOPxGNlTlRMUK7PjQNW6Kc2F7iy0byyNab9BEO6DNIN8RtXS
    WyioVOdFrFXIYPYnuvoPp46remUaaI4B4428cS7YfWHP5pq0j0PUj0gZnJM7aM0c
    VTHkVp2eZVSBFd9/Tv1q7+2tM5PhRE8ZCKcIIqJq2UJm4+HcIXGCgpIlfW3jL4t7
    qmkfu0ClnHgmoSJBycPxTPaU38FQk2ZmYcnV2RAZxtwL51q5WhAvXi0amATF2h6h
    FtcAP+Iq4Xx8s+wkcaK4I/puK0+wmMyslESWhq3RfB73BKyT9/J4FONliyAQP+4M
    JKkvkMAPx7Do6fqItHhbRR4FxQXg+al21UTLZ9aaY7PGjuqMZ40JY175qPG7CJFn
    bEOfHQGZjLbmqJfJByG6U5mQBoLr4XzTYPrtvErV/TrTGPK4RVATXgnQ/re7TD/G
    p0klPQcDHBkbnAuMVt88Q4QlqZKAov8ofLZr8IvlKsfmPFTFpfqCQCIMa1uGo6P9
    v8zGHGyvZwsOXwB1vMKAfpINCR0wPTAhMAkGBSsOAwIaBQAEFJb8DGrkwS6ApBkL
    0TXZXRY3WGx3BBSBXw+QkTTFm7BL+FS1KoeOupwmowICBAA=
    quit
    INFO: Import PKCS12 operation completed successfully
    ASA9(config)#
    ASA9(config)# sh crypto ca certificates
    Certificate
      Status: Available
      Certificate Serial Number: 6e85f150
      Certificate Usage: General Purpose
      Public Key Type: RSA (1024 bits)
      Signature Algorithm: SHA1 with RSA Encryption
      Issuer Name:
        hostname=ASA9+serialNumber=123456789AB
      Subject Name:
        hostname=ASA9+serialNumber=123456789AB
      Validity Date:
        start date: 15:52:01 UTC Jan 12 2013
        end   date: 15:52:01 UTC Jan 10 2023
      Associated Trustpoints: TP2
    You might want to enable debugs: "debug crypto ca 255".
    Be carefull when typing password - watch out for trailing space !
    Michal

  • How to configure a self-signed certificate

    Can someone please help me get the parameters/variables correct to gererate a self-signed SSL certificate on a CSS?
    Generte the RSA Key Pair
    ssl gen temprsakeys 1024 "passwd123"
    Associate RSA Key Pair to Key Pair Name
    ssl associate rsakey temprsakeys temprsakeys-file
    Generate Self-Signed Certificate
    ssl gencert certkey temprsakeys signkey ????
    Associate Certificate with a file
    ssl associate cert ??? ????

    this is documented at :
    http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080579e92.html#wp999000
    The principle of self-signed is that the certkey and the signkey are the same.
    Gilles.

  • Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

    Scenario:
    Windows Server 2012 R2 Essentials
    I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
    So far so good.
    The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
    a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
    The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
    remote.acmedomain.com
    If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
    My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

    Because....
    the server does not have a 'trusted' certificate assigned to it.
    Only the RDP Gateway has the trusted certificate for the external name.
    If you want to remove that error, you have to do one of the following:
    Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
    So, something like,
    server.domain.publicdomain.com
    Or,
    Install that certificate on your remote computer so it is trusted.
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

Maybe you are looking for

  • Need help in using dbms_lob.read

    I need to upload a file into an Oracle table into a Blob column. The file name along with the file contents are all in one BLOB column. Once that is done I need to read from the file and extract the file contents and load it into a staging table. Fil

  • Reading and Translating

    Hello. I have a file which contains several lines in it. What I'd like to do with it is to read it line by line and see if the line has a particular character in it. (for example, I'd like to find character "&" and replace it with "and" ) After exami

  • Can't delete file or directory with accent character

    I have a directory within my iTunes folder structure that has an accent character in it which I am trying to delete. If I do an ls on the directory I get this: ls -al ls: Radiů Disney_ Jams Vol. 2: No such file or directory total 0 drwxr-xr-x 3 scott

  • Solaris8 Intel Installation Troubles..

    Hi, I'm trying to install Solaris 8 for Intel on an old HP Vectra VL8i (400 Mhz, 128MB ram). Currently this machine has a screwed up install (*my fault* ) of Linux Mandrake 7.2. I downloaded the Solaris8 binaries off of sun.com and was trying to make

  • JSR168 Mail portlet + Lotus Domino

    Hi All, I am looking for a JSR168 complaint Mail portlet which can talk to Lotus Domino 6.5 I want to deploy these portlets on Weblogic Portal Server V 8.1 or above. Any help will be highly appreciated. Thanks in advance, Ryan Cobb.