GoDaddy SSL Cert Signed by Unknown Authority

At my school we have one Apple server which we recently upgraded to 10.5. We're using it to run a blog for teachers. We switched the site to use SSL and purchased a GoDaddy SSL cert (the wildcard type). The common name on the certificate I created in Server Admin is for *.e-lcds.org, this is the same common name I gave to GoDaddy in the CSR.
I received both the certificate and the intermediate certificate from GoDaddy and installed both. Server Admin now says that the site is signed correctly by GoDaddy. The intermediate certificate (looking at Keychain Access) is not signed correctly though according to the server. The error is "This certificate was signed by an unknown authority"
In the process of originally trying to figure out SSL certs I deleted all of the GoDaddy ones which I (thought) had added to start with a new one and have it re-keyed (which worked). I unfortunately may have deleted whatever certs need to be installed to verify the intermediate cert from GoDaddy. Is there a way to re-add these? Or is this another issue altogether?
Thanks in advance,
-MRCUR

I ended up wiping the server since we switched it's roles with a Linux box. I'm now using the GoDaddy SSL cert on the Linux box and the XServe.

Similar Messages

  • Anyone use godaddy ssl certs?

    I have been looking into changing ssl certificates, currently we use thawte. I have had some trouble with the godaddy ssl certificates but I think it is probably that it is just slightly different then what I was used to. My question is is anyone else out their using godaddy for your ssl certificates and have you had any issues or do you have any concerns with using them?

    Yes, I havnt seen any issues with it.
    If u need any help installing it in ur keystore let me knw.
    -Faisal
    http://weblogic-wonders.com

  • Why was my GoDaddy SSL Cert "Not from a Recognized Authority"

    I've seen many reports here of people experiencing problems installing and renewing SS Certificates in OS X Server.
    In my case a simple Certificate renewal turned into a Very Worrying Episode as the new certificate was "Not from a recognised authority" according to OS X Server 3.1.2 on Mavericks. Email clients could not log in etc. etc. without being told the server was insecure.
    I tried several times to renew the certificate. Last year's was from GoDaddy and we had no problems. This year was not straightforward and has wasted 8 or so hours of my life.
    This is of course only anecdotal, but it seems that OS X Server cannot properly install SSL Certificated generated from SHA-2 but can from SHA-1. SHA-2 is the default at GoDaddy now (SHA-1 can be chosen) as SHA-1 Certificates will no longer be created or accepted as standard in 18 months or so's time.
    My solution was to generate an SHA-1 Certificate from my GoDaddy account.
    All the necessary Root and Intermediate Certificated seemed to be in place but OS X Server could not correctly link up all the Certificates in the SHA-2 chain.

    @heinzfromconcord were you replacing a Cert with the same name by any chance? (i.e. Were you renewing an SHA-1 Cert with an SHA-2 Cert perhaps). I have absolutely no idea whether this matters or not but can only assume that not everyone is suffering this problem as there are so few forum posts about it. I am trying to gather diagnostic information tp pass on to the Apple Engineers who replied "cannot reproduce" to my bug report.

  • SSL cert error on exchange 2013.

    Hi,
    Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
    Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
    There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
    Error Box 1
    Security Alert
    servername.localdomain.local
    Information you exchange with this site cannot be viewed or changed...................
    The security certificate is from a trusted certifying authority.
    The security certificate date us valid
    X The name on the security certificate is invalid or does not match the name of the site....
    Error box 2
    Microsoft Outlook
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
    Outlook is unable to connect to the proxy server. (Error Code 10)
    Any quick help will be highly appreciated!
    Many thanks

    Hi,
    Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
    You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
    use the shell to view the internal and external URL's,
    Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
    Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
    Get-ECPVirtualDirectory | fl internalurl,externalurl
    Get-OabVirtualDirectory | fl internalurl,externalurl
    Get-WebServicesVirtualDirectory | fl internalurl,externalurl
    Change all your internal URL's similar to the external URL's, use the Set command as the example below.
    Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
    make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
    Regards
    Boniface

  • Getting sec_error_inadequate_cert_type with Private SSL Cert

    Howdy,
    I run a Private Certificate Authority for my personal use and just to learn about SSL Certs. However, with the current build of FireFox I'm on ( 31 ) I can no longer visit sites I've secured with SSL Certs signed by this certificate authority, even though these SSL certs work just perfectly fine in Chrome and Internet Explorer. I keep getting a "sec_error_inadequate_cert_type" error. I can only assume that the certs I've been issuing are incorrect in some way, but the error is so vague and the error page doesn't specify more.
    I only discovered this when I realized some of my SSL certs had expired, and I went to re-issue them.
    One of the certs that hasn't expired yet but is experiencing problems can be found here:
    * https://forums.silicateillusion.org
    One of the Certs I've tried re-issuing, matching fields included as closely as I can to a Google SSL cert that I looked up is here:
    * https://phpmyadmin.endofevolution.com
    These certificates were generated using the application called SimpleAuthority, found here: http://simpleauthority.com/
    A Site like Networking4All.com seems to believe the Certs are valid, excepting the CA that is Self Signed: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=phpmyadmin.endofevolution.com&protocol=https
    Interestingly enough, using a different site like SSLShopper shows an error similar to FF31: http://www.sslshopper.com/ssl-checker.html#hostname=https://phpmyadmin.endofevolution.com
    The certs are running on an Apache Web server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.10
    The CA Cert is in FireFox's store as trusted.
    If needed, I can provide certs.

    ''SniperFodder [[#answer-626818|said]]''
    <blockquote>
    I however, do not. It's something specific to Firefox I seem to be having. Maybe I'm running an outdated version of Chrome? Which would be hard seeing as chrome itself says it's up to date: Version 37.0.2062.120 m
    I appreciate the link to Bug 1034124, However the SSL certificate itself IS NOT self signed. Only the CA is, which signed the SSL Cert. I guess what I mean to be asking is... Is Firefox Rejecting my SSL Cert, because my CA Is Self Signed?
    I also offer the CA Cert for download since no one would have the cert in their stores. Would this also affect it?
    I've attached a screen shot of the error I'm getting so that it's available for the ticket. The following is also the "plaintext" verison of the error I'm getting:
    "Certificate type not approved for application."
    </blockquote>

  • Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

    I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
    I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
    I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
    Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
    No matter what I do, it won't work.
    I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
    Can anyone help?

    Originally Posted by AndersG
    Fmcunningham,
    > > I am looking at installing a cert as well. I have NOWS SBE 2.0
    > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
    > > need a Wild card cert to be able to accomplish this?
    >
    Only difference between a wildcard and a regular (apart from price) is that
    a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
    cert only covers a named host, homer.acme.com
    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)
    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms
    I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

  • Http Analyzer connecting to server with self-signed SSL cert

    When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
    Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
    Am using JDeveloper 10.1.3.
    Thanks,
    John

    I fixed that by getting certs from: https://www.startssl.com/?app=1.
    The certs are free and work fine.
    Since Iphone 4 apple does not accept unknown CA Authorities.

  • SSL Cert used to sign Jars for distribution via WebStart

    Hi,
    I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
    Certificate chain not found for: myalias  myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
    xxx.cabundle (this can be imported into keytool easily)
    cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
    private/xxx.key
    My questions I suppose are:
    1. Can I use a cert issued for SSL to sign jars for webstart distribution?
    2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
    Any help would be appreciated!
    Rich

    Hi,
    yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
    Sent from Cisco Technical Support Android App

  • IMAP Mail Setup with self-signed SSL certs

    I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
    Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..

    If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
    And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case.

  • Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

    We have a Certificate Authority (Version: 5.2.3790.3959) configured on  Windows 2003 R2 server in our environment. How do i generated SSL cert with stronger signature algorithm such as with SHA1 or SHA2
    Currently i am only able to generate SSL cert with md5RSA.

    Hi,
    Since you are using Windows Server 2003 R2 as CA, the hash algorithm cannot be changed, while in Windows 2008 and 2008 R2, changing the hash algorithm is possible.
    Therefore, you need to build a new CA to use a new algorithm.
    More information for you:
    Is it possible to change the hash algorithm when I renew the Root CA
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/91572fee-b455-4495-a298-43f30792357e/is-it-possible-to-change-the-hash-algorithm-when-i-renew-the-root-ca?forum=winserversecurity
    Changing public key algorithm of a CA certificate
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/0fd19577-4b21-4bda-8f56-935e4d360171/changing-public-key-algorithm-of-a-ca-certificate?forum=winserversecurity
    modify CA configuration after Migration
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d5bcb76-3a04-4bcf-b317-cc65516e984c/modify-ca-configuration-after-migration?forum=winserversecurity
    Best Regards,
    Amy Wang

  • Can't access IBM mainframe 3270 session via SSL self-signed cert.

    Can't access IBM mainframe 3270 session via SSL self-signed cert since sometime last week. Using Mochasoft tn3270 lite on android works fine but iPad ios7 says "IBM mainframe has closed the session".  Any clues would be appreciated.

    I'm thinking the problem may be the IBM cert is 1024 bit. Investigating choices to implement 2048 bit cert into IBM.

  • Use Wildcard SSL Cert to Monitor Non-Domain COmputers

    Hello,
      I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
    TIA,
    Jim

    Hi,
    The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
    certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
    Regards,
    Yan Li
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Could not establish trust relationship for the SSL/TLS secure channel with authority

    Hello everyone, I need to establish a connection between my HTTPS WCF hosted in Windows Azure Web Role and my Windows Store App Client. The service is actually exposed for testing purposes using a self-signed certificate.
    I have installed the certificate in Personal and Trusted Root Certification Authorities in Current User and Local Manchine.
    In the Windows Store App, I create the service reference pointing to the cloud https service, then edit the manifest and create a new declaration to Add a New Certificate, I checked Exclusive Trust and Auto select, pointing to Root storage name and
    my self-signed certificate.cer.
    The result is the following exception in the IntelliTrace stack:
    Exception:Caught: "The remote certificate is invalid according to the validation procedure." (System.Security.Authentication.AuthenticationException)
    A System.Security.Authentication.AuthenticationException was caught: "The remote certificate is invalid according to the validation procedure."
    Time: 19/01/2015 04:42:33 p. m.
    Thread:Worker Thread[17080]
    Exception:Thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'." (System.ServiceModel.Security.SecurityNegotiationException)
    A System.ServiceModel.Security.SecurityNegotiationException was thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'."
    Time: 19/01/2015 04:42:34 p. m.
    Thread:Worker Thread[17080]
    Appreciate any help, to solve this with the approach of WCF Service Reference in Windows Store App.
    Note:
    If I call the HTTPS service using a Console App it works very good using the following the code:
    ChannelFactory<IAgentService> factory = new ChannelFactory<IAgentService>("basicHttpBinding_IAgentService");
    ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
    IAgentService wcfProxy = factory.CreateChannel();
    Thanks in advance,
    RC

    Maybe not implemented.
    https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2dab2818-8f4c-4474-a7a1-db2cbfb40d40/accepting-client-certificate-for-https-connections?forum=winappswithcsharp

  • DPM 2012 setup to remote SQL 2012. SSL cert error

    First of all, the category I selected, which was for SQL server reporting services was as close as I could get. There wasn't a way to select System Center DPM server from the list. As this relates to the Report Server portion of the setup, I chose this category.
    I am setting up DPM 2012 SP1 on a single use server (Windows Server 2102 R2 Standard) and remotely connecting to a new DB server (MSSQL 2012). I keep getting error ID:812 when trying to install, and the logs show that it is trying to set up report server,
    but that it cannot establish a trust relationship for SSL/TLS.
     * Exception :  => System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
    secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    I'm not clear on how to proceed. Invalid cert means it wants something very specific.
    I have installed a domain issued cert from the DC on the SQL reporting server and have bound that cert to SSL using report server configuration. I then imported the cert into the DPM server in the trusted and personal certs. The DPM server has our DC as
    a trusted source. That clearly doesn't work.
    Thinking I may not be able to use a self-signed cert, I then installed our wildcard cert onto both the SQL server and the DPM server. I ran through the Report Server configuration again and bound that wildcard. This is a Godaddy wildcard cert.
    Same problem no matter what I do. Clearly, this is matter of a cert issue, but I'm lost. There are zero instructions I've found on how to ensure Windows server 2012 cert requirements are met as it relates to SQL and DPM.
    Thanks for your advice.
    Kaden

    Hi Kaden,
    This thread is for reporting service and I hope i can provide some useful informaiton from reporting service side while i don't work on DPM at all. You may still need to find out the forum for the DPM and check there.
    Regardingless of DPM, Reporting Service can usually create HTTP link and HTTPS link together. For the HTTP one, a certificate is needed. HTTPS is not needed excep you have the concern with  security.
    Usually application like DPM/SCOM will connect to the web service link provided by Reporting Service and work on that.
    If the application requires a HTTPS link, then same thing has to be setup on reporting.
    You need to install a certificate and add it to trust store and then configure reporting service to listening on HTTPs 443 port from the reporting service configuration manager.
    You can find the steps here.http://technet.microsoft.com/en-us/library/ms345223(v=sql.110).aspx
    After you create the HTTPS link successful, try to open the https web service link both remotely or locally from IE. If you can open it there without any error, reporting service is working fine.
    For some applications, they would need special  certificates installed on reporting service and used. You may check with the related product on this then.
    In a summary, if you can configure a HTTPS link for reporting service can open it correctly, configuration steps on reporting service is fine.
    If there is still any error from DPM, you would need check additional resource from DPM part.
    Thanks,

  • HTTPS SSL Certificate Signed using Weak Hashing Algorithm

    I am support one client for,  whom falls under Security  scans mandatory for new implementation of ASA 5520 device .  The client uses Nessus Scan and  the test results are attached
    The Nessus scanner hit on 1 Medium vulnerabilities, Could you pls review the statement and provide work around for the same.
    Nessus Scanner reports
    Medium Severity Vulnerability
    Port : https (443/tcp)
    Issue:
    SSL Certificate Signed using Weak Hashing  Algorithm
    Synopsis :
    The SSL certificate has been signed using  a weak hash algorithm.
    Description :
    The remote service uses an  SSL certificate that has been signed using
    a cryptographically weak hashing  algorithm - MD2, MD4, or MD5. These
    signature algorithms are known to be  vulnerable to collision attacks.
    In theory, a determined attacker may be  able to leverage this weakness
    to generate another certificate with the same  digital signature, which
    could allow him to masquerade as the affected  service.
    See also :
    http://tools.ietf.org/html/rfc3279
    http://www.phreedom.org/research/rogue-ca/
    http://www.microsoft.com/technet/security/advisory/961509.mspx
    http://www.kb.cert.org/vuls/id/836068
    Solution :
    Contact the Certificate Authority to have the certificate  reissued.
    Plugin Output :
    Here is the service's SSL certificate  :
    Subject Name:
    Common Name: xxxxxxxxxx
    Issuer Name:
    Common Name: xxxxxxxxxx
    Serial Number: D8 2E 56 4E
    Version: 3
    Signature Algorithm: MD5 With RSA  Encryption
    Not Valid Before: Aug 25 11:15:36 2011 GMT
    Not Valid After:  Aug 22 11:15:36 2021 GMT
    Public Key Info:
    Algorithm: RSA  Encryption
    Public Key: 00 AA AB 57 9C 74 FF E9 FB 68 E1 BF 69 90 8E D2 65 7F  DF 40
    D6 F6 29 E7 35 5E 16 FB 76 AA 03 3F 47 07 5A D0 6D 07 E0 EC
    06 7E  D4 9A 43 C6 B3 A6 93 B7 76 CC 58 31 25 36 98 04 30 E6
    77 56 D7 C3 EE EF 7A  79 21 5E A0 78 9B F6 1B C5 E6 2A 10 B5
    CB 90 3D 6D 7C A0 8D B1 B8 76 61 7F  E2 D1 00 45 E2 A1 C7 9F
    57 00 37 60 27 E1 56 2A 83 F5 0E 48 36 CC 61 85 59  54 0C CB
    78 82 FB 50 17 CB 7D CD 15
    Exponent: 01 00 01
    Signature: 00 24 51 24 25 47 62 30 73 95 37 C4 71 7E BD E4 95 68 76 35
    2E AF 2B 4A 23 EE 15 AF E9 09 93 3F 02 BB F8 45 00 A1 12 A9
    F7 5A 0C E8  4D DB AE 92 70 E4 4C 24 10 58 6B A9 87 E1 F0 12
    AE 12 18 E8 AB DF B9 02 F7  DA BE 3C 45 02 C4 1E 81 44 C2 74
    25 A2 81 E7 D6 38 ED B9 66 4C 4A 17 AC E3  05 1A 01 14 88 23
    E8 9F 3B 5C C5 B8 13 97 27 17 C3 02 5F 6E 7C DB 4C D3 65  B5
    C5 FC 94 62 59 04 E7 7E FB
    CVE :
    CVE-2004-2761
    BID :
    BID 11849
    BID  33065
    Other References :
    OSVDB:45106
    OSVDB:45108
    OSVDB:45127
    CWE:310
    Nessus Plugin ID  :
    35291
    VulnDB ID:
    69469
    and try with configure the ssl encryption method with " ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5" but it throws the same issue.
    Here is ASA log
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2586
    6|Oct 19 2011 01:59:34|725007: SSL session with client production:xxxxxxxx/2586 terminated.
    6|Oct 19 2011 01:59:34|302014: Teardown TCP connection 3201 for production:xxxxxxx/2586 to identity:xxxxxx/443 duration 0:00:00 bytes 758 TCP Reset-I
    6|Oct 19 2011 01:59:34|302013: Built inbound TCP connection 3202 for production:xxxxxxxxxxx/2587 (xxxxxxxxx/2587) to identity:xxxxxx/443 (xxxxxxx/443)
    6|Oct 19 2011 01:59:34|725001: Starting SSL handshake with client production:xxxxxxxxxxx/2587 for TLSv1 session.
    7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
    7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
    7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
    7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
    7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
    7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxxxx/2587
    6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2587
    H

    Hi Ramkumar,
    The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
    If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
    If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
    The links you posted have more information on this as well. Hope that helps.
    -Mike

Maybe you are looking for

  • I have hp laptop dv9009us one day all the USB ports and webcam camera stopped working

    I have hp laptop dv9009us one day all the USB ports and webcam camera stopped working, I had windows XP and tried all solutions posted on online forums didn’t work, I upgraded to windows 7 and still not working, please note that the USB is detected i

  • Syntax error in 'UPDATE' query  ???

    hi.. i know there is something wrong with this query..but not able to find it out. i am using session bean in my project..in one of the method of the bean class, i am updating 'Acc_holder' table. below is the code public String insDeposit(String vuse

  • Need sample code using windows BitBlt() function to display image in CVI

    Hello all, I need a sample code which uses windows BitBlt() function to display image in CVI Thank you. Bob.

  • Bad transmission

    Hi there, I am presently on the road and I experience some difficulties connecting with contacts with whom I used to have perfect connection at home. The images are scattered and sound on-off periodically with images freezing momentarily. I am contac

  • Re: Production if different plant & planning in different plant

    Hi All,           we have two plants to our company code assigned, we have orders for manufacturing plant A, but because of the lack of capacity in plantA, Planning is done in plant A and manufacturing in plant B as per the planning plant A. Also the