GoDaddy SSL Certificates in WLS v 10.3.1.0

Similar Messages

• Godaddy SSL certificate on weblogic

  Hello,
  Recentally I purchased ssl certificate from godaddy, they send me 2 files (mydomain.crt) and (gd_bundle.crt).
  now I don't know how to create .pem file just to complete the installation. below the instruction I did.
  - keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore identity.jks -storepass password -keypass password
  - keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore identity.jks -storepass password
  here when I enter this I get an error ( keytool error: java.io.FileNotFoundException: CertChain.pem (No such file or directory not found). so how to create the CertChain.pem from the files I got from godaddy.
  - keytool -import -file CertChain.pem -alias client -keystore identity.jks -storepass password
  - keytool -import -file rootCA.cer -alias RootCA -keystore trust.jks -storepass password
  Keytool –list –v –keystore <keystore-name> -storepass <keystore-password>

  I found out how to install godaddy ssl certificate on weblogic follow the link below.
  http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
  but I still get This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

• Install GoDaddy SSL Certificate to Windows Server 2012 - Access Anywhere

  I would like to activate Access Anywhere on my windows server 2012 essentials. I went through the guided steps and purchased a SSL certificate from Godaddy. Godaddy doesn't offer support regarding the correct installation process of their certificates
  using iis 8 (server 2012 essentials). I noticed that Access Anywhere requires a PFX certificate and Godaddy only provided a PKCS #7 and a cer. file. Please let me know if Godaddy's certificates are compatible with windows server 2012 essentials. Without Access
  Anywhere functioning on my server, the usefulness of the server greatly decreases. Your assistance is greatly appreciated. Thanks. 

  All you need is the standard, lowest level, single domain, no email, no bells, no whistles, no UCC.  Just a simple SSL cert.  Even SBS standard which adds email to the RWA feature, only requires that, thanks to the magic of the dev. team.
  Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

• Godaddy SSL certificate installation problems - intermediate certificate not being recognized

  domain = mail.gottfried.org
  Installed both the certificate and the intermediate certificate from godaddy (used the 10.6 mac os x version)
  Response from:
  http://www.sslshopper.com/ssl-checker.html#hostname=mail.gottfried.org
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
  When I check in 0000_any_443_.conf
  I see:
  SSLCertificateFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. cert.pem
  SSLCertificateKeyFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. key.pem
  SSLCertificateChainFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. chain.pem
  I am assuming that the intermediate certificate should be:
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.chain.pem
  When I look at that certicate it is the same as
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.cert.pem
  When I check keychain and exported both the mail.gottfried.org certificate and also the starfield secure certification authority they match what was installed initially (what I downloaded from Godaddy).
  It looks like in the install process the intermediate certificate is not being linked to the ssl certificate and that the ssl certificate is being used for the chain.
  Anyone have any suggestions?
  I have talked to both Godaddy and Apple Enterprise support. Godaddy has nothing past 10.6 instruction wise (though the support person really tried to help). The Apple rep couldnt really help and if I really want help from them I need to talk to integration where costs start at $700....
  Anyone have an SSL provider that worked properly with 10.8  or has really good support for mountain lion server?
  Please let me know.
  Thanks!

  While you still can, get a refund for the certificate, and get a certificate from somebody else, and preferably one that doesn't need an intermediate?  That'll be the easiest.
  If you're not doing ecommerce or otherwise dealing with web browsers and remote clients that you don't have some control over or affiliation with, you can use a private certificate and get equivalent (or arguably better) security.  Running your own certificate authority does mean you'll learn more about certificates, though.
  Here and here are general descriptions of getting certificates and intermediate certificates loaded, and some troubleshooting here and particularly here (TN2232).  I have found exiting Keychain Access to be a necessary step on various versions.  It shouldn't be, but...
  FWIW and depending on your particular DNS setup and whether you're serving multiple web sites, you'll need a multiple-domain certificate.
  Full disclosure: I've chased a few of these cases around for customers, and it can take an hour or three to sort out what the particular vendor of math, err, certificates has implemented, to confirm the particular certificate formats and possibly convert the certificates where necessary, and to generally to sort out the various posted directions and confusions.  (I'm not particularly fond of any of the major math, err, certificate vendors, either.)

• Anyone use godaddy ssl certs?

  I have been looking into changing ssl certificates, currently we use thawte. I have had some trouble with the godaddy ssl certificates but I think it is probably that it is just slightly different then what I was used to. My question is is anyone else out their using godaddy for your ssl certificates and have you had any issues or do you have any concerns with using them?

  Yes, I havnt seen any issues with it.
  If u need any help installing it in ur keystore let me knw.
  -Faisal
  http://weblogic-wonders.com

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• DSEE7 - DPS and CA-signed SSL certificates

  I recently deployed two new DSEE7 DPS servers and last night was attempting to install CA-signed (GoDaddy) SSL certificates on them. I used dpadm to generate the required 2048-bit CSR and received my certificates. I added them to the servers using the DSCC interface and after adding them and restarting the instance the certs were not showing up. I thought perhaps the operation had failed so I tried again and saw that the alias already existed. I then noticed that the certificate was listed under the CA certificates. I deleted it from there and imported the cert using dpadm add-cert, only to have the same thing happen again.
  dpadm add-cert /usr/local/dps/instance/ dps03.prod.domain.com /tmp/dps03.prod.domain.com.crt
  # dpadm list-certs /usr/local/dps/instance
  0 certificate found.
  # dpadm list-certs -C /usr/local/dps/instance | grep dps03
  dps03.prod.domain.com     2010/01/19 11:08 2013/01/19 11:08 n         SERIALNUMBER=xxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US      CN=dps03.prod.domain.com, OU=Domain Control Validated, O=dps03.prod.domain.comI have installed SSL certificates from GoDaddy on all my other production DS and DSEE systems (6.3.1) without issue, including their intermediate and root certificates to complete the trust chain.
  Does anyone have any insight into what the issue might be and how to correct it?

  Hi,
  Have you used the same alias in both case ? . i.e
  dpadm request-cert [options] /usr/local/dps/instance dps03.prod.domain.com
  then
  dpadm add-cert /usr/local/dps/instance/ dps03.prod.domain.com /tmp/dps03.prod.domain.com.crt

• Installing SSL Certificate(s) on IOS

  Having an issue with an SSL certificate (DigiCert) on a Cisco 2811 running IOS 124-24.T4.
  I can get the certificate(s), intermediate and server certs installed fine unsing the one trustpoint created. And the ssl website works fine for IE browsers, but other browser types get errors. When I do an SSL cert check it shows that the "The server is not sending the requied intermediate certificate" (see attachment). I feel like I have followed what documentaiton is available correctly. Any suggestions is greatly appreciated.
  This is the best directions I could find to follow. They are specifically for go-daddy certs but I think it would be the same process for any.
  http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/smid/622/ArticleID/21/reftab/195/t/Installing-GoDaddy-SSL-Certificates-on-a-Cisco-IOS-Router-using-CLI.aspx
  Thanks,
  BR

  Hi ,
  If you have multiple CA certs, you need to authenticate the trustpoint containing the identity certs using the immediate intermediate cert and then use other trustpoints to import the  other CA certs one by one.
  So basically,we need to follow the following configuration to import the 3 CA certificate and the Identity certificate on the router:
  1.  Create root trustpoint
  >>
  >> Crypto ca trustpoint root
  >> Enrollment terminal
  >>
  >> chain-validation stop
  >>
  >> revocation-check none
  >>
  >> Crypto ca authenticate root
  >> (this will prompt to paste in the PEM/base64 of the Root CA certificate)
  >> Quit after you paste the Root CA certificate.
  >>
  >>
  >> 2.  Create intermediate trustpoint for the primary intermediate certificate
  >>
  >> crypto ca trustpoint intermediate-primary
  >> enrollment terminal
  >>
  >> chain-validation continue root
  >>
  >> revocation-check none
  >>
  >> crypto ca authenticate intermediate-primary
  >> (this will prompt to paste in the PEM/base64 of the Primary Intermediate CA certificate)
  >> Quit after you paste the intermediate primary certificate.
  >>
  >>
  >> 3.  Create intermediate trustpoint for the secondary intermediate certificate
  >>
  >> crypto ca trustpoint intermediate-secondary
  >> enrollment terminal
  >> keypair
  >> chain-validation continue intermediate-primary
  >>
  >> crypto ca authenticate intermediate-secondary
  >> (this will prompt to paste in the PEM/base64 of the Secondary Intermediate CA certificate)
  >> Quit after you paste the intermediate secondary certificate.
  >>
  >> 4.  Import the IDentity certificate
  >>
  >> crypto ca import intermediate-secondary certificate
  >> (paste the ID certificate PEM/base64 here)

• How do I install a CSR & SSL Certificate in Adobe Muse while hosting the website with GoDaddy, not Business Catalyst?

  I have designed a website and I want to host it with GoDaddy. I also want to install a SSL Certificate so I can get the HTTPS://mydomain.com instead of the HTTPS://mydomain.worldsecuresystems.com that I get with BC. Is there a way to install the SSL Certificate in Adobe Muse so that I can do this?

  This is something you'd have to do on Go Daddy, its not something that would be done in Muse.
  Go Daddy's page on their SSL service is: SSL Certificates | Secure Your Data & Transactions - GoDaddy

• How Do You Generate a 2048bit CSR for a Third Party SSL Certificate for LMS 4.0.1?

  Our site requires Third Party SSL certificates to be installed on our servers.  We have an agreement with inCommon. I have to supply a CSR in order to obtain the SSL certificate.
  My installation is on a Windows 2008 server and I had the self-signed CSR already but it is only 1024 bits.  Is there someplace in the GUI or OS where I can change the encryption?

  This is a shot in the dark, but since CiscoWorks is using (I believe) Tomcat as the web server, could you run keytool to generate the CSR?
  http://help.godaddy.com/article/5276
  You could also use an online CSR gererator such as:
  http://www.gogetssl.com/eng/support/online_csr_generator/
  The key (pun intended) is having the private key on your server so that when you get the signed certificate and install it (using sslutil) it will be usable.
  Hope this helps.

• Can't install a wildcard SSL certificate

  Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
  I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
  However, this is where it gets strange...
  The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
  Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
  I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
  Any insights appreciated! TAA

  In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
  You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
  openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
  The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
  Good luck with it

• Exchange 2010: How to renew an SSL certificate?

  Hi all.  I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010.  I really don't want to mess this one up by cobbling together partial answers
  from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out. 
  This is a standard GoDaddy 5-domain UCC certificate.  There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet).  The existing certificate expires in a month or so. 
  I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
  has addressed all my concerns, or in some cases information conflicts.  So my concerns for example are:  can you do a renewal for a certificate before the old one expires?  It is actually a renewal, or are you adding a 2nd certificate? 
  Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  Thank you. 

  -->Can you do a renewal for a certificate before the old one expires? 
  Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
  -->It is actually a renewal, or are you adding a 2nd certificate? 
  You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
  -->Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  You will have to do it from MMC or EMS. No need to do anything from IIS.
  Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
  1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
  folder
  Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
  2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
  3. Open Exchange MMC. Go to Server configuration. Right click on the pending request.  Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
  4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
  5.Delete the old one certificate from MMC.
  From EMS use this command 
  Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
  You can see the the certificate thumprints using Get-ExchangeCertificate command
  MAS. Please dont forget to mark as answer if it helped.

• SSL Certificate - No public Biztalk

  Hello !!
  I've been working with Biztalk since 2006 version, always doing some AS2, encryption and so on. It's the first time a customer requires to use a GoDaddy, Symantec, etc. SSL (in the past always self-signed ssl).
  My question is simple:  This biztalk server is not public, won't use a URL, just plain IP.  The guys at GoDaddy or Symantec does not understand what I'm asking for, they just keep asking what's the URL of the website.
  Can you give me any directions on how to work with this scenario? How do I request the SSL certificates for encryption and signing?
  Thank you!
  Victor

  You will have a problem with that which you might not be able to overcome.
  The names on the certificate used for TSL/SSL must match the host names used in the url either directly or by wildcard.
  However, no public vendor will sell you a total wildcard certificate and probably no public vendor will sell you an IP address based certificate because a particular address, 10.4.5.6 for example, can be used many, many times on different networks. 
  If you actually own that public address space, maybe, but it's unlikely you do.
  You have two realistic options:
  Assign the BizTalk endpoint a name in a DNS namespace you own and buy a certificate for that.  You don't actually have to register the host name, the clients can use a hosts file or equivalent.
  Continue to use self-issued certificates.
  One question, of the BizTalk Server is not public, how is the customer accessing it?  I don't need to know how, but it's an unusual request to require a public cert for an internal service.

• Peer not authenticated-godaddy ssl tinypng

  Up until a week or so ago we were using tinypng api to compress png images using CFHTTP to connect to their API. It uses SSL. Suddenly it stopped working. They say their ssl certificate has not been changed. No changes have been made to the server that I am aware of. We can connect to every other SSL site I can think of to test with no issues at all.
  Site we are trying to connect to: https://api.tinypng.com/shrink or for testing simply https://www.tinypng.com
  They are using a godaddy certificate. We have tried importing all of the godaddy certs using keytool, into both the CF cacerts file and into the java one. Restarted CF, restarted the server, still we get the same error.
  I tested on 3 other servers running CF 9.01 and all have the same problem.
  Others recommended we try cfx_http5. Tried that and same issue, error is a windows error code that basically matches the CFHTTP error that we are getting.
  Set up a test on an amazon ec2 server running cf 11 and it works fine. Copied the cacerts file from CF 11 to my CF 9 dev server and restarted, still get the same error.
  Is there any way to fix this problem that we have not already tried?  I even manually added the certs to the trusted list in java panel and it made no difference at all.
  You can see what cfhttp returns on CF 9.01 here:
  http://www.coldfusioncoder.com/test.cfm
  And you can see what cfx_http5 returns here:
  http://www.thousandsofbolts.com/tinypng.cfm
  Any advice or fixes greatly appreciated, have wasted hours with this since it quit working.

  Up until a week or so ago we were using tinypng api to compress png images using CFHTTP to connect to their API. It uses SSL. Suddenly it stopped working. They say their ssl certificate has not been changed. No changes have been made to the server that I am aware of. We can connect to every other SSL site I can think of to test with no issues at all.
  Site we are trying to connect to: https://api.tinypng.com/shrink or for testing simply https://www.tinypng.com
  They are using a godaddy certificate. We have tried importing all of the godaddy certs using keytool, into both the CF cacerts file and into the java one. Restarted CF, restarted the server, still we get the same error.
  I tested on 3 other servers running CF 9.01 and all have the same problem.
  Others recommended we try cfx_http5. Tried that and same issue, error is a windows error code that basically matches the CFHTTP error that we are getting.
  Set up a test on an amazon ec2 server running cf 11 and it works fine. Copied the cacerts file from CF 11 to my CF 9 dev server and restarted, still get the same error.
  Is there any way to fix this problem that we have not already tried?  I even manually added the certs to the trusted list in java panel and it made no difference at all.
  You can see what cfhttp returns on CF 9.01 here:
  http://www.coldfusioncoder.com/test.cfm
  And you can see what cfx_http5 returns here:
  http://www.thousandsofbolts.com/tinypng.cfm
  Any advice or fixes greatly appreciated, have wasted hours with this since it quit working.

• Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

  <p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for&nbsp;our external domain. We have purchased an SSL wildcard positive certificate
  *.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to&nbsp; <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
  because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
  with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
  is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>

  Hi,
  According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
  If I misunderstand your meaning, please feel free to let me know.
  And to understand more about the issue, I’d like to confirm the following information:
  What’s detail error page?
  Check the Outlook Anywhere configuration: get-outlookanywhere |fl
  Check the certificate : get-exchangecertificate |fl
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support