GSX API SSL Certificate

How do we get a Client certificate as mentioned below;
Security
Client Certificate
Each client should have an individual certificate, and the certificate should be issued/provided by iOS Systems.
Authentication (2-way SSL)
The client shall provide its certificate as part of the SSL handshake for establishing the SSL connection with iOS Systems. This should be the same as is currently required by APNS for sending push notifications, and allows for a "quick disconnect" if the client is unable to provide an appropriate certificate during the SSL handshake.
Thanks!
Ravin

Hi,
Thanks for the post.
I am wondering if you have tried to re-add it after delete an SSL certificate from a port number.
delete sslcert
Syntax
delete sslcert [ ipport= ] IPAddress:port
Parameters
ipport
Required. Specifies the IPv4 or IPv6 address and port for for which the SSL certificate bindings will be deleted. A colon character (:) is used as a delimiter between the IP address and the port number.
Examples
Following are three examples of the delete sslcert command.
delete sslcert ipport=1.1.1.1:443
delete sslcert ipport=0.0.0.0:443
delete sslcert ipport=[::]:443
Does it work?

Similar Messages

  • File Adapter FTP SSL SSL Certificate Exception

    After reviewing the results of searching on this error, I do not find anything that fits my situation:
    SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
    I am not using X.509 certificate for client authentication.
    My connection is using a non-public certificate.
    I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
    I am getting the following error:
    Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
    Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
    Any recommendations?

    Hi,
    The main reasons for this error are:
    1. The correct server certificate could not be present in the TrustedCA
    keystore view of NWA. Please ensure you have done all the steps
    described in these two URLs:
    Security Configuration at Message Level
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
    0a1550b0/frameset.htm
    2. The server certificate chain contains expired certificate. Check for
    it (that was the cause for other customers as well) and if it's the case
    renew it or extend the validation.
    3. Some other people have reported similar problem and mainly the
    problem was that the certificate chain was not in correct
    order. Basically the server certificate chain should be in order
    Own->Intermedite->Root. To explain in detail, if your server certificate
    is A which is issued by an intermediate CA B and then B's certificate is
    issued by the C which is the root CA (having a self signed certificate).
    Then your certificate chain contains 3 elements A->B->C. So you need to
    have the right order of certificate in the chain. If the order is B
    first followed by A followed by C, then the IAIK library used by PI
    cannot verify the server as trusted. Please generate the certificate in
    the right order and then import this certificate in the TrustedCA
    keystore view and try again. Please take this third steps as the
    principal one.
    Hope it solves your querie.
    Regards,
    Caio Cagnani

  • CF7 and JDK 1.4.2 - EV SSL Certificate Issue

    Let me start off by telling the group that we do not use CF for any of our applications.  We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use.  We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API.  About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy.  I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck.  Here are the details:
    EV Certificate issued by DigiCert (4096-bit).
    Customer is on CF7 and JDK 1.4.2.
    When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application.  He is using cfhttp to post his requests.  We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates.  Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
    Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
    Thanks in advance to those gurus that reply.  I have attached a sample post from our customers logs with non-essential data removed.
    I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
    - Dave

    Dave,
    I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
    I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
    so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
    to either CF 8 or CF 9 to get the issue quickly resolved.
    I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
    if I do find a solution, I'll definitely post it there for you.
    Cheers

  • Portable class library - SSL certificate ignore support.

    Hi,
    We are developing mobile based project targeting to windows and ios platform. 
    1. Project has portable class library that is been shared among all this platforms.
    2. We have asp.net web api services for data provider hosted on server with http and https (ssL) enabled. 
    3. We are successfully able to call web api methods using System.Net.HttpClient in portable class library and data is provided by the utility helper methods to all platforms. 
    4. Now based on the specific requirement we have to utilized https enabled service and we have to switch to ssl enabled call. 
    5. Based on my research over internet "ServicePointManager.ServerCertificateValidationCallback" is one we can use in .net native framework libraries but not available for portable libraries. 
    If anyone can help in this area that how can we make https call from portable class library.
    Thanks in Advance,
    Brajesh patel

    Hello Brajesh,
    As far as I know, in these currently released PCL, there seems to be no way to use the SSL certificate for http request.
    My suggestion is that you could invite your friends or colleagues to vote this idea in below link(someone else already psot this request to the team):
    http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/4784983-support-server-ssl-certificate-chain-inspection-in
    With the increase of the the voice number, this priority of this idea would be improved.
    Regards.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • How to Create SSL certificate for HTTPS Connection in SAP PI

    Hi,
              I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
              How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
             I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
             Please help me on this issue.
    Thanks,
    Siva

    Hi,
    Check if it helps:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
    But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
    Regards,
    Caio Cagnani

  • Office Web Apps Server SSL Certificate

    Hi
    I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
    I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
    If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
    Regards.

    Hi,
    Thanks for your posting in this forum.
    I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
    Thanks for your understanding.
    Best Regards,
    Wendy
    Wendy Li
    TechNet Community Support

  • SSL Certificate Export Password

    Hi ,
    I am trying to export certificate and Key from CSS, Unforunately i do not have password from them.
    Is their anyway to recover password or can i export keys and certificate without password.
    Thanks in Advance
    Aniruddha

    I think the only way to export the key is to use the password issues when importing the key. The SSL Certificate and Key are stored in DES encryption. There is no way to get the key without the password for the certificate and key except to break DES or guess the password.

  • Cisco ASA 5505 and comodo SSL certificate

    Hey All,
    I am having an issue with setting up the SSL certificate piece of the Cisco AnyConnect VPN. I purchased the certificate and installed it via the ASDM under Configuration > Remote Access VPN > Certificate Management > Identity Certificates. I also placed the CA 2 piece under the CA Certificates. I have http redirect to https and under my browser it is green.
    Once the AnyConnect client installs and automatically connects i get no errors or anything. The minute I disconnect and try to reconnect again, I get the "Untrusted VPN Server Certificate!" which isn't true because the connection information is https://vpn.mydomain.com and the SSL Cert is setup as vpn.mydomain.com.
    On that note it lists the IP address instead of the vpn.mydomain.com as the untrusted piece of this. Now obviously I don't have the IP address as part of the SSL cert, just the web address. On the web side I have an A record setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
    What am I missing here? I can post config if anyone needs it.
    (My Version of ASA Software is 9.0 (2) and ASDM Version 7.1 (2))

    It's AnyConnect version 3.0. I don't know about the EKU piece. I didn't know that was required. I will attach my config.
    ASA Version 9.0(2)
    hostname MyDomain-firewall-1
    domain-name MyDomain.com
    enable password omitted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd omitted
    names
    name 10.0.0.13.1 MyDomain-Inside description MyDomain Inside
    name 10.200.0.0 MyDomain_New_IP description MyDomain_New
    name 10.100.0.0 MyDomain-Old description Inside_Old
    name XXX.XXX.XX.XX Provider description Provider_Wireless
    name 10.0.13.2 Cisco_ASA_5505 description Cisco ASA 5505
    name 192.168.204.0 Outside_Wireless description Outside Wireless for Guests
    ip local pool MyDomain-Employee-Pool 192.168.208.1-192.168.208.254 mask 255.255.255.0
    ip local pool MyDomain-Vendor-Pool 192.168.209.1-192.168.209.254 mask 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address Cisco_ASA_5505 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address Provider 255.255.255.252
    boot system disk0:/asa902-k8.bin
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 10.0.3.21
    domain-name MyDomain.com
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network MyDomain-Employee
    subnet 192.168.208.0 255.255.255.0
    description MyDomain-Employee
    object-group network Inside-all
    description All Networks
    network-object MyDomain-Old 255.255.254.0
    network-object MyDomain_New_IP 255.255.192.0
    network-object host MyDomain-Inside
    access-list inside_access_in extended permit ip any4 any4
    access-list split-tunnel standard permit host 10.0.13.1
    pager lines 24
    logging enable
    logging buffered errors
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-712.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static Inside-all Inside-all destination static RVP-Employee RVP-Employee no-proxy-arp route-lookup
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.XX 1
    route inside MyDomain-Old 255.255.254.0 MyDomain-Inside 1
    route inside MyDomain_New_IP 255.255.192.0 MyDomain-Inside 1
    route inside Outside_Wireless 255.255.255.0 MyDomain-Inside 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    action terminate
    dynamic-access-policy-record "Network Access Policy Allow VPN"
    description "Must have the Network Access Policy Enabled to get VPN access"
    aaa-server LDAP_Group protocol ldap
    aaa-server LDAP_Group (inside) host 10.0.3.21
    ldap-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
    ldap-group-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
    ldap-scope subtree
    ldap-naming-attribute sAMAccountName
    ldap-login-password *****
    ldap-login-dn cn=Cisco VPN,ou=Special User Accounts,ou=MyDomain,dc=MyDomainNET,dc=local
    server-type microsoft
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http MyDomain_New_IP 255.255.192.0 inside
    http redirect outside 80
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint LOCAL-CA-SERVER
    keypair LOCAL-CA-SERVER
    no validation-usage
    no accept-subordinates
    no id-cert-issuer
    crl configure
    crypto ca trustpoint VPN
    enrollment terminal
    fqdn vpn.mydomain.com
    subject-name CN=vpn.mydomain.com,OU=IT
    keypair vpn.mydomain.com
    crl configure
    crypto ca trustpoint ASDM_TrustPoint1
    enrollment terminal
    crl configure
    crypto ca trustpool policy
    crypto ca server
    shutdown
    crypto ca certificate chain LOCAL-CA-SERVER
    certificate ca 01
        omitted
      quit
    crypto ca certificate chain VPN
    certificate
        omitted
      quit
    crypto ca certificate chain ASDM_TrustPoint1
    certificate ca
        omitted
      quit
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable outside client-services port 443
    crypto ikev2 remote-access trustpoint VPN
    telnet timeout 5
    ssh MyDomain_New_IP 255.255.192.0 inside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    dynamic-filter updater-client enable
    dynamic-filter use-database
    dynamic-filter enable
    ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 rc4-md5 des-sha1
    ssl trust-point VPN outside
    webvpn
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 3
    anyconnect image disk0:/anyconnect-linux-2.4.1012-k9.pkg 4
    anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 5
    anyconnect profiles MyDomain-employee disk0:/MyDomain-employee.xml
    anyconnect enable
    tunnel-group-list enable
    group-policy DfltGrpPolicy attributes
    dns-server value 10.0.3.21
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
    default-domain value MyDomain.com
    group-policy MyDomain-Employee internal
    group-policy MyDomain-Employee attributes
    wins-server none
    dns-server value 10.0.3.21
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split-tunnel
    default-domain value MyDomain.com
    webvpn
      anyconnect profiles value MyDomain-employee type user
    username MyDomainadmin password omitted encrypted privilege 15
    tunnel-group MyDomain-Employee type remote-access
    tunnel-group MyDomain-Employee general-attributes
    address-pool MyDomain-Employee-Pool
    authentication-server-group LDAP_Group LOCAL
    default-group-policy MyDomain-Employee
    tunnel-group MyDomain-Employee webvpn-attributes
    group-alias MyDomain-Employee enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:1c7e3d7ff324e4fd7567aa21a96a8b22
    : end
    asdm image disk0:/asdm-712.bin
    asdm location MyDomain_New_IP 255.255.192.0 inside
    asdm location MyDomain-Inside 255.255.255.255 inside
    asdm location MyDomain-Old 255.255.254.0 inside
    no asdm history enable

  • A fix for the Mozilla Firefox SSL Certificate Validation Security Weakness vulnerability? This appears to be an issue with not revalidating certificates when loading HTTPS pages from cache.

    We have to close vulnerabilities for PCI & Cybertrust certification. We have upgraded users running Firefox to version 7.0.1 but we are still receiving the message: Mozilla Firefox SSL Certificate Validation Security Weakness. Researching the issue, it appears to be related to certificates not being revalidated when loading HTTPS pages from cache. The bug report I found is:
    Bug 660749 - Firefox doesn't (re)validate certificates when loading a HTTPS page from the cache

    cookies.squite answer is Today at 5:15 PM .
    New profile, same problem.
    We've already established it is not a add-ons problem but obviously there will be less add-ons in this new profile to help exclude.
    Since there is two PC profiles on the PC, I tried the second profile, same problem. Used the RESET FF function on the second PC profile...same thing...even followed the instruct for uninstall &re-install...same problem.
    (3) different virus scanners, no hard core problems.
    Suspect how I have something in Windows setup that no one else is using?

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • How can I change an SSL Certificate display name on Firefox?

    I have 6 SSL Certificate to install in order for an application to open in 6 ways. Each certificate represent a way. The problem is that the pop up window i am receiving to choose one of these 6 SSL displays the Issuer CN while i need it to display the friendly name / or the description since i can modify them.
    Any way this is possible?
    Thanks,

    This article may help you
    https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&s=SSL+certificate+display+on+Firefox&r=7&as=s
    regards,
    Gautam sharma.

  • Is there a way to change the CSR for install SSL Certificate for CCMADMIN

    HI there,
    Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
    For that, I have exported a csr to buy a ssl certificate from verisign.
    The problem is the csr includes fqdn an not just the servername
    But the users just have to type in the servername to reach the server.
    Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
    thanks
    Marco

    Hi
    You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
    Command Syntax
    set web-security orgunit orgname locality state country alternate-host-name
    Parameters
    • orgunit represents the organizational unit.
    • orgname represents the organizational name.
    • locality represents the organization location.
    • state represents the organization state.
    • country represents the organization country.
    • alternate-host-name (optional) specifies an alternate name for the host when you generate a
    web-server (Tomcat) certificate.
    Note When you set an alternate-host-name parameter with the set web-security command,
    self-signed certificates for tomcat will contain the Subject Alternate Name extension with
    the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
    contain Subject Alternate Name Extension with the alternate host name included in the CSR.
    Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
    Regards
    Aaron
    Please rate helpful posts...

  • How can i refresh an SSL certificate for a specific page?

    i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?

    You can try to remove that certificate here:
    Edit > Preferences > Advanced > Encryption: Certificates > View Certificates

  • How do I install this self-signed SSL certificate?

    I haven't been able to connect to the jabber server I've been using (phcn.de) for quite some time now, so I filed a bug report with mcabber. The friendly people there told me to install phcn.de's self-signed certificate, but I can't figure out for the life of me how to do that.
    I know I can download something resembling a certificate using
    $ gnutls-cli --print-cert -p 5223 phcn.de
    Which does give me something to work with:
    Resolving 'phcn.de'...
    Connecting to '88.198.14.54:5223'...
    - Ephemeral Diffie-Hellman parameters
    - Using prime: 768 bits
    - Secret key: 767 bits
    - Peer's public key: 767 bits
    - PKCS#3 format:
    -----BEGIN DH PARAMETERS-----
    MIHFAmEA6eZCWZ01XzfJf/01ZxILjiXJzUPpJ7OpZw++xdiQFBki0sOzrSSACTeZ
    hp0ehGqrSfqwrSbSzmoiIZ1HC859d31KIfvpwnC1f2BwAvPO+Dk2lM9F7jaIwRqM
    VqsSej2vAmAwRwrVoAX7FM4tnc2H44vH0bHF+suuy+lfGQqnox0jxNu8vgYXRURA
    GlssAgll2MK9IXHTZoRFdx90ughNICnYPBwVhUfzqfGicVviPVGuTT5aH2pwZPMW
    kzo0bT9SklI=
    -----END DH PARAMETERS-----
    - Certificate type: X.509
    - Got a certificate list of 1 certificates.
    - Certificate[0] info:
    - subject `CN=phcn.de', issuer `CN=phcn.de', RSA key 1024 bits, signed using RSA-SHA, activated `2009-05-04 08:26:21 UTC', expires `2014-04-08 08:26:21 UTC', SHA-1 fingerprint `d01bf1980777823ee7db14f8eac1c353dedb8fb7'
    -----BEGIN CERTIFICATE-----
    MIIBxzCCATCgAwIBAgIINN98WCZuMLswDQYJKoZIhvcNAQEFBQAwEjEQMA4GA1UE
    AwwHcGhjbi5kZTAeFw0wOTA1MDQwODI2MjFaFw0xNDA0MDgwODI2MjFaMBIxEDAO
    BgNVBAMMB3BoY24uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALqS+tnB
    tNruBGdcjw0o+BWSdfkKH4T3VpS7bkrsS0q7RD5iUIao7jH2lJqTk1TrLbQe28+R
    H0X9Ya+w22iYFea2l3wkrTnBfgdSZbRhpSxgVvC2QEBMoSrEQoRpo5lzXadRlob/
    RQ+rhu/cWCNeiRJzfkmNirPVEciGKQHrwKxxAgMBAAGjJjAkMCIGA1UdEQQbMBmg
    FwYIKwYBBQUHCAWgCwwJKi5waGNuLmRlMA0GCSqGSIb3DQEBBQUAA4GBALFBalfI
    oESZY+UyVwOilQIF8mmYhGSFtreEcUsIQvG1+cgD16glKehx+OcWvJNwf8P6cFvH
    7yiq/fhMVsjnxrfW5Hwagth04/IsuOtIQQZ1B2hnzNezlnntyvaXBMecTIkU7hgl
    zYK97m28p07SrLX5r2A2ODfmYGbp4RD0XkAC
    -----END CERTIFICATE-----
    - The hostname in the certificate matches 'phcn.de'.
    - Peer's certificate issuer is unknown
    - Peer's certificate is NOT trusted
    - Version: TLS1.0
    - Key Exchange: DHE-RSA
    - Cipher: AES-128-CBC
    - MAC: SHA1
    - Compression: NULL
    - Handshake was completed
    - Simple Client Mode:
    Unfortunately, the above command spits out more than a certificate. Do I need the additional information? If so, what do I need it for? Where do I need to put the certificate file?

    Hi,
    I recently found out a way how to install test or self-signed certificates and use it with S1SE.
    See:
    http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
    Follow the instructions there
    1. Create CA
    2. Create root ca certificate
    Now install the root-ca-certificate in S1SE -> Security>Certificate Management and Install a "Trusted Certificate Authority".
    Paste the contents of the file: cacert.pem into the message-text box.
    Then restart the server. Now your CA-Cert should be visible in the Manage Certificates menu.
    The next step is to send a certificate-request from S1SE to your e-mail-address.
    The contents of the e-mail the server sends to you (certificate request) must be pasted into the file: newreq.pem.
    Now just sign the Request:
    CA.pl -sign
    The last step is that you have to paste the contents of the file newcert.pem into the message-box of the Security>Certificate Management - now under the option Certificate for "This Server".
    Then you have to reboot the server/instance again and it should work with your certificate.
    Regards,
    Dominic

  • How Do You Generate a 2048bit CSR for a Third Party SSL Certificate for LMS 4.0.1?

    Our site requires Third Party SSL certificates to be installed on our servers.  We have an agreement with inCommon. I have to supply a CSR in order to obtain the SSL certificate.
    My installation is on a Windows 2008 server and I had the self-signed CSR already but it is only 1024 bits.  Is there someplace in the GUI or OS where I can change the encryption?

    This is a shot in the dark, but since CiscoWorks is using (I believe) Tomcat as the web server, could you run keytool to generate the CSR?
    http://help.godaddy.com/article/5276
    You could also use an online CSR gererator such as:
    http://www.gogetssl.com/eng/support/online_csr_generator/
    The key (pun intended) is having the private key on your server so that when you get the signed certificate and install it (using sslutil) it will be usable.
    Hope this helps.

Maybe you are looking for

  • Cannot send email links from Safari share button in iOS8

    Hi All: This is a new one for, and not something I have experienced since link sharing was introduced. I am running iOS 8.1.1 on my iPhone 6. When I find a web page I want to share in Safari, I tap the Share icon, and the share sheet comes up. I sele

  • How to restore R11 database..? Please guide in details.

    Dear Friends, I had install Windows NT 4.0 as domain controller and installed oracle R11 and configured. It was working fine. After some time I had UPGRADE my Operating system WINNT 4.0 to WINDOWS Server 2000. Server was properly upgraded with any tr

  • Grant access to users from different Domains

    Hi, Recently my company was merged with another. All users from my company are setup in our Domain (DomainA). Sharepoint is able to see the users in this domain and grant access to the users as well. When the merger happened, we created a Group (Test

  • Fatal error: error writing to -: Broken pipe

    Why does this simple default program for Xcode fail in this way? I didn't code this, this is the default for a new C++ project in Xcode (3.2) #include <iostream> int main (int argc, char * const argv[]) {     // insert code here...     std::cout << "

  • Installation Of SpeedGate Patch (Update)

    The SpeedGate CC Update Patch will not install It is returning an "Unspecified Fault" It has been "Uninstalled and "Reinstalled" but not worked The "Creative Cloud Desktop App" has been reinstalled..............but the One Element" that fails is "Spe