How to import self signed root CA certificates on to playbook.

Similar Messages

• Export & Import Self-Signed Root CA Certificate?

  I have created a self-signed Root CA certificate with which I sign all of my other certificates on a leopard Server. This Root CA is installed and trusted on all of our client machines.
  I recently tested exporting and archiving the Root CA in every format available from Keychain Access and then tried to import these files into another Snow Leopard server and was unable to assign the imported Certificates as a "Default Certificate Authority".
  Does anyone know how I can set this Root CA that I created on another server as the default CA on this new machine for signing all future certificates that I create?
  Fore some reason when I go into Keychain Access and select: Keychain Access -> Certificate Assistant -> Set the Default Certificate Authority… I end up with no certificates to choose from and the "Add a Certificate Authority…" button will not allow me to select any of the exported certificate formats that I archived.
  Any thoughts?

  Anyone have any information at all? This seems like a very basic need for maintaining certificates beyond the usable life of the equipment on which they were created.
  I have found precious little information about this specific to Apple OS.

• How to Import Self-signed SSL server certificates in Adobe AIR applications

  Hi,
  I am using secure AMF endpoints for remote object communication from AIR client.
  since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
  Is there any mechanism to import the server certificate in AIR application..?
  Please provide suggestions.
  Thanks

  I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????

• How to install self-signed ROOT CA certs in safari 4 for windows?

  Hello, I do some web development and I use Safari for windows to test all my works for mac users, since v4 I haven't been able to test my apps because safari ask me for a certificate to use for connecting to the test environment (uses self signed cert chain) while other browsers (opera, firefox, IE) just alert me of an untrusted CA certificate. How do I install the CA certificate or whatever I need to do to test my apps on safari 4 windows? thanks for your support

  For what it's worth, you can install a self signed cert only for pages that you go directly to. So if the self signed page is one that is included in page from another server (like images being served from a separate content server) you can install the cert but it still won't serve that content until.....you go directly to that self signed page. Also, this solution only works for the currently running browser and as soon as you shut down the browser the cert is apparently lost. Annoying as heck especially if you happen to be a shop setup that way and you are testing your site on Safari for Windows. arrrgggg! Dear Apple, please fix so we can test that our sites work with your browser.....help us help you!

• Using a Self Signed Root CA Certificate with Mail

  Hello -
  I'm experimenting with public/private encryption using Mail 3.5 on Mac OS 10.5.6, Keychain Access 4.0.2 and Certificate Assistant 2.0.
  I created a Certificate Authority with CA 2.0, granted a certificate to two different users with different email addresses and loaded the certificates into Mail 3.5 on two different machines running 10.5.6. I am able to send and receive signed messages between the two accounts but I'm unable to send encrypted messages, the 'lock' icon remains dimmed.
  When I look at keys in Keychain Access I don't find a public key for the receiver's address but I do have a certificate for both sender and receiver and a public and provate key for the sender.
  Can anyone shed light on why Mail won't let me encrypt the message?
  Thanks,
  Scott.

  Anyone have any information at all? This seems like a very basic need for maintaining certificates beyond the usable life of the equipment on which they were created.
  I have found precious little information about this specific to Apple OS.

• OBIEE 11g SSL how to generate self-signed/demo certificate

  Hi,
  We are enabling SSL for OBIEE 11.1.1.5 environment and want to generate self-signed or demo certificate.
  We are following note 1326781.1 and are at Step 1 - point 4 that says:
  4. Submit the Certification request to your Signing Authority (CA).
  Certification Authority(CA) is an valid signing authority of your choice (for example: OpenSSL, Verisign,
  Microsoft, etc)
  Upon submission of the certificate request, CA returns the certificate for the testmachine server (Server Certificate). Copy the CA certificate and Server Certificate to <MW_HOME>/SSL folder.
  How to gerenate self-signed or demo certificate?
  Thanks in advance.

  As long as you have the keytool on that server (installed with WLS) , you can create the generate the certificate and import that into a keystore.
  Follow : Getting Started with WebLogic Server: How to Create and Configure Self Signed Certificates for WebLogic Server Environments [ID 1341192.1] , describes the two options.
  http://www.techpaste.com/2012/06/steps-configure-ssl-oracle-weblogic-server-custom-identity-java-trust-keystore/
  I am not sure how to generate self signed certs on IBM AIX machine.
  HTH,
  SVS

• How to use self-signed Certificate or No-Check-Certificate in Browser ?

  Folks,
  Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
  [user@localhost bin]$ ./emctl start dbconsole
  The command returns the output:
  https://localhost.localdomain:1158/em/console/aboutApplication
  Starting Oracle Enterprise Manager 11g Database Control ... ...
  I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
  The connection to localhost.localdomain: 1158 cannot be established.
  [user@localhost bin]$ ./emctl status dbconsole
  The command returns this message: not running.
  [user@localhost bin]$ wget https://localhost.localdomain:1158/em
  The command returns the output:
  10:48:08 https://localhost.localdomain:1158/em
  Resolving localhost.localdomain... 127.0.0.1
  Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
  ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
  Self-signed certificate encountered.
  To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
  Unable to establish SSL connection.
  A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
  Website certified by an Unknown Authority. Examine Certificate...
  I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
  But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
  My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
  Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
  In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
  In Authorities tab, there are a few names as indicated in the above output of wget.
  My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
  Thanks.

  Neither problem nor solution do involve Oracle DB
  root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
  This thread is OFF TOPIC for this forum.

• EDirectory install - failed to retrieve self-signed root certificate:142

  Hi,
  My istallation has 2 NICs, public & internal.
  My tree name is IS.
  I have succesfully installed and used RedCarpet. I additionally enabled
  the Firewall and DHCP server to allow internet access to my users.
  On running Yast install for eDirectory I am given the default IP address
  of the server, this is the Public IP address - I decided that eDirectory
  was for internal use so changed IP address to internal one.
  At 50% of installation an error pops up :-
  Error
  The installation failed to retrieve the self-signed root certificate:142
  I aborted the installation.
  I retried the install using the public Ip address, it complains ports are
  already in use, I chose ignore and go ahead. Same error occurs :142.
  Your assistance and guidance would be appreciated.

  > Hi Johan,
  >
  > Thanks for sticking with me... I appreciate your time and help (believe
  > me, It's a great help..)
  >
  > I have cracked it...
  >
  > On a reboot, I chose to press F2 to get rid of the Suse Chameleon screen
  > and watched the boot process progress. I then noticed that it was unable
  > to contact my specified NTP source.
  >
  > I went into Yast Ntp client and changed my NTP source to other published
  > secondary NTP servers and all failed. I then put in the ip address of one
  > of the time servers and Bingo! ntp connected...I think I've seen this
  > before with Netware...where name resolution of the ntp server name does
  > not occur....most ntpserver administrators state they prefer you contact
  > the server by name rather than address...hmmm.....
  >
  > I then retried Yast eDirectory install and it was a breeze, as was the
  > iManager install....
  >
  > GroupWise here I come...
  >
  > Rgds.
  >
  > Stan Chelchowski
  >
  Hi, this is roy.
  had the same issue. using a supermicro with a builtin dual nic.
  disabled it and installed an old pci nic to test and it finally loaded the
  edirectory without an error.
  on another note, i am installing the NLSBS 9.0 and had to manually load
  the disk drivers since i have an adaptec 2010s raid adapter. i had
  installed suse 9.3 on the same machine earlier with absolutely no issues,
  but NLSBS is a pain. if you run red carpet and update all, then the driver
  issue returns.
  how do you get and install the service pack 2?
  thanks,
  roy

• IOS 6.1 upgrade, self signed root certificate not working

  Hello,
  We have been deploying our organizations self signed root CA to the iPhones with Apple Configurator and using that to confirm the identity of our local webservers.
  Has anyone had problems with self signed root certificates after upgrading to 6.1 (same with 6.1.1)?
  Safari complains that "Safari cannot verify the identity of "<servername>", Activesync also stopped working.
  Any ideas to overcome the issue, other than buying a hundred certs from a trusted ca?

  Same thing for me after updating to 6.1.2.  Facebook, gmail, and many US govt sites certificates have been declared invalid by iOS/Safari.  And there is no way to accept and continue, just click "ok" and you are forever prevented from those sites.

• How to replace self-signed certificate for enterprise manager console

  Does anyone know how to change self-signed certificate for https access to Enterprise Manager console, which is issued during installation of Oracle 11g?

  Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
  Not sure how relevant it will be for 11g, sorry :(

• How to monitor self signed certificates using scom 2007 R2

  How to monitor self signed certificates using scom 2007 R2.  i need to monitor specifically self signed certificates expiration. if  possible in two state monitor...please suggest me the best way..
  B John

  Hi,
  Based on my understanding, that you want to create a monitor to monitor certificate expiration, with two state, when the certificate is about expiration for 21 days,, send warning, when the certificate is about expiration for 10 days, then send
  alert. I think we need to create scripts to do so, hope the below links can be helpful:
  Monitoring Certificates In SCOM
  http://blogs.technet.com/b/omx/archive/2013/01/30/monitoring-certificates-in-scom.aspx
  Monitoring Expiring Certificates using SCOM
  http://blogs.technet.com/b/sgopi/archive/2012/05/18/monitoring-expiring-certificates-using-scom.aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Replace Self-Signed FAST Search Certificate with Third Party Certificate

  We are trying to replace the Self-Signed FAST Search Certificate with Third Party Certificate in our SP 2010 environment. And are facing issues while enabling the SSL communication between the FAST servers and the corporate servers.
  Our FAST search servers are in a different farm than that of the Corporate Servers.
  The details of the certificate we received is as follows:
  Issued to : FastSearchCert
  Issued By: Issuer Name
  Valid From: 4/21/2015 to 4/20/2017
  We were able to successfully renew the certificate on the FAST Search Server by following the below steps:
  1.  Login to the Administrative and the Non-Administrative nodes 
  of the FAST server. Go to Windows Service and stop the FAST Search for SharePoint and the FAST Search for SharePoint Monitoring services in both the servers.
  Follow the below steps in the Administrative Node followed by the Non-Administrative Node
  2. 
  Install the certificate in the following paths in the certificate store:
  “Certificates(Local Computer)\Personal”
  “Certificates(Local Computer)\Trusted Root Certification Authorities”
  3. Ensure that the user account configured for the “FAST Search Server 2010 for SharePoint” has access to the private key of the certificate.
  4. Go the Administrative node of the FAST farm and follow the below steps:
  Go to the certificate store.
  Expand the Personal folder and then click the Certificates folder. Double-click the third party signed FAST certificate.
  Open the Details tab and then click Thumbprint. Note down this thumbprint.
  5. Next, open
  Microsoft FAST Search Server 2010 for SharePoint with Administrator
  Privileges.
  6.
  Navigate to the directory, “D:\FASTSearch\installer\scripts” and execute the below command to replace the current certificate with the newly created
  third party signed FAST certificate.
  .\ReplaceDefaultCertificate.ps1 -thumbprint "certificate thumbprint".
  7. The FAST certificate was renewed successfully.
  Once the certificate has been renewed successfully in both the nodes, follow the below step:
  8. Start the FASTSearch for SharePoint and the FAST Search
  for SharePoint Monitoring services in the administrator server.
  Next, while enabling the SSL communication between the FAST servers and the other corporate servers, we follow the below steps:
  1. 
  Copy the new certificate from any of the FAST servers to all the web-front end and application servers in the corporate farm, in order to enable SSL communication between these servers and the FAST farm.
  2.   Also, copy the script
  ‘SecureFASTSearchConnector.ps1’ from the location “%FASTSearchFolder%\installer\scripts” in the FAST servers 
  to the web-front end and application servers of the corporate farm.
  3.  Follow the below steps on each of the servers in the corporate farm:
  Open ‘SharePoint 2010 Management Shell’ with administrator privileges and navigate to the directory in which
  SecureFASTSearchConnector.ps1’ script is located.
  And then, execute the below command:
   .\SecureFASTSearchConnector.ps1 -certThumbprint "certificate thumbprint" –ssaName “FASTCibtebtSSA” –username “DOMAIN\SP_Farm”
   Where,
  -certThumbprint 
  - Thumbprint of the certificate
  -ssaName – FAST Content SSA
  -username – The account configured to run the SharePoint
  Search Service
  On execution of the above command, we receive an error message stating that the "Connection to the Content Distributor servername.corp.abc.org: 14391 could not be validated...instance of FAST search server backend is running"
  Please help us resolve this issue. We have not been able to find the cause of the above error for a long time.
  Any help is much appreciated.

  Your tip on exporting from eDir to locate a missing private key was very helpful. Here are my steps to renew an expired third party certificate when the private key, generated 30 months ago in my case, could not be located.
  In iManager, browse the tree and locate the likely certificate object. The Attributes for the object show Subject Name = webmail.acme.com. Selected the certificate and exported to webmailcert.pfx.
  Then, the openssl commands in TID 7004039, "How to convert a SSL PFX to a PEM file", were run against the .pfx file to create cert.pem, key.pem and server.key files.
  TID 7015500, "How to determine if private key belongs to public key (certificate)", was followed to determine if the public key (downloaded from third party) and private key (just retrieved from iManager) match - they did - that is, the private key converted from webmailcert.pfx matches the downloaded certificate.
  TID 7013103, "How to create a .pem File for SSL certificate Installations", was followed to manually create a server.pem file using openssl.
  TID 7010584, "How to setup SSL Certificate for Apache", part labeled "Additional Information" was followed to modify /etc/apache2/vhosts.d/vhost-ssl.conf file. Server.pem file created above copied to /etc/apache2/ssl.crt/ and /etc/ssl/servercerts/ directories as specified in vhost-ssl.conf.
  Restarted apache2.
  www.digicert.com has an SSL Certificate Checker that can be used to verify the installation is successful.

• How to import a password protected p12 certificate to keystore?

  Hi all,
  I am new in java security programming.
  And I got something very urgent need your help..
  How to import a password protected p12 certificate to keystore programmatically?
  Does anyone have sample codes on this issue?
  thanks very much
  Wyan

  Hi omslion,
  I responded to a similar post from you (and moved it to the Acrobat forums). Password protecting a file requires Adobe Acrobat. You are welcome to download a free 30-day trial of Acrobat. For more information, see www.adobe.com/products/acrobat.html.
  Best,
  Sara

• 50.28.68.31:2087 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for a id="cert_

  50.28.68.31:2087 uses an invalid security certificate.
  The certificate is not trusted because it is self-signed.
  The certificate is only valid for <a id="cert_domain_link" title="new.thelifeincomegroup.com">new.thelifeincomegroup.com</a>
  (Error code: sec_error_untrusted_issuer)

  See https://support.mozilla.org/kb/Secure+Connection+Failed

• Importing self-signed certificate

  Hi there!
  I have some problems in importing SSL certificates on my macbook.
  There are 2 certificates that needs to be imported: the root CA certificate, which is self-signed naturally and private user certificate, which is signed by above-mentioned CA.
  The first file in .crt format, which is consists of CA public key and sign. The second file in .p12 format, which is consists of encrypted public and private keys.
  The problem is:
  I can't import nor CA neither my personal certificate.
  The CA cert should be imported at "CA" tab in keychain, but the import button ("+") is inaccesible here:
  http://img.200133883.info/big//%D0%A1%D0%B2%D1%8F%D0%B7%D0%BA%D0%B0_%D0%BA%D0%BB %D1%8E%D1%87%D0%B5%D0%B9-20120313-143521.png
  When I tried to double-click CA.crt I got the import error # -67762 which saying that attribute "key length" was invalid. The same thing with my personal certificate.
  Could somebody explain me, how should I import those two SSL certificated?

  I'm using self-signed certificate from SBS. Right now it's not the question, if something is misconfigured within my certificate (I'm aware of SBS certificate problems), the problem is that E90 WILL NOT recognize .cer or .der files as certificates.
  There must be someone, who can answer this really simple question, which certificate formates are supported on E90.
  You will find this type of question posted many times on different forums, with diiferent suggestion, but they simply don't work.
  Again my error is "file format not supported"