How to issue a self-signed certificate to match Remote Desktop Gateway server address requested
I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
gw.example.com.
Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
But when I connect over RDP from outside the local network I'm getting an error:
Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
Because certificate subject name is gw.domain.local indeed.
So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?
Hi,
Thanks for your post in Windows Server Forum.
The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
server. You can refer below article for more troubleshooting.
TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
And for creating a SSL certificate for RD gateway, you can refer beneath articles.
1. Create a Self-Signed Certificate for the Remote Desktop Gateway Server
2. Obtain a Certificate for the Remote Desktop Gateway Server
Hope it helps!
Thanks,
Dharmesh
Similar Messages
-
How to import the self-signed certificate in runtime
HI.
I work to connect between JSSE client and OpenSSL server with self-signed certificate.
But I met the SSLSocketException during handshaking.
Many Solutions registered in this page.
But their are all using keytool.
My application connect many site support the self-signed certificate.
So, I want to import the certificate in run time.
How Can I do??
Please, answer me..
Thanks,did you figure this out??? I need to know how to accept a self-signed certificate, otherwise it's this exception...
D:\javatools\apis\jsse1.0.2\samples\urls>java -cp jcert.jar;jnet.jar;jsse.jar;. URLReader
Exception in thread "main" javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-12019
8])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120
198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V
1.2-120198])
at java.net.URL.openStream(URL.java:798)
at URLReader.main(URLReader.java:46) -
How to renew a self signed certificate
Hello,
Can someone tell me how I can renew a self signed certificate ? I can't find the relevant option with the certadmin command.
thx,
Tom.Hi,
thanks I had scanned through that document, but it doesn't tell you how to renew a self signed certificate. I went through all the options of the certadmin tool, and renewing a certificate is not one of them. So I guess it must be done manually via some pki binary somewhere on my system, but which one and how ? -
How to use a self-signed certificate
Hello,
I am having some troubles understanding how to use a self-signed certificate. I have created one using Keychain Access -> Create Certificate but it never asked me for the private key and it never told me where the certificate is stored. How am I supposed to use it?
Typically I would like to do two things:
1) use the certificate to for example sign an email or other document so that the recipient can verify that it was really me. I understand the concept that they have to have my public key and use it to somehow decrypt something that I have encrypted with my private key. But where is my private key? As mentioned, the certificate creation process never at any point asked me to provide a private key. An example using this process to sign an email would be really appreciated.
2) I want to be able to decrypt a message that someone sends to me after encrypting it with my public key. Again, I need my private key, where is it? I was never asked to choose one!
Please note that i am familiar with the whole process using openSSL ssh via command line, I just need to understand how to achieve the same thing using the certificate creation procedure provided via Keychain Access.
In short, now thta I have created my certificate, how do I use it? Examples for dummies would be really appreciated
Thanks in advance
/AndreaCan you import the CA cert under “Your Certificates.”, delete the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox.
-
How to import a self signed certificate into Firefox from the windows store properly.
I am currently trying to get a wcf service that runs on the same machine as the browser that is making the request. Since the connection is between a browser and an application running on the same machine security was orginally not a concern and it seemed fine to leave the request on http. The first issue arrised when Firefox did not allow mixed content calls (The website making the requests uses https). I have the service converted fine to run with Chrome and IE in https, but not for Firefox due to its use of a seperate store.
For the windows store I created one CA cert which then issues the self signed cert which is then binded to a port I have the WCF service listening on (In my case this is: https://localhost:8502).
This all needs to be done progammatically so I can't manually Add an Exception (which does work).
If there was a way to use certutil (I am not very addept at using this tool at all) to add this exception it would be very helpful.
The other method I have tried is exporting the selof signed cert and then importing it. Using IIS I can only export the file as .pfx which I can't seem to import into the Servers tab in the certificates interface (I assume this is the right location for it since the exception adds it here). I extracted the certificate from the port through code and imported it to the store, but it does not seem have the extra column defining the port like the exception cert does (It does not work wither).
How do I do this correctly? Or is it even possible to have a self signed cert bypass all this? I only have it using self signed certs since the service is just running on localhost.HI,
Adding an exception does work manually, but you would like to do this programmatically. This has more on the nSS functions [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Certificate_Download_Specification]
I have not tried this you can add it to the file cert8.db if you can insert it into each profile you can access? (For example copy the file after you have manually added it?) that would overwrite any uniqueness however- not good for preserving data.
The best advice would come from the security mailing list or the esr mailing list, that helps enterprise environments. -
How to erase all self signed certificates and force Server to use Signed SSL
I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
Can I replace those self-signed certs with the new one some how?Don't delete those. However, you are on the right track. Follow these steps to resolve.
1: Launch Keychain Access
2: Select the System Keychain
3: Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
4: In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
5: Press Save Changes to save.
6: Reboot the server or kill the servermgrd process to restart the service.
That should resolve your issue.
R-
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store -
How to Increase ACS self signed certificate.
I'm using ACS 4.0 for Windows.
How can I increase the validity of a self signed certificate from one year to more years?
Thanks.
Andrea.It is not possible to extend it. You have to re-issue the cert every year. You can either buy a certificate or setup your own CA to extend the time.
-
Does anyone know how to use a self signed certificate with apple mail??
Ive read about it in mail's help and tried to set it up according to it. Ive created a self-signed certificate but have no idea how to set it up as it would work with Mail so that i would be able to send signed messages. could anyone help me??
Hello rado:
Welcome to Apple discussions.
I am assuming this is what you read:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8916.html
If you follow the instructions when you set up the certificate, you should be fine.
Incidentally, most +"ordinary users"+ (like me) do not use this function. I am curious as to why you want to jump through hoops in your Mail application.
Barry -
How do we create self-signed certificate using java packages
Hi All,
I require some information on creating self-signed certificate using java packages.
The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even after loading a certificate you cannot regenerate some of its fields to embed the new public key – and hence regenerate the fingerprints etc. – and mention a new DN. Essentially, I see no way from java to self-sign a certificate that embeds a public key that I have already generated.
I want to do the equivalent of ‘keytool –selfcert’ from java code. Please note that I am not trying to do this by using the keytool command line option – it is always a bad choice to execute external process from the java code – but if no other ways are found then I have to fall back on it.
Regards,
ChandraI require some information on creating self-signed certificate using java packages. Its not possible because JCE/JCA doesn't have implementation of X509Certificate. For that you have to use any other JCE Provider e.g. BouncyCastle, IAIK, Assembla and etc.
I'm giving you sample code for producing self-signed certificate using IAIK JCE. Note that IAIK JCE is not free. But you can use BouncyCastle its open source and free.
**Generating and Initialising the Public and Private Keys*/
public KeyPair generateKeys() throws Exception
//1 - Key Pair Generated [Public and Private Key]
m_objkeypairgen = KeyPairGenerator.getInstance("RSA");
m_objkeypair = m_objkeypairgen.generateKeyPair();
System.out.println("Key Pair Generated....");
//Returns Both Keys [Public and Private]*/
return m_objkeypair;
/**Generating and Initialising the Self Signed Certificate*/
public X509Certificate generateSSCert() throws Exception
//Creates Instance of X509 Certificate
m_objX509 = new X509Certificate();
//Creatting Calender Instance
GregorianCalendar obj_date = new GregorianCalendar();
Name obj_issuer = new Name();
obj_issuer.addRDN(ObjectID.country, "CountryName");
obj_issuer.addRDN(ObjectID.organization ,"CompanyName");
obj_issuer.addRDN(ObjectID.organizationalUnit ,"Deptt");
obj_issuer.addRDN(ObjectID.commonName ,"Valid CA Name");
//Self Signed Certificate
m_objX509.setIssuerDN(obj_issuer); // Sets Issuer Info:
m_objX509.setSubjectDN(obj_issuer); // Sets Subjects Info:
m_objX509.setSerialNumber(BigInteger.valueOf(0x1234L));
m_objX509.setPublicKey(m_objkeypair.getPublic());// Sets Public Key
m_objX509.setValidNotBefore(obj_date.getTime()); //Sets Starting Date
obj_date.add(Calendar.MONTH, 6); //Extending the Date [Cert Validation Period (6-Months)]
m_objX509.setValidNotAfter(obj_date.getTime()); //Sets Ending Date [Expiration Date]
//Signing Certificate With SHA-1 and RSA
m_objX509.sign(AlgorithmID.sha1WithRSAEncryption, m_objkeypair.getPrivate()); // JCE doesn't have that specific implementation so that why we need any //other provider e.g. BouncyCastle, IAIK and etc.
System.out.println("Start Certificate....................................");
System.out.println(m_objX509.toString());
System.out.println("End Certificate......................................");
//Returns Self Signed Certificate.
return m_objX509;
//**************************************************************** -
How to renew your self-signed certificate p12 with Flash Builder
I have been using a self-signed certificate (generated using Adobe Flash Builder 4.7) for my Android app. The app is live on Google Play market but the certificate is going to expire soon, and I know if I create new certificate and update my app, existing Android users will not be able to auto-update the app (as the App's Signature has been changed). I would like to know how can we re-new the self-signed Certificate .p12 with Flash Builder?
Thank you very much.After doing my research about the self-signed certificate created by Adobe Flash Builder , I realized that was my mistake to think that the certificate would expire soon. I doubled check the expiration date of my self-signed certificate and the date was set to 35 years after I generated it using flash builder 4.7 (which is very safe).
For anyone who wants to check the self-signed .p12 expiration date you follow the instruction from this link:
http://bsdsupport.org/how-do-i-determine-the-expiration-date-of-a-p12-certificate/
Hope it helps -
How-to install a self-signed certificate on Sony Ericcson W350
I am a developer and I am writing a j2me application for a Sony Ericcson W350 phone which needs to be able to use the phones SMS capabilities. I have a signed .jar and .jad file with a self-signed certificate. However, the phone is still treating my application as an untrusted third party app. I think this is occuring because my self-signed certificate isn't in the java certificate store on the phone. Is there a way to load my self-signed certificate into the java certificate store? I have tried copying it over to the phone via bluetooth and usb and installing it through the filesystem, however there isn't an option to install the certificate when browsing to it from the phone's filesystem. Any help would be much appricated.
Deactivating existing Java certificates prevented me from installing the .jad file. I accessed the phone's file system using both Sony PC Companion with USB and using the OS file browser over bluetooth.
-
Issue with Self Signed Certificate Web Sites
I tried searching, but wasn't really getting the answer or help I needed so I figured I would just start a new topic. At my work we have a test server that we use for development and we have a couple of Web Services on there that use Self Signed Certificates. At work, I have a PC (Windows 7) and a Mac Mini (OS X) both of which can connect to the Web Services just fine. But at home, I can't access any of the Web Services at all, my browsers and Xcode keep timing out. I know the Web Service is public, I've accessed it before from other machines outside of work it's just at home I can't. I have an iMac at home, with a linksys router and I don't know if it's a setting on my home computer or network that could be causing it but I don't even get the message in Safari, Chrome or Firefox that the site has a self signed or bad certificate so I know something isn't letting me communicate. Any help would be great (all of the answers I have found suggested to purchase a certificate, which in this case isn't appropriate since they are used for Development until we feel they are ready for production in which case we purchase the certificate). Thanks.
new information:
I tried an other lumia800, the https page worked.
The difference of the two phone was only the language
My phone language was english (US), the other was hungarian.
After that, I switched my phone language settings to hungarian, and tada... the self signed https page worked.
I switched back to english(US) and stopped working.
than I tried english(GB) and worked again.
I did not try other languages, but it looks, if I use english-US language, I cannot see any invalid certificated page
In other language settings, there is no problem. -
How do I override self-signed certificate old ssl blocking.
My hard drive failed and was replaced by my desktop support team. As a result, I had to re-install FireFox, my preferred browser to provide console connections to my production servers. These connections are old, firmware platforms that are not updatable behind multiple firewall layers. They use old versions of ssl and self signed certificates. Your new browser simply blocks access. Without the ability to override permanently this 'feature', I am unable to access the consoles of servers doing billions of dollars in business. I have a work-around in place with other browsers.
So, you are saying that EVERY time I need to access this type of server on my own internal network that is not visible anywhere, I have to go thru this rigamarole of this add on thing, because YOU have decided I can no longer access my own servers in my own network? If there is no permanent fix, I will find another browser that will do the job, and this will be uninstalled across the enterprise, because it becomes very unusable in crisis situations and even during a normal workday, because of the unnecessarily complicated process that has to be done each time. Unbelievable gall. I am speechless. Sure glad I discovered it when it was not urgent. I am sure glad you all are smarter than I am. Sheesh.
-
How to configure a self-signed certificate
Can someone please help me get the parameters/variables correct to gererate a self-signed SSL certificate on a CSS?
Generte the RSA Key Pair
ssl gen temprsakeys 1024 "passwd123"
Associate RSA Key Pair to Key Pair Name
ssl associate rsakey temprsakeys temprsakeys-file
Generate Self-Signed Certificate
ssl gencert certkey temprsakeys signkey ????
Associate Certificate with a file
ssl associate cert ??? ????this is documented at :
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080579e92.html#wp999000
The principle of self-signed is that the certkey and the signkey are the same.
Gilles. -
Issue with self signed certificates on jetdirect J7949E
I'm having a baffling issue with certificates generated internally for use with some HP printers. I can create certificates and install them on J8003E model jetdirect cards and they work fine. When I try to install certs on any of the J7949E cards they fail with an invalid file message. This applies to the root cert as well.
I'm using the Microsoft cert. authority to generate the files.
The printers with the problematic jet direct cards are 4700 Color laserjets and the working models are 4015x monochrome laser printers. Has anyone had this problem and what was done to resolve it? I'm running the latest version of the firmware on the jetdirect cards but the problem existed with older versions as well.Ok, I've validated my html and I'm getting a few errors related to Angular. They're all one of two types of errors
Error 1:
<div ng-controller="ExampleController">
Gets the following error:
Attribute ng-controller not allowed on element div at this point.
Error 2:
<my-directive></my-directive>
Gets the following error:
Element my-directive not allowed as child of element div in this context. (Suppressing further errors from this subtree.)
Error 1 is for any Angular related thing...ng-click, ng-controller, ng-show, etc.
Error 2 appears where all my custom directives are.
I did a comparison between the not-working extension and a working one that also uses Angular (without any custom elements). When I validated the working extension, it returned a bunch of Error 1's but no Error 2's (this is expected, seeing as there are no custom elements).
To your question about dynamic HTML - there is none. All of the files are static after they're installed. I double checked this by running a diff-merge between the extension before and after it has been run once. They are exactly the same, so no files are changing.
There are known issues with custom directives in older browsers like IE8 - http://www.befundoo.com/blog/angularjs-directives-in-ie8/
Out of curiosity, I tried adding elements in the head, as described in the above blog, inside my extension. This did not have any effect, and the extension still fails.
I'm considering rewriting my directives as attributes instead of elements, and seeing if that does it. That would take some time though, so if the above info helps narrow down the problem or raises other questions of yours, I'm all ears! Thanks again for all the replies!
Maybe you are looking for
-
Adobe Flash Player 10.1 is not working
Hallo, My problem is that everything that uses flash player, does not work at the moment and says that I need the latest version. (I cannot see a video on you tube for example.) I downloaded AFP 10.1 several times (install-uninstall-reboot several ti
-
Choosing between Mac Book and Mac Book Pro??
Hi, I need a laptop for school and to do a bit of Photoshop and HTML but i don't no wich Macbook should i choose. Here is why im confuse : I saw this add of a Mac Book Pro 2.53 (320g 7500rpm-4gig RAM) with apple care for 2500$ new and sealed but im n
-
Locked my 5s and now it's just black
I locked my phone and went to unlock it and it wouldn't unlock or turn on. I have no idea what could it be cause its only a week old
-
Please, how to tell Pages where words can been hyphenated in other languages, say german, arbitrary/fix? Its dictionary is so silly. ~Karl
-
If we bought a mac with OS X 10.6.6 and my sister has a mac with OS X 10.5.8, can we use the install DVD that came with the newer one to put OS X 10.6.6 on hers? Would it work? Does it erase everything? Is that even legal? Thank you for any help!