How to monitor self signed certificates using scom 2007 R2
How to monitor self signed certificates using scom 2007 R2. i need to monitor specifically self signed certificates expiration. if possible in two state monitor...please suggest me the best way..
B John
Hi,
Based on my understanding, that you want to create a monitor to monitor certificate expiration, with two state, when the certificate is about expiration for 21 days,, send warning, when the certificate is about expiration for 10 days, then send
alert. I think we need to create scripts to do so, hope the below links can be helpful:
Monitoring Certificates In SCOM
http://blogs.technet.com/b/omx/archive/2013/01/30/monitoring-certificates-in-scom.aspx
Monitoring Expiring Certificates using SCOM
http://blogs.technet.com/b/sgopi/archive/2012/05/18/monitoring-expiring-certificates-using-scom.aspx
Regards,
Yan Li
Regards, Yan Li
Similar Messages
-
How to deploy self signed certificate using GPO
Hello,
I am applying a self-signed certificate for HTTPS inspection, as you know Firefox is not using Windows root certificate as IE & chrome did, so I did some research about this issue and check admx & FF GPO, nothing helped me !!
Do anyone have any new idea on how to solve this issue?Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
Not sure how relevant it will be for 11g, sorry :( -
How do we create self-signed certificate using java packages
Hi All,
I require some information on creating self-signed certificate using java packages.
The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even after loading a certificate you cannot regenerate some of its fields to embed the new public key – and hence regenerate the fingerprints etc. – and mention a new DN. Essentially, I see no way from java to self-sign a certificate that embeds a public key that I have already generated.
I want to do the equivalent of ‘keytool –selfcert’ from java code. Please note that I am not trying to do this by using the keytool command line option – it is always a bad choice to execute external process from the java code – but if no other ways are found then I have to fall back on it.
Regards,
ChandraI require some information on creating self-signed certificate using java packages. Its not possible because JCE/JCA doesn't have implementation of X509Certificate. For that you have to use any other JCE Provider e.g. BouncyCastle, IAIK, Assembla and etc.
I'm giving you sample code for producing self-signed certificate using IAIK JCE. Note that IAIK JCE is not free. But you can use BouncyCastle its open source and free.
**Generating and Initialising the Public and Private Keys*/
public KeyPair generateKeys() throws Exception
//1 - Key Pair Generated [Public and Private Key]
m_objkeypairgen = KeyPairGenerator.getInstance("RSA");
m_objkeypair = m_objkeypairgen.generateKeyPair();
System.out.println("Key Pair Generated....");
//Returns Both Keys [Public and Private]*/
return m_objkeypair;
/**Generating and Initialising the Self Signed Certificate*/
public X509Certificate generateSSCert() throws Exception
//Creates Instance of X509 Certificate
m_objX509 = new X509Certificate();
//Creatting Calender Instance
GregorianCalendar obj_date = new GregorianCalendar();
Name obj_issuer = new Name();
obj_issuer.addRDN(ObjectID.country, "CountryName");
obj_issuer.addRDN(ObjectID.organization ,"CompanyName");
obj_issuer.addRDN(ObjectID.organizationalUnit ,"Deptt");
obj_issuer.addRDN(ObjectID.commonName ,"Valid CA Name");
//Self Signed Certificate
m_objX509.setIssuerDN(obj_issuer); // Sets Issuer Info:
m_objX509.setSubjectDN(obj_issuer); // Sets Subjects Info:
m_objX509.setSerialNumber(BigInteger.valueOf(0x1234L));
m_objX509.setPublicKey(m_objkeypair.getPublic());// Sets Public Key
m_objX509.setValidNotBefore(obj_date.getTime()); //Sets Starting Date
obj_date.add(Calendar.MONTH, 6); //Extending the Date [Cert Validation Period (6-Months)]
m_objX509.setValidNotAfter(obj_date.getTime()); //Sets Ending Date [Expiration Date]
//Signing Certificate With SHA-1 and RSA
m_objX509.sign(AlgorithmID.sha1WithRSAEncryption, m_objkeypair.getPrivate()); // JCE doesn't have that specific implementation so that why we need any //other provider e.g. BouncyCastle, IAIK and etc.
System.out.println("Start Certificate....................................");
System.out.println(m_objX509.toString());
System.out.println("End Certificate......................................");
//Returns Self Signed Certificate.
return m_objX509;
//**************************************************************** -
How to replace self-signed certificate for enterprise manager console
Does anyone know how to change self-signed certificate for https access to Enterprise Manager console, which is issued during installation of Oracle 11g?
Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
Not sure how relevant it will be for 11g, sorry :( -
Problems generating a self-signed certificate using SDK
Adobe AIR 1.1 SDK was extracted to "D:\AIR\SDK\" in XP Pro
SP2 system. Also Java 2 runtime version 1.4 installed.
When I'm trying to generate a self-signed certificate I typed
the following in command line:
D:\AIR\SDK\bin\adt.bat -certificate -cn SelfSign 2048-RSA
newcert.p12 pass123
After a short delay an "unable to create output file" message
appears in command console and an empty (0 byte length) newcert.p12
created.
What may be the problem?
Also I would like to know if there was another way to create
self-signed certificates or is it possible to build air packages
without signing the source code?
Thanks in advance and sorry for bad English!I haven't seen this error occur before. It could indicate a
full drive or similar condition that might prevent writing to the
file.
Can you try using Java 1.5? Although 1.4 is officially
supported, I think 1.5 receives much more testing.
You can create self-signed certificates using other tools. If
you do that, make sure the certificate is marked as usable for
code-signing; otherwise, adt won't accept it.
You cannot create air packages without signing them. -
Step by Step Instructions for Installing Self Signed Certificate using Certificate Modification Tool
I am looking for some step by step instructions for installing the self signed certificate from my Microsoft SBS 2003 server on a Treo 755p and 750p. In particular I need some help with the form of the actual certificate and how to use the Certificate Modification tool.
Some questions I have are as follows:
1. When I install the certificate on a Windows Mobile device I used an exported version of the certificate. This export is done using the DER x.509 format. Is that the same form I’ll need for the Palm? Do I need some other form? Can/should I just use sbscert.cer file that is generated when SBS is configured?
2. Does the self signed cert need to be installed on the computer being used to update the Palm or do we just need to be able to access the appropriate .CER file?
3. There are three things included in the PalmCertificatesTool.zip file:
Trusted CAs (folder)
Cert2pdb.exe
PalmCertificates.exe
How do I use these tools?
4. It looks like the PalmCertificates.exe file opens an interface that will allow me to browse to the desired .CER file. Then I suppose I use the < Generate PDB > to create something that needs to then be uploaded to the Palm device? Not having any real experience with a Palm device how do I upload and install this file?
5. Once uploaded do I do something on the device to install it?
If there is some white paper that provides step by step instructions on doing this that would be great.
Thanks,
Walt Bell
Post relates to: Treo 755p (Verizon)
Post relates to: Treo 755p (Verizon)Thanks for that.
I have one question after reading the article 43375:
The article has you "Turn of AutoSync" and then "Reset the device". It then indicates the device should be left idle.
The next step relates to running the PalmCertificates.exe, navigate to the certificate file and add it and then run the < Generate PDB > button. Should the device be connected to the computer during this process? If so, at what point after the reset do you connect it to the computer?
Thanks!
Post relates to: Treo 755p (Verizon) -
In Firefox 4.0 I have a server ... it contains a self signed certificate. Using IPv6 I can not add a "Security Exception" for this certificate.
1. I log onto the server (using IPv6). I get the "Untrusted connection page" saying "This connection is Untrusted"
2. I click on "Add Exception.." under the "I understand the Risks" section.
3. The "Add Security Exception" dialog comes up. soon after the dialog comes up I get an additional "Alert" dialog saying
An exception occured during connection to xxxxxxxxx.
Peer's certificate issuer has been marked as not trusted by the User.
(Error code sec_error_untrusted_issuer).
Please note that this works in Firefox 3.6.16 (in IPv4 and IPv6). It also works in Firefox 4.0 in IPv4 only IPv6 has an issue. What's wrong?Exactly the same problem, except I'm using FF v6 for Windows, not FF v4 as for the lead post. This is for a self-cert which IS trusted, although the error message says it isn't.
-
How to install self-signed certificate with iOS 4?
I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here? -
Cookbook for creating Self Signed Certificates using certutil
Hi,
I am trying to create a self signed certifcate for internal use. Can anyone point to a step by step procedure? The few that I have found on the web don't seem to work.
Thanks
davidCheck out the examples at the bottom of this page:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html -
Generating Self Signed Certificate for iPlanet Directory Server for testing
Hi Experts,
I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
Thanks in Advance,
KalyanHere's one I did earlier.
Refers to Solaris 10
SSL Security
add a new certificate that lasts for ten years (120 months).
stop the instance:
dsadm stop <instance>
Remove DS from smf control:
dsadm disable-service <instance>
Change Certificate Database Password:
dsadm set-flags <instance> cert-pwd-prompt=on
Choose the new certificate database password:
Confirm the new certificate database password:
Certificate database password successfully updated.
Restart the instance from the dscc:
DSCC -> start <instance>
Now add a new Certificate which lasts for ten years (120 months; -v 120):
`cd <instance_path>`
`certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
Enter Password or Pin for "NSS Certificate DB":
Stop the Instance.
On the DSCC Security -> Certificates tab:
select option to "Do not Prompt for Password"
Restart the instance.
On the Security -> General tab, select the new certificate to use for ssl encryption
Restart the instance
Stop the instance
Put DS back into smf control:
dsadm enable-service <instance>
Check the smf:
svcs -a | grep ds
# svcs -a|grep ds
disabled Aug_16 svc:/application/sun/ds:default
online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1 -
Self signed certificate for web service security !!
i've created self-signed certificate using keytool for web serivce security. But i'm unable to implement from the client side. When i'm giving "dn=localhost" it's working fine. But when i'm giving other than that it's throwing me error as :
java.io.IOException: HTTPS hostname wrong: should be <192.168.2.36>
I don't know what's the problem. Could any tell me where i'm wrong. In the CN i've given my ip address. Please help me out.
Do i need to do something else?thanks for your kind help.
But i follwed the same which are given. Do i need to set something in netbeans? i'm usign netbeans 5.5,tomcat 5.5 and jdk5. Still i'm getting the same error as "https hostname is wrong: it should be <192.168.2.278>", which my ip address. I've created my self signed certificate and given the path to it by mentioning in System.setProperty("javax.net.ssl.trustStore","d:/keystore/auth.keystore"); and for password to. Do i need to do something else?
Please help me out in this reagard. I'm startup of this technology.
in advance thanks. -
How to register iOS device when using self signed certificate with apple Server?
Hi,
I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
Does anyone have an idea how to get around the problem with the self signed certificate?
Best regardsTry deleting the Server.app and download it again from the App Store, restart.
My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first). -
Does anyone know how to use a self signed certificate with apple mail??
Ive read about it in mail's help and tried to set it up according to it. Ive created a self-signed certificate but have no idea how to set it up as it would work with Mail so that i would be able to send signed messages. could anyone help me??
Hello rado:
Welcome to Apple discussions.
I am assuming this is what you read:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8916.html
If you follow the instructions when you set up the certificate, you should be fine.
Incidentally, most +"ordinary users"+ (like me) do not use this function. I am curious as to why you want to jump through hoops in your Mail application.
Barry -
How to use self-signed Certificate or No-Check-Certificate in Browser ?
Folks,
Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
[user@localhost bin]$ ./emctl start dbconsole
The command returns the output:
https://localhost.localdomain:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control ... ...
I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
The connection to localhost.localdomain: 1158 cannot be established.
[user@localhost bin]$ ./emctl status dbconsole
The command returns this message: not running.
[user@localhost bin]$ wget https://localhost.localdomain:1158/em
The command returns the output:
10:48:08 https://localhost.localdomain:1158/em
Resolving localhost.localdomain... 127.0.0.1
Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
Self-signed certificate encountered.
To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
Website certified by an Unknown Authority. Examine Certificate...
I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
In Authorities tab, there are a few names as indicated in the above output of wget.
My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
Thanks.Neither problem nor solution do involve Oracle DB
root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
This thread is OFF TOPIC for this forum. -
How to use self-signed certificate to verify others certificate?
the self-signed certificate and keys acts as CA like VeriSign
alias =SelfSignCA
keystore = SelfSignLib
certificate = SelfSign.cer
certificate to be verify
alias = companyCA
certificate = companyLib
csr file = company.csr
how to use keytool to verify/sign the company certificate?thank you.Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
Not sure how relevant it will be for 11g, sorry :(
Maybe you are looking for
-
How to use a bind variable in XE for accessing data from different sources
Hi, I am new to XE and trying to create an application like this: (region source) Select * from v$session@:P1_DATABASE ; My intention is to give the name of the database at runtime to fetch the relevant data. But I am getting error like this 1 error
-
Hey Folks, Im trying to install itunes onto windows vista but i keep getting a message saying "iTunesSetup_exe - This file could not be downloaded.......Any Ideas?
-
Best option for more HD space?
Greetings everyone. My Macbook Pro's 120 GB drive just isn't cutting it anymore, especially when it's split between OSX and XP. My XP side isn't enough for even a fraction of my games to be installed, and OSX is feeling the pain of less and less memo
-
Ipad won't sync. Computer sees it as a camera
My computer recognises my ipad as a camera. It is not listed in itunes. I have tried using other ports. I have updated to the most recent version of itunes. What else could be wrong?
-
I don't want to use Flash with Safari. What can I do to replace it?
I don't want to use Flash with Safari. What can I do to replace it?