HTTPS Certificate change

Similar Messages

• Cisco ISE NDES EAP and HTTP certificates from different CA

  Hi guys, hope this is something you can help with…
  2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
  AD integration with customerdomain.local
  Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
  Corporate authentication is using EAP-TLS which is working fine
  BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
  I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
  As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
  This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
  Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
  Thanks
  Andy

  I have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine.  I am wondering if this is a certificate tier length issue.  My working example has a RootCA->IssuingCA->Cert.  It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
  Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
  Thanks

• Can you reload the default HTTPS certificate for a Border Controller?

  The HTTPS page does not work for the Tandberg Border Controller (Q6.3). HTTP is fine. I believe that the customer uploaded their own certificate which has now “broken” the HTTPS page.
  So the question is – can you reload the default HTTPS certificate for a Border Controller?
  There’s a handy button to do this on the VCS but not on the BC it seems. The only option I can see is for the customer to generate a “working” certificate and upload it, is this the only option?
  Thanks,
  David

  Hi sherylz,
  It is also possible to edit the theme, but it may be wise to make a copy of it:
  *[https://support.mozilla.org/en-US/questions/940165]
  *[https://developer.mozilla.org/en-US/Add-ons/Themes/Background MDN Reference]
  *Add on to make own skin: [https://addons.mozilla.org/en-Us/firefox/addon/bt-canvas/]

• Install https certificate and Connect to an alias URL

  Hello,
    I have IDM 7.1 installed on Windows and MS SQL and its working fine.
  My requirement is to access IDM with easyURL (instead of having port no: 500000/idm...).
     an alias name has been created. Now i want to install https certificate and then want to connect to the alias URL.
  I have got the https port number also.
  would you please help me as to exactly how to install th https certificate to the alias URL.
  Regards,
  Mahesh

  Hello,
    I was able to install the certificate.
  If anyone wants help, let me know
  Regards,
  Mahesh

• Change WCS login HTTPS certificate

  Hi
  Anyone know how to make a cert request for the WCS login page - and thereafter install a new certificate?
  Any documentations or guides that you can refer to?
  I'm running version 7.0.220.0 on a Windows 2003 R2 svr.
  Best Regards,
  Steffen. 

  Thank you - allready looked at that post, but I was looking for some documentation, i won't help me just to look at some files

• About https certificate problem

  Hi,All
      I change my OS datetime bakc to 2010,and send https request to my website api,https://api.xxxxxx.com,the httpService always fault,the fault detaial as
  FaultEvent fault=[RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: IO Error。 URL: https://api.xxxxxx.com"].
  Is there anyway to prevent this error , thanks.

  Thanks for reply.
  Code like this
  var http:HTTPService=new HTTPService();
  http.url ="https://api.xxxxxx.com/getSomething?p1=x" ;
  http.method = HTTPRequestMessage.GET_METHOD;
  http.requestTimeout = requestTimeout;
  var token:AsyncToken = http.send();
  I think the code is ok.
  The code work correctly when the computer datetime setting is right.
  But when i change the computer to a few year ago,the http request always fualt.
  And  open the url in ie explorer,and was told the certificate is expire,so i think the problem is all about certificate.
  Is anyway can make it work without change the system time?

• Bug Webplayer - no https certificat and connexion impossible

  hello (i'm French), there is a bug as sceenshot show, PC very clean and i maybe want to suscribe (i'm on Deezer 4.99e now,and i want to change).when i use web player ,logging ok,after few second bug appear "impossible to connect to spotify"..and turn for ever..i have allways to reload tab to make disapear the bug.i recome when i close and re-open firefox....i don't understand, noscript blocked,clean,uptodate, nothing. i have seen that the https logo is triangular without information, maybe it's the problem.it's ok for few second and certificat disable and logo change for triangle my instalation is new for 3 days and very simple and clean. W8.1 firefox 39 and flash .209 i had same problem on other installation W7. i have try to clean cookies,cache,connect-disconnet...etc for sure ,i can't suscribe if bug is again... how to do ? i have other question, i cannot change my avatar? why??????? thanks for help and sorry for my poor langage... 

  I think it's caused by your internet connection, or something else (I don't know anything about your Internet connection). So, I will just recommend you tot download the Desktop App instead and use Spotify there. About the Avatar or profile picture, If you connect your Facebook Account to Spotify, it will sync your profile picture from Facebook to Spotify automatically. Did this help?

• Security Certificate Changes?

  I am getting a dialog box when I try to send or receive mail about confirming a security exception, sorry I can't remember the exact terminology now but I was wondering if the certificate settings had changed for business catalyst mail?  Wondering why all of a sudden I'm getting this on my mac, iphone and a pc computer that also has bus catalyst email.  Sorry for the vagueness, I don't understand it very well. 
  Annette

  Hey peytonandgracie,
  There have been no changes to our mail provider’s settings that I’m aware of. If you are still encountering issues, can you please reach out to support and provide us with the exact messages you are receiving as well as the credentials you have used in order to set up your account within your email client.
  If you are using an SSL encryption for your email client, please refer to this article and ensure your settings are correct: http://kb.worldsecuresystems.com/928/cpsid_92838.html
  Otherwise, in the meantime, I also recommend referring to the following article in order to troubleshoot this: http://kb.worldsecuresystems.com/128/bc_1286.html
  Cheers.

• HTTP adapter - change encoding from UTF-8 to ISO-8859-1

  Hi,
  I am trying to change the encoding used by the HTTP sender adapter in a scenario.
  However, when I enter ISO-8859-1 in the XML Code under XI Payload Manipulation on the comms channel it has no effect - the paylad still shows as UTF-8 in SXI_MONITOR.
  Am I missing a step or entering the field incorrectly ??
  Thanks
  Colin.

  Hi,
  From help
  Enhancing the Payload
  Some external systems, for example, Web servers in marketplaces, can only process data if it is sent as an HTML form using HTTP.
  A typical HTML form comprises named fields. When transferring a completed form to the server or a CGI program, the data must be transferred in such a way that the CGI script can recognize the fields that make up the form, and which data was entered in which field.
  The plain HTTP adapter constructs this format using a prolog and an epilog. Therefore, there is a particular code method that separates form fields and their data from each other. This code method uses the following rules:
       Individual form elements, including their data, are separated from each other by the character &.
       The name and data of a form element are separated from each other by an equals sign (=).
       Blanks in the entered data (for example, in multiple words) are replaced by a plus sign (+).
      All characters with the (enhanced) ASCII values 128 to 255 (hexadecimal 80 to FF) are transcribed using a hexadecimal sequence, beginning with a percentage sign (%) followed by the hexadecimal value of the character (for example, the German umlaut ö in the character set ISO-8859-1 is transcribed as %F6).
     All characters that occur in these rules as control characters (&, +, =, and %) are also transcribed hexadecimally in the same way as high value ASCII characters
  http://help.sap.com/saphelp_nw2004s/helpdata/en/44/79973cc73af456e10000000a114084/content.htm
  Regards
  Chilla

• ADF Mobile : Rest call to a webservice using https - Certificate Error

  I'm trying to connect to a web service giving json and which uses https. I am using the following code.
  Also SalesApp connects to https://abc.com
  RestServiceAdapter restServiceAdapter = Model.createRestServiceAdapter();
  restServiceAdapter.clearRequestProperties();
  restServiceAdapter.setConnectionName("SalesApp");
  restServiceAdapter.setRequestType(RestServiceAdapter.REQUEST_TYPE_GET);
  restServiceAdapter.setRetryLimit(0);
  restServiceAdapter.setRequestURI("/sales/rest/v1/resources");
  try {
  response = restServiceAdapter.send("");
  I am getting an error of " Certificate was issued by an unrecognized entity ".
  Is there anyway to ignore the certificate warning ? Any request properties which can help with this?
  I'm not looking at adding any private certificates/verfying the certificate issued by server, just want to ignore the warning
  and proceed with the rest call.

  Hi, sure you will need to register your private certificate with ADF Mobile's embedded JVM. This is a security mechanism - the JVM we embed will only recognize certificates from well-know CA out of box. However, you can register your private certificate with the JVM. The steps are described in the ADF Mobile Developer Guide: http://docs.oracle.com/cd/E35521_01/doc.111230/e24475/security.htm#CDDCCDFF.
  Please note that you will need to be very careful when registering the JVM - extra spaces for example will cause certificate error and it could be hard to diagnose. Please ensure all the fields matches exactly with your private certificate's fields.
  Thanks,
  Joe Huang

• PI 7.0 to PI 7.1 upgrade : HTTPS Certificate Issue

  Hi All,
  We have upgraded our Pi Systems from Pi 7.0 to PI 7.1 few weeks back, howevevr inetrface that require HTTPS connections have started failing.
  I believe PI 7.1 uprade creates a new certitifcate. But this would require sharing this certificate with vendors legacy, whihc will take time.
  Is there a way to revert the certificate in PI server itself?
  XIer

  Have you checked the certificates in the keysstore (NWA) ? Maybe just some of them expired.
  What is the error message ?
  CSY

• HTTPS certificate problem on MPLS

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tableau Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Hi everyone,
  We are currently migrating our network from IP to MPLS and we encounter an issue with a only one application using security certificat through HTTPS. All other services are OK such as HTTP, FTP, Mailing, etc.
  Network description :
  The network architecture is composed by 4 core routers (which play the role of P and PE at the same time) and 2 borders routers (B1 and B2) linked to Internet via STM1 - POS interfaces.
  Each borders are both connected to two core routers (C1 and C2) by GigabitEthernet links.
  Please also note that there is a DPI (Deep Packet Inspector, model Arbor 100) between each border and core.
  Core routers C1,C2, C3 and C4 are connected to each other by GigabitEthernet links.
  B1 and B2 are linked to Internet by STM1 (POS) using eBGP.
  OSPF is used as the infrastructures routing protocol between all equipments.
  (cf the network diagram attached)
  Configuration :
  When migrating to MPLS, we fixed interfaces MTU at 9216 and the MPLS MTU at 1512 on all concerned interfaces from Core to Border routers.
  Below is a sample configuration.
  mpls ip
  mpls label protocol ldp
  mpls ldp router-id loopback0
  interface GigabitEthernet1/1
  mtu 9216
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 XXXXXXXXXXX
  ip ospf network point-to-point
  ip ospf cost 1
  ip ospf hello-interval 1
  mpls mtu 1512
  mpls ip
  Problem :
  The service application uses a server on the local network (linked via CE router) which send https requests and files to a server located in the Internet.
  When MPLS is activated only on the Core-To-Core interfaces (C1, C2, C3 and C4) the application is working properly.
  But when the MPLS is expanded on Core-To-Border / Border-To-Core interfaces, this specific application fails as it appears that the certificate server sees a corrupted frame, some bits have been added to the normal frame. But all other services (HTTP, FTP, everything,)
  Below are major differences between Border and Core routers connection schemes:
      A DPI equipment between Core and Border,
  GibabitEthernet are used for links Border-To-Core and Core-To-Core, STM1(POS) is used for links Border-To-Internet (IP)
  ­    The MTU size on STM1 interface is fixed at 4470, MTU size of 9216 is assigned to GE interfaces (Border-To-Core, Core-To-Core)
  Regards.

  Hi,
  Would it be possible to disable the functionality of the DPI (passthrough mode?) and test again?
  MPLS labels or not on the packet should not make a difference wrt HTTPS only (in theory).
  Since you mention corrupted frames, taking a packet capture should show you if this is true or not.
  Thanks,
  Luc

• Web service calling in HTTPS, certificate, hostname wrong

  Hi
  Im triying to call a web service running in WSO2 Carbon and I cant do it because I was geting a exception asking for a certificate.I had success importing a valid certificate, but now I get the following exception
  HTTPS hostname wrong: should be <10.36.15.100>
  this ip is the one where the WSO2 Carbon is running with the web service Im calling.
  When I consume services running in other places I gat no problem and I can consume the service running in the WsO2 with the SOAP UI, so I dont Know what happend?
  Thanks
  Ray

  Glad to help.
  I actually had a similar problem a few weeks ago. I created a remote enabled FM in our R/3 system that was called by a program in our SRM system. When I ran the FM in R/3 it worked, but from SRM, no joy.
  Eventually, I found that I had mispelled a parameter in the calling program. Since, the FM didn't exist in SRM, the calling program couldn't report any syntax error or give a dump. I corrected the spelling and it finally worked.
  Rob

• Firefox Sync custom server fails - invalid HTTPS certificate

  Windows XP SP3, Firefox 3.6.8.
  Using a custom Sync server, the Weave minimal server written by Toby Elliot. Firefox Sync 1.4.4 extension is crapping out at the setup stage.
  I've got a self-signed SSL certificate behind my web server, since it's for my personal use. I have the Sync extension on a couple of other Firefox installations, grandfathered through a few versions since Weave. Those extensions work and I can sync, no problem.
  So the problem is not with my server itself, or with my username, or with my password. As I said, all three work fine with other Firefox installs.
  This new setup process won't let me get past the "invalid HTTPS cert" error. Must I sign my cert with a certificate authority of my own, or will even that be marked as invalid?
  Any guidance would be appreciated.

  This can be fixed by browsing to the site and accepting the cert first but on my HTC incredible the buttons are off the screen and I can't scroll to them.....MOZILLA Please help!
  Thanks and keep up the good work,
  Peter

• HTTPS certificate

  We are trying to apply digital certificates for HTTPS connection on the server. But our server is inside a firewall. We are a bit confused  which address needs to be given for registering the URL to obtain the certificate. Should we aplly for the firewall/server address or the actual address of the server? Any help is appreciated.
  AR

  Dear Antonio,
  you are always welcome,
  >>authenticating the server with the certificate would essentially make the firewall address pertaining to the server also secure.
  Yes We can say like that.
  >>So an external webservice coming in to the firewall address would be able to do a certificate authentication and conclude it as a secure HTTPS connection.
  Yes, ( It checks the Client  and the Final destination of the Server )
  Regards
  Agasthuri Doss