HTTPS certificate problem on MPLS

Similar Messages

• About https certificate problem

  Hi,All
      I change my OS datetime bakc to 2010,and send https request to my website api,https://api.xxxxxx.com,the httpService always fault,the fault detaial as
  FaultEvent fault=[RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: IO Error。 URL: https://api.xxxxxx.com"].
  Is there anyway to prevent this error , thanks.

  Thanks for reply.
  Code like this
  var http:HTTPService=new HTTPService();
  http.url ="https://api.xxxxxx.com/getSomething?p1=x" ;
  http.method = HTTPRequestMessage.GET_METHOD;
  http.requestTimeout = requestTimeout;
  var token:AsyncToken = http.send();
  I think the code is ok.
  The code work correctly when the computer datetime setting is right.
  But when i change the computer to a few year ago,the http request always fualt.
  And  open the url in ie explorer,and was told the certificate is expire,so i think the problem is all about certificate.
  Is anyway can make it work without change the system time?

• Https Certificate Problem

  I'm working on an application that will contact several ISP websites, to retrieve the connections statistics.
  Several of those websites needs certificate authentication's.
  For the moment I found 2 solutions:
  * Getting the certificate and put it manually in my keystore
  * Bypass the security by overriding X509TrustManager()
  The first solution is not dynamic, cause I can not ask everyone who will use this application to create for each certificate a keystore.
  The second solution, well there is no authentication so I can not know if I'm really contacting the correct website.
  Is there a way to install a certificate from my java application to my virtual machine ? Or is there another way ?
  I'm making my application with Java 6.
  Thx

  Ok I think I found what I wanted ... But I don't know if this is the best way ...
  I don't really need the certificate on my machine, but I have to be sure its valid. So I think this is good enough.
                 TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                           return null;
                      public void checkClientTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {}
                      public void checkServerTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {
                           try {
                                for ( X509Certificate cert : certs) {
                                     cert.checkValidity();
                           } catch (CertificateExpiredException e) {
                                e.printStackTrace();
                           } catch (CertificateNotYetValidException e) {
                                e.printStackTrace();
                 SSLContext sc = SSLContext.getInstance("SSL");
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
                 HttpsURLConnection
                           .setDefaultSSLSocketFactory(sc.getSocketFactory());
                 URL url = new URL(
                           "https://...");
  ...

• Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

  I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
  The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
  1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
  2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
  About the Code Signing Certificate problem:
  When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
  I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
  The Google Groups Adobe AIR page is here:
  http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
  Any ideas about these issues?
  Thanks!
  Oscar

• Windows certificate problem - at least for a better description

  I'm not sure where this should be posted.  I believe it's actually a Windows problem, so i'll try here first.
  Okay, I was installing SQL 2012 express server and I ran into a problem during the installation.  It's been too long ago, and too many correction attempts since to remember what the original problem even was.  But, anyways I uninstalled the installation
  and tried again, and again and again.   I was getting these errors:   Well damn, I've uninstalled my latest attempt and the error logs are gone.  Anyways it was failing on a certificate issue and then unable to find a start-up handle for the
  database engine. After this I tried all of the suggested fixes put forth on msdn,  Stack OverFlow and several blogs, nothing worked.  One of the suggestions was to create a new account/profile and try installing with that account. At that point I
  discovered that I couldn't create a functional new profile; every one failed when trying to log in.  That's why I think it is a Windows 8.1 problem and not a SQL installation problem, although it's likely that created the original problem. Anyways, I'm
  stuck.  Any ideas, beyond re-installing (I'll probably wait for the April 8th update and see if that happens to fix the problem before suffering the inconvenience of a complete re-install) win 8.1?  I can recreate the error logs by going through
  the installation again if they could help or I can pull the logs from one of the other blogs.
  Thanks,
  Ray

  After more digging around I found another instance of this problem reported here:
  http://social.technet.microsoft.com/Forums/en-US/43cb5946-9d82-4973-b8a1-4053aa688ba8/user-profile-service-failed-the-signin-user-profile-cannot-be-loaded-for-any-new-accounts?forum=w8itprogeneral
  ( it won't let me post a link, so we get plain text)
  As suggested in the mentioned post, checking my Event Viewer showed basically two type of Errors:  Event ID 1500 when trying to log in to Windows 8.1 with the newly created profile or creating a new profile; and Event ID 1511 when trying to install
  SQL 2012 Server Express.  Later on in the error logs, errors with certificates are mentioned.  Further digging showed that in each case the errors occurred when an attempt was made to copy files from the Default profile, specifically files in the
  \AppData\Local\Microsoft\VSCommon folder, to a Temp folder during creation of the new profile.  I copied these files to another temp folder and removed them from the offending location. After doing so, SQL 2012 Server Express installed properly and I
  was able to create a new user profile which could log into Windows.  I haven't seen any other problems since the files were removed, VS2013 works fine, but it did before these issues popped-up too. (VS2012 was upgraded several months ago, so maybe the
  files were left from that?).
  Hope this might help others who run into certificate problems when creating profiles, either during installation of programs or when creating a new user profile.

• Cisco ISE NDES EAP and HTTP certificates from different CA

  Hi guys, hope this is something you can help with…
  2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
  AD integration with customerdomain.local
  Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
  Corporate authentication is using EAP-TLS which is working fine
  BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
  I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
  As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
  This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
  Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
  Thanks
  Andy

  I have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine.  I am wondering if this is a certificate tier length issue.  My working example has a RootCA->IssuingCA->Cert.  It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
  Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
  Thanks

• Safari client certificate problem w/ Canada Post website

  I am using OSX 10.8.5 and Safari 6.1.1
  I'm trying to use the Canada Post website for online shipping (ship-in-a-click) via the site:
  http://www.canadapost.ca/personal/tools/cst/intro-e.asp
  When I choose my option (in this case INTERNATIONAL) a pop-up opens asking to select a client certificate. A list of five certificates, which are all apparently valid and not expired, is given. No matter which certificate I select I cannot get past this pop up window. It just pops back up again.
  The certificates are all in the form:
  com.apple.idms.appleid.prd. then a very lengthy alpha numeric string
  From what I have read with certificate problems you can just delete them and next time you visit the site will ask you to select a new one. However, in this case, with all the certificates seemingly being valid, I don't think that will be the solution. Although, I am a complete novice when it comes to these issues.
  Can anybody suggest something other than using Firefox/Chrome etc. although if that is the ONLY choice then so be it. But surely this can be solved within Safari, no? The rest of the Canada Post site seems to behave OK with Safari.
  Thank you.

  Neither.  I am on Mavericks and it shows the exact same issue, so it neither fixes the problem or intoduces new ones, at least with my site.
  I also noticed that it is somewhat based on the loction (IP) of the server because on my local laptop (During development) and on our QA server would try and send a certificate that it should not send.  HOWEVER once we implemented the SSL client certificate on our production server it would no longer send the certificate.  I have no idea why and speculate that it is because our production server has a public IP.
  If you want you can use my site and see if the problem persists for you there (http://whf.to); however given the seemingly random why Safari decides to send certificates you may or may not see the issue.  If Safari does indeed send a certificate you should get an error page that details what happened (in somewhat lay-terms).
  Sorry that Mavericks doesn't fix the issue for you.

• SSL + Certificate problems solved

  To all of you who are having problems with Weblogic and Verisign Certificates.....
  Here is what I got from BEA:
  To solve this problem, review the corresponding configuration for our demo certificates
  and
  then proceed to similar Verisign setups.
  Once WLS 6.0 is started, proceed to a browser and open the console. Move to the
  servers
  tree, expand it, chose your server and move to its SSL tab.
  WLS demo 512 bit certificate
  1. Server Key File Name -> demokey.pem
  2. Server Certificate File Name -> democert.pem
  3. Server Certificate Chain File Name -> ca.pem
  WLS 1024 bit Demo Certificate
  1. Server Key File Name -> demokey1024.pem
  2. Server Certificate File Name -> democert1024.pem
  3. Server Certificate Chain File Name -> ca1024.pem
  Trial Verisign Certificates - 2 week expiration
  When you initially make the request, the following two files are generated:
  a. mycomputer_bea_com-key.der
  b. mycomputer_bea_com-1024cert.pem
  Once Verisign acknowledges the request, you are given instructions to install
  the
  certificate as well as use test CA's for each browser, IE and Netscape. You will
  need to
  save the test CA and use this in the SSL configuration.
  1. Server Key File Name -> mycomputer_bea_com-key.der
  2. Server Certificate File Name -> mycomputer_bea_com-1024cert.pem
  3. Server Certificate Chain File Name -> testca.der (obtained from the installation
  to each
  client browser)
  Purchased 1 year 1024 bit certificate from Verisign.
  As in the case of the trial certificate, much is the same except that no CA is
  forwarded.
  1. Server Key File Name -> mycomputer_bea_com-key.der
  2. Server Certificate File Name -> mycomputer_bea_com-1024cert.pem
  Now what to specify as the CA?
  Using any of the other CA's will generate the modulus exception. The only recourse
  in this
  event is to do the following:
  1. go to http://www.verisign.com/repository/root.html
  You'll find Class I to Class III root certificates and a Server CA.
  Take the plain text Server CA and save this to a file.
  2. Use a conversion utility, which can be found within OpenSSL, to convert the
  plain text
  to a .der format.
  3. Once the conversion is complete, this CA.der can be used as the Server Certificate
  Chain
  File Name.

  as in mail to CC_AA with scenarios, and Private Messages, happens WIN Vista and 7. IE 9 and 10. 3 diff machines, Dell laptop home, 2 Dell Desktops work. I always clear / delete top 4 items via Internet options approx. twice a week, first thing I did along with clearing SSL state. From CC homepage, click SIGN-IN in left side black box. Enter ID and Password, SIGN IN -> . Returns to CC homepage. Click on EMAIL box below the black box, get:There is a problem with this website's security certificate.     The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.  Click here to close this webpage. Continue to this website (not recommended). More informationIf you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com. For more information, see "Certificate Errors" in Internet Explorer Help. Address bar shows "https://login.comcast.net/login........" Interesting, for secure site no security icon appears on the address bar. On Home page, if instead I click arrow in Email box, I see a preview of my mail. Then I have to click "View Inbox" lower left corner of popup, and Inbox comes up..... 

• On Vista Firefox 6 incorrectly deals with security certificate problems

  After I installed Firefox 6, I tried to go to one of my web sites. I know that there is an https security certificate problem with this site when I go to https://staging.photoquestadventures.com rather than https://www.photoquestadventures.com. On XP, FF6 opens the site. on Win7, FF6 warns about a security certificate problem then allows me to create an exception and open the site. On Vista, it says that it can't find the server at www.staging.photoquestadventures.com and I cannot get past this point - only on VISTA!

  I downgraded to Firefox V4 (I didn't have a copy of V5 stored and couldn't find it on the net) and it asked the correct question: to allow connection even though there was a security certificate problem. Then I upgraded to V6, and it continued to connect just fine. So something in the V5 to V6 upgrade created the problem for me.
  I wonder if there is insufficient testing of Firefox on Vista, as I have had several problems with new versions while I have not had the problems on XP or Win7.

• Error message trying to install Adobe Download Assistant (Sorry an Error has occured... certificate problem)

  I am trying to download the free trial of Acrobat XI. I am using an iMac running Mac OSX 10.6.8. When I click on the Installer I have downloaded for Adobe Download Assistant, it gives me the following error message while trying to open/install the Download Assistant:s
  Sorry, an error has occured.
  The application cannot be installed due to a certificate problem. The certificate does not match the installed application certificate, does not support application upgrades, or is invalid. Please contact the application author.
  Can anybody help?

  Lmslugo please move your current installation to the trash can, empty the trash, and reinstall.  This should give you a new copy of the application with a current certificate.

• Adobe Air Certificate problem

  I get the following error message when I try to use any of my applications that use Adobe Air: 
  The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support the application upgrade, or is invalid. Please contact the application author.

  Have you tried creating new certificate for the app?

• Cannot open install assistant.  I get this error message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Pleas

  How can I downloade a trial of Adobe Elements 12? 
  I followed the instructions to download assistant...but get this message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.

  Hi alposer,
  Please remove the copy of the Adobe Download Assistant you currently have installed and then reinstall the Adobe Download Assistant.
  Regards,
  Rave

• Certificate Problem--can't install

  I am trying to install Creative Cloud trial version on my Mac. I get this message:  The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.
  There is no error number

  Kulerkween can you please post a screenshot of the error message?  Also what operating system are you using?

• Certificate problem--safari says it couldn't establish a secure connection.

  Certificate problem. How do I fix a corrupted cert? I think what's going on is that the cert that is installed for this site is bad. But Safari just gives an error and I can't find a way to remove the bad one and add a new one? Can anyone help me?

  I haven't experienced any issues like this.
  What's a corrupted certificate?

• There is a problem with this connection's security certificate The remote computer cannot be authenticated due to problems with its security certificate. Security certificate problems might indicate an attempt to fool you or intercept any data you send

  Hi,
  I have this Windows 2008 R2 on which I installed remoteapp some years ago.
  Now the certificate expired and I get the message
  "There is a problem with this connection's security certificate
  The remote computer cannot be authenticated due to problems with its security certificate.
  Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
  How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
  Please advise.
  J.
  J.
  Jan Hoedt

  Does the computer account have Enroll permission to the certificate template?
  From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
  Add Certificate Templates and click OK.
  Find the certificate template, then right click and select properties.  On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
  On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK.  Then give your computer account Enroll permisssion.
  HTH,
  JB