HTTPS certificate

Similar Messages

• Cisco ISE NDES EAP and HTTP certificates from different CA

  Hi guys, hope this is something you can help with…
  2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
  AD integration with customerdomain.local
  Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
  Corporate authentication is using EAP-TLS which is working fine
  BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
  I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
  As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
  This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
  Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
  Thanks
  Andy

  I have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine.  I am wondering if this is a certificate tier length issue.  My working example has a RootCA->IssuingCA->Cert.  It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
  Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
  Thanks

• Can you reload the default HTTPS certificate for a Border Controller?

  The HTTPS page does not work for the Tandberg Border Controller (Q6.3). HTTP is fine. I believe that the customer uploaded their own certificate which has now “broken” the HTTPS page.
  So the question is – can you reload the default HTTPS certificate for a Border Controller?
  There’s a handy button to do this on the VCS but not on the BC it seems. The only option I can see is for the customer to generate a “working” certificate and upload it, is this the only option?
  Thanks,
  David

  Hi sherylz,
  It is also possible to edit the theme, but it may be wise to make a copy of it:
  *[https://support.mozilla.org/en-US/questions/940165]
  *[https://developer.mozilla.org/en-US/Add-ons/Themes/Background MDN Reference]
  *Add on to make own skin: [https://addons.mozilla.org/en-Us/firefox/addon/bt-canvas/]

• Install https certificate and Connect to an alias URL

  Hello,
    I have IDM 7.1 installed on Windows and MS SQL and its working fine.
  My requirement is to access IDM with easyURL (instead of having port no: 500000/idm...).
     an alias name has been created. Now i want to install https certificate and then want to connect to the alias URL.
  I have got the https port number also.
  would you please help me as to exactly how to install th https certificate to the alias URL.
  Regards,
  Mahesh

  Hello,
    I was able to install the certificate.
  If anyone wants help, let me know
  Regards,
  Mahesh

• ADF Mobile : Rest call to a webservice using https - Certificate Error

  I'm trying to connect to a web service giving json and which uses https. I am using the following code.
  Also SalesApp connects to https://abc.com
  RestServiceAdapter restServiceAdapter = Model.createRestServiceAdapter();
  restServiceAdapter.clearRequestProperties();
  restServiceAdapter.setConnectionName("SalesApp");
  restServiceAdapter.setRequestType(RestServiceAdapter.REQUEST_TYPE_GET);
  restServiceAdapter.setRetryLimit(0);
  restServiceAdapter.setRequestURI("/sales/rest/v1/resources");
  try {
  response = restServiceAdapter.send("");
  I am getting an error of " Certificate was issued by an unrecognized entity ".
  Is there anyway to ignore the certificate warning ? Any request properties which can help with this?
  I'm not looking at adding any private certificates/verfying the certificate issued by server, just want to ignore the warning
  and proceed with the rest call.

  Hi, sure you will need to register your private certificate with ADF Mobile's embedded JVM. This is a security mechanism - the JVM we embed will only recognize certificates from well-know CA out of box. However, you can register your private certificate with the JVM. The steps are described in the ADF Mobile Developer Guide: http://docs.oracle.com/cd/E35521_01/doc.111230/e24475/security.htm#CDDCCDFF.
  Please note that you will need to be very careful when registering the JVM - extra spaces for example will cause certificate error and it could be hard to diagnose. Please ensure all the fields matches exactly with your private certificate's fields.
  Thanks,
  Joe Huang

• PI 7.0 to PI 7.1 upgrade : HTTPS Certificate Issue

  Hi All,
  We have upgraded our Pi Systems from Pi 7.0 to PI 7.1 few weeks back, howevevr inetrface that require HTTPS connections have started failing.
  I believe PI 7.1 uprade creates a new certitifcate. But this would require sharing this certificate with vendors legacy, whihc will take time.
  Is there a way to revert the certificate in PI server itself?
  XIer

  Have you checked the certificates in the keysstore (NWA) ? Maybe just some of them expired.
  What is the error message ?
  CSY

• HTTPS certificate problem on MPLS

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tableau Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Hi everyone,
  We are currently migrating our network from IP to MPLS and we encounter an issue with a only one application using security certificat through HTTPS. All other services are OK such as HTTP, FTP, Mailing, etc.
  Network description :
  The network architecture is composed by 4 core routers (which play the role of P and PE at the same time) and 2 borders routers (B1 and B2) linked to Internet via STM1 - POS interfaces.
  Each borders are both connected to two core routers (C1 and C2) by GigabitEthernet links.
  Please also note that there is a DPI (Deep Packet Inspector, model Arbor 100) between each border and core.
  Core routers C1,C2, C3 and C4 are connected to each other by GigabitEthernet links.
  B1 and B2 are linked to Internet by STM1 (POS) using eBGP.
  OSPF is used as the infrastructures routing protocol between all equipments.
  (cf the network diagram attached)
  Configuration :
  When migrating to MPLS, we fixed interfaces MTU at 9216 and the MPLS MTU at 1512 on all concerned interfaces from Core to Border routers.
  Below is a sample configuration.
  mpls ip
  mpls label protocol ldp
  mpls ldp router-id loopback0
  interface GigabitEthernet1/1
  mtu 9216
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 XXXXXXXXXXX
  ip ospf network point-to-point
  ip ospf cost 1
  ip ospf hello-interval 1
  mpls mtu 1512
  mpls ip
  Problem :
  The service application uses a server on the local network (linked via CE router) which send https requests and files to a server located in the Internet.
  When MPLS is activated only on the Core-To-Core interfaces (C1, C2, C3 and C4) the application is working properly.
  But when the MPLS is expanded on Core-To-Border / Border-To-Core interfaces, this specific application fails as it appears that the certificate server sees a corrupted frame, some bits have been added to the normal frame. But all other services (HTTP, FTP, everything,)
  Below are major differences between Border and Core routers connection schemes:
      A DPI equipment between Core and Border,
  GibabitEthernet are used for links Border-To-Core and Core-To-Core, STM1(POS) is used for links Border-To-Internet (IP)
  ­    The MTU size on STM1 interface is fixed at 4470, MTU size of 9216 is assigned to GE interfaces (Border-To-Core, Core-To-Core)
  Regards.

  Hi,
  Would it be possible to disable the functionality of the DPI (passthrough mode?) and test again?
  MPLS labels or not on the packet should not make a difference wrt HTTPS only (in theory).
  Since you mention corrupted frames, taking a packet capture should show you if this is true or not.
  Thanks,
  Luc

• Web service calling in HTTPS, certificate, hostname wrong

  Hi
  Im triying to call a web service running in WSO2 Carbon and I cant do it because I was geting a exception asking for a certificate.I had success importing a valid certificate, but now I get the following exception
  HTTPS hostname wrong: should be <10.36.15.100>
  this ip is the one where the WSO2 Carbon is running with the web service Im calling.
  When I consume services running in other places I gat no problem and I can consume the service running in the WsO2 with the SOAP UI, so I dont Know what happend?
  Thanks
  Ray

  Glad to help.
  I actually had a similar problem a few weeks ago. I created a remote enabled FM in our R/3 system that was called by a program in our SRM system. When I ran the FM in R/3 it worked, but from SRM, no joy.
  Eventually, I found that I had mispelled a parameter in the calling program. Since, the FM didn't exist in SRM, the calling program couldn't report any syntax error or give a dump. I corrected the spelling and it finally worked.
  Rob

• Firefox Sync custom server fails - invalid HTTPS certificate

  Windows XP SP3, Firefox 3.6.8.
  Using a custom Sync server, the Weave minimal server written by Toby Elliot. Firefox Sync 1.4.4 extension is crapping out at the setup stage.
  I've got a self-signed SSL certificate behind my web server, since it's for my personal use. I have the Sync extension on a couple of other Firefox installations, grandfathered through a few versions since Weave. Those extensions work and I can sync, no problem.
  So the problem is not with my server itself, or with my username, or with my password. As I said, all three work fine with other Firefox installs.
  This new setup process won't let me get past the "invalid HTTPS cert" error. Must I sign my cert with a certificate authority of my own, or will even that be marked as invalid?
  Any guidance would be appreciated.

  This can be fixed by browsing to the site and accepting the cert first but on my HTC incredible the buttons are off the screen and I can't scroll to them.....MOZILLA Please help!
  Thanks and keep up the good work,
  Peter

• Https certificate issue

  Hi
  We wanted to access https://<server>:<port>/index.html and the https services are enabled on our sap system (abap+java). The issue is while accessing the link it ask for a secure digital certificate which is understandable. We do not want every system in the company to manually add the certificates to their local system however wanted to push a digital certificate from our sap system itself so the users in the domain doesnt have to bother about accepting it and putting it in their trusted certificate area. The certiticate required to push from server has been provided by our companies local CA and we are wondering where in VA we should put it so it resolves the issue. Is there anything additional needs to be done after cert implementation. Please advise.
  Regards,
  Pankaj

  Hi Anil,
  I read your response however if you check the note 510007 which talks about exactly what we wanted to implement. The user should not get prompted for the certificate if they are accessing the https link from the same domain and since we got the SAP certificate signed from the local CA; the browsers automatically should understand that this falls under their domain (since all compaines browsers have atleast their domain certificate installed in IE) hence should not ask for certificate again.
  I also have a SAP message open and lets see what they come up with.
  Thanks
  Pankaj

• Https certificate on WAAS Central Manager

  Hi,
  I wanting to know if it is possible to authenticate the WAAS central manager with a different certificate/key pair than the self-signed certificate/key pair.
  I can't find any information about installing my own certificate/key pair.
  Thanks in advance

  We do have an option for the same:
  First you may generate a CSR using:
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v531/command/reference/execmds.html#wp2773266
  Once done you can get the cert and import cert and keys on Central Manager using admin option
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v531/command/reference/execmds.html#wp2773369
  "admin"
  Specifies that the certificate and key are for the Central Manager admin service. This option can be used only on the Central Manager.
  The Central Manager admin service uses a self-signed certificate and key by default. You can use the crypto import pkcs12 admin command to import a custom certificate and key in PKCS12 or PEM format. If you delete the custom certificate and key, the self-signed certificate and key again become active.
  Hope this helps,
  Swati

• About https certificate problem

  Hi,All
      I change my OS datetime bakc to 2010,and send https request to my website api,https://api.xxxxxx.com,the httpService always fault,the fault detaial as
  FaultEvent fault=[RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: IO Error。 URL: https://api.xxxxxx.com"].
  Is there anyway to prevent this error , thanks.

  Thanks for reply.
  Code like this
  var http:HTTPService=new HTTPService();
  http.url ="https://api.xxxxxx.com/getSomething?p1=x" ;
  http.method = HTTPRequestMessage.GET_METHOD;
  http.requestTimeout = requestTimeout;
  var token:AsyncToken = http.send();
  I think the code is ok.
  The code work correctly when the computer datetime setting is right.
  But when i change the computer to a few year ago,the http request always fualt.
  And  open the url in ie explorer,and was told the certificate is expire,so i think the problem is all about certificate.
  Is anyway can make it work without change the system time?

• Https Certificate Problem

  I'm working on an application that will contact several ISP websites, to retrieve the connections statistics.
  Several of those websites needs certificate authentication's.
  For the moment I found 2 solutions:
  * Getting the certificate and put it manually in my keystore
  * Bypass the security by overriding X509TrustManager()
  The first solution is not dynamic, cause I can not ask everyone who will use this application to create for each certificate a keystore.
  The second solution, well there is no authentication so I can not know if I'm really contacting the correct website.
  Is there a way to install a certificate from my java application to my virtual machine ? Or is there another way ?
  I'm making my application with Java 6.
  Thx

  Ok I think I found what I wanted ... But I don't know if this is the best way ...
  I don't really need the certificate on my machine, but I have to be sure its valid. So I think this is good enough.
                 TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                      public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                           return null;
                      public void checkClientTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {}
                      public void checkServerTrusted(
                                java.security.cert.X509Certificate[] certs,
                                String authType) {
                           try {
                                for ( X509Certificate cert : certs) {
                                     cert.checkValidity();
                           } catch (CertificateExpiredException e) {
                                e.printStackTrace();
                           } catch (CertificateNotYetValidException e) {
                                e.printStackTrace();
                 SSLContext sc = SSLContext.getInstance("SSL");
                 sc.init(null, trustAllCerts, new java.security.SecureRandom());
                 HttpsURLConnection
                           .setDefaultSSLSocketFactory(sc.getSocketFactory());
                 URL url = new URL(
                           "https://...");
  ...

• Have come full circle---k9-4235 server(https) certificate expired

  Ok i have been running k94235's and idsm2's for a couple years and when I was munking around with a sig on one of the k9-4235 i discovered that the server certificate expired this past sat...When I tried to create a new sensor in IEV it gave the error "connection handshake failure"....
  where/how do I get/make a new server certificate for https sessions on k9-4235, is the latest and greatest
  sysinfo
  Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S178
  MainApp 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  AnalysisEngine 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Authentication 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Logger 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  NetworkAccess 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  TransactionSource 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  WebServer 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

  You can try removing the expired certificate from the sensor by logging into the sensor's CLI and entering the following commands:
  sensor# configure terminal
  sensor(config)# no tls trusted-host ip-address 10.1.2.3
  Next, tell the sensor to trust 10.1.2.3:
  sensor(config)# tls trusted-host ip-address 10.1.2.3

• User portal HTTPS certificate

  Thanks Martin2012
  I looked at the instructions and found out that I had more use of the link How-to install a Public SSL Certificate at the bottom of the HowTo-post than the post itself. But you led me the right way!

  HiI have the intention of launching Spiceworks user portal as an integrated part of our new Intranet. We are running a Microsoft domain environment with AD.The Spiceworks user portal is installed on our Intranet-server to which a server specific SSL-certificate is connected and maintained.But when you activate the HTTPS function of the user portal in Spiceworks, it uses a selfsigned certificate.I would like to have instructions of how to set Spiceworks user portal to use the SSL-certificate already connected and maintained to the Spiceworks/Intranet-server.The certificate verifies the base-URL to the server (https://company.com) and my Spiceworks user portal has the following URL: https://company.com:9675/portalwhich is reachable from the internet.Thanks in advance
  This topic first appeared in the Spiceworks Community