IMAP SSL Certificate Errors

Similar Messages

• When trying to get to a CUIC permalink report via a get XML document data step in UCCX, we get a SSL certificate error

  Has anyone found a way to overcome the SSL certificate error via UCCX editor?  See attached screenshots.  Thanks!

  Hi, not easily, no.
  But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
  G.

• [IMAP SSL] Certificate-Based Login problems

  Hi,
  I am trying to set up a Certificate-Based Login authentication for an installation of Java Messaging Server 7 Update 3 over Solaris x86 64bit platform.
  The objetive is to allow a client to establish an SSL session using a certificate that has been issued by a CA that the server has established as trusted and then grant access to the user without providing his password.
  In my installation, unfortunately password is allways required to login any user. These are the steps I have made:
  1. Add the CA-signed server certificate.
  2. Add the trusted Certificate Authority.
  3. Turn on all cipher suites including the weak ones.
  4. Enable SSL
  ./configutil -o service.imap.enablesslport -v yes
  ./configutil -o service.imap.enable -v 1
  ./configutil -o service.imap.sslport -v 993
  ./configutil -o service.imap.sslusessl -v yes
  ./configutil -o encryption.rsa.nssslpersonalityssl -v "Product-Cert" (where Product-Cert is my CA signed server certificate)
  5. Check with the netstat command to verify that the service is running.
  bash-3.00# ./configutil -o service.imap.sslport
  993
  bash-3.00# netstat -an | grep 993
  *.993 *.* 0 0 49152 0 LISTEN
  Once I have taken these steps, when I use a client to establish an SSL session with a PKCS#12 certificate installed (signed by the same CA trusted by MS and the email address in your users' certificates matches the email address in a users' directory entry) the connection is correct stablished using the port 993 but it is allways necessary to login with password to grant access.
  The imap logs seems to show that the MS is not requesting the user's certificate from the client, because allways shows "plaintext authentication" (this correspond a try to access to the user's inbox without Login).
  [10/Mar/2010:10:31:38 -0100] goody imapd[2623]: Account Notice: badlogin: [192.168.169.12:1595] plaintext llcc authentication failure
  [10/Mar/2010:10:31:41 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:1595] [unauthenticated] 2010/3/10 10:31:37 0:00:04 41 907 0
  [10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Network Error: Socket error [192.168.169.12:2226] : I/O function error
  [10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:2226] [unauthenticated] 2010/3/10 10:31:56 0:00:25 11 511 0
  Also there are some error logs related to the Ciphers:
  [10/Mar/2010:10:30:39 -0100] goody imapd[2623]: General Error: SSL initialization error: Unable to enable SSL cipher suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SH
  A (0x0064)
  (-8186)
  Please, Can you help me to discover if there is something wrong in my configuration?
  Thanks in advance.
  Kind Regards,
  Luis

  Thanks for your reply Shane.
  Yes, I have configured the client to use port 993. I think the problem is in the Multiplexor configuration, after finished, I allways get this Log message in the ImapProxy Logs:
  [15/Mar/2010:17:25:10 -0100] goody ImapProxy[1865]: General Error: (id 455) Connection limit reached for client IP 192.168.169.108
  [15/Mar/2010:17:25:22 -0100] goody ImapProxy[1865]: General Error: (id 477) Connection limit reached for client IP 192.168.169.108
  [15/Mar/2010:17:25:37 -0100] goody ImapProxy[1865]: General Error: (id 499) Connection limit reached for client IP 192.168.169.108
  Where 192.168.169.108 is the IP of the server where MS is installed. The strange thing is that there are no connections established becacause this is a development environment, when I try to check the IMAP port (not ssl) I find a strange behaviour:
  bash-3.00# telnet localhost 143
  Trying 192.168.169.108...
  Connected to goody.
  Escape character is '^]'.
  * OK [CAPABILITY IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY UNSELECT SORT CATENATE URLAUTH LANGUAGE ESEARCH ESORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ENABLE QRESYNC CONTEXT=SEARCH CONTEXT=SORT WITHIN SASL-IR XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN STARTTLS] Messaging Multiplexor (Sun Java(tm) System Messaging Server 7.3-11.01 (built Sep 1 2009))
  . login llcc LLCC_PASSWORD
  Connection to goody closed by foreign host.
  The ConnLimits parameter is set to default in the ImapProxyAService.cfg (i.e. default:ConnLimits 0.0.0.0|0.0.0.0:20).
  Also I have set this values not present in the link: http://wikis.sun.com/display/CommSuite/Configuring+Encryption+and+Certificate-Based+Authentication#ConfiguringEncryptionandCertificate-BasedAuthentication-ToSetUpCertificateBasedLogin
  configutil -o local.mmp.enable -v 1
  configutil -o local.store.enable -v 0
  configutil -o local.imta.enable -v 0
  configutil -o local.http.enable -v 0
  Any idea?
  One question more. I have read that Store Administrators have proxy authentication privileges to any service (POP, IMAP, HTTP, or SMTP), which means they can authenticate to any service using the privileges of any user. The question is: Is there any way for the Store Administrator to access to the mailbox of all the users using the IMAP protocol?
  Thanks a lot for your help,
  Best Regards,
  Luis

• SSL Certificate Error in AIX server~~~SCOM 2012 R2

  Hi Everyone,
  While installing SCOM client i am getting below error. Plz suggest.
  Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve 
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
  The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve.
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool. 

  Hi Pawan
  Have you exported/imported scx certificates?
  Check out Kevin Holmans blog on installation of UNIX/Linux agents:
  http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
  www.coretech.dk - blog.coretech.dk

• SSL certificate error when installing

  Hi,
  We are getting error when installing the SSL certificate on our web dispatcher. Please see screenshot attached.
  Kindly assist us on this.
  Thank you!
  Regards,
  AJ

  You have to specify the additional certificates with the "-r" parameter.
  E g
  sapgenpse import_own_cert -c <cert_from_eg_verisign> -p <PSE-file> -r intermediate-one.cer -r intermediate-two.cer
  You can specify "-r" up to 10 times.

• SSL certificate error on every SSL page

  Hello,
  I was having problems earlier with connecting to my wireless internet so I deleted some of my .plist files attempting to fix the problem. Now I am having problems connecting to ANY SSL page, (as well as google chat, etc.) saying "security certificate is not trusted". Same happens on all browsers. I think it is because I deleted some plist files (not sure which ones).
  How can I fix this problem? I cannot find any documentation of anyone else having this problem, so please help!
  Much thanks.

  The answer was found elsewhere: Android is much more picky when it comes to SSL certificates and what works in the browser doesn't necessarily work in an Android app.
  A technician had to add a "SSLCACertificateFile to the SSL conf to provide this intermediate chain". I don't know what this is, but it worked.

• Expired SSL certificate errors in browser after installing a new Certificat

  I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?

  Here is the output but i noticed that there are three of the same key(sitecert)
  wadm> certutil -L -d .
  sitecert                                                     u,u,u
  sitecert                                                     u,u,u
  Thawte SGC CA - VeriSign, Inc.                               CT,,
  sitecert                                                     u,u,ui guess now the question is how to get ride of the 2 offending certs in the database.

• SSL Certificate errors on websites since using Cisco RV130 router

  Dear reader,
  The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).
  Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.
  Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.
  Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.
  Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct. 
  Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:
  www.google.com:
  Pinging www.google.com [95.100.141.15] with 32 bytes of data:
  Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
  Ping statistics for 95.100.141.15:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 9ms, Maximum = 11ms, Average = 10ms
  www.apple.com:
  Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
  Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
  Ping statistics for 95.100.141.15:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 9ms, Maximum = 16ms, Average = 12ms
  I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!
  Best regards,
  Fred
  P.s. I have added two images of the resulting errors from Chrome.
  [edit]
  Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.

  I could try to use the RV130 on my home network possibly and see what happens, but truthfully I'm not considering keeping this device that long if this problem keeps occurring.
  Regarding the firmware, the latest version of the firmware is on the router. And I have, coincidentally, reinstalled several laptops in the past week that all had the problem before reinstalling and still have it after reinstalling.
  We do have a piece of internet security software, which is kaspersky internet security, but disabling it doesn't help and secondly, we've had that long before we started using this router and the problem never occured then.
  Is there at all a possibility that the router is causing this? If the answer is yes then I think I don't have any more time left to invest in looking for a cause and will just return the product and search for a new router. Preferably still a Cisco, but definitely another one than the RV130. 

• How do I remove the certificat error everytime I try to access the Cisco Unified CM Administration web-page?

  Hi,
  Every time I want to have access to the Cisco Unified CM Console (System version: 7.0.1.11000-2), I use the https://10.10.x.x/ccmadmin/showHome.do homepage on my client computer, but when I open the page, I get a SSL certificate error, stating no trust to this webpage security certificate and if I those "continue to this page (not recommended)", I get access to the Cisco Unified CM Console web page.
  I have tried to add the https://IP-adress to secure web pages in Internet Explorer 7, but this to no avail, it does not help.
  How do I add this certificate to a trusted something, so I do not get this warning every time I open the page?
  Kind regards,
  Carl-Marius

  Hi Michael,
  It worked when I change the IP-address to the name that was written in the certificate, and imported the certificate to Internet Explorer.
  Thank you for your fast and very precise help!
  Kind regards,
  Carl-Marius

• [solved] dovecot errors after renewing SSL certificate

  System:
  OS X Server (Mountain Lion) 2.2
  Using a single SSL Certificate for all services.
  Symptom:
  Users can't log into their IMAP accounts hosted on OS X Server (Mountain Lion) after renewing SSL Certificate
  Diagnostics:
  Give you an indication whether it's this problem. Some or all may apply:
  Log shows all kinds of dovecot errors. e.g.
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  config: Fatal: Error in configuration file /Library/Server/Mail/Config/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
  dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
  /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf shows commented out lines:
  ssl_cert
  ssl_key
  ssl_ca
  Solution:
  Go to the Certificates pane of the Server App  and choose Secure Services Using: Custom
  Set IMAP and POP server certificates to to None
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf
  Now set Secure Services Using: <My single SSL Certificate for all services>
  Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf and you should now see all the ssl* settings as you would expect, and pointing to the correct SSL certificate  in /etc/certificates
  Hope this works for you too!

  I had something similar happen. When I do anything with SSL certificates it deletes any regular websites. Only the sites that are setup for https are listed.
  Couldn't understand why my website wasn't working and it turned out that the system had deleted it. The web server had multiple host set and I had to rebuild all the ones that had used port 80. All the ones that use 443 were fine.
  Hope this helps.

• SSL Offloading and Certificate Errors

  I am attempting to offload SSL on an F5 load balancer.  I made the certificate request from the load balancer, procured the certificate from Entrust, and installed on the load balancer.  I then followed SSL Offloading TechNet instructions here:
  http://technet.microsoft.com/en-us/library/dn635115(v=exchg.150).aspx.  My two CAS servers still have the self-signed certificates bound in IIS.  I am getting certificate
  errors when making RPC over HTTPs connections in Outlook and the self-signed certificate is popping up.
  My question is what do I do with the certificates on my 2 CAS servers?  Do I leave the self-signed certificates on there and export the Entrust certificate from my F5 and then import it to my CAS servers and change the bindings in IIS? 
  Or do I have to make the CSR from a CAS server, issue a new Entrust certificate from that, import to both CAS servers, then import to the F5 and make sure all bindings are correct in IIS?
  Or am I completely misunderstanding how this works and need to do something different entirely?
  Thanks in advance for any guidance.

  As I previously mentioned, I have already followed the SSL Offloading guide from technet, which included unticking Require SSL for all the various objects in IIS (OWA, ECP, EWS, RPC etc.) 
  Additionally I made sure SSL Offloading was enabled for Outlook Anywhere in Powershell.  See for example output of Get-OutlookAnywhere:
  RunspaceId                         : 1bdf6a03-d43d-4478-84cc-95e18806b11b
  ServerName                         : TSTEXCG2013
  SSLOffloading                      : True
  ExternalHostname                   : tstowa.XXXX.com
  InternalHostname                   : tstowa.XXXX.com
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  XropUrl                            :
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  MetabasePath                       : IIS://TSTEXCG2013.tstXXX.tstXXXX.tst/W3SVC/1/ROOT/Rpc
  Path                               : D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking    : None
  ExtendedProtectionFlags            : {}
  ExtendedProtectionSPNList          : {}
  AdminDisplayVersion                : Version 15.0 (Build 847.32)
  Server                             : TSTEXCG2013
  AdminDisplayName                   :
  ExchangeVersion                    : 0.20 (15.0.0.0)
  Name                               : Rpc (Default Web Site)
  DistinguishedName                  : CN=Rpc (Default Web
                                       Site),CN=HTTP,CN=Protocols,CN=TSTEXCG2013,CN=Servers,CN=Exchange
  Administrative
                                       Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=XXX XXXX,CN=Microsoft
                                       Exchange,CN=Services,CN=Configuration,DC=tstXXXX,DC=tst
  Identity                           : TSTEXCG2013\Rpc (Default Web Site)
  Guid                               : 9b2bc5e2-41c1-4219-9186-8e6b8cb63dc0
  ObjectCategory                     : tstXXXX.tst/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                        : 7/10/2014 7:38:58 PM
  WhenCreated                        : 6/23/2014 2:54:36 PM
  WhenChangedUTC                     : 7/11/2014 12:38:58 AM
  WhenCreatedUTC                     : 6/23/2014 7:54:36 PM
  OrganizationId                     :
  OriginatingServer                  : TSTXXXXDC02.tstXXXX.tst
  IsValid                            : True
  ObjectState                        : Changed

• Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

  Hello,
  I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
  Azure Management portal shows the status of Hybrid Connection as established.
  However, the website throws an error when trying to open a connection
  <
  addname="DefaultConnection"
  connectionString="Data
  Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
  providerName="System.Data.SqlClient"
  />
  (The same website, with the same connection string deployed on SQL Server machine works correctly).
  I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
  I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
  The certificate chain was issued by an authority that is not trusted             
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
  Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
  Stack Trace:
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
  System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
  System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
  System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
  System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
  System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
  System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
  System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
  System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
  System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
  System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
  System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
  System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
  System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
  System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
  System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
  System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
  System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
  System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
  System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
  System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
  System.Data.SqlClient.SqlConnection.Open() +96
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
  [EntityException: The underlying provider failed on Open.]
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
  System.Data.EntityClient.EntityConnection.Open() +104
  System.Data.Objects.ObjectContext.EnsureConnection() +75
  System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
  System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
  System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
  System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
  CloudShop.Services.ProductsRepository.GetProducts() +216
  CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
  CloudShop.Controllers.HomeController.Index() +1130
  lambda_method(Closure , ControllerBase , Object[] ) +62
  System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
  System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
  System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
  System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
  System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
  System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
  System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
  System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
  System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
  System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
  System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
  System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
  System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
  Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
  Regards,
  Michal
  Michal Morciniec

  Same issue here, looking for more information !

• Sequence tag error while importing the SSL certificate into ".keystore" fil

  I have created the ".keystore " file successfully and also imported the "root.cer".
  but while importing the SSL certificate it says like
  "keytool error: java.security.cert.CertificateException: IOException: Sequence ta
  g error" (I got the certificate from Verisign)
  How to resolve this Error?
  can anyone help me?
  mail to:: [email protected]
  Thanks in Advance

  Hi,
  I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked.

• How do you know if trust certificate error about imap.aol server is the result of an imposter or the "real" aol imap server?

  I keep receiving a trust certificate error about imap.aol server. Says it may be the result of an imposter or the "real" aol imap server?  How do you determine if the trust certificate is for an imposter?

  Please post a direct link to the page you're having trouble with.

• Error after SSL Certificat update

  I updated the SSL certificate on a Win2003 SP2 server with IIS6.0
  The initial certificat was a single URL certificate and is replaced by a wildcard one.
  After installing the certificate (and it's CA chain) using the mmc I changed the certificate in IIS and configured the SSLBinding using "cscript.exe
  adsutil.vbs".
  The result is an SSL ERROR.
  The CA chain and the certificate are two CRT files.
  Here is the result of the "certutil.exe -store my"
  command :
  C:\Documents and Settings\Administrateur.W2K79>certutil -store my
  ================ Certificat 0 ================
  Numéro de série : 4899717f3b1ba89dedb7c472d575cb01
  Émetteur: CN=Thawte SSL CA, O=Thawte, Inc., C=US
  Objet: CN=*.bourgenbresse.fr, OU=Collectivite, O=COMMUNE DE BOURG EN BRESSE, L=B
  OURG EN BRESSE, S=Ain, C=FR
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): eb 03 df 43 a8 03 e5 5f b1 52 fc e7 5b a9 0b 0c 19 2a 15 8a
  Aucune information sur le fournisseur de clé
  Pas de propriétés pour le jeu de clé dans le magasin
  ================ Certificat 1 ================
  Numéro de série : 023fcc
  Émetteur: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
  Objet: CN=www.portailenfance.bourgenbresse.fr, OU=Domain Control Validated - Qui
  ckSSL(R) Premium, OU=See www.geotrust.com/resources/cps (c)11, OU=GT68088061, O=
  www.portailenfance.bourgenbresse.fr, C=FR, SERIALNUMBER=R2RJ3sRPOrW0Q3XZYvvpcP05
  TqodNAru
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): 12 49 a6 95 9a 67 05 86 d9 a3 64 cb a7 a7 78 ee 6c eb 94 52
    Conteneur de clé = cecd6bee4621365b6e763b9bfcd773cf_b3f7eefb-5c14-4333-a5bb-29
  d40b271698
    Fournisseur = Microsoft RSA SChannel Cryptographic Provider
  Succès du test de cryptage
  CertUtil: -store La commande s'est terminée correctement.
  Please help !

  It seems that the key for the wild card certificate has not been found. The output shows a valid key for the other cert. ("1") but no key information for the wild card cert ("0"). I assume, that when you double-click the certificate in
  the computer's Personal store you don't see the message You have a Private Key...
  (on the bottom of the General tab), right?
  Windows 2003 sometimes needed some extra effort to "connect" key and certificate, in addition to just importing it (I am assuming that you imported it to the machine where you had created the key).
  Check if the command line tool certutil is available. If not, install the W2K3 admin pack (download e.g.
  here).
  Double-click the new server certificate, go to Details...
  Scroll down the list of attributes and locate the Serial Number. Copy the serial number value.
  At the command shell run as a local admin:
  certutil -repairstore my "<Serial Number>"
  If this has been successful you should now see the message You have a Private Key... when double-clicking the certificate.
  Elke