Implementing self-signed SSL on the coldfusion webserver

We've just recently implemented a self-signed SSL on the coldfusion webserver and find that the scheduled tasks are not running.
They don't even appear to "kick off". I'm not receiving an error or notice.
I've attempted pulling-in the cert directly into the Coldfusion JRE folder, and running through the most common answers on the internet regarding use of the cert keytool import - no luck.

I currently have the configureation you are talking about.  To allow an iOS device to connect do the following.
1.  From the iOS device go to your servers homepage in safari.
2.  Login to the profile manager using that individuals userid and password.  For some reason I have to login twice the first time I enter the userid and password it will not authenticate the second time it will log the user in.
3.  Click the install button next to the "Trust profile" to install it to the iOS device.  This will make the iOS device trust the certificate from your personal server.
4.  After that you may also install the server profile which will install your vpn and calendar etc... profiles for connecting to the services you have setup on the server onto the iOS device.
5.  Once you accomplish this you will be able to access your services via your local lan or vpn.

Similar Messages

  • Abandoning Self-Signed SSL Certificates?

    Hello,
    I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates.  I'm not an expert on the subject, but I do know the following things:
    1)  An earlier finding lead to me disabling all forms of SSL on my servers and workstations
    2)  Workstations use certificates to identify themselves to other domain assets.
    Now my servers all have their own certs signed by an outside authority.  However, it would be a huge amount of work to go through the process for each and every workstation.  So my questions are these:
    1)  Can I create a NON-SSL self signed cert for these machines to use?
    2)  How do I remove these current SSL certs without having to hover over each workstation?
    Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
    Thanks,
    M.

    What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
    using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
    Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
    If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
    internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
    Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
    the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
    an internal CA).

  • Accessing websites running on non-standard ports or with self-signed ssl certs?

    I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
    Anyone else noticed this?

    If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
    That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
    If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
    In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
    In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

  • IMAP Mail Setup with self-signed SSL certs

    I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
    Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..

    If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
    And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case.

  • How to Import Self-signed SSL server certificates in Adobe AIR applications

    Hi,
    I am using secure AMF endpoints for remote object communication from AIR client.
    since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
    Is there any mechanism to import the server certificate in AIR application..?
    Please provide suggestions.
    Thanks

    I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????

  • SMTP & Self-Signed SSL

    I'm having a strange problem, I can't get SMTP to work using a self-signed SSL certificate. I can get IMAP to work with the cert no problem. And I can submit non-ssl using port 587. But if I try to use SSL, using the self-signed certificate, I get an error in Mail.app saying it can't connect to the server. Any ideas about this?
    I did have to edit a few lines in master.cf to make submission on :587 work.

    You can see the two lines i uncommented halfway down this thread:
    http://discussions.apple.com/thread.jspa?threadID=1433081&tstart=0
    SSL is set to USE.
    As far as logs go, what do you want to see? SMTP logs after trying to send something via SSL?

  • E-Mail Setup fails with self-signed SSL certificat...

    Hi, one of my e-mails is with a small provider who just moved the mail server to Imap and SSL. In Thunderbird, everything works fine, setup on my Nokia C-6-fails with an unspecific error message (and trows away the settings). I asked the provider, and it seems that the problem comes up because the Nokia e-mail application doesn't asked me if I want to accept the certificate but instead rejects it. Is there a workaround to this problem? Is there a way to setup the mail account without using the wizard? Or to take over the settings from Thunderbird? Or a way to put the certificate in the right place manually? In Opera mobile I have no trouble with self-signed SSL certificates. Thanks Cave

    Any one around who can help? Self-Signed certificates are rather common, after all. I would be grateful cave

  • Mail.app: Self-Signed SSL Certificates

    How can I make mail trust self signed mail certificates FOREVER? As it is now, I have to tell Mail.app to always trust the cert for each email account, every time I launch mail. Then it remembers to trust it until I quit mail, then I have to re-tell it all over again. This is bearable on my desktop but on my laptop, where I need SSL the most, I'm constantly logging in and out and rebooting, and it drives me crazy.
    FYI it's my own server, running Mac OS X Server. And I'm not buying a certificate, it's the encryption I'm after

    First, the certificate must match the name Incoming Mail Server that your clients are using. For example 'mail.acme.com'. So, when creating the self-signed certificate, the common name that you enter would be 'mail.acme.com'. If you don't do this, you will always be prompted about the certificate when you relaunch Apple mail.
    Just for clarification, here is how you should trust the self-signed certificate on the Macs that are using Apple Mail:
    1. When you get the prompt about the certificate, click the show certificate button.
    2. Drag the icon of the Certificate on the left in the Show Certificate dialog box to the desktop. This will create a document on your desktop named 'mail.acme.com.cer'.
    3. Double click the certificate on the desktop which will open an Add Certificate dialog box.
    4. Depending on the version of Mac OS X that you are running, what you do next will vary a little.
    Leopard
    1. Click the drop down next to keychain and select System
    2. Open Keychain Access (Applications/Utilities) if it is not already open
    3. Click System on left hand side under Keychains
    4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it. (NOTE: I had to quit Keychain Access and reopen it before the certificate showed up under System for me for some odd reason)
    5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
    6. Select Always Trust from the drop down next to 'When using this certificate'
    7. Close the certificate window and then quit out of Keychain Access
    8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
    9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
    Tiger
    1. Click the drop down next to keychain and select X509Anchors
    2. Open Keychain Access (Applications/Utilities) if it is not already open
    3. Click System on left hand side under Keychains
    4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it.
    5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
    6. Select Always Trust Settings from the drop down next to 'When using this certificate'
    7. Close the certificate window and then quit out of Keychain Access
    8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
    9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
    This worked for me. I hope this works for you too.

  • Create/install self signed ssl cert

    I'm evaluating the platform edition server. Is there a quick way to create and install a self signed ssl server certificate (I'm running Windows 2000 pro).
    Thanks
    Mark

    Download the NSS tools from here:
    http://wwws.sun.com/software/download/products/3e3afa8e.html
    Documentation for NSS tools can be found here (see certutil):
    http://www.mozilla.org/projects/security/pki/nss/tools/

  • IPhone LDAP contacts and Self signed SSL certificates

    Hi,
    I am using OpenLDAP with self signed SSL certificate, and i am unable to get SSL work with LDAP contacts on the IPhone (4.x). I have tried to add a CA cert with a server certificate for the LDAP server and downloaded it to the IPhone by web, it adds the CA, but even with it, it does not want to connect to the LDAP server with SSL enabled.
    Does LDAP contacts should work by adding new CA ? if yes, what is the exact procedure to do it ? (maybe I used a wrong CA export format, or wrong SSL certificate encryption format ...)
    can someone tell me how to do it ?
    This is really anoying, since we have multiple iphones on the company.
    Thanks for the help.

    Hello, found your post.  I realize it's been 6 months since you posted, but I have a solution for you since I have struggled with the same problem since 2009.
    I discovered that when the iPhone is using LDAPS, it tries to bind with LDAPv2.  After it binds, it speaks LDAPv3 like it is supposed to.  Apparently this is a somewhat common practice since OpenLDAP includes an option for it.
    You'll want to set the following option in OpenLDAP:
    dn: cn=config
    olcAllows: bind_v2
    Walla! LDAPS works! (assuming you've correctly done all the certificate stuff).  Took some deep reading through the debug logs to figure out this problem.  Figured I'd share my answer with others.

  • Http Analyzer connecting to server with self-signed SSL cert

    When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
    Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
    Am using JDeveloper 10.1.3.
    Thanks,
    John

    I fixed that by getting certs from: https://www.startssl.com/?app=1.
    The certs are free and work fine.
    Since Iphone 4 apple does not accept unknown CA Authorities.

  • How do I install this self-signed SSL certificate?

    I haven't been able to connect to the jabber server I've been using (phcn.de) for quite some time now, so I filed a bug report with mcabber. The friendly people there told me to install phcn.de's self-signed certificate, but I can't figure out for the life of me how to do that.
    I know I can download something resembling a certificate using
    $ gnutls-cli --print-cert -p 5223 phcn.de
    Which does give me something to work with:
    Resolving 'phcn.de'...
    Connecting to '88.198.14.54:5223'...
    - Ephemeral Diffie-Hellman parameters
    - Using prime: 768 bits
    - Secret key: 767 bits
    - Peer's public key: 767 bits
    - PKCS#3 format:
    -----BEGIN DH PARAMETERS-----
    MIHFAmEA6eZCWZ01XzfJf/01ZxILjiXJzUPpJ7OpZw++xdiQFBki0sOzrSSACTeZ
    hp0ehGqrSfqwrSbSzmoiIZ1HC859d31KIfvpwnC1f2BwAvPO+Dk2lM9F7jaIwRqM
    VqsSej2vAmAwRwrVoAX7FM4tnc2H44vH0bHF+suuy+lfGQqnox0jxNu8vgYXRURA
    GlssAgll2MK9IXHTZoRFdx90ughNICnYPBwVhUfzqfGicVviPVGuTT5aH2pwZPMW
    kzo0bT9SklI=
    -----END DH PARAMETERS-----
    - Certificate type: X.509
    - Got a certificate list of 1 certificates.
    - Certificate[0] info:
    - subject `CN=phcn.de', issuer `CN=phcn.de', RSA key 1024 bits, signed using RSA-SHA, activated `2009-05-04 08:26:21 UTC', expires `2014-04-08 08:26:21 UTC', SHA-1 fingerprint `d01bf1980777823ee7db14f8eac1c353dedb8fb7'
    -----BEGIN CERTIFICATE-----
    MIIBxzCCATCgAwIBAgIINN98WCZuMLswDQYJKoZIhvcNAQEFBQAwEjEQMA4GA1UE
    AwwHcGhjbi5kZTAeFw0wOTA1MDQwODI2MjFaFw0xNDA0MDgwODI2MjFaMBIxEDAO
    BgNVBAMMB3BoY24uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALqS+tnB
    tNruBGdcjw0o+BWSdfkKH4T3VpS7bkrsS0q7RD5iUIao7jH2lJqTk1TrLbQe28+R
    H0X9Ya+w22iYFea2l3wkrTnBfgdSZbRhpSxgVvC2QEBMoSrEQoRpo5lzXadRlob/
    RQ+rhu/cWCNeiRJzfkmNirPVEciGKQHrwKxxAgMBAAGjJjAkMCIGA1UdEQQbMBmg
    FwYIKwYBBQUHCAWgCwwJKi5waGNuLmRlMA0GCSqGSIb3DQEBBQUAA4GBALFBalfI
    oESZY+UyVwOilQIF8mmYhGSFtreEcUsIQvG1+cgD16glKehx+OcWvJNwf8P6cFvH
    7yiq/fhMVsjnxrfW5Hwagth04/IsuOtIQQZ1B2hnzNezlnntyvaXBMecTIkU7hgl
    zYK97m28p07SrLX5r2A2ODfmYGbp4RD0XkAC
    -----END CERTIFICATE-----
    - The hostname in the certificate matches 'phcn.de'.
    - Peer's certificate issuer is unknown
    - Peer's certificate is NOT trusted
    - Version: TLS1.0
    - Key Exchange: DHE-RSA
    - Cipher: AES-128-CBC
    - MAC: SHA1
    - Compression: NULL
    - Handshake was completed
    - Simple Client Mode:
    Unfortunately, the above command spits out more than a certificate. Do I need the additional information? If so, what do I need it for? Where do I need to put the certificate file?

    Hi,
    I recently found out a way how to install test or self-signed certificates and use it with S1SE.
    See:
    http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
    Follow the instructions there
    1. Create CA
    2. Create root ca certificate
    Now install the root-ca-certificate in S1SE -> Security>Certificate Management and Install a "Trusted Certificate Authority".
    Paste the contents of the file: cacert.pem into the message-text box.
    Then restart the server. Now your CA-Cert should be visible in the Manage Certificates menu.
    The next step is to send a certificate-request from S1SE to your e-mail-address.
    The contents of the e-mail the server sends to you (certificate request) must be pasted into the file: newreq.pem.
    Now just sign the Request:
    CA.pl -sign
    The last step is that you have to paste the contents of the file newcert.pem into the message-box of the Security>Certificate Management - now under the option Certificate for "This Server".
    Then you have to reboot the server/instance again and it should work with your certificate.
    Regards,
    Dominic

  • How to createa Self Signed SSL

    Hi,
    I am trying to create a Self Signed Certificate to enable SSL for Sun Directory Server 2005Q1 P4.
    We donot have any External or Internal CA.
    How do i generate a self signed certificate to use in my Directory Server
    Thanks

    Hi,
    I have just followed the entire instructions. When i tried to enable the SSL from the directory console, it is not listed in the Certificate drop down list. any ideas why i am not getting the cert in the list?
    Thanks,
    Ramnath

  • Extend self-signed SSL certificate beyond one year

    Hi all,
    How can I extend SSL Certificate created by Windows 2008 R2's Certificate Service beyond 1 year?
    Thanks.

    Hi,
    For self-signed certificate, you can use IIS Manager to create new one. For more detailed steps, please refer to the below steps.
    Create a Self-Signed Server Certificate in IIS 7
    http://technet.microsoft.com/library/cc753127(WS.10)
    If it’s a certificate issued by a CA, we just need to renew the certificate with the CA to extend the valid date.
    Best Regards,
    Aiden
    Aiden Cao
    TechNet Community Support

  • Anyone having issues with Self-Signed SSL-certs on mail servers?

    Can't get it to allow connecting via SSL to outgoing mail servers with self-signed certificates. Problem did not exist in earlier versions of OSX as far as I know.

    YES. I have a cert from lunarpages, where my accounts are hosted. I'm seeing two issues, and they are different for the different servers at lunarpages:
    1. Multiple logins from different machines --> problem
    2. Multiple accounts accessing same server --> problem
    So, with 1 account on one of lunarpages machines, I can have several machines running Mail with ssl on at the same time and get no problem (that is, once I've saved the certificate and marked it trusted). But as soon as another account (my wife's email on the same domain, for example) tries to access the same server, it gives me an ssl error, a choice to save that cert. and if I do then my account will generate the ssl error. Seems like only one account can have the certificate.
    On another account on a different lunarpages machine, I can't have several machines running Mail at the same time, only the first will get through and the rest will give an SSL error.
    Lunarpages says they can't find a problem, though my last email with them told me to use TLS rather than SSL. Of course, there's no way to specify that in Mail anyway, but I'd thought Mail automatically used TLS anyway, and I'm running the right ports (587 for smtp, 993 for incoming).
    Feels like it's an issue with Mail or the OS's handling of certificates. Any clues on a fix will be most appreciated as this is getting annoying. I've had to turn off SSL on my wife's and daughter's accounts just so that I can use it. And I have to quit Mail so that on the other account I can get my mail on my iPhone. Having to quit Mail on my main work machine is frustrating -- if I forget to do it I can't get mail.

Maybe you are looking for