Import wildcard certificate for use on GW 2012 webaccess

Similar Messages

• Unable to install WildCard Certificate for ASA 5512-x

  Have a customer who we manage an ASA 5512-X for.  I am configuring a Wildcard Certificate for AnyConnect. They have a wildcard certificate purchased through Godaddy.com.  I am utilizing ASDM 7.3 for the installation of the certificate.  I added the Identity Certificate ASDM_TrustPoint0.  Checked the radio button "Add a new identity certificate:"  Named the Key Pair WildCard, and set the size to 2048.  I also changed the "Certificate Subject DN: to CN=cityvpn.wirapids.org.  There were no other attributes to add.  I also changed the FQDN under the advanced tab to the same cityvpn.wirapids.org.  Then clicked Add Certificate.  Successful
  Under CA Certificates I added the certificate from file.  Which I added the bundle.crt from Godaddy.  Certificate was added successfully.
  Going back to Identity Certificates.  I click on install.  Install from a file.  Which I tried the other crt file and the bundle file from Godaddy.  I get an Error: Failed to parse or verify imported certificate.  With the other .crt file from Godaddy I get the same error, but "Certificate does not contain device's General Purpose Public Key."
  Not sure what to think.  Any suggestions or help would be great.  Thanks
  Paul

  You should never ever get a wildcard certificate. Because if that certificates private key gets stolen, the thief can impersonate all ssl-protected services. The clients view them as valid resources, because the certificate is correct. The only thing to do then, is to revocate the certificate, which will cause you to get a new certificate installed on ALL services that you had protected with the wildcard one.
  Even worse, most broswers (besides IE) ignore certificate revocation lists in various cases!

• Wildcard certificate for Exchange 2013

  Hello!
  I have a testing network with Exchange 2013SP1 and Windows Server 2012R2 domain controller with CA installed.
  For testing purposes I issued a wildcard certificate for my Exch2013 from my local CA using Web server template and installed it on the Exchange server.
  Now when I open, for example, ecp or owa page I'm getting the error stating my certificate is wrong:
  Q1) Is Windows CA capable of issuing a wildcard certificates?
  Q2) If Q1=yes then what can be the cause of the problem?
  Thank you in advance,
  Michael

  Hi Michael,
  Please click Certificate error in IE to view the details about the error. If the error is related to untrusted certificate, please open Internet Explorer, click Settings > Internet Option > Content option > Certificate. In the
  Certificates dialog box, click the Trusted Root Certification Authorities
  tab and check if your certificate is in the list.
  If the certificate is not in the list, we can install the certificate in Trusted root certificate store by the following KB:
  http://support2.microsoft.com/kb/2006728
  If the error certificate is related to mismatch issue, please confirm if this certificate is assigned with IIS service. If not, please enable it with IIS service and restart IIS service to have a try. To double check about the Exchange certificate, we can
  run the following command to check it:
  Get-ExchangeCertificate | FL
  Regards,
  Winnie Liang
  TechNet Community Support

• How to import WMV file for use in adobe programs, especially After Effects and/or Premier?

  How to import WMV file for use in adobe programs, especially After Effects and/or Premier?

  I have the latest adobe creative cloud and i'm using Mac 10.8.2
  My client gave me a wmv file that she wants some people blurred out in the background but when I go to import the media, it's greyed out. I'm assuming that After Effects will be the best solution for this, but maybe there is another way.
  I can purchase a video converter and convert it to .mov but that costs extra money that I don't want to spend just to do this one project.

• Wildcard certificate for Exchange 2010

  Hi
  I have single exchange 2010 installed. I have installed single domain name on exchange certificate , it expire next month March 2014. I have a plan to buy new Wildcard certificate for the exchange. I access OWA by  ns1.xyz.com/owa  without any
  problem but in my local network my outlook giving certificate error because of single domain name on certificate.
  My question is what name should be on wildcard CSR? Just put the    " *.xyz.com  " or somting else ? That will work in my local area as well OWA and Outlook anywhere ?

  Hi,
  According to your description, your internal URLs have the different host name with the external ones.
  If you don’t want to change the URLs, we need add the following host names in the certificate:
  All the host names in the external and internal URLs including autodiscoverserviceinternalurl;
  Autodiscover.smtpaddresssuffix
  In this case, SAN certificate is more suitable for your environment than wildcard certificate.
  If I misunderstand your meaning, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Import "general use" certificate for use with Exchange

  Usually (that's the way I've always done it), we create a certificate request on the Exchange server, submit the request to the certificate authority (preferably a 3rd party public CA) and then import and enable the certificate for the appropriate Exchange
  functions: IIS, SMTP, IMAP. POP, for example.
  What if the company already has a wildcard certificate obtained for others uses or general use (that's how it was described to me).
  It was suggested that we might just use that certificate...
  I think it would be best to "go by the book" and proceed as mentioned above (creation of cert request on the Exchange server, submission to CA, and so forth). After all, you can obtain a certificate appropriate for use with Exchange for just over
  $50.
  But is the other option even possible?
  I know you can export an Exchange certificate obtained by what I believe to be the preferred way and import it on another Exchange server or on a ISA/TMG machine.
  But could you export a certificate from an Apache web server or a firewall device or... just something else, and use it for Exchange?
  This article seems to suggest you could:
  http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-an-apache-server-to-a-windows-server.html
  But from what I know about Active Directory Certificate Services, there are all kinds of templates for various uses (disk encryption, email, code signing, etc.), presumably not interchangeable.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  So you want to export the existing wildcard certificate from a non-Windows system and import it to the Exchange server, correct?
  The article shows that openssl will create a PFX (PKCS#12) file - so this should work.
  I would not worry about templates. If the existing certificate is a SSL certificate (Extended Key Usage = Server Authentication) it should be OK.
  From "PKI Best Practices" perspective / "what a certificate actually is intended to be" it would be better to have a dedicated certificate including all the Subject Alternative Names needed by Exchange - but I know there are limitations to a certain number
  of names by public CAs. But theoretically if you ever wanted to revoke this wildcard certificate you would get into troubles as the same certificate is on very different systems.
  Elke

• W2k8R2 - Enterprise CA - Need WildCard Certificate for Internal Use

  Hi guys,
  A new client of mine has a "standalone" CA in their domain already...but I need a Wildcard Cert for some applications I'm installing in IIS.
  I'm used to setting up an "Enterprise" CA and issuing a Wildcard Cert that way, but I don't know if the "standalone" CA can do that.  I attempted to have IIS request a cert and it didn't auto-populate the CA information...but I told
  it to use CERTAUTHNAME\domaincontroller and it created one...but it doesn't appear to be working.
  My question is...if I install the Enterprise Root CA on a DC in their environment, can it interfere with the already issued certs from the standalone CA?
  I don't want to break something to move forward with my stuff.
  Thanks a lot and any help is greatly appreciated!!!

  Standalone CA can issue wildcard certificates. You just need to generate certificate request manually (without using IIS Mgmt console for that) by using INF file and certreq. Then, you submit your request to a CA server. Look at this article:
  http://social.technet.microsoft.com/wiki/contents/articles/2017.certificate-enrollment-for-system-center-operations-manager-agent.aspx
  although, this article is intended for OpsMgr, certificate enrollment process is the same for all products, just skip OpsMgr-specific stuff. There are three sections related to Standalone CAs: request generation, submission and installation. In the INF file,
  you specify your wildcard name in the Subject key.
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Check out new:
  PowerShell FCIV tool.

• How to export/import the certificates for/from 'Partner company' step-by-step in exchange 2013

  Dear  EXCHANGE EXPERTS,
  I am a newbie in "Exchange World" and I try hard to learn and figure out how Exchange messaging works.
  Sometimes the searches for information are gratified with wonderful articles and blogs, but sometimes days of searches bring you nothing but tiredness.
  I cannot find a clear information (step-by-step) how to exchange the certificates with the Partner company for TLS mutual communication in Exchange 2013.
   I would appreciate the help of experts.
  Vi

  Hello
  "You can do it on several ways. If both organizations are using publicly trusted certificate on Exchange servers, you are good to go. If that’s not the case you will have to cross-import Root CA certificates on both sides. Alternatively, you can also
  issue certificates for SMTP for both Exchange organization from a single trusted RootCA. Anyway, the point is that each Exchange server must trust the certificate installed (and assigned to SMTP service) on another Exchange server"
  'Trusted Root Certification" -->yes /local computer/
  if your company and partner company have a public cert and assigned to smtp service not need do
  anything with cert.
  if not have public cert but have cert from own internal ca booth company, you need
  cross-import Root CA certificates to exch servers and is ok. you send root ca caert to company and partner company send  his own root  certificate and that inport to local computer 'Trusted Root Certification"
  store on exch server.
  if not have internal ca only self signed you need send self signed cert
  sorry my english

• Error occuring during import of certificate for SSO configuring in BI

  Hi,
  I am configuring the SSO with logon ticket for BI system.
  I downloaded the certificate from portal server.
  But while importing this certificate on R/3 server it shows error
  "Error occurred during import"
  Message no. TRUST008
  Please suggest me any solution on it.
  Thanks & Regards,
  Vishal.

  Hi Vishal,
  Probably the certificate already exists - see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0077873d-0b01-0010-1abb-cfbf21d1aa43 page 4.
  Hope it helps
  Detlev

• WildCard Certificate for IBCM - SCCM 2012

  Hi,
  I have a Primary Site at the DataCenter. There are 2 MP's installed there.
  One MP I would like to publish using ISA/TMG for Internet Based Client Management. Can I use a wild card certificate on ISA Server for the same? The MP would have Local Cert in IIS.
  Does SCCM 2012 support wild card certificate?

  My assumption was that you had purchased a wildcard cert and thus were purchasing your certs as you made no mention of an internal PKI.
  What happens at your ISA box is between the client OS and ISA and really has nothing to do with ConfigMgr. So, although I haven't tried it, it should work. If you have an internal PKI though, why aren't you just issuing a non-wildcard cert to the ISA?
  Jason | http://blog.configmgrftw.com

• Configuring a Certificate for ADFS on Server 2012 R2

  Preparing to install ADFS on Server 2012 R2 for SSO to applications outside of our organization.  For my needs, do I need two certificates? One for SSL and one for Claims?
  We have an internal Microsoft CA that I can get certs from. I have read that Microsoft suggests using a self-signed cert for claims. Can someone corroborate this for me?
  Since ADFS 2012 R2 doesn't use IIS, if I have IIS installed and request a cert from my internal CA, can I still use it for my ADFS installation?
  Orange County District Attorney

  Hi Sandy,
  Based on my research,
  Server authentication certificate (SSL)is used to secure
  Web traffic for communication with Web clients or with federation server proxies, while token signing certificate is an X509 certificate, its associated public/private key pair is used by federation servers to
  digitally sign all security tokens that they produce.
  Self-signed Certificates can be used for a lab, but should not be used in production deployments.
  Here are some related articles below I suggest you refer to:
  Certificate requirements for federation servers
  http://technet.microsoft.com/en-us/library/cc783182(v=WS.10).aspx
  ADFS Certificates - SSL, Token Signing, and Client Authentication Certs
  http://blogs.technet.com/b/adfs/archive/2007/07/23/adfs-certificates-ssl-token-signing-and-client-authentication-certs.aspx
  Setting up an ADFS lab environment - Part 1
  http://blogs.technet.com/b/adfs/archive/2007/02/26/setting-up-an-adfs-lab-environment-part-1.aspx
  I hope this helps.
  Amy Wang

• Problem with import of certificate for SSO into backend

  Hi all gurus!
  I'm trying to set up SSO (Single Sign On) between a customers portal and their backend system but have run into a problem I never have had to tamper with before. The customer has an CUA (Central User Administration) with SolMan (Solution Manager) as the central system and a R3 system as one of the children.
  The system Connection I have created is against the R3 system and here are my questions:
  Into what system shall I import the logon certificate I have exported from the portal, into SolMan or into R3?
  Do I have to restart the system after the import of the certificate into the proper system?
  Best regards
  Benny

  <b>Into what system shall I import the logon certificate I have exported from the portal, into SolMan or into R3?</b>
  The certificate has to be imported to the R3 System.
  <b>Do I have to restart the system after the import of the certificate into the proper system?</b>
  Once you are done with the import, you need to make sure that you click Add to ACL, to add the Portal Server to the ACL list. Then as mentioned by Martin, you need to set the profile parameters login/accept_sso2_ticket to the value 1 and if the application server should also be able to create logon tickets, set the profile parameter login/create_sso2_ticket to the value 1 or 2. <b>Then restart the R3 System.</b>
  Refer to for further information on SSO :
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/content.htm
  Hope that helps.
  Regards,
  Sunil

• Import from DVD for use on Web

  Hi
  aplogoies if this is "an idiot question" but this is my first foray into premiere.
  A clinet for whom I'm doing a web site has given me a DVD with demos of his products in the vob format. Ie the dvd has two folders on it one audio one video I think!.
  I downloaded avs video convertor and converted the vob files to AVI and mp4
  If I import the mp4 into premiere they are imported ok, if I import the avi I get the following error
  unsupported format oor file.
  I have trawled the forum and opened the file in Gsot with the following results
  I suppose I have two questions, the end video will be going on a youtube channel so am I better to just use the mp4 conversion or should I convert to AVI. If the latter why do I get this error
  thanks
  Ian

  Hi
  thanks for the fast and accurate response. Haven't tried exporting yet as I have to add a branding jpeg at the start and end of each of the 24 films.
  Horses for courses created the jpeg in illustrator in minutes.
  Hey ho back to the learning curve
  cheers
  Ian

• Install 3rd Party Vendor Certificates for use with WebVPN - ERROR

  I have windows 2008 R2 as CA Standalone Root. when i am generating the certificate request from cisco ASA and importing it in CA SERVER i am getting this error. please tell me i am using asa image 8.0.2 doing it in GNS3 and i have to implement it. however in windows 2003 servers the same request is importable.
  ERROR:  asn1 bad tag value met asn 267

  hey guys the above issue was resolved. now i have following error.
  1- anyconnect popup with WARNING MESSAGE: Warning: "The following Certificate received from the Server could not be verified: "
  2- on asa i can see following debug messages.
  CRYPTO_PKI: Sorted chain size is: 1
  CRYPTO_PKI: Found ID cert. serial number: 02, subject name: cn=admin
  CRYPTO_PKI: Verifying certificate with serial number: 02, subject name: cn=admin, issuer_name: cn=ciscoasa, signature alg: SHA1/RSA.
  CRYPTO_PKI(Cert Lookup) issuer="cn=ciscoasa" serial number=02                                                 |  .
  CRYPTO_PKI: Invalid cert.
  do let me know why is this happening. i have installed both CA and Indetity certificates on cisco asa 8.4.
  my client OS is Win7.

• How do you install a Digital ID Certificate for use on iPod Touch?

  On my iPod Touch there is a button to turn on s/mime under settings, mail/calender, accounts, advanced but it says there are no certificates installed.  So, if you had a certificate from a COA how would you install it on the iPod Touch?  I have heard of configuration profile utility for the iPhone but isn't that for companies or buisnesses to use?
  Thank you for any helpful information.

  Hi,
  One way is to email your cert to yourself; another is to use cloud-based storage (e.g., Dropbox) that allows you to reference files via URL. In either case, once the file is selected it will be recognized as a digital certificate and you will be asked if you want to install it.
  Hope this helps.