Install digital certificate (p12) in BPEL Server on 10.1.2.0.2

Similar Messages

• Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

  Hi,
  We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
  We are following the below steps,
  Under "Server Certificates" tab,
       -> Click on "Install" button.
       -> On "Select Configuration" click on "Next" button.
       -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
       -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
       -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
       -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
  There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
  So, say currently the subdomains present are,
  1.abc.com
  2.abc.com
  so on...
  and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
  Please let us know if you have solution to this problem.
  Thanks,
  Rajesh

  Hi Rajesh,
  That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
  The chain should be installed using the "Certificate Authorities" tab per the following steps:
  1) Login to the Admin Console.
  2) Click Edit Configuration from Common Tasks > Configuration Tasks.
  3) Click the Certificates > Certificate Authorities tab from the Configurations page.
  4) Click the Install... tab from the Certificate Authorities (CAs) page.
  An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
  You should then see the CA and intermediate certificate(s) listed in the security database.
  If you have access to MOS, more details can be found in the MOS KM Note:
     Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
  regards
  Tracey

• Install SSL certificate for Oracle HTTP server

  I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
  I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
  I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
  With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
  I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
  First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
  According to oracle steps, I have to create a CSR and then import the certificate into the wallet
  http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
  However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
  The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
  I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
  Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
  2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

  I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
  If i can get OWM working to create a successful certificate them the problem would be resolved.
  I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.

• Coldfusion secure FTP & digital certificates

  Hello !
  I am currently in the process of developing a corporate CF intranet site that is behind a corporate firewall and part of the application will need to send a data file (FTP put) to a remote FTP server using secured FTP (FTPS). I have never used Coldfusion before for either secured or unsecured FTP.  I am planning on using the CFFTP tag to open the connection and send the data file but I have a number of other questions regarding the use & installation of the digital certificates.:
  Current development environment setup:
  CF version 9 standard edition running on Windows Server 2008 R2
  Microsoft IIS 7
  Current production environment setup:
  CF version 9  enterprise edition running on Windows Server 2008 R2
  Microsoft IIS 7
  1.  The data file that is being created must be sent to a finanacial institution and they will be providing a digital certificate (p12 format) to me.  What do I do with that certificate once I get it ?  I have installed SSL certificates before on http web sites with IIS without any issues but I am not sure what to do with the certificate for secured FTP.  Do I import the certificate into IIS using the MMC snap on or does the certificate need to be integrated into Coldfusion in some other way and if so, what needs to be done ?
  2.  What other steps need to be prior to being able to use the CFFTP tag for a secured FTP send ?
  I would appreciate as much help as possible as I haven't used CF for FTP before.
  Thank you.

  Dave,
  Thank you for answering.
  1.  I have imported the certificate into the cacerts file by using the following command:
       keytool -import -keystore ../lib/security/cacerts -alias x  -file c:\downloads\y
       where x was the alias name I assigned and y was the certificate name (extension of 'der').
  I tried importing a p12 and p7b certificate but neither of those worked.  I received the message 'Not a valid X.509 Certificate' from the command.  I then successfully imported a Base64 certificate (der).  I believe the certificate has been successfully imported because I ran the following and it shows the MD5 fingerprint:
       keytool -list -alias x -keystore ../lib/security/cacerts
       where x is my alias name I assigned in the original import
  2.  I then ran the following CFM command replacing the '*'s with the appropriate server name, user name, and password
       <cfftp action="open" connection="conn1" secure="yes" server="********" username="******" password="*****" port="21"
       </cfftp>
       I am getting the CF error
  An error occurred while establishing an sFTP connection.
  Verify your connection attributes: username, password, server, fingerprint, port, key, connection, proxyServer, and secure (as applicable). Error: User Authentication failed.
  Any suggestions or help would be appreciated.
  Thank you.

• Installation of the VeriSign digital certification in Oracle HTTP Server

  I am not obtaining to generate to the pair of keys and the CSR in Oracle HTTP Server, will have some tip I is thankful.
  Thanks
  Leandro

  Hi Leandro,
  Here are some steps to setup digital certificates into Oracle HTTP Server for Unix.
  1. The temporary working directory is /u01/tmp/myssl.
  2. The contents of <9iAS_HOME>/Apache/open_ssl/bin have been copied to the
  temporary working directory created in Assumption #1.
  3. SSL file names are priv.key (private key), certreq.csr (certificate request),
  and cert.crt (SSL certificate). The actual SSL certificate file could be
  named other than 'cert.crt'.
  4. By default, SSL is configured using port 443, which requires ROOT access to
  start the web listener.
  If you want to change this from the default port, you will need to change
  the following two parameters in the httpd.conf file to an unused port number:
  Listen 443
  <VirtualHost default:443>
  5. All necessary UNIX environment variables are set correctly for your Oracle
  product before implementing these procedures.
  6. User must be familiar with UNIX concepts like shell navigation, UNIX
  environments, file manipulation/search, file copy/backups, etc.
  How to Request and Configure an SSL Certificate for Oracle9i Application Server
  Step-by-Step Instructions:
  1. Change your present working directory to the temporary working directory, e.g.,
  /u01/tmp/myssl. Ensure the contents of <9iAS_HOME>/Apache/open_ssl/bin have
  been copied into this temporary working directory.
  2. Copy 5 large files, each at least 250KB, into your temporary working directory.
  Suggest looking in any /bin directory for large sized binary files. Execute
  the following command to generate the random character file:
       % openssl md5 * > rand.rnd
  3. Execute the following command to generate the private key (priv.key):
  % openssl genrsa -rand rand.rnd -des3 1024 > priv.key
       - when prompted, enter a "PEM pass phrase" password
       - re-enter password when prompted to verify password
       -- remember the pass phrase password you entered
       - this command generates the priv.key file and associated pass phrase
       - set permissions on the priv.key file to prevent unauthorized editing
       % chmod 400 priv.key
       - backup the priv.key file to a secure location
  NOTE
  The PEM pass phrase must be at least 4 characters in length. Remember this
  pass phrase, you will be prompted to enter it in the next step and each
  time you start up the Oracle HTTP Server (OHS) in SSL mode.
  Optionally, you can unencrypt the value of the private key, so that you
  will not be prompted for the PEM pass phrase every time you start up OHS
  in SSL mode.
  To unencrypt the private key, execute the following two commands (Note:
  ensure file permissions set to r+w):
       % cp priv.key priv.key.bak
       % openssl rsa -in priv.key.bak -out priv.key
  - the demo certificate shipped with Oracle9iAS does not require a pass
  phrase to start OHS in SSL mode.
  - on UNIX, to generate the certificate request and start OHS in SSL mode,
  the pass phrase must be entered, unless you executed the above steps
  to unencrypt.
  - on Windows NT/2000, if a certificate is used that has a pass phrase,
  the OHS will hang; therefore, on Windows NT/2000, you must execute
  the steps to unencrypt.
  4. Execute the following command to generate an SSL certificate request
  (certreq.csr) based on your private key.
       % openssl req -new -key priv.key -out certreq.csr -config openssl.cnf
       - when prompted, enter the "PEM pass phrase" set when the private key
  was created.
       - when prompted, enter the requested fields that make up the
  Distinguished Name.
       -- each entry must be valid information, i.e., email, state, location, etc.
       - when prompted for the "Common Name", you MUST enter the fully
  qualified name which will be accessed via client browsers; e.g.,
  if clients will use:
  https://mysite.domain.com
       -- then, you must enter mysite.domain.com as the "Common Name"
       - the requested 'extra' attributes, i.e., "challenge password" and
  "optional company name", are OPTIONAL; just hit ENTER to use NULL values.
  5. You should now have the private key and certificate request files (priv.key
  and certreq.csr) in your temporary working directory.
  NOTE
  At this point, you can use your certificate request file 'certreq.csr' to
  order a valid SSL certificate from any CA-vendor, e.g., Verisign.
  After you receive your SSL certificate, skip to Step #6 for instructions
  on how to deploy your SSL files.
  OPTIONAL
  You can start 9iAS in SSL mode (see Step #12) and test the pre-installed demo
  certificate and private key included for testing purposes.
  It is a good idea to test to be sure the Oracle HTTP Server SSL mode works
  successfully before deploying your new SSL certificate. To try these demo
  files, access the 9iAS index page in a browser using the HTTPS protocol and
  the appropriate SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  The user will see a Security Alert (IE), or New Site Certificate (Netscape)
  warning message, click Continue/Next to accept.
  OPTIONAL
  To create a self-signed certificate, execute the following commands:
  (csh) % setenv RANDFILE rand.rnd
  <sh or ksh> % export RANDFILE=rand.rnd
  % openssl x509 -req -days 30 -in certreq.csr -signkey priv.key > tempcert.crt
  - when prompted, enter the "PEM pass phrase" set when the private key was created.
  - this command generates a temporary self-signed certificate file 'tempcert.crt'
  valid for 30 days, which can be used while awaiting a valid SSL certificate
  purchased from an authorized CA-vendor.
  - if this option is used, after generating the 'tempcert.crt' file, skip to
  Step #6 for instructions on how to deploy your SSL files.
  OPTIONAL
  These steps are specifically for requesting a TRIAL certificate from the
  CA-vendor Verisign.
  - Go to www.verisign.com and click on "Free Guides and Trials" link and
  follow instructions to request a "Free Trial SSL ID". During this process,
  you will be asked to provide certificate request information.
  - Open the 'certreq.csr' file using your text editor of choice.
  - Starting with "-----BEGIN NEW CERTIFICATE REQUEST-----" copy all lines
  including the BEGIN and END of certificate lines.
  - Paste this copied data into the Verisign page where requested and continue.
  - You will see the Verisign web site decode your certificate request
  information. This decoded information is presented to you to verify it is
  correct. If it is, then continue with the process.
  - You will be presented with another set of questions from Verisign. Be sure
  to answer with the correct email address, as this address will be used to
  send your SSL certificate.
  - After you answer all these questions, you will be sent a TRIAL 14-day
  SSL certificate via email.
  - WARNING! You must follow this step carefully, you cannot copy and paste
  information from an email to a new text file. After you get your TRIAL
  certificate, save the entire email message to a text file. Open this file
  using your text editor of choice. You will see the email address header
  information and the line:
  -----BEGIN CERTIFICATE-----
  - Delete all text that appears before the -----BEGIN CERTIFICATE----- line.
  The modified file should contain only certificate information. After you
  delete the email header, save this text file inside your temporary directory
  with the filename 'trialcert.crt'.
  6. Now you are ready to configure Oracle9i Application Server (9iAS) with your
  SSL certificate files.
  7. Back up your existing <9iAS_HOME>/Apache/Apache/conf/httpd.conf file.
  8. Open the httpd.conf file with your text editor of choice.
  9. Edit the following httpd.conf directives to use your generated private key
  and SSL certificate file, which could be the filename for either the
  temporary self-signed certificate, the TRIAL test certificate, or the
  purchased valid certificate. The information following the # symbol are
  comments.
  NOTE
  The directory of the SSL files (private key and certificate file)
  can reside in any location you choose. The temporary working
  directory will continue to be referenced in these procedure steps.
  # use the appropriate (i.e., valid, temporary, or trial) certificate filename
  SSLCertificateFile /u01/tmp/myssl/tempcert.crt
  #private key from Step #4 above:
  SSLCertificateKeyFile /u01/tmp/myssl/priv.key
  10. Save your modified httpd.conf and exit the text editor.
  11. Log in as authorized user (if default ports 80 and 443 are used, ROOT user
  must execute commands in next step).
  12. Execute the following command to stop, then start Apache in SSL mode
  (ensure proper UNIX environments are set; else, execute command from
  <9iAS_HOME>/Apache/Apache/bin.)
  For Oracle8iAS 1.x:
  % httpdsctl stop
  % httpdsctl startssl
  For Oracle9iAS 1.0.2.x:
  % apachectl stop
  % apachectl startssl
  - when prompted, enter the "pass phrase" created in Step #3.
  -- not required if you unencrypted the private key file
  - when the Oracle HTTP Server starts successfully in SSL mode, access the
  9iAS index page in a browser using the HTTPS protocol and the appropriate
  SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  - if using a temporary self-signed or TRIAL test certificate, the user will
  see a Security Alert (IE), or New Site Certificate (Netscape) warning message,
  click Continue/Next to accept.
  ====================
  I hope this help !!
  Ilan Salviano

• Need CCA Digital Certificate

  HI,
  I am working on one project POC, where i need to use CCA webservices, but when i run java program i am getting error "sun.security.validator.ValidatorException: No trusted certificate found".
  I think, I need to install digital certificate of CCA, but I don't know from where i can get this. I am having account in CCA.
  Regards,
  Deepak

  Hello
  I dont think you can delete the certificates in the QC51. You can only store or archive the certificate attached to each certificate numbers
  Regards
  Gajesh

• Issuing Certificates to a DMZ server

  I'm in the process of setting up a PKI infrastructure for an SCCM 2012 environment. In order to manage travelling laptops over the internet, we installed a new Windows 2012 R2 server in the DMZ.  To communicate properly with the travelling
  SCCM clients, we need to install 2 certificates on this DMZ server.  This DMZ server is in a different forest/domain than the SCCM and CA server, with no trusts established between it and our production domain.  If it makes any difference, there
  is also no DNS forwarding, but I have added an entry to the hosts file on the DMZ server, and to the internal CA and SCCM servers (all Windows 2012 R2), so that they can resolve each other.
  I've created the 2 certificate templates per the SCCM documentation on the internal CA server, but in the Security tab, there is no way for me to add the DMZ server for the "Read and Enroll" rights (since it's in another, untrusted forest.) 
  Since I can't enroll the certificates through the MMC console of the DMZ server, my next thought was that I could use the CA web enrollment method, and try to get certificates enrolled that way.   However, when I type in
  http://MY_CA_SERVER/certsrv, Internet Explorer spins for about 10-15 seconds, and then I get "Page cannot be displayed."  I added the webpage to the Trusted Sites in IE, but that did not help.  Visiting
  the CA webpage from a domain-joined computer works fine; it's just not working from the DMZ server.
  Does this sound like a communications/port issue?  Between my internal domain and this DMZ server, I've currently got ports 80, 135, 443, 445, 1433, 8530, and 8531 open.  Do I need anything additional for Certificate Authority communication? 
  If I'm not approaching this in the correct manner, I'm also open to other suggestions on how to install these 2 certificates properly.
  Thanks in advance for any advice.

  > I've currently got ports 80, 135, 443, 445, 1433, 8530, and 8531 open.
  please, close RPC ports in your perimeter firewall. Instead of using legace web pages, I would consider to set up a new Certificate Enrollment Web Servcies (which first appeared in Windows Server 2008 R2):
  http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
  if it is not possible to install CEP/CES services, then you can use the following guide (although it requires some manual procedures):
  http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=5
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• .p12 Certificate import in weblogic server 10.3.6.0

  Hi,
  I am facing a issue regarding certificate import in weblogic server 10.3.6.0. In my project I built a java webservice where a https url  is invoked with xml input(correct format).Https url is restricted. I can not open this url from my browser. I got '403 : Forbidden' error in browser as well as webservice log in server. I asked my client. They gave me one .jks and one .p12 certificated file and password. When I installed this .p12 (giving password) in my local windows computer, I am able to open that https in my browser.I have imported this .p12 certificate in 'cacerts' as well as 'DemoTrust.jks' in weblogic server and restarted the server. But i am getting the same error(403 : Forbidden) in weblogic server.
  Where should I import this .p12 in weblogic server? I mean in which key store.
  FYI,
  This code is running fine in 10g production server.I haven't developed this code. I have migrated this code to 11.1.1.7.0.
  I am using this .jks() in the java code.       
          System.setProperty("javax.net.ssl.keyStore", keyStore.jks);
          System.setProperty("javax.net.ssl.keyStorePassword", "<password>");
  Weblogic server is running in unix environment.
  Read many posts... But did not any find right solution. Can anybody please help me solve this.

  If i remember correctly, .p12 will have both the public and private key.
  You need to convert it to a jks and configure the server to use this jks
  Converting certificate formats | Middleware wonders!!
  Weblogic SSL configuration
  Thanks,
  Faisal

• Installing a digital certificate on AO1121

  How do I install a digital certificate on a AP1121?
  thanks.

  Install the CA Certificate on the AP Server (this step is not required if ACS and the CA are
  installed on the same server)
  a. Open the web browser, go to http://IP_of_CA_server/certsrv/
  b. Select "Retrieve the CA certificate or certificate revocation list", and click Next
  c. Select "Base 64 encoded" and click "Download CA certificate"
  d. Click Open, and click "Install certificate"
  e. Click Next
  f. Select "Place all certificates in the following store" and click Browse
  g. Check the "Show physical stores" box
  h. Expand "Trusted root certification authorities", select Local Computer, and click Ok
  i. Click Next, FINISH, and click Ok for "The import was successful" box

• A site is telling me that i have no digital certificate installed....

  Hi. Trying to access a page on the Spanish version of the IRS, to file a tax document here. I can't get access to the page (or any of their secure pages), and I get this message, which has been Google translated:
  ''The error "403 byrule" is a mistaken identity. Occurs when you try to access an option that requires electronic certificate and the browser does not detect that one is installed or not properly selected. If the choice of the certificate you get a page that says "page can not be displayed" or similar error is possible that the certificate is damaged, changes or problems in the operating system or other causes. If possible, you should try to reinstall a valid copy of your certificate.
  This error in Firefox indicates that there is no digital certificate installed. Go to "Tools" "Options" ("Firefox", "Preferences" Mac "Edit" "Preferences" in Linux), "Advanced" and select the "Encryption". Click on the "View Certificates" and verify that your certificate is installed correctly. If no certificate on the tab "Your Certificates" will have to import a valid copy of the browser. If necessary, also refer to the instructions on importing certificates from our "Help" and the links that we propose below. Once the certificate is installed also make sure that Mozilla Firefox is configured correctly. This may refer to the "Installation, configuration and management of electronic certificates for Mozilla Firefox.''
  Under "view certificates" in preferences/encryption, "Your Certificates" is blank. And I don't see anything in "Authorities" that seems to relate to this website. In 'Servers" there were some exceptions I created (reluctantly) when the site asked for it. I deleted them, still not working."
  I've tried with both "Select one automatically" and "Ask me every time"
  Click on the page below, click on any of the links with a lock to see the resulting error.
  Thanks in advance.

  Thanks. You are very much on the right track, and I can't thank you enough. The page you sent me to is has the right link. But I can't just download the certificate, as you proposed. It's actually part of a significant security system. I went to the webpage that accompanied the link. I have to fill out a form, from that get a code... then go to a local gov't office, show my ID, get another code, then come back, input that, and get my personalized certificate. I'll let you know how it goes. But without you I have no idea how I'd even have gotten onto the right path. Thanks again.

• Install SSL certificate - OS X Server 10.8.2

  Greeting All,
  I am using OS X Server 10.8.2 with Server.app 2.2 and self-signed SSL sertificate. And I try use CA form Verisign.
  I already success create CSR and get trial SSL certificate form Verisign. But I found I can't install SSL certificate correct and made it use in Profile Manager 2. When I check Profile Manager 2 in Server.app 2.2. I only see self-signed intermediate CA.
  I check Apple on line guide and support site of Verisign but not found any latest guide of how to install it in Server.app. Any advice is welcome.
  Thanks,
  Spin

  If you purchased the SSL certificate, you have to convert the certificate to "PEM"
  https://www.sslshopper.com/ssl-converter.html

• How to install a self-signed Digital certificate in messenger express

  I have Java Enterprise System 2003 and I can not buy a commercial certificate so I generated a certificate with keygentool from java but I don't know how to install this certificate in the messenger express http server. Could you tell me what config file do I have to change and where to put the certificate?
  I can't find documentation about this.

  http://docs.sun.com/source/817-6266/security.html#wp13035

• Installing SSL certificate Windows Server 2012R2 RDSH servers

  Hello,
  I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de
  Remote Desktop Session Host servers (farm).
  We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers
  i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)
  The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.
  Below the screenshot of the deployment settings.
  Can someone point me in the right direction for installing the certificate on the RDSH servers?

  Hi,
  Thank you for posting in Windows Server Forum.
  Basic requirements for Remote Desktop certificates:
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  Please follow beneath article for details.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Password parameter not working while Installing the certificate hosted on a Web Application Server

  Hi,
  We are trying to secure our SAP BI Mobile connection with certificates. According to the manual we are storing a password protected certificate on a network location.
  On our ipad when I open the link: (according to manual: Administrator and Report Designer's Guide , chapter  4.14.2.1 Installing the x509 Certificate on Device)
  SAPBI://action=downloadcert&certurl=<Download URL>&Password=abc123
  It should open and install the certificate in the app without asking for the password. But thats not working. It does ask for the password. So I can access the certificate location and after entering the password it works. But I am giving the password parameter in the link so why is this not working?
  The guide is a bit contradictory, and I quote:
  "If you access the second link above: The application is launched and the certificate file is downloaded from the URL location (certurl).
  The certificate is directly installed on the device."
  But second quote:
  "NOTE:
  Since the password is already included in the URL, the application does ask the user for the password...."
  My question: what is the use of this password parameter if you still have to enter it manually?
  Does anybody know if this should work, and what I  might be doing wrong?

  Hi , i am facing the same issue. I'll open a incident.
  Martin

• "no access to the digital certificate" - Trying to export my first iOS app from Flash - Help please

  Hello
  I'm trying to export my first iOS app from flash to my desktop / on the device (Flash Pro CC, Iphone5)
  I followed the instructions on the adobe website to build an air app for iOS but on the last step it
  doesn't export the app.
  What I've done so far:
  - Apple developer account
  - creating the certificate + convert it to .p12
  - app ID / Name etc.
  - creating the provisioning profile from apple
  - iOS Air app in flash (Only Text "Hello world" with a tween)
  Now i have to load the certificates into Flash & enter a password (is it the password that
  i entered in the certificate or from my developer account/ Apple ID password? Both didn't work at the end)
  When i klick on publish in the last step than it loads a while but then i get the Error:
  "no access to the digital certificate"
  What is wrong? Can you help me please.

  Also, I should say, when I go into my phone on the computer and try to install an app, I get this message:
  Unable to start operation. Installer is already in use.
  Any ideas