Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

Similar Messages

• Install GoDaddy wildcard SSL on WLC 2504 conroller

  I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
  I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
  What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
  Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

  Seth,
  I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.
  Kudos to Robert Wells for finding this:
  "I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."
  The Windows version of OpenSSL I used was the 0.9.8y Light version from:
  http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe
  I hope this helps someone out there with this problem.
     - Ken

• Wildcard SSL Cert

  Is it possible to install a wildcard SSL cert in Messaging Server? I attempted to install the cert that I have and I am giving an error saying "cert was not generated for this server".
  Thanks,
  Pete

  I have managed to use pk12util to import the wildcard cert into the trust store. I have used configutil to set the appropriate parameters to enable SSL and POP over SSL. However, when I start the server I get the following error in the imta log file: General Error: SSL initialization error: ASockSSL_Init: PK11 auth failed to *.unca.edu (-8177).

• Use Wildcard SSL Cert to Monitor Non-Domain COmputers

  Hello,
    I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
  TIA,
  Jim

  Hi,
  The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
  certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Wildcard SSL Cert on ASA 5500

  What do I need to do on the ASA 5520 to be able to use a wildcard SSL cert?  I'm running 8.2.5 code.

  Make sure you get the cert in pkcs12 format and no fqdn. Other than that, just follow the config guide.
  Sent from Cisco Technical Support Android App

• Wildcard SSL cert on ASA

  Is it possible to use a wildcard SSL cert on an ASA? That is, instead of getting a specific cert with the FQDN of the ASA, we would use the wildcard cert issued?

  Absolutely, it's especially needed in ASA vpn load balancing environments. When you connect to a FQDN that translates to a load balancing IP, one of the ASAs will do an http redirect to its individual hostname, your browser (or AnyConnect) will attempt that connection and ASA needs to have a certificate for that specific hostname. Having a wildcard cert on all ASAs resolves this. I've got this running on several customers.
  If you need help with configuration, let me know.
  You can either generate private keys on the ASA (and later export it to another ASA or other non-cisco devices), or you could import an existing wildcard certificate with the private keys (in PKCS12-BASE64 format)
  Regards,
  Roman

• Can't install a wildcard SSL certificate

  Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
  I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
  However, this is where it gets strange...
  The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
  Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
  I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
  Any insights appreciated! TAA

  In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
  You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
  openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
  The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
  Good luck with it

• CSS11506 + wildcard ssl cert ?

  We have a need to terminate multiple SSL websites on our CSS. So name1.test.com
  name2.test.com, name3.test.com etc. The problem I have found is that I need to burn 1 public VIP per SSL connection b/c they all need to use tcp 443 inbound and point to their respective cert on the CSS. Is there anyway to possibly generate a wildcard cert that matched only the last part of our domain name ( events.test.com = *.test.com ) and then get away with using only 1 VIP for the multiple sub domains ??
  Thanks for your help.
  Cheers
  Dave

  Yes this is possible. We are currently using the same design.
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080579f6b.html
  Please rate.

• Move wildcard SSL cert from 10.7 to 10.6 server

  I purchased and configured a wildcard cert (*.example.com) on my 10.7 server. I now want to import this cert onto my 10.6 servers (all using the same domain) and I can't seem to get it to work.
  I exported both the cert and the private key file from the 10.7 server, however when trying to import the private key into the system keychain on the 10.6 server, I get this error: An error has occurred. Unable to import an item. The contents of this item cannot be retrieved.
  Any ideas?

  Check permissions on the crt and key you are trying to import, maybe change to 777
  How specifically did you export the cert/key from 10.7 ?
  I always copy them from /etc/certificates, change permissions, then I like to remove the passphrase (more on that if needed).. then I end up with a cert/key with read permissions and no pass... makes import simple to any service (OS X or other)

• Create/install self signed ssl cert

  I'm evaluating the platform edition server. Is there a quick way to create and install a self signed ssl server certificate (I'm running Windows 2000 pro).
  Thanks
  Mark

  Download the NSS tools from here:
  http://wwws.sun.com/software/download/products/3e3afa8e.html
  Documentation for NSS tools can be found here (see certutil):
  http://www.mozilla.org/projects/security/pki/nss/tools/

• Use of Wildcard SSL cert with DRM

  DRM needs a URL to be embedded in the protected PDF document(e.g., mysite.mycompany.com).  The SSL certificate for the URL must be from a trusted provider (e.g., Verisign).  My question is will Adobe Reader accept for DRM a wild card SSL certificate (e.g., *.mycompany.com) from a trusted provider?

  Hi,
  The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
  certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• CertPrincipalName forced to wrong setting on server with wildcard SSL cert

  Dears
  After testing Exchange 2013 for a couple of weeks with a limited amount of IT personnel, we have migrated the first batch of users from 2010 to 2013.
  That was the biggest mistake we've done this.. week..
  The error is identified as an autodiscover/ssl problem. No matter what I specify in CertPrincipalName on CAS, Outlook resets itself to msstd:server.domain.com
  I have tried with "none" and "msstd:*.domain.com" but it always resets to msstd:server.domain.com
  Outlook Autoconfigure test returns the correct value. Any ideas?
  All our clients are not domain members, so setting this with GPO is not an option.

  I have compared how autodiscover works for clients on 2013 and on 2010. It is definitely server related. Clients still on a 2010 mb server get's the correct value msstd:*.domain.com. 
  The only difference I see in the autodiscover xml is that on 2013 there is two extra blocks of data for protocol "EXHTTP". One of these blocks does not contain the CertPrincipalName value.
  <Protocol>
          <Type>EXHTTP</Type>
          <Server>mailbox.domain.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Basic</AuthPackage>
          <ASUrl>https://ex02.domain.com/EWS/Exchange.asmx</ASUrl>
          <EwsUrl>https://ex02.domain.com/EWS/Exchange.asmx</EwsUrl>
          <EmwsUrl>https://ex02.domain.com/EWS/Exchange.asmx</EmwsUrl>
          <EcpUrl>https://ex02.domain.com/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.com</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-sms>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-tmCreating>
          <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-tmEditing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.com</EcpUrl-extinstall>
          <OOFUrl>https://ex02.domain.com/EWS/Exchange.asmx</OOFUrl>
          <UMUrl>https://ex02.domain.com/EWS/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://mailbox.domain.com/OAB/3abb5758-f1c7-4246-9f9f-bbf390f5febb/</OABUrl>
          <ServerExclusiveConnect>On</ServerExclusiveConnect>
        </Protocol>

• Install wildcard SSL on Cisco Prime Infrastructure 1.4

  I'm trying to install a wildcard SSL on a Cisco Prime Infrastrucure 1.4.
  I've manage to install this certificate on the Cisco 5508 WLC, however not so much success with the Cisco Prime.
  There are alot of documentation regarding the installtion of CSR certificates however I could not find anything related to wildcard or public key certificates from Cisco.
  I did find the following from a NetBoyers, I've tried this process however this seems to apply for NCS versions prior to 1.4 as it was unsuccessful
  Any assistance would be creatly appreciated.

  I was able to follow the procedure in the Admin Guide to successfully import and use a CA-issued wildcard certificate (from GoDaddy) with unencrypted private key where the original CSR was not generated by the Prime Infrastructure server.
  Prime needs to be defined with a record in your DNS serving the domain in the wildcard certificate. In my case I am using both an A record and cname alias.
  Following a server restart the wildcard certificate appears fine in Chrome, Firefox and IE when I browse to https://prime.<my_customer's_domain>.
  Below are the commands I used. You would need to have your own certificate and keyfile. My certificate includes the full chain - server certificate, intermediate certificate and root certificate in that order.
  PI01/admin# copy ftp://192.168.254.7/privatekeyplaintext.pem disk:
  Username: admin
  Password:
  PI01/admin# copy ftp://192.168.254.7/gd_bundle-g2-g1.crt disk:
  Username: admin
  Password:
  PI01/admin#
  PI01/admin# root
  Enter root password : 
  Starting root bash shell ... 
  ade # pwd
  /root
  ade #
  ade # cd ..
  ade #
  ade # cd localdisk
  ade # ls -al
  total 68
  drwxr-xr-x 8 root root 4096 Nov 2 09:51 .
  drwxr-xr-x 28 root root 4096 Oct 28 11:22 ..
  lrwxrwxrwx 1 root root 20 Jul 14 13:11 crash -> /opt/CSCOlumos/crash
  drwxr-xr-x 2 root root 4096 Jul 15 23:31 defaultRepo
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ftp
  -rw-rw-rw- 1 root gadmin 6710 Nov 2 09:51 gd_bundle-g2-g1.crt
  drwx------ 2 root root 16384 Apr 17 2014 lost+found
  -rw-rw-rw- 1 root gadmin 1679 Nov 2 09:50 privatekeyplaintext.pem
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ssh
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 telnet
  drwxr-xr-x 2 root root 12288 Nov 2 09:57 tftp
  ade #
  ade # mv ./gd_bundle-g2-g1.crt ./defaultRepo
  ade # mv ./privatekeyplaintext.pem ./defaultRepo
  ade #
  ade # exit
  exit
  PI01/admin# show repository defaultRepo
  PI01-140715-0330.tar.gpg
  PI01-140716-0330.tar.gpg
  gd_bundle-g2-g1.crt
  privatekeyplaintext.pem
  PI01/admin#
  PI01/admin# ncs key importcacert wildcardcert gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing certificate to trust store
  PI01/admin#
  PI01/admin# ncs key importkey privatekeyplaintext.pem gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing RSA key and matching certificate
  PI01/admin#
  PI01/admin# ncs stop
  Stopping Network Control System...
  This may take a few minutes...
  Network Control System successfully shutdown.
  Plug and Play Gateway is being shut down..... Please wait!!!
  Stop of Plug and Play Gateway Completed!!
  SAM daemon process id does not exist
  DA daemon process id does not exist
  DA syslog daemon process id does not exist
  PI01/admin# ncs start
  Starting Network Control System...
  This may take a few minutes...
  Network Control System started successfully.
  PI01/admin#

• Installing a Wildcard Certificate in STRUST

  Hi,
  I am trying to install a wildcard SSL certificate using STRUST on our ABAP system.
  If I try to import it using the "Import Cert. Response" button, I get an error message saying the certificate cannot be installed. I presume this is because my private key does not match the public key of the certificate.
  How can I get a wildcard certificate working with my ABAP system? Do I need to somehow change the private key of my system?
  Thanks in advance

  Hi Stuart,
  Please check below thread it may help in your case.
  Problem importing a certificate using Strust
  https://scn.sap.com/thread/1587251
  BR
  Atul

• GoDaddy SSL Cert Signed by Unknown Authority

  At my school we have one Apple server which we recently upgraded to 10.5. We're using it to run a blog for teachers. We switched the site to use SSL and purchased a GoDaddy SSL cert (the wildcard type). The common name on the certificate I created in Server Admin is for *.e-lcds.org, this is the same common name I gave to GoDaddy in the CSR.
  I received both the certificate and the intermediate certificate from GoDaddy and installed both. Server Admin now says that the site is signed correctly by GoDaddy. The intermediate certificate (looking at Keychain Access) is not signed correctly though according to the server. The error is "This certificate was signed by an unknown authority"
  In the process of originally trying to figure out SSL certs I deleted all of the GoDaddy ones which I (thought) had added to start with a new one and have it re-keyed (which worked). I unfortunately may have deleted whatever certs need to be installed to verify the intermediate cert from GoDaddy. Is there a way to re-add these? Or is this another issue altogether?
  Thanks in advance,
  -MRCUR

  I ended up wiping the server since we switched it's roles with a Linux box. I'm now using the GoDaddy SSL cert on the Linux box and the XServe.