Installing SSL Certificates on OS X 10.7 Lion Server

Is there anybody out there that has gotten this to work.
Have been at this for 3 days. Now on 10th clean install.
Have tried different SSL certificates from different CA vendors. All on clean installs.
Can install along with intemediate certificates.
Differnet SSL checkers report differing results. Some will report as fine whilst others will report that the chain is broken.
Some examples:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=conten t&id=SO9556&actp=LIST&viewlocale=en_US
Will report a double entry
http://www.digicert.com/help/
will report a break between the server certificate and the first intermediate certificate which it recognises as the same server certificate (weird!)
https://www.ssllabs.com/ssldb/analyze.html
Will report "incorrect order"
http://www.sslshopper.com/ssl-checker.html
Seems to report as fine although you will notice the server certificate twice in the chain again first as Server then first link in chain
I assure you have only installed certificates once (1 for purchased cert and 1 for intermediate) at the beginning of a clean install.
At a loss with this and very frustrated after 3 days getting no where.
Anyone able to help?

https://certs.godaddy.com/ccp/tools/sslinstallvalidator.seam
Will report "Chain of Trust broken!"
All this despite being able to access the server over SSL just fine. Need to get this to work properly though to make use of profile manager.

Similar Messages

  • Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

    Hi,
    We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
    We are following the below steps,
    Under "Server Certificates" tab,
         -> Click on "Install" button.
         -> On "Select Configuration" click on "Next" button.
         -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
         -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
         -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
         -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
    There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
    So, say currently the subdomains present are,
    1.abc.com
    2.abc.com
    so on...
    and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
    Please let us know if you have solution to this problem.
    Thanks,
    Rajesh

    Hi Rajesh,
    That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
    The chain should be installed using the "Certificate Authorities" tab per the following steps:
    1) Login to the Admin Console.
    2) Click Edit Configuration from Common Tasks > Configuration Tasks.
    3) Click the Certificates > Certificate Authorities tab from the Configurations page.
    4) Click the Install... tab from the Certificate Authorities (CAs) page.
    An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
    You should then see the CA and intermediate certificate(s) listed in the security database.
    If you have access to MOS, more details can be found in the MOS KM Note:
       Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
    regards
    Tracey

  • Install SSL certificate - OS X Server 10.8.2

    Greeting All,
    I am using OS X Server 10.8.2 with Server.app 2.2 and self-signed SSL sertificate. And I try use CA form Verisign.
    I already success create CSR and get trial SSL certificate form Verisign. But I found I can't install SSL certificate correct and made it use in Profile Manager 2. When I check Profile Manager 2 in Server.app 2.2. I only see self-signed intermediate CA.
    I check Apple on line guide and support site of Verisign but not found any latest guide of how to install it in Server.app. Any advice is welcome.
    Thanks,
    Spin

    If you purchased the SSL certificate, you have to convert the certificate to "PEM"
    https://www.sslshopper.com/ssl-converter.html

  • Any easy way to install SSL certificates

    Hello
    is there a easy to install SSL certificate on ASA, rather than enroll with a public CA?  ASDM has a place to import certificates.  Can I just upload a SSL certificate I got from my CA to ASA, withou setup CA enrollment?  And if yes, how can I generate a SSL certificate request from my ASA 8.2?
    Thanks a lot

    Hi,
    As for generating a certificate signing request, you might want to check the following:
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml
    HTH

  • Can I install ssl certificates in Firefox for android 4.0 tablets?

    I need to Know if I can install ssl certificates in Firefox for android 4.0 tablets?
    I did it with the laptop Firefox for windows 7 and I am using al time but I need to travel with my samsung tablet and use my ssl certificate to acces my bank account. I dont know if the android version of firefox have advance options to configure my certificate.

    Visit a website that provides the cert and then you should be prompted to install it. As of right now the feature is in Firefox Beta from the Play Store if you want a more polished version.

  • How to install SSL certificate on Mac OS X 10.8.3 Server 2.2

    Hi,
    In eairler versions of !0.8 / OS X Server 2.2 your where able to install a purchased SSl certificate in the
    Hardware >> Profile Manager Server >> Settings >> SSL Certificate Edit
    I've just done a clean install of 10.8.3 and OS X Server 2.2 but there is no  "SSL Certificate Edit" available.
    How do I install my purchased certificate?
    Thanks,
    John

    sorry for hijacking but I have a related question to do with certificates.
    I had to set up virtual domains manually instead of through the GUI and the server ssl site is now locked to a certificate that is about to expire and no longer needed, I can't change the certificate in the web gui because it was created manually, I can't delete the certificate because it is assigned to the server ssl website and I can't manually edit the conf files to point to a different certificate becasue it breaks it, any ideas?

  • Problem installing SSL certificate for CPS

    I work at a medium-sized University, and we have used
    Contribute 3 with CPS1.11 for well over a year. Recently, however,
    the Contribute clients began having difficulty logging in to CPS.
    At first this was intermittent, but is now constant. Adobe support
    suggested replacing the CPS self-signed SSL certificate with a
    genuine one, because apparently the self-signed certificate is
    causing communication delays and timeouts.
    I have the certificate, and am trying to use keytool (see
    http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
    to install it, but it is asking me for a keystore password, which I
    don't know. Apparently the standard defaults are "changeit" or
    "passphrase", but neither of these work.
    As a test, I created a fresh install of CPS and attempted to
    list the keys in the keystore, but again was asked for a keystore
    password and the defaults did not work. Adobe support suggested I
    ask here. Anybody have any experience installing a certificate for
    CPS?

    Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new:
    SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • How to install SSL certificate on the second ACE in the HA pair

    Hi,
    I'm struggling to figure out how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
    On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
    How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
    Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
    Anybody got any ideas, suggestions?
    Cheers

    Hi,
    If you already have the cert and key on the Active ACE, then you just need to export them using "crypto export ..." command from Active ACE and then import to the standby ACE using "crypto import ..."
    Regards,
    Siva

  • How to install SSL certificate on OSX 10.9.5?

    Hello,
    I purchased an SSL certificate from RapidSSL for my website. Somehow I am supposed to install this on my Mac but they are not able to provide me with instructions (great service). Can anyone help me?
    Thanks!

    sorry for hijacking but I have a related question to do with certificates.
    I had to set up virtual domains manually instead of through the GUI and the server ssl site is now locked to a certificate that is about to expire and no longer needed, I can't change the certificate in the web gui because it was created manually, I can't delete the certificate because it is assigned to the server ssl website and I can't manually edit the conf files to point to a different certificate becasue it breaks it, any ideas?

  • Can't install SSL certificate

    I'm trying to install an SSL certificate from a CA on Web Server 7.0U1. However, when I run the install-cert command, I get this:
    wadm> install-cert config=vandale.ts.wikimedia.org token=internal cert-type=server nickname=cert-jira.ts.wikimedia.org cert.key
    CLI103 Command 'install-cert' failed. :: An invalid XML character (Unicode: 0xc) was found in the element content of the document.
    What's wrong?

    okay:
    -----BEGIN CERTIFICATE-----
    MIIE5zCCAs+gAwIBAgIDBC4FMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
    b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
    Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
    dEBjYWNlcnQub3JnMB4XDTA3MTAyMDE1MjIwMloXDTA4MDQxNzE1MjIwMlowIDEe
    MBwGA1UEAxMVamlyYS50cy53aWtpbWVkaWEub3JnMIIBIjANBgkqhkiG9w0BAQEF
    AAOCAQ8AMIIBCgKCAQEAtjtPe4cI5j9h4UR0r+n3kEGYVN9GgPvrSjdypJxkDfh0
    TOWrYDHi5qT13+oxsWSYf79zpEvXkU8Gb0tM2+mcqcpl4yCqWmRX2RAIGyuLC/0o
    b02TNEwZ8H9tAJVidnoIEHv8iKJKjoUud/k6/gahu2dpf9Lvu9dyXk5VXyRQUWqy
    wMdgCjixrS6fEb7a0d+q8a+GX/1R2Jz73O+c60/rXY4yIfGpg8EUTdn/c9uiIKV6
    ep0K8gYEd35rBhvlwa/ERuRZFeVOAnsPXGCYUQtRlAazilvp51J1FsDZzlBkM/Me
    Y5qAxfc7nV5iiqrJ5Rw3/yYxsw3QXCSSDfEghY4ZkQIDAQABo4HQMIHNMAwGA1Ud
    EwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhC
    BAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMGCCsGAQUFBwEBBCcwJTAjBggr
    BgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wRQYDVR0RBD4wPIIVamly
    YS50cy53aWtpbWVkaWEub3JnoCMGCCsGAQUFBwgFoBcMFWppcmEudHMud2lraW1l
    ZGlhLm9yZzANBgkqhkiG9w0BAQUFAAOCAgEAX6E0ha6v72jXNJqxVxWR0d+7K8kB
    mvId488lIZN8h7L7FkYqfPlg583xzmkd02NWbBDZ8fdPYzLL3J8+RAVJDvQEWu+T
    7ZLPsPnDB+HbNMXBMNRcT0eDlLVBvkR3ro6Vd3bF9WC/vYjAYdgunfJke83270kg
    QrdBeYfdkWyCwg7uDzq5RspwsOW3CNTt4v0av0PSDlOQGsTfW8/zgbuglVVoy5j3
    jp4ZUnQy7h6+ebzatXaAKfBRUNrnz/fFIBPjJMuju0lZK86WDA1rLZXTl1Q7iyK2
    t29MZJcWpNKoUAus4i+FP4ZfNuq6qicKfAzxQDsbBhcvmSPI8YqOujc82glnK+Yo
    QQfsXF1fh5SUleg6/jXCzOfwDtmkIKJMB69EX8tfNOKGnEJybo73/EydwPwFF5i5
    S/aC0ZrJqB4oC8SyozoJcfXhclXbt68ZNp5yVtKs5tKtEGBTko4y7/r28tqoiJ0w
    0aDX4+oU48jRlIkln1tAq6DEjGQwsHU71swM+u+HVQCULfUhbR51gsJ3lJvsBlvG
    AJIqDw/NWhOjQunDiOK39DtEU4fqPlSv+ZzSkIivfvok0b+0dCpChik5xBmIEkD/
    jCZec2aseacXXzPJnLWw7TvTn4dIAVGaO5QRNpYxycvNh1Ic8nYxrVdeg+WklkeU
    AUQXFoV6dMeXD4Y=
    -----END CERTIFICATE-----

  • Install SSL certificate for Oracle HTTP server

    I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
    I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
    I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
    With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
    I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
    First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
    According to oracle steps, I have to create a CSR and then import the certificate into the wallet
    http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
    However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
    The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
    I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
    Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
    2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
    [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
    [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
    [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
    [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
    [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
    [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
    [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

    I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
    If i can get OWM working to create a successful certificate them the problem would be resolved.
    I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.

  • Problems installing SSL certificates for more than one alias on iMS 5.2

    I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
    Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
    Environment: Full 420R, Solaris 8, iMS5.2
    Thanks in advice

    Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
    Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
    So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

  • Installing SSL Certificate for ITS WGate with sapgenpse

    Hello.
    We have setup Web Dispatcher and ITS WGate on the same host. Dispatcher accepts connections from 443 and ITS accepts connections from 8000.
    We have done SSL Settings for Web Dispatcher with sapgenpse successfully.
    But as WGate is running on Microsoft IIS Server, we couldn't install the same certificate response to Microsoft IIS. Is there a way to install certificate for ITS Server with sapgenpse tool or IIS Server's tool?
    Or should we demand another SSL response from CA generated from Microsoft IIS Server?
    Thanks in advance.
    Edited by: teknikdanisman on Jan 15, 2010 10:42 AM

    I have solved the problem. I have exported the SSL key with sapgenpse in format P12 and imported from IIS.

  • Installing SSL certificate on SAP J2EE Engine 6.4

    Hi SDN,
    <b>
    We want to install SSL cetificate on one of our portals. What are the steps to be done? How do we go about this??
    </b>
    regards
    Brahmachaitanya

    Hi,
    Before answering to your doubts,
    Have you tested your SSL as per Page No:26 from the above document.
    If It's positive, then your SSL is fine..no need to worry about anything.
    You can customize the SSL connection across engine and subsequent navigation
    as per page no:17 in the same doc.
    after being done all the above positively
    <i>1) I am not able to find in the Trusted CAs, the private key that i created</i>.
    I'm afraid to answer this.however.... you said "<i>I have also sent the CSR to the Certifiying Authority and I have got the Signed certificate back (i.e. .crt file)."</i>
    So, I assume that your SSL test works fine
    may be you might need to check other section(like Trusted CA ..some other diffrent name) in the same Key Store for your private key info.
    2) I have created the private key once and generated the CSR from it. I have also sent the CSR to the Certifiying Authority and I have got the Signed certificate back (i.e. .crt file). Now please tell me, DO I NEED THE PRIVATE KEY IN THE FUTURE FOR ANY OTHER PURPOSE?????
    You don't have to know about private key in the future.
    You just have to make sure that SSL certificate is appears during navigation in the browser for you to click "Yes". still if you want to know what is your private key, I think You need to try out fresh SSL config in any other system/engine.
    ( to get know more about SSL, visit SAP documentation in my first answer )
    Hope that solves your doubts.

  • Installing SSL certificate on DS 5.2

    Hi,
    I am trying to install an SSL certificate to LDAP DS 5.2. I got stuck.
    The problem is that I only have openSSL which does not seem to provide the right format which, if I understood well, should be PKCS#10 and not 12 or 7.
    Any idea how I could proceed?
    Claude

    In openssl run the CA.sh -newca or CA -newca,
    Then paste ( remember past not point to in a file ) the cacert.pem file to DS for the CA cert portion.
    Generate your cert request ( remember the fully quailified hostname ). The take that CSR file and sign it with your new CA.
    openssl x509 -req -in server.csr -out server.cert -CA ca.cert -CAkey ca.key -CAcreateserial -days 7500
    remember paste it back into the DS window, not point to.

Maybe you are looking for

  • Server manager not working at all. Server 2012 R2 Essentials

    Hi All, When a reboot the v-server, "Server Manger" works fine for about a day. When it on longer then a day i get the error message: <server>:Error accurred During Enumeration of quotas: The WS-Management service cannot process the request. The WMI

  • SQL report how to handle user input

    All if i have a simple sql query like select * from tablename And in th report page i would like to put in differenet boxs so that someone could say have date, and usersphone etc. Without using PL/SQL function returning sql query Is there a way to sa

  • 11.1: Sun Quad FastEthernet card hampers Solaris 11.1 to boot

    Hi, running a Solaris 11 system on x86 with a working Sun Quad FastEthernet card (hme0 - hme3): root@mother:/home/p009929# modinfo -w -i 199 Id Loadaddr Size Info Rev Module Name 199 fffffffff895c000 6930 175 1 hme (Sun HME 10/100 Mb Ethernet) root@m

  • Preview printing to Black and White?

    for some dumb reason (either me or the UI....) i can't figure out how to set up a preset for a single page in black and white out of preview. can anyone help?

  • YouTube not connecting

    I was viewing YouTube last night with no problem but today on both my home wireless network and my office network. I am getting an error message that says 'Cannot connect to YouTube" eventhough the wireless connection is working fine. any suggestions