Installing verisign certificates

Similar Messages

• Installing Verisign Certificate for SSL - please help

  I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generator servlet to
  generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
  like it's in .pem format). Now, I've gone to the admin console and entered what
  I thought were the right values in the right places, but WLServer doesn't seem
  to like what I've entered and/or the files themselves. Here's what I have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
  from the actual domain name) - This is the file generated automatically by the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
  this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
  cert into this file - documentation real fuzzy on this step so it's probably wrong).
  SSL is enabled, listening on the default port of 7001, client certificate not
  enforced.
  Now, when I boot the server, I get the following error in the log file: ####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
  <system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the location I specified,
  so does that error mean it can't find it or that the file itself is corrupt?
  That's just the file that was autogenerated by the servlet, i don't see how it
  could be corrupt! Also, I assume that's just the first error ... if I fix that
  one, there likely will be more. I especially don't understand the part about
  the chain file as the documentation is so unclear to me about putting multiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

  Hi Josh,
  Jus to reconfirm are you sure that the Server key and Server Cert are not
  interchanged ?
  The error message indicates that private key is being read as a certificate.
  Maybe its not a explicit error message and instead should be
  Security configuration problem with private key file
  config/mydomain/my_domain_com-key.der
  Are you able to run with the democerts provided with weblogic ?
  yeshwant
  <system> <> <000296> <Security configuration problem with certificate
  file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
  Hey Yeshwant,
  Thanks for the tip. I did not use a password when creating the CSR request and
  the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
  Thanks,
  Josh
  Yeshwant <[email protected]> wrote:
  Hi Josh
  when you generated the csr using the certificate webapp , did you use
  a password ie are you using a password
  envrypted private key ?
  if yes you will have to provide that value in the start sript using the
  system property
  weblogic.management.pkpassword=actualpassword and also make sure that
  the Use Encrypted box is checked.
  If not make sure that the Use Encrypted box in the console under the
  ssl tab is unchecked.
  Yeshwant
  Josh Daynard wrote:
  I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generatorservlet to
  generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
  like it's in .pem format). Now, I've gone to the admin console andentered what
  I thought were the right values in the right places, but WLServer doesn'tseem
  to like what I've entered and/or the files themselves. Here's whatI have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
  from the actual domain name) - This is the file generated automaticallyby the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
  this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
  cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
  SSL is enabled, listening on the default port of 7001, client certificatenot
  enforced.
  Now, when I boot the server, I get the following error in the log file:####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
  <system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the locationI specified,
  so does that error mean it can't find it or that the file itself iscorrupt?
  That's just the file that was autogenerated by the servlet, i don'tsee how it
  could be corrupt! Also, I assume that's just the first error ... ifI fix that
  one, there likely will be more. I especially don't understand thepart about
  the chain file as the documentation is so unclear to me about puttingmultiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

• Trouble installing Verisign SSL certificate

  I'm using WebLogic 7.0 and need to figure out how to install the SSL certificate.
  I've followed the instruction from both Verisign and BEA to install the certificate.
  But I could not get pass this error:
  ####<Oct 24, 2002 3:16:18 PM EDT> <Warning> <Security> <prodmvision02> <myserver>
  <main> <kernel identity> <> <090088> <SSL did not find the private key alias on
  server myserver for realm myrealm even though this server is configured as a 7.0
  server. This data was required by SSL to load the server private key.>
  ####<Oct 24, 2002 3:16:19 PM EDT> <Alert> <WebLogicServer> <prodmvision02> <myserver>
  <main> <kernel identity> <> <000297> <Inconsistent security configuration, java.security.KeyManagementException:
  ASN.1: Lengths longer than 32 bits are not supported>
  ####<Oct 24, 2002 3:16:19 PM EDT> <Emergency> <Security> <prodmvision02> <myserver>
  <main> <kernel identity> <> <090034> <Not listening for SSL, java.io.IOException:
  Inconsistent security configuration, java.security.KeyManagementException: ASN.1:
  Lengths longer than 32 bits are not supported.>
  Curently I'm clueless on what has happened. This is the third time I tried to
  follow the instruction. Please help.

  Hello Patrick,
  Thanks for the information:
  you created a keypair for SSL in the Key Store service interface in the Visual Administrator, generated a CSR response and sent it to Verisign. Now you have the CSR response from Verisign - is my understanding of the situation correct?
  Absolutely right
  You can import this into the Key Store service, by highlighting the private key of the keypair and choosing 'Import CSR Response'. Now your key pair is signed.
  Successfully done.
  After this i can see that PRIVATE KEY (IssueDN has been changed to Verisign)
  But CERTIFICATE ISSUER DN is not changed.
  Now if i try to access the site with https, able to do properly and if click on the Lock icon on the browser, i can see certificate is 3 Chained
  Verisign Trial Secure Server Root CA - G2
  ----> Verisign Trial Secure Server CA - G2
  ----> -> Training.pearson.com (this is my Common Name)
  So it looks to be working fine.
  However there is no chain formed. You need to now follow the aforementioned note and export the private key and public key certificate separately by higlighting the private key and choosing 'Export'. Export with the 'Files of type' drop down box set to (*p8), and after exporting the private key you will be able to export the public key cert. This is step 6 and 7 of the note. Now follow steps 8-12 to form the chain
  No Chains has been made in Visual Admin, and i tried these on another server - it works as you are saying.
  But is there any benefit of importing Intermediate, Root Certificates - as mentioned in SAP note steps 8 to 12.
  If yes, then is it mandatory to make the chain till 3rd level (means Root Certificate also).
  Once the chain is loaded into the Key Store, you need to ensure that the Java dispatcher is configured to send the signed server certificate for the relevant SSL ports - see here http://help.sap.com/saphelp_nw04/helpdata/en/5c/15f73dd0408e5be10000000a114084/content.htm
  Edited by: Julius Bussche on Aug 10, 2009 3:44 PM
  code --> quote

• Installing Verisign SSL Certificate on NW 700 Java system

  Hello Experts,
  For our NW700 Java system, we have got Verisign SSL Certificate. Installation instructions from Verisign says - we need to install Intermediate Certificate also along with SSL certificate for our Common Name.
  Can you please let me know how we install Verisign SSL Certificate on NW700 JAVA system using Visual Admin.
  Instructions from Verisgn says:
  Install Intermediate Certificate on server.
  Install SSL certificate.
  Thanks
  Davinder

  Hello Patrick,
  Thanks for the information:
  you created a keypair for SSL in the Key Store service interface in the Visual Administrator, generated a CSR response and sent it to Verisign. Now you have the CSR response from Verisign - is my understanding of the situation correct?
  Absolutely right
  You can import this into the Key Store service, by highlighting the private key of the keypair and choosing 'Import CSR Response'. Now your key pair is signed.
  Successfully done.
  After this i can see that PRIVATE KEY (IssueDN has been changed to Verisign)
  But CERTIFICATE ISSUER DN is not changed.
  Now if i try to access the site with https, able to do properly and if click on the Lock icon on the browser, i can see certificate is 3 Chained
  Verisign Trial Secure Server Root CA - G2
  ----> Verisign Trial Secure Server CA - G2
  ----> -> Training.pearson.com (this is my Common Name)
  So it looks to be working fine.
  However there is no chain formed. You need to now follow the aforementioned note and export the private key and public key certificate separately by higlighting the private key and choosing 'Export'. Export with the 'Files of type' drop down box set to (*p8), and after exporting the private key you will be able to export the public key cert. This is step 6 and 7 of the note. Now follow steps 8-12 to form the chain
  No Chains has been made in Visual Admin, and i tried these on another server - it works as you are saying.
  But is there any benefit of importing Intermediate, Root Certificates - as mentioned in SAP note steps 8 to 12.
  If yes, then is it mandatory to make the chain till 3rd level (means Root Certificate also).
  Once the chain is loaded into the Key Store, you need to ensure that the Java dispatcher is configured to send the signed server certificate for the relevant SSL ports - see here http://help.sap.com/saphelp_nw04/helpdata/en/5c/15f73dd0408e5be10000000a114084/content.htm
  Edited by: Julius Bussche on Aug 10, 2009 3:44 PM
  code --> quote

• Can not import Verisign certificate

  Dear all,
  I am trying to import a Verisign certificate in my ABAP BW 3.5
  Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
  PSE so that it contains field SP, it is more like installing a new
  certificate.
  What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
  I then created the CSR request to Verisign. I received
  the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
  When I apply the response, by pasting the contents of the text
  file created above, I get the message:
  "CA Certificate missing in database"
  I have already looked at notes 508307, 518185, 510007, 1074447, 511919
  I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
  I am also sure that the Verisign CA root certificate exists in the
  database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
  I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
  Many thanks in advance for your help
  Regards
  Andreas

  Just created a new SSL PSE and imported the certificate chain again and this time it worked...

• Signing in mail with a verisign certificate

  I have 2 certificates bought from Verisign that I used previously under 10.6.
  I made a clean install of 10.6 and then updated to 10.7, but even if I managed to import the certificates in the keychain access, the buttons in mail proposing the signature and encryption of emails doesn't appear.
  Thank you in advance for your help

  I haven't been able to resolve this issue using Mail and a Verisign certificate. So instead I tried Comodo and my Mail system now works perfectly with both signature and encryption. So perhaps the problem lies with Verisign rather than Apple......
  And Comodo is free, see http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

• How can I get an up to date Verisign certificate??

  For an app I need the Verisign certificate. I downloaded one from a link provided in this forum but once installed I see it valid until "15-07-2009" -- no good for me, I'm in August.
  Trawling the Verisign site didn't help ease the frustration.
  Any pointers? 
  It's a VeriSign Class 3 Code Signing Certificate. I've already updated the Nokia firmware to the latest version. 

  I can't seem to find any other place to put this but here.
  I have the same exact issue as the person who started this thread.
  I have a valid VeriSign Class 3 code signing certificate and when trying to do a OTA for a E63 phone the message shows "certificate not recognizable".
  VeriSign blames Nokia.
  What can I do for this?

• Install SSL certificate - OS X Server 10.8.2

  Greeting All,
  I am using OS X Server 10.8.2 with Server.app 2.2 and self-signed SSL sertificate. And I try use CA form Verisign.
  I already success create CSR and get trial SSL certificate form Verisign. But I found I can't install SSL certificate correct and made it use in Profile Manager 2. When I check Profile Manager 2 in Server.app 2.2. I only see self-signed intermediate CA.
  I check Apple on line guide and support site of Verisign but not found any latest guide of how to install it in Server.app. Any advice is welcome.
  Thanks,
  Spin

  If you purchased the SSL certificate, you have to convert the certificate to "PEM"
  https://www.sslshopper.com/ssl-converter.html

• Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

  Hi,
  We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
  We are following the below steps,
  Under "Server Certificates" tab,
       -> Click on "Install" button.
       -> On "Select Configuration" click on "Next" button.
       -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
       -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
       -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
       -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
  There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
  So, say currently the subdomains present are,
  1.abc.com
  2.abc.com
  so on...
  and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
  Please let us know if you have solution to this problem.
  Thanks,
  Rajesh

  Hi Rajesh,
  That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
  The chain should be installed using the "Certificate Authorities" tab per the following steps:
  1) Login to the Admin Console.
  2) Click Edit Configuration from Common Tasks > Configuration Tasks.
  3) Click the Certificates > Certificate Authorities tab from the Configurations page.
  4) Click the Install... tab from the Certificate Authorities (CAs) page.
  An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
  You should then see the CA and intermediate certificate(s) listed in the security database.
  If you have access to MOS, more details can be found in the MOS KM Note:
     Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
  regards
  Tracey

• How to Install Server Certificates

  1) Sun Web Server -> Admin Console -> Server Certificates
  2) Bunch of steps to get to "Step 3: Enter Certificate Data"
  Paste the following in the textarea:
  -----BEGIN RSA PRIVATE KEY-----
  MIICWwIBAAKBgQCv8WAOuA5eohKYuHo0Us7riIDy50a9/mmtSmkR3Libd1Kv51IE
  7nE86bnsEYGG6JRxnDI207DAQ2k1UZxonoJ3D24K0g==
  -----END RSA PRIVATE KEY-----
  -----BEGIN CERTIFICATE-----
  MIIBuzCCASSgAwIBAgIGARatBajmMA0GCSqGSIb3DQEBBQUAMCExHzAdBgNVBAMM
  w/1y6NyccF7+/7nIntaT
  -----END CERTIFICATE-----3) Finish up the rest of the steps.
  I get:
  An error has occurred
  com.sun.web.admin.exceptions.AdminException: ADMIN4112: No Private key foundWhat did I do wrong?

  It seems you didn't generate the certificate based in a certificate request generated via the webserver console.
  The full steps to install a certificate are:
  1. Create the certificate database in webserver console(Sun Web Server -> Admin Console -> Server Certificates). You must enter a passphrase.
  2. Create a certificate request in webserver console.
  3. Sign the certificate request and generate the certificate with your CA (can be verisign)
  4. Install the certificate in webserver.
  Hope it helps.

• Verisign Certificates renewal Issue

  Hi
  We are running Sun Java Web Server 7.0 update 5 and wanted to renew verisign certificates for 2 more years.
  What i did:
  1. Got the certificates from Verisign with last year CSR (i'm not sure if previous CSR can be used or not)
  2. Using admin console (browser based) , i went to "server certificates" ->"install" and could successfully installed them (but there was a warning that duplicate nick name) and i selected ls2 (listener-2 for https)
  3. admin console shows renewal successful and expiry year is 2011.
  4. I also restarted both admin and web services
  But the problem that when i access the application from browser, it still says the expiry year as 2009.
  Please advise.
  Prvn

  Well ... I don't know WHICH three *db files you copied, or from where you copied them in the admin-serv directory.
  If the admin server appears to be working as expected, and the instance appears to be working as expected, then just make sure the admin server isn't telling you that changes have been made on the instance (if it is then tell it to copy the changes and make them the new current version).
  Depending on which files you copied from where you may end up with the admin server having the wrong certificates. This could cause a problem for any nodes that are registered with it. I think you'd already see a problem if this were going to break things though.
  In a perfect world everything is just working as expected now, and you're done. If you want to be extra cautious, though, you should restore the admin server's key3 and cert8 databases from a backup (these databases contain the self-signed certificate and its associated keys that were created when you installed Web Server).

• Verisign certificate & Chain File Name

  Perhaps a newbie question, but here goes:
  I am having trouble installing a Verisign certificate on my Weblogic 6.0
  server. I have my private key and certificate file installed properly I
  believe, but am unsure what to put in the Certificate Chain File entry
  in the console. I only have 1 certificate for this server. I have tried
  to
  a) leave it empty - in which case it uses a default file name which does
  not exist
  b) use the certificate I got from Verisign
  c) export a class 3 certificate from my browser and use that file
  In all the cases that I give it an existing file name, I get the
  following stack trace:
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at
  weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
  security configuration, weblogic.security.AuthenticationException:
  Incorrect encrypted block possibly incorrect
  SSLServerCertificateChainFileName set for this server certificate>
  weblogic.security.AuthenticationException: Incorrect encrypted block
  possibly incorrect SSLServerCertificateChainFileName set for this server
  certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)

  OK. Found out what it was.
  The Server Certificate Chain File name is what Verisign calls the
  Intermediate Certificate. So what you need to do is grab that cert off the
  Verisign site, paste it into a new file on your server and put that file
  name in as the path to the Chain File name.
  New question: Why the 2 names for the same thing ? The documentation could
  be a bit clearer here, as it's a very simple process that seems more
  complicated than it needs to be (IMHO).
  Brian Hall wrote:
  Perhaps a newbie question, but here goes:
  I am having trouble installing a Verisign certificate on my Weblogic 6.0
  server. I have my private key and certificate file installed properly I
  believe, but am unsure what to put in the Certificate Chain File entry
  in the console. I only have 1 certificate for this server. I have tried
  to
  a) leave it empty - in which case it uses a default file name which does
  not exist
  b) use the certificate I got from Verisign
  c) export a class 3 certificate from my browser and use that file
  In all the cases that I give it an existing file name, I get the
  following stack trace:
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at
  weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
  security configuration, weblogic.security.AuthenticationException:
  Incorrect encrypted block possibly incorrect
  SSLServerCertificateChainFileName set for this server certificate>
  weblogic.security.AuthenticationException: Incorrect encrypted block
  possibly incorrect SSLServerCertificateChainFileName set for this server
  certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)

• How do I renew my Verisign certificate

  Our Verisign certificate is about to expire and we need to replace it. Verisign can generate a new certificate based on our original request. Does this mean that all I should really have to do is to open Oracle Wallet, delete the old user certificate and add the new user certificate? Are there other steps?

  I create a new request and a new wallet. Now I'm having trouble installing it on the app server. See Re: Install renew-ed user certificate in Wallet manager

• Installing a certificate from a Certificate Authority

  I don't understand the process of a installing a certificate.
  I have got to the step where I have a sign request.
  Now I want to import the certificate. I am using tomcat.
  The instruction that I have say that I need to import a certificate from a signing authority. It give me the following command.
  keytool -import -alias root -keystore <your_keystore_filename> \
  -trustcacerts - file <filename_of_the_chain_certificate>
  I found link to verisign for installing the intermediate CA certificate that says you need to copy and past some text that basically says "begin certificate" block of text , "end of certificate".
  Where do I copy this block of text? Do I save it to a text file and them use it in the "filename_of_the_chain_certificate" example mentioned above. I don't see any examples that show all the details of the steps.
  Thanks.

  Hi Simon,
  It looks like you're trying to do PEAP authentication on a specific SSID, is that correct?
  Once you have the certificate generated, you'll upload it at the following location:
  Topline Menu -> Commands
  Then you'll choose "download file" and choose the certificate type to install it.
  PEAP usually calls for a server side certificate (on your authentication server) to be installed on that server. Then you have to configure the controller for 802.1x authentication on the SSID itself. Pointing to one of the authentication servers listed on the "WLAN" Menu under security "AAA Servers". The servers themselves are entered in the "Security" Menu under either RADIUS or TACACS+ tab.
  I can point you in the proper direction if you need more assistance, as I've done this many times. I just need more clarification on what you're trying to accomplish.
  Regards,
  Jerry

• Password parameter not working while Installing the certificate hosted on a Web Application Server

  Hi,
  We are trying to secure our SAP BI Mobile connection with certificates. According to the manual we are storing a password protected certificate on a network location.
  On our ipad when I open the link: (according to manual: Administrator and Report Designer's Guide , chapter  4.14.2.1 Installing the x509 Certificate on Device)
  SAPBI://action=downloadcert&certurl=<Download URL>&Password=abc123
  It should open and install the certificate in the app without asking for the password. But thats not working. It does ask for the password. So I can access the certificate location and after entering the password it works. But I am giving the password parameter in the link so why is this not working?
  The guide is a bit contradictory, and I quote:
  "If you access the second link above: The application is launched and the certificate file is downloaded from the URL location (certurl).
  The certificate is directly installed on the device."
  But second quote:
  "NOTE:
  Since the password is already included in the URL, the application does ask the user for the password...."
  My question: what is the use of this password parameter if you still have to enter it manually?
  Does anybody know if this should work, and what I  might be doing wrong?

  Hi , i am facing the same issue. I'll open a incident.
  Martin