Intermediate Certificates and Yosemite Server

Similar Messages

• Photoshop and Yosemite server

  Hi all,
  I'm using photoshop CS5.1 on a mac with yosemite installed and up to date, connected to a brand new yosemite server.
  Problem is, when I try to open a file on photoshop, modify it, and save it, I can't save it on my server, and suddently the file desapears. We restarted the server, have done the authorizations twice, nothing works. The thing is, it only happens with photoshop.
  Has anyone had the same problem, saving files on a mac server ? Any solution ?
  Regards,
  Clément.

  Officially, Adobe does not support opening or saving files to a server --- because so many different things can go wrong with networking.
  The permissions error means that the file/directory permissions are incorrect on the file server, or that the OS or server is incorrectly reporting file/directory permissions.
  Photoshop does more error checking than most applications, because we have seen so many problems in the past, and don't like applications silently losing or damaging files (which we see in other applications).

• Delayed inbound email between Sonicwall ES300 and Yosemite server

  I currently have a setup consisting of a Yosemite email server with a Sonicwall ES300 as a relay.
  Under moderate to heavy email traffic, I've been noticing that inbound emails (from the ES300 to the Yosemite server) begin to queue up on the ES300 with the message of ECONNRESET. This queue will sometimes rise as high as 200 emails and will eventually all clear out at once (sometimes after an hour or so). Email will flow correctly for a short period before the queue will begin to build again. This does not affect outbound or internal email. During times of low email usage (weekends), emails are rarely queued.
  I've experienced this issue as well with an older server running 10.6. I'm not sure wether this is something that needs to be corrected on the Yosemite server or the ES300.
  I'm curious if anyone has experienced similar issues. Is there something within main.cf or master.cf that could be rate limiting the IP of the ES300? If this is the case, it would have to be something in the default configuration since I haven't configured anything out of the ordinary. My other theory is that this could be due to high CPU usage on the ES300 causing connection issues.
  Any help or ideas would be greatly appreciated.
  Thanks!

  The web interface System Status page for the SonicWall will show CPU usage so you can see if it is running high. You can also on newer models go to the Diagnostics page and run the Multi-Core monitor to see a real time chart of CPU usage.
  Some systems will impose a delay on connections if they 'decide' that the connections are suspicious e.g. possible spam or hacking attacks. You could temporarily as a test try disabling any anti-spam or anti-spoofing features you may currently have enabled. Apple's OS X also has a software firewall which can do much the same thing. See the following.
  OS X Server: About the Firewall service - Apple Support
  OS X Server: How to enable the adaptive firewall - Apple Support
  Other than that, your SonicWall should be covered by a support/extended warranty agreement, this would allow you to contact SonicWall directly for support. They can then with your permission look at your SonicWall logs to provide you assistance.

• How to erase all self signed certificates and force Server to use Signed SSL

  I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
  I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
  Can I replace those self-signed certs with the new one some how?

  Don't delete those.  However, you are on the right track.  Follow these steps to resolve.
  1:  Launch Keychain Access
  2:  Select the System Keychain
  3:  Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
  4:  In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
  5:  Press Save Changes to save.
  6:  Reboot the server or kill the servermgrd process to restart the service.
  That should resolve your issue.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

• Uploading of signed certificate Server certificate and Intermediate certifi

  Hello,
  We are implementing SSL for the first time on NW AS JAVA 7.0. I have received signed certificate from the CA.
  It contains Web server certificate and Intermediate certificate.
  I guess we import the Webserver CSR response. I not sure on what is the intermediate certificate and they say it is mandatory.
  Can you please guide.
  Thanks.
  Siddhartha

  Sorry Here,
  Hope I understand this correctly.
  The Comodo Positive SSL is a Web certificate. Although I ask OD to use it, it didn't.
  Then Profile Manager expects a "code signing" certificate which is why all it saw was Open Directory's one.
  Francois

• Why are intermediate certificates needed within STRUST with SAP as SSL client?

  Scenario: My company is hosting various applications on a web server. Our customers connect their SAP systems to our applications using web services.  We changed one of our VeriSign web server SSL certificates a few weeks ago. This new SSL certificate was signed by a VeriSign intermediate CA which itself is signed by a new VeriSign root CA.
  In the past, we only took care that our customers have the corresponding VeriSign root certificate imported into their SAP via STRUST; in our case this is the following root certificate: http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem
  Now as we changed the certificate on our web server, our customers can't connect to it with their SAP systems any more. We found out that it works again, if the customers additionally import the VeriSign intermediate certificates into their SAP via STRUST; in our case the following ones: https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
  This is something we don't understand for two reasons:
  1.) Usually it shouldn't be necessary to have intermediate certificates on client side, only on the web server. We saved the two VeriSign intermediate certificates into one file and linked it within our Apache via the "SSLCertificateChainFile" directive. This is what we expected to be enough for all SSL clients which have the corresponding root certificate within their certificate stores.
  2.) Our old certificate was signed by an (other) intermediate certificate, too and we didn't have  this one on client side at our customers… it worked. Why? The only difference seems to be, that the old chain had only one intermediate certificate and the new one has two.
  Anyone has an answer to these questions or an idea how to avoid uploading the intermediate certificates all the time? 

  Hi !
  have a look at this thread may be helpful for you .
  Cannot import certificate response in STRUST
  Regds
  Abhishek

• Add intermediate certificate to signed jar

  Is it possible to add an intermediate certificate to a signed jar file?
  The users of my applet are asked to trust the certificate showing the hint that the source is not trusted. The root certificate of my code signing certificate is included in the trusted sources.
  Thanks,
  Reinhard

  I have already a full trusted chain consisting of the root, an intermediate certificate and my code signing certificate. The root is included in Java�s trusted roots. But if I sign my jar with my code signing certificate, Java can not build the trust chain, as it does not have the intermediate certificate. If it would be possible to include the intermediate certificate certificate it would work, but appearantly this is not possible with jarsigner.

• Yosemite Server Signed Certificate vs OD and Profile Manager

  Hello Again,
  For more info on my setup follow the thread exchange Yosemite Server forward zone vs SSL types
  I've purchased a Comodo Positive SSL that covers www.example.com and example.com
  I asked OS X Server to use it and it went on to set up this Comodo signed Certificates up for Calendar, Mail (Pop and iMAP), Mail (SMTP), Messages and Websites.....
  ... But not for Open Directory which uses the xyz.example.com OD Intermediate CA.
  In Profile Manager, Configuration Profile Sections, I have checked "Sign Configuration Profile" and the only choice if I click the "edit" button is the "xyz.example.com OD Intermediate CA".
  1- Should OD use the Comodo Certificate like all other services?
  2- Will the Comodo certificate appear in the Profile Manager If I tell OD to use it?
  Francois

  Sorry Here,
  Hope I understand this correctly.
  The Comodo Positive SSL is a Web certificate. Although I ask OD to use it, it didn't.
  Then Profile Manager expects a "code signing" certificate which is why all it saw was Open Directory's one.
  Francois

• Intermediate CA certificate and the Root CA certificate

  HI
  What are Intermediate CA certificate and the Root CA certificate ??
  What is the difference between these two types of certificates ??
  What are all the other alternative names that are used with these names ??
  thanks
  kumar

  Hi,
  An intermediate certificate is the certificate, or certificates, that go between your site (server) certificate and a root certificate.
  The intermediate certificate, or certificates, completes the chain to a root certificate trusted by the browser.
  Using an intermediate certificate means that you must complete an additional step in the installation process to enable your site certificate to be chained to the trusted root, and not show errors in the browser when someone visits your web site.
  Refer
  https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0
  The advantages of using intermediate certificates u2013 Sometimes referred to as u2018chainingu2019
  http://www.whichssl.com/intermediate_certificates2.html
  Root certificate
  The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the most well-known root certificates are distributed in the Internet browsers by their manufacturers.
  a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA). A root certificate is part of a public key infrastructure scheme. The most common commercial variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).
  http://support.microsoft.com/kb/887413
  Thanks
  swarup

• My 4th generation iPod Touch won't let me get on to the App Store. When I log on to iTunes, an alert pops up that says the certificate for the server is invalid, and that it may be a server pretending to be iTunes. What should I do?

  My iPod won't let me on to the App Store, and whenever I go on to ITunes, an alert pops up that the certificate for the server is invalid, and that I may be connecting to a server that is only pretending to be iTunes.apple.com and my personal info may be at risk. I downloaded an emulator yesterday from coolroms.com but deleted the app this afternoon. I cleared my safari search data, my cookies and data, and web inspector, which still didn't work. I then proceeded to reset my iPod and then download the newest version of IOS 6.1.5 but yet still am having problems. Also to the App Store and iTunes, several other apps aren't working. Any help here?

  Also, when I go on to safari, another alert pops up that safari cannot verify the identity of the website, anything that I type in to as common as google.com. It gives me 3 options to either cancel, look at details, and continue. I've looked at the details of the website of Google and it is legitimate the site. Any help?

• Home Mac Mini Yosemite Server and Time Capsule

  Hello again,
  I''m looking to have a Mac Mini Yosemite home server with my dot com pointed to my fixed IP.
  I have a laptop, an iPad 2 and an iPhone 6 to manage in the beginning.
  It's mostly to practice skills for employment purposes.
  If I get the latest october 2014 Mac Mini with Server 4 and I want to back up the server on a Time Capsule 3 TB:
  Will it create big backups:
  Some macs will be backed up to Mac Mini Yosemite Server Time Machine Services.
  iPad and iPhone backed up in iTunes, on the server or the laptop?
  What else can be a problem?
  François

  Hello DC,
  Thanks for the quick reply.
  For the problem I try to anticipate, it was like those mac with Bootcamp, where Windows is one big file and a simple log on-log out on Boot Camped  Windows would change the big piece of bread and another complete multi GB would be backed up. the runaround was not to time-machine the Windows file and use a PC backup for the Windows stuff.
  In the same vein, if users back up to the Mac-Mini server in a sparse image, does'nt that fill the backups of the server which is also a sparse image?
  I agree with you that an external Time Machine HDD is more flexible as more than 3 TB can be needed down the road.
  As for open ended question, effectively, you read it right, I am looking for problems I did not anticipate from user who bumped into them.
  Thanks

• Netflix "Slo-Mo" with 2011 Mini Server and Yosemite

  I have recently run into a problem with my 2011 Mini Server and Yosemite.
  Now that I am using my Mini as a HTPC with Yosemite, when I first boot
  and then log into Netflix and start a movie or TV show, the playback
  runs in literally slow motion.  Video is slowed and audio is also slowed
  (like playing a 45 on 33 for those that remember).
  However, if I open display prefs and change refresh from 60Hz to 24Hz,
  and then change it back to 60Hz, all works well.
  Has any one else seen this issue and have a more permanent solution?
  Also, it doesn't matter if running Netflix under Silverlight or HTML5.

  Thanks, that's all very helpful.
  I would like to restore the Mini to its current condition since I've already done some installs and configuration on it--not a show stopper, just convenient if I don't need to redo some things.  One idea might be to use the online restore option to get a fresh OS install back and, presumably, recreate the recovery partion in the process, then restore the CCC over that, which would leave the recovery partition alone.
  Hmm. Things to ponder and maybe try.  I'm not too concerned about killing it and having to start over, so now might be a good time to experiment before I have too much time invested in configuring it. 
  Its purpose in life is to be a render node for 3D animation, so it's intended to be a minimal OS install anyway, just fast hardware and lots of disk storage (which is why I want the whole terabyte in one volume).

• Weblogic server 9.2 and SSL server certificate for the wrong site

  I turned on SSL service for a weblogic 9.2 server and later on changed the hostname of the machine that weblogic was running on. So the hostname that my SSL server certificate was issued to has now became an invalid hostname. But my weblogic server continues to run SSL service without any exception. I can still access my web applications thru the SSL port (except of course I get a warning for the server certificate every time that it is for the "wrong site"). My question is this: should weblogic 9.2 verify the hostname in the server certificate and stop SSL service if the certificate is for the wrong site? Or is verifying the certificate strictly the job of the browser? Just want to make sure there is nothing wrong with my SSL configuration. Thanks.

  So you are saying that something is wrong with my weblogic 9.2 ssl configuration? And that given a server certificate issued to a different hostname, my weblogic server should NOT be servicing ssl request and/or it should throw some sort of exception during startup? Thanks for clarifying.

• A friend of mine downloaded an app from the internet onto my iPod Touch 4 so I could play pokemon on my iPod, I deleted the app but now iTunes and the App Store won't open, they say that the certificate for this server is invalid. What should I do?

  A friend of mine downloaded an app from the internet onto my iPod Touch 4 so I could play pokemon on my iPod, I deleted the app but now iTunes and the App Store won't open, they say that the certificate for this server is invalid. What should I do?

  Try:
  Why does my iPod 4th generation say the certificate for this server is invalid when trying to access iTunes? I've never had an issue until this recently.

• Yosemite Server Wake on MDNS Conflict and Wake reason ?

  A MacMini 2014 with OS X Yosemite server wakes up from manual sleep (Apple Menu, Sleep) every night.
  Console / Logs says:
  Jan 15 08:26:21 xxxxx kernel[0]: Wake reason: ?
  Jan 15 08:26:21 xxxxx kernel[0]: ARPT: Wake Reason: Wake on MDNS Conflict
  I searched the "interogation point" and "Wake on MDNS Conflict" reasons without success.
  Also read
  (http://support.apple.com/en-us/ht5394)
  (http://support.apple.com/en-ca/HT201960)
  Here are some prameters:
  xxxxxxx:~ xxxxxxx$ pmset -g assertions
  2015-01-15 09:43:55 -0500
  Assertion status system-wide:
     BackgroundTask                 0
     ApplePushServiceTask           0
     UserIsActive                   1
     PreventUserIdleDisplaySleep    0
     PreventSystemSleep             0
     ExternalMedia                  0
     PreventUserIdleSystemSleep     1
     NetworkClientActive            0
  Listed by owning process:
     pid 32(com.apple.serve): [0x0000001f00010133] 24:08:45 PreventUserIdleSystemSleep named: "org.isc.named"
     pid 32(com.apple.serve): [0x0000001f00010132] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.server.filesharing"
     pid 32(com.apple.serve): [0x0000001f00010131] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.ppp.l2tp"
     pid 32(com.apple.serve): [0x0000001f00010130] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.collabd.quicklook"
     pid 32(com.apple.serve): [0x0000001f0001012f] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.collabd.preview"
     pid 32(com.apple.serve): [0x0000001f0001012e] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.collabd"
     pid 32(com.apple.serve): [0x0000001f0001012d] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.collabd.notifications"
     pid 32(com.apple.serve): [0x0000001f0001012c] 24:08:45 PreventUserIdleSystemSleep named: "com.apple.collabd.expire"
     pid 77(hidd): [0x00007feb00090f08] 00:59:14 UserIsActive named: "com.apple.iohideventsystem.queue.tickle"

  Just a follow up to my original posting.
  Spalshtop is great for accessing my Macs from each other. I revived and old (2008) Macbook that I use as my media centre in my sunroom. Using Splashtop I can access my new Mac Mini in the basement and my iMac in a separate room on the main floor. I have a lot of reasons to access one Mac from another, which I will not go into except to say the main reason is being too lazy to go from room to room when I want something that is specific to one of the Macs.
  However, while I can remotely access another Mac, copying files between Macs is much easier with network sharing. Each Mac can mount the other's drive(s) and moving files between Macs is a breeze. I just wanted to reinforce one comment made in the original post, see below.
  Two of the three Macs can be asleep and I can still mount their drives and move, copy, delete files remotely while they are asleep. Splashtop cannot see a computer when it is asleep and I have not yet been able to wake any of my Macs remotely. Once again, I am not network savvy and I have NO idea why I can mount drives on a sleeping Mac and play with its files yet I cannot access the same Mac remotely with Splashtop.
  If anynoe has any ideas, I would love to hear them. I have not had any feedback from Splashtop support after a month; hope to hear from them soon.