IOS 6.1 upgrade, self signed root certificate not working

Similar Messages

• EDirectory install - failed to retrieve self-signed root certificate:142

  Hi,
  My istallation has 2 NICs, public & internal.
  My tree name is IS.
  I have succesfully installed and used RedCarpet. I additionally enabled
  the Firewall and DHCP server to allow internet access to my users.
  On running Yast install for eDirectory I am given the default IP address
  of the server, this is the Public IP address - I decided that eDirectory
  was for internal use so changed IP address to internal one.
  At 50% of installation an error pops up :-
  Error
  The installation failed to retrieve the self-signed root certificate:142
  I aborted the installation.
  I retried the install using the public Ip address, it complains ports are
  already in use, I chose ignore and go ahead. Same error occurs :142.
  Your assistance and guidance would be appreciated.

  > Hi Johan,
  >
  > Thanks for sticking with me... I appreciate your time and help (believe
  > me, It's a great help..)
  >
  > I have cracked it...
  >
  > On a reboot, I chose to press F2 to get rid of the Suse Chameleon screen
  > and watched the boot process progress. I then noticed that it was unable
  > to contact my specified NTP source.
  >
  > I went into Yast Ntp client and changed my NTP source to other published
  > secondary NTP servers and all failed. I then put in the ip address of one
  > of the time servers and Bingo! ntp connected...I think I've seen this
  > before with Netware...where name resolution of the ntp server name does
  > not occur....most ntpserver administrators state they prefer you contact
  > the server by name rather than address...hmmm.....
  >
  > I then retried Yast eDirectory install and it was a breeze, as was the
  > iManager install....
  >
  > GroupWise here I come...
  >
  > Rgds.
  >
  > Stan Chelchowski
  >
  Hi, this is roy.
  had the same issue. using a supermicro with a builtin dual nic.
  disabled it and installed an old pci nic to test and it finally loaded the
  edirectory without an error.
  on another note, i am installing the NLSBS 9.0 and had to manually load
  the disk drivers since i have an adaptec 2010s raid adapter. i had
  installed suse 9.3 on the same machine earlier with absolutely no issues,
  but NLSBS is a pain. if you run red carpet and update all, then the driver
  issue returns.
  how do you get and install the service pack 2?
  thanks,
  roy

• What would make a PC decide that an SBS self-signed root certificate is revoked because it cannot contact the CRL distribution point?

  I'm puzzled. Scenario is SBS 2008 with some web applications published to the internet over https. Users who access these have the SBSCertificate.cer (expiry 2018) installed in the Trusted Root Certificates store for their local PC. This used to work
  fine, and in fact it still works fine for me, from my own non-domain joined PC connecting over the internet. However some users are now getting a "certificate revoked" error and cannot connect to the applications. Using Certificate Manager on these
  client PCs, the properties for this certificate state that it is revoked. It is not in fact revoked, but the CRL is on a local network that is inaccessible from outside (no VPN). Why is this certificate accepted as OK by some external PCs, but not by others,
  what is the setting that determines this?
  Tim

  Hi Tim,
  Based on your description, would you please let me confirm something more?
  1. "However some users are now getting a "certificate revoked" error and cannot connect to the applications."
  Please let me know the complete error message.
  2. Based on your description, I understand that this issue just occurred in some client computers. Other computers still run as normal. Would you please compare some configurations
  of the problematic computer with a good one? Any update, please feel free to let me know.
  Please refer to the following KB and articles and check if can help you.
  IIS returns HTTP "403.13 Client Certificate Revoked"
  error message although certificate is not revoked
  Understanding
  Certificate Revocation Checks
  How Certificate Revocation Works
  Hope this helps.
  Best regards,
  Justin Gu

• IOS 7.1 Upgrade - home button double click not working most of the time

  Hi,
  Not sure, if anyone else had encountered this issue after upgrading to iOS7.1.
  I am using iPhone5S 32 GB and it was working fine with home button (double click, mostly used to see & close other applications running in background) till I upgraded to iOS7.1. After iOS7.1 upgrade, most of the time, I am unable to see running applications. After trying for 4-5 times, I managed to see running application
  Is there any fix or workaround for this issue?

  Settings > General > Accessibility > Home-Click Speed - Change from Default to Slow

• HT5012 How can you add a self signed CA Certificate to iOS 8?

  How Can I add a self signed CA Certificate to an iPad with iOS 8.1?

  I don’t think that I can help you but I am very interested in your question. Perhaps you have seen information about a related problem…
  https://discussions.apple.com/thread/6590335
  One way to install the self-signed CA certificate is to export it to a .CER file, email it to the iOS 8 device, open the attachment and process it. My guess is that the certificate will be installed (check the resulting profile) but due to an iOS 8 bug it will be ineffective.
  Or, you could send a signed email from the email account for the CA. Open the email on the iOS 8 device and process it.
  I assume your goal is for certificates issued by the CA to be automatically trusted on the iOS 8 device. Good luck with that.
  The method I used was to send a .CER file. The CA certificate showed up as a profile. However, I do not get automatic trusting of certificates issued by the CA.

• How to import self signed root CA certificates on to playbook.

  Hi, 
  I have a test environment with windows CA configured, and i want to install the root CA of this server on to my playbook device, i followed the steps mentioned in PlayBook user guide for importing root certificates, but 
  when i select the certificate in under Security -> certs and click on import it fails with imported 0 of i certificates. 
  could someone help me how can i install self signed root CA's into playbook. 
  regards,
  kamesh.

  I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????

• Export & Import Self-Signed Root CA Certificate?

  I have created a self-signed Root CA certificate with which I sign all of my other certificates on a leopard Server. This Root CA is installed and trusted on all of our client machines.
  I recently tested exporting and archiving the Root CA in every format available from Keychain Access and then tried to import these files into another Snow Leopard server and was unable to assign the imported Certificates as a "Default Certificate Authority".
  Does anyone know how I can set this Root CA that I created on another server as the default CA on this new machine for signing all future certificates that I create?
  Fore some reason when I go into Keychain Access and select: Keychain Access -> Certificate Assistant -> Set the Default Certificate Authority… I end up with no certificates to choose from and the "Add a Certificate Authority…" button will not allow me to select any of the exported certificate formats that I archived.
  Any thoughts?

  Anyone have any information at all? This seems like a very basic need for maintaining certificates beyond the usable life of the equipment on which they were created.
  I have found precious little information about this specific to Apple OS.

• Nokia X - import self signed server certificate

  Do someone know how to import a self signed server certificate? No CA root certificate, only a server!
  I connect from all my devices to a Baikal server for calenders and addresses. For this machine I generate a self signed server certificate. I am working with all devices without problems after I import the certificate to this (iPhone, iPad, iMac, Win7, Srv2k8, Linux,...). Only the Nokia X don't want to accept it.
  I store the cert in DER format and name ending to .cer to the memory card, choose the import, the cert is found and I have to name it, but then it will not import it??? And the CAdroid is not working?!
  Do someone know how to do this right? Thanks.

  Hi, anoymo. You may install the self-signed certificate by downloading it using the phone's browser. The file format should be DER encoded binary (X.509). Or you can create an HTML file using the notepad. Just copy this code (<HTML><BODY><a href="FileName.cer">Install certificate</a></BODY></HTML>) excluding the parenthesis to the notepad and save it as .html. Create a zip file for the certificate and the HTML file, copy it to the phone then open the .html file it should prompt you to install the certificate.  Directly importing it to the phone is not possible.

• Self Signed in Certificates without CA server

  Hi Team,
  I am working to configure expressway for Cisco Jabber but i stuck now in certificate step, can i do self signed in certificate without CA server ? if yes what are the procedures to do that.
  Thanks

  It is better if you use a CA server.
  Please follow the deployment guide http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-1-1.pdf

• Is there a way to make a self-signed client certificate with keytool...

  Is there a way to make a self-signed client certificate with keytool
  that will install successfully into the personal store in IE?

  hi,
  It is possible to make a self-signed client certificate with keytool and i am successfully using in my dummy application.
  The first thing you need to do is create a keystore and generate the key pair. You could use a command such as the following:
  keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
  -alias business -keypass kpi135 -keystore C:\working\mykeystore
  -storepass ab987c -validity 180
  (Please note: This must be typed as a single line. Multiple lines are used in the examples just for legibility purposes.)
  This command creates the keystore named "mykeystore" in the "working" directory on the C drive (assuming it doesn't already exist), and assigns it the password "ab987c". It generates a public/private key pair for the entity whose "distinguished name" has a common name of "Mark Jones", organizational unit of "JavaSoft", organization of "Sun" and two-letter country code of "US". It uses the default "DSA" key generation algorithm to create the keys, both 1024 bits long.
  It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information. This certificate will be valid for 180 days, and is associated with the private key in a keystore entry referred to by the alias "business". The private key is assigned the password "kpi135".
  Also please go through the http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
  This would help u better.
  bye,
  Arun

• Error when trying to import self signed server certificate

  Hello,
  When trying to load a self signed server certificate into the key store (NW2004s SPS11), I get the following exception. Here is the certificate's subject:
  "/C=DE/ST=Bavaria/L=Munich/O=Nokia Siemens Networks GmbH & Co KG/OU=CDO IT MSS OMA AS1 DE/CN=carrier-mhhb3u3c.extranet.nokiasiemensnetworks.com/emailAddress=elmar.sternathatnsn.com"
  caused by -
  com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored
       at com.sap.engine.services.keystore.impl.KeystoreManagerManagementImpl.writeEntry(KeystoreManagerManagementImpl.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
       at com.sap.pj.jmx.mbeaninfo.AdditionalInfoProviderMBean.invoke(AdditionalInfoProviderMBean.java:289)
       at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
       at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
       at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
       at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
       at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
       at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
       at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
       at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
       at com.sap.engine.services.jmx.MBeanServerInvoker.invokeMbs(MBeanServerInvoker.java:131)
       at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:212)
       at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:766)
       at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:102)
       at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
       at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:319)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:200)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.sap.engine.services.keystore.exceptions.BaseParameterException: Cannot perform operation - character [' '] cannot be part of view or entry alias.
       at com.sap.engine.services.keystore.impl.ParameterChecker.checkEntryName(ParameterChecker.java:251)
       at com.sap.engine.services.keystore.impl.ParameterChecker.writeEntry(ParameterChecker.java:125)
       at com.sap.engine.services.keystore.impl.KeystoreManagerManagementImpl.writeEntry(KeystoreManagerManagementImpl.java:125)
       ... 29 more

  Figured it out by myself. There have been dots in the certificate's file name.
  Thank you for your help,
  Elmar

• How to generate self-signed CA certificate, client certifacate in pkcs12

  Based on the requirement, i need to generate self-signed CA certificate, client certificate, keystore type all in PKCS12 format.
  Below is the successful process of generating them in DER format
  1. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 2190 -config openssl.cnf
  2. keytool -genkey -alias client -keyalg RSA -keystore client-keystore.jks
  3. keytool -certreq -keystore client-keystore.jks -storepass clientkeystore -alias client -file client.cert.req
  4. openssl ca -config openssl.cnf -out client.pem -days 2190 -infiles client.cert.req
  5. openssl x509 -outform DER -in client.pem -out client.cert
  openssl x509 -outform DER -in cacert.pem -out cacert.cert
  6. keytool -import -file cacert.cert -keystore client-keystore.jks -storepass clientkeystore -alias ca
  keytool -import -file client.cert -keystore client-keystore.jks -storepass clientkeystore -alias client
  So, i try to create them in PKCS12 format
  1. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 2190 -config openssl.cnf
  2. keytool -genkey -alias client -keyalg RSA -keystore client-keystore.jks -storetype pkcs12
  3. keytool -certreq -keystore client-keystore.jks -storetype pkcs12 -storepass clientkeystore -alias client -file client.cert.req
  4. openssl ca -config openssl.cnf -out client.pem -days 2190 -infiles client.cert.req
  5. openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem -name "CA Certificate"
  cacert.p12 successfully created. but,
  openssl pkcs12 -export -out client.p12 -in client.pem -inkey cakey.pem -name "Client Certificate"
  error message said "No certificate matches private key"
  I have no idea that which step goes wrong....any advice or suggestion? importantly is to convert into pkcs12 format.
  Thanks

  Your last step should be to import the signed certificate back into your client PKCS#12 keystore, client-keystore.jks.
  This file contains the private key used to create your signing requets originally, and must be matched when importing the signed certificate back in.
  I think you will need to follow steps 5 & 6 in your DER example to complete the client PKCS12 keystore (including -storetype pkcs12 argument on the import statement).
  Another way is to simply convert the keystore created in your DER example into a pkcs#12, by using JRE1.6 command:
  keytool importkeystore -srckeystore [jks keystore] -srckeystoretype jks -destkeystore [pkcs12 keystore] -destkeystorestype pkcs12

• Extend self-signed SSL certificate beyond one year

  Hi all,
  How can I extend SSL Certificate created by Windows 2008 R2's Certificate Service beyond 1 year?
  Thanks.

  Hi,
  For self-signed certificate, you can use IIS Manager to create new one. For more detailed steps, please refer to the below steps.
  Create a Self-Signed Server Certificate in IIS 7
  http://technet.microsoft.com/library/cc753127(WS.10)
  If it’s a certificate issued by a CA, we just need to renew the certificate with the CA to extend the valid date.
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Abandoning Self-Signed SSL Certificates?

  Hello,
  I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates.  I'm not an expert on the subject, but I do know the following things:
  1)  An earlier finding lead to me disabling all forms of SSL on my servers and workstations
  2)  Workstations use certificates to identify themselves to other domain assets.
  Now my servers all have their own certs signed by an outside authority.  However, it would be a huge amount of work to go through the process for each and every workstation.  So my questions are these:
  1)  Can I create a NON-SSL self signed cert for these machines to use?
  2)  How do I remove these current SSL certs without having to hover over each workstation?
  Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
  Thanks,
  M.

  What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
  using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
  Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
  If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
  internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
  Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
  the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
  an internal CA).

• E-Mail Setup fails with self-signed SSL certificat...

  Hi, one of my e-mails is with a small provider who just moved the mail server to Imap and SSL. In Thunderbird, everything works fine, setup on my Nokia C-6-fails with an unspecific error message (and trows away the settings). I asked the provider, and it seems that the problem comes up because the Nokia e-mail application doesn't asked me if I want to accept the certificate but instead rejects it. Is there a workaround to this problem? Is there a way to setup the mail account without using the wizard? Or to take over the settings from Thunderbird? Or a way to put the certificate in the right place manually? In Opera mobile I have no trouble with self-signed SSL certificates. Thanks Cave

  Any one around who can help? Self-Signed certificates are rather common, after all. I would be grateful cave