Iplanet 6.0 creating a development SSL certificate for internal use

Similar Messages

• W2k8R2 - Enterprise CA - Need WildCard Certificate for Internal Use

  Hi guys,
  A new client of mine has a "standalone" CA in their domain already...but I need a Wildcard Cert for some applications I'm installing in IIS.
  I'm used to setting up an "Enterprise" CA and issuing a Wildcard Cert that way, but I don't know if the "standalone" CA can do that.  I attempted to have IIS request a cert and it didn't auto-populate the CA information...but I told
  it to use CERTAUTHNAME\domaincontroller and it created one...but it doesn't appear to be working.
  My question is...if I install the Enterprise Root CA on a DC in their environment, can it interfere with the already issued certs from the standalone CA?
  I don't want to break something to move forward with my stuff.
  Thanks a lot and any help is greatly appreciated!!!

  Standalone CA can issue wildcard certificates. You just need to generate certificate request manually (without using IIS Mgmt console for that) by using INF file and certreq. Then, you submit your request to a CA server. Look at this article:
  http://social.technet.microsoft.com/wiki/contents/articles/2017.certificate-enrollment-for-system-center-operations-manager-agent.aspx
  although, this article is intended for OpsMgr, certificate enrollment process is the same for all products, just skip OpsMgr-specific stuff. There are three sections related to Standalone CAs: request generation, submission and installation. In the INF file,
  you specify your wildcard name in the Subject key.
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Check out new:
  PowerShell FCIV tool.

• Problem with importing and creating self signed SSL certificate

  Mac Pro, 10.7.2 Server.  Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service.  Server is acutally called server.domain.com but has an alias of ichat.domain.com.  I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com.  We have been using this type of mismatched certificate with success since 10.4 or so.
  I am working through setup of 10.7 Server to replace our 10.6 server. 
  Tried upgrade of 10.6 to 10.7 installation.  The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
  Clean install and setup of 10.7 Server.  Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
  On import or manual creation of certificate get the following error:
  Error
  Check your server's logs for more information.  The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
  Log shows:
  Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
                "<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
  I have tried importing and manually creating other certificates with a variety of names with success.  I assume that there is something buried somewhere that is causing this particular one to be a problem.  Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try.  I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
  Suggestions?
  -Erich

  Take a look here.
  https://bbs.archlinux.org/viewtopic.php?id=146649
  Maybe it's a problem with your network.

• Changing SSL certificate for ICM

  Hello,
  I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
  Is there any possibility to change working certificate? What should I do to make such change?

  > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
  > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
  OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
  > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
  > (for internet use the certificate in on the reverse proxy in the DMZ).
  Here I've got another problem.
  I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
  As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
  In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
  If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
  Many thanks for your help,
  regards,
  Konrad

• Installing an SSL certificate for a CSS 11503

  I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
  I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!

  Allen,
  The portion of the configuration guide related to SSL certificates and keys can be found here:
  http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
  To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
  ~Zach

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• How we can get SSL certificate for any site?

  i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

  Hi,
  Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
  Based on your description, I’m a little confused with your question. Did you mean that want to know why need
  SSL certificate for website?
  Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
  and your server.
  An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
  a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
  Managing Certificates
  SSL and Certificates
  Understanding Self-Issued
  Certificates in SBS 2003 & SBS 2008
  Installing a GoDaddy Standard
  SSL Certificate on SBS 2008
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If anything I misunderstand or any update, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• RV120W SSL Certificate for Client

  Hello,
  When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
  Firmware:
  1.0.2.6
  Help?

  Hello Sir, My name is Eric Moyers. I also responded to your other thread.
  I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
  Thanks
  Eric Moyers
  Cisco Network Support Engineer
  SBSC WIreless and Surveillance SME
  CCNA, CCNA-Wireless
  1-866-606-1866

• SSL certificate for database

  Hi all,
  I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
  And also how to get SSL certificate for database form Godaddy?
  Any help would be great.
  Thanks
  Rajitha
  --------------------------------------------------------------------------------

  Pl refer to Oracle® Database Advanced Security Administrator's Guide
  10g Release 2 (10.2) from Oracle documentation.
  You will find useful information on that related to this.
  Dilipkumar Patel.

• How to Create SSL certificate for HTTPS Connection in SAP PI

  Hi,
            I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
            How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
           I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
           Please help me on this issue.
  Thanks,
  Siva

  Hi,
  Check if it helps:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
  But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
  Regards,
  Caio Cagnani

• Wildcard * SSL Certificates for TTA??

  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on the name
  for wildcard certs?
  Cyrus

  Hi Cyrus
  I was loosely referring to PKI rules e.g.
  http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
  http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
  Wildcarding isn't supported. I understand what you are trying to do now
  but it won't work because the software is looking for a certificate
  matching a single server.
  The certrequest command is just a wrapper script for openssl so it won't
  stop you doing anything the openssl command believes may be valid. You don't
  actually need to use this command it's just there for convenience, you
  could do everything just using openssl.
  The current documentation doesn't explictly state that you can't use
  wildcards in certificates but it does say you need a certificate for a
  SGD server. My understanding of the wildcard issue is that it is up to
  a particular application to decide what is appropriate.
  http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
  Regards
  Barrie
  On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
  May I inquire as to where these rules are listed regarding SSL Certs, I
  didn't see anything to the effect in the documentation. Also why weren't
  the rules enforced at certificate generation time. Even the validation
  command (tarantella security certinfo) had no problems.
  The CSR generation/signing went through flawlessly and created a wildcard
  cert that Apache could use. It's one thing if the whole cert process
  couldn't handle a wildcard, but it seems like everything would have worked
  if only the applet accepted a wildcard regex match.
  Regards,
  Cyrus
  barrie wrote:
  Hi Cyrus
  No, sorry. The rules say you can't do that. You are required to have a
  certificate for a node not a network.
  Regards
  Barrie
  On 2005-08-05, CM <[email protected]> wrote:
  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to
  name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on thename
  for wildcard certs?
  Cyrus

• SSL Certificate for Software LifeCycle Management

  Dear Friends,
  We have Solution Manger 70 with EhancementPack 1 (Java 7.01 SP4). Trying to configure the Software LifeCycle Management and I am stuck at the first stage i.e. generating SSL SSL Certificate.
  Here is what I have done and please let me know on how to proceed...
  - Installed SAP Cryptographic libraries, all the necessary Profile parameters and activated HTTPS...
  - STRUSTSSO2 --> Created SSL Server PSE
  - Generated the Certificate Requests for the SSL Server PSE
  - Copied the Certificate Request.
  - Opened the https://service.sap.com/tcs site
  - Requested for SSL Test Server Certificate by pasting the Copied the Certificate Request and generated the certificate response in a "PKCS # 7 Certificate Chain" format.
  - Copied the Generated Imported Certficate from SAP Trust center Site, and Imported the Certificate response for SSL Server using STRUSTSSO2.
  What else I am missing here?????????
  How to generate the Import Certifcate in a crt file format for SSL client (Anonymous or Standard) PSE's?????????
  Kindly help me with these issue ASAP.
  Thank you,
  Nikee

  Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
  a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
  b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

• Problem in installation of free SSL certificate on Weblogic using keytool

  We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
  Steps followed:-
  1) To generate keystore and private key and digital cerficate:-
  keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
  2) To generate CSR
  keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
  3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
  4) Same certificate is put into same keystore using following command
  keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
  5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
  (intermediateCa.cer file is downloaded from verisign site)
  keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
  6) After this configuration we used weblogic admin module to configure Keystore and SSL.
  7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
  Private key alias: mykey2
  PassKeyphrase: webconkeystorepassword
  Location of keystore: location of webconkeystore.jks file on server
  8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
  Error on console:
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
  <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  If anyone knows the solution ,please help us out.Thanx in advance.
  I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

  Thanx all guys for your interest and support.
  I have solved this issue.
  We have weblogic 9 on unix env.
  Following steps which I followed:
  #generate private key
  keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
  #generate csr
  keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
  Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
  We copied that text file in "ert4nov2009.crt" rt file used below.
  Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
  roo ca in "root4nov2009.cer" file.
  intermediate ca in "intermediateca4nov2009.cer"
  both these files used in
  #import root certificate
  keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
  #import intermediate ca certificate
  keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
  #install free ssl certifiate
  keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
  #after this admin configuration
  In weblogic admin console module, we did following settings:-
  1. under Configuration tab
  a. Under KeyStore tab
  For keystore , we selected "Custom identity and Custom Trust"
  Under Identity,
  Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
  Custom Identity Keystore Type: JKS
  Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
  Same we copied Under "Trust", as we have not created separate keystore for trust.
  Save setting.
  b. Under SSL tab
  Identity and Trust Locations: select "Keystores"
  Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
  Save setting.
  c. Under General tab
  Check checkbox "SSL Listen Port Enabled"
  and mention ssl port "SSL Listen Port"
  Save setting.
  After this activate changes.You might see error on admin module.
  Using command prompt, stop the server and again restart and then try to access using https and port ...
  you will definately get output...
  in our case issue might be due to key size..we used 1024 key size ..it solve problem.
  for your further reference plz find link below..it is also helpful.
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674

• Problem installing SSL certificate for CPS

  I work at a medium-sized University, and we have used
  Contribute 3 with CPS1.11 for well over a year. Recently, however,
  the Contribute clients began having difficulty logging in to CPS.
  At first this was intermittent, but is now constant. Adobe support
  suggested replacing the CPS self-signed SSL certificate with a
  genuine one, because apparently the self-signed certificate is
  causing communication delays and timeouts.
  I have the certificate, and am trying to use keytool (see
  http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
  to install it, but it is asking me for a keystore password, which I
  don't know. Apparently the standard defaults are "changeit" or
  "passphrase", but neither of these work.
  As a test, I created a fresh install of CPS and attempted to
  list the keys in the keystore, but again was asked for a keystore
  password and the defaults did not work. Adobe support suggested I
  ask here. Anybody have any experience installing a certificate for
  CPS?

  Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new:
  SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.