Local, self-signed cert for SSL IMAP on Tiger?

Similar Messages

• How do I allow self-signed cert for SecureAMF on iOS?

  I have spent the better part of two days trying to figure out how the dickens to do this. 
  Basically, I am using BlazeDS (using AMF as the protocol) to communicate with a Java backend (using tomcat with a self-signed cert).
  This works great in the browser version of the application (you usually get a little prompt saying that the site is untrusted when you try to access the website, you install the certificate and Bob's your uncle.)
  However, adapting the code over to iOS I am discovering a couple of problems.  The primary one being that the BlazeDS communication fails miserably when we are using SecureAMF with the self-signed certs.  It appears that it is similar to this issue: http://forums.adobe.com/message/3940214#3940214
  How do I get my iOS Air app to communicate with a self-signed certificate running on tomcat?
  Here are the things I've tried:
  1) Installing the cert using iPhone Configuration Utility
  2) Browsing to the site in Safari, and installing the certificate manually
  This is for development, so buying a certificate doesn't really make sense.
  So, any suggestions?

  Has anybody had any success here?  This is a real problem for testing internal applications inside of a local network.

• Using keytool to generate self signed cert. for Microsft Certificate Mrg.

  Hi All,
  I want to be able to generate a self signed certificate that I can Import into
  Microsoft's Certificate Manager, to enable an HTTPS Listener for
  Microsoft's WinRM and WinRS.
  The certificate would only be for internal use, not used externally.
  Here's the problem. I can create a certificate using this (path obscured):
  "C:\Program Files\.....\jre\bin\keytool" -genkey -al
  ias dMobX -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -dname "CN=your-f5c57803
  53" -keypass changeit -validity 90 -storetype pkcs12 -keystore "C:\Program Files
  \......\jre\lib\keystore\.keystore" -storepass changeit
  "C:\Program Files\......\jre\bin\keytool" -export -alias dMob
  X -file "C:\Program Files\......\jre\lib\keystore\dMobX.cer" -stor
  etype pkcs12 -keystore "C:\Program Files\.......\jre\lib\keystore\.
  keystore" -storepass changeit -v
  Microsoft's Certificate Manager will accept it, the .cer, using "Import", into
  Trusted Root Certification Authorities, but when I run the command to create the HTTPS Listener, I get this error message:
  The WS-Management service cannot find the certificate that was requested.
  If I use another tool, like selfssl, I can generate a self signed certificate using:
  selfssl /N:CN=your-f5c5780353 /K:1024 /V:90 /P:443 /T
  This will populate a certificate in Trusted Root Certification Authorities,
  and when I run the command to create the HTTPS Listener, it succeeds with
  no problem.
  So my question is, am I doing something wrong with keytool, or are there
  extra steps that I need to take, or is it even capable of generating a "self signed
  certificate" that will work in the above case?
  There are some concepts involved, certificate wise, that I'm not sure about.
  Do I need to create a CSR and use a tool like openssl, as a CA, and
  use the resulting certificate?
  I just want to be able to programmatically create the needed certificate using keytool, or
  using an API.
  Thanks,

  Download the latest JDK on http://download.java.net/jdk7/binaries/.
  Run "keytool -genkeypair -ext KU=? -ext EKU=? ...". Substitute the "?" with the usages you see in the other cert (for example, "digitalSignature" or "codeSigning". If there are multiple ones, separate with comma).

• IMAP SSL doesnt work in iOS 8.0.2 with self-signed cert.

  Got several mailaccounts setup on my iPhone, four of them is LDAP SSL with the server running self-signed cert (expires 2039).
  When I upgraded to iOS 8.0.2 (iPhone 5S) I got problem with Network settings so I did a "Reset Network Settings" (General > Reset).
  After that all my LDAP SSL based emailaccount cannot be "Verified". I have tried reinstall them all but cannot even set them up anymore!!
  I then setup with EXACTLY the same settings in Mail on my MacAir and it did work like a charm instantly. (Im working as a IT Tech so this is peanuts).
  I have even tried to import the certificate (.pem) from Keyaccess Chain into my iPhone. So that one is installed.
  In older iOS you could tell "Continue" when it said "Certificate is not trusted". Just clicked Continue and it worked anyway!
  What to do?
  In iOS 8.0.2 this is not showing to accept the certificate! Now it only shows:

  Nothing anyone here can do, but you should report it to Apple: http://www.apple.com/feedback/

• Self-Signed Cert being advertised on load-balance ip for ASA VPN cluster

  We recently saw an issue potentially related to CSCul61231 when a self-signed certificate was applied to the internal interface of the lan (inside) connection.  For some reason, the public (outside) cluster ip address started handing out the self signed cert instead of the configured certificate.  Lan interfaces certificates for either of the ASA's in the cluster were not effected - only the VIP.  Even after removing the code, the issue still occurred until the cluster was broken.  After re-connecting cluster issue did not come back.  We are not using the 5500-X devices but instead 5550's.  We do have 9.1.(x) running - I think 9.1.2, but not confident.
  We were looking to add a self-signed static cert as best practice dictates - but if this is the issue we can't and will have to replace our UC cert with one that contains the inside interfaces dns as well.  Can anyone confirm this to be the case?  Below is the exact line that caused the issue.
  ssl trust-point TrustPoint_X INSIDE vpnlb-ip ssl trust-point TrustPoint_X INSIDE
  Thanks in advance!

  Just wanted to follow up and confirm we have 9.1(5)12 running on the devices.  A note in the bug report suggest a possible ip6 address is associated in some way.  I want to also point out the devices have only ipv4 address assigned.
  Anyone that can confirm this functionality would be greatly appreciated.
  Thanks!

• Activate SSL with OpenSSL Self-Signed Cert

  Dear Expert,
  Anyone can give me guidance on how to activate and create ssl cert in Java IM using openssl self-signed cert.
  thanks

  Here how I make it work. Some of the tips is from jay in this forum
  Instant Messaging with SSL
  Let say I have Messaging, Directory, IM server in 1 box.
  Let's create a cert
  # cd /etc/opt/SUNWiim/default/config/
  a) Sun [TM] ONE Messaging Server 6.1 and Sun [TM] ONE Directory Server 5.2 were installed from JES2 on the same box
  b) The server_root directory for Directory Server is the default: /var/opt/mps/serverroot
  c) The server_root directory for Messaging Server is also the default: /opt/SUNWmsgsr
  1. Login to the console and do a Certificate Request
  a) cd /var/opt/mps/serverroot
  b) ./startconsole &
  c) Login to the main console as "cn=Directory Manager"
  d) Select and open the "Messaging Server" console
  e) Highlight the tab called "Tasks" at the top
  f) Select "Manage Certificates"
  g) Console will ask for a password for the security database. Please enter a password twice and make sure that you remember it. This will create the following two files under "/var/opt/mps/serverroot/alias" directory:
  -rw------- 1 mailsrv other 65536 Aug 12 13:57 msg-config-cert8.db
  -rw------- 1 mailsrv other 32768 Aug 12 13:57 msg-config-key3.db
  NOTE: Please make sure that:
  - either the owner of the files is the messaging server user ( mailsrv in this case ),
  -or the permission is appropriate for the mail server user to at least read it.
  h) Once you reach the "Manage Certificate" window, please make a "Certificate Request" by filing up the appropriate questions
  i) Once you are done, you get a CSR , which looks something like this:
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBszCCARwCAQAwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWE x
  DzANBgNVBAcTBm5ld2FyazEMMAoGA1UEChMDc21pMQ0wCwYDVQQLEwRhdGFjMSEw
  HwYDVQQ DExhwb3BleWUuYXRhYy5lYmF5LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEB
  BQADgY0AMIGJAoGBALF eXVTFDj/1eONPzV/dAZ0dBKdstl+u+L/DTdw1sCXXOdNG
  MzYeTUu9g/g0dXL/bniF31M0OkoW+6O 5mshySv/KXS9QcoPngSKS6wuL8kNlYKQR
  Dw97WCS1uaqubAK/kir4hDmL7X9Rf29EFHDSFOWjeOJ /M7aqFWCfR5sTeSIFAgMB
  AAGgADANBgkqhkiG9w0BAQQFAAOBgQCeYwptiL/j7Bcs0DtGYiOlMMs utezF1COC
  4+wHt/p+LtQkvQWBoXisqN6YlGfZPXOCdUyA+RwU7BxjX9IQLP+9HLHfQyLzvCKb
  boKKpjIc8Ci+tmibM5QkgTxu4L7yeCR/PiplgVPttHNT2Qr9cxHLLBvIO6N1GOE8
  VBoq0pC5SA= =
  -----END NEW CERTIFICATE REQUEST-----
  Please maintain and preserve this CSR , since you will be sending it to the Certificate Authority ( CA ) so they can issue you a Certificate
  # openssl genrsa -des3 -out ca.key 4096
  # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
  # openssl x509 -req -days 3650 -in file.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-cert.crt
  # cp -p /var/opt/mps/serverroot/alias/msg-config-key3.db key3.db
  # cp -p /var/opt/mps/serverroot/alias/msg-config-cert8.db cert8.db
  # cp -p /var/opt/mps/serverroot/alias/secmod.db .
  # cat sslpassword.conf
  Internal (Software) Token:password
  # cat /etc/opt/SUNWiim/default/config/iim.conf
  iim.comm.modules = "iim_server,iim_mux,iim_wd"
  iim.smtpserver = "www.esuria.com.bn"
  iim.instancedir = "/opt/SUNWiim"
  iim.instancevardir = "/var/opt/SUNWiim/default"
  iim.user = "root"
  iim.group = "root"
  iim.config.version = "1.1"
  iim_ldap.host = "www.esuria.com.bn:389"
  iim_ldap.searchbase = "o=esuria.com.bn,dc=esuria,dc=com,dc=bn"
  iim_ldap.loginfilter = "(&(objectclass=inetorgperson)(uid={0}))"
  iim_ldap.usergroupbyidsearchfilter = "(|(&(objectclass=groupofuniquenames)(dn={0
  }))(&(objectclass=inetorgperson)(uid={0})))"
  iim_ldap.usergroupbynamesearchfilter = "(|(&(objectclass=groupofuniquenames)(cn=
  {0}))(&(objectclass=inetorgperson)(cn={0})))"
  iim_ldap.allowwildcardinuid = "False"
  iim_ldap.userclass = "inetOrgPerson"
  iim_ldap.groupclass = "groupOfUniqueNames"
  iim_ldap.groupbrowsefilter = "(objectclass=groupofuniquenames)"
  iim_ldap.searchlimit = "40"
  iim_ldap.userdisplay = "cn"
  iim_ldap.groupdisplay = "cn"
  iim_ldap.useruidattr = "uid"
  iim_ldap.groupmemberattr = "uniquemember"
  iim_ldap.usermailattr = "mail"
  iim_ldap.resynctime = "720"
  iim_ldap.usergroupbinddn = "cn=Directory Manager"
  iim_ldap.usergroupbindcred = "password"
  iim_ldap.useidentityadmin = "false"
  iim.log.iim_server.severity = "INFO"
  iim.log.iim_mux.severity = "ERROR"
  iim.log.iim_wd.severity = "ERROR"
  iim_server.domainname = "esuria.com.bn"
  iim_server.useport = "True"
  iim_server.port = "5269"
  iim_server.usesslport = "False"
  iim_server.sslport = "5223"
  iim_server.enable = "True"
  iim_server.clienttimeout = "15"
  iim_server.usesso = "0"
  iim.policy.modules = "iim_ldap"
  iim.userprops.store = "file"
  iim_mux.listenport = "www.esuria.com.bn:5222"
  iim_mux.serverport = "www.esuria.com.bn:45222"
  iim_mux.enable = "true"
  iim_mux.numinstances = "2"
  iim_mux.maxthreads = "10"
  iim_mux.maxsessions = "1000"
  iim_mux.usessl = "on"
  iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
  iim_mux.keydbprefix =
  iim_mux.certdbprefix =
  iim_mux.secmodfile = "secmod.db"
  iim_mux.certnickname = "server-cert"
  iim_mux.keystorepasswordfile = "sslpassword.conf"
  iim_wd.enable = "true"
  iim_wd.period = "300"
  iim_wd.maxRetries = "10"
  -open http://www.esuria.com.bn/im/en/im.jnlp
  -click More Detail and enable Use SSL

• Can't access IBM mainframe 3270 session via SSL self-signed cert.

  Can't access IBM mainframe 3270 session via SSL self-signed cert since sometime last week. Using Mochasoft tn3270 lite on android works fine but iPad ios7 says "IBM mainframe has closed the session".  Any clues would be appreciated.

  I'm thinking the problem may be the IBM cert is 1024 bit. Investigating choices to implement 2048 bit cert into IBM.

• Are Local Self Signed Certificates Supported for Exch 2010

  Hello,
  We have Exch 2010 and CUP 8.6.2.
  Trying to find out if local self signed certificate (without signed by internal or external CA) are supported?
  Thanks
  James

  Never mind. I figured it out.
  First of all, my Xserve certificate did not have the full FQDN, just a convenient subset. I created another self-signed cert with the true FQDN. I saw some hints around the web saying that Mail.app will always complain if the DN does not match.
  Second, it turns out that Keychain Access is where the local certs live, and in Tiger I needed to drag the cert to my Desktop, open it, and store it in the x509 section.
  All is good. Now to see how my iPhone likes the new certs...

• Two Solution Engines Sharing a single, common Self Signed Cert

  Does anyone know if it possible to have 2 solution Engines sharing a single, common self signed certificate generated by one of the Solution Engines? I have a certificate, actually two, that are about to expire. I am trying simplify the distribution and management by having just one certificate.

  This is the process to share SSL certs:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0c933
  But why do you want to do this anyway? They are self-signed certs anyway, you can generate them for as long as you like. Are you using it for some sort of end-user security like Wireless Encryption, NAC etc.?
  Regards
  Farrukh

• Activate https webmail using openssl self-signed cert

  Dear expert,
  Anyone can give me guidance on how to create and activate https webmail, pops using openssl self-signed cert
  thanks

  Thanks jay for your rocket respond
  I make it work after following your guide and follow this link:
  http://swforum.sun.com/jive/thread.jspa?forumID=16&threadID=52981
  Basically the csr created in mail startconsole, I self signed using openssl.
  One more question, can I use the same cert to enable ssl in ldap encryption tab in ldap console.
  thanks

• OWA using self signed cert

  I have a customer that just bought a blackberry, and I have other customers that use them via OWA for email. Those customers have a Cert from verisign, and use ssl for the owa site.  This latest customer uses SSL, however, it is a self-signed cert.  This isn't a problem for WM5 devices, since I can install the cert on them... but how will this effect this blackberry I want to put in place.
  My understanding is that blackberry contacts my OWA, and then pushes the email it gets to the device.
  not using SSL is not an option.
  Will blackberry still connect to the OWA site even though the cert will show as untrusted for them? 

  Regardless of whether the Cert is trusted or not. When entering the server information ensure you are using the full https:// owa address and it should work fine.

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

  In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
  on this computer" and un-checked "Use simple certificate selection".
  My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
  client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
  drop down.
  Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
  TIA,
  -Rick

  Hi Rick,
  Thank you for your patience.
  According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
  know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• Self signed cert in safari 4 and windows xp

  Hello there,
  in our company wi have an self signed certificate for testing purposes. over an automatic testing cenario will be tested an application with various browsers. safari under windows brings now an problem and does not accept the self signed cert. the running steps terminating at this point. importing in windows cert store is not helpful.
  has any one an solution to make this cert working with safari and windows? or exist an solution to disable the cert check in safari it self.
  thanks
  greetings
  vito21

  Hello Mick,
  sorry to be late, but may help someone other :)
  Setting:
  NumberFormat currencyFormat = NumberFormat.getCurrencyInstance();and:
  String value = currencyFormat.format(valToDisplay);you can now use value in any component and its view is correct.
  For some objects like files you also need to set the right charset (i.e. the one support the symbol you need).
  For the euro symbol try "windows-1250" as charset.
  Bye