No longer able to open some self-signed certificate website. One example is HP CommandView is no longer work.
Before upgrading to version 31, I was able to access HP CommandView website. Now, I am getting this error when I trying to access the site:
Secure Connection Failed
An error occurred during a connection to fppwcpstrg01:2374. Certificate key usage inadequate for attempted operation. (Error code: sec_error_inadequate_key_usage)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
So, I have to use IE to access it.
This is fixed in version 35, [https://bugzilla.mozilla.org/show_bug.cgi?id=1057123] Try Nightly, though it is the bleeding edge of development and is updated "nightly" [https://nightly.mozilla.org/]
Similar Messages
-
How to Increase ACS self signed certificate.
I'm using ACS 4.0 for Windows.
How can I increase the validity of a self signed certificate from one year to more years?
Thanks.
Andrea.It is not possible to extend it. You have to re-issue the cert every year. You can either buy a certificate or setup your own CA to extend the time.
-
Problem: this mac is not reading an excell file after upgrading to yosemite. My Mac is from 2009, it use to work perfectly but it wasn´t able to open some apps, thats why i upgrade it. Now it once i donwload the zip it appears with an ".ods" extension
i even already download a link
http://www.microsoft.com/en-us/download/confirmation.aspx?id=44026
which i read on another support page... but it doesnt allowed me to install it cause it says that i already have the disk of this program....
Im afraid to erase it and not being able to get it back...
What can i do!??
Thanks in advance for this kind answer!!!fsolution wrote:
Problem: this mac is not reading an excell file after upgrading to yosemite... Now it once i donwload the zip it appears with an ".ods" extension...
If the "it" refers to a compressed (zipped) spreadsheet that you downloaded, the ".ods" extension is used by LibreOffice and probably OpenOffice (which are free versions of MS Office) for spreadsheets, which would suggest that wherever you're getting that "Excel" file from has switched to one of those programs. I've tried opening an .ods file from LibreOffice using MS Office 2013 for Windows and it does open though with a warning that some things have been changed. I don't know if Office for Mac can normally open .ods files. But if your need is to just open .ods files, take a look at LibreOffice. -
Cannot accept self-signed certificate on some machines
I'm trying to connect to a certain server that uses a self-signed certificate - the admin thinks that's safer than accepting thousands of unknown intermediate CAs, and he has a point; witness the Certificate Patrol add-on.
When I try from some client machines with various OS, FireFox versions etc., it works. I can accept the certificate permanently.
But on at least 3 machines, I get an error message "unable to obtain identification status for the given site", and I cannot confirm an exception and get to the site at all.
2 of those machines have FF 10.0.4. But on another machine with FF 10.0.4, there is no problem.
On machines where I can store an exception, when I look in the certificate manager, the certificate is marked "(not stored)", and I cannot view it. What does that mean ? A few other certs in the server store are also marked not stored, while most have a certificate name and are viewable, along with one marked "no nickname".The issue seems to revolve around a cached HTTPS redirect when the server certificate has changed. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=767611
The "not stored" issue I realize is due to a permanent excep[tion for a self-signed certificate being stored as a certificate authority, with a placeholder in the servers tab -
Some clients migrated from 2007 is presented with the self signed certificate in 2013
I have migrated from 2007 to 2013. I did a couple of test migrations and on the ones with domain member computers Outlook is giving a certificate warning. The certificate they are presented with is the default self signed certificate on the 2013 server.
Even though I have added a trusted public certificate to Exchange and checked of to use With IIS.
I see that the default certificate is also checked of to use With IIS and it cant be removed in ECS. Shouldnt this be removed from IIS all together when adding a New certificate? And why does some Clients gets presented With the self signed and some With
the Public? For instance owa is presented With the Public cert. Also and Outlook I tested from outside the domain.
RegardsOnly the UCC certificate should be bound to IIS.
Are any clients using POP or IMAP, which also use SMTP? In this case clients can be presented with the "wrong" certificate as well.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Step by Step Instructions for Installing Self Signed Certificate using Certificate Modification Tool
I am looking for some step by step instructions for installing the self signed certificate from my Microsoft SBS 2003 server on a Treo 755p and 750p. In particular I need some help with the form of the actual certificate and how to use the Certificate Modification tool.
Some questions I have are as follows:
1. When I install the certificate on a Windows Mobile device I used an exported version of the certificate. This export is done using the DER x.509 format. Is that the same form I’ll need for the Palm? Do I need some other form? Can/should I just use sbscert.cer file that is generated when SBS is configured?
2. Does the self signed cert need to be installed on the computer being used to update the Palm or do we just need to be able to access the appropriate .CER file?
3. There are three things included in the PalmCertificatesTool.zip file:
Trusted CAs (folder)
Cert2pdb.exe
PalmCertificates.exe
How do I use these tools?
4. It looks like the PalmCertificates.exe file opens an interface that will allow me to browse to the desired .CER file. Then I suppose I use the < Generate PDB > to create something that needs to then be uploaded to the Palm device? Not having any real experience with a Palm device how do I upload and install this file?
5. Once uploaded do I do something on the device to install it?
If there is some white paper that provides step by step instructions on doing this that would be great.
Thanks,
Walt Bell
Post relates to: Treo 755p (Verizon)
Post relates to: Treo 755p (Verizon)Thanks for that.
I have one question after reading the article 43375:
The article has you "Turn of AutoSync" and then "Reset the device". It then indicates the device should be left idle.
The next step relates to running the PalmCertificates.exe, navigate to the certificate file and add it and then run the < Generate PDB > button. Should the device be connected to the computer during this process? If so, at what point after the reset do you connect it to the computer?
Thanks!
Post relates to: Treo 755p (Verizon) -
Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]
SCCM 2012 has been successfully installed on the server:
SRVSCCM.
The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
The cluster service is running on the account: sqlclusteruser
The account has the appropriate SPN are registered:
setspn -L domain\sqlclusteruser
Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
MSSQLSvc/CLS-SQL4
MSSQLSvc/CLS-SQL4.domain.local
MSSQLSvc/CLS-SQL4:11434
MSSQLSvc/CLS-SQL4.domain.local:11434
After some time on the cluster hosts every day started appearing new folders with files inside:
srvboot.exe
srvboot.ini
srvboot.log
srvboot.log contains the following information:
SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
Copyright (C) 2011 Microsoft Corp.
Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
Failed to retrieve SQL Server service account.
Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
Disconnecting from Site Server.
SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
Without successfull bootstrap the siteserver backup is not able to run successfully.
Try grant everyone the read permisson on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
This worked for me.
After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER" -
Mail App Not Working with Self-Signed Certificates
First and foremost, I apologise for starting another thread that is 90% similar to others but I wanted to avoid falling into an existing context. Like may others, I am having issues with the Mail App in Mavericks but I have an email account other than G-Mail.
That being said, here is the issue I am having. Until recently I never had an issue sending and receiving email from various accounted. My Internet provider, an Exchange account, even a G-Mail account.
Yesterday, my Web hosting provider issued a new (self-signed) certificate as the old one had expired (which was also a self-signed certificate). While I am able to still receive messages, I am no longer able to send any.
I have tried numberous possible solutions to no avail. I have removed and readded my email account, I have refreshed my SMTP settings, I have removed all semblence of the account from my Key Chain, added the Certificate manually with full trust, and I have even flushed the caches from my ~/Library/ folder. The last one perked up the Mail App but did not restore my ability to send messages from my Web provider's SMTP server.
I suspect this is a bug in the Mail App but I'm hoping I can find a few last solutions before I file a bug report.
In the meantime, I am using another outgoing server from my Internet provider. It will do but for consistency I'd much rather use the outgoing server that came with the email account in question.
I am all but convinced it is the Mail App as Thunderbird is able to use the SMTP server just fine and I am still able to send messages using the exact same settings on my iPhone and iPad.
In case it helps, I am using a Early 2011 MacBook Pro with the latest Mavericks update (which ironically was meant to solve some issues other users had with the Mail App).
On a related note, I wish I had stayed on Snow Leopard. I did not have a single issue with that OS. Now I feel like I am working on Windows Vista again and I am waiting for the Apple version of Windows 7 to set things right.MrsCDS wrote:
I am using an iPhone 6 plus on iOS 8.1 and suddenly my Yahoo email account will not populate to my Mail app. I have deleted and re-added the account and also re-booted the phone with no luck. I get the spinning wheel up by my Wi-Fi signal that suggests it's attempting to do something, but the bottom of the Inbox only says "Updated Yesterday." Has anyone else experienced this or can someone, especially an Apple employee, tell me how to fix this?
There is no Apple in this user to user technical forum, if you want an Apple employee you would need to take your phone to the Apple store.
What happens when you switch to using cellular data? Does your email update?
FYI - Yahoo email account is notoriously bad, you can try their app. -
Safari on Windows could not accept self-signed certificate
Hi, i am using Safari 5.0.4 on Windows 7 and I am trying to access an https site with a self-signed certificate (internal developing site).
after i install the certificate to the Windows certificate store (i try both Personal store and Trusted Root Certification), when i try to browse the site, Safari asks me to choose a certificate, after i choose it, after a long hang time, Safari displays "Safari can't open the page".
My questions are:
1. Any one has configured safari on windows to accept self-signed certificate successfully?
2. i see some other posts saying "Safari on Windows has bug to use the self-signed certificate", any official document or link saying this if this is true?Microsoft Windows web browser support questions? Try one or more of these resources:
http://technet.microsoft.com/en-us/library/cc747495(WS.10).aspx
http://www.leonmeijer.nl/archive/2008/08/01/123.aspx
http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-ie8-to-acc ept-a-self-signed-certificate
That was from tossing the /internet explorer import self-signed certificate/ query at Google, and some poking around. StackOverflow and Microsoft Technet and the Microsoft KBs have more details on Microsoft platforms and products and permutations, too.
The usual best fix with this stuff is to create your own certificate authority (CA) root certificate and to configure that within your chosen platforms and browsers, but I do not know (off-hand) how to do that on Microsoft Windows boxes. Google or some KB probably has details of loading your own root cert. This approach means loading one cert, and the rest of what you create that's signed from that cert will now automatically be trusted. Basically you become your own CA provider, load your root cert into each of your clients, and then issue your own certs chained from your own root cert, and Bob's Your Uncle. -
Steps to create your own self signed certificate with java plugin working
You need two tools that comes with your jdk which are keytool and jarsigner.
Steps explain below in detail. Don't use netscape signtool, it will NEVER work!
* keytool -genkey -keyalg rsa -alias tstkey -keypass 2br2h2m -dname "cn=Test Object Signing Certificate, o=AI Khalil, ou=Java Products, c=AU"
cn = Certificate name
o = organistation
ou = organistation unit
c = country (first two letters)
If don't put the -dname, you can fill it line by line.
The -keypass has to be verify at the end, and you have to wait for it to create the rsa signing keys.
On NT by default it will put the alias information at D:\WINNT\Profiles\Administrator (if log in as administrator) with the default file called ".keystore". Windows 98 etc, don't know, search for .keystore
file. When you update it, check for the timestamp change and you know if you at the right spot.
You can store your alias information via the -storepass option to your current directory you work on, if you don't want to update the default .keystore file?
The .keystore contains a list of alias so you don't have to do this process again and again.
Another tip if you want your certificate encryption validity to be more than the default one month is simply
add the -validity <valDays>, after the -genkey option, to make your certificate usage for encryption to last much longer.
Note: You MUST use the -keyalg rsa because for starters the rsa encyption alogorthim is supported on ALL browsers instead of the default DSA and the other one SHA. Java plugins must work with the RSA algorthim when signing applets, else you will get all sorts of weird errors :)
Do not use signtool because thats a browser dependant solution!! Java plugin is supposed to work via running it owns jre instead of the browser JVM. So if you going to use netscape signtool, it starts to become a mess! ie certificate will install, but applet won't start and give you funny security exception errors :)
* keytool -export -alias tstkey -file MyTestCert.crt
It will read the alias information in the .keystore information picking up the rsa private/public keys info and
create your self sign certificate. You can double click this certificate to install it? But don't think this step is needed but maybe for IE? Someone else can check that part.
If you make a mistake with the alias, simply keytool -delete -v -alias <your alias key>
If not in default .keystore file, then simply keytool -delete -v -alias <your alias key> -keystore <your keystore filename>
* Put your classes in your jar file, my example is tst.jar.
* jarsigner tst.jar tstkey
Sign your testing jar file with your alias key that supports the RSA encryption alogorthim.
* jarsigner -verify -verbose -certs tst.jar
Check that its been verified.
The last step is the most tricky one. Its to do with having your own CA (Certified Authority) so you don't
have to fork out money straight away to buy a Verisign or Twarte certificate. The CA listing as you see in
netscape browsers under security/signers, is NOT where the plugin looks at. The plugin looks at a file called
CACERTS. Another confusion is that the cacerts file is stored in your jre/lib/security AND also at your
JavaSoft/Jre/<Java version>/lib/security. When you install the Java plugin for the first time in uses your
JavaSoft folder and its the cacerts file that has to be updated you add your own CA, because thats where
the plugin look at, NOT THE BROWSER. Everything about plugin is never to do with the browser!! :)
* keytool -import -file MyTestCert.crt -alias tstkey -keystore "D:\Program Files\JavaSoft\JRE\1.3.1\lib\security/cacerts"
Off course point to your own cacerts file destination.
Password to change it, is "changeit"
Before you do this step make a copy of it in its own directory in case you do something silly.
This example will add a CA with alias of my key called "tstkey" and store to my example destination.
* keytool -list -v -keystore "E:/jdk/jdk1.3/jre/lib/security/cacerts"
List to see if another CA is added with your alias key.
Your html, using Netscape embed and Internet explorer object tags to point to the java plugin,
your own self sign applet certificate should work
Cheers
Abraham KhalilI follow Signed Applet in Plugin, and it's working on
my computer. Thanks
But When I open my applet from another computer on
network, why it does not work ..?
How to make this applet working at another computer
without change the policy file ..?
thanks in advance,
AnomYou must install the certificate on that computers plugin. Can this be done from the web? can anyone suggest a batch file or otherwise that could do this for end users?
I want a way for end users to accept my cert as Root or at least trust my cert so I dont have to buy one. I am not worried about my users refusing to accept my cert. just how do I make it easy for them? IE you can just click the cert from a link, but that installs for IE, and not the plugin where it needs to be. -
How to use self-signed Certificate or No-Check-Certificate in Browser ?
Folks,
Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
[user@localhost bin]$ ./emctl start dbconsole
The command returns the output:
https://localhost.localdomain:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control ... ...
I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
The connection to localhost.localdomain: 1158 cannot be established.
[user@localhost bin]$ ./emctl status dbconsole
The command returns this message: not running.
[user@localhost bin]$ wget https://localhost.localdomain:1158/em
The command returns the output:
10:48:08 https://localhost.localdomain:1158/em
Resolving localhost.localdomain... 127.0.0.1
Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
Self-signed certificate encountered.
To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
Website certified by an Unknown Authority. Examine Certificate...
I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
In Authorities tab, there are a few names as indicated in the above output of wget.
My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
Thanks.Neither problem nor solution do involve Oracle DB
root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
This thread is OFF TOPIC for this forum. -
Problem with placing self-signed certificate in trust store on WLS 10.3
I have had some problems setting up two-way SSL on WLS 10.3.2.
1. I have not been able to use the java properties listed on
http://weblogic-wonders.com/weblogic/2010/11/09/enforce-weblogic-to-use-sun-ssl-implementation-rather-than-certicom/
to use the native Java SSL implementation rather than the certicom. Has anyone else had success using these?
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl
-DUseSunHttpHandler=true
-Dweblogic.wsee.client.ssl.usejdk=true (for webservice clients)
2. When I use the ValidateCertChain to validate my keystore with the self-signed certificate I get the message
CA cert not marked with critical BasicConstraint indicating it is a CA
Certificate chain is invalid
which I read was a problem with certificates generated by keytool, yet I find I was not able to circumvent this
by setting the property weblogic.security.SSL.enforceConstraints to off in the WLS server environment.
Has anyone else noticed this?
3. The error I get is
####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server
<[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1297793541204> <BEA-000000> <Exception during hands
hake, stack trace follows
java.lang.NullPointerException
at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.findInTrusted_Validity(Unknown Source)
####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tunin
g)'> <<WLS Kernel>> <> <> <1297793541207> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
Are there other conditions besides the issue about the missing Basic Constraint field that can raise an
alert with type 40?
4. Steps I used to generate jks keystore for inclusion in trust keystore (actual values substituted):
** keytool -genkey -alias mykey -keystore mykeystore -validity 35600 \
-dname "cn=Common Name, ou=Common Name, o=Org, l=location, s=state, c=US" \
-storepass mypass -keypass mypass
** exported a DER format head certificate of mykey into mykey.cer.der
** keytool -import -trustcacerts -keystore DemoTrust.jks -alias mykey -file mykey.cer.der
Any comments appreciated and thanks for this forum.Faisal,
Certicom has an internal restriction that a Date must be notBefore 1970 and notAfter 2105 inclusive.The Java-generated key is valid until Wed Mar 14 11:03:59 EDT 2108. Your knowledge of this area is
quite impressive, thank you so much for this! -
How do we create self-signed certificate using java packages
Hi All,
I require some information on creating self-signed certificate using java packages.
The java.security.cert.* package allows you to read Certificates from an existing store or a file etc. but there is no way to generate one afresh. See CertificateFactory and Certificate classes. Even after loading a certificate you cannot regenerate some of its fields to embed the new public key – and hence regenerate the fingerprints etc. – and mention a new DN. Essentially, I see no way from java to self-sign a certificate that embeds a public key that I have already generated.
I want to do the equivalent of ‘keytool –selfcert’ from java code. Please note that I am not trying to do this by using the keytool command line option – it is always a bad choice to execute external process from the java code – but if no other ways are found then I have to fall back on it.
Regards,
ChandraI require some information on creating self-signed certificate using java packages. Its not possible because JCE/JCA doesn't have implementation of X509Certificate. For that you have to use any other JCE Provider e.g. BouncyCastle, IAIK, Assembla and etc.
I'm giving you sample code for producing self-signed certificate using IAIK JCE. Note that IAIK JCE is not free. But you can use BouncyCastle its open source and free.
**Generating and Initialising the Public and Private Keys*/
public KeyPair generateKeys() throws Exception
//1 - Key Pair Generated [Public and Private Key]
m_objkeypairgen = KeyPairGenerator.getInstance("RSA");
m_objkeypair = m_objkeypairgen.generateKeyPair();
System.out.println("Key Pair Generated....");
//Returns Both Keys [Public and Private]*/
return m_objkeypair;
/**Generating and Initialising the Self Signed Certificate*/
public X509Certificate generateSSCert() throws Exception
//Creates Instance of X509 Certificate
m_objX509 = new X509Certificate();
//Creatting Calender Instance
GregorianCalendar obj_date = new GregorianCalendar();
Name obj_issuer = new Name();
obj_issuer.addRDN(ObjectID.country, "CountryName");
obj_issuer.addRDN(ObjectID.organization ,"CompanyName");
obj_issuer.addRDN(ObjectID.organizationalUnit ,"Deptt");
obj_issuer.addRDN(ObjectID.commonName ,"Valid CA Name");
//Self Signed Certificate
m_objX509.setIssuerDN(obj_issuer); // Sets Issuer Info:
m_objX509.setSubjectDN(obj_issuer); // Sets Subjects Info:
m_objX509.setSerialNumber(BigInteger.valueOf(0x1234L));
m_objX509.setPublicKey(m_objkeypair.getPublic());// Sets Public Key
m_objX509.setValidNotBefore(obj_date.getTime()); //Sets Starting Date
obj_date.add(Calendar.MONTH, 6); //Extending the Date [Cert Validation Period (6-Months)]
m_objX509.setValidNotAfter(obj_date.getTime()); //Sets Ending Date [Expiration Date]
//Signing Certificate With SHA-1 and RSA
m_objX509.sign(AlgorithmID.sha1WithRSAEncryption, m_objkeypair.getPrivate()); // JCE doesn't have that specific implementation so that why we need any //other provider e.g. BouncyCastle, IAIK and etc.
System.out.println("Start Certificate....................................");
System.out.println(m_objX509.toString());
System.out.println("End Certificate......................................");
//Returns Self Signed Certificate.
return m_objX509;
//**************************************************************** -
Need to import self-signed certificate?
I'm in the process of migrating an applet to 1.3.1_03. The latest problem I've run into is the change in security between 1.2.2 and some version of 1.3, in that, apparently, I have to import a self-signed certificate into cacerts for our intranet applet to work.
Is this still true for 1.3.1_03? If so, is there an easy way to do this from the client perspective (e.g. some batch file that can be run to handle this)? I've seen quite a few other posts surrounding this topic, but it's difficult to keep track of what's current.
Does 1.4 remove this issue (just curious... we're not planning to go to 1.4)?
Thanks,
Van WilliamsWhat I've done is to import the certificate into a keystore on the web server. I also have the policy file (also on the web server) pointing to this keystore. This works fine, as long as either one of the following is true:
1) the java.security file on the client has a policy.url entry thta points to the policy file on the web server
2) The runtime parameters for the plug-in specify the policy file on the web server (e.g. -Djava.security.manager -Djava.security.policy={location of policy file on web server})
I'm trying to figure out a way to not have an automated procedure change the java.security file on the client (though I'll use this approach if needed). I also don't want to change the runtime parms on the plug-in (will affect other applets). If there is a way to specify this in the HTML for my applet, that would be perfect. Any ideas (will be posting this as a separate thread).
Thanks,
Van Williams -
Scenario:
Windows Server 2012 R2 Essentials
I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
So far so good.
The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local instead of the SSL Certificate I installed, which is
remote.acmedomain.com
If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?Because....
the server does not have a 'trusted' certificate assigned to it.
Only the RDP Gateway has the trusted certificate for the external name.
If you want to remove that error, you have to do one of the following:
Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
So, something like,
server.domain.publicdomain.com
Or,
Install that certificate on your remote computer so it is trusted.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+
Maybe you are looking for
-
Fiscal year change not yet made for company code
1. We have opened new company and enter data from FY 2009. All posting has happened properly, but when we are trying to see report S_ALR_87011963 we are facing following problem. We have already check everything on SDN and followed, but our problem s
-
SAP Printer migration from AIX to windows
Dear Experts, We migrated our ECC from AIX to Windows. We want to migrate printers from AIX to windows. Do we have to create queues from scratch in SPAD? Can we use existing queues in SPAD? Please guide what all steps are required. Your help will be
-
Here's the error summary: Exit Code: 6 See error summary below: I installed the Visual C++ 2008 redis pkg from Microsoft site (both x86&x64) then tried reinstalling and after 2 hours the very error and nothing installed!!! VERY FRUSTRATING... Please
-
C310A works like a CHARM on my network
I know a lot of people complain in these forums or ask for help, but this is a different append. In the past I had purchased a C309a. It was a disaster. Our home network was a W7 (64 bit) machine, 2 XP's (32 bit), one a Pro and the other a Media Cent
-
Javax.management.ReflectionException: The operation with name getMBeanInfo
Hi, I am getting expcetion while restarting the service deployed as ear under user instance in oc4j application server 10.1.3. Deployment of EAR is succussfully completed. It throws exception while restarting that service. Logs after deployment(under