Portal Certificate Expired with NO VA running!!!

Similar Messages

• SSL Re-encryption with Portal and Web Dispatcher: certificate expired

  Hello,
  I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
  - is it correct that it uses localhost or am I missing anything?
  - How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
  Thanks,
  Ingrid

  Hi,
  Go thru the contents of SAP Note,
  685306 -Enabling SSL and renewing the J2EE certificate
  And also the help contents in,
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  These might of some help to you !
  Regards
  Srinivasan T

• FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired

  FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired
  Why is this?

  Thanks.  That worked!   Back in the sunshine again
  The message is as seen below : "signature is timestamped but TS has expired"
  I am assuming this is the right message.  If not, do respond.

• Cannot delete expired portal certificate

  Hi
  I'm having problems deleting an expired portal certificate in STRUST. I tried exporting it and then reimporting it but still I wasn't able to delete it. When I try to delete it, i always get a generic error. Any insights? Thanks.
  Shery

  Problem solved.
  The rename operation of the copy of datafile was recorded in the controlfile, hence renamed also the recorded datafile copy in the rman repository.
  The key was to simply use the RMAN switch command again.
  RMAN> switch datafile '+DATA/orcl/datafile/example.269.730723991' to copy.
  After that, deleting the copy in RMAN worked.
  The RMAN switch command is obviously a 2-way toggle command, e.g.:
  RMAN> backup as copy datafile 5;
  input datafile file number=00005 name=+DATA/orcl/datafile/example.272.736664147
  output file name=/u02/fra/ORCL/datafile/o1_mf_example_6hg6xo8p_.dbf
  RMAN> switch datafile 5 to copy;
  datafile 5 switched to datafile copy "/u02/fra/ORCL/datafile/o1_mf_example_6hg6xo8p_.dbf"
  RMAN> switch datafile 5 to copy;
  datafile 5 switched to datafile copy "+DATA/orcl/datafile/example.272.736664147"

• If I've installed an app from the app store and the author's distribution certificate expires, my app will still run or not? Thanks a lot.

  If I've installed an app from the app store and the author's distribution certificate expires, my app will still run in my device or not?
  For example in the case that the author won't renew the certificate itself, i guess his app will be removed from the app store; but what happens to the apps installed in the devices?
  Thanks a lot.

  The author's certificate is only used to authenticate the author when the app is uploaded to the app store.
  The app is then signed by Apple before being added to the app store.
  Nothing will happen to your app except you won't get any updates.
  Evertually, iOS upgrades could stop the app from working if you upgrade iOS beyond what the app supports.

• ISE - What happens when the on-boarded certificate expires?

  I'm trying to design a good BYOD deployment model but have a few questions that need direct answers.  I have down how to go about on-boarding and getting a certificate on a device, the ISE provides great flow for this to happen in many ways.  My questions come from a design perspective before and after the BYOD deployment is completed.
  1. Figuring out a method to validate the device is a Corporate asset or a BYOD asset.
       (I don't want to install a certificate on just any device, or perhaps I do but I need to give permissions to all resources if its a Corporate Device, and more resitrictions if it's BYOD, so how do I figure this out during the provisioning phase?)
       a. Use MDM (May not have one, or if you do we are still waiting on ISE 1.2 for that integration)
       b. Build a Group for provisioning admins, if user PEAP-MSCHAPv2 account is from this group install a certificate. (issue here is that the end user looses administration of the device in the my device portal as the device is now registered to the provisioning admin)
       c. Pre-populate MAC into ISE as all Corporate devices should be provisioned by I.T. before they go to the end user (I think this is good but can see push back from customers as they don't want to add more time to the process)
       d. Certs on any IOS or Android device, provide access based on user group and do not worry if device is Company asset or not (I believe that this is the easiest solution and seems to be what I find in the guides)
       e. Other options I have not thought about, would love input from the crowd
  2. What happens to the device once the Certificate expires?
       (I don't know the answer to this, my thought would be the user or device will fail during the authentication policy and this creates a mess)
       a. Tell the user to delete the profile so they can start all over again (creates help desk calls and frustrated users)
       b. Use MDM for Cert management (may not have one)
       c. Perhaps the client uses SCEP to renew based on the cert template renew policy and there are no issues (this is me wishing)
  Would appreciate some feed back and would like to know if anyone has run into these issues.                   

  Neno,
  Sorry but I don't have any other info on using a public CA, Cisco says to use internal CA's for PKI.  I think the best practice in 1.2 comes out will be to use one interface for Web Management and a different interface for Radius, profiling, posture, and on boarding.  This way you can use your private CA for EAP and a public CA for web traffic.  Have you tried a public CA bound to management and a private CA for EAP yet?
  I did do a session on EAP-TEAP, they explained how it will work and also discussed EAP-FASTv2.  EAP-FASTv2 is available now but you must use anyconnect as your supplicant.  Microsoft and all other vendors will have EAP-TEAP native once it is fully released and comissioned as it will be the new gold standard for EAP.  It will support TLS, MD5, and CHAPv2.  If you are interested I have the PDF of the presentation I attended that shows the flow of how EAP-TEAP will work.  This is much better than wasMachineAuthenticated and machine auth caching, which has many down falls.
  I currently do machine and user auth I just don't require them.  If Machine auth then allow machine on vlan-x with access to AD, DNS, and blah blah.  Then a seperate rule to say user auth gets more access, although I require EAP-TLS for both and if you think about it you are accomplishing the same thing if your PKI is setup correctly.  Make it so users and machines can only auto enroll, that way you know the only way they got their cert was from GPO policy.  I won't go into anymore detail, but there is lots you can do.

• Code Signing certificate expired

  Hello,
  I please need an information about SGDEE 4.1 login applet: it seems
  applet code signing certificate was expired on September 2, 2005.
  I have no problem (after I deleted all expired root certificates from
  local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
  always prompt me a warning with this contents:
  Serial:     
  [62374265099632433790334794162326322759]
  Issuer:
  N=VeriSign Class 3 Code Signing 2001 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)01,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc."
  Valid From: Wed Sep 01 02:00:00 CEST 2004,
  To: Fri Sep 02 01:59:59 CEST 2005
  Subject:
  CN="Tarantella, Inc.",
  OU=Digital ID Class 3 - Netscape Object Signing,
  O="Tarantella, Inc.",
  L=Santa Cruz,
  ST=California,
  C=US
  Thank you very much in advance,
  Best Regards,
  Valerio Morozzo

  I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
  But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
  'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
  On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
  I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
  I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
  I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
  Any ideas? Or somebody having the same issue?
  Thanks

• Asa ssh/vnc plugins digital certificates expired

  Hi,
  we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
  We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
  (ssh-plugin.08030, vnc-plugin.080130).
  Are newer ones available?
  Thanks
  Dorothea

  BTW this could be of help:
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
  You probably want to install a code signer certificate.
  While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

• Have come full circle---k9-4235 server(https) certificate expired

  Ok i have been running k94235's and idsm2's for a couple years and when I was munking around with a sig on one of the k9-4235 i discovered that the server certificate expired this past sat...When I tried to create a new sensor in IEV it gave the error "connection handshake failure"....
  where/how do I get/make a new server certificate for https sessions on k9-4235, is the latest and greatest
  sysinfo
  Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S178
  MainApp 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  AnalysisEngine 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Authentication 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  Logger 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  NetworkAccess 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  TransactionSource 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running
  WebServer 2004_Dec_17_16.03 (Eng4f) 2004-12-17T15:41:15-0600Running

  You can try removing the expired certificate from the sensor by logging into the sensor's CLI and entering the following commands:
  sensor# configure terminal
  sensor(config)# no tls trusted-host ip-address 10.1.2.3
  Next, tell the sensor to trust 10.1.2.3:
  sensor(config)# tls trusted-host ip-address 10.1.2.3

• Certificate expired

  Hello,
  I have a problem on a linux ZLM server.
  My certificate seems to be expired. Through the web interface I cannot loggin to the zlm server.
  The error I receive in my browser :
  Error: The LDAP server ("ldap://zlm01.roj.just.fgov.be:10636") appears to be down. Make sure ndsd is running on the server.
  everything is running.
  In the logs I see something of certificate expired .
  To test I changed the date of my server an after this I could login without any problems.
  Any Ideas ??
  Thanks
  Erik Vandenputte.

  On Tue, 14 Sep 2010 09:06:03 +0000, vdpuerik wrote:
  > Is there no commandline way to do this on the linuxserver itself ?
  If you are not familiar with the edirectory administration it is better
  to use console one. There is a command that might fix it but that also
  changes a few things in the edirectory configuration and then it must be
  configured back that further ZLM updates will not have problems with it.
  Therefor use consoleone, it's not that complicated.
  I guide you through:
  1. start consoleone, if no login window appears, click on the tree symbol
  user name: admin
  password: <the password of the ZLM Administrator>
  tree: the full dns name of the zlm server or the ip address of it
  context: system
  -> then login, if that doesn't work you can also try to just enter "\
  \<zlm server ip address>" in start / run. Then the novell client would
  open a login box and you can use the same data as above
  2. on the left side expand the TREE entry
  3. select the system below and notice that you see on the right side
  certificates called:
  SSL CertificateIP
  SSL CertificateDNS
  IP AG <xx.xx.xx.xx>
  DNS AG <full dns name>
  Those certificate were created during the ZLM server installation and
  were valid for two years. You do not need to touch them, you can create
  another one beside. That step is described in the cool solution article I
  posted before. Create anew certificate which is valid for 5 years assign
  it to the zlm server and restart the zlm services and everything should
  be back.
  Rainer

• AnyConnect certificate expiration prompt

  Does anyone use the feature where AnyConnect will notify the user when their certificate is expiring with X days?  The Admin guide for anyconnect 2.5 says it's supported but we have not been able to get it to work.  I have tried every version from 2.5.2014 to 2.5.3055 without any luck.  I then tried 3.0.4235 and it worked.  Is there anything special that needs to be done with anyconnect 2.5 or is this a known bug?

  Hi,
  I went Transaction RZ20 -> SAP CCMS Technical Expert Monitors -> System / All Monitoring Segments / All Monitoring Contexts -> hostname where java is running,but i am not getting services -->keystore.
  how I can add this.I want alert for abap certificate.
  Also suggest to configure these alerts:
  1.sld start stop
  2.rfc connection
  3.Idocs queue stuck
  4.system start stop
  Thanks,
  Prabhat misra

• Monitoring pending certificate expirations

  We have a number of public web sites that use certificates and we'd like to use SCOM to provide warnings about pending certificate expirations.     Is there a certficate services management pack, or a monitor or rule in an existing pack (like the IIS or windows OS packs) that will tell us when a given certificate is about to expire? 

  Shajeer,
  The only way to really do this is to query the local certificate store on each server.    This is possible with powershell,  but you must have powershell installed on any server that you wish to monitor.  (I believe it's there by default for Win2k8, but you'll need to install it on Win2k3 servers). 
  Here's a power shell script that will query the local computer store and perform date arithmatic to determine if any resident certs will expire in 30 days or less.   If any are found, then it will call the eventcreate utility that's native to windows to generate an eventID number 989.      You can then create a monitor that checks for this event ID.      But first you'll need to run this script on a periodic basis, which you can do by creating a Timed Event rule.     Unfortunately, the timed event rules let you either run a VBS script or an OS command, but not a powershell script.  So we have to use the OS command option to run powershell.    The OS command you would run is     powershell.exe -file  certtest.ps1           This causes some additional complications because the contents of the script below would have to be placed into a file called certtest.ps1, and then this file would have to be distributed to a common directory on any server you want to monitor.      You could alternatively use the Task Scheduler service on each machine to run this script periodically, but that get tedious in large environments.  
  Of course, you could always write a .vbs script and then you could put the script logic directly in the rule,  but I'm not much of a VB programmer.      
  *** Start of Script ***
  $currentdate = get-date
  $certabouttoexpire = "false"
  cd cert:\localmachine\my
  $certstoredate = gci | % {$_.GetExpirationDateString()}
  foreach($x in $certstoredate)
          $certdate = get-date "$x"
          $daysremaining = ($certdate - $currentdate).days
          if ($daysremaining -lt 30)
               $CertAboutToExpire = "True"
  if ($certabouttoexpire -eq "True") {eventcreate /L System /T Warning /SO CertWarning /id 989 /D "A Certificate on this system will expire in 30 days or less.  Use the Certificates MMC snapin on this machine to identify the certificate"}
  *** End Of Script ***

• Error "Certificate expired" when trying to install...

  I keep getting error "Certificate expired" while trying to install Skype on my phone.
  The phone is Nokia E52 running Symbian S60 3.2.
  The software I try to install is Skype for Symbian 1.50(12) that I download from Nokia Store (size 3,91 MB).
  Certificate details:
  Issuer: Symbian CA I
  Subject: Skype Technology SARL
  Valid from: 02/12/2010
  Valid until: 02/12/2020
  Is there anything I should do about my phone settings to install Skype?

  Presumably exactly the same version directly from Skype? skype.com/go/getskype-symbian-s60-3 filename: Skype_S60_3_0_v_1_5_0_12.sisx
  Happy to have helped forum in a small way with a Support Ratio = 37.0

• Enterprise Distribution Certificate Expires

  Hi!
  We are developing an Enterprise applications.
  Our Distribution Certificate should expire at 30/12/2011.
  In "Distributing Enterprise Apps for iOS 4 Devices" I've found this sentence:
  "An app will not run if the distribution certificate has expired. Currently, distribution certificates are valid for one year. A few weeks before your certificate expires, request a new distribution certificate from the iOS Dev Center, use it to create new distribution provisioning profiles, and then recompile and distribute the updated apps to your users."
  So, the question is: Is this still true and didn't changed with iOS5 and/or other causes?
  I mean there still no way to RENEW(or prolong) the Distribution certificate, so we will not need to rebuild and redeploy already finished applications?
  Thanks beforehand,
  Mad Max

  No change.
  Apps go dark along with program enrollment.

• Oracle9iAS R2 - Virtual Hosts with Portal and SSO with OIDDAS application

  Hi!
  I have installed a the machine with name minsk.discover.local. The machine have installed Infrastructure and Portal. The instalation is sucessfull and i work fine. But i have publish Portal to WEB with name intranet.discover.com.br. The Oracle describe:
  1 - Create the virtual hosts in SSO and PORTAL - OK
  2 - run ptlasst to create SSO Partners Applications - OK
  After this steps iwork fine with Portal and SSO, but when i click in portlet to create user to access the application OIDDAS, the Portal redirect to login page of SSO in address mct.com.br, the internal name, when then name not responde in the internet.
  I need a help!!!!
  Marcio Mesti

  I just spoke to the Oracle App server admins, the two servers in question are clustered.
  So my question changes slightly to:
  What is the best way to install and configure a webgate for clustered Oracle App servers with mulitple virtual hosts, that are residing behind a load balancer (Traffic Manager)?
  Thanks,
  Andy