Portal show expired certificate after re-generating

Similar Messages

• Language download shows expired certificate

  when i download hindi lang on nokia c6 00 dictionary after installation shows expired certificate. Plz solve my prob

  Hi Deep_jagdish,
  Welcome to the Nokia Support Discussions!
  You may want to check this thread for suggestions you may try to solve your concern:
  http://discussions.nokia.com/t5/Online-services-from-Nokia-Nokia/certificate-expired-amp-installatio...
  Note: Although the phone models may be different, the same resolution applies. Keep us posted.

• Expired certificate after a power cut

  Hi,
  I have a cisco E3000 with firmware version 1.0.04. I enabled the Local Management Access with HTTPS. If I connect to the HTTPS management interface, I can see that the date of validation of the HTTPS certificate is valid.
  If I disconnect completly my router (disconnect the power supply), it seems that the HTTPS certificate is regenerated for the boot. The problem is that it is regenerated with a validation date from 01/01/1970 to 01/01/1971. I guess that the certificate is generated before the router is able to automatically set its own time.
  Is there any solution to avoid this situation?
  Thanks.

  I didn't notice anything wrong regarding router functionality. The main issue I have is with some browsers which are a bit picky on the certificate date validation.
  The time settings of the router is also correct. Anyway the only change I can do here is on the timezone (except if I missed something)
  Thanks,
  Gerald

• 6120 - Unable to Install Apps Expired Certificate

  i have a nokia 6120 when i try to install fring or any other application it shows expired certificate please help
  Moderator's Notes: This post was edited. A more appropriate subject was provided.

  @kashif1
  Are you trying to install version from Nokia Store or elsewhere? I can confirm that version of Fring for S60 3rd Ed. FP1 devices certificate validity runs from 19/06/2011 to 19/06/2021.
  If you go to Menu > Applications > App. mgr.> Options > Settings - is Software installation = ALL and Online Certificate Check = OFF?
  Happy to have helped forum with a Support Ratio = 42.5

• HT5012 I have iPhone 4 with iOS 7.0.4 installed on it. Whenever I am trying to connect WiFi it shows me certificate that got expired on 11/22/2013 and I am not able to remove that certificate?

  I am not able to delete the expired certificate as no getting profiles which is available in earliar version under setting -> general -> profiles. Please help me here.
  Thanks,
  Bhushan

  Dear Jody..jone5
  Good for you that can't update your iphone because I did it and my iphone dosen't work for example I can't download any app like Wecaht or Twitter..
  Goodluck
  Atousa

• How to remove Expired Certificate in Certification Authority

  So the base certificate at a client site running Server Standard 2012 R2 expired.
  I went in and did a renewal, which created a new certificate, but the old expired cert still shows in the list and is still being handed out by the CA.
  Certificates #1 & #2 are the renewed cert's, Cert #0 is expired, why did it not get replaced during the renewal process?
  How do I remove the expired Certificate?  The CA is still using it and handing out expired cert's, this is preventing people from connecting to the secure Corporate WiFi environment because the NAP server is now rejecting access due to an expired certificate.
  Before I renewed and changed the certificates in the NAP server to point to the new reviewed cert, I was getting this event log entry when a user tried to connect to the Secure Corporate WiFi:
  Event ID 6273, Reason Code 262, The supplied message is incomplete.  The signature was not verified.
  After I changed to the Certificates in the NAP server to point to the renewed cert's, I get this error, still not able to connect to WiFi:
  Event ID 6273, Reason Code 265, The certificate chain was issued by an authority that is not trusted.
  How do I go about cleaning out that Expired Certificate in the CA, I removed it from the computer cert list using the Certificates snap in and connecting to the local computer.  I then stopped and restarted both the CA and NAP services.  Still
  no change.  I need to get the CA cleaned up and trusted again.
  Any help would be greatly appreciated.
  Curt Winter
  Microsoft Certified Professional

  Ok the NAP server is now working properly, the Expired Certificates are clean up and we are back in working order.
  Here is a review of what I did to get the issue resolved:
  1) First thing was to remove the old SBS server entries that where causing the workstation to try and renew their certs with the old server.  To do this I ran ADSIEdit expanded the
  CN=Configuration | CN=Services | CN=Public Key Services.  I then went through every folder and every entry under Public Key Services looking for and removing or updating entries pointing to the old SBS. I then made sure authenticated
  users had read permissions on CN=Enrollment Services.
  2) Ensure the CA is an Enterprise CA, I ran certutil -cainfo
  to ensure it showed as Enterprise Root CA.
  3) I then went back into ADSIEdit expanded
  CN=Configuration | CN=Services | Public Key Services | CN=Enrollment Services. Right click the CA in the right pane and ensure
  flags is set to 10.
  4) Ensure the CA is trusted, launch PKIView, right click on
  Enterprise PKI and select Manage AD Containers click on the Enrollment Services Tab, the status should show as OK.
  5) I then copied that Certificate to a file and ran certutil -verify on the file to check for any additional errors.
  6) I then opened CertSrv.msc on the CA, right click on the name of the CA and select properties, click on the Security tab and ensure Authenticated Users have the
  Request Certificates permission.
  7) I then ran certutil -deleterow 3/11/2015 Cert to remove all the certs that had expired before 3/11/2015.
  At this point the workstations started to get new cert's all the cert renewal errors in the client event logs stopped
  8) I then went back into the NAP server and select the correct certificate fin the EAP Properties and Smart Card properties.
  9) I then updated the domain 802.11X policy ensuring all the EAP properties had the correct certificate listed.
  At this point computers where again connecting to the Secure WiFi through the NAP server.  I hope this may help someone in the future.
  Curt Winter
  Certified Microsoft Professional
  Curt Winter

• Anyconnect VPN - Expired certificate causing Java error

  Hello,
  Since April 4th 2015 Java has been blocking the process of installing AnyConnect via web-deployment (see attached screenshot). It indicates there is an expired certificate with these details:
  Issuer CN=VeriSign Class 3 Code Signing 2010 CA,
  OU=Terms of use at https://www.verisign.com/rpa (c)10,
  OU=VeriSign Trust Network,
  O="VeriSign, Inc.",
  C=US
  Validity [From: Wed Jan 02 19:00:00 EST 2013,
  To: Sat Apr 04 19:59:59 EDT 2015] <-----------------------------
  Subject CN="Cisco Systems, Inc.", <-----------------------------
  OU=Digital ID Class 3 - Microsoft Software Validation v2,
  O="Cisco Systems, Inc.",
  L=Boxborough,
  ST=Massachusetts,
  C=US
  This certificate is not seen when entering 'show crypto ca cert' on the ASA -- it is NOT our certificate, as it is issued to "Cisco Systems, Inc", and it has clearly expired.
  We are running the ASA software 9.1.6 and this behavior happens (at least) with the three latest versions of Java.
  Is anyone else having this issue? Is there anything that can be done (server-side) to resolve this?
  Thanks in advance...

  I think it is possible to use same digital certificate. You can specify whether you want users to authenticate using AAA with a username and password or using a digital certificate (or both). When you configure certificate-only authentication, users can connect with digital certificate and are not required to provide a user ID and password.

• 5800 XM "Expired Certificate" error message

  For people who own a Nokia 5800 XM, the error message of "Expired Certificate" when downloading applications onto the device will be mean you cannot load on new apps, which can be frustrating.
  Firstly you should try to update the firmware on your phone by 1 of 3 ways.
  Using FOTA (Firmware Over The Air). Another thread of mine will explain this in detail. You can find it here.
  Downloading Nokia Software Updater(NSU) and connecting your 5800 to the computer using a data cable.
  Taking the handset to a Nokia Care point if you do not want to try the above 2 options.
  **NOTE: Always be sure to make a back up of your personal details that are held on the phone as updating firmware will most likely delete any data left on the phone.
  If you have used FOTA or NSU to update your firmware, or there is no new update available then doing the following will work and will allow you to install new applications without the expired certificate error message.
  With the phone switched on, press the power button key once.
  Scroll down to and select "Remove E: Memory Card". 
  Select Yes to remove the memory card.
  Press OK and remove memory card from phone.
  Press the Dialler on the main screen.
  Type *#7370#
  Enter security code. Default is 12345 unless it has been changed.
  The phone will reset, wait for this to complete and power back on.
  Select your country and type in the correct time and date.
  Wait for the phone to complete its configurations, you may receive "My Nokia" or tutorial messages.
  Power off phone.
  Insert the memory card.
  Power on the phone.
  Wait for the phone to install any pre-loaded content from the memory card
  Phone is ready to install applications, without "Expired Certificate" error message.
  I have done the above myself and downloaded the PDF reader from the "Download" application from within the handset and it installed with no error after these steps.
  I hope this helps.
  My posts are my opinion and in no way the direct views of Nokia.
  If my posts are helpful, please give me some KUDOS using the green star on the left.

  try to sign your app(s) through Opda site.
  If you want to thank someone, just click on the blue star at the bottom of their post

• Certificate not yet generated errors and wifi drop outs

  Hello all!  Recently I've been getting the following errors in console
  11/5/13 8:02:52.815 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.815 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.816 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.816 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.817 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.817 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.817 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.818 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.818 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.819 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.819 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.820 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.821 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.821 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.824 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.827 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.828 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.949 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:52.986 PM apsd[87]: Certificate not yet generated
  11/5/13 8:02:53.369 PM apsd[87]: Couldn't find cert in response dict
  11/5/13 8:02:53.370 PM apsd[87]: Failed to get client cert on attempt 1, will retry in 15 seconds
  The last line keeps repeting after it tries again attempt 101, will retry in 900 sec etc...
  Additionally I've noticed that periodically my wifi will drop out, and when I go to Airport Utility my Extreme is unavailable.  I don't know if this error and the two the wifi drop outs are linked or not.  At first I thought it was the new firmware for the basestation, but now I'm not so sure because last time I launched airport utility and the extreme was unavailable I saw the basestation come back on line.
  One final note.  I have a home server on a mac mini (ML Server essentially for ituens shared liberary).  All the macs access this server.
  Thanks in advance

  From the menu bar, select
             ▹ About This Mac
  Below the "OS X" legend in the window that opens, the OS version appears. Click the version line twice to display the serial number. If the number is missing or invalid according to this web form, take the machine to an Apple Store or other authorized service center to have the problem corrected.

• Expired certificate unexpectedly works under JRE 1.4.2_06+

  Hi,
  I have a client trust store for server authentication containing an expired certificate.
  Under JRE 1.4.2_06 (and 1.5) the expiry is ignored (unexpected), however under 1.3 and 1.2 using the same code it is considered invalid (as expected).
  Why has the behaviour changed?
  Thanks,
  Martin.

  After looking at the fixes applied between these two versions of the JRE I've found the following against 1.4.2_04...
  4945571 consider removing validity check on trusted cert anchor selection
  But no information exists in the bug database regarding this change! :(
  Does anyone know what was done as part of this fix?

• Portal and BW certificate must be different

  Hi,
  We've installed BI with BI Java and Portal as Addin on same System.
  We've configured the BI & Portal integration via NWA and everything is ok. But after when tested we got " The system is unable to interpret the SSO ticket received " errors during Bex Launcher.
  When we checked the configuration via RSPOR_SETUP Repost on ABAP Stack, everything except the following seems ok.
  Status 10: Import Portal Certificate into BI            <b>Portal and BW certificate must be different</b>
  Status 12: Maintain User Assignment in Portal           <b>System failure during call of function module RSWR_RFC_SERVICE_TEST</b>
  I think the problem is when we imported the Portal Certificate into BI, as they reside on same system error occurs at step 10.
  This is the production system. On Development System, Portal+BI Java are on another server than BI and this problem was not occured.
  Does anyone experienced this issue?

  Hi,
  Of cours I've solevd the issue via sap note "917950 SAP NetWeaver 2004s: Setting Up BEx Web"
  Here is the section you've to consider ;
  Add-In Installation and importing Certificates with identical system ID (SID)
  In case of Add-In installation, the system ID (SID) of
  AS-ABAP and AS-Java is identical. This causes problems
  during import and certificates, if you are using the
  Template Installer. Because the ABAP system does not allow
  to import a certificate with identical Distinguished Names (DN) (e.g. identical common names (CN), subject names, ...). Also the standard client of the J2EE must be different from the standard client of the ABAP system.
  If the common names are identical, the report RSPOR_SETUP
  displays the error message "Portal and BW certificate must be different" (English).
  If the client of the Portal certificate is existing in the
  ABAP system, the error message "Add-In Installation: check logon.ticket_client (see note 994785)" is diplayed.
  This issue could be solved by creating a new Portal
  certificate with a different Distinguished Name (DN). The
  steps to create a new Portal certificate are described in
  the report RSPOR_SETUP documentation of step "Export Portal Certificate to the Portal" (step 9):
       1. Delete J2EE certificate (SAPLogonTicketKeypair
  and SAPLogonTicketKeypair-cert) in Visual Administrator under Services Keystorage
       2. Create new J2EE certificate (SAPLogonTicketKeypair with other Distinguished Name) in
  Visual Administrator under Services Keystorage (as
  described in documentation of step 9 "Export Portal
  certificate in Portal", report RSPOR_SETUP)
       3. Delete J2EE certificate in certificate list
  and access control list (ACL) with transaction STRUSTSSO2
       4. Import new J2EE certificate to certificate
  list in transaction STRUSTSSO2
       5. Add new J2EE certificate to access control
  list (ACL) in transaction STRUSTSSO2
  See report RSPOR_SETUP documentation of step "Configure User Management in Portal" (step 8) or note 994785 how to
  change the standard client of the J2EE.
  Message was edited by:
          HUSEYIN BILGEN

• Clients connect to wifi with certificate that expires every month - correct way to handle expired certificates?

  Hi all
  I'm sorry if this is the wrong forum to ask this question. Also my knowledge in this area is somewhat limited, which I why I need your help :-)
  We use wireless networks primarily in my company for all our clients and use a certificate to authenticate to the network. This certificate expires after 1 month and we automatically renew them 1 week before expiry. Relatively often we have users that
  are not connected to the network for a few weeks or more and then the certificate expires before being renewed. Then we have to connect them to the wired network to get the certificate updated, so they can connect to the wireless network again.
  What is the correct approach to solve this issue? We feel extending the life of the certificate would be a too big security compromise. Is there some way you could automatically allow an expired certificate briefly with the sole purpose of renewing the certificate?
  Or how would you normally resolve this issue?
  Thanks for any help/knowledge you can provide :-)

  > Setting the validity period that high, means that the certificate could be cracked before expiry.
  then you should be scary of CAs which validity is 10 or more years. And they use the same cryptography as end-entity certificates (key length and signature algorithms). It is a paranoya. Just make sure if client certificates use at least 2048 bit long
  keys and use SHA1 (or better) signature algorithm. In this case there is a little chance that certificate will be successfully cracked in 2 years.
  If there is an evidence (or indications) of client private key compromise -- immediately revoke the certificate and publish new CRL ASAP. You cannot protect clients from key compromise by using short-living certificates, because key compromise is ususally
  achieved by gaining a control over the private key (malware on client computer). Therefore, there is nothing wrong in issuing client certificates with 1 or 2 year validity.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Expired certificate error for language packages

  I wish to inform the nokia authority,that the language package(UK english Martin) provided for Message Reader app (symbian belle) is showing 'CERTIFICATE EXPIRED' error ,whenever I tried to install the language pack.
  I request the authority to kindly extend the certificate period more so that all user can use those packages.
  I downloaded the language pack from:
  http://www.nokia.com/global/support/text-to-speech​/
  Handset model : NOKIA 701

  Same problem with US english language packs, expired certificate despite the fact that I just downloaded it from Nokia a few days ago. So please Nokia renew the certificate for the Nokia super 701 Text To Speech Language packs.
  Handset Model: Nokia super 701 FP2

• SSLSocket created with expired certificates

  The tests documented here were performed using Sun JSSE 1.0.2.
  Server
  I have installed TOMCAT and configured it for SSL by following the instructions detailed in the following link:
  http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html
  NB: The system date was set back by more than three months to ensure that the certificate contained in the store is now expired.
  Client
  I have created a simple java client test program that attempts to create an SSLSocket connecting to the TOMCAT SSL port.
  The code is listed below:
  SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
  SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 8443);
  System.out.println("Establishing SSL socket connection");
  * register a callback for handshaking completion event
  socket.addHandshakeCompletedListener(
  new HandshakeCompletedListener() {
  public void handshakeCompleted(HandshakeCompletedEvent event) {
       System.out.println("Handshake finished!");
       System.out.println("\t CipherSuite:" + event.getCipherSuite());
       System.out.println("\t SessionId " + event.getSession());
       System.out.println("\t PeerHost " + event.getSession().getPeerHost());
  socket.startHandshake();
  socket.close();
  System.out.println("Established SSL socket connection");
  Tests
  The test program was run as follows (NB: With the system date set correctly to the current date):
  Test 1
  With no parameters passed.
  Result: This produces an untrusted server cert chain error. This happens because the truststore information has not been supplied. This result is as expected.
  Test 2
  With the following parameters:
  -Djavax.net.debug=ssl:keymanager
  -Djavax.net.ssl.trustStore= set to the location of a truststore file containing the same EXPIRED server certificate mentioned above
  Result: This does not produce any errors and the socket is created successfully and the handshake completes successfully. As the truststore at the client (i.e. the java test program) and the keystore at the server (i.e. SSL enabled TOMCAT) both contain the same EXPIRED certificate it was expected this would result in a failure to create the SSLSocket. The debug trace that is output does indeed show that the certificate has expired yet somehow the connection is still being made.
  It should be noted that test 2 has been run on numerous occasions in the past and has previously given the expected result. That is to say, a failure to create the SSLSocket with an error message stating that the certificate had expired. Nothing appears to have changed in the environment in which these tests are being run that should cause them to start to fail now.
  Has anyone seen this strange behaviour before?

  There are fellow sufferers...
  http://forum.java.sun.com/thread.jspa?threadID=560690&tstart=0
  I too noticed this.
  I've a simple 20 line SSL server and SSL client and can reproduce this behaviour.
  ie. trying with an good cert, it exchanges data, with a bad cert, I get an exception, and with
  an expired cert, it exchanges data when I expect this last one to fail.
  I dont know what the solution is but if I were to hazard a guess, I'd say maybe I need
  to subclass the TrustManager? or maybe set some policy somewhere.
  In the meantime, I've just invalidated it manually.
  ie. on startup or whenever appropriate, I do the following...
  KeyStore keystore = null;
  // Load the keystore in the user's home directory
  FileInputStream is = new FileInputStream(filename);
  keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  keystore.load(is, password.toCharArray());
  is.close();
  for (Enumeration ea = keystore.aliases(); ea.hasMoreElements();) {
  String alias = (String) ea.nextElement();
  // Get certificate
  java.security.cert.X509Certificate cert =
  (java.security.cert.X509Certificate) keystore.getCertificate(alias);
  try {
  cert.checkValidity();
  } catch (java.security.cert.CertificateException e) {
  System.out.println( "Invalid Certificate for " + alias );
  keystore.deleteEntry(alias);
  ie. I remove the offending cert from the truststore...
  This is a stop-gap measure till I figure out what to do instead.
  Hope this helps...
  Chai

• Expired Certificate for 5800

  I've been having the Expired Certificate problem ever since I bought the 'phone. I tried the instructions found on the web, I've called Nokia support, I've written to the customer care and I've taken it to Nokia Care. The only solution appears to be to do a hard reset of the 'phone. After this, I'm able to install applications for a while but again after some random period of time or activity, I get the "Expired Certificate" notice.
  I've got 20.0.012, with a software version date of 26-01-2009. I'm not doing anything out of the ordinary, just trying to install applications every so often. Surely I'm not the only one with this problem. Resetting the 'phone is not such a big deal but I lose all the settings and music. It's getting rather frustrating.
  Is there something I should be doing or not doing to avoid this?

  kingpin007 wrote:
  Usually to overcome this issue of expired certificate all you have to do is back date the phone by a year or two in the date and time settings and try installing the application again.
  You may wanna take a look at the post by adamf here /discussions/board/message?board.id=topfaq&message.id=128&query.id=646398#M128
  1. Changing the date doesn't work. Usually I get a message saying "Certificate not yet valid or Phone date wrong" (not sure of the exact wording). There may be a precise date that works but I tried with PhoneFlash and couldn't find it. It switched from the above message to "Expired Certificate" rather seamlessles.
  2) I've tried the method in the link above and it solved my issue for about 2 days or so. Then the same problem. Now, I can reliably solve the problem with a hard reset (red + green + camera) but again for only a limited time. After that I again cannot install applications.
  Thanks anyway