Problem connecting LDAP SSL

Similar Messages

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Problems connecting a SE P1i to an OS X IMAP server

  I just got a brand new Sony Ericsson P1i. I got it working no problem with .mac mail, however, I am having problems connecting via SSL with the server refusing to accept user name and password (that's the error message on the phone).
  In the logs, I found the following entry:
  "starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication."
  When going through the logs, I notice, that the typical SSL is using 128bits.
  I am kind of stuck. Not surprisingly, the nice people at SE couldn't help so far.
  Thanks
  Lane

  Here is how to configure .mac mail on your P1i:
  1.) go to -> Main Menu -> Control Panel -> Messaging -> Email Accounts
  2.) either select your previously set up .mac mail or go to More and choose New Account
  3) Enter the following details under the Basic tab:
  Account Name: "[email protected]"
  Your Name: "Your Name"
  Email address: "[email protected]"
  Connection Type: IMAP
  Click on Inbox tab
  Incoming server address: "mail.mac.com"
  Username: "yourdotmacusernamen"
  Password: "..."
  Receive using group: "Preferred Group" this is where you get your internet connection from
  Outbox tab
  Outgoing server address: "smtp.mac.com"
  tick Use smtp authentication
  tick Use Inbox login details
  Click on More
  click on Advance
  Inbox tab
  Secure connection: "SSL"
  Incoming mail port: "993"
  I hope this helps.
  Let me know.
  Lane

• LDAP connection via SSL is failing

  Hi,
  I am using following code to connect to LDAP
  Hashtable env = new Hashtable();
  env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
  env.put("java.naming.provider.url", "ldaps://inpvmwin2k3ads1.VELWINTELLAB.COM"); //change for production, quality
  env.put("java.naming.security.authentication", "simple");
  env.put(Context.SECURITY_PROTOCOL,"ssl");
  env.put("java.naming.security.principal", "sapuser");
  env.put("java.naming.security.credentials", "voda@12345");
  DirContext ctx;
  ctx = new InitialDirContext(env);
  But im getting foll exception
  simple bind failed: inpvmwin2k3ads1.VELWINTELLAB.COM:636
  1) is it because the LDAP is read only mode ?
  2) if I remove ssl and connect without ssl, it is success.
  Kindly help how to overcome this error
  basicaly my requirement is to reset password of LDAP user thru my code
  thank you in advance
  B

  Hi,
  I am using following code to connect to LDAP
  Hashtable env = new Hashtable();
  env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
  env.put("java.naming.provider.url", "ldaps://inpvmwin2k3ads1.VELWINTELLAB.COM"); //change for production, quality
  env.put("java.naming.security.authentication", "simple");
  env.put(Context.SECURITY_PROTOCOL,"ssl");
  env.put("java.naming.security.principal", "sapuser");
  env.put("java.naming.security.credentials", "voda@12345");
  DirContext ctx;
  ctx = new InitialDirContext(env);
  But im getting foll exception
  simple bind failed: inpvmwin2k3ads1.VELWINTELLAB.COM:636
  1) is it because the LDAP is read only mode ?
  2) if I remove ssl and connect without ssl, it is success.
  Kindly help how to overcome this error
  basicaly my requirement is to reset password of LDAP user thru my code
  thank you in advance
  B

• HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad.  I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion?  Thanks!  A.A.

  I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6).  When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem.  Any suggestions ??  Thank you! 

  Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
  https://appleid.apple.com
  if you can sign in there, try to sign in to itunes on your computer.

• How to fix this problem? Secure Connection Failed, SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

  Secure Connection Failed
  SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
  I have been receiving this error message recently when I tried to access school elearning websites and other school related websites, I have also tried on internet explorer and it shows page cannot be displayed. I have been trying the available solutions to solve it but none of them work. Is there alternative solutions available? Please advise. Thanks.

  It works after I disabled IPv6 in Firefox. Thank you for your help :)

• HT201320 having problems setting up email for a tiscali email address - after trying to verify ipda comes up saying cannot connect using SSL

  trying to set up my tiscali email address on an ipad mini, after trying to verify, message comes up stating "cannot connect using SSL"

  Not sure what the shortcut is. I'm just going, Settings > Mail > Add Account > Gmail
  That is the GMail shortcut. That should work. Just for testing, use the "Other" shortcut.
  Settings / Mail / Add Account / Other
  Name: <put your name>
  Email [email protected]
  Incoming server: pop.gmail.com
  Login: [email protected]
  Password: yourpassword
  Outgoing server: smtp.gmail.com
  Login: [email protected]
  Password: yourpassword
  Hit SAVE.
  It should set itself up correctly without you having to specify anything else. Try that.

• Convergence with LDAP SSL Failure

  Hello,
  I'm now having a problem securing connections between Convergence and my LDAP server.
  Once I set it in iwcadmin, ugldap.enablessl to true and change the port to 636, the following error occurs and convergence just couldn't authenticate.
  server.log in Glassfish 2.1.1, enterprise profile using NSS keystore
  [#|2010-11-12T20:17:15.208+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|LDAPS:Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values|#]
  [#|2010-11-12T20:17:15.209+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap.LDAPSingleHostPool|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|buildConnection: got LDAPException while connecting to Pool number:0. Host=<ldaphost> :netscape.ldap.LDAPException: Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values (91)|#]
  HTTP SSL connections to Webmail server and calendar servers are fine. I tried deploying the same configuration using developer profile with JKS keystore, the SSL authentication goes through then, but I need clustering for high availability.
  Does anyone have any ideas?
  Thanks so much in advance!
  Mathew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• IdM SPE Ldap SSL operations hang

  Hi all,
  We're having a problem with IdM SPE hanging while doing LDAP operations over SSL. Has anyone encountered this before? We're under a tight deadline and any inputs/suggestions would automatically make the contributor my hero.
  Description:
  Our application is hanging when we try to use SPE's APIs to add some users to an LDAPS resource. We see these connections being logged in the LDAP logs, however binding never occurs. Instead these LDAP connections from SPE seem to sit until timeout.
  Environment:
  IdM 6.0 SPE SP1
  AIX 5.2
  J2RE 1.4.2 IBM AIX SP7
  BEA WebLogic 8.1 SP5
  SunOne Directory Server 5.2
  Evaluation:
  After a long period of time we see the following exception in our application logs:
  javax.naming.CommunicationException: Request: 1 cancelled
          at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java(Inlined Compiled Code))
          at com.sun.jndi.ldap.Connection.readReply(Connection.java(Compiled Code))
          at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:357)
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:210)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2657)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)What we noticed is that LDAP connection (no SSL) seem to be okay. We have verified that connections can be made from our app server box to our LDAP server on the ssl port. We've also created a simple java servlet that makes LDAPS using JNDI and put this in the same container as IdM and this seems to connect okay as well. This seems to indicate that the hanging is not a SSL issue but an SPE one.
  We do notice from examining the LDAP logs that the same connections are being used over and over. This is expected connection pooling behavior, but could this be an issue if we switch our connection from LDAP to LDAPs? Does the pool not get purged when we switch on SSL?

  Updated findings:
  We were able to duplicate this on a windows sand box environment. Again it breaks when SPE tries to do an LDAPS operation. Here's what we figured out so far.
  a.) Definately not a certificate issue
  b.) Almost definately not a JDK/JCE/JSSE issue
  c.) Definately not an LDAP issue
  d.) Not an IdM 6.0 issue (Can provision users from IdM console)
  e.) Not a connection pooling issue (Turned off pooling and it still hung)
  f.) Not a network issue.
  It seems at this stage that the problem stems from SPE, has anyone ever gotten SPE to work with LDAP over ssl? Any suggestions?

• DPS 6.3.1.1 - Issues while connecting through SSL

  Hello !!
  I have a issue where my application client reported that they are unable to connect to the LDAP using SSL. Where as everything works fine in LDAP (non secured)
  This is how our deployment looks.
  Clients <=> Load Balancer <=> DPS (2 instance) <=> DS (2 masters)
  The DPS is configured with DSP (data source pool) (with proportional algorithm of 50:50 to backend data sources). Client Affinity ("read-write-affinity-after-any") is configured for this DSP. The DSP is attached with 2 data sources.
  So when the client connected in a secured port using LDAPS, they are unable to authenticate/search against this environment. No issues were found in DS logs for any of the bind/search requests. But in DPS, we noticed below log which i want to get clarification on.
  Note: I have removed the hostnames/Ip where ever applicable from the logs.
  =====================================================
  [04/May/2011:12:24:39 -0400] - PROFILE - INFO - conn=1255260 assigned to connection handler cn=default connection handler, cn=connection handlers,cn=config
  [04/May/2011:12:24:39 -0400] - CONNECT - INFO - conn=1255260 client=x.x.x.x:52461 server=x.x.x.x:636 protocol=LDAPS
  [04/May/2011:12:24:39 -0400] - OPERATION - INFO - conn=1255260 op=0 BIND dn="uid=app_id,ou=applications,dc=example,dc=com" method="SIMPLE" version=3
  [04/May/2011:12:24:39 -0400] - SERVER_OP - INFO - conn=1255260 op=0 BIND dn="uid=app_id,ou=Applications,dc=example,dc=com" method="SIMPLE" version=3 s_msgid=3 s_conn=ds_Master2:26560
  [04/May/2011:12:24:39 -0400] - SERVER_OP - INFO - conn=1255260 op=0 BIND RESPONSE err=0 msg="" s_conn=ds_Master2:26560
  [04/May/2011:12:24:39 -0400] - PROFILE - INFO - conn=1255260 assigned to connection handler cn=CH_ENV_catch-all_LDAPS,cn=connection handlers,cn=config
  [04/May/2011:12:24:39 -0400] - OPERATION - INFO - conn=1255260 op=0 BIND RESPONSE err=0 msg="" etime=0
  [04/May/2011:12:24:39 -0400] - OPERATION - INFO - conn=1255260 op=1 msgid=2 SEARCH base="ou=people,dc=example,dc=com" scope=2 filter="(uid=abcdef)" attrs="*"
  [04/May/2011:12:24:39 -0400] - SERVER_OP - INFO - conn=1255260 op=1 SEARCH base="ou=people,dc=example,dc=com" scope=2 filter="(uid=abcdef)" attrs="*" s_msgid=498 s_conn=ds_Master1:26072
  [04/May/2011:12:24:39 -0400] - SERVER_OP - INFO - conn=1255260 op=1 SEARCH RESPONSE err=0 msg="" nentries=0 s_conn=ds_Master1:26072
  [04/May/2011:12:24:39 -0400] - OPERATION - INFO - conn=1255260 op=1 SEARCH RESPONSE err=0 msg="" nentries=0 etime=0
  *[04/May/2011:12:24:39 -0400] - DISCONNECT - INFO - conn=1255260 reason="other" msg="Exception caught while polling client connection LDAPS.x.x.x.x.52461 -- javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?"*
  =======================================================
  If noticed in the above logs, the initial Bind request via LDAPS is routed to Master 2. But the susequent search request (for user abcdef) is routed to Master 1.
  And finally the DISCONNECT operation came (last line) without a proper unbind.
  Is this alternate routing a expected behavior when client affinity is turned ON ? Is this exception causing the application's search failures ?
  Please shed some pointers on this..
  Thanks.
  Edited by: Prasee on May 6, 2011 8:07 AM

  Pls see inside:
  Thanks for the reply. Yes the client is a loadbalancer in this case. So does it mean that this behavior (sending request to 2 different DS in a same connection) is expected ? I have few additional queries that arise from your reply :-)
  Loadbalancing algorithm takes precedence "if the request that starts client affinity has not yet occurred"
  Since its the load balancer that connects to DPS for any/every request every time., How do the DPS know whether a request that starts client affinity has occurred / not occurred ?Well, client affinity starts with a certain operation (not by establishing the client<->dps connection) as specified by your client affinity policy. In your case ("client-affinity-policy:read-write-affinity-after-any") it starts for all operations after the first read or write operation. DPS is not a (network) connection based router - so it does not route the client connection to the data source but forwards the client operations (request) on dedicated bind,read,write,.. connections to a data source selected by your load balancing and/or client affinity policy.
  In our case, Its the same connection (conn=1255260) that receives bind and search request from the client. So when a connection is established, the client affinity should have got enabled and sent the bind request to Master 2 initially, so for the next search request, shouldn't it be sent to Master 2 again ?No, see above.
  >
  Sorry for these questions, I am basically trying to understand more on how client affinity works when a load balancer is in between.
  Coming to the exception,
  [04/May/2011:12:24:39 -0400] - DISCONNECT - INFO - conn=1255260 reason="other" msg="Exception caught while polling client connection LDAPS.x.x.x.x.52461 -- javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?"
  Does this abrupt shutdown of connection means the search response would have got dropped before reaching the end client (application) ?Yes, that may be possible ...
  >
  Thanks for your help !!

• What it means to us, if we connect without SSL?

  Could not connect to AIM This account is configured to require SSL, but an SSL connection could not be made. To connect without SSL, deselect "Require SSL" in the Server Settings pane of Account preferences.

  Hi,
  From iChat version 1 through until about version 4 there was non SSL option for iChat AIM connections.
  The connection is supposed to be more secure with SSL as the packets of data involved are encrypted.
  This means that non SSL data packets are essentially in plain text.
  Now during the time of iChat since the introduction of the SSL option the SSL server has been known to drop the connection more often that the regular server, but it has been improving throughout iChat 5 and 6 and Messages that follows. It also calls for you to manually reconnect as it is not Automatic like the non SSL is.
  Of course we now have the HeartBleed issue.
  This is where the servers involved in such things as secure logins like this to AIM are potentially, I stress potentially, compromised due to the use of non updated forms of SSL encryption apps on those servers.
  The AIM account I use everyday is using SSL
  The Apple IDs that are also valid AIM Screen Names don't use the SSL server at AIM but the passwords are changed regularly.
  In 15 years of using iChat and now Messages with the AIM servers I have not had a problem.
  It was estimated at one time that half the US population had Internet access and half of those had an AIM account of some sort.  (About 75 million in the US alone)
  (what are the chances of it being you... once you consider world wide numbers)
  Previously I would have said if SSL does not work then use the non SSL option.
  However based on this story on the BBC I would tend to advise caution at present as there is obviously a surge in people trying to find anyone's details.
  9:39 pm      Monday; April 14, 2014
  ​  iMac 2.5Ghz i5 2011 (Mavericks 10.9)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
   Couple of iPhones and an iPad

• Wont connect to SSL + Gmail

  I just got the iPhone 8g today ( which came with 1.1.4 version ). When try and fill out my gmail infomation i get
  "Can not connect to SSL"
  "would you like to try and connect without SSL"
  Both fail.
  I have followed gmails instructions along with apple's but i still get the same error message. is anyone else having this problem
  -Splits

  ok so still no word on why this is happening. but i tried my brothers gmail account and it works like a charm. then i made a new email and that works. I tried the gmail account that isnt working with apple mail and that doesnt work.
  also i do have imap turned on in the gmail settings.
  -Josh
  ps right now i made a new gmail account and have that linked to my iphone then linked my account that wont connect to the iphone to forward my messages to the account that is linked to the iPhone.
  "Make sense"

• New gmail account on iPhone cannot connect using SSL

  Hi,
  I was having problems accessing the gmail server on my iphone so i deleted the account settings on the iphone and am creating a new one. However, the iphone tells me that it cannot connect using SSL. Has anyone had a similar problem? I don't want to setup the account without this basic security.

  Hey milos321,
  I'm not sure what caused the issue. I believe account may have been automatically locked because abnormal activity.
  You can find more detailed information here:
  http://mail.google.com/support/bin/answer.py?answer=61805
  http://mail.google.com/support/
  Jason

• AIR on Android can't connect using SSL

  I'm trying to connect to a Java server using SSL, with a signed and trusted certificate, but keep getting InvalidCertificate error.
  Everything is fine with the certificate, but the error happens when connecting through android AIR app.
  Connection works fine when connecting without SSL, but that is not an option.
  What may be wrong?

  More info:
  Renaming the cert8.db didn't change anything.
  I get into these ILO interfaces fairly often and I can say that Firefox had a problem over a year ago (or so) where it would let you in once and then say (IIRC) Invalid Cookie on subsequent attempts. Maybe deleting the cert8.db would fix that. Anyway, an update fixed that issue.
  I just tested with Firefox 17 and it worked fine. Here are screen shots and the .cer file I exported. This is from a different (virgin) server at .93
  https://www.dropbox.com/l/gGYGz2myJnUu9uNoPwsYxd
  (Hope this works -- I'm new to DropBox)
  IE says:
  The security certificate presented by this website was not issued by a trusted certificate authority.
  The security certificate presented by this website was issued for a different website's address.
  I didn't generate the certificate; the come pre-generated by HP. Anyway, I tried re-generating the certificate and I now get this error:
  Secure Connection Failed
  An error occurred during a connection to 10.1.20.91. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  I tried to attach the exported certificate, but I seem to only be allowed to upload graphical images.
  IE Key Usage says: Certificate Signing, Off-line CRL Signing, CRL Signing (06)

• I'm trying to set up my Ipod, but when I go to sign in with an apple ID it says 'Could not sign in: there was a problem connecting to the server'.

  I just bought a 3rd generation ipod touch. It was professionally refurbished. I'm trying to set it up, and everything seems to be working fine, until we get to the wifi. I live on campus and our wifi is username and password protected. I signed in and everything seemed to work fine, and in the top left hand corner I have all the bars for wifi. However, when I go to sign in with an apple ID it says 'Could no sign in: there was a problem connecting to the server'. I've tried turning it on and off again, tried signing on to our wifi again, but it all isn't working. What can I do?

  I also encountered the same problem. Try using a different email address or try signing in later.