Problems generating right CSR for Callmanager 10 - cisco messes up values, Bug?

Similar Messages

• Need to generate a CSR for a new Lync 2013 Edge server

  I am upgrading my Lync 2010 Edge to 2013. Part of the process is exporting all the certificates on the 2010, some public, and eventually importing them into my 2013 Edge. I have a problem with one certificate that was generated by our internal CA for the
  2010 server itself named servername.domain.local. Since my new Edge will be renamed to the same name as the old Edge, I was planning on exporting this certificate but the private key can't be exported. The option is grayed out.
  I need to therefore figure out how to get a certificate on my new Edge. No Lync software has been installed yet. What is the best way to generate a CSR so I can manually create a certificate on my internal CA. Since I don't have access to the internal CA
  from the DMZ, I need to do it this way. I am thinking maybe the MMC but maybe Windows PowerShell? Once I get the CSR generated, I will figure out how to create a certificate on my internal CA.
  I know I can do it during the Lync install but I wanted to have it ready on the server when installing.

  The option is most likely grayed out, because the private key was not marked as exportable.
  Now, you can either request the certificate by using the Deployment Tool and requesting the certificates, selecting offline and then manually copying the CSR to your Internal CA (and the certificate back)
  Or you can use Powershell and do a Request-CsCertificate (see here: http://technet.microsoft.com/en-us/library/gg425723.aspx)
  Try something like this: Request-CsCertificate -New -Type Internal -ComputerFqdn "lyncedge.domain.com" -FriendlyName "Internal Edge"
  -Template jcila -PrivateKeyExportable $True -DomainName "edge.domain.com" -Output C:\path\test.req​
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• I can't generated a CSR for a wildcard certificate

  I recently received a new Mac Mini OS X Server with the Server 2.2.1 app loaded.
  I cannot figure out how to create a CSR for a wildcard certificate.
  The wizard will not accept * in the input field.
  Can someone point me to the hard way of doing this?
  I need to secure every channel on the server with a wildcard SSL certificate.
  Thanks...

  Hi Gordon,
  You can use the command line to generate your wildcard CRS.
  1. Launch /Applications/Utilities/Terminal.app
  2. At the prompt, type the following command:
  openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
  Replace yourdomain with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.
  Common Name: The fully-qualified domain name, or URL, you're securing.
  If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
  See http://support.godaddy.com/help/article/5269/generating-a-certificate-signing-re quest-csr-apache-2x?pc_split_value=3

• How to generate / renew CSR for Cisco AppSpace technology

  Hi all,
  I'm not align on AppSpace technology and CSR renewing and I'd like to know from the community some steps in order to renew our certificate used by  AppSpace.
  Exist some simple steps to perform this renew?
  I have to contact our Certificate Authority in order to do this or I can do it by myself?
  Many regards.

  Hi all,
  I'm not align on AppSpace technology and CSR renewing and I'd like to know from the community some steps in order to renew our certificate used by  AppSpace.
  Exist some simple steps to perform this renew?
  I have to contact our Certificate Authority in order to do this or I can do it by myself?
  Many regards.

• Problems generating a cert for ACS 4.1 using MS 2008 R2 Cert Svcs

  I am having difficulty installing a certicate on ACS that was generated using Microsoft Certificate services under Server 2008 R2.  The problem I'm having is finding documentation that addresses using ACS 4.1 and Microsoft Cert Svcs 2008 R2.  There is plenty of documentation using Server 2003 Cert Svcs but not 2008.
  I follow the instructions for 2003 and there are differences in the interfaces.  I think I'm picking the right options but after the cert is installed and the CA is added, I still can't turn on SSL because it says there are no certs installed.  I installed the self signed cert and that worked.  Cant figure out what I'm doing wrong.  Can anyone provide instructions for generating the cert using Server 2008 R2 certificate services?

  Thanks Nate.
  Here's what I tried:
  After receiving your response I tried again and it worked.  I had to create a template on the sert server and use it when generating the cert.  I couldnt find "Server Authentication" in the "Enhanced Key Usage" field.  It only gave the option of exchange or encrypt or both exchange and encrypt.  I left it at the default.
  The only thing I did different was the template I used.  The cert template "Web Server" didnt work.  I copied it as a server 2003 template and that was the trick.  Previously I created a server 2008 template that did not work.
  For anyone reading this the closest instructions I could find are at:
  https://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#backinfo
  They dont mention that you need a server 2003 template in the instructions on how to create a template tho...

• Problem with WSDL file generated by PI for sender SOAP

  I have a scenario SOAP to idoc that I am trying to test in PI7.1.  I have created my objects in the ESR and completed the configuration in IB.  When I test the configuration in IB, the data passes through PI to ECC correctly.
  Now I want to export the WSDL file from the Sender Service Interface being used for this scenario and test it using SOAPUI.  However, when I look at the WSDL file proposed by PI, there is no SOAP URL proposed in the WSDL.  My understanding from looking at other threads in the the forum is that the URL should be proposed in the WSDL file, and I can then export this WSDL file to my PC, and upload it into SOAPUI for testing.
  Why is the URL not being proposed in my WSDL file?
  Thanks in advance for any help.
  Terri

  Thanks Baskar that solved part of the problem. 
  When I use this newly generated WSDL file for testing in SOAPUI, I now get an error 401, which I believe has something to do with needing a user id and password.  However, my scenario is not setup to require a userid or password.  Any other help would be appreciated.
  Below is the actual results from SOAPUI:
  HTTP/1.1 401 Unauthorized
  server: SAP NetWeaver Application Server 7.11 / AS Java 7.11
  www-authenticate: Basic realm="XISOAPApps"
  connection: close
  pragma: no-cache
  content-type: text/html;charset=ISO-8859-1
  content-encoding: gzip
  date: Thu, 03 Mar 2011 22:49:56 GMT
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <head>
       <title>Error Report</title>
  <style>
  td {font-family : Arial, Tahoma, Helvetica, sans-serif; font-size : 14px;}
  A:link
  A:visited
  A:active
  </style>
  </head>
  <body marginwidth="0" marginheight="0" leftmargin="0" topmargin="0" rightmargin="0">
  <table width="100%" cellspacing="0" cellpadding="0" border="0" align="left" height="75">
  <tr bgcolor="#FFFFFF">
      <td align="left" colspan="2" height="48"><font face="Arial, Verdana, Helvetica" size="4" color="#666666"><b>  401 &nbsp Unauthorized</b></font></td>
  </tr>
  <tr bgcolor="#3F73A3">
      <td height="23" width="84"><img width=1 height=1 border=0 alt=""></td>
      <td height="23"><img width=1 height=1 border=0 alt=""></td>
      <td align="right" height="23"><font face="Arial, Verdana, Helvetica" size="2" color="#FFFFFF"><b>SAP NetWeaver Application Server 7.11 / AS Java 7.11 </b></font></td>
  </tr>
  <tr bgcolor="#9DCDFD">
      <td height="4" colspan="3"><img width=1 height=1 border=0 alt=""></td>
  </tr>
  </table>
  <br><br><br><br><br><br>
  <p><font face="Arial, Verdana, Helvetica" size="3" color="#000000"><b>  Error: Unauthorized<p><font face="Arial, Verdana, Helvetica" size="2" color="#000000"><b>  Troubleshooting Guide <a href="https://sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/wiki?path=/display/jsts/home">https://sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/wiki?path=/display/jsts/home</a></p><p></b></font></p>
  <p><font face="Arial, Verdana, Helvetica" size="2" color="#000000"><table><tr><td valign="top"><b> Details:</b></td><td valign="top"><PRE>No details available</PRE></font></td></tr></table></font></p>
  </body>
  </html>

• Generate CSR for Third-Party Certificates

  Hi All,
  i have an issue when i tried to Generate CSR for Third-Party Certificates,
  i follow step by step in the document of cisco until this step:
  3.
  Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
  In order to copy and paste the information into the enrollment form, open the file in a text editor that
  does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
  to the website of the third−party CA for more information on how to submit the CSR through the
  enrollment tool.
  After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
  sends back the signed certificate via e−mail.
  4.
  Copy the signed certificate information that you receive back from the CA into a file.
  This example names the file CA.pem.
  my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
  Please help and Thanks you.
  Regards,
  Jasa

  you have to do more steps using openssl.
  before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
  Then you have to copy and paste on a notepad or gedit:
  SSL (the certificate that they give you)
  Intermediate (the certificate that you obtain from the company that gives you the certificate)
  Root (the certificate that you obtain from the company that gives you the certificate)
  name the text file like: allcerts.pem
  then... you have to run this commands:
  C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
  C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
  Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
  Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
  If you have doubts please contact me.
  Have fun!

• Problem generating stubs for Java EJB web service deployed in OAS

  I created an EJB web service and I've successfully deployed it in my Oracle App Server. Some of the methods work fine but others produce the ff error:
  org.apache.soap.SOAPException - java.lang.IllegalArgumentException: No Serializer found to serialize [classname] using encoding style [encoding]It seems that the objects specified as parameters in the web service methods exposed are the only ones that had stubs generated for them. Other objects I use, which are usually wrapped inside a Vector, did not have generated stubs.
  Example:
       public String loginUser(UserDTO userDTO) throws RemoteException, NamingException, SQLException;
  public String addItems (Vector vecItems) throws RemoteException, NamingException, SQLException; // where vecItems is a collection of ItemDTO objects     In this scenario, stubs were generated for the UserDTO class, but not for the ItemDTO class. In effect, calling the addItems method resulted to the exception I mentioned above.
  I did a workaround wherein I declared a dummy method which accepted all the types of objects I needed as parameters so all the necessary stubs can be generated, but this fix doesn't feel like it's the proper solution to my problem.
  If anyone can help me, it would be greatly appreciated. Thanks!

  Crossposted:
  Problem generating stubs for Java EJB web service deployed in OAS

• I downloaded the 64 bit version of itunes and plugged in my ipod touch but a sign pops up and says i need the right software for the ipod to connect which is 64 bit.  Does anyone know how to fix this problem?

  I downloaded the 64 bit version of itunes and plugged in my ipod touch but a sign pops up and says i need the right software for the ipod to connect which is 64 bit.  Does anyone know how to fix this problem?

  Hi alexanderfrommilton,
  First try reinstalling itunes.

• How to generate csr for third party code signing cert?

  I've been reading about code signing, but can't see how to generate a csr to use with a third party CA. Does someone have a tutorial, link, suggestion?

  Hi,
  Here is an document which discussed on how to implement code signing with using third party certificate for you reference:
  http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/best_practices.doc
  For further suggestions, it is recommend you to get further support in the MSDN Forum so that you can get the most qualified pool of respondents.
  http://social.msdn.microsoft.com/forums/en-US/categories/
  Thanks
  Tiger Li 
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How to generate CSR for APS?

  How do I generate a CSR file for Policy Server on a automatic installation of ASP?
  I have to install a thirdparty SSL sertificate.
  I used the automatic install. Im guessing that tomcat and apache are optional webservers and not the one currently running.
  Michael

  You can list all keystore entries with:<br /><br />keytool -list -keystore <Keystore> -storepass <Storepass><br /><br />and delete with <br /><br />keytool -delete -alias <Alias> -keystore <Keystore> -storepass <Storepass>]<br /><br />Michael

• Generating CSRs for SSL Certificates

  Hi all,
  I am trying to generate CSRs for SSL Certificates, in order to set up a secure (https) dynamic dns connection to my router.
  I am supposed to access to the following directory through the Terminal:
  cd /usr/local/ssl/private
  But all I can access is /usr, I cannot go any further. I always get the message "/local: No such file or directory." Even if I am logged as root.
  I might be making some mistakes, but I do not understand what is going on.
  Thanks
  Enrique

  The error message you posted says there is no "/local" which is true.
  There is a "/usr/local"
  If you are cd'ing one directory at a time, don't lead them with a /
  For example:
  cd /usr
  cd /local
  Will give you the error you describe
  cd /usr
  cd local
  Will put you into /usr/local
  If this doesn't solve your issue, please post the exact steps you are taking.
  Jeff

• How Do You Generate a 2048bit CSR for a Third Party SSL Certificate for LMS 4.0.1?

  Our site requires Third Party SSL certificates to be installed on our servers.  We have an agreement with inCommon. I have to supply a CSR in order to obtain the SSL certificate.
  My installation is on a Windows 2008 server and I had the self-signed CSR already but it is only 1024 bits.  Is there someplace in the GUI or OS where I can change the encryption?

  This is a shot in the dark, but since CiscoWorks is using (I believe) Tomcat as the web server, could you run keytool to generate the CSR?
  http://help.godaddy.com/article/5276
  You could also use an online CSR gererator such as:
  http://www.gogetssl.com/eng/support/online_csr_generator/
  The key (pun intended) is having the private key on your server so that when you get the signed certificate and install it (using sslutil) it will be usable.
  Hope this helps.

• Looking for the right collection for a specific problem

  Hi guys,
  Just wanted to say great work you guys are doing here. the forum has definitely helped me a lot in the past.
  I am currently having a problem selecting a collection for this specific application that i have to do for my final year project. I am looking for a way to store a bunch of strings a collection that uses the actual string as its key and stores the number of times that the string have been added to the collection as its value.
  so for e.g
  String a = "a";
  String b = "b";
  String a2 = "a";
  String c = "c";
  /**Here is where i create my collection */
  // Collection mycollection = new collection
  // mycollection.add(a);
  // mycollection.add(b);
  // mycollection.add(a2);
  // mycollection.add(c);
  /**if you request for the string a or a2 the collection should return the number of times that string appead e.g */
  // System.out.println(mycollection.get(a));
  //this should print 2
  Does such a collection exist? I remember using something similar when i was learning c++ but i havent been able to find what i am looking for in the API documentation. Please help.
  Frank

  I think what the OP is looking for is probably a Bag. Unfortunately the default collections framework does not provide a Bag interface or implementation. You could look into using the Jakarta Commons Collection, they do provide those (look at the API[url] as well.

• Is there a way to change the CSR for install SSL Certificate for CCMADMIN

  HI there,
  Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
  For that, I have exported a csr to buy a ssl certificate from verisign.
  The problem is the csr includes fqdn an not just the servername
  But the users just have to type in the servername to reach the server.
  Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
  thanks
  Marco

  Hi
  You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
  Command Syntax
  set web-security orgunit orgname locality state country alternate-host-name
  Parameters
  • orgunit represents the organizational unit.
  • orgname represents the organizational name.
  • locality represents the organization location.
  • state represents the organization state.
  • country represents the organization country.
  • alternate-host-name (optional) specifies an alternate name for the host when you generate a
  web-server (Tomcat) certificate.
  Note When you set an alternate-host-name parameter with the set web-security command,
  self-signed certificates for tomcat will contain the Subject Alternate Name extension with
  the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
  contain Subject Alternate Name Extension with the alternate host name included in the CSR.
  Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
  Regards
  Aaron
  Please rate helpful posts...