Proper SSL certificate?
I noticed the note in the following URL:
https://lenovo-na-en.custhelp.com/app/answers/detail/a_id/27878/kw/ssl
NOTE: If you create a LenovoEMC Personal Cloud on a network storage device that has LifeLine 4.0.2 or above, you will receive an official security certificate for your device. Allow approximately a week for delivery of the certificate.
My ix2-dl is on LifeLine 4.0.8.23976 firmware. Is there a way for me to request an official security security certificate so I can stop using the self-signed cert and avoid the certificate warning error?
Hello Santoku
Please see the " Is it safe to ignore my browser’s security warning? " article regarding the ssl work arounds if you have not purchased a ssl certificate from an ssl certificate provider.
LenovoEMC Contact Information is region specific. Please select the correct link then access the Contact Us at the top right:
US and Canada: https://lenovo-na-en.custhelp.com/
Latin America and Mexico: https://lenovo-la-es.custhelp.com/
EU: https://lenovo-eu-en.custhelp.com/
India/Asia Pacific: https://lenovo-ap-en.custhelp.com/
http://support.lenovoemc.com/
Similar Messages
-
SSL certificates for multiple websites
I am having problems with websites recognizing the SSL certificate assigned to said site. For example, I have three secure websites; (1) x.abc.com, (2) y.abc.com, and (3) z.abc.com. All are setup for SSL with associated SSL certificates from a signed authority. However, when I browse to said sites, I receive an SSL mismatch error pertaining to the domain name. For whatever reason, two of the sites want to use the main site SSL certificate.
I have verified that the sites are setup correctly with the proper SSL certificate and restarted web services. Any ideas?
Thanks!You do this by IP Aliasing the machine
Oh, you were referring to IP Aliases. Sorry. I interpreted your comment as meaning Server Aliases within Apache (where multiple hostnames map to the same virtual host configuration).
My bad.
So we're both right - you need multiple IP addresses on your server (either by duplicating the inteface in System Preferences, or through IPAliases.conf) and you need to bind one SSL site to each IP address (although you could also use different port numbers on the same IP address in Apache).
If you're using NAT you still need multiple public IP addresses that forward to each of the IP Aliases (or virtual hosts). -
Why is the SSL Certificate "Edit" button disabled in Server Settings?
I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
Anyway, I'm stumped. Any suggestions are welcome.venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)
-
Hi all,
I had to upgrade my production server from 4.1 to 6.0sp4. The server was also different as we can't afford any big down-time. I couldn't find any iWS related proper documentation for SSL certificate migration between different servers, so I did a hack and copied the cert7.db and key3 db manually and renamed it as expected...
I was never sure if I was doing right.... BUT IT WORKED :-)
Now after setting up live server for a months, I am getting complains about certificate errors and/or warnings from various customers. In all cases there is a problem coz of 'ancient' browsers (like lesser than IE5 or NS4.7). Any mordern browser is working perfectly (including my favorite Opera). And customers are happy again coz site is working fine after browser upgrade. But my concern is:
HAVE I DONE ANYTHING WRONG IN SSL MIGRATION OR ITZ JUST iWS 6.0's PROBLEM?
Any info / suggestion will be highly appreciated.
Thanx.There isn't enough information for me to be certain, but I suspect the errors are unrelated to anything on the server side. The most likely explanation is that the ancient browsers have an expired root CA cert for the CA that signed your certificate. Upgrading either the browser or the browser's root CA certs would address the problem.
Copying the trust database files from iWS 4.1 to iWS 6.0 is safe. -
Expert advice needed: Why could I not connect to my own server after deletion of SSL certificate?
Issue: Could not connect to my own server after deletion of SSL certificate despite having SSL disabled
Hello,
I admit I am lay user with rudimentary SSL knowledge and I therefore messed up my certificates and I could no longer access my own server (Wikis, WebDav, Device Manager) with Safari. (error: Safari can't connect to server)
Eventually, I could resolve the problem but I do not understand why there was problem in the first place.
Maybe someone can explain that to me ?
OK, here is what I did:
I created a Certificate Authority because I wanted to use a free SSL Server certificate for our private server.
(I followed http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388 )
Despite several attempts I never got the server to accept the certificate for web services, the certificate was accepted for iCal, Mail and iChat but not for Web services. I tested an older certificate that was created when I set up the server and that that worked for all services incl. Web. So the problem was with my certificate only.
Out of desperation and lack of concentration I deleted the "original" certificate.
Now, I soon noticed that I could no longer log in to my server. I solved the problem by restoring the original certificate.
My question:
I had SSL disabled in the Server app settings. Why does Safari still look for a proper certicate ? (the server logfile had an entry that a .pem file could not be found which makes sense if the cert has been deleted)
I would be very grateful for an expert advice.
Regards,
TwistanBecause....
the server does not have a 'trusted' certificate assigned to it.
Only the RDP Gateway has the trusted certificate for the external name.
If you want to remove that error, you have to do one of the following:
Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
So, something like,
server.domain.publicdomain.com
Or,
Install that certificate on your remote computer so it is trusted.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Problems installing SSL certificates for more than one alias on iMS 5.2
I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
Environment: Full 420R, Solaris 8, iMS5.2
Thanks in adviceAlthough I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform. -
Sefl-signed ssl certificate not possible?
Hello everyone,
could it be that oit is not even possible to let flex'
webservice or httpservice connect to a
https webservice that is secured by a self-signed
certificate? There is absolutely no reason
for me to buy a "real" certificate just for encryption
purposes.
I installed crossdomain.xml on the target server, the
webservice is running fine when pasting
the urls into the browser and I installed the certificate
into IE (which I have to use here), so
is gives no error and shows the nifty little lock in the
address bar. But Flex refuses to work,
except for running the app locally (means by clicking "run"
in flex builder).
I'm using Flex 2.01 if important.
So, could anyone help me? Or is Flex just so ignorant to
self-signed webservices?
bye
sysforHi sysfor,
I am using the proper SSL certs in production and self-signed
in development & testing, no problems so far.
Flex/Flash does not deal with SSL certs authentications -
this task is delegated to browser.
So I presume that you are facing a different kind of a
problem - your crossdomain.xml is not setup properly.
Have you checked the policyfiles.txt log?
Another point, you are probably doing the calls on direct
URLS (https://myhost/path). Instead you should use a relative path.
I.e. if your swf was downloaded from server myhost, then it should
simply do the calls to ./path.
Cheers,
Dmitri. -
Expired SSL certificate errors in browser after installing a new Certificat
I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?
Here is the output but i noticed that there are three of the same key(sitecert)
wadm> certutil -L -d .
sitecert u,u,u
sitecert u,u,u
Thawte SGC CA - VeriSign, Inc. CT,,
sitecert u,u,ui guess now the question is how to get ride of the 2 offending certs in the database. -
How to Create SSL certificate for HTTPS Connection in SAP PI
Hi,
I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
Please help me on this issue.
Thanks,
SivaHi,
Check if it helps:
http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
Regards,
Caio Cagnani -
Office Web Apps Server SSL Certificate
Hi
I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
Regards.Hi,
Thanks for your posting in this forum.
I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
Thanks for your understanding.
Best Regards,
Wendy
Wendy Li
TechNet Community Support -
SSL Certificate Export Password
Hi ,
I am trying to export certificate and Key from CSS, Unforunately i do not have password from them.
Is their anyway to recover password or can i export keys and certificate without password.
Thanks in Advance
AniruddhaI think the only way to export the key is to use the password issues when importing the key. The SSL Certificate and Key are stored in DES encryption. There is no way to get the key without the password for the certificate and key except to break DES or guess the password.
-
Cisco ASA 5505 and comodo SSL certificate
Hey All,
I am having an issue with setting up the SSL certificate piece of the Cisco AnyConnect VPN. I purchased the certificate and installed it via the ASDM under Configuration > Remote Access VPN > Certificate Management > Identity Certificates. I also placed the CA 2 piece under the CA Certificates. I have http redirect to https and under my browser it is green.
Once the AnyConnect client installs and automatically connects i get no errors or anything. The minute I disconnect and try to reconnect again, I get the "Untrusted VPN Server Certificate!" which isn't true because the connection information is https://vpn.mydomain.com and the SSL Cert is setup as vpn.mydomain.com.
On that note it lists the IP address instead of the vpn.mydomain.com as the untrusted piece of this. Now obviously I don't have the IP address as part of the SSL cert, just the web address. On the web side I have an A record setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
What am I missing here? I can post config if anyone needs it.
(My Version of ASA Software is 9.0 (2) and ASDM Version 7.1 (2))It's AnyConnect version 3.0. I don't know about the EKU piece. I didn't know that was required. I will attach my config.
ASA Version 9.0(2)
hostname MyDomain-firewall-1
domain-name MyDomain.com
enable password omitted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd omitted
names
name 10.0.0.13.1 MyDomain-Inside description MyDomain Inside
name 10.200.0.0 MyDomain_New_IP description MyDomain_New
name 10.100.0.0 MyDomain-Old description Inside_Old
name XXX.XXX.XX.XX Provider description Provider_Wireless
name 10.0.13.2 Cisco_ASA_5505 description Cisco ASA 5505
name 192.168.204.0 Outside_Wireless description Outside Wireless for Guests
ip local pool MyDomain-Employee-Pool 192.168.208.1-192.168.208.254 mask 255.255.255.0
ip local pool MyDomain-Vendor-Pool 192.168.209.1-192.168.209.254 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address Cisco_ASA_5505 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address Provider 255.255.255.252
boot system disk0:/asa902-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.3.21
domain-name MyDomain.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network MyDomain-Employee
subnet 192.168.208.0 255.255.255.0
description MyDomain-Employee
object-group network Inside-all
description All Networks
network-object MyDomain-Old 255.255.254.0
network-object MyDomain_New_IP 255.255.192.0
network-object host MyDomain-Inside
access-list inside_access_in extended permit ip any4 any4
access-list split-tunnel standard permit host 10.0.13.1
pager lines 24
logging enable
logging buffered errors
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static Inside-all Inside-all destination static RVP-Employee RVP-Employee no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.XX 1
route inside MyDomain-Old 255.255.254.0 MyDomain-Inside 1
route inside MyDomain_New_IP 255.255.192.0 MyDomain-Inside 1
route inside Outside_Wireless 255.255.255.0 MyDomain-Inside 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record "Network Access Policy Allow VPN"
description "Must have the Network Access Policy Enabled to get VPN access"
aaa-server LDAP_Group protocol ldap
aaa-server LDAP_Group (inside) host 10.0.3.21
ldap-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-group-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Cisco VPN,ou=Special User Accounts,ou=MyDomain,dc=MyDomainNET,dc=local
server-type microsoft
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http MyDomain_New_IP 255.255.192.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
no validation-usage
no accept-subordinates
no id-cert-issuer
crl configure
crypto ca trustpoint VPN
enrollment terminal
fqdn vpn.mydomain.com
subject-name CN=vpn.mydomain.com,OU=IT
keypair vpn.mydomain.com
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca server
shutdown
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
omitted
quit
crypto ca certificate chain VPN
certificate
omitted
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate ca
omitted
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint VPN
telnet timeout 5
ssh MyDomain_New_IP 255.255.192.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 rc4-md5 des-sha1
ssl trust-point VPN outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 3
anyconnect image disk0:/anyconnect-linux-2.4.1012-k9.pkg 4
anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 5
anyconnect profiles MyDomain-employee disk0:/MyDomain-employee.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 10.0.3.21
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value MyDomain.com
group-policy MyDomain-Employee internal
group-policy MyDomain-Employee attributes
wins-server none
dns-server value 10.0.3.21
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value MyDomain.com
webvpn
anyconnect profiles value MyDomain-employee type user
username MyDomainadmin password omitted encrypted privilege 15
tunnel-group MyDomain-Employee type remote-access
tunnel-group MyDomain-Employee general-attributes
address-pool MyDomain-Employee-Pool
authentication-server-group LDAP_Group LOCAL
default-group-policy MyDomain-Employee
tunnel-group MyDomain-Employee webvpn-attributes
group-alias MyDomain-Employee enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1c7e3d7ff324e4fd7567aa21a96a8b22
: end
asdm image disk0:/asdm-712.bin
asdm location MyDomain_New_IP 255.255.192.0 inside
asdm location MyDomain-Inside 255.255.255.255 inside
asdm location MyDomain-Old 255.255.254.0 inside
no asdm history enable -
We have to close vulnerabilities for PCI & Cybertrust certification. We have upgraded users running Firefox to version 7.0.1 but we are still receiving the message: Mozilla Firefox SSL Certificate Validation Security Weakness. Researching the issue, it appears to be related to certificates not being revalidated when loading HTTPS pages from cache. The bug report I found is:
Bug 660749 - Firefox doesn't (re)validate certificates when loading a HTTPS page from the cachecookies.squite answer is Today at 5:15 PM .
New profile, same problem.
We've already established it is not a add-ons problem but obviously there will be less add-ons in this new profile to help exclude.
Since there is two PC profiles on the PC, I tried the second profile, same problem. Used the RESET FF function on the second PC profile...same thing...even followed the instruct for uninstall &re-install...same problem.
(3) different virus scanners, no hard core problems.
Suspect how I have something in Windows setup that no one else is using? -
Is it possible to use single ssl certificate for multiple server farm with different FQDN?
Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
WaliullahIf you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean -
How can I change an SSL Certificate display name on Firefox?
I have 6 SSL Certificate to install in order for an application to open in 6 ways. Each certificate represent a way. The problem is that the pop up window i am receiving to choose one of these 6 SSL displays the Issuer CN while i need it to display the friendly name / or the description since i can modify them.
Any way this is possible?
Thanks,This article may help you
https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&s=SSL+certificate+display+on+Firefox&r=7&as=s
regards,
Gautam sharma.
Maybe you are looking for
-
Whose files do I see in wwv_flow_files.
Hi, I wish to download and run a piece of vbscript in the users environment. The vbscript does a mail merge with word, dowloading the mail recipients through a URL that I provide. Using the upload/download tutorial I have created my own procedure to
-
"Always Use Selected Format" check box in line items report
Hi Experts, I have an issue in ECC 6.0. From the transaction code FBL1N (Vendor Line Items) I am trying to export the report to spreadsheet by selecting the option List> Export>Spreadsheet then I have selected "Always Use Selected Format" check box
-
No longer able to move individual windows to different desktops.
Recently ran into an issue, where I couldn't not move open applications between windows. For example, I have iMail running in Desktop 1, and wanted to copy a single piece of email to Desktop 2, where I have a web browser running. In another example
-
I am building a web-site with intit. Today I found out their SiteBuilder software is not Mac compatable. They suggest downloading FireFox. I am running Mac OS X 10.4.11. Is there an older version of FireFox that I can download in order to build my si
-
After posting that you need good accounts of bt to balance the bad I am going to be true to my word. Switched to bt today all went well. Infinity working 10meg above what was quoted( so far) and vision working well. I had a problem with viewing card