Renew Verisign ssl certificate for webaccess
Hi, We have just had our current Verisign ssl certificate expire.
We are running Groupwise 7.03 - on our cluster agents and postoffices & gwia.
The webaccess application is running on a Netware 6.5 sp5 - which is running Apache ver 2.0.54 & Tomcat 4 and also has tomcat5 in the DMZ.
I have come across a number of support Tids about renewing ssl into edir, but i am looking for some steps to run through regarding WEBACCESS.
My web app team have just bought a new verisign ssl certicate.
What do i do from here to renew the webaccess application with the new Verisign ssl certificate.
Anything that can help with this regarding webaccess and verisign ssl renew certifcaite instruction steps would be helpful.
regards
Dennis
Dennis,
> My web app team have just bought a new verisign ssl certicate.
> What do i do from here to renew the webaccess application with the new
> Verisign ssl certificate.
>
> Anything that can help with this regarding webaccess and verisign ssl
> renew certifcaite instruction steps would be helpful.
If you still need to do this, drop me an email at hamish at haitch dot
net and I'll send you a doc I did documenting the process.
H.
Hamish
Run multi-processor NetWare VM's with vmBoost
http://www.haitch.net
Similar Messages
-
Use public SSL certificate for WebAccess 8 on SLES10 Linux S
Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
Thanks in advance.
Wilsonwilsonhandy wrote:
> Currently my WebAccess 8 server is running on NetWare. I want to move
> my WebAccess to SLES10 SP3 server and use public SSL certificate from
> third-party on SLES 10. I think this is just to get apache to use the
> public cert on SLES 10 Linux server and nothing to change on
> WebAccess, right?
Yeah, it's purely an Apache config. No need to do anything to
WebAccess just to get SSL working.
Novell Knowledge Partner
Enhancement Requests: http://www.novell.com/rms -
How to import a Verisign SSL Certificates into WebAccess
I attempted tp follow the Novell TID:
How to Import a CSR generated by GWCSRGEN (10091564).
Whenever I attempt an import according to the above TID, I get the following error message 'Failed to store the root certificate into the object VeriSignCert.xxxxx.xxx.xxx. Returned error code is -1,240.
The Novell Certificate Server Snap-In to Netware Administrator or Console One could not parse the certificate or extract the mandatory elements from the certificate.FilosaD,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
ACS Not installing renewed SSL Certificate for PEAP/EAP-TLS?
We recently renewed our SSL certificate through RapidSSL. While attempting to install the new certificate into ACS, I was given the prompt to showing the updated dates, confirmed and installed the new certificate, deleting the old. I restarted ACS, as required, but when trying to enable PEAP or EAP-TLS, I am getting the error "Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed."
The worst part, is that I when I tried to reinstall the old certificate, I am now getting the same problem.
Any suggestions?Matt,
How did you perform the CSR.... did you use ACS or OpenSSL? Also, did you verify that the certificate is in the trusted personal folder on the server?
Scott -
Is it possible to use single ssl certificate for multiple server farm with different FQDN?
Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
WaliullahIf you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean -
Exchange 2010: How to renew an SSL certificate?
Hi all. I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010. I really don't want to mess this one up by cobbling together partial answers
from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out.
This is a standard GoDaddy 5-domain UCC certificate. There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet). The existing certificate expires in a month or so.
I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
has addressed all my concerns, or in some cases information conflicts. So my concerns for example are: can you do a renewal for a certificate before the old one expires? It is actually a renewal, or are you adding a 2nd certificate?
Do you have to do anything in IIS or does EMC or EMS do all that for you?
Thank you.-->Can you do a renewal for a certificate before the old one expires?
Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
-->It is actually a renewal, or are you adding a 2nd certificate?
You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
-->Do you have to do anything in IIS or does EMC or EMS do all that for you?
You will have to do it from MMC or EMS. No need to do anything from IIS.
Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
folder
Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
3. Open Exchange MMC. Go to Server configuration. Right click on the pending request. Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
5.Delete the old one certificate from MMC.
From EMS use this command
Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
You can see the the certificate thumprints using Get-ExchangeCertificate command
MAS. Please dont forget to mark as answer if it helped. -
Changing SSL certificate for ICM
Hello,
I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
Is there any possibility to change working certificate? What should I do to make such change?> I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
> You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
> Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
> (for internet use the certificate in on the reverse proxy in the DMZ).
Here I've got another problem.
I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
Many thanks for your help,
regards,
Konrad -
Installing Verisign SSL Certificate on NW 700 Java system
Hello Experts,
For our NW700 Java system, we have got Verisign SSL Certificate. Installation instructions from Verisign says - we need to install Intermediate Certificate also along with SSL certificate for our Common Name.
Can you please let me know how we install Verisign SSL Certificate on NW700 JAVA system using Visual Admin.
Instructions from Verisgn says:
Install Intermediate Certificate on server.
Install SSL certificate.
Thanks
DavinderHello Patrick,
Thanks for the information:
you created a keypair for SSL in the Key Store service interface in the Visual Administrator, generated a CSR response and sent it to Verisign. Now you have the CSR response from Verisign - is my understanding of the situation correct?
Absolutely right
You can import this into the Key Store service, by highlighting the private key of the keypair and choosing 'Import CSR Response'. Now your key pair is signed.
Successfully done.
After this i can see that PRIVATE KEY (IssueDN has been changed to Verisign)
But CERTIFICATE ISSUER DN is not changed.
Now if i try to access the site with https, able to do properly and if click on the Lock icon on the browser, i can see certificate is 3 Chained
Verisign Trial Secure Server Root CA - G2
----> Verisign Trial Secure Server CA - G2
----> -> Training.pearson.com (this is my Common Name)
So it looks to be working fine.
However there is no chain formed. You need to now follow the aforementioned note and export the private key and public key certificate separately by higlighting the private key and choosing 'Export'. Export with the 'Files of type' drop down box set to (*p8), and after exporting the private key you will be able to export the public key cert. This is step 6 and 7 of the note. Now follow steps 8-12 to form the chain
No Chains has been made in Visual Admin, and i tried these on another server - it works as you are saying.
But is there any benefit of importing Intermediate, Root Certificates - as mentioned in SAP note steps 8 to 12.
If yes, then is it mandatory to make the chain till 3rd level (means Root Certificate also).
Once the chain is loaded into the Key Store, you need to ensure that the Java dispatcher is configured to send the signed server certificate for the relevant SSL ports - see here http://help.sap.com/saphelp_nw04/helpdata/en/5c/15f73dd0408e5be10000000a114084/content.htm
Edited by: Julius Bussche on Aug 10, 2009 3:44 PM
code --> quote -
How we can get SSL certificate for any site?
i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.
Hi,
Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
Based on your description, I’m a little confused with your question. Did you mean that want to know why need
SSL certificate for website?
Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
and your server.
An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
Managing Certificates
SSL and Certificates
Understanding Self-Issued
Certificates in SBS 2003 & SBS 2008
Installing a GoDaddy Standard
SSL Certificate on SBS 2008
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If anything I misunderstand or any update, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu -
RV120W SSL Certificate for Client
Hello,
When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
Firmware:
1.0.2.6
Help?Hello Sir, My name is Eric Moyers. I also responded to your other thread.
I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
Thanks
Eric Moyers
Cisco Network Support Engineer
SBSC WIreless and Surveillance SME
CCNA, CCNA-Wireless
1-866-606-1866 -
Hi all,
I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
And also how to get SSL certificate for database form Godaddy?
Any help would be great.
Thanks
Rajitha
--------------------------------------------------------------------------------Pl refer to Oracle® Database Advanced Security Administrator's Guide
10g Release 2 (10.2) from Oracle documentation.
You will find useful information on that related to this.
Dilipkumar Patel. -
Installing an SSL certificate for a CSS 11503
I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!Allen,
The portion of the configuration guide related to SSL certificates and keys can be found here:
http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
~Zach -
Iplanet 6.0 creating a development SSL certificate for internal use
With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
Is there a tool to create my own SSL certificate for development work with iplanet 6.0?With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
Is there a tool to create my own SSL certificate for development work with iplanet 6.0? -
Renew SSL Certificate for for two Exchange 2010 Server and the new rules.
I find DigitCert's website always helpful with cert questions.They've got a pretty helpful page here: https://www.digicert.com/internal-names.htmIt looks like they've got a tool for Exchange, but I've not used it myself, so can't say if it works or how well: https://www.digicert.com/internal-domain-name-tool.htmI bet Microsoft have something on their website too that helps with this sort of question.I'd say you register a completely new domain and use that for public facing and internal servers. Or you could just create a sub domain of an existing one, i.e. subdomain.mydomain.com and use that, i.e. public_exchange.subdomain.mydomain.com and internal_exchange.subdomain.mydomain.com.
Hi there ,
My exchange 2010 Server Certificate is about to expire and i am going to renew it but according to the new rules for SSL Certificate Issuing we can not include our Local Servers Names and Local FQDN such as myserver.contoso.local, my issue is that i have 2 exchange servers one is internet-facing Server (where the certificate is initiated and installed) and one is non-internet-facing Exchange server.
if i am going to renew my certificate with public only name, I have to create a split Domain that reflects my external links to the internal Users, what shall i do for the non-internet-facing server? do i need to create another record in my split DNS Server and add it to my Certificate Request ?
This topic first appeared in the Spiceworks Community -
Is there a way to change the CSR for install SSL Certificate for CCMADMIN
HI there,
Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
For that, I have exported a csr to buy a ssl certificate from verisign.
The problem is the csr includes fqdn an not just the servername
But the users just have to type in the servername to reach the server.
Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
thanks
MarcoHi
You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
Command Syntax
set web-security orgunit orgname locality state country alternate-host-name
Parameters
• orgunit represents the organizational unit.
• orgname represents the organizational name.
• locality represents the organization location.
• state represents the organization state.
• country represents the organization country.
• alternate-host-name (optional) specifies an alternate name for the host when you generate a
web-server (Tomcat) certificate.
Note When you set an alternate-host-name parameter with the set web-security command,
self-signed certificates for tomcat will contain the Subject Alternate Name extension with
the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
contain Subject Alternate Name Extension with the alternate host name included in the CSR.
Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
Regards
Aaron
Please rate helpful posts...
Maybe you are looking for
-
CTRL+F in Internet Explorer 8 does not work for WD calendar iviews
Hi all I have a simple, but yet important question. In the ESS iview "Register working time", I'm not able to search the content diplayed in the calendar table area of the iview using CTRLF search functionality in Internet Explorer. This means that a
-
Pages not rendering properly in DW CS4, but renders correctly in browsers
Hello, I created a web page in CS4 and the layout is skewed when viewed in DW, but renders correctly in FF and IE: here is a link to my page. I ran the HTML and CSS through the WC3 validators and there were two minor errors in both files that I corr
-
Oracle.integration.platform.blocks.sdox.WLSSDODynamicStubHelper
Hi All, I have developed an ADF-BC Service and created service interface in it. And trying to deploy in Admin server but getting the following error: [01:44:28 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException: oracle.int
-
My iphone 5 will not sync music
My iphone 5 will not sync the music i have selected. It shows the songs that should be added in gray when I look at the 'on this iphone' tab but when I attempt to sync the phone nothing is added. This is ridiculous. These phones cost a ton of money a
-
How to re-install deleted podcasts from my iPod?
I am using iTunes 8.1.1 and I see in iTunes that I have about 70 podcaasts listed. If I click on one I can hear it. For some reason, iTunes has deleted all but about 18 from my iPod (a 160GB unit, and maybe 20% filled) and I am wondering how to re-lo