Replace Self-Signed FAST Search Certificate with Third Party Certificate

We are trying to replace the Self-Signed FAST Search Certificate with Third Party Certificate in our SP 2010 environment. And are facing issues while enabling the SSL communication between the FAST servers and the corporate servers.
Our FAST search servers are in a different farm than that of the Corporate Servers.
The details of the certificate we received is as follows:
Issued to : FastSearchCert
Issued By: Issuer Name
Valid From: 4/21/2015 to 4/20/2017
We were able to successfully renew the certificate on the FAST Search Server by following the below steps:
1. Login to the Administrative and the Non-Administrative nodes
of the FAST server. Go to Windows Service and stop the FAST Search for SharePoint and the FAST Search for SharePoint Monitoring services in both the servers.
Follow the below steps in the Administrative Node followed by the Non-Administrative Node
2.
Install the certificate in the following paths in the certificate store:
“Certificates(Local Computer)\Personal”
“Certificates(Local Computer)\Trusted Root Certification Authorities”
3. Ensure that the user account configured for the “FAST Search Server 2010 for SharePoint” has access to the private key of the certificate.
4. Go the Administrative node of the FAST farm and follow the below steps:
Go to the certificate store.
Expand the Personal folder and then click the Certificates folder. Double-click the third party signed FAST certificate.
Open the Details tab and then click Thumbprint. Note down this thumbprint.
5. Next, open
Microsoft FAST Search Server 2010 for SharePoint with Administrator
Privileges.
6.
Navigate to the directory, “D:\FASTSearch\installer\scripts” and execute the below command to replace the current certificate with the newly created
third party signed FAST certificate.
.\ReplaceDefaultCertificate.ps1 -thumbprint "certificate thumbprint".
7. The FAST certificate was renewed successfully.
Once the certificate has been renewed successfully in both the nodes, follow the below step:
8. Start the FASTSearch for SharePoint and the FAST Search
for SharePoint Monitoring services in the administrator server.
Next, while enabling the SSL communication between the FAST servers and the other corporate servers, we follow the below steps:
1.
Copy the new certificate from any of the FAST servers to all the web-front end and application servers in the corporate farm, in order to enable SSL communication between these servers and the FAST farm.
2. Also, copy the script
‘SecureFASTSearchConnector.ps1’ from the location “%FASTSearchFolder%\installer\scripts” in the FAST servers
to the web-front end and application servers of the corporate farm.
3. Follow the below steps on each of the servers in the corporate farm:
Open ‘SharePoint 2010 Management Shell’ with administrator privileges and navigate to the directory in which
SecureFASTSearchConnector.ps1’ script is located.
And then, execute the below command:
.\SecureFASTSearchConnector.ps1 -certThumbprint "certificate thumbprint" –ssaName “FASTCibtebtSSA” –username “DOMAIN\SP_Farm”
Where,
-certThumbprint
- Thumbprint of the certificate
-ssaName – FAST Content SSA
-username – The account configured to run the SharePoint
Search Service
On execution of the above command, we receive an error message stating that the "Connection to the Content Distributor servername.corp.abc.org: 14391 could not be validated...instance of FAST search server backend is running"
Please help us resolve this issue. We have not been able to find the cause of the above error for a long time.
Any help is much appreciated.

Your tip on exporting from eDir to locate a missing private key was very helpful. Here are my steps to renew an expired third party certificate when the private key, generated 30 months ago in my case, could not be located.
In iManager, browse the tree and locate the likely certificate object. The Attributes for the object show Subject Name = webmail.acme.com. Selected the certificate and exported to webmailcert.pfx.
Then, the openssl commands in TID 7004039, "How to convert a SSL PFX to a PEM file", were run against the .pfx file to create cert.pem, key.pem and server.key files.
TID 7015500, "How to determine if private key belongs to public key (certificate)", was followed to determine if the public key (downloaded from third party) and private key (just retrieved from iManager) match - they did - that is, the private key converted from webmailcert.pfx matches the downloaded certificate.
TID 7013103, "How to create a .pem File for SSL certificate Installations", was followed to manually create a server.pem file using openssl.
TID 7010584, "How to setup SSL Certificate for Apache", part labeled "Additional Information" was followed to modify /etc/apache2/vhosts.d/vhost-ssl.conf file. Server.pem file created above copied to /etc/apache2/ssl.crt/ and /etc/ssl/servercerts/ directories as specified in vhost-ssl.conf.
Restarted apache2.
www.digicert.com has an SSL Certificate Checker that can be used to verify the installation is successful.

Similar Messages

SSL with third party certificate

Hi All,
I followed the configuration mentioned in the white paper
Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
I have a third party certificate (file format - .der, I got .cer from that).
With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
Any suggestions please…

Hi All,
I followed the configuration mentioned in the white paper
Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
I have a third party certificate (file format - .der, I got .cer from that).
With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
Any suggestions please…

Error While importing third party certificate

Hi,
In my application I'm using HTTPS for secure connectivity.For that purpose I signed my midlet using a third Party certificate (GoDaddy's Certificate).But when I'm hitiing the url it is not working.
I've done this with generating my own certificate with Tomcat.It is working fine there.I followed the following topic to create Certificate for TomCat
http://143.129.203.3/s/sitter/sl2nap/javaSSLprogr.htm
but when i'm hitiing some live url then it is not working!
Please provide me proper help if possible
Thanx in advance

Slawrence,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

How to integrate single sign on with third party system

we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.

We too are in the process of implementing iStore with SSO features.
And if you believe me it seems to me as nightmare.
In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
[email protected]
regards and thanks in advance
Vikas Deep

Conflict with Third Party Apps?

I am getting an occasional error saying there is a possible conflict with third party apps and that I need to check the drivers of my MIDI devices to see if they are up to date? Sorry but I did not record the exact wording. Does anyone know what this might mean, and how I need to go about checking drivers? I have a lot of interfaces and not sure how to see what's what. Thanks.

Hi Midlake,
Well, because they are known troublemakers. Search for 'takes' or 'take folder(s)' or 'comp' here on the forum and you'll find many a troubled soul crying out for help - including seasoned pro's, who thought they were beyond tears...
O, they are fine for recording many takes - but thats' all. I'll select the best takes/phrases.
regards, Erik.

Third party Certificate not showing up in SQL configuration manager drop down box

Hi,
I have an SQL instance that needs to use a third party SSL certificate for all communications to that SQL instance. I have installed my third party certificate via MMC and it is showing under the Personal Folder.
However, when i go into the SQL configuration manager and right click the instance name > Properties > Certificates, it is not showing in the drop down box.
I am currently using MS SQL Server 2008 R2, which is installed on Windows Server 2012.

Hi,
If the certificate cannot be used for SQL Server and hence will not be visible in SQL Configuration manager. Check the validity of the installed certificate. It may not has the correct DNS name.
I suggest you request a new third party certificate from the vendor with the correct DNS name. Install it on SQL Server environment, then you should see certificate form the configuration manager dropdown box.
Thanks.
Tracy Cai
TechNet Community Support

Generate CSR for Third-Party Certificates

Hi All,
i have an issue when i tried to Generate CSR for Third-Party Certificates,
i follow step by step in the document of cisco until this step:
3.
Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
In order to copy and paste the information into the enrollment form, open the file in a text editor that
does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
to the website of the third−party CA for more information on how to submit the CSR through the
enrollment tool.
After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
sends back the signed certificate via e−mail.
4.
Copy the signed certificate information that you receive back from the CA into a file.
This example names the file CA.pem.
my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
Please help and Thanks you.
Regards,
Jasa

you have to do more steps using openssl.
before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
Then you have to copy and paste on a notepad or gedit:
SSL (the certificate that they give you)
Intermediate (the certificate that you obtain from the company that gives you the certificate)
Root (the certificate that you obtain from the company that gives you the certificate)
name the text file like: allcerts.pem
then... you have to run this commands:
C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
If you have doubts please contact me.
Have fun!

Configure sap xi with third party application?

Hi fredz,
Can any pls explain with technical details and steps how do i configure sap xi with third party application and what type of connectivity and interfacing communication channel is preffered?
Is there any option to web-services for interfacing between SAP system-SAP XI system-Third party Application.
Pls be specific if and only if u have done this scenario.
Regards,
Ameet
Message was edited by:
Ameet Jassani
Message was edited by:
Ameet Jassani

Hi
 
This is a very generic question. There are some getting started guides available in the main XI section on SDN, and also some step-by-step guides in the wiki section. A quick search will get you tons of information.
 
The choice of connectivity and interfacing communication channel is really dependent on the capabilities of the third party system.
 
Also, to get good results on this forum, please read the <a href="https://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement">rules of engagement</a>
 
Regards
Manish

SGD with Third Party Authentication issue

Hi
I am trying to setup SGD with Third Party Authentication and have done all the requisites for this.
I input the SGD URL and get the Third Party Login page but after I input my credentials, I get redirected to the SGD default login page which should not be the case. I had already set "Tomcat Authentication" as false in server.xml and enabled the Third Party authentication scheme in Array Manger
What else am I missing ?
Kindly advise
SGD ver4.31
Thanks

Every now and then I have found the same. One thing that almost always solved the problem was recreating a new trusted user, you can follow the steps from:
[http://docs.sun.com/source/820-1088/trusted_users.html|http://docs.sun.com/source/820-1088/trusted_users.html]
Especially the step to test the trusted_user is a very good test to see if the trusted user is ok: http://server/axis/services/rpc/externalauth
When prompted, log in as the trusted user.
An other way to test it is via the api-test functionality: http://server/sgd/admin/apitest/
First setup a session: webtopsession->startSession(0)
Then authenticate via externalauth->setSessionIdentity
These steps are the minimal steps to perform 3rdParty Authentication
(There is also an example jsp for 3rd Party Authentication on the wikis.sun: [http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)|http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)] )
- Remold

Try to implement SSL for OMS console - Third Party Certificate

Using 10.2.0.5.0 of Grid control. 11.1.0.7.0 DB
Internet Explorer (or any browser)
enter
https://hostname.com:1159/em/
gets
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
I have tried to follow instructions in Method 2
http://download.oracle.com/docs/cd/B16240_01/doc/em.102/e10954/security2.htm
emctl secure oms -trust_certs_loc <loc of trusted_certs.txt>
completes without error
I have a third party certificate from GEOTRUST. I have downloaded the Root CA certificate from GEOTRUST and placed them both in a file called trusted_certs.txt
I have also imported both certificates in Oracle Wallet Manager. I can see the details within OWM and they are correct.
I followed instructions in metalink How to provide HTTPS browser access to the Grid Control Console using a third party certificate? [ID 736103.1]
When I view the certificate from IE after 'opmnctl startall', the cert is from grid control not GEOTRUST.
It seems like the 'emctl secure oms ...' overwrites the wallet in $OMS_HOME/sysman/wallets/oms_hostname
SSL is a part of Oracle's Best Practices for Grid Control but has anyone gotten it to work?
Thanks in advance.

These Certifications Authorities are supposed to work out of the box:
Class 1 Public Primary Certification Authority by VeriSign, Inc.
■ Class 2 Public Primary Certification Authority by VeriSign, Inc.
■ Class 3 Public Primary Certification Authority by VeriSign, Inc.
■ Secure Server Certification Authority by RSA Data Security, Inc.
■ GTE CyberTrust Root by GTE Corporation
■ GTE CyberTrust Global Root by GTE CyberTrust Solutions, Inc.
■ Entrust.net Secure Server Certification Authority by Entrust.net ((c) 1999
■ Entrust.net Limited, www.entrust.net/CPS incorp. by ref. (limits liab.))
■ Entrust.net Certification Authority (2048) by Entrust.net ((c) 1999
■ Entrust.net Limited, www.entrust.net/CPS_2048 incorp. by ref. (limits liab.))
■ Entrust.net Secure Server Certification Authority by Entrust.net ((c) 2000
■ Entrust.net Limited, www.entrust.net/SSL_CPS incorp. by ref. (limits liab.))
Has anyone used these with OEM?
Verisign is $600 year - ouch
Entrust is $200

Install third party certificate on MAC os X

Hello,
I have installed leport 10.5.X on my machine. I am new bie for MAc and want to install intermediate certificate for my domain from Digicert. I have registered from Digicsert. Please help me to how can I install on the machine. I also need to create a new certificate but when I tried to add it shows an error message like this.
"There are no valid root or intermediate certificate authorities available to sigh certificates. Use the "create certificate Authority" option to create a certificate authority."
Can anybody please help me to what should be the next step.
And how can I install third party certificate.
Thanks in advance.

There is a product called VolumeWorks that is supposed to do this. I looked at the demo, but I could not get it to see the extra space so I ended up backing it all up and erasing the Raid and doing a block copy with Carbon Copy Cloner.

WLC526 third party certificate?

Hi!
Is it possible to install a third party certificate on the WLC526 Controller?
Would be great for Web Authentication for my Guest Wlan!
Thankx
David

Hi,
If the certificate cannot be used for SQL Server and hence will not be visible in SQL Configuration manager. Check the validity of the installed certificate. It may not has the correct DNS name.
I suggest you request a new third party certificate from the vendor with the correct DNS name. Install it on SQL Server environment, then you should see certificate form the configuration manager dropdown box.
Thanks.
Tracy Cai
TechNet Community Support

Anyone else having issues with third party changers saying "this accessory not supported". I get it every time I plug my phone. It only started after the iOS 7 updates

Anyone else having issues with third party changers saying "this accessory not supported". I get it every time I plug my phone. It only started after the iOS 7 update?

That's because part of iOS7 had code in it to look for and recognize unsigned cables.
In other words, Apple knew that people used non-signed ones and didn't care....until last month when they decided to care. People with iOS6 and lower should experience no issues (unless Apple patches those iOS versions) but folks with iOS7 will need to deal with it.

Really Apple? OSX 10.8.5 disables built-in camera functionality with third party apps such as Skype and Gmail video chat. I do not have time machine on my 2013 MB Air. How can I get back to 10.8.4?

Really Apple?
With the release OSX 10.8.5 Apple has once again showed its true colors, and continued its efforts to create a closed Apple system, which eliminates third party vendors, unless, one can only assume... they pay.
Included in this OSX update is the disabling of the built-in camera to work with third party applications such as Skype and Gmail video chat. No surprise the camera works just fine with Apple apps such as Facetime and Photobooth.
The answer I got on my call to AppleCare to ask for assistance in reinstalling 10.8.4, so that I may Skype again, was we can not do that. You can not go back unless you have a time machine bkup.
Can anyone help me get back to to 10.8.4 on my 2013 MB Air?
I do not have a time machine bkup as this computer is not used to store important documents.
Thank you.

Read this post: 10.8.5 Broke Camera Usage For 3rd Party Apps Like Skype
Another: isight not recognized in Skype after 10.8.5 upgrade
Don't panic. Skype simply needs to update its app.

SharePoint 2013 on-premises integration with third party email account

the Email sending issue from SharePoint is causing too much time waste
First let me explain how our SharePoint is deployed
Sharepoint version : 2013
Deployment type : on-premise
Authentication : from Domain controller also hosted locally
domain name ; say domain.com this domain.com is same as our website address hosted on godaddy
SharePoint computer name on local DNS : sharepoint.domain.com
OS and IIS : 2008 r2 , IIS 7.5
Network firewall : 25 26 ports opened for sharepoint , both incoming and outgoing.
Server firewall : turned off
Email configuration Attempts by IIS 6.0
We tried following setting on IIS 6.0 SMTP local server properties
In General tab
qualified name was shown as : sharepoint.dts-solution.com
IP assigned : sharepoint server IP , advanced putted two entries of IP with ports as 25,26
In Access tab
Authentication : selected as Anonymous
Connection : All except below list : empty list
Relay : only the list below , one entry as 127.0.0.1 and other is local static IP of SharePoint server
in Delivery tab
outbound security : Basic authentication : accessed user in AD and given the right password, also checked with annonymous -not working
outbound connection: all default values and port = 25
Advance : fully qualified domain name = sharepoint.domain.com , DNS test showed success, rest every check box unchecked
On sharepoint central management settings
Outbound email = sharepoint.domain.com
from and reply to address = [email protected]
IIS 7.5 SMTP settings
In IIS 7.5 sharepoint application we added SMTP settings as smtp server = godaddy out going smtp , user name as [email protected] , password = godaddy password , port : godaddy outgoing port .
Godaddy account
Our website hosted on godaddy with same name as domain.com
open relay not possible on emails.
Results
After setting alerts on SharePoint sites and assigning tasks with alerts we receive email in queue folder but they never get forwarded. We just wish to use any of our email *.domain.com to send outgoing emails from SharePoint . Its been a while we have no
success.
Tech Learner

Hi,
As I understand, you are using SharePoint 2013 integrating with third party SMTP server which provides email function.
From SharePoint side, I'd suggest you refer to the link below to configure email integration:
http://technet.microsoft.com/en-us/library/ee956941(v=office.15).aspx
If you have already confirm that message is sent from SharePoint, while stuck in queue on SMTP server, then the issue might be related to relay on SMTP server. Since the issue is related to third party product, we do not have enough resource here,
I'd recommend you contact their support engineer for more assistance:
https://support.godaddy.com/help/category/154/email
https://support.godaddy.com/help/article/3552/managing-your-email-account-smtp-relays
Thanks for the understanding.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

Replace Self-Signed FAST Search Certificate with Third Party Certificate

Similar Messages

Maybe you are looking for