SA540 and SSL certificate from DigiCert

Similar Messages

• Copying SSL Certificates from one server to another.

  I have a question that hopefully someone might have the answer for... I have a IPlanet 6.0 SP4 server that has an SSL certificate I'm trying to move to a new server that's on SunOne 6.1. I was under the impression that I could easily copy the <Iplanet_Root>/alias/https-<ServerInstance>-<server>-<key3/cert7>.db files to the new server from that server's alias directory. However before I copied the files, I immediately noticed the new server's cert file is called cert8 instead of cert7 and is 64K as opposed to the 6.0 server's 16K.
  I stopped the web instance and renamed the current db files and copied in the new and changed the cert7 to cert8. When I restarted the server, it stayed up and didn't report any problems. However, when I go the security tab and click on any of the links on the left column, an internal server error (http500) page is displayed. No additional errors show up in the errors log.
  Unfortunately, we don't have the original certificate request. I'm sure when it was applied for; it was cut and pasted into the install certificate page. Otherwise, I'd simply do the install on the other server. Is there a simply means to copy an already installed cert from one sever to another?
  Any assistance would be greatly appreciated.

  Migration from 6.0 to 6.1 should take care of this. You don't have to rename the files to cert7.db after the migration, just leave them with their new names and size as is. The new file created in 6.1(after migration is complete) will be called cert8 and this is fine because 6.1 uses newer version of security libs. Doc links:
  http://docs.sun.com/source/817-1830-10/migrate2.html
  http://docs.sun.com/source/817-1831-10/agcert.html#wp1017112
  Thanks,
  Manish

• Retrieving ssl certificates from a server

  Hello there,
  i am currently trying to learn some things about SSL, i've never had to work with ssl servers until now, and i've got a couple of questions here;
  first off, my client program needs to connect to an IMAP server, in order to retrieve the number of new messages in the inbox. Now, the certificate doesnt seem to be standard, because i get an sun.security.validator.ValidatorException: No trusted certificate found.
  I have already learned how to make my own keystore file and add in custom certificates, but i do not know how to retrieve these certificates from the servers I am connecting to.
  So, how can i get this information from an IMAP server? :)
  many thanks in advance!
  With kind regards,
  Steven

  Ok well I found a way on the net to use an "all-trusting" trust manager, so now the handshake works and i can work within the imap server..
  but, what's the use of this certificate then, if i can simply avoid using a real one? I hope someone could answer this :)

• Re: Mail for Exchange and SSL certificate

  I think this is what you need to do
  1. go to the page from where you have to install certificate
  2.You will see lock symbol at the right hand side of the page, click on it and save it on your desktop PC by going to details page
  3. Open Nokia PC Suite --> FileManager and trasnfer the certificate from your PC to FileManager
  4. Click on the certificate inside FileManager and install it, while installing allow it to choose its place automatically
  Then try synchronising your mail, you ill receive it for the first time when you connect then it wont ask you for that again till you connect next time.
  Hope this helps

  Here's how I got my Nokia to accept the certificate as trusted. It may not work for everybody but it worked for me and after the past week of messing about I am truly grateful for that...
  Basically, I uninstalled then reinstalled Certificate Services through add/remove programs. I then followed the advice on this site (below), but only as far as requesting a cert through IIS Manager.
  http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
  I followed the advice until this section (mainly because it wouldn't allow me to request a cert through IE on the server...)..
  "Getting the Pending Request accepted by our Certificate Authority"
  I then opened "certification authority" on the server (through administrative tools) and right clicked the cert authority which will have the same name as the cert you had just requested and selected properties. In my case, something like mail.mydomain.co.uk...
  Under the General Tab I highlighted "certificate#0" in the CA Certificates box and clicked "view certificates".
  This opens the cert and I then clicked the "details" tab and saved the cert to a location using the "copy to file" button.
  Using the wizard I selected the first option "DER encoded binary x509(.cer) gave it a friendly name, saved it somewhere handy and closed the wizard.
  I then copied the file onto a pc with the Nokia PC Suite installed and copied it to the documents folder (although any one will do). I guess you could bluetooth or email the cert as well..
  I then browsed to it on the phone, clicked on it and it let me save it automatically into the certs folder. I restarted the phone, checked SSL was on and bingo the certificate was trusted and remains working today... You might have to delete an existing cert if you already have one installed as it won't let you overwrite it..
  As I say, I can't say this will work for anybody else as I have probably fiddled around with the server so much it has gone west in some respects, but it works for me and that'll do for now...
  dc

• Mail for Exchange and SSL certificate

  I have a little problem with Mail For Exchange and my Nokia N80. I have self-signed certificate for Exchange mailserver and when I am synchronizing e-mails I got always message: "The site has sent an untrusted certificate. Continue anyway ?". I underestand that my certificate isn't verified by any root authority, but if I have synchronization schedule set at 15 minutes it means I have to confirm this message four times when I am not with my mobile one hour. So question is:
  Is possible to import self-signed SSL certificate into Nokia N80 and set it as trusted ? If yes, please describe me how, because I have tried import the certificate as CER (it was opened just as NOTE on Nokia), I tried to convert it via openssl to PEM (the file was not recognized) etc... Thanks for any help in advance.
  Reply With Quote

  Go to your outlook web access website and click on the lock and then view certificate. The details and then you can save it in DER format to your desktop.
  Then go to this site:
  http://www.redelijkheid.com/symcaimport/ and insert through the browse button and then copy the link to your phone.
  Then you should be able to download it
  You can also go to your IIS default site on the exchange server and directory security and export your certificate under edit certificate.
  I have tried everything now. I can download my certificate and the valicert from GoDaddy, but the Nokia phone is still saying "do you trust this certificate" every time the phone syncs.
  Our firm have taken the E-phones away now and went over to windows mobile and all of them worked within 10 minutes without any errors.
  The funny thing is that when you try to call nokia, they wont help you with Mail for Exchange, and it is there program
  I know my GoDaddy certificate works on windows mobile phones, so It must be something with Mail for Exchange.
  Every guy I talked to about symbian phones have told me they always gives problems with SSL. I am a bit **bleep**, but can conclude that Nokia is for the private consumer.
  Best Regards
  Morten @ Denmark
  Message Edited by asp3200 on 02-May-2008 08:37 AM

• Cisco ISE NDES EAP and HTTP certificates from different CA

  Hi guys, hope this is something you can help with…
  2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
  AD integration with customerdomain.local
  Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
  Corporate authentication is using EAP-TLS which is working fine
  BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
  I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
  The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
  As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
  This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
  Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
  Thanks
  Andy

  I have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine.  I am wondering if this is a certificate tier length issue.  My working example has a RootCA->IssuingCA->Cert.  It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
  Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
  Thanks

• How install SSL certificate from Thawte?

  Hi,
  Given:
  PEM-certificate issued by the company (a lot of different services), the private-key to it.
  What is needed:
  Push it into the ABAP and JAVA, so that when an appeal was heard as a certificate from a trusted source. 
  question:
  How to do it?

  Hi Evgeniy,
  Can you please read through the following guide which should help with your configuration:
  http://scn.sap.com/docs/DOC-26144
  Regards,
  James

• Always Access Denied when choosing Automatically Enrol and Retrieve Certificates from MMC

  I am using 2008 R2 Certificate Services to issue certs across multiple forests (although don't let that muddy the waters).
  I have a need to issue certificates for use with s/ldap, so I have duplicated the Kerberos cert and removed all Intended Purposes other than Server Authentication and configured appropriate security to allow Domain Controllers/Domain Admins to enrol. 
  The certificate also requires CA Manager Approval.
  Everything looks good - I am able to enrol for the cert via the MMC, the request goes into pending, and I am then able to issue the cert.  However, when I go back into the MMC on the Server that requested the cert and choose All Tasks | Automatically
  Enrol and Retrieve Certificates, I choose the pending cert and then get Access Denied.
  On the issuing Server, I get an Event 21 in the App Log:
  Active Directory Certificate Services could not process request 8466 due to an error: Access is denied. 0x80070005 (WIN32: 5).  The request was for CN=server.domain.com.
  On the Server that requested the cert, I get an Event 9:
  Certificate enrollment for Local system was denied by servername\Issuing CA when retrieving the pending request for a SecureLDAPCertificate certificate with request ID 8466.
  The strange thing is, if I follow this procedure but using the certsrv website, it works fine and I can install the certificate.
  What am I missing?  Or is this one of those random quirks of AD CS?
  Any help is appreciated.

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  According to the error messages you provided, this can be a permission issue.
  The method of Autoenrollment for a certificate depends on an Active Directory. Considering using Certsrv website was successful, the problem can be that the requester does not have enough permission to access the certificate template in Active Directory
  To autoenroll a certificate template, a user or computer must belong to a security group that is assigned the read,enroll,and autoenroll permissions.
  Only groups that are assigned these permissions are enabled for autoenrollment.
  Could you please answer the following questions for us so that we can troubleshoot the issue more effectively?
  Are the issuing CA server and the requesting CA in the same forest/domain?
  regards
  Ted

• Web cache and SSL certificates

  We just installed Oracle9iAs 9.0.2.3 on 2 separate machines. All the components have been set up to use SSL and HTTPS protocol and are working fine.
  On the mid-tier server we are having a problem where the web cache is throwing up the network error page every time the mid-tier apache home page is invoked or Portal home page is invoked. After a few refreshes the page is ultimately displayed.
  I was told that we need a real valid certificate to avoid this issue between web-cache and apache server.
  Has anyone created self-signed certificates for their test machines apache server?? What software or method was used to create self-signed valid certificates for test purpose?

  Whenever I try to go to the portal home page The web cache is simply displaying the default network error apology page, which says, 'No response from the Application server' in big red. I have to refresh the page a few times to display the portal home page. And this happens a few times when I am browsing through the portal pages too.

• Apache-Mod_jk-Tomcat and SSL certificate

  Hi all.
  I have Apache 2.0.55 working with Tomcat 5.5 via mod_jk connector.
  I have generated a self-signed cerificate for Apache using openssl, and I use it to encrypt both URLs served by Apache and URLs served by Tomcat through mod_jk.
  When a "https URL" is forwarded to Tomcat, an exception is thrown by the webapp, unless the certificate has not been set as "trusted" on Tomcat side.
  So, it seems like I have to do the following:
  1) generate a a self-signed cerificate for Apache using openssl.
  2) import this certificate in a keystore
  3) set the keystore as trusted (System.setProperty("javax.net.ssl.trustStore", PATH_TO_KEYSTORE));
  I'm wondering if there's a better way to accomplish that, not forcing me to do all this steps and, above all, allowing me to "break" the link between the apache cert and the tomcat keystore.
  Any help will be very appreciated!

  usually u generate a keystore for client, and mention that in ur SSL connector of tomcat
  in apache, we need to configure things in ssl.conf

• Web service client and SSL Certificate

  Hello, everyone,
  I have a problem that has really stumped me.
  I've written a web service client for a web service that has a digital certificate. This comes in the form of a .pfx file.
  When I try send a request to the web service, I get the following:
  AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
  faultSubcode:
  faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  faultActor:
  faultNode:
  faultDetail:
       {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
       at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
       at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at org.tempuri.BasicHttpBinding_IExternalServiceStub.submitAchievementBatchJob(BasicHttpBinding_IExternalServiceStub.java:531)
       at uk.gov.qcf.lrs.api.services.IExternalServiceProxy.submitAchievementBatchJob(IExternalServiceProxy.java:56)
       at uk.org.aqa.main.Main.main(Main.java:111)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
       at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
       at sun.security.validator.Validator.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 24 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
       at java.security.cert.CertPathBuilder.build(Unknown Source)
       ... 30 more
       {http://xml.apache.org/axis/}hostname:WM8-319
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at org.tempuri.BasicHttpBinding_IExternalServiceStub.submitAchievementBatchJob(BasicHttpBinding_IExternalServiceStub.java:531)
       at uk.gov.qcf.lrs.api.services.IExternalServiceProxy.submitAchievementBatchJob(IExternalServiceProxy.java:56)
       at uk.org.aqa.main.Main.main(Main.java:111)
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
       at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
       at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
       ... 12 more
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
       at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
       at sun.security.validator.Validator.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 24 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
       at java.security.cert.CertPathBuilder.build(Unknown Source)
       ... 30 moreI've looked onliine to try to solve this issue, and it seemed that the answer was the add the certificate to the keystore. I had a lot of issues doing this, due to the certificate being a .pfx file. However, using the following, I was able to do it:
  keytool -importkeystore -srckeystore "sandpit.pfx" -destkeystore "%JAVA_HOME2%\lib\security\cacerts" -srcstoretype pkcs12 -deststoretype jks -srcstorepass password -deststorepass anotherpassword -vHowever, I am still getting the same error. This may be because this isn't the keystore used, but it is located in the area marked as being used in the build path.
  I then looked further, and found that I may need to add:
  System.setProperty("javax.net.ssl.trustStore","myKeystore");
  System.setProperty("javax.net.ssl.trustStorePassword","myPassword");altering where appropriate. But this didn't work, and I'm thinking that this would involve a lot more code than just those two lines.
  I'm just not sure what to do, and am hoping someone can help. I didn't think it would be too big an issue to ensure my program used the certificate, but it seems to be. I thought that once it was added to the keystore, that would be it, but it appears not.
  I'm sure this isn't a rare issue, but I just lack the knowledge to make any headway. Please can someone help or point me in the right direction?
  Thank you very much in advance.
  Robin

  Sorry to bother you again with my request but I would appreciate some help with my problems.
  Nobody his using some web services who requires protection ?
  Thanks a lot.

• SSL certificates from openssl0.96d

  Hi,
  i have problems making weblogic work with certificates and private key generated
  by openssl. My private key is smaller than
  1024 bits and i signed my certificate with a generated CA.
  The problem is when i try to startup a nodemanager or my admin server, i get the
  following error message:
  java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag.
  I have extracted info of my certificate and the demo certificate
  and the only difference except ( hostname, city , etc.) is
  the X509v3 extensions in my own certificate.
  Example:
  X509v3 extensions:
  X509v3 Basic Constraints:
  CA:FALSE
  Netscape Comment:
  OpenSSL Generated Certificate
  X509v3 Subject Key Identifier:
  02:0F:91:B1:4D:3A:FA:07:C2:87:78:5D:7C:69:8E:A0:11:95:5F:24
  X509v3 Authority Key Identifier:
  keyid:C3:BF:91:D0:55:51:49:F7:78:A3:1D:BD:76:B7:99:A6:5B:D4:04:6F
  I have also tried to make a NodeManager start with SSL support but i got a quite
  similar error saying:
  SecureSocketListener: Could not setup context and create a secure socket on prime3:5555
  : java.security.KeyManagementException: ASN.1: Lengths longer than 32 bits are
  not supported.
  This drives me crazy, has anybody managed to start a nodeManager with SSL support?
  Thanks,
  Luc

  Luc,
  Just lop off the section on top until you get to the "Begin Certificate" part.
  Bryan
  "Luc Dewavrin" <[email protected]> wrote in message news:<3e5e462f$[email protected]>...
  Hi,
  i have problems making weblogic work with certificates and private key generated
  by openssl. My private key is smaller than
  1024 bits and i signed my certificate with a generated CA.
  The problem is when i try to startup a nodemanager or my admin server, i get the
  following error message:
  java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag.
  I have extracted info of my certificate and the demo certificate
  and the only difference except ( hostname, city , etc.) is
  the X509v3 extensions in my own certificate.
  Example:
  X509v3 extensions:
  X509v3 Basic Constraints:
  CA:FALSE
  Netscape Comment:
  OpenSSL Generated Certificate
  X509v3 Subject Key Identifier:
  02:0F:91:B1:4D:3A:FA:07:C2:87:78:5D:7C:69:8E:A0:11:95:5F:24
  X509v3 Authority Key Identifier:
  keyid:C3:BF:91:D0:55:51:49:F7:78:A3:1D:BD:76:B7:99:A6:5B:D4:04:6F
  I have also tried to make a NodeManager start with SSL support but i got a quite
  similar error saying:
  SecureSocketListener: Could not setup context and create a secure socket on prime3:5555
  : java.security.KeyManagementException: ASN.1: Lengths longer than 32 bits are
  not supported.
  This drives me crazy, has anybody managed to start a nodeManager with SSL support?
  Thanks,
  Luc

• SBS 11 - Exchange 2010 and SSL certificates - Event ID 12014

  I've recently upgraded my Exchange '10 to SP3 on our SBS11 server and I've noticed an event ID 12014:
  Microsoft Exchange could not find a certificate that contains the domain name
  mail.mydomain.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Send
  SERVERNAME with a FQDN parameter of mail.mydomain.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate
  with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
  I currently have a third-party cert installed on this server with SMTP, POP, IMAP, and IIS services attached to it. The cert is for
  remote.mydomain.com
  I do not have a cert installed (self-signed or otherwise) for mail.mydomain.com
  My send connector HELO/ELHO is mail.mydomain.com
  My receive connector  HELO/ELHO is SERVERNAME.mydomain.local
  My MX record at NS is pointing to mail.mydomain.com
  My question is should I change both my send and receive connectors to
  remote.mydomain.com?
  Would I then change my MX record with NS to point to
  remote.mydomain.com? Any potential errors with doing this?
  Should I buy another third-party cert for mail.mydomain.com and install that cert for mail services? (Although it seems SBS hates using more than one third-party cert).
  What's my best option here and what is best practice?
  Thanks in advance!

  I'm using SBS 2008 but it should be the same
  Send Connector
  Send -> remote.xxxxxx.com
  Receive Connector
  Default SBServer -> SBServer.xxxxx.local
  Windows SBS Internet Receive SBSERVER -> remote.xxxxxxx.com
  Windows SBS Fax Sharepoint Receive SBSERVER - > SBSERVER.xxxxx.Local
  Network Solutions
    A Record
       remote.xxxxxxxxxxxxxxxxx.com  Points to   SBS server ip address
    MX Record
       Points to remote.xxxxxxxxxxxxxxxxx.com

• How to migrate SSL Certificate from iPlanet 6.0 to WLS 8.1

  We'd like to migrate our application from iPlanet 6.0 to WLS 8.1, however, we don't have any idea to migrate the cert from iPlanet to WLS, please advise. Thanks!

  Apple does not support intermediate iOS updates...you can only update to the latest iOS version that will run on your iOS device.  Therefore, you have to update to iOS 8.1, not 7.1.2.  The files appropriate to your device are only available in 8.1.

• DSEE7 - DPS and CA-signed SSL certificates

  I recently deployed two new DSEE7 DPS servers and last night was attempting to install CA-signed (GoDaddy) SSL certificates on them. I used dpadm to generate the required 2048-bit CSR and received my certificates. I added them to the servers using the DSCC interface and after adding them and restarting the instance the certs were not showing up. I thought perhaps the operation had failed so I tried again and saw that the alias already existed. I then noticed that the certificate was listed under the CA certificates. I deleted it from there and imported the cert using dpadm add-cert, only to have the same thing happen again.
  dpadm add-cert /usr/local/dps/instance/ dps03.prod.domain.com /tmp/dps03.prod.domain.com.crt
  # dpadm list-certs /usr/local/dps/instance
  0 certificate found.
  # dpadm list-certs -C /usr/local/dps/instance | grep dps03
  dps03.prod.domain.com     2010/01/19 11:08 2013/01/19 11:08 n         SERIALNUMBER=xxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US      CN=dps03.prod.domain.com, OU=Domain Control Validated, O=dps03.prod.domain.comI have installed SSL certificates from GoDaddy on all my other production DS and DSEE systems (6.3.1) without issue, including their intermediate and root certificates to complete the trust chain.
  Does anyone have any insight into what the issue might be and how to correct it?

  Hi,
  Have you used the same alias in both case ? . i.e
  dpadm request-cert [options] /usr/local/dps/instance dps03.prod.domain.com
  then
  dpadm add-cert /usr/local/dps/instance/ dps03.prod.domain.com /tmp/dps03.prod.domain.com.crt