Self signed SSL Certificates no longer work after upgrade to 37.0.1

Similar Messages

• E-Mail Setup fails with self-signed SSL certificat...

  Hi, one of my e-mails is with a small provider who just moved the mail server to Imap and SSL. In Thunderbird, everything works fine, setup on my Nokia C-6-fails with an unspecific error message (and trows away the settings). I asked the provider, and it seems that the problem comes up because the Nokia e-mail application doesn't asked me if I want to accept the certificate but instead rejects it. Is there a workaround to this problem? Is there a way to setup the mail account without using the wizard? Or to take over the settings from Thunderbird? Or a way to put the certificate in the right place manually? In Opera mobile I have no trouble with self-signed SSL certificates. Thanks Cave

  Any one around who can help? Self-Signed certificates are rather common, after all. I would be grateful cave

• IPhone LDAP contacts and Self signed SSL certificates

  Hi,
  I am using OpenLDAP with self signed SSL certificate, and i am unable to get SSL work with LDAP contacts on the IPhone (4.x). I have tried to add a CA cert with a server certificate for the LDAP server and downloaded it to the IPhone by web, it adds the CA, but even with it, it does not want to connect to the LDAP server with SSL enabled.
  Does LDAP contacts should work by adding new CA ? if yes, what is the exact procedure to do it ? (maybe I used a wrong CA export format, or wrong SSL certificate encryption format ...)
  can someone tell me how to do it ?
  This is really anoying, since we have multiple iphones on the company.
  Thanks for the help.

  Hello, found your post.  I realize it's been 6 months since you posted, but I have a solution for you since I have struggled with the same problem since 2009.
  I discovered that when the iPhone is using LDAPS, it tries to bind with LDAPv2.  After it binds, it speaks LDAPv3 like it is supposed to.  Apparently this is a somewhat common practice since OpenLDAP includes an option for it.
  You'll want to set the following option in OpenLDAP:
  dn: cn=config
  olcAllows: bind_v2
  Walla! LDAPS works! (assuming you've correctly done all the certificate stuff).  Took some deep reading through the debug logs to figure out this problem.  Figured I'd share my answer with others.

• Abandoning Self-Signed SSL Certificates?

  Hello,
  I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates.  I'm not an expert on the subject, but I do know the following things:
  1)  An earlier finding lead to me disabling all forms of SSL on my servers and workstations
  2)  Workstations use certificates to identify themselves to other domain assets.
  Now my servers all have their own certs signed by an outside authority.  However, it would be a huge amount of work to go through the process for each and every workstation.  So my questions are these:
  1)  Can I create a NON-SSL self signed cert for these machines to use?
  2)  How do I remove these current SSL certs without having to hover over each workstation?
  Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
  Thanks,
  M.

  What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
  using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
  Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
  If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
  internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
  Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
  the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
  an internal CA).

• Back to my mac no longer works after upgrading to Lion

  Back to my Mac no longer works after upgrading to Lion
  After I upgraded my home machines to Lion, I can no longer access them from my work computer, which is running Snow Leopard. When they were both Snow leopard, it worked fine. How can I get them working again? I don't have control over the OS on my work computer. Is it necessary for me to downgrade all of my home computers to Snow leopard in order to get them talking again?
  Additionally the binoculars icon appears in the menu bar all of the time. In previous versions, this would only happen when somebody connected to my machine. Could these problems be related?

  OK, so further investigation has addressed the BTMM issue on a remote machine.
  With all machines running lion, I was having issues trying to log in to a standard user headless machine already running.  In Snow Leopard, I had no issues with this since you can log in via screen sharing using an admin login that's running a standard login.  Lion allows multiple accounts to be signed in which is handy since you can now run virtual sessions.  This means you can admin the remote computer without bothering the remote user.
  The problem was that now logging in using admin login brings up the admin account (which makes sense) instead of the desktop to the standard login.  I applied a similar solution to a problem that was related to screen sharing I found on this board.  What I believe to be the fix is to add the standard user to the screen sharing user list.  Then screen share to the remote account using the standard user credentials. 
  So on the remote computer, in System Settings->Sharing->Screen Sharing, add the standard user to be allowed access.  Previously I only had admins.  This may not be an ideal solution for what I'm trying to do since the remote computers primary login is the standard user to be used as a common computer, but it now works so I am happy with it.
  Now my only "problem" is my AEBS complaining about my MobileMe credentials, but it doesn't appear to have an impact on BTMM performance so I'll quietly wait for a fix down the road.

• IPad app no long works after upgrading to iOS 7.1.1

  iPad app no long works after upgrading to iOS 7.1.1

  Did you try deleting then reinstalling the app?  Sometimes developers will need to update their apps for compatibility.  If it still doesn't work after reinstalling, wait a few days to see if an app update becomes available.

• IPhoto no longer work after upgrading to Mavericks.

  My iPhoto will no longer work after upgrading to Mavericks. iPhoto will not update. How do I fix this?

  kmg55 wrote:
  Just upgraded and Iphoto will not work,
  Check that iPhoto is v9.5.1 (In Applications, highlight iPhoto, and ⌘I)
  If it is v9.5.1, then hold option-command and click the iPhoto icon and go through the repair steps.

• HT2188 home button no longer working after upgrade to io6 on my iphone4...any ideas to fix this problem

  home button no longer working after upgrade to ios6 software on my iphone4..anything i can do to frix this or apple send me a new device.  phone no good without a home button

  The button's broken.  S**t happens.  Apple will replace your phone.  If in waranty it will be free of charge.  If not, you will pay $149. 
  You can elect to have it repaired at a 3rd party shop near you if you choose, but this will void all warranty if there's any left.

• Script no longer works after Upgrade to 10.4.6

  The following script worked fine using 10.4 thru 10.4.5 but no longer works after upgrading to 10.4.6.
  When I highlight a folder and then run the script the highlighted folder is moved to a specific "Achive" folder, depending on whether the highlighted folder has a ".0" or ".1" or etc in its name.
  When I run the script using 10.4.6 I get an error indicating that the highlighted folder already exists in the destination.
  Anyone else having Applescript problems with 10.4.6?
  --Bob
  tell application "Finder"
  activate
  set fname to selection as string
  if fname contains "0." then
  move selection to folder "ARCHIVE" of folder "0JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "1." then
  move selection to folder "ARCHIVE" of folder "1JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "2." then
  move selection to folder "ARCHIVE" of folder "2JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "3." then
  move selection to folder "ARCHIVE" of folder "3JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "4." then
  move selection to folder "ARCHIVE" of folder "4JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "5." then
  move selection to folder "ARCHIVE" of folder "5JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "6." then
  move selection to folder "ARCHIVE" of folder "6JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "7." then
  move selection to folder "ARCHIVE" of folder "7JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "8." then
  move selection to folder "ARCHIVE" of folder "8JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  else
  if fname contains "9." then
  move selection to folder "ARCHIVE" of folder "9JobsArchive" of folder "Archived_Files" of disk "Preflight_Only"
  end if
  end if
  end if
  end if
  end if
  end if
  end if
  end if
  end if
  end if
  end tell

  I, too, immediately started having problems with my scripts immediately after updating to OS 10.4.6. I put my scripts in "Library/Applications/..." so that the scripts associated with particular applications are available in the menu bar. I don't know if that has any bearing on the problem, but for me, it was not any particular script, but just about every one that started going funny.
  First, I noticed that my scripts would typically work right once, but fail in some odd manner the second time I tried to use one. The second thing I noticed was that the modification dates of my scripts were changing to the time that I last executed the scripts, even though I had not altered and recompiled any of them in weeks. Finally, I noticed that the scripts that were failing were ones in which I had used property statements to initialize some of my variables.
  What I think is happening is this: for some strange reason 10.4.6 is recompiling scripts every time they are run, and variables are being initialized, not to the values specified in property statements, but to whatever the variable was the last time the script ended.
  I discovered that I could prevent this from happening by (1) recompiling all my scripts to make sure all the property statements were back in effect, and then (2) setting the permissions of all my scripts to read only. This seems to prevent whatever in 10.4.6 is recompiling the scripts from doing this each time the script is run. At least, the modification dates are no longer changing inexplicably, and all my scripts are running reliably again.
  It's a bit of a pain to have to remember to reset script permissions to read/write whenever I want to make a change, and then change them back to read only before executing, but it seems to be a reliable workaround. I'd appreciate hearing if anyone else can replicate this phenomenon, or tell me if I'm on the right track.
  Jeff Johnson
  Dual 1.2 GHz   Mac OS X (10.4.6)  
  Dual 1.2 GHz    

• I have Acrobat 7.0 updated to 7.1.4 which surprising no longer works after upgrading my mac os

  I have Acrobat 7.0 updated to 7.1.4 which surprising no longer works after upgrading my mac operating system to OS 10.8.5 (mountain lion), and gives an err message that system no longer supports PPc applications. I guess Acrobat 7 is a PPc application and wanted to know if there is any work-forward here to be able to keep using this product? I didn't see this coming.

  There may be parts of it that work if the MAC is anything like the PC. I have been able to get AA 7 to partially work on a Win7, 64-bit machine, but several work-arounds are required. The biggest one is the installation of a PS print driver and such. So, can you open Acrobat and/or Distiller? Do they seem to function? If so, there may be some workarounds. Otherwise you probably need to purchase AA XI. Actually, I would recommend purchasing the newer version anyway -- just trying to give you a picture of what might be possible.
  When you say it no longer works it is not clear what you mean. You may need to clarify and also indicated if you have tried repairing the installation and such. I can't say a lot more since I am not really familiar with the MAC.

• On 2011 iMac, External Altec Lansing speakers no longer work after upgrading to Mountain Lion. They DO work on a lenovo machine but not my imac

  On 2011 iMac, External Altec Lansing speakers no longer work after upgrading to Mountain Lion.
  They DO work on a lenovo machine but not my iMac. reset Pram - no luck. took speakers from wife's desktop, they
  do not work when jack plugged into my iMac - Sys Prefs "SOUND" only lists "internal speakers/ built in" as available options.
  I used my altec lansing speakers on 3 macs including this one for 5-6 years.....now with Mountian Lion I can only get internal speakers???
  Ideas? Any/All help would be greatly appreciated - been going nuts with this for 2 days now.

  Hi,
  When you start Messages fro the first time you are asked for an Apple ID
  When this is verified and entered it appears in Messages Menu > Preference > Accounts and is Enabled.
  The App should have also picked on on those iChat Accounst you had before.
  These should be Enabled if they were when you last used iChat.
  Exactly which "Accounts" are logged in can be seen in Message Menu > Accounts and will include the iMessage "Account" and Bonjour.
  In the Window menu you will see CMD +0 for the Messages window and CMD+1 for the "Buddies" window which is a combined list at this stage.
  Go to the Preferences > General Section and Untick the "Collect all accounts into one list".
  This will give you separate iChat type Buddy lists.
  You can check if that account/Buddy list is set to Invisible or if in the Preferences > Accounts > Security you have settings that will block some people from seeing you as On line.
  You are saying Buddies can see you as On Line which implies they are still sending to your AIM based Names (@Mac.com is a valid AIM Screen Name)
  I am not sure from your post if you are trying to iMessage their email IDs thinking they are Apple IDs and that they are using Messages as well.
  There is no Buddy list for iMessages side
  No-one can tell you are "On Line" until they have your details in the "To" spot in Messages with the correct iMessaged contact info (iPhone Number or Apple ID)
  Obviously an Apple ID can be an email or look like one.
  In some cases they are also valid AIM Screen Names as well.
  In the case or the @mac.com name you may have linked this Apple ID to iMessages as well.
  11:31 PM      Saturday; August 11, 2012
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Microphone no longer works after upgrade to windows 8.1

  After upgrade to windows 8.1 my internal microphone no longer works.
  I tried installing updates suggested in other posts with similar driver problems but they did not work.
  HPSupportSolutionsFramework-en-11.51.0048 did not work.
  My internal microphone is IDT High Definition Audio Codec
  When I go through the control panel  and look at it - it shows a status of "not plugged in"
  Please help 
  thanks

  OK I am a little confused.
  There has been no response on this subject in over a week. Not since I responded to your questions regarding product name and number.
  However I just received the following email from you:
  Hello gordml,
  The questions you posted on the HP Support Forum recently received one or more answers.
  Question: Microphone no longer works after upgrade to windows 8.1
  Date: Sun Dec 21 01:01:56 PST 2014
  View the answer(s).
  Did this reply resolve your post or question?
  If yes, then share the good news! Let others know this reply was helpful by accepting this solution.
  You can also show your appreciation by giving kudos.
  We appreciate your feedback. It's what keeps our community such a helpful, vibrant place for our members.
  Thanks for being a member!
  The HP Support Forum Team"
  Why would this be sent to me if there has been no recent replies on this issue?

• Unsigned ssl certificates no longer work

  Since the patch a few days ago SSL certs no longer work if they are unsigned, like for a development server, on Safari for Windows.
  There's no error or option to accept the certificate, and there is nothing in options to allow certs that are not "safe".
  Normal SSL sites with signed certs work as expected. My dev server works as expected with Firefox and IE.
  I am honestly trying to support mac/safari users but this bug makes it very difficult to test. I'm definitely not purchasing a verisign cert for my development server.
  /sigh
  I'll keep looking for next update. I've reported the bug to apple. If anyone knows a workaround please let me know. I searched the apple hives in the registry but there's nothing there.
  Safari 3.0.3(522.15.5)
  -Neil

  I have no idea if the patch did this to me, but.......you might want to check...
  The file /System/Library/Keychains/X509Anchors was EMPTY after I did some kind of update.
  Well, Luckily I back up my system. And I had an old copy of my file. When I restored this file, SSL started working in Safari again. You can see if X509Anchors has daya by opening and running:
  /Applications/Utility/Keychain Access
  See if you can find a way to restore this file (if yours is empty). If you can't, I'll email you mine.
  Feel free to send me an email: medtrac64 @ yahoo.com

• Mail.app: Self-Signed SSL Certificates

  How can I make mail trust self signed mail certificates FOREVER? As it is now, I have to tell Mail.app to always trust the cert for each email account, every time I launch mail. Then it remembers to trust it until I quit mail, then I have to re-tell it all over again. This is bearable on my desktop but on my laptop, where I need SSL the most, I'm constantly logging in and out and rebooting, and it drives me crazy.
  FYI it's my own server, running Mac OS X Server. And I'm not buying a certificate, it's the encryption I'm after

  First, the certificate must match the name Incoming Mail Server that your clients are using. For example 'mail.acme.com'. So, when creating the self-signed certificate, the common name that you enter would be 'mail.acme.com'. If you don't do this, you will always be prompted about the certificate when you relaunch Apple mail.
  Just for clarification, here is how you should trust the self-signed certificate on the Macs that are using Apple Mail:
  1. When you get the prompt about the certificate, click the show certificate button.
  2. Drag the icon of the Certificate on the left in the Show Certificate dialog box to the desktop. This will create a document on your desktop named 'mail.acme.com.cer'.
  3. Double click the certificate on the desktop which will open an Add Certificate dialog box.
  4. Depending on the version of Mac OS X that you are running, what you do next will vary a little.
  Leopard
  1. Click the drop down next to keychain and select System
  2. Open Keychain Access (Applications/Utilities) if it is not already open
  3. Click System on left hand side under Keychains
  4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it. (NOTE: I had to quit Keychain Access and reopen it before the certificate showed up under System for me for some odd reason)
  5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
  6. Select Always Trust from the drop down next to 'When using this certificate'
  7. Close the certificate window and then quit out of Keychain Access
  8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
  9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
  Tiger
  1. Click the drop down next to keychain and select X509Anchors
  2. Open Keychain Access (Applications/Utilities) if it is not already open
  3. Click System on left hand side under Keychains
  4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it.
  5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
  6. Select Always Trust Settings from the drop down next to 'When using this certificate'
  7. Close the certificate window and then quit out of Keychain Access
  8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
  9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
  This worked for me. I hope this works for you too.

• Extend self-signed SSL certificate beyond one year

  Hi all,
  How can I extend SSL Certificate created by Windows 2008 R2's Certificate Service beyond 1 year?
  Thanks.

  Hi,
  For self-signed certificate, you can use IIS Manager to create new one. For more detailed steps, please refer to the below steps.
  Create a Self-Signed Server Certificate in IIS 7
  http://technet.microsoft.com/library/cc753127(WS.10)
  If it’s a certificate issued by a CA, we just need to renew the certificate with the CA to extend the valid date.
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support