Server 2012 R2 - Remote Apps (RDWeb) and Self Signed Certificates!

Similar Messages

• Web Server 7 Admin Server and Self-Signed certificate

  Is it possible to create and install a self-signed certificate for the administration server in Sun Web Server 7. The default installation comes with a self-signed certificate but we would like to install our own certificate and not the certificate issued by "admin-ca-cert"
  Message was edited by:
  aar

  As far as I know its not a problem. You can install your own certificate. Make sure that the certificate nick name is changed accordingly in "server-cert-nickname" in server.xml section as shown below :
  <http-listener>
  <name>admin-ssl-port</name>
  <port>2224</port>
  <server-name>alamanac.india.sun.com</server-name>
  <default-virtual-server-name>admin-server</default-virtual-server-name>
  <ssl>
  <server-cert-nickname>Admin-Server-Cert</server-cert-nickname>
  </ssl>
  </http-listener>

• Xcode continuous integration, Subversion and self-signed certificate won't work altogether.

  Hi!
  I've installed on MacMini Maverick OS with OSX Server.
  Then I've configured the Xcode continuous integration with Subversion (using self-signed certificate), also created bots and etc.
  But It won't work.
  Attached is the log:
  Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:717 7c087310 +0ms] revision: (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:718 7c087310 +0ms] log: (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSCheckoutOperation.m:719 7c087310 +0ms] checkoutError: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSCheckoutOperation.m:732 7c087310 +0ms] Error in SVN checkout Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} <stderr>= (null) Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSOperation.m:33 7c087310 +0ms] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSOperation.m:28 7c087310 +0ms] Cancelling operation: XCSCheckoutOperation Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Error>: [XCSBuildBundle.m:790 7c087310 +0ms] Got an error from the checkout operation: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk." UserInfo=0x7fb388c4b4e0 {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x7fb388c18ff0 [0x7fff7baddf00]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb389904370 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk.", NSErrorPeerCertificateChainKey=( "<SecCertificate 0x7fb388c6f490 [0x7fff7baddf00]>" ), NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “svn.myheritage.co.il” which could put your confidential information at risk., NSErrorFailingURLKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorFailingURLStringKey=https://svn.myheritage.co.il:8443/svn/mobile/MyHeritageMobileiPhone/branches/Mob ile_with_albums_and_inapp, NSErrorClientCertificateStateKey=0} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildBundle.m:850 7c087310 +0ms] Starting upload files operation Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildBundle.m:1018 7c087310 +0ms] Updating bot run status to running, substatus to uploading Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Info>: [CSRemoteServiceClient.m:151 7c087310 +0ms] Connecting to https://localhost:4443/svc to execute [https]Request{AuthService.enterMagicalAuthRealm()} Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildHelper.m:97 7c087310 +38ms] Updating bot run with GUID cccf1c74-6c5a-4fff-a57f-5e5bead09457 Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Debug>: [XCSBuildHelper.m:102 7c087310 +0ms] Updating bot run (cccf1c74-6c5a-4fff-a57f-5e5bead09457): { guid = "cccf1c74-6c5a-4fff-a57f-5e5bead09457"; status = running; subStatus = uploading; } Aug 24 14:03:27 osxserver.iloffice.myhrtg.net xcsbuildd[82719] <Info>: [CSRemoteServiceClient.m:151 7c087310 +0ms] Connecting to https://localhost:4443/svc to execute [https]Request{XCBotService.updateBotRun:({ guid = "cccf1c74-6c5a-4fff-a57f-5e5bead09457"; status = running; subStatus = uploading; })}
  Hope you'll be able to assist me find what I'm doing wrong.
  Thanks in advance.

  Did anyone find a way around this? I have the exact same error and tried the exact same solution.
  The Xcode 5 release notes described a problem that sounds similar.
  Communicating with a remote SVN repository over HTTPS can fail with an error similar to “Error validating server certificate for server name.” Edit the file /Library/Server/Xcode/Config/xcsbuildd.plist and change the TrustSelfSignedSSLCertificates key from false to true. Then, from a Terminal window, run: sudo killall xcsbuildd. 14639890
  https://developer.apple.com/library/ios/releasenotes/DeveloperTools/RN-Xcode/Cha pters/xc5_release_notes.html
  I haven't found a similar fix for Xcode 6 though.

• Mail.app with a self-signed certificate in postfix/dovecot

  I thought I'd post this tidbit about getting Mail.app to work correctly with a self-signed certificate in a postfix/dovecot Linux installation; in my case under Debian Lenny. After setting this up, my Mail.app refused to connect to the outgoing server to deliver mail. In the postfix logs, I would see "SSL_accept error from ...: -1". The problem ended up being that postfix uses the default "snakeoil" self-signed certificate, while dovecot creates its own. If the IMAP and SMTP hosts are the same as they were in my case, when you accept the dovecot certificate upon the first IMAP connection, the SMTP connection with a different certificate will fail. This is because after the accept there is now a known certificate for that host, and the new certificate presented by postfix will not match. To fix this, either use different hosts for IMAP and SMTP, or use the same (perhaps the "snakeoil") certificate in both the postfix and dovecot configuration.

  Exactly the same problem, except I'm using FF v6 for Windows, not FF v4 as for the lead post. This is for a self-cert which IS trusted, although the error message says it isn't.

• Statement on Firefox 33 and self-signed certificates

  Dear Mozilla,
  Your decision to drop support for self-signed certificates is causing problems all around in LANs, VPNs, and domain networks both home and corporate which employ SSL but use self-signed certs. Despite it being understanding that it is generally ill-advised to access sites with such problems, further deciding that this minority of exceptions should be abandoned altogether in a world web full of so many shades of grey and complex setups is not a responsible decision.
  Please implement methods for us to be able to coexist with these updates, as suddenly dropping support for the plenthora of routers, domains, websites and other sources using such a setup, many of which cannot be quickly updated or even at all, is a big problem.
  The internet engineering taskforce has not issued any such directives, nor have broader plans to drop support for self-signed certificates been announced. In the lack of a transitioning climate away from this setup or any plans to do so, Mozilla has unilaterally decided to remove support.
  Please remember that you have a large userbase and thus a responsibility to keep available means of access that are in common use by the world. Self-signed certificates still very much play a role in the ecosystem, and they will continue to exist for as long as there is a need for encryption on intranets.
  Thank you!

  it seems the problem is not self-signed certificate itself, but too short (from current point of view) RSA-keys.
  Please see
  https://support.mozilla.org/en-US/questions/1045971
  moreover, SSLv3 is now insecure, and is soon going to be disabled by default.
  https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

• How to erase all self signed certificates and force Server to use Signed SSL

  I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
  I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
  Can I replace those self-signed certs with the new one some how?

  Don't delete those.  However, you are on the right track.  Follow these steps to resolve.
  1:  Launch Keychain Access
  2:  Select the System Keychain
  3:  Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
  4:  In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
  5:  Press Save Changes to save.
  6:  Reboot the server or kill the servermgrd process to restart the service.
  That should resolve your issue.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• How to use Self Signed certificate with SSLServerSocket?

  Hello to all.
  I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
  The server must have it's own certificate, clients don't need one.
  I started with this
  http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  To generate key for the server and a self signed certificate.
  To sum it up:
       Create a new keystore and self-signed certificate with corresponding public/private keys.
  keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks
       Export and examine the self-signed certificate.
  keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer
       Import the certificate into a new truststore.
  keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jksThen in my server code I do
  System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
  System.setProperty("javax.net.ssl.keyStorePassword", "123456");
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );
  Socket s = sslServerSocket.accept();I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.
  Can it be a problem with the certificate? When using -validity <days> in keytool the certificate gets self-signed, so it should work if I'm not wrong.
  I have also tried this solution
  serverKeyStore = KeyStore.getInstance( "JKS" );
  serverKeyStore.load( new FileInputStream("/scratch/stores/server.jks" ),
       "123456".toCharArray() );
  tmf = TrustManagerFactory.getInstance( "SunX509" );
  tmf.init( serverKeyStore );
  sslContext = SSLContext.getInstance( "TLS" );
  sslContext.init( null, tmf.getTrustManagers(),secureRandom );
  SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
  SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );and still it doesn't work.
  So what am I missing?

  You were right. I corrected the mistakes in the server code, now it's
       private SSLServerSocket setupSSLServerSocket(){
            try {
                 SSLContext sslContext = SSLContext.getInstance( "TLS" );
                 KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
                 KeyStore ks = KeyStore.getInstance("JKS");
                 ks.load(new FileInputStream(_KEYSTORE), _KEYSTORE_PASSWORD.toCharArray());
                 km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
                  * Da usare con un truststore se serve autenticazione dei client
                  * TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
                 tm.init(ks);*/
                 sslContext.init(km.getKeyManagers(), null, null);
                 SSLServerSocketFactory f = sslContext.getServerSocketFactory();
                 SSLServerSocket ss = (SSLServerSocket) f.createServerSocket(_PORT);
                 return ss;
            } catch (UnrecoverableKeyException e) {
                 e.printStackTrace();
            } catch (KeyManagementException e) {
                 e.printStackTrace();
            } catch (NoSuchAlgorithmException e) {
                 e.printStackTrace();
            } catch (KeyStoreException e) {
                 e.printStackTrace();
            } catch (CertificateException e) {
                 e.printStackTrace();
            } catch (FileNotFoundException e) {
                 e.printStackTrace();
            } catch (IOException e) {
                 e.printStackTrace();
            return null;
       }and on the client code
  private SSLSocket setupSSLClientSocket(){
       try {
            SSLContext sslContext = SSLContext.getInstance( "TLS" );
            /* SERVER
            KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
            km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
            KeyStore clientks = KeyStore.getInstance("JKS");
            clientks.load(new FileInputStream(_TRUSTSTORE), _TRUSTSTORE_PASS.toCharArray());
            TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
            tm.init(clientks);
            sslContext.init(null, tm.getTrustManagers(), null);
            SSLSocketFactory f = sslContext.getSocketFactory();
            SSLSocket sslSocket = (SSLSocket) f.createSocket("localhost", _PORT);
            return sslSocket;
       } catch (KeyManagementException e) {
            e.printStackTrace();
       } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
       } catch (KeyStoreException e) {
            e.printStackTrace();
       } catch (CertificateException e) {
            e.printStackTrace();
       } catch (FileNotFoundException e) {
            e.printStackTrace();
       } catch (IOException e) {
            e.printStackTrace();
       return null;
  }and added a System.out.println(sslSocket); after every incoming message (server side) and SSL is now fully working!
  So my mistakes were:
  [] Incorrect setup done by code
  [] Incorrect and insufficient println() of socket status
  Now that everything works, I've deleted all this manual setup and just use the system properties. (They MUST be set before getting the Factory)
  SERVER SIDE:
  System.setProperty("javax.net.ssl.keyStore", _KEYSTORE);
  System.setProperty("javax.net.ssl.keyStorePassword", KEYSTOREPASSWORD);
  SSLServerSocketFactory f = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  SSLServerSocket sslServerSocket = (SSLServerSocket) f.createServerSocket(_PORT);
  CLIENT SIDE:
  System.setProperty("javax.net.ssl.trustStore", "/scratch/stores/client.jks");
  System.setProperty("javax.net.ssl.trustStorePassword", "client");
  SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket sslSocket = (SSLSocket) f.createSocket(_HOST, _PORT);
  And everything is working as expected. Thank you!
  I hope my code will help someone else in the future.

• How do I override self-signed certificate old ssl blocking.

  My hard drive failed and was replaced by my desktop support team. As a result, I had to re-install FireFox, my preferred browser to provide console connections to my production servers. These connections are old, firmware platforms that are not updatable behind multiple firewall layers. They use old versions of ssl and self signed certificates. Your new browser simply blocks access. Without the ability to override permanently this 'feature', I am unable to access the consoles of servers doing billions of dollars in business. I have a work-around in place with other browsers.

  So, you are saying that EVERY time I need to access this type of server on my own internal network that is not visible anywhere, I have to go thru this rigamarole of this add on thing, because YOU have decided I can no longer access my own servers in my own network? If there is no permanent fix, I will find another browser that will do the job, and this will be uninstalled across the enterprise, because it becomes very unusable in crisis situations and even during a normal workday, because of the unnecessarily complicated process that has to be done each time. Unbelievable gall. I am speechless. Sure glad I discovered it when it was not urgent. I am sure glad you all are smarter than I am. Sheesh.

• Self-Signed Certificate Problem

  Hi all,
  I believe this is the correct forum for this question, and I apologize if this has been asked and answered already (I looked but didn't find anything).
  I have a servlet application on a webserver. I built a test client in Java to connect to it, and all worked perfectly. Then I learned that the people I'm building this for require this to be on an SSL port. So I moved the application and now am getting the following exception:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  Now I've noticed that the webserver (used exclusively for testing) has a self-signed certificate, which might be causing the problem. However I'm not in a position to change that. Typically we test websites on this server, so the browser can handle the self-signed certificate, however in this case we don't have that luxury. Given that, is there a way to get around this?
  I'll include the code from my test client in the hopes that someone has some helpful tips.
  Thanks in advance,
  - Jack
  import java.io.*;
  import javax.net.ssl.HttpsURLConnection;
  import java.net.URL;
  public class fileloadTester
  public fileloadTester()
  public static void main(String[] args) throws Exception
  (new fileloadTester()).run();
  public void run()
  HttpsURLConnection conn;
  try
  URL serverURL =
  new URL("https://mytestserver.com:8443/xxx/contact");
  conn = (HttpsURLConnection) serverURL.openConnection();
  conn.setDoOutput(true);
  conn.setUseCaches(false);
  conn.setRequestMethod("POST");
  conn.setRequestProperty("Content-type", "text/xml");
  File file = new File ("test.xml");
  if (!file.exists() || !file.canRead())
  return;
  FileInputStream fis = new FileInputStream(file);
  String xmlRequestString = readInputStream(fis);
  fis.close();
  System.out.println(xmlRequestString);
  conn.setRequestProperty("Content-Length",
  Integer.toString(xmlRequestString.length()));
  OutputStream os = conn.getOutputStream();
  os.write(xmlRequestString.getBytes());
  os.close();
  catch (Exception e)
  e.printStackTrace();
  }

  Get them to export the server certificate and import it into your test client's trusstore. Don't let this truststore leak into production.

• Getting self-signed certificates working with mail

  Hi all,
  I am having trouble getting email certificates created with keychain access to work in mail.
  According to the Leopard help file, you simply have to go to Keychain access and create the certificate, which I did. After that if you create a message in mail with that account, there should be an icon showing that the message will be signed or encrypted if you have the recipients certificate installed. I cannot seem to get this to work. I have created the certificates specifically for email, the certificate shows in Keychain as well as a public and private key entry, but mail refuses to see it.
  Has anyone gotten this to work with Mail and self-signed certificates?
  Any help would be most appreciated.
  Thanks,
  RacerX

  Have you tried setting the "Always trust" property? Double click the certificate in Keychain Access and allow it to have always trust for email.
  Also, make sure that bundles are enabled for mail.
  (Forget the command, google for "defaults write com.apple.mail enableBundles")
  That did it for me.
  Br,
  T

• Open an program install on Server 2012 as a app with remote desktop

  I have a SQL app loaded on Server 2012. The app runs fine when logged into remote desktop on the server.   The app loads to c:\Program Files (x86)\MSC\MCS.exe.  Remote desktop will not recognize that path to open the .exe file. I
  have tried the following path c:\"Program Files (x86)"\MSC\MCS.exe and still will not see the path string and load up.  I am using the same path in the folder path as well.  I have done hundreds of theses on previous versions but this one
  will not work.  Is there a trick on server 2012?

  I tried every form of the path with the %.  No luck.
  I found that I cannot put a simple .bat file in the temp directory and use the c:\temp\test.bat path and folder c:\temp and get the batch file to run.
  Bill Bollinger

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Does Windows Server 2012 support Remote Desktop Client 6.1?

  Hi,
  Does Windows Server 2012 support Remote Desktop Client 6.1? IU can't find a link anywhere on the Microsoft site to confirm this!
  Thanks,
  Jim

  this should help you
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b664ddaf-6c11-49e2-8a69-0df3b8ef13a1/server-2012r2-rds-farm-with-xp-and-windows-vista-clients?forum=winserverTS

• How to issue a self-signed certificate to match Remote Desktop Gateway server address requested

  I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
  gw.example.com.
  Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
  But when I connect over RDP from outside the local network I'm getting an error:
  Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
  Because certificate subject name is gw.domain.local indeed.
  So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?

  Hi,
  Thanks for your post in Windows Server Forum.
  The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
  server. You can refer below article for more troubleshooting.
  TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
  And for creating a SSL certificate for RD gateway, you can refer beneath articles.
  1.  Create a Self-Signed Certificate for the Remote Desktop Gateway Server
  2.  Obtain a Certificate for the Remote Desktop Gateway Server
  Hope it helps!
  Thanks,
  Dharmesh