SGC SSL Cert on 11501 only doing 40 bit encryption

Similar Messages

• Does Java 7 run on only x64 bit MAC OS X?

  I want to deliver self-contained application packages on Windows, Linux and Mac so I have build my JavaFX application on all three platforms. I will allow my users to download these native bundles from my application's download web page but I have a confusion regarding MAC users because For Linux and Windows, JDK/JRE 7 comes in two download options
  1. for x86
  2. for x64.
  but for MAC we have only option for x64.
  Java Download Page shows Java/Jre is not available for 32 bit MAC OSX to run JavaFX application. Does it mean JavaFX will run on only x64 bit MAC OSX?
  If it is so, then my issue has been solved, as I have already bundled my Javafx application as a "Self-Contained Application Packages" after run custom build.xml script on x64 MAC OSX but if it is not so, the user can also run JavaFX application on x86 MAC OSX but in that case my "Self-Contained Application Packages" for mac would not run on x86 MAC OSX.
  So I am planning to give an additional zip file that either contains app (without copy of jre) or a plain self executable jar. But I'm bit worried regrading - what exactly I need to bundle into that zip file with self executable JAR so requirements must be met to be able to run my JavaFX application in following conditions?
  conditions are : -
  1. If user has x86 MAC OSX.
  2. If java is already installed on user's system. And he would not like to download the "Self-Contained Application Packages" from our download page.
  3. Big download size.
  So what among the following two options suits if user have x86 MAC OSX or if he has already installed java on his system or he would not like to download "Self-Contained Application Packages" from download page due to big download size?
  Option are -
  1. APP ( without inbuilt copy of JRE)
  2. Or only a self executable jar.
  I am not sure that Mac OS X 10.7.3 (Lion) or later version can run on x86 system.So in case of #1 option the user may have trouble if he is using x86 system. Then he may need to change info plist file and replace the JavaAplicationStub.
  In case of #2 option I think is better as the user need to download the JRE only and the JAR should run using "java -jar" command.
  Please suggest which option is better in case if JavaFX application can run on x86 bit MAC OS X?

  JavaFX will run on only x64 bit MAC OSX?Yes. There is no 32 bit JavaFX 2.x+ build for OS X.

• I have put my head phone jack surcuely in but it's not making much sound. I have turned it up the whole way but it only gives me a tiny whiny little bit of sound. It only does this if I push it really far into my ear!!! Help!

  I have put my head phone jack surcuely in but it's not making much sound. I have turned it up the whole way but it only gives me a tiny whiny little bit of sound. It only does this if I push it really far into my ear!!! Help!

  I own the movies and I want them to stay in my iTunes library basically forever.
  But in both cases the file name no longer shows in the movie list, so I don't know how to re-download it from the Cloud.
  iTunes prefs > Store > Show iTunes in the Cloud purchases.
  This will show all your iTunes purchases in your library with a cloud icon down arrow. Click the icon to redownload or click on Play to stream without downloading.
  Also see this , -> Download past purchases
  and techncially, you don't "own" the movie, You simply have a license to use it.
  Yet the first thing iTunes does when you hit the delete key is tell you that it will remove the movie forever from all devices and the library.
  Actually, no it does not tell you that.
  FYI: You should keep copies of all yoru iTnue spurahses as the labels/movie studios/copyright owners can pull their product at anytime and it won't be available to redownload.
  Suggestions here -> http://www.apple.com/feedback/

• Updating an intermediate CA for a 128 bit SSL cert

  We found a 128 bit SSL cert that was affected by the Verisign server shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1 and 6.1 Web Logic server. Where can I find information on how to do this?
  Thanks.

  download from
  http://www.verisign.com/support/roots.html
  Scott Stanforth <[email protected]> wrote:
  We found a 128 bit SSL cert that was affected by the Verisign server
  shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1
  and 6.1 Web Logic server. Where can I find information on how to do
  this?
  Thanks.

• Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

  I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
  I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
  I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
  Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
  No matter what I do, it won't work.
  I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
  Can anyone help?

  Originally Posted by AndersG
  Fmcunningham,
  > > I am looking at installing a cert as well. I have NOWS SBE 2.0
  > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
  > > need a Wild card cert to be able to accomplish this?
  >
  Only difference between a wildcard and a regular (apart from price) is that
  a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
  cert only covers a named host, homer.acme.com
  - Anders Gustafsson (Sysop)
  The Aaland Islands (N60 E20)
  Novell has a new enhancement request system,
  or what is now known as the requirement portal.
  If customers would like to give input in the upcoming
  releases of Novell products then they should go to
  http://www.novell.com/rms
  I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

• SSL Cert Setup on the Palm Pre

  I am having issues setting up my companies email on the Palm Pre.  We use an SSL cert and for some reason I get Certificate Error. Is the time and date wrong.  I looked at many blogs with other people having this issue and they say a root cert needs to be put on the phone.  The only way it says to do this is to install the Microsoft Certificate Authority and then generate the cert that way. 
  Well, the issues that I am having is I have been generating my cert using the new-exchangecertificate -domainnames mydomain.domain.com, and I do multiples dns names.  This cert works fine on all my computers and all other cell phones.  When I put it on the pre I get the error above.  I read that this is an IIS root cert and the palm does not allow this.  I then installed the Certificate Authority and generated a cert and the pre worked fine, the only issue is the cert broke the rest of my external users connections.  I need the cert to have dns resolution addresses in it.  I found out how to get the Certificate Authority to have san:dns= domain.domain.com names.  But when I generate this cert and put it as my primary cert it then brakes the palm and my other systems. 
  How can I get the Certificate Authority to give me a cert with all the DNS names I need and work on the palm and all my other systems.
  Any help is great and thanks in advance.
  Post relates to: Pre p100eww (Sprint)

  We keep any type of updates very close to us. So close in fact that I do not know and only the developers know about this. But if you feel that this should be included there is a feedback link at the bottom of my post click on that and leave the feedback

• SSL - 128 bit encryption instead of 40 bit?

  Hi,
  I setup my Tomcat 4.0.3 server to use SSL as directed in a book on servlets that I bought from sun press. Everything works fine, the server starts with SSL support and you can access it with https:, download the cert, etc. I downloaded jsse 1.0.2 jar files and put them into my /jre/lib/ext/ dir as directed and created the keystore for the key with:
  keytool -genkey -alias tomcat -keyalg RSA -validity 730
  also directed by the book.
  My problem is that the keys generated are using 40 bit encryption instead of strong 128. I want to make the site as secure as possible and I'm wondering how to do that. I followed the directions exactly, downloaded the version of jsse for us/canada and yet my certs still say that they were encrypted with 40 bit not 128 bit encryption.
  Mike

  My problem is that the keys generated are using 40 bit
  encryption instead of 128. What client do you use to connect to Tomcat?
  If the client does not support 128 bit keys for RC4, the browser
  and SSL 3.0 may negotiate a weaker session encryption key,
  in your case 40 bit.
  I don't use Tomcat, but with my web server you can configure
  the SSL protocol versions it accepts, and the ciphers it accepts;
  ie I can switch off everything other than RC4-128. -- Can the same
  thing be done in Tomcat, and how can it be done?

• SSL, 128-bit encryption problem

  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection is established
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

  Sorry,
  It was my fault. I used 56-bit SDK. After upgrade all is perfect.
  "Gennady" <[email protected]> wrote in message
  news:9mgd4d$[email protected]..
  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection isestablished
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

• Security Management Appliance - Multiple SSL Cert support.

  Does anyone know if the SMA supports multiple SSL certs?  We would like to create a cert for our users that access the Spam Quarantine that uses a different FQDN from what we have now for admin access.
  I noticed in instuctions for importing certs into the SMA, that it does ask if you want to use that cert for everything, but I haven't found anything that elaborates on what options you have if you say NO.  I'm guessing from that question that it allows for a different cert for a different function, but I'd like confirmation and maybe direction on how to implement.
  Thanks in advance.

  You can install a different cert for different process:
  http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html
  Certificates can be used for four different services:
  Inbound TLS
  Outbound TLS
  HTTPS
  LDAPS
  When you say No, you'll just need to be prepared to enter in the separate certs as needed for each process.  And, SMA is still CLI only for cert management.
  -Robert

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy

• Coldfusion 11 SSL Certs applied - The APR based Apache Tomcat library which allows optimal performance in production environments,

  Coldfusion 11
  Windows Server 2012 R2
  Both the Coldfusion admin and additonal site work fine on HTTP.
  As soon as I attempt to enable SSL websockets and install SSL certs, the Coldfusion 11 Application service will not start. I followed the steps below....
  Coldfusion 11 - Web Sockets via SSL
  The Coldfusion-error.log shows
  Jan 26, 2015 3:21:23 PM org.apache.catalina.core.AprLifecycleListener init
  INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path
  Server was a cloned VM of the test server with developer copy of CF11, but license has been purchased and applied. SSL certs have been imported successfully, paths are correct in CF Admin to the cert file etc.
  Do I need to install another version of Coldfusion to get around this issue or is there a download update I need to apply?
  If i reconfig the \cfusion\runtime\conf\server.xml to comment out the SSL sections it works fine.
  Any assistance welcome - I can't allow this site to made publicly available with using SSL.
  SM

  @Scott, first are you running update 3? If so, let’s clarify at the outside that, as that bug report (you point to) does indicate in the notes below it, there is a fix for a problem where this feature broke in that release.  And as it notes, you can email [email protected] to request the fix (referring to that bug), or you can wait for it to be released publicly as part of a larger set of fixes.
  If you are NOT on update 3, or you may apply the fix and find things still don’t work, I would wonder about a few things, from what you’ve described.
  First, you say that the CF service won’t start, and you offer some lines from the ColdFusion-error log. Just to be clear, those particular error messages are common and nothing to worry about. They definitely do NOT reflect any reason CF doesn’t start. But are you confirming that that time (in the log lines) is in fact the time that you had started CF, when it would not start? I’d suspect not.
  Look instead in the coldfusin-out.log. What does THAT log show at the time you try to start CF and it won’t start? You may find something else there. (And since you refer to editing the server.xml file, you may the log complains that because of an error in the XML it can’t “parse” the file. It’s worth checking.
  You say also that you have confirmed that “paths are correct in CF Admin to the cert file”. What path are you referring to? There’s no page in the CF admin that points to the CACERTS file in which the certs are stored. Do you perhaps mean on the “system info” or “settings summary” page? Even so there’s still no line in there which refers to the “cert file”.
  Instead—and this could be a part of your problem—the cert file is simply found WITHIN the directory where CF’s pointed to to find its JVM. Wherever THAT is, is where you need to put any certificates. So take a look at the CF Admin, either in the ”java and jvm” page (and the value of its “Java Virtual Machine Path”), or in the “settings summary” or “system information” pages and their value for “Java Home”. Is that something like \coldfusion11\jre? Or something like \Java\jdk1.7.0_71\jre? Whichever it is, THAT’s where you need to put the certs, within there (in its \lib\security folder).
  Finally, when you say that if you “comment out the SSL sections  it works fine”, do you mean that a) CF comes up and b) some example code calling your socket works, as long as you don’t use SSL?
  To be clear, no, you don’t need any other version of CF11 to get websockets to work. But if you are on update 3, that may be the simple problem. Let us know how it goes for you with this info.
  /charlie

• How Do You Make OS X Run Strictly Only 64-bit?

  Hi. I've set OS X to run on 64-bit on boot (editing the plist. Apple should have a control panel for 32 and 64-bit mode. I hope Lion will have those) but how is it running a 32-bit of Flash on Safari? I thought on this mode it strictly runs only 64-bit programs? So if you're using 32-bit mode, that's really the same as when you're on 64-bit mode coz' on 32-bit mode it'll still use 64-bit apps when it's available (or 64-bit programs won't run when you're on 32-bit mode?).
  Is Safari 5 64-bit by the way? There's a preview of the 64-bit Flash player which might be good to try on a 64-bit OS and Safari. Thank you in advance.
  Gbu.

  Do not confuse user mode application programs with the kernel and device drivers. This is NOT Windows, and does NOT have the limitations that Windows has.
  The 32-bit Mac OS X kernel can run both 32 and 64 bit applications. Just launch Applications -> Utilities -> Activity Monitor and the "Kind" column will show you that with the 32-bit kernel you are currently running tons of 64-bit programs.
  Today, the only reasons for booting a 64-bit kernel are:
  o You are a developer writing a 64-bit device driver
  o You need to use a special limited edition 64-bit device driver and have no choice
  o You have one of the newest Mac Pros or Xserver boxes and have put more than 32GB of RAM in the box
  o You would like to blaze a 64-bit trail testing all the beta 64-bit device drivers so the above mentioned developers get some real world field testing.
  Otherwise, the 32-bit kernel gives you all the benefits, and none of the hassles.
  Apple released a 64-bit capable operating system that by default boots into a 32-bit kernel so that developers had a nice long period of time to develop and test their 64-bit drivers and applications. I suspect that 10.7 may default boot 64-bit kernels on Macs that are 64-bit kernel capable (ie. they have 64-bit CPUs and have 64-bit firmware), but that is only a guess.
  And with respect to a 64-bit kernel running 32-bit apps, yea, Apple can do that too, so again you do not need to get new apps just because you are booting a 64-bit kernel.
  Message was edited by: BobHarris

• Webserver refuses to take SSL cert

  My SSL cert is installed on my server and when I go to Settings pane in Server.app for the host and edit "SSL Certificate" and choose my cert, the UI will collapse the pane below showing the various services. This is because it applies the cert to all services. When I click OK to accept the setting, it should show my cert right after "SSL Cert:" because should now be applied to all services.
  Instead it shows "Custom". When click th "Edit" button again to see whats going on, it shows that all services are using my cert - except the last one - "Websites (Server Website - SSL)"
  For that, is simply shows "None". Changing it to my cert then clicking OK, has no effect. It just reverts back to "None".
  Apache wont start because there is no cert specified and specifying it manually in ..
  "/Library/Server/Web/Config/apache2/sites/0000_any_443_.conf"
  ..does no good because OS X simply overwrites it from some place.
  So at this point it's impossible to get Apache going on this host. The Server application refuses to accept my cert for the website. I dont get any errors and I dont see any in the logs either pertaining to some failure to apply the setting.
  Any ideas?

  I forgot to mention that when the Certificate Assistant ask for the Issuer in one of its screen, choose the Intermediate CA certificate. Also, the four PEM files is created in /etc/certificates.
  On a fresh Server app install after your get OD Master running or after you have done the web:command=restoreFactorySettings, visit Server app Certificates screen and Custom select the just created Leaf SSL Certificate next to the Web (Default Server - SSL). This will create the default SSL certificate in the Web service window.
  Also, if any one of the three *conf files are missing in the sites folder, Server app will hose the folder by renaming it as sites-unusable-nnnn and recreate a fresh sites folder with fresh copies of the *.conf files. In addition, if you read the comments within the 0000_any_80_.conf and 0000_any_443_.conf files, there are certain apache http directives which are off-limits to administrator as Server app will modify their values. It suggests that you create a .conf files with your amendments (of course, they must be within the Virtual Host context) and use an Include directive or through the use of the WebApps mechanism.
  Furthermore, you must not set a specific IP address for all your virtual hosts but use Any instead. Since I want to use the built-in Wiki service, I have added wiki.domain.com as Additional Domains for both the Default Servers (since the Default Servers refuse to use ServerName). For my case, since I have multiple IP addresses, I have to specifically amend the virtual_host_global.conf file with a static IP address for the Listen 80 and 443 directives, and since Server app will undo the amendment within the sites folder, I have to bring the virtual_host_global.conf file up one level to the apache2/ folder, amend httpd_server_app.conf to load this virtual_host_global.conf file instead...see below the relevant section of my httpd_server_app.conf file:
  <IfDefine WEBSERVICE_ON>
      Include /Library/Server/Web/Config/apache2/sites/0000_*.conf     <--- instead of "*.conf"
  </IfDefine>
  <IfDefine !WEBSERVICE_ON>
  #    Include /Library/Server/Web/Config/apache2/sites/virtual_host_global.conf
      Include /Library/Server/Web/Config/apache2/sites/0000_any_80_.conf
      Include /Library/Server/Web/Config/apache2/sites/0000_any_443_.conf
  </IfDefine>
  Include /Library/Server/Web/Config/apache2/virtual_host_global.conf
  Include /Library/Server/Web/Config/apache2/httpd_server_app_tweaks.conf
  The httpd_server_app_tweaks.conf file is my performance tweaks (e.g. StartServers, MinSpareServers, etc.)
  So Server app can happily modify the virtual_host_global.conf file within the sites folder but my settings remain safe one level up.

• Changing SSL Cert, how do you update the trust profile for devices.

  I am in the process of changing out the ssl cert for the trust profile (going from a self-signed to a signed cert).  How do you update the trust profile on the devices already paired with the server.

  Yes, the linked smart object can be either raster or vector, but they will be placed as raster images, just as the embedded SO are.  SO can be embedded or linked to an outside file.  Edits to the original will not update in the original until you select "Update modified content from the menu" when you reopen the file that has the place SO in it.  otherwise it will update when you save the linked file.  Yes, there still is an advantage to having an embedded SO.  You may not want to maintain the links - send a file off and forget to include the linked files.  You may want to alter the SO, but not the original file.
  Ah, thanks. But does this mean that raster and vector smart objects can EITHER be located within the Photoshop file (as they have been since their advent) OR linked to an external file?
  And if so,
  1. Can this linked file be either raster or vector?
  2. Do edits to it automatically update the Photoshop file?
  3. Is ther any longer any advantage to having the smart object data stored within the Photoshop file when it can be linked?

• Dreaded "must be configured to use a valid SSL cert" - 2008 R2

  Hello everybody,
  I've been browsing through hundreds of topics on the dreaded "The RD Gateway server must be configured to use
  a valid SSL certificate" error using BPA (Windows Server 2008 R2 Std), but still haven't found a proper solution.
  Here's the issue: RDGW not operating properly and sometime accepting connections, sometimes not. 
  I have an external domain example.com and internally, the domain is example.local. I have one server serving Exchange and RD, this is the server responding to mail.example.com and I have an StartSSL issued cert for mail.example.com, which is properly configured
  on the server (OWA is working properly with autodiscover etc.). SSL bindings seem alright, default site is using the mail.example.com SSL cert.
  If I open the RDGW Manager and go to the SSL Certificate tab, the system looks happy by having the cert installed, everything looks fine. Sometimes I even manage to connect - connection is successful, I can normally connect to any of the servers or computers.
  On a second attempt, I just get the message, that the logon attempt had failed. If I run BPA on the server, I get the error of not having a proper SSL cert. If I select a self-signed cert, then also the BPA goes through, but then I have problems with connections
  since everybody would need this cert to have installed.
  From what I read, my problems are related to the issue that the FQDN of my server is servername.example.local and the cert is issued to mail.example.com. How can I make the thing only to talk via the mail.example.com cert? I don't think I can get a cert
  that'd also contain a SAN of servername.example.local from the CA.
  What can I do?

  Hi Andrej,
  Thanks for posting in Windows Server Forum.
  Here providing you the article for BPA’s configuration logs, where you can check. It also states that certificate are main problem related to this error. Please check certificate which you have bound have FQDN name of gateway server, the certificate is SSL
  certificate and it’s a trusted certificate. Also check that certificate which you have importing to RD gateway must be in local computer/personal store. For more information refer below article.
  1. Using the Remote Desktop Services BPA to analyze a Remote Desktop Gateway
  implementation
  2. RDS: The RD Gateway server must be configured to use a valid SSL certificate
  In addition, you need to specify the FQDN name of RD gateway under
  DefaultTSgateway in IIS setting. Please go through below article for details.
  RD Gateway/Web Access Outside the Firewall
  Hope it helps!
  Thanks,
  Dharmesh