SHA-2 SSL certificates supported on Server v10.5?

Similar Messages

• WILL MAC OS 10.4 server SUPPORT SHA-2 SSL CERTIFICATES

  Am running Mac OS Server 10.4.11 on a PowerPC Mac Mini (1.42GHz) and currently have SHA-1 SSL certificate from GoDaddy.
  They want everyone to upgrade to a SHA-2 (SHA256) SSL certificate for Google's Chrome browser which will soon start showing SSL errors for SHA-1 certificates.
  Is Mac OS Server 10.4.11 capable of serving up a SHA-2 SSL certificate?  (I originally renewed last Feb. to a SHA-2 certificate, but many browsers didn't recognize it, so I re-keyed to a SHA-1 certificate that is good to 12/31/15.

  Hi, I do not know, but I doubt it.
  Here's the 10.4 Server forum if you want to ask over there...
  Mac OS X Server v10.4 and earlier

• The SSL certificate of the server is expired

  Today, I accessed Beehive Online via Oracle Beehive Extentions for Explorer.
  I cannot use Beehive Online with error message "The SSL certificate of the server is expired".
  How should I do?

  We're looking into it, meanwhile you can use a Webdav connection.
  Thanks,
  Jereen

• Install SSL certificate - OS X Server 10.8.2

  Greeting All,
  I am using OS X Server 10.8.2 with Server.app 2.2 and self-signed SSL sertificate. And I try use CA form Verisign.
  I already success create CSR and get trial SSL certificate form Verisign. But I found I can't install SSL certificate correct and made it use in Profile Manager 2. When I check Profile Manager 2 in Server.app 2.2. I only see self-signed intermediate CA.
  I check Apple on line guide and support site of Verisign but not found any latest guide of how to install it in Server.app. Any advice is welcome.
  Thanks,
  Spin

  If you purchased the SSL certificate, you have to convert the certificate to "PEM"
  https://www.sslshopper.com/ssl-converter.html

• Can't find SSL certificate in SQL server configuration manager?

  Hi 
  It's been 2 days and I need a help. I have visited a number of sites and I still can't make it work
  Two severs I have: Windows 2012 Standard with SQL 2008 R2 and SQL 2012 
  I am trying to set it up on SQL 2008 R2 right now. 
  I have a certificate from a CA and did the followings.
  1. Open MMC
  2. Add Certificates Snap-in as a computer account (In fact, I tried all the three accounts)
  3. Right click-on Personal folder and All taks and Import 
  4. Installed the certificate with Certificate import Wizard
  5. The certificate shows up under Personal/Certificates and Trusted Root Certification Authorities/Certificates
  I did this with a local administrator account as well as MSSQL account(SQL Server service account I created). Even though the server is part of domain, SQL server is set up with local accounts. 
  This is a simply summary. I tried everything in the article such as 'Create Custom Request'. 
  I am not sure what I am missing. Why can't I see the certificate in SQL Server configuration manager? 
  I even made MSSQL (service account) as administrator. Not working.  
  as I am not using the domain service account, I believe below is not relevant. 
  Missing detail on "Install a certificate in the Windows certificate store..."
  When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols.  This is because the service account does not have permissions to read
  the private key.  Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.)  Select the certificate you just imported, then in the Action menu select "Manage private keys."  Grant the domain service
  account read access to the private key of the server certificate.
  Below is the few of reference I looked at.. 
  https://support.microsoft.com/en-us/kb/316898/
  https://msdn.microsoft.com/en-us/library/ms191192(d=printer).aspx
  https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  http://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-
  http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx

  Hi Dinesh 
  Thanks for the reply. 
  I did looked into the both sites as well. but it did not work. 
  Below is the step to install SQLs server certificate. and I was stuck with Step 9. when click 'next' in the wizard, I am not getting into a place to select 'computer' as certificate type. 
  Do you know what is wrong please? 
  Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
  On the File menu, click Add/Remove Snap-in...
  Select Certificates, click Add.
  You are prompted to open the snap-in for your user account, the service account, or the computer account. Select the Computer Account.
  Select Local computer, and then click Finish.
  Click OK in the Add/Remove Snap-in dialog box.
  Click to select the Personal folder in the left-hand pane.
  Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate...
  Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
  You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
  Now you should see the certificate in the folder with the fully qualified computer domain name

• Install GoDaddy SSL Certificate to Windows Server 2012 - Access Anywhere

  I would like to activate Access Anywhere on my windows server 2012 essentials. I went through the guided steps and purchased a SSL certificate from Godaddy. Godaddy doesn't offer support regarding the correct installation process of their certificates
  using iis 8 (server 2012 essentials). I noticed that Access Anywhere requires a PFX certificate and Godaddy only provided a PKCS #7 and a cer. file. Please let me know if Godaddy's certificates are compatible with windows server 2012 essentials. Without Access
  Anywhere functioning on my server, the usefulness of the server greatly decreases. Your assistance is greatly appreciated. Thanks. 

  All you need is the standard, lowest level, single domain, no email, no bells, no whistles, no UCC.  Just a simple SSL cert.  Even SBS standard which adds email to the RWA feature, only requires that, thanks to the magic of the dev. team.
  Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Copying SSL Certificates from one server to another.

  I have a question that hopefully someone might have the answer for... I have a IPlanet 6.0 SP4 server that has an SSL certificate I'm trying to move to a new server that's on SunOne 6.1. I was under the impression that I could easily copy the <Iplanet_Root>/alias/https-<ServerInstance>-<server>-<key3/cert7>.db files to the new server from that server's alias directory. However before I copied the files, I immediately noticed the new server's cert file is called cert8 instead of cert7 and is 64K as opposed to the 6.0 server's 16K.
  I stopped the web instance and renamed the current db files and copied in the new and changed the cert7 to cert8. When I restarted the server, it stayed up and didn't report any problems. However, when I go the security tab and click on any of the links on the left column, an internal server error (http500) page is displayed. No additional errors show up in the errors log.
  Unfortunately, we don't have the original certificate request. I'm sure when it was applied for; it was cut and pasted into the install certificate page. Otherwise, I'd simply do the install on the other server. Is there a simply means to copy an already installed cert from one sever to another?
  Any assistance would be greatly appreciated.

  Migration from 6.0 to 6.1 should take care of this. You don't have to rename the files to cert7.db after the migration, just leave them with their new names and size as is. The new file created in 6.1(after migration is complete) will be called cert8 and this is fine because 6.1 uses newer version of security libs. Doc links:
  http://docs.sun.com/source/817-1830-10/migrate2.html
  http://docs.sun.com/source/817-1831-10/agcert.html#wp1017112
  Thanks,
  Manish

• Upgrade SSL Certificate for Exchange Server

  Hi Folks,
  I need to upgrade the SSL certificate on my Exchange Server, so he can negotiate encryption and authorization to an upstream SMTP Smart Host.  This means that the certificate I need is not necessarily a server certificate, because in this scenario Exchange
  Server is acting as a client to the upstream SMTP Smart Host.  I have openssl at my disposal, so making the certificate in not a problem but installing it in the correct location and testing that I've done what I think I've done is.
  Thanks for the help,
  Chris.
  Thanks for the help,
  Chris.

  Hi,
  Please just make sure the primary certificate in your Exchange server with
  SMTP service is valid, trusted by your SMTP smart host.
  Thanks,
  Winnie Liang
  TechNet Community Support

• How to use SSL certificates in OSX Server

  I have setup OSX server with a host name that is pointed properly to my OSX server. My question is about using certificates that were purchased through my domain registrar.
  I bought a cert and after the validation process, I was given a link to download 4 certificate files.
  AddTrustExternalCARoot.crt
  DV_NetworkSolutionsDVServerCA2.crt
  DV_USERTrustRSACertificationAuthority.crt
  [domain name].crt
  So after downloading these and opening them one by one, I installed them in the keychain as a system cert.
  The part I cant figure out is how to use the domain cert instead of the one that the server creates upon completion of setup (the self signed one).
  On the certificate selection in the sidebar, I can choose Import a certificate identity, but when I drag my domain cert into the box, it shows up as a non-identity cert and the Import button is still grayed out. I dragged all four certs there and all of them show as non-identity certs.
  If I go down the path of the Get a Trusted Certificate, it takes me through the CSR request which I dont think I need since i have my certificates already.
  Am I missing a step? Or do I need to export from the keychain, then import into the server application? Seems like the new certificates should show up in the server application. Any help would be greatly appreciated.

  I got the answer and wanted to post for anyone that happened to have this question.
  During the SSL cert setup, it asks where your domain is hosted and since it was hosted by Network Solutions, I chose that option which doesnt do the CSR request. I had to choose Other/VPS.
  Once I did that, I was able to generate a CSR in the server application and get my certificate issued again by pasting the request code on my registrars website. Once I received those certs, I dragged my domain cert into the Pending one listed in the certificate list.
  Also I chose Apache/ModSSL as the type of server. Hope that helps and new people like myself in setting up the server application.

• Use Homepage SSL certificate as exchange server certificate?

  the certicate needs to match the fully qualified domain name that you connect against.
  so if the web site uses www.domain.de and the echange server's OWA/Activesync is owa.domain.de it wont match and you'll get errors. However if the SSL cert is wildcard to *.domain.de you'll be OK.

  Hi there,
  im a little certificate dau
  i have a certificate for our homepage which certifies on "Domain123.de".
  Is it possible to use this certificate for our mail server? (exchange 2007)
  The mail domain is "[email protected]"
  Our AD Domain is "Domain456.local"
  I hope you can help me here.
  Heres some bacon to attract the pros
  This topic first appeared in the Spiceworks Community

• Retrieving ssl certificates from a server

  Hello there,
  i am currently trying to learn some things about SSL, i've never had to work with ssl servers until now, and i've got a couple of questions here;
  first off, my client program needs to connect to an IMAP server, in order to retrieve the number of new messages in the inbox. Now, the certificate doesnt seem to be standard, because i get an sun.security.validator.ValidatorException: No trusted certificate found.
  I have already learned how to make my own keystore file and add in custom certificates, but i do not know how to retrieve these certificates from the servers I am connecting to.
  So, how can i get this information from an IMAP server? :)
  many thanks in advance!
  With kind regards,
  Steven

  Ok well I found a way on the net to use an "all-trusting" trust manager, so now the handshake works and i can work within the imap server..
  but, what's the use of this certificate then, if i can simply avoid using a real one? I hope someone could answer this :)

• Cisco ASA 5585-X SSP-20 SSL wildcard SSL certificate support ?

  Hello
  i want to verify if Cisco ASA 5585-X SSP-20 supports Wildcard SSL's.
  Cheers

  Supports them how?
  As certificates issued to the ASA and properly bound to it's interfaces to support SSL VPN or ASDM access - yes.
  You can configure a wildcard (or any other) certificate improperly and cause things not to work. However it's not a limitation of the device's operating system not supporting it.

• Nexus 7000 SSL wildcard SSL certificate support ?

  Hello
  i want to verify if Nexus 7000 supports Wildcard SSL's.
  Cheers

  I have the same problem on a 5515-X, and I've tried pretty much the  same things. The weird thing for me is that everything worked great  until I did an OS upgrade. Back on 8.6.1, my browser successfully  verified the certificate on my SSL VPN login page, and AnyConnect never  brought up any warning boxes. But after I upgraded to 9.1.3, the box was  back to using a self-signed cert. The wildcard identity certificate  seems to have just disappeared, though the GoDaddy CA cert and my local  CA cert both stayed intact.
  I've used OpenSSL to convert and verify my cert file  in a number of different ways, but all of my supposedly valid files  still get the import operation failed message. So it seems like there  was some OS change that suddenly made my wildcard incompatible, but I  haven't figured out what it is yet.
  Hope this helps, for both our sakes.

• SSL Certificates (p12) and server side authorization

  Hello dear ALL!
  Can u tell me how to store multiple certs in AIR app if it's possible?
  I have an server side SSL authorization. But I can't sign AIR app with client p12 certificate =(
  Is there another way to use my client certificate?
  Sorry for my english =)

  Anyone?
  Client can have several certificates (logins).
  Where in the system or in AIR app its stores?