SSL Cert requiring intermediate CA chain breaks 10.5.8 caldavd?

Similar Messages

• Updating an intermediate CA for a 128 bit SSL cert

  We found a 128 bit SSL cert that was affected by the Verisign server shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1 and 6.1 Web Logic server. Where can I find information on how to do this?
  Thanks.

  download from
  http://www.verisign.com/support/roots.html
  Scott Stanforth <[email protected]> wrote:
  We found a 128 bit SSL cert that was affected by the Verisign server
  shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1
  and 6.1 Web Logic server. Where can I find information on how to do
  this?
  Thanks.

• OHS VirtualHost only SSL - redirect to equivalent of IIS HTTP Error 403.4 - Forbidden: SSL is required to view this resource

  Hi,
  I'm completely new to OHS and have been asked to ensure that a URL that goes to OHS should only be accessible on HTTPS, if accessed by HTTP it should go to the equivalent of IISs
  HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
  As OHS is the frontend to our SOA installation we have specific files under /moduleconf/ for the virtualhosts, an example of one is below. 
  Can anyone give me any clues/best practice to only allow this VirtualHost to be allowed on HTTPS/SSL and to not redirect non SSL to SSL but to an error page like the equivalent mentioned above.
  Any guidance would be greatly appreciated.  Many thanks
  <VirtualHost *:443>
    ServerName testhub.example.com:443
    RewriteEngine On
    RewriteOptions inherit
    RewriteRule ^$ /osb/hub.asmx [NC,P]
    RewriteRule ^/$ /osb/hub.asmx [NC,P]
    RewriteRule ^/hub\.asmx$ /osb/hub.asmx [NC,P]
  <Location /sbinspection.wsil >
    SetHandler weblogic-handler
    WebLogicCluster OSB1:8011,OSB2:8011
  </Location>
  <Location /sbresource >
    SetHandler weblogic-handler
    WebLogicCluster OSB1:8011,OSB2:8011
  </Location>
  <Location /osb >
    SetHandler weblogic-handler
    WebLogicCluster OSB1:8011,OSB2:8011
  </Location>
  <Location /alsb >
    SetHandler weblogic-handler
    WebLogicCluster OSB1:8011,OSB2:8011
  </Location>
  <IfModule ossl_module>
    SSLEngine on
    SSLProtocol nzos_Version_1_0 nzos_Version_3_0_With_2_0_Hello nzos_Version_3_0
    SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AE
  S_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
    SSLVerifyClient none
    SSLWallet  "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/host"
    SSLProxyEngine On
    SSLProxyWallet  "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/host"
    SSLCRLCheck Off
  </IfModule>
  </VirtualHost>

  Use https://221.135.134.52/vodacts/
  That gives me a certificate error because the server doesn't send an intermediate certificate that chains to a build-in root certificate.

• How to get OS X to accept an SSL Cert the way other UNIX clients do?

  I'm hoping some of the network gurus can suggest a solution for me. My current config is 10.5.4 on PPC.
  I have a host that I need to connect to using SSL but their certificate has a host name mismatch (they are a small org, and can't afford another SSL cert for the moment). I know the cert is valid, so I'm not worried about the security implications of using it.
  On other *NIX clients, I simply have to add the cert into the root chain (e.g. /etc/ssl/certs/ca-certificates.crt), restart the application, and all apps will then accept it as valid.
  On OS X, I've imported the cert into Keychain Access, marked it as "Always Trusted" and set up a policy to "alias" it to the URL I need to access with my application (not a web browser) (ref: KB article: HT1679) in both the login and the System keychains, yet the client application still errors out and refuses to connect to the URL.
  How can I configure client SSL on OS X to work like other UNIX configurations? There doesn't seem to be a way to override the extremely restricted behavior.
  I have MacPorts installed and am open to an application specific "hack" if necessary, ala "LDLIBRARYPATH", if anyone thinks that's feasible (which is what I am looking at now). Conceivably I could recompile the client application since it's OSS, though I'd rather avoid that if possible.
  Any suggestions would be appreciated.
  Thanks in advance--
  =N=

  when you connect with a web browser to an https site that has a mistmatched cert it warns you and you have to tell the browser to ignore the security issue to let you carry on.
  what unix apps are you using to connect to this server?

• Webserver refuses to take SSL cert

  My SSL cert is installed on my server and when I go to Settings pane in Server.app for the host and edit "SSL Certificate" and choose my cert, the UI will collapse the pane below showing the various services. This is because it applies the cert to all services. When I click OK to accept the setting, it should show my cert right after "SSL Cert:" because should now be applied to all services.
  Instead it shows "Custom". When click th "Edit" button again to see whats going on, it shows that all services are using my cert - except the last one - "Websites (Server Website - SSL)"
  For that, is simply shows "None". Changing it to my cert then clicking OK, has no effect. It just reverts back to "None".
  Apache wont start because there is no cert specified and specifying it manually in ..
  "/Library/Server/Web/Config/apache2/sites/0000_any_443_.conf"
  ..does no good because OS X simply overwrites it from some place.
  So at this point it's impossible to get Apache going on this host. The Server application refuses to accept my cert for the website. I dont get any errors and I dont see any in the logs either pertaining to some failure to apply the setting.
  Any ideas?

  I forgot to mention that when the Certificate Assistant ask for the Issuer in one of its screen, choose the Intermediate CA certificate. Also, the four PEM files is created in /etc/certificates.
  On a fresh Server app install after your get OD Master running or after you have done the web:command=restoreFactorySettings, visit Server app Certificates screen and Custom select the just created Leaf SSL Certificate next to the Web (Default Server - SSL). This will create the default SSL certificate in the Web service window.
  Also, if any one of the three *conf files are missing in the sites folder, Server app will hose the folder by renaming it as sites-unusable-nnnn and recreate a fresh sites folder with fresh copies of the *.conf files. In addition, if you read the comments within the 0000_any_80_.conf and 0000_any_443_.conf files, there are certain apache http directives which are off-limits to administrator as Server app will modify their values. It suggests that you create a .conf files with your amendments (of course, they must be within the Virtual Host context) and use an Include directive or through the use of the WebApps mechanism.
  Furthermore, you must not set a specific IP address for all your virtual hosts but use Any instead. Since I want to use the built-in Wiki service, I have added wiki.domain.com as Additional Domains for both the Default Servers (since the Default Servers refuse to use ServerName). For my case, since I have multiple IP addresses, I have to specifically amend the virtual_host_global.conf file with a static IP address for the Listen 80 and 443 directives, and since Server app will undo the amendment within the sites folder, I have to bring the virtual_host_global.conf file up one level to the apache2/ folder, amend httpd_server_app.conf to load this virtual_host_global.conf file instead...see below the relevant section of my httpd_server_app.conf file:
  <IfDefine WEBSERVICE_ON>
      Include /Library/Server/Web/Config/apache2/sites/0000_*.conf     <--- instead of "*.conf"
  </IfDefine>
  <IfDefine !WEBSERVICE_ON>
  #    Include /Library/Server/Web/Config/apache2/sites/virtual_host_global.conf
      Include /Library/Server/Web/Config/apache2/sites/0000_any_80_.conf
      Include /Library/Server/Web/Config/apache2/sites/0000_any_443_.conf
  </IfDefine>
  Include /Library/Server/Web/Config/apache2/virtual_host_global.conf
  Include /Library/Server/Web/Config/apache2/httpd_server_app_tweaks.conf
  The httpd_server_app_tweaks.conf file is my performance tweaks (e.g. StartServers, MinSpareServers, etc.)
  So Server app can happily modify the virtual_host_global.conf file within the sites folder but my settings remain safe one level up.

• Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

  I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
  I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
  I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
  Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
  No matter what I do, it won't work.
  I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
  Can anyone help?

  Originally Posted by AndersG
  Fmcunningham,
  > > I am looking at installing a cert as well. I have NOWS SBE 2.0
  > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
  > > need a Wild card cert to be able to accomplish this?
  >
  Only difference between a wildcard and a regular (apart from price) is that
  a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
  cert only covers a named host, homer.acme.com
  - Anders Gustafsson (Sysop)
  The Aaland Islands (N60 E20)
  Novell has a new enhancement request system,
  or what is now known as the requirement portal.
  If customers would like to give input in the upcoming
  releases of Novell products then they should go to
  http://www.novell.com/rms
  I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

• SSL cert error on exchange 2013.

  Hi,
  Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
  Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
  There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
  Error Box 1
  Security Alert
  servername.localdomain.local
  Information you exchange with this site cannot be viewed or changed...................
  The security certificate is from a trusted certifying authority.
  The security certificate date us valid
  X The name on the security certificate is invalid or does not match the name of the site....
  Error box 2
  Microsoft Outlook
  There is a problem with the proxy server's security certificate.
  The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
  Outlook is unable to connect to the proxy server. (Error Code 10)
  Any quick help will be highly appreciated!
  Many thanks

  Hi,
  Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
  You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
  use the shell to view the internal and external URL's,
  Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
  Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
  Get-ECPVirtualDirectory | fl internalurl,externalurl
  Get-OabVirtualDirectory | fl internalurl,externalurl
  Get-WebServicesVirtualDirectory | fl internalurl,externalurl
  Change all your internal URL's similar to the external URL's, use the Set command as the example below.
  Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
  make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
  Regards
  Boniface

• SSL cert on ASA 5512 from Thwate or Digitcert

  I ran into the issue when I install SSL123 cert from Thwate . I did not have issue with SSL cert from DIgitcert- their process and steps are simple and using better encryoption - SHA256. Compare to Thwate - their support did not let me use SHA2 and I had to use SHA1 - according to some organisation SHA1 will be retired soon 
  Let me explain how to install SSL123 from Thwate into ASA 5510- you can follow their instruction - but generate CSR with 2048 - with 4096 did not work .Once you apply into their portal use SHA1 ( SHA2 did not work ) . Before you get email with their CA -  install Root and Secondary intermidiate certificate - located in their website . After you get email with the new cert - you can install under Idendity certificates where still says pending .Note - there are CSR checker tools - before you apply it into CA _ google CSR checker - make sure your CSR does not have any errors
  Note - When you install each certificate - trustpoint association could be in different order - example - ASDM_trustpoint0 , ASDM_trustpoint1 , ASDM_trustpoint2   etc . If you use the same ASDM_trustpoint0 for all certs- root , intermidiate and signed certificate - Did not work and you are getting ERROR - :Failed to parse or verify imported certificate
  here is the link you can follow - https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO16141&actp=search&viewlocale=en_US&searchid=1429125296765
  Finally you can check your SSL cert - google SSL checker to see if your chain as good all the way and what need to be fixed 

  First of all, you don't need the server names in the cert if your Exchange urls are configured to a load balanced url. Going forward, you will not be able to get a certificate from 3rd party with internal urls (server fqdn) in it.
  When you export the certificate from CAS1, make sure that you include the private key as well (there will be a check box to tick) and import it back on CAS2.
  If not, you can just import the certificate into CAS2 by selecting Import Exchange certificate in EMC and select the 3rd party cert (just like you imported on CAS1).
  Yes, you need the certificate on both servers, otherwise you will get certificate errors on clients (assuming that there is some form of load balancing in place - NLB or hardware).

• SSL Cert used to sign Jars for distribution via WebStart

  Hi,
  I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
  Certificate chain not found for: myalias  myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
  xxx.cabundle (this can be imported into keytool easily)
  cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
  private/xxx.key
  My questions I suppose are:
  1. Can I use a cert issued for SSL to sign jars for webstart distribution?
  2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
  Any help would be appreciated!
  Rich

  Hi,
  yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
  Sent from Cisco Technical Support Android App

• DPM 2012 setup to remote SQL 2012. SSL cert error

  First of all, the category I selected, which was for SQL server reporting services was as close as I could get. There wasn't a way to select System Center DPM server from the list. As this relates to the Report Server portion of the setup, I chose this category.
  I am setting up DPM 2012 SP1 on a single use server (Windows Server 2102 R2 Standard) and remotely connecting to a new DB server (MSSQL 2012). I keep getting error ID:812 when trying to install, and the logs show that it is trying to set up report server,
  but that it cannot establish a trust relationship for SSL/TLS.
   * Exception :  => System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
  secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  I'm not clear on how to proceed. Invalid cert means it wants something very specific.
  I have installed a domain issued cert from the DC on the SQL reporting server and have bound that cert to SSL using report server configuration. I then imported the cert into the DPM server in the trusted and personal certs. The DPM server has our DC as
  a trusted source. That clearly doesn't work.
  Thinking I may not be able to use a self-signed cert, I then installed our wildcard cert onto both the SQL server and the DPM server. I ran through the Report Server configuration again and bound that wildcard. This is a Godaddy wildcard cert.
  Same problem no matter what I do. Clearly, this is matter of a cert issue, but I'm lost. There are zero instructions I've found on how to ensure Windows server 2012 cert requirements are met as it relates to SQL and DPM.
  Thanks for your advice.
  Kaden

  Hi Kaden,
  This thread is for reporting service and I hope i can provide some useful informaiton from reporting service side while i don't work on DPM at all. You may still need to find out the forum for the DPM and check there.
  Regardingless of DPM, Reporting Service can usually create HTTP link and HTTPS link together. For the HTTP one, a certificate is needed. HTTPS is not needed excep you have the concern with  security.
  Usually application like DPM/SCOM will connect to the web service link provided by Reporting Service and work on that.
  If the application requires a HTTPS link, then same thing has to be setup on reporting.
  You need to install a certificate and add it to trust store and then configure reporting service to listening on HTTPs 443 port from the reporting service configuration manager.
  You can find the steps here.http://technet.microsoft.com/en-us/library/ms345223(v=sql.110).aspx
  After you create the HTTPS link successful, try to open the https web service link both remotely or locally from IE. If you can open it there without any error, reporting service is working fine.
  For some applications, they would need special  certificates installed on reporting service and used. You may check with the related product on this then.
  In a summary, if you can configure a HTTPS link for reporting service can open it correctly, configuration steps on reporting service is fine.
  If there is still any error from DPM, you would need check additional resource from DPM part.
  Thanks,

• WLC Virtual Interface config for a public SSL cert for Web Authentication

  I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
  In the document "Generate CSR for Third−Party Certificates and
  Download Chained Certificates to the WLC"
  Document ID: 109597 it states the following
  "Note: It is important that you provide the correct Common Name. Ensure that the host name that is
  used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
  entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
  you make the change to the VIP interface, you must reboot the system in order for this change to take
  effect.
  Here are my questions.
  1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
  2. In the "DNS Host Name" Field do I simply put the domain or the FQDN?  Example. Company.com or hostname.company.com

  Hi,
  1) You can change that if you want. Normally it is non-Public and non-routable in your network.
  2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
  Regards
  Dhiresh
  ** Please rate helpful posts**

• Multiple SSL Certs in one SSL Proxy/VIP

  Guys
  I have a requirement to be able to provide SSL for two different sites that will resolve to the same VIP.  Ive created alot of SSL sites before and these work a treat with HTTP to HTTPS redirection.
  However Im not sure how are take two different SSL certs, and bind them to the same SSL Proxy, inorder for me to add them to the same VIP.  The customer wants to use only port 443.  I had thought about using a secondary port something like 8443, and adding another class under the multi-match policy.
  Is this possible at all?  I use a standard L4 class-map in the multi-match policy, that then nests down into L7 class-maps, for URL load balancing.
  Because this is a multi-match policy can I just create another L4 Policy, which in turn nests down to a different L7 class-map, allowing me to match the second URL. And thus because I have another L4 policy I can assign a new SSL Proxy?
  Thanks

  Cathy
  Thanks for the reply, thats what i was thinking. we use wild card certificates for several of the other domains, how we need to provide  certificates for www.website.com and ww2.website.com due to cost.
  Is it possible to replace the L4 policy map, with a straight L7 so that we are load balancing directly on URL as apposed to verifying L4 matches first?  Or would this not be advisable / possible.  I always thought it was the L4 policy that made the VIP proxy?
  Can SAN certs not be used in this example?
  Thanks

• Application Networking Manager - SSL Certs

  Hi,
  We have an ANM 4.1  installation and today i was asked why an ACE context with many certs installed for the SSL proxy service didnt show any of the certs or keys in ANM. I can see some chains group parameters and ssl proxy service config.
  I have double checked and there are lots of certs installed via CLI and have run a resync but absolutely nothing in the SSL --> Cert pages or SSL --> Keys. Is it because all the config importing the certs was via the ACE CLI rather than the ANM??
  What I have to do to import these as we plan to use ANM to manage the cert expiry dates

  Adrian,
  In order to install the license you must have a license file on the ANM server and install it through the command line:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/installation/guide/IG_config.html#wpmkr1120937
  No other way to do it.
  License file can either be copied to the ANM file system, or you can create a new empty license file on it and copy paste the license file content.
  If you have no access to the ANM server through CLI, then a workaround might be:
       - install a new VMWARE machine where you have CLI access.
       - install ANM on it
       - copy license (other you copy the file through any means or you create a file and edit by copy pasting the license file content)
       - install license with the command  /opt/CSCOanm/bin/anm-license install /path/ANMxxxxxxxxxxxxxxxxx.lic as described in the link above
       - save the VMware image
       - deploy the same VMWare image to the ESX where it has to be installed and where you have no access to CLI neither you can copy a file.
  Hope this helps,
  Domenico.

• Exchange 2007 - Outlook Anywhere problems after installing new SSL cert

  *** Original thread posted on wrong forum ***
  Hi all,
  Exchange 2007 environment (2x CAS, ISA2006). Not much familiar with Exchange.
  Problem: 20-odd machines off the domain use Outlook Anywhere (XP with Outlook 2010). AUthentication pop-up and not able to connect.
  Company has recently changed its name and we have to renewed the SSL cert. Previous SSL cert. was issued to: webmail.oldcompname.co.uk (several SANs on that cert., including internal server names).
  Applied for a new UCC SSL cert issued to: newcompanyname.com (also includes webmail.newcompanyname.com ; autodiscover.newcompanyname.com + old SANs).
  The setting on those machines point the proxy to the following:
  Https://webmail.oldcompname.co.uk (which is fine since it is in the cert and can be accessed)
  Only connect to proxy servers that have this principal name in their cert.: 
  msstd:webmail.oldcompname.co.uk (I believe this is the problem since the new UCC SSL cert. was issued to newcompanyname.com).
  Browsing technet + internet it seems that I need to look into OutlookProvider EXPR.
  When I run Get-OutlookProvider everything is blank (I believe I should be concerned to EXPR only for Outlook Anywhere).
  I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com
  My only concern is whether this might break something else in the Exchange environment, especially as we have 100+ users on smartphones connecting via SSL on webmail.oldcompname.co.uk
  Is it save to run this command? Do I need to re-start IIS? Do I need to look into any settings on ISA2006?
  Comments/help are much appreciated.
  Regards 

  Hi,
  According to the description, I found that we re-new a SSL certificate.
  "I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com"
  Just do it. Then remove the old certificate on ISA server and install a new one.
  Found a similar thread for your reference:
  Renewal of SSL certificate in exchange 2007 with ISA 2006
  http://social.technet.microsoft.com/Forums/exchange/en-US/25770038-8491-470a-92fa-8ae50674b7a6/renewal-of-ssl-certificate-in-exchange-2007-with-isa-2006
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• GoDaddy SSL Cert Signed by Unknown Authority

  At my school we have one Apple server which we recently upgraded to 10.5. We're using it to run a blog for teachers. We switched the site to use SSL and purchased a GoDaddy SSL cert (the wildcard type). The common name on the certificate I created in Server Admin is for *.e-lcds.org, this is the same common name I gave to GoDaddy in the CSR.
  I received both the certificate and the intermediate certificate from GoDaddy and installed both. Server Admin now says that the site is signed correctly by GoDaddy. The intermediate certificate (looking at Keychain Access) is not signed correctly though according to the server. The error is "This certificate was signed by an unknown authority"
  In the process of originally trying to figure out SSL certs I deleted all of the GoDaddy ones which I (thought) had added to start with a new one and have it re-keyed (which worked). I unfortunately may have deleted whatever certs need to be installed to verify the intermediate cert from GoDaddy. Is there a way to re-add these? Or is this another issue altogether?
  Thanks in advance,
  -MRCUR

  I ended up wiping the server since we switched it's roles with a Linux box. I'm now using the GoDaddy SSL cert on the Linux box and the XServe.