SSL Certificate 9.0.2.0.1 (please respond)

Similar Messages

• SSL certificate error when installing

  Hi,
  We are getting error when installing the SSL certificate on our web dispatcher. Please see screenshot attached.
  Kindly assist us on this.
  Thank you!
  Regards,
  AJ

  You have to specify the additional certificates with the "-r" parameter.
  E g
  sapgenpse import_own_cert -c <cert_from_eg_verisign> -p <PSE-file> -r intermediate-one.cer -r intermediate-two.cer
  You can specify "-r" up to 10 times.

• How to Create SSL certificate for HTTPS Connection in SAP PI

  Hi,
            I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
            How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
           I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
           Please help me on this issue.
  Thanks,
  Siva

  Hi,
  Check if it helps:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
  But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
  Regards,
  Caio Cagnani

• Is there a way to change the CSR for install SSL Certificate for CCMADMIN

  HI there,
  Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
  For that, I have exported a csr to buy a ssl certificate from verisign.
  The problem is the csr includes fqdn an not just the servername
  But the users just have to type in the servername to reach the server.
  Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
  thanks
  Marco

  Hi
  You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
  Command Syntax
  set web-security orgunit orgname locality state country alternate-host-name
  Parameters
  • orgunit represents the organizational unit.
  • orgname represents the organizational name.
  • locality represents the organization location.
  • state represents the organization state.
  • country represents the organization country.
  • alternate-host-name (optional) specifies an alternate name for the host when you generate a
  web-server (Tomcat) certificate.
  Note When you set an alternate-host-name parameter with the set web-security command,
  self-signed certificates for tomcat will contain the Subject Alternate Name extension with
  the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
  contain Subject Alternate Name Extension with the alternate host name included in the CSR.
  Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
  Regards
  Aaron
  Please rate helpful posts...

• Help needed in importing SSL Certificate

  Hi All,
  The SSL certificate in our application server has expired. We have created a new certificate and imported it through oracle wallet manger. But the application server is not recognizing the new certificate. Still shows certificate error when we try to access the application via https.
  We are using oracle application server 10.1.2.0.2
  I don’t have much knowledge on application server.
  Please help me on this.
  Thanks in Advance,
  Jey

  Hi Jeykrishnan,
  The installation consists of three main parts:
  a) Importing the Primary Root CA
  b) Import the Intermediate Certificate and Cross Certificate
  c) Installing your SSL123 certificate
  a) Importing the Primary Root CA
  1. Launch Oracle Wallet Manager.
  2. Click Operations and select Import Trust Certificates from the menu
  3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
  4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
  5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
  b) Importing the Intermediate and Cross certificates
  1. Launch the Oracle Wallet Manager.
  2. Click Operations > Import Trust Certificates from the menu.
  3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
  4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
  5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
  6. Repeat the same steps for the Cross certificate
  c) Importing your SSL123 certificate
  1. Click Operations > Import User Certificate from the menu bar.
  2. The Import Certificate dialog appears.
  3. Select the Paste the Certificate radio button, and click OK.
  4. The Import Certificate dialog appears.
  5. Paste the entire contents of your SSL123 Certificate file and click OK.
  6. A message should show that the certificate was imported successfully.
  7. When you return to the main window, wallet status should show "Ready."
  Regards
  FAbian

• Cannot display images after updating SSL certificate

  Hello All,
  With the changes in SSL certificates (no support for .local domains in public certificates), I had to update the SSL certificate used for our Exchange 2010 Server.  We are a small organization with a single server running Exchange Server 2010. 
  There were some articles about how to change the URL's within Exchange to use the public (not .local) domain names.  We followed these instructions and now, when a user using Outlook sends an e-mail with an image embedded to other users in the domain,
  they see a placeholder for the graphic with the text "The linked image cannot be displayed.  The file may have been moved, renamed, or deleted.  Verify that the link points to the correct file and location." .  This is causing a great
  deal of concern to the users and I cannot find anything on how to fix or even troubleshoot this issue.  Any assistance will be greatly appreciated.
  Thanks in advance,
  Allen
  Long time IT professional always learning the new stuff! Thank you for your assistance.

  Hi,
  According to your post, I understand that client face an problem “The linked image cannot be displayed.  The file may have been moved, renamed, or deleted.  Verify that the link points to the correct file and location” after change SSL certificate.
  If I misunderstand your concern, please do not hesitate to let me know.
  Do you see the "page cannot be displayed" error only from your DC server or also from a Windows 7 client machine? What browser do you use and what version?
  Please run “certutil –store” command from a command to verify that the certificate is correctly installed in the certificate store. Also run “certutil -store my” to check the certificate from CA.
  If the certificate is already installed, please refer to below link to check the value of Cache in registry:
  https://support.microsoft.com/en-us/kb/2753594
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• SSL certificate error on every SSL page

  Hello,
  I was having problems earlier with connecting to my wireless internet so I deleted some of my .plist files attempting to fix the problem. Now I am having problems connecting to ANY SSL page, (as well as google chat, etc.) saying "security certificate is not trusted". Same happens on all browsers. I think it is because I deleted some plist files (not sure which ones).
  How can I fix this problem? I cannot find any documentation of anyone else having this problem, so please help!
  Much thanks.

  The answer was found elsewhere: Android is much more picky when it comes to SSL certificates and what works in the browser doesn't necessarily work in an Android app.
  A technician had to add a "SSLCACertificateFile to the SSL conf to provide this intermediate chain". I don't know what this is, but it worked.

• Problem with OAS Instance Name y Host Name to create trial ssl certificate

  Hi, everyone
  I have a problem when creating a trial ssl certificate from Verisign page, affer a live assistance, that page rejected my CSR generated from OAS, saying thay my common name has invalid characters.
  My Oracle Application Server installation name: Instance.HostName is:
  IAS_IND01.ind-internet
  So, Verisign told me this name can't contain "_" or "-" characters for example.
  I need to know if it's possible to change the instance name and if OAS host name changes also if i change server's host name.
  I wouldn't like to reinstall all over again.
  Please help.
  Regards
  David

  Hi,
  No your AS server will not automatic. even if you change your host name.
  If U 'll try to change your host name, be carefull when U 'll try to start you AS instacne
  it ' not start anymore , AS user hosts fill to get full quallified name of your host.
  U 've two choices
  -1 delete your AS, then change your hosts name, then new installtion of AS
  2- If U 've exprience with AS, just breng your AS down, change your hosts name,
  U 'll need to do some changes in your AS, just read admininstrator Guide.
  Cheers,
  Hamdy

• Exchange 2010: How to renew an SSL certificate?

  Hi all.  I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010.  I really don't want to mess this one up by cobbling together partial answers
  from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out. 
  This is a standard GoDaddy 5-domain UCC certificate.  There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet).  The existing certificate expires in a month or so. 
  I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
  has addressed all my concerns, or in some cases information conflicts.  So my concerns for example are:  can you do a renewal for a certificate before the old one expires?  It is actually a renewal, or are you adding a 2nd certificate? 
  Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  Thank you. 

  -->Can you do a renewal for a certificate before the old one expires? 
  Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
  -->It is actually a renewal, or are you adding a 2nd certificate? 
  You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
  -->Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  You will have to do it from MMC or EMS. No need to do anything from IIS.
  Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
  1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
  folder
  Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
  2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
  3. Open Exchange MMC. Go to Server configuration. Right click on the pending request.  Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
  4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
  5.Delete the old one certificate from MMC.
  From EMS use this command 
  Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
  You can see the the certificate thumprints using Get-ExchangeCertificate command
  MAS. Please dont forget to mark as answer if it helped.

• File Adapter FTP SSL SSL Certificate Exception

  After reviewing the results of searching on this error, I do not find anything that fits my situation:
  SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
  I am not using X.509 certificate for client authentication.
  My connection is using a non-public certificate.
  I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
  I am getting the following error:
  Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
  Any recommendations?

  Hi,
  The main reasons for this error are:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other people have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  Hope it solves your querie.
  Regards,
  Caio Cagnani

• Error after SSL Certificat update

  I updated the SSL certificate on a Win2003 SP2 server with IIS6.0
  The initial certificat was a single URL certificate and is replaced by a wildcard one.
  After installing the certificate (and it's CA chain) using the mmc I changed the certificate in IIS and configured the SSLBinding using "cscript.exe
  adsutil.vbs".
  The result is an SSL ERROR.
  The CA chain and the certificate are two CRT files.
  Here is the result of the "certutil.exe -store my"
  command :
  C:\Documents and Settings\Administrateur.W2K79>certutil -store my
  ================ Certificat 0 ================
  Numéro de série : 4899717f3b1ba89dedb7c472d575cb01
  Émetteur: CN=Thawte SSL CA, O=Thawte, Inc., C=US
  Objet: CN=*.bourgenbresse.fr, OU=Collectivite, O=COMMUNE DE BOURG EN BRESSE, L=B
  OURG EN BRESSE, S=Ain, C=FR
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): eb 03 df 43 a8 03 e5 5f b1 52 fc e7 5b a9 0b 0c 19 2a 15 8a
  Aucune information sur le fournisseur de clé
  Pas de propriétés pour le jeu de clé dans le magasin
  ================ Certificat 1 ================
  Numéro de série : 023fcc
  Émetteur: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
  Objet: CN=www.portailenfance.bourgenbresse.fr, OU=Domain Control Validated - Qui
  ckSSL(R) Premium, OU=See www.geotrust.com/resources/cps (c)11, OU=GT68088061, O=
  www.portailenfance.bourgenbresse.fr, C=FR, SERIALNUMBER=R2RJ3sRPOrW0Q3XZYvvpcP05
  TqodNAru
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): 12 49 a6 95 9a 67 05 86 d9 a3 64 cb a7 a7 78 ee 6c eb 94 52
    Conteneur de clé = cecd6bee4621365b6e763b9bfcd773cf_b3f7eefb-5c14-4333-a5bb-29
  d40b271698
    Fournisseur = Microsoft RSA SChannel Cryptographic Provider
  Succès du test de cryptage
  CertUtil: -store La commande s'est terminée correctement.
  Please help !

  It seems that the key for the wild card certificate has not been found. The output shows a valid key for the other cert. ("1") but no key information for the wild card cert ("0"). I assume, that when you double-click the certificate in
  the computer's Personal store you don't see the message You have a Private Key...
  (on the bottom of the General tab), right?
  Windows 2003 sometimes needed some extra effort to "connect" key and certificate, in addition to just importing it (I am assuming that you imported it to the machine where you had created the key).
  Check if the command line tool certutil is available. If not, install the W2K3 admin pack (download e.g.
  here).
  Double-click the new server certificate, go to Details...
  Scroll down the list of attributes and locate the Serial Number. Copy the serial number value.
  At the command shell run as a local admin:
  certutil -repairstore my "<Serial Number>"
  If this has been successful you should now see the message You have a Private Key... when double-clicking the certificate.
  Elke

• Proper SSL certificat​e?

  I noticed the note in the following URL:
  https://lenovo-na-en.custhelp.com/app/answers/deta​il/a_id/27878/kw/ssl
  NOTE: If you create a LenovoEMC Personal Cloud on a network storage device that has LifeLine 4.0.2 or above, you will receive an official security certificate for your device. Allow approximately a week for delivery of the certificate.
  My ix2-dl is on LifeLine 4.0.8.23976 firmware. Is there a way for me to request an official security security certificate so I can stop using the self-signed cert and avoid the certificate warning error?

  Hello Santoku
  Please see the " Is it safe to ignore my browser’s security warning? " article regarding the ssl work arounds if you have not purchased a ssl certificate from an ssl certificate provider.
  LenovoEMC Contact Information is region specific. Please select the correct link then access the Contact Us at the top right:
  US and Canada: https://lenovo-na-en.custhelp.com/
  Latin America and Mexico: https://lenovo-la-es.custhelp.com/
  EU: https://lenovo-eu-en.custhelp.com/
  India/Asia Pacific: https://lenovo-ap-en.custhelp.com/
  http://support.lenovoemc.com/

• CF7 and JDK 1.4.2 - EV SSL Certificate Issue

  Let me start off by telling the group that we do not use CF for any of our applications.  We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use.  We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API.  About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy.  I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck.  Here are the details:
  EV Certificate issued by DigiCert (4096-bit).
  Customer is on CF7 and JDK 1.4.2.
  When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application.  He is using cfhttp to post his requests.  We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates.  Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
  Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
  Thanks in advance to those gurus that reply.  I have attached a sample post from our customers logs with non-essential data removed.
  I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
  - Dave

  Dave,
  I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
  I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
  so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
  to either CF 8 or CF 9 to get the issue quickly resolved.
  I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
  if I do find a solution, I'll definitely post it there for you.
  Cheers

• Wildcard SSL Certificates with MFE?

  Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
  We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
  Before doing anything I figured I'd try a website that used a wildcard certificate.
  When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
  My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
  If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
  Thanks.

  This is interesting question. I look forward testing this myself
  What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
  Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

• Exchange 2013 autodiscover finds external & internal SSL certificate causing autodiscover to fail

  <p>Hi:</p><p>I'm currently working on a windows 2012 server, with exchange 2013, lets say our internal domain is "cars.com" and ALSO the case for&nbsp;our external domain. We have purchased an SSL wildcard positive certificate
  *.cars.com so that we could configure Outlook Anywhere, we have created the needed DNS records at godaddy and our internal server, OWA, ECP it all works if you go to&nbsp; <a href="https://bird.cars.com/owa">https://bird.cars.com/owa</a>
  because we have a DNS record for bird in godaddy and out local server, so all of that is working like a pro ! here comes the tricky part, our website is registered in godaddy but hosted by someone else a company called poetic systems; when we test the connection
  with the remote connectivity analyzer website we get a very peculiar error that says SSL certificate not valid, now it provides the name of the certificate it found and is not ours, we found that the hosting company is listening in port 443, therefore, it
  is pulling their self signed certificate also, does anyone have a fix for this, I have done this same setup before for other companies and this is the first time a situation like this happens. I REALLY NEED HELP !!!!!</p>

  Hi,
  According to your description, there is a certificate error when you test Outlook Anywhere connection by ExRCA.
  If I misunderstand your meaning, please feel free to let me know.
  And to understand more about the issue, I’d like to confirm the following information:
  What’s detail error page?
  Check the Outlook Anywhere configuration: get-outlookanywhere |fl
  Check the certificate : get-exchangecertificate |fl
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support