SSL Certificate button

Hi
I have just upgraded to Lion and then installed Lion Server. I am stuck on quite a few things buton of them is that the "Edit" button to the right of the SSL Certificate option in the Server Settings pane is greyed out. I would like to create a self-sgned certificate (this is just for home use so don't need anything else) but I can't as this button is inactive. Any ideas please?
Many thanks,
Matt

...I love posting a question just before I come across the answer...
Apparently my httpd.conf had some issues. I restored it to the default by entering the following in a terminal window:
cd /etc/apache2
sudo mv httpd.conf.default httpd.conf
sudo apachectl graceful
The edit box is now active on my iMac. Now I just hope I didn't blow anything away I needed that I forgot about when I was last in the httpd.conf file (-;

Similar Messages

  • SSL Certificates Button

    Help.  Can anyone tell me why the SSL Certificate button does not appear in the settings on the mountain lion server 10.8.3?  I am attempting to follow the instructions on how to obtain a trusted certificates from a CA.

    Okay, the fact that everything server related probably should have been a clue, but it eluded me. I talked to Apple Care, who referred me to an enterprise tech. With his help I discovered my dynamic IP resolver service wasn't working and so DNS was resolving to an old IP. Why that problem coincided with my SSL cert expiring I'll never know, but the problem is now, well, resolved.

  • Why is the SSL Certificate "Edit" button disabled in Server Settings?

    I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
    I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
    My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
    Anyway, I'm stumped. Any suggestions are welcome.

    venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)

  • OS X server  SSL Certificate Edit button missing

    Hello,
    Just purchased a mac mini server with Mountain Lion server preinstalled.  The initial setup with the wizard went smooth and have open directory setup and look good.  When I went to connect to it with my macbook it gave me a SSL missing warning.  Searches on the internet point to a SSL edit button under settings.  For some reason it does not show up when I go to that location.  Searched through the entire interface but i'm unable to find it.  Can someone show me where I went wrong?
    Thank you in advance

    Hi All,
    Aparently the answer lies within apache and a troublesome httpd.conf file, try this to get your button back.
    Quit server.app
    Go to Terminal:
    cd /etc/apache2
    sudo mv httpd.conf.default httpd.conf
    sudo apachectl graceful
    Start server.app
    Presto!
    Goodluck
    Jeffrey

  • Help needed in importing SSL Certificate

    Hi All,
    The SSL certificate in our application server has expired. We have created a new certificate and imported it through oracle wallet manger. But the application server is not recognizing the new certificate. Still shows certificate error when we try to access the application via https.
    We are using oracle application server 10.1.2.0.2
    I don’t have much knowledge on application server.
    Please help me on this.
    Thanks in Advance,
    Jey

    Hi Jeykrishnan,
    The installation consists of three main parts:
    a) Importing the Primary Root CA
    b) Import the Intermediate Certificate and Cross Certificate
    c) Installing your SSL123 certificate
    a) Importing the Primary Root CA
    1. Launch Oracle Wallet Manager.
    2. Click Operations and select Import Trust Certificates from the menu
    3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
    4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
    5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
    b) Importing the Intermediate and Cross certificates
    1. Launch the Oracle Wallet Manager.
    2. Click Operations > Import Trust Certificates from the menu.
    3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
    4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
    5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
    6. Repeat the same steps for the Cross certificate
    c) Importing your SSL123 certificate
    1. Click Operations > Import User Certificate from the menu bar.
    2. The Import Certificate dialog appears.
    3. Select the Paste the Certificate radio button, and click OK.
    4. The Import Certificate dialog appears.
    5. Paste the entire contents of your SSL123 Certificate file and click OK.
    6. A message should show that the certificate was imported successfully.
    7. When you return to the main window, wallet status should show "Ready."
    Regards
    FAbian

  • IMAP SSL Certificate Errors

    Just got my iPhone today.
    My email server has a simple, self-signed SSL certificate (IMAPS and TLS on the MTA). The iPhone doesn't like this and refuses to work with my mail/imap server.
    This won't work for me and I'm wondering if there is a way around this.
    Thanks.

    This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.
    1) Enter Mail on iPhone
    2) Select Other from the list of mail provider options
    3) Enter all the Account specifics, in my case it was IMAP stuf
    4) Click Save, and get the invalid certificate message
    5) Click "CANCEL", an you get returned to the settings screen
    6) Click "SAVE" again, it says, "You may not be able to receive email..."
    7) Click OK
    8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
    9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.
    What a pain, but it works.

  • Error of SSL certificate

    "hi, all,
         I got your information from weblogic.developer.interest.security.
         I have a question about the SSL certificate
    1. I generate the private key file using Weblogic certificate servlet,
    2. get the request, then goto thawte get the response
    3. goto weblogic console -> server -> ssl, specify the filename, click "Enable", click "Key Encrypted"
    4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
    But when I restart the weblogic, got the following error msg:
    Starting WebLogic Server ....
    <Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration file
    .\config\citi1\config.xml ...>
    <Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic Admin
    Server "server1" for domain "citi1">
    <Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration p
    roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
    java.lang.NullPointerException
    at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
    at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
    24)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr

    Hi adam,
    I wish to let u know that your ****-key.der file is not generated correctly. I
    suppose you must have used Certificate Requeste Generator of WLS to generate the
    key file and the request file.
    please follow the following to get your system running:
    (1) Generate a new certificate request making sure that you enter "yourmachine.domain.com"
    in the Full Host name field within the certificate request generator. Fill all
    the required values like the state should be filled in full not with abreviations
    etc(do not fill the ones which are not required. That means do not fill the password
    field and random string field...etc )then u will get a key file and the request
    file..press the submit button on the same page to test the key file with Verisign..if
    all fields are filled correctly then it says so..if not it will bounce back saying
    an ERROR..so see to it that u get the right key file..i.e. ****;key.der file.
    (2) Save the certificate request in a text file. (including the ----BEGIN CERTIFICATE
    REQUEST-- and END CERTIFICATE REQUEST)
    (3) Go to https://www.thawte.com/cgi/server/test.exe and paste the above request.
    (4) Do NOT choose any other options as the default options are set correctly
    (unless you are using a domestic build of the weblogic server which requires a
    different license).
    (5) Save the certificate obtained in a text file and save it as a .pem file
    (6) Also save the root certificate obtained in the above URL (see the 2nd line
    from the top) in .pem format and use this file against the ServerCertChain name.
    (7) Make sure you enter the certificate key and server certificate fields with
    the correct path to the key and cert (inclusive of the file names).
    After having done the above steps restart the server and you should be able to
    get SSL to work. Hope the above information
    If not then mail me at [email protected].
    Sujit.
    adamfeng <[email protected]> wrote:
    "hi, all,
         I got your information from weblogic.developer.interest.security.
         I have a question about the SSL certificate
    1. I generate the private key file using Weblogic certificate servlet,
    2. get the request, then goto thawte get the response
    3. goto weblogic console -> server -> ssl, specify the filename, click
    "Enable", click "Key Encrypted"
    4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
    But when I restart the weblogic, got the following error msg:
    Starting WebLogic Server ....
    <Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration
    file
    ..\config\citi1\config.xml ...>
    <Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic
    Admin
    Server "server1" for domain "citi1">
    <Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration
    p
    roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
    java.lang.NullPointerException
    at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
    at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
    24)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr

  • How to install SSL Certificates automatically in Client machine

    Hi All
           I have installed Certificates for SSL in Planning server machine for Planning Web services.While connneting to Server through excel-addin from client machine it is not connecting
     Error is bleow:
    "The underlying connection was closed : could not establish trust relationship for the SSL/TLS secure channel" and then getting the following error
    "The PerformancePoint Server System is currently unavailable"
    I got it this is due to Certification not installed in client machine.
    So i tried to install certificate through IE web browser ..i typed webservices links ..i.e https://servername:443 in address box
    ..not admin console link.Because if i connect to Admin console then i connect to Planning server it is  not showing me the dialog box  " Security Alert "
    So typed direcly  webservices in address box.Then "Security Alert" dialog box opened ,In that i clicked "View Certificate" button and installed manually.Then this problem solved.
    But i want to check this is a way to install cerficate in the client machine or there is any other way to do it automatically...
    Please help me to solve this..
    Thanks
    Abdul

    Abdul,
    The problem seems to be that the certificate authority that created your certificate is no trusted by Windows.... That process of installing the root certificate in the clients machines should not be needed if the ceritifcate is obtained from the right ceritifcate authority...
    Where did you purchased your certificate from?
    Regards,
    Pablo Barvo - MSFT

  • SA520 Wildcard SSL Certificate?

    I have a wildcard SSL certificate for our domain from RapidSSL.  I installed the intermediary certificates fine but I can't get the acutal cert to install.  I get the message "Can't Upload Invalid Self Certificate" message.  Has anyone else ever successfully used a wildcard cert with an SA?

    Hello Mr. Williamson,
    In order to get a new SSL certificate please follow the next instructions:
    STEP 1 : Click Administration > Authentication.
    The Authentication (Certificates) window opens.
    STEP 2 For each type of certificate, perform the following actions, as needed:
    • To add a certificate, click Upload. You can upload the certificate from the PC
    or the USB device. Click Browse, find and select the certificate, and then
    click Upload.
    • To delete a certificate, check the box to select the certificate, and then click
    Delete.
    • To download the router’s certificate (.pem file), click the Download button
    under the Download Settings area.
    STEP 3 To request a certificate from the CA, click Generate CSR.
    The Generate Certification Signing Request window opens.
    a. Enter the distinguished name information in the Generate Self Certificate
    Request fields.
    • Name: Unique name used to identify a certificate.
    • Subject: Name of the certificate holder (owner). The subject field populates
    the CN (Common Name) entry of the generated certificate and can contain
    these fields:
    - CN=Common Name
    - O=Organization
    - OU=Organizational unit
    - L= Locality
    - ST= State
    - C=Country
    For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
    Whatever name you choose will appear in the subject line of the generated
    CSR. To include more than one subject field, enter each subject separated
    by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
    • Hash Algorithm: Algorithm used by the certificate. Choose between MD5
    and SHA-1
    • Signature Algorithm: Algorithm (RSA) used to sign the certificate.
    • Signature Key Length: Length of the signature, either 512 or 1024.
    • (Optional) IP Address, Domain Name, and Email Address
    b. Click Generate.
    A new certificate request is created and added to the Certification Signing
    Request (CSR) table. To view the request, click the View button next to the
    certificate you just created.
    Or you could check it on the next link. please check page 191
    http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
    hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
    Thank you

  • Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

    Hi,
    We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
    We are following the below steps,
    Under "Server Certificates" tab,
         -> Click on "Install" button.
         -> On "Select Configuration" click on "Next" button.
         -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
         -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
         -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
         -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
    There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
    So, say currently the subdomains present are,
    1.abc.com
    2.abc.com
    so on...
    and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
    Please let us know if you have solution to this problem.
    Thanks,
    Rajesh

    Hi Rajesh,
    That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
    The chain should be installed using the "Certificate Authorities" tab per the following steps:
    1) Login to the Admin Console.
    2) Click Edit Configuration from Common Tasks > Configuration Tasks.
    3) Click the Certificates > Certificate Authorities tab from the Configurations page.
    4) Click the Install... tab from the Certificate Authorities (CAs) page.
    An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
    You should then see the CA and intermediate certificate(s) listed in the security database.
    If you have access to MOS, more details can be found in the MOS KM Note:
       Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
    regards
    Tracey

  • How do i "re-trust" the SSL certificate sent from a server I previously marked as untrusted?

    I use Citrix Receiver to access my workplace Windows environment remotely from home, where I run Firefox 7.01 on Ubuntu 11.10. Two days ago the SSL certificate expired, so when I tried to logon remotely it failed. Now the company have renewed the certificate, but now when I try to logon I get an error from the Citrix ICA Client saying "You have not chosen to trust Verisign Class 3 Public Primary Certification Authority - G5, the issuer of the server's security certificate (SSL error 61)"
    I have found a couple of similar queries here, but neither had a solution which worked for me. The entry for Verisign Clas 3... G5 is in /etc/ca-certificates.conf, also there's a link to it in /etc/ssl/certs to an existing ...G5.crt file in /usr/share/ca-certificates - Firefox seems to recognise the issuer as a valid existing certificate issuer. Firefox displays the certificate for the page when I use menu options Tools -> Page Info -> Security -> View Certificate, and the certificate shows as valid for today - for the life of me I can't find a way to make Firefox trust the darn issuer.
    I get the same fault with Firefox 3.6.23 on Ubuntu 10.04.
    (I'd rather not tell everyone here the URL of my company's remote access website)

    Thanks for the swift reply, cor-el - unfortunately, no joy with this approach.
    A. As my named user (called "greg", surprise, surprise, no secret there...)
    Run Firefox; select Edit > Preferences > Advanced : Encryption:
    Here I get no option for Certificates, but I do get View Certificates - then tabs for:
    - Servers, under which my company's remote logon URL is listed - Edit button is grey
    - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
    1. may identify websites (ticked)
    2. may identify mail users (unticked)
    3. may identify software makers (ticked)
    I ticked 2, tried again - same failure. Unticked it.
    B. As root.
    Run Firefox; select Edit > Preferences > Advanced : Encryption:
    Here I get no option for Certificates, but I do get View Certificates - then tabs for:
    - Servers, under which my company's remote logon URL is NOT listed
    - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
    1. may identify websites (ticked)
    2. may identify mail users (unticked)
    3. may identify software makers (unticked)
    I ticked 2 and 3, tried again - same failure. Unticked them.
    Maybe a solution would be, in some way, to add my company's remote logon URL to the list of Servers while running Firefox as root. The Export and Import buttons may help here. However, when I first declined their certificate I was running Firefox as greg, not as root, so I am a bit suspicious there - what can be done as greg should be undoable as greg.
    This is doing my head in. Maybe it's time to step back and think a bit. Maybe try Citrix's online help (already spent a fair amount of time there with no joy either).
    So, thanks again for the reply - I've generally tried to provide a good list of what's up, and your reply has given me food for thought. OK, I'll keep trying.

  • Concentrator SSL Certificate Expirtation

    I'm getting the following message alert from my 3000 Concentrator: SSL certificate will expire in 26 daysIssuer. It appears that this certificate (public/private) as well as an identity certificate are being issued by one of our 2003 servers (not 3rd party). I'm tempted to press the renew buttons on each of these certificates; however, being new to this arena, I'm leary about what might (or might not ) happen. My research tells me that this may result in the certificate being rejected. Can someone give me an overview of what these certificates are doing and what I need to do to get myself back into comfortable breathing status again? Thanks.

    generating the ssl certificates seemed to work; however, I accepted the defaults and instead of the certificates being issued by my local ca server, it thinks its being issued by cisco systems. I don't know if this is going to work or for how long. I tried renewing them and it bombed miserably. I don't even know what these certificates do but from what I've read, it has something to do with the https management interface. My identity certificate doesn't have a 'generate' option only renew or delete. I have tried renewing and it bombs as well. It shows up in enrollment status however when I click to install and use cut and paste, I get the following message: Error installing identity certificate: Bad file format. Not having had to deal with certificates until now, I find this whole thing confusing and frustrating. I'm finding Cisco documentation to be worthless as it might as well be trying to tell me how to shave a peanut. I thought I read somewhere that you need to delete the certificate first before trying to renew, but I am extremly reluctant to do so. Any comments would be most appreciated.

  • Outlook Web Access fails after migrating SSL certificate to dedicated SSL gateway

    Hi we have just migrated our SSL certificate form our Outlook exchange server, outlook web access works perfectly but two of our users who have Blackberry devices set up to get their email via owa now fail. 
    Everything worked fine before the migration.
    The new SSL gateway is an Apache box running mod_proxy, mod_SSL and mod_sec.  Protecting the box running owa and IIS6.
    I can provide the http.conf etc, but I can see the traffic passed by Apache but I am getting a 401 message on the way back through to the device.
    Is there a specific IIS/Exchange or Apache config I need to enable to allow BB access?
    Thanks in advance
    Mike

    Hello there!
    You may have run up against some of the complexities between BIS and OWA. There are a couple of circumstances where BIS can't integrate to OWA. Plus, if the mailbox name changed, that may be the problem as well. While I'm neither a BIS nor OWA admin, I can point you to information resources that hopefully can help you.
    Try this article.
    And this one.
    And this one.
    And this one.
    You also can search the public KBs for more relevant articles:
    http://www.blackberry.com/btsc/microsites/microsite.do
    Good luck and let us know!
    Occam's Razor nearly always applies when troubleshooting technology issues!
    If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
    Join our BBM Channels
    BSCF General Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Mail for Exchange and SSL certificate

    I have a little problem with Mail For Exchange and my Nokia N80. I have self-signed certificate for Exchange mailserver and when I am synchronizing e-mails I got always message: "The site has sent an untrusted certificate. Continue anyway ?". I underestand that my certificate isn't verified by any root authority, but if I have synchronization schedule set at 15 minutes it means I have to confirm this message four times when I am not with my mobile one hour. So question is:
    Is possible to import self-signed SSL certificate into Nokia N80 and set it as trusted ? If yes, please describe me how, because I have tried import the certificate as CER (it was opened just as NOTE on Nokia), I tried to convert it via openssl to PEM (the file was not recognized) etc... Thanks for any help in advance.
    Reply With Quote

    Go to your outlook web access website and click on the lock and then view certificate. The details and then you can save it in DER format to your desktop.
    Then go to this site:
    http://www.redelijkheid.com/symcaimport/ and insert through the browse button and then copy the link to your phone.
    Then you should be able to download it
    You can also go to your IIS default site on the exchange server and directory security and export your certificate under edit certificate.
    I have tried everything now. I can download my certificate and the valicert from GoDaddy, but the Nokia phone is still saying "do you trust this certificate" every time the phone syncs.
    Our firm have taken the E-phones away now and went over to windows mobile and all of them worked within 10 minutes without any errors.
    The funny thing is that when you try to call nokia, they wont help you with Mail for Exchange, and it is there program
    I know my GoDaddy certificate works on windows mobile phones, so It must be something with Mail for Exchange.
    Every guy I talked to about symbian phones have told me they always gives problems with SSL. I am a bit **bleep**, but can conclude that Nokia is for the private consumer.
    Best Regards
    Morten @ Denmark
    Message Edited by asp3200 on 02-May-2008 08:37 AM

  • SSL certificates not visible while RFC destination creation

    Hi all,
    I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
    So i have imported the Client certificates into STRUST.
    While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
    Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
    Kindly help me out.
    Cheers,
    Siva Maranani.

    Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
    When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
    I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
    By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
      - SSL Server
      - SSL Client (anonymous)
      - SSL Client (Default)
    Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
    Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
    Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
    Please notice:
    SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
    In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
    Kind regards, Wolfgang
    PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>).

Maybe you are looking for

  • Problems with I/O

    I have a file called test.txt (located in the same dir as my class files) that looks like this (name|hours worked|hourly payrate): Fred Mertz|31|20.25 Lucy Ricardo|42|24.50 Ethel Mertz|18|18.00 I would like to read from this file an calculate the pay

  • File read write program output not coming correct

    this code is compiling without issues but the output is not what i am expecting .. the contents of delta.txt are as follows *4014254420* *2897449776* *4207405601* and the output thats coming is +4014254420+ +40142544204207405601+ +4207405601+ its not

  • Hide function in Login Items doesn't work for iChat and Address Book app.

    There is a problem with the hide function for iChat and Address Book application in Login Items. If you go to System Preferences, click on Login Items, add the iChat and Address Book application to the Login Items, activate the hide function for iCha

  • Binding dictionary to RibbonGalleryCategory

    Hi, I am binding a ribbon combo box item source using a dictionary. The binding is working fine but when I open the drop down and press the down arrow, the dictionary is showing up in the combo box.  Below is my code and screen shot of the problem. <

  • Combo restarts automatically after shutting down

    Hi , I have a psu of 350 (Antec) a P4 3400 Prescott with 512DDR2. with vga ATI x300 Overload Protection  Latching Protection +5V @ +3.3V @ +12V @   cpu temp: 42  case temp: 42 and everytime I shut down: my puter restarts automatically, it is terrible