SSL Certificate Edit

I have recently installed Server App on my mac mini running OS X 10.8.2 (Mountain Lion). Everything is working fine except that I know longer see the line on the server setting screen that displays "SSL Certificate Edit...". How can I correct this problem?
Thanks,
David

Mine is the same. Aren't the certificates delt with in the "Certificates" section under "Alerts" ? I am just testing ML Server and have not fully set it up, but I think it has been moved to its own location.

Similar Messages

Why is the SSL Certificate "Edit" button disabled in Server Settings?

I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
Anyway, I'm stumped. Any suggestions are welcome.

venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)

OS X server SSL Certificate Edit button missing

Hello,
Just purchased a mac mini server with Mountain Lion server preinstalled. The initial setup with the wizard went smooth and have open directory setup and look good. When I went to connect to it with my macbook it gave me a SSL missing warning. Searches on the internet point to a SSL edit button under settings. For some reason it does not show up when I go to that location. Searched through the entire interface but i'm unable to find it. Can someone show me where I went wrong?
Thank you in advance

Hi All,
Aparently the answer lies within apache and a troublesome httpd.conf file, try this to get your button back.
Quit server.app
Go to Terminal:
cd /etc/apache2
sudo mv httpd.conf.default httpd.conf
sudo apachectl graceful
Start server.app
Presto!
Goodluck
Jeffrey

How to install SSL certificate on Mac OS X 10.8.3 Server 2.2

Hi,
In eairler versions of !0.8 / OS X Server 2.2 your where able to install a purchased SSl certificate in the
Hardware >> Profile Manager Server >> Settings >> SSL Certificate Edit
I've just done a clean install of 10.8.3 and OS X Server 2.2 but there is no "SSL Certificate Edit" available.
How do I install my purchased certificate?
Thanks,
John

sorry for hijacking but I have a related question to do with certificates.
I had to set up virtual domains manually instead of through the GUI and the server ssl site is now locked to a certificate that is about to expire and no longer needed, I can't change the certificate in the web gui because it was created manually, I can't delete the certificate because it is assigned to the server ssl website and I can't manually edit the conf files to point to a different certificate becasue it breaks it, any ideas?

How to get the ssl-certificate trusted on lion-server

I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
So I want to use the server to exchange data, use a common calendar, address-book etc.
To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
So I selected the server in server.app (Hardware) and selected SSL certificate edit
created a certificate signing request that I exported and saved on my computer
I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
and also imported the certificate in to the keychain
All following the steps described in:
Managing iOS deviceswith OS X Lion Server by Arek Dryer
the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
So I somehow did something wrong.
Any suggestions what I should do?

ok let me add some info in the hope I will get some guidance:
using the site http://www.sslshopper.com/ssl-checker.html
I was able to check on the status of the certificate:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
I guess I would be helped if there is a step by step manual how to install a root certificate

How can i refresh an SSL certificate for a specific page?

i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?

You can try to remove that certificate here:
Edit > Preferences > Advanced > Encryption: Certificates > View Certificates

Configuring SSL certificates on ALBPM Studio

Hi,
I am invoking a web service which is deployed on a web logic server which is a secure server and needs SSL certificates to communicate. I have the certificates but don’t know how to configure it to my ALBPM Studio.
Can I configure those to studio or do I need to deploy my code on the Enterprise edition installed on application server having these SSL certificates? But in that case I would land up investing so much time in deploying the code on server after even a small change. Since I don’t have those certificates configured to my studio it is not allowing me to catalog the service in my project and throwing Introspection error. The details of the error are mentioned below:
+[Error] Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..+
+[Error] Instrospection exception: Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target...+
Can anyone throw any pointers on this type of error
Thanks,
Akshay

In order to communicate with SSL secured webservices (those with WSDL end point starting as https:// you need to have certificates from these servers.
For BPM Standalone these are the steps
1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
3. Run the following command at a command prompt:
C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
5. You will then get the following message if all is successful - "Certificate was added to keystore".
6. Restart Tomcat (inbuilt server in BPM Studio).
This should solve your problem.
Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File
Arvind
Visit my blog at http://soa-bam-bi.blogspot.com/ for more tips on BPM & SOA

SSL certificate problem on most https websites

Some https sites can not be reached in my system, and it is going to include more https sites as times goes by. I have noticed that the problem is the SSL certificate. I even check an arch iso and there I have the same problem. I tetsted two thing in case it rings any bell for you
omid@localhost›~⁑ curl -v https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0x1757250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1757250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.128...
* Connected to github.com (192.30.252.128) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to github.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to github.com:443
in which you can see the problem. But
omid@localhost›~35↵⁑ curl -v3 https://github.com
* Rebuilt URL to: https://github.com/
* Adding handle: conn: 0xf31250
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0xf31250) send_pipe: 1, recv_pipe: 0
* About to connect() to github.com port 443 (#0)
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: 2013-06-10 00:00:00 GMT
* expire date: 2015-09-02 12:00:00 GMT
* subjectAltName: github.com matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance EV CA-1
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.33.0
> Host: github.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server GitHub.com is not blacklisted
< Server: GitHub.com
< Date: Fri, 06 Dec 2013 09:55:10 GMT
< Content-Type: text/html; charset=utf-8
< Status: 200 OK
< Cache-Control: private, max-age=0, must-revalidate
< Strict-Transport-Security: max-age=2592000
< X-Frame-Options: deny
< Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Tue, 06-Dec-2033 09:55:10 GMT; secure; HttpOnly
which seems OK. Is there even anyway to add certificate to avoid this strange behavior. I use an updated x86_64 KDE.
Last edited by nikta (2013-12-06 11:37:06)

[omid@localhost ~]$ ldd `which curl`
linux-vdso.so.1 (0x00007fff8bd7c000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f9f479c6000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f9f477b0000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f9f47592000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f9f471e7000)
libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f9f46fbe000)
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f9f46d51000)
libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f9f46949000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9f47c2b000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f9f46745000)
[omid@localhost ~]$ pacman -Q|egrep '(openssl|curl|ca-cert)'
ca-certificates 20130906-1
ca-certificates-java 20130815-1
curl 7.33.0-3
lib32-openssl 1.0.1.e-2
mingw-w64-openssl 1.0.1e-4
openssl 1.0.1.e-5
Last edited by nikta (2013-12-06 13:15:18)

Wildcard * SSL Certificates for TTA??

Is there any way I can use a wildcard SSL certificate like:
*.mycompany.com
in my TTA server?
I was able to run all the cert commands successfully using the
*.mycompany.com cert:
Generated the CSR (tarantella security certrequest)
Installed the Cert File (tarantella security certuse)
Installed the Chained CA cert (tarantella security customca)
Review/validate certinfo (tarantella security certinfo)
The TTA-installed Apache webserver was fine with the wildcard certificate
since I was able to goto:
https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
But after I went to:
https://subdomain.mycompany.com/tarantella/
I got the following errors in my Java Console:
Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
server...
Secure Global Desktop 4.10.903: Using secure connection to
Secure Global Desktop server subdomain.mycompany.com:443
Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
for this Secure Global Desktop server (subdomain.mycompany.com) due to name
mismatch.
Secure Global Desktop 4.10.903: Client dropping connection.
Secure Global Desktop 4.10.903: Unable to connect: Certificate
(*.mycompany.com) not accepted for this Secure Global Desktop server
(subdomain.mycompany.com) due to name mismatch.
Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
Is there a way that I can get the applet to do a regex-ish match on the name
for wildcard certs?
Cyrus

Hi Cyrus
I was loosely referring to PKI rules e.g.
http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
Wildcarding isn't supported. I understand what you are trying to do now
but it won't work because the software is looking for a certificate
matching a single server.
The certrequest command is just a wrapper script for openssl so it won't
stop you doing anything the openssl command believes may be valid. You don't
actually need to use this command it's just there for convenience, you
could do everything just using openssl.
The current documentation doesn't explictly state that you can't use
wildcards in certificates but it does say you need a certificate for a
SGD server. My understanding of the wildcard issue is that it is up to
a particular application to decide what is appropriate.
http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
Regards
Barrie
On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
May I inquire as to where these rules are listed regarding SSL Certs, I
didn't see anything to the effect in the documentation. Also why weren't
the rules enforced at certificate generation time. Even the validation
command (tarantella security certinfo) had no problems.
The CSR generation/signing went through flawlessly and created a wildcard
cert that Apache could use. It's one thing if the whole cert process
couldn't handle a wildcard, but it seems like everything would have worked
if only the applet accepted a wildcard regex match.
Regards,
Cyrus
barrie wrote:
Hi Cyrus
No, sorry. The rules say you can't do that. You are required to have a
certificate for a node not a network.
Regards
Barrie
On 2005-08-05, CM <[email protected]> wrote:
Is there any way I can use a wildcard SSL certificate like:
*.mycompany.com
in my TTA server?
I was able to run all the cert commands successfully using the
*.mycompany.com cert:
Generated the CSR (tarantella security certrequest)
Installed the Cert File (tarantella security certuse)
Installed the Chained CA cert (tarantella security customca)
Review/validate certinfo (tarantella security certinfo)
The TTA-installed Apache webserver was fine with the wildcard certificate
since I was able to goto:
https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
But after I went to:
https://subdomain.mycompany.com/tarantella/
I got the following errors in my Java Console:
Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
server...
Secure Global Desktop 4.10.903: Using secure connection to
Secure Global Desktop server subdomain.mycompany.com:443
Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
for this Secure Global Desktop server (subdomain.mycompany.com) due to
name
mismatch.
Secure Global Desktop 4.10.903: Client dropping connection.
Secure Global Desktop 4.10.903: Unable to connect: Certificate
(*.mycompany.com) not accepted for this Secure Global Desktop server
(subdomain.mycompany.com) due to name mismatch.
Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
Is there a way that I can get the applet to do a regex-ish match on thename
for wildcard certs?
Cyrus

SSL Certificate button

Hi
I have just upgraded to Lion and then installed Lion Server. I am stuck on quite a few things buton of them is that the "Edit" button to the right of the SSL Certificate option in the Server Settings pane is greyed out. I would like to create a self-sgned certificate (this is just for home use so don't need anything else) but I can't as this button is inactive. Any ideas please?
Many thanks,
Matt

...I love posting a question just before I come across the answer...
Apparently my httpd.conf had some issues. I restored it to the default by entering the following in a terminal window:
cd /etc/apache2
sudo mv httpd.conf.default httpd.conf
sudo apachectl graceful
The edit box is now active on my iMac. Now I just hope I didn't blow anything away I needed that I forgot about when I was last in the httpd.conf file (-;

How to install SSL certificate on OSX 10.9.5?

Hello,
I purchased an SSL certificate from RapidSSL for my website. Somehow I am supposed to install this on my Mac but they are not able to provide me with instructions (great service). Can anyone help me?
Thanks!

sorry for hijacking but I have a related question to do with certificates.
I had to set up virtual domains manually instead of through the GUI and the server ssl site is now locked to a certificate that is about to expire and no longer needed, I can't change the certificate in the web gui because it was created manually, I can't delete the certificate because it is assigned to the server ssl website and I can't manually edit the conf files to point to a different certificate becasue it breaks it, any ideas?

Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

Hi,
We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
We are following the below steps,
Under "Server Certificates" tab,
     -> Click on "Install" button.
     -> On "Select Configuration" click on "Next" button.
     -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
     -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
     -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
     -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
So, say currently the subdomains present are,
1.abc.com
2.abc.com
so on...
and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
Please let us know if you have solution to this problem.
Thanks,
Rajesh

Hi Rajesh,
That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
The chain should be installed using the "Certificate Authorities" tab per the following steps:
1) Login to the Admin Console.
2) Click Edit Configuration from Common Tasks > Configuration Tasks.
3) Click the Certificates > Certificate Authorities tab from the Configurations page.
4) Click the Install... tab from the Certificate Authorities (CAs) page.
An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
You should then see the CA and intermediate certificate(s) listed in the security database.
If you have access to MOS, more details can be found in the MOS KM Note:
   Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
regards
Tracey

Unable to configure SSL certificate on Apex

I am trying to configure ssl certificate in one apex application.
http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
as per the above document first step is create a wallet with SSL certificate information.
While creating wallet i am trying to import the CA certificate and User Certificate.
But i am not able to import the certificates properly. I am getting error messages.
Error Message :
User certificate installation failed
Possible Errors;
-- Input was not a valid certificate.
-- No matching certificate was found
-- CA certificate is needed for certificate chain not found please install it first.
What could be the reason for this. and solution for this problem ?

Yes I am using OWM ( Oracle Wallet Manager)
First I have created a new wallet and then i did create service request.
Then Import user certificate and import CA certitificates are enabled.
Then tried to import the certificates above mentioned errors are coming.....
Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
Any how if do import user certificate first it will show an error saying install ca certificate first.
Message was edited by:
Santhosh Kumar T

How do i "re-trust" the SSL certificate sent from a server I previously marked as untrusted?

I use Citrix Receiver to access my workplace Windows environment remotely from home, where I run Firefox 7.01 on Ubuntu 11.10. Two days ago the SSL certificate expired, so when I tried to logon remotely it failed. Now the company have renewed the certificate, but now when I try to logon I get an error from the Citrix ICA Client saying "You have not chosen to trust Verisign Class 3 Public Primary Certification Authority - G5, the issuer of the server's security certificate (SSL error 61)"
I have found a couple of similar queries here, but neither had a solution which worked for me. The entry for Verisign Clas 3... G5 is in /etc/ca-certificates.conf, also there's a link to it in /etc/ssl/certs to an existing ...G5.crt file in /usr/share/ca-certificates - Firefox seems to recognise the issuer as a valid existing certificate issuer. Firefox displays the certificate for the page when I use menu options Tools -> Page Info -> Security -> View Certificate, and the certificate shows as valid for today - for the life of me I can't find a way to make Firefox trust the darn issuer.
I get the same fault with Firefox 3.6.23 on Ubuntu 10.04.
(I'd rather not tell everyone here the URL of my company's remote access website)

Thanks for the swift reply, cor-el - unfortunately, no joy with this approach.
A. As my named user (called "greg", surprise, surprise, no secret there...)
Run Firefox; select Edit > Preferences > Advanced : Encryption:
Here I get no option for Certificates, but I do get View Certificates - then tabs for:
- Servers, under which my company's remote logon URL is listed - Edit button is grey
- Authorities, under which the Verisign...G5 entry may be edited; 3 options:
1. may identify websites (ticked)
2. may identify mail users (unticked)
3. may identify software makers (ticked)
I ticked 2, tried again - same failure. Unticked it.
B. As root.
Run Firefox; select Edit > Preferences > Advanced : Encryption:
Here I get no option for Certificates, but I do get View Certificates - then tabs for:
- Servers, under which my company's remote logon URL is NOT listed
- Authorities, under which the Verisign...G5 entry may be edited; 3 options:
1. may identify websites (ticked)
2. may identify mail users (unticked)
3. may identify software makers (unticked)
I ticked 2 and 3, tried again - same failure. Unticked them.
Maybe a solution would be, in some way, to add my company's remote logon URL to the list of Servers while running Firefox as root. The Export and Import buttons may help here. However, when I first declined their certificate I was running Firefox as greg, not as root, so I am a bit suspicious there - what can be done as greg should be undoable as greg.
This is doing my head in. Maybe it's time to step back and think a bit. Maybe try Citrix's online help (already spent a fair amount of time there with no joy either).
So, thanks again for the reply - I've generally tried to provide a good list of what's up, and your reply has given me food for thought. OK, I'll keep trying.

What's the process to replace an SSL certificate

I have to replace an expiring SSL certificate in this server and can't recall the procedure. I have the new cert, and intermediate CA, but can't remember what utilities to use to replace the old with the new.

The image replace works perfectly with a masked image intact, only if the two images dimensions are the same.
However, doing the following gets you 95% of the way with just a final tweak of the mask:
select the image on the slide
Format > Copy Animation
then replace image
Format > Paste Animation
Format > Image > Edit Mask

SSL Certificate Edit

Similar Messages

Maybe you are looking for