SSL certificate error on every SSL page

Similar Messages

• When trying to get to a CUIC permalink report via a get XML document data step in UCCX, we get a SSL certificate error

  Has anyone found a way to overcome the SSL certificate error via UCCX editor?  See attached screenshots.  Thanks!

  Hi, not easily, no.
  But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
  G.

• IMAP SSL Certificate Errors

  Just got my iPhone today.
  My email server has a simple, self-signed SSL certificate (IMAPS and TLS on the MTA). The iPhone doesn't like this and refuses to work with my mail/imap server.
  This won't work for me and I'm wondering if there is a way around this.
  Thanks.

  This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.
  1) Enter Mail on iPhone
  2) Select Other from the list of mail provider options
  3) Enter all the Account specifics, in my case it was IMAP stuf
  4) Click Save, and get the invalid certificate message
  5) Click "CANCEL", an you get returned to the settings screen
  6) Click "SAVE" again, it says, "You may not be able to receive email..."
  7) Click OK
  8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
  9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.
  What a pain, but it works.

• SSL Certificate Error in AIX server~~~SCOM 2012 R2

  Hi Everyone,
  While installing SCOM client i am getting below error. Plz suggest.
  Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve 
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
  The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors: 
  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.    
  The SSL certificate is signed by an unknown certificate authority.      
  It is possible that:
     1. The destination certificate is signed by another certificate authority not trusted by the management server. 
     2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: FQDN serve.
     3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool. 

  Hi Pawan
  Have you exported/imported scx certificates?
  Check out Kevin Holmans blog on installation of UNIX/Linux agents:
  http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
  www.coretech.dk - blog.coretech.dk

• SSL certificate error when installing

  Hi,
  We are getting error when installing the SSL certificate on our web dispatcher. Please see screenshot attached.
  Kindly assist us on this.
  Thank you!
  Regards,
  AJ

  You have to specify the additional certificates with the "-r" parameter.
  E g
  sapgenpse import_own_cert -c <cert_from_eg_verisign> -p <PSE-file> -r intermediate-one.cer -r intermediate-two.cer
  You can specify "-r" up to 10 times.

• Expired SSL certificate errors in browser after installing a new Certificat

  I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?

  Here is the output but i noticed that there are three of the same key(sitecert)
  wadm> certutil -L -d .
  sitecert                                                     u,u,u
  sitecert                                                     u,u,u
  Thawte SGC CA - VeriSign, Inc.                               CT,,
  sitecert                                                     u,u,ui guess now the question is how to get ride of the 2 offending certs in the database.

• SSL Certificate errors on websites since using Cisco RV130 router

  Dear reader,
  The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).
  Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.
  Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.
  Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.
  Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct. 
  Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:
  www.google.com:
  Pinging www.google.com [95.100.141.15] with 32 bytes of data:
  Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
  Ping statistics for 95.100.141.15:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 9ms, Maximum = 11ms, Average = 10ms
  www.apple.com:
  Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
  Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
  Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
  Ping statistics for 95.100.141.15:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 9ms, Maximum = 16ms, Average = 12ms
  I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!
  Best regards,
  Fred
  P.s. I have added two images of the resulting errors from Chrome.
  [edit]
  Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.

  I could try to use the RV130 on my home network possibly and see what happens, but truthfully I'm not considering keeping this device that long if this problem keeps occurring.
  Regarding the firmware, the latest version of the firmware is on the router. And I have, coincidentally, reinstalled several laptops in the past week that all had the problem before reinstalling and still have it after reinstalling.
  We do have a piece of internet security software, which is kaspersky internet security, but disabling it doesn't help and secondly, we've had that long before we started using this router and the problem never occured then.
  Is there at all a possibility that the router is causing this? If the answer is yes then I think I don't have any more time left to invest in looking for a cause and will just return the product and search for a new router. Preferably still a Cisco, but definitely another one than the RV130. 

• I keep getting certificate errors even on apple pages

  I have a macbook pro 13 retina disply (OS10) and no matter what page I want to pull up safari give me the message that safari can't verrify the identity of the website. when i look at the certificate it says the the certificate is not yet valid. I have the time set correctly on the computer. This also happens when trying to use the apple website. As a result, i am using my ipad to write this problem. Any suggestions would be appreciated.

  This could be a complicated problem to solve, as there are several possible causes for it.
  Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
  Step 1
  From the menu bar, select
             ▹ System Preferences... ▹ Date & Time
  Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
  Check the box marked 
            Set date and time automatically
  if it's not already checked, and select one of the Apple time servers from the menu next to it.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /System/Library/Keychains/SystemCACertificates.keychain
  Right-click or control-click the highlighted line and select
            Services ▹ Show Info
  from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
  Repeat with this line:
  /System/Library/Keychains/SystemRootCertificates.keychain
  If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
  Step 3
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
  In the Keychains list, there should be items named System and System Roots. If not, select
            File ▹ Add Keychain
  from the menu bar and add the following items:
  /Library/Keychains/System.keychain
  /System/Library/Keychains/SystemRootCertificates.keychain
  Open the View menu in the menu bar. If one of the items in the menu is
            Show Expired Certificates
  select it. Otherwise it will show
            Hide Expired Certificates
  which is what you want.
  From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
            Secure Sockets Layer (SSL)
  select
            no value specified
  Close the inspection window. You'll be prompted for your administrator password to update the settings.
  Now open the same inspection window again, and select
            When using this certificate: Use System Defaults
  Save the change in the same way as before.
  Revert all the certificates with non-default trust settings. Never again change any of those settings.
  Step 4
  Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
  Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
            Help ▹ Keychain Access Help
  from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
  Step 5
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ Certificates
  There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
  Step 6
  Triple-click anywhere in the line of text below on this page to select it:
  /var/db/crls
  Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
  Restart the computer, empty the Trash, and test.
  Step 7
  Triple-click anywhere in the line below on this page to select it:
  open -e /etc/hosts
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
  # Host Database
  # localhost is used to configure the loopback interface
  # when the system is booting.  Do not change this entry.
  127.0.0.1                              localhost
  255.255.255.255          broadcasthost
  ::1                                        localhost
  fe80::1%lo0                    localhost
  If that's not what you see, post the contents of the window.

• How do I remove the certificat error everytime I try to access the Cisco Unified CM Administration web-page?

  Hi,
  Every time I want to have access to the Cisco Unified CM Console (System version: 7.0.1.11000-2), I use the https://10.10.x.x/ccmadmin/showHome.do homepage on my client computer, but when I open the page, I get a SSL certificate error, stating no trust to this webpage security certificate and if I those "continue to this page (not recommended)", I get access to the Cisco Unified CM Console web page.
  I have tried to add the https://IP-adress to secure web pages in Internet Explorer 7, but this to no avail, it does not help.
  How do I add this certificate to a trusted something, so I do not get this warning every time I open the page?
  Kind regards,
  Carl-Marius

  Hi Michael,
  It worked when I change the IP-address to the name that was written in the certificate, and imported the certificate to Internet Explorer.
  Thank you for your fast and very precise help!
  Kind regards,
  Carl-Marius

• Peer not authenticated exception on every SSL request

  I'm using VeriSign-issued SSL certificates and WebLogic appears to be working fine with them.  No browser issues, no server errors -- unless I enable SSL debugging.  We were investigating an earlier issue (See: Extremely slow Apache 2.2-WebLogic 12c proxy behavior when using SSL) and we noticed that with every SSL request, we see the following error in the weblogic-server.log:
  ####<Nov 18, 2013 3:46:52 PM CST> <Debug> <SecuritySSL> <zlxv8131.vci.att.com> <CASWEBAdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1384811212294> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:203)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:74)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:300)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:558)
  We continue to see this for every HTTPS request -- every initial GET for the page, and all GETs for associated scripts, images, stylesheets, etc. 
  This is WebLogic 12.1.1.0 on Red Hat Enterprise Linux 6.  I have the following startup options set:
  -Dweblogic.StdoutDebugEnabled=true
  -Dssl.debug=true
  -Dweblogic.security.SSL.nojce=true
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.SSL.enforceConstraints=off
  Is this actually a concern, given that we only see it when extended SSL debugging is enabled?  When I Google (or search the Oracle forums) for this error, I find only my earlier posting, or folks dealing with self-signed certificates.  Surely this is a more common issue.  We are experiencing it on several different WebLogic installations on different servers.  Exact same error on every SSL request, yet the page renders fine and there are no processing errors or delays -- just the debugging error above.
  Any assistance would be much appreciated!
  --sam

  I using WebLogic 12.1.2 and having the same problem.
  <Dec 5, 2013 3:13:01 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:222)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:165)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:75)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:303)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:570)
          at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:119)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:186)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:996)
          at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:928)
          at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:507)
          at weblogic.socket.NIOSocketMuxer.processSockets(NIOSocketMuxer.java:473
          at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:30)
          at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
  43)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:147)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:119)
  >
  The page renders fine but when I use t3s connection (for ssl) as following:
  Context oContext ;
  Hashtable <String,String> oHashtable = new Hashtable<String,String>();
  oHashtable.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  oHashtable.put(Context.PROVIDER_URL,  "t3s://localhost:7002");
  oContext = new InitialContext(oHashtable);
  I will get the following error:
  <Dec 5, 2013 3:19:09 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[Execute
  Thread: '0' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
  javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
          at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
          at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
          at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
          at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
          at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
  Please help on this. Thanks.

• SSL Handshake Error in Android (ADF Mobile)

  Hi Guys,
  Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
  Log from Android is
  09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request:  {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception:  {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
  How to solved this one ?
  ** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !

  Hi,
  Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
  : D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
  I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
  Are there any known issues with ADF Mobile/SSL on Android?
  Any help is much appreciated.
  Rich.

• Godaddy SSL certificate installation problems - intermediate certificate not being recognized

  domain = mail.gottfried.org
  Installed both the certificate and the intermediate certificate from godaddy (used the 10.6 mac os x version)
  Response from:
  http://www.sslshopper.com/ssl-checker.html#hostname=mail.gottfried.org
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
  When I check in 0000_any_443_.conf
  I see:
  SSLCertificateFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. cert.pem
  SSLCertificateKeyFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. key.pem
  SSLCertificateChainFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. chain.pem
  I am assuming that the intermediate certificate should be:
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.chain.pem
  When I look at that certicate it is the same as
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.cert.pem
  When I check keychain and exported both the mail.gottfried.org certificate and also the starfield secure certification authority they match what was installed initially (what I downloaded from Godaddy).
  It looks like in the install process the intermediate certificate is not being linked to the ssl certificate and that the ssl certificate is being used for the chain.
  Anyone have any suggestions?
  I have talked to both Godaddy and Apple Enterprise support. Godaddy has nothing past 10.6 instruction wise (though the support person really tried to help). The Apple rep couldnt really help and if I really want help from them I need to talk to integration where costs start at $700....
  Anyone have an SSL provider that worked properly with 10.8  or has really good support for mountain lion server?
  Please let me know.
  Thanks!

  While you still can, get a refund for the certificate, and get a certificate from somebody else, and preferably one that doesn't need an intermediate?  That'll be the easiest.
  If you're not doing ecommerce or otherwise dealing with web browsers and remote clients that you don't have some control over or affiliation with, you can use a private certificate and get equivalent (or arguably better) security.  Running your own certificate authority does mean you'll learn more about certificates, though.
  Here and here are general descriptions of getting certificates and intermediate certificates loaded, and some troubleshooting here and particularly here (TN2232).  I have found exiting Keychain Access to be a necessary step on various versions.  It shouldn't be, but...
  FWIW and depending on your particular DNS setup and whether you're serving multiple web sites, you'll need a multiple-domain certificate.
  Full disclosure: I've chased a few of these cases around for customers, and it can take an hour or three to sort out what the particular vendor of math, err, certificates has implemented, to confirm the particular certificate formats and possibly convert the certificates where necessary, and to generally to sort out the various posted directions and confusions.  (I'm not particularly fond of any of the major math, err, certificate vendors, either.)

• SSL Certificate to apply on more web application - SharePoint 2013

  Hi,
  based on your experiences, I'd like to know which SSL certificates are good in order to apply them for more web applications in a SharePoint 2013 farm. Saying a good SSL certificate I intend a SSL certificate not more expensive. The idea is to buy one
  certificate with 1 or 2 year licence and use it for two, three, ... web applications.
  Fe, I've a look to Thawte certificates but I don't find any info talking about the possibility to apply one certificate for more web applications.
  Any suggests to me, please?

  A single-host certificate applies to one host, or a single Web Application using Path-based Site Collections.
  A SAN certificate applies to multiple, limited number of hosts for use with multiple Web Applications using Path-based Site Collections (or in a limited fashion, Host-named Site Collections).
  A Wildcard certificate applies to an unlimited number of hosts, or an unlimited number of Web Applications using Path or Host-named Site Collections.
  You want a wildcard, unless you have a good reason to not want a wildcard.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How can i refresh an SSL certificate for a specific page?

  i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?

  You can try to remove that certificate here:
  Edit > Preferences > Advanced > Encryption: Certificates > View Certificates

• Error of SSL certificate

  "hi, all,
       I got your information from weblogic.developer.interest.security.
       I have a question about the SSL certificate
  1. I generate the private key file using Weblogic certificate servlet,
  2. get the request, then goto thawte get the response
  3. goto weblogic console -> server -> ssl, specify the filename, click "Enable", click "Key Encrypted"
  4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
  But when I restart the weblogic, got the following error msg:
  Starting WebLogic Server ....
  <Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration file
  .\config\citi1\config.xml ...>
  <Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic Admin
  Server "server1" for domain "citi1">
  <Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration p
  roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
  java.lang.NullPointerException
  at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
  at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
  24)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr

  Hi adam,
  I wish to let u know that your ****-key.der file is not generated correctly. I
  suppose you must have used Certificate Requeste Generator of WLS to generate the
  key file and the request file.
  please follow the following to get your system running:
  (1) Generate a new certificate request making sure that you enter "yourmachine.domain.com"
  in the Full Host name field within the certificate request generator. Fill all
  the required values like the state should be filled in full not with abreviations
  etc(do not fill the ones which are not required. That means do not fill the password
  field and random string field...etc )then u will get a key file and the request
  file..press the submit button on the same page to test the key file with Verisign..if
  all fields are filled correctly then it says so..if not it will bounce back saying
  an ERROR..so see to it that u get the right key file..i.e. ****;key.der file.
  (2) Save the certificate request in a text file. (including the ----BEGIN CERTIFICATE
  REQUEST-- and END CERTIFICATE REQUEST)
  (3) Go to https://www.thawte.com/cgi/server/test.exe and paste the above request.
  (4) Do NOT choose any other options as the default options are set correctly
  (unless you are using a domestic build of the weblogic server which requires a
  different license).
  (5) Save the certificate obtained in a text file and save it as a .pem file
  (6) Also save the root certificate obtained in the above URL (see the 2nd line
  from the top) in .pem format and use this file against the ServerCertChain name.
  (7) Make sure you enter the certificate key and server certificate fields with
  the correct path to the key and cert (inclusive of the file names).
  After having done the above steps restart the server and you should be able to
  get SSL to work. Hope the above information
  If not then mail me at [email protected].
  Sujit.
  adamfeng <[email protected]> wrote:
  "hi, all,
       I got your information from weblogic.developer.interest.security.
       I have a question about the SSL certificate
  1. I generate the private key file using Weblogic certificate servlet,
  2. get the request, then goto thawte get the response
  3. goto weblogic console -> server -> ssl, specify the filename, click
  "Enable", click "Key Encrypted"
  4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
  But when I restart the weblogic, got the following error msg:
  Starting WebLogic Server ....
  <Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration
  file
  ..\config\citi1\config.xml ...>
  <Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic
  Admin
  Server "server1" for domain "citi1">
  <Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration
  p
  roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
  java.lang.NullPointerException
  at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
  at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
  24)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr