SSL certificate error on every SSL page
Hello,
I was having problems earlier with connecting to my wireless internet so I deleted some of my .plist files attempting to fix the problem. Now I am having problems connecting to ANY SSL page, (as well as google chat, etc.) saying "security certificate is not trusted". Same happens on all browsers. I think it is because I deleted some plist files (not sure which ones).
How can I fix this problem? I cannot find any documentation of anyone else having this problem, so please help!
Much thanks.
The answer was found elsewhere: Android is much more picky when it comes to SSL certificates and what works in the browser doesn't necessarily work in an Android app.
A technician had to add a "SSLCACertificateFile to the SSL conf to provide this intermediate chain". I don't know what this is, but it worked.
Similar Messages
-
Has anyone found a way to overcome the SSL certificate error via UCCX editor? See attached screenshots. Thanks!
Hi, not easily, no.
But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
G. -
Just got my iPhone today.
My email server has a simple, self-signed SSL certificate (IMAPS and TLS on the MTA). The iPhone doesn't like this and refuses to work with my mail/imap server.
This won't work for me and I'm wondering if there is a way around this.
Thanks.This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.
1) Enter Mail on iPhone
2) Select Other from the list of mail provider options
3) Enter all the Account specifics, in my case it was IMAP stuf
4) Click Save, and get the invalid certificate message
5) Click "CANCEL", an you get returned to the settings screen
6) Click "SAVE" again, it says, "You may not be able to receive email..."
7) Click OK
8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.
What a pain, but it works. -
SSL Certificate Error in AIX server~~~SCOM 2012 R2
Hi Everyone,
While installing SCOM client i am getting below error. Plz suggest.
Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve.
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.Hi Pawan
Have you exported/imported scx certificates?
Check out Kevin Holmans blog on installation of UNIX/Linux agents:
http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
www.coretech.dk - blog.coretech.dk -
SSL certificate error when installing
Hi,
We are getting error when installing the SSL certificate on our web dispatcher. Please see screenshot attached.
Kindly assist us on this.
Thank you!
Regards,
AJYou have to specify the additional certificates with the "-r" parameter.
E g
sapgenpse import_own_cert -c <cert_from_eg_verisign> -p <PSE-file> -r intermediate-one.cer -r intermediate-two.cer
You can specify "-r" up to 10 times. -
Expired SSL certificate errors in browser after installing a new Certificat
I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?
Here is the output but i noticed that there are three of the same key(sitecert)
wadm> certutil -L -d .
sitecert u,u,u
sitecert u,u,u
Thawte SGC CA - VeriSign, Inc. CT,,
sitecert u,u,ui guess now the question is how to get ride of the 2 offending certs in the database. -
SSL Certificate errors on websites since using Cisco RV130 router
Dear reader,
The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).
Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.
Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.
Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.
Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct.
Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:
www.google.com:
Pinging www.google.com [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
Ping statistics for 95.100.141.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 11ms, Average = 10ms
www.apple.com:
Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
Ping statistics for 95.100.141.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 16ms, Average = 12ms
I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!
Best regards,
Fred
P.s. I have added two images of the resulting errors from Chrome.
[edit]
Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.I could try to use the RV130 on my home network possibly and see what happens, but truthfully I'm not considering keeping this device that long if this problem keeps occurring.
Regarding the firmware, the latest version of the firmware is on the router. And I have, coincidentally, reinstalled several laptops in the past week that all had the problem before reinstalling and still have it after reinstalling.
We do have a piece of internet security software, which is kaspersky internet security, but disabling it doesn't help and secondly, we've had that long before we started using this router and the problem never occured then.
Is there at all a possibility that the router is causing this? If the answer is yes then I think I don't have any more time left to invest in looking for a cause and will just return the product and search for a new router. Preferably still a Cisco, but definitely another one than the RV130. -
I keep getting certificate errors even on apple pages
I have a macbook pro 13 retina disply (OS10) and no matter what page I want to pull up safari give me the message that safari can't verrify the identity of the website. when i look at the certificate it says the the certificate is not yet valid. I have the time set correctly on the computer. This also happens when trying to use the apple website. As a result, i am using my ipad to write this problem. Any suggestions would be appreciated.
This could be a complicated problem to solve, as there are several possible causes for it.
Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
Step 1
From the menu bar, select
▹ System Preferences... ▹ Date & Time
Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
Check the box marked
Set date and time automatically
if it's not already checked, and select one of the Apple time servers from the menu next to it.
Step 2
Triple-click anywhere in the line below on this page to select it:
/System/Library/Keychains/SystemCACertificates.keychain
Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
Repeat with this line:
/System/Library/Keychains/SystemRootCertificates.keychain
If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
Step 3
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
In the Keychains list, there should be items named System and System Roots. If not, select
File ▹ Add Keychain
from the menu bar and add the following items:
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
Open the View menu in the menu bar. If one of the items in the menu is
Show Expired Certificates
select it. Otherwise it will show
Hide Expired Certificates
which is what you want.
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
Secure Sockets Layer (SSL)
select
no value specified
Close the inspection window. You'll be prompted for your administrator password to update the settings.
Now open the same inspection window again, and select
When using this certificate: Use System Defaults
Save the change in the same way as before.
Revert all the certificates with non-default trust settings. Never again change any of those settings.
Step 4
Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
Step 5
From the menu bar, select
Keychain Access ▹ Preferences... ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Step 6
Triple-click anywhere in the line of text below on this page to select it:
/var/db/crls
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
Restart the computer, empty the Trash, and test.
Step 7
Triple-click anywhere in the line below on this page to select it:
open -e /etc/hosts
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
If that's not what you see, post the contents of the window. -
Hi,
Every time I want to have access to the Cisco Unified CM Console (System version: 7.0.1.11000-2), I use the https://10.10.x.x/ccmadmin/showHome.do homepage on my client computer, but when I open the page, I get a SSL certificate error, stating no trust to this webpage security certificate and if I those "continue to this page (not recommended)", I get access to the Cisco Unified CM Console web page.
I have tried to add the https://IP-adress to secure web pages in Internet Explorer 7, but this to no avail, it does not help.
How do I add this certificate to a trusted something, so I do not get this warning every time I open the page?
Kind regards,
Carl-MariusHi Michael,
It worked when I change the IP-address to the name that was written in the certificate, and imported the certificate to Internet Explorer.
Thank you for your fast and very precise help!
Kind regards,
Carl-Marius -
Peer not authenticated exception on every SSL request
I'm using VeriSign-issued SSL certificates and WebLogic appears to be working fine with them. No browser issues, no server errors -- unless I enable SSL debugging. We were investigating an earlier issue (See: Extremely slow Apache 2.2-WebLogic 12c proxy behavior when using SSL) and we noticed that with every SSL request, we see the following error in the weblogic-server.log:
####<Nov 18, 2013 3:46:52 PM CST> <Debug> <SecuritySSL> <zlxv8131.vci.att.com> <CASWEBAdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1384811212294> <BEA-000000> <Exception processing certificates: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:203)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:74)
at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:300)
at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:558)
We continue to see this for every HTTPS request -- every initial GET for the page, and all GETs for associated scripts, images, stylesheets, etc.
This is WebLogic 12.1.1.0 on Red Hat Enterprise Linux 6. I have the following startup options set:
-Dweblogic.StdoutDebugEnabled=true
-Dssl.debug=true
-Dweblogic.security.SSL.nojce=true
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=off
Is this actually a concern, given that we only see it when extended SSL debugging is enabled? When I Google (or search the Oracle forums) for this error, I find only my earlier posting, or folks dealing with self-signed certificates. Surely this is a more common issue. We are experiencing it on several different WebLogic installations on different servers. Exact same error on every SSL request, yet the page renders fine and there are no processing errors or delays -- just the debugging error above.
Any assistance would be much appreciated!
--samI using WebLogic 12.1.2 and having the same problem.
<Dec 5, 2013 3:13:01 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <Exception processing certificates: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:222)
at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:165)
at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:75)
at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:303)
at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:570)
at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:119)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:186)
at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:996)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:928)
at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:507)
at weblogic.socket.NIOSocketMuxer.processSockets(NIOSocketMuxer.java:473
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:30)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
43)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:147)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:119)
>
The page renders fine but when I use t3s connection (for ssl) as following:
Context oContext ;
Hashtable <String,String> oHashtable = new Hashtable<String,String>();
oHashtable.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
oHashtable.put(Context.PROVIDER_URL, "t3s://localhost:7002");
oContext = new InitialContext(oHashtable);
I will get the following error:
<Dec 5, 2013 3:19:09 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[Execute
Thread: '0' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
Please help on this. Thanks. -
SSL Handshake Error in Android (ADF Mobile)
Hi Guys,
Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
Log from Android is
09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request: {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception: {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
How to solved this one ?
** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !Hi,
Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
: D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
Are there any known issues with ADF Mobile/SSL on Android?
Any help is much appreciated.
Rich. -
Godaddy SSL certificate installation problems - intermediate certificate not being recognized
domain = mail.gottfried.org
Installed both the certificate and the intermediate certificate from godaddy (used the 10.6 mac os x version)
Response from:
http://www.sslshopper.com/ssl-checker.html#hostname=mail.gottfried.org
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
When I check in 0000_any_443_.conf
I see:
SSLCertificateFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. cert.pem
SSLCertificateKeyFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. key.pem
SSLCertificateChainFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. chain.pem
I am assuming that the intermediate certificate should be:
mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.chain.pem
When I look at that certicate it is the same as
mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.cert.pem
When I check keychain and exported both the mail.gottfried.org certificate and also the starfield secure certification authority they match what was installed initially (what I downloaded from Godaddy).
It looks like in the install process the intermediate certificate is not being linked to the ssl certificate and that the ssl certificate is being used for the chain.
Anyone have any suggestions?
I have talked to both Godaddy and Apple Enterprise support. Godaddy has nothing past 10.6 instruction wise (though the support person really tried to help). The Apple rep couldnt really help and if I really want help from them I need to talk to integration where costs start at $700....
Anyone have an SSL provider that worked properly with 10.8 or has really good support for mountain lion server?
Please let me know.
Thanks!While you still can, get a refund for the certificate, and get a certificate from somebody else, and preferably one that doesn't need an intermediate? That'll be the easiest.
If you're not doing ecommerce or otherwise dealing with web browsers and remote clients that you don't have some control over or affiliation with, you can use a private certificate and get equivalent (or arguably better) security. Running your own certificate authority does mean you'll learn more about certificates, though.
Here and here are general descriptions of getting certificates and intermediate certificates loaded, and some troubleshooting here and particularly here (TN2232). I have found exiting Keychain Access to be a necessary step on various versions. It shouldn't be, but...
FWIW and depending on your particular DNS setup and whether you're serving multiple web sites, you'll need a multiple-domain certificate.
Full disclosure: I've chased a few of these cases around for customers, and it can take an hour or three to sort out what the particular vendor of math, err, certificates has implemented, to confirm the particular certificate formats and possibly convert the certificates where necessary, and to generally to sort out the various posted directions and confusions. (I'm not particularly fond of any of the major math, err, certificate vendors, either.) -
SSL Certificate to apply on more web application - SharePoint 2013
Hi,
based on your experiences, I'd like to know which SSL certificates are good in order to apply them for more web applications in a SharePoint 2013 farm. Saying a good SSL certificate I intend a SSL certificate not more expensive. The idea is to buy one
certificate with 1 or 2 year licence and use it for two, three, ... web applications.
Fe, I've a look to Thawte certificates but I don't find any info talking about the possibility to apply one certificate for more web applications.
Any suggests to me, please?A single-host certificate applies to one host, or a single Web Application using Path-based Site Collections.
A SAN certificate applies to multiple, limited number of hosts for use with multiple Web Applications using Path-based Site Collections (or in a limited fashion, Host-named Site Collections).
A Wildcard certificate applies to an unlimited number of hosts, or an unlimited number of Web Applications using Path or Host-named Site Collections.
You want a wildcard, unless you have a good reason to not want a wildcard.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
How can i refresh an SSL certificate for a specific page?
i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?
You can try to remove that certificate here:
Edit > Preferences > Advanced > Encryption: Certificates > View Certificates -
"hi, all,
I got your information from weblogic.developer.interest.security.
I have a question about the SSL certificate
1. I generate the private key file using Weblogic certificate servlet,
2. get the request, then goto thawte get the response
3. goto weblogic console -> server -> ssl, specify the filename, click "Enable", click "Key Encrypted"
4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
But when I restart the weblogic, got the following error msg:
Starting WebLogic Server ....
<Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration file
.\config\citi1\config.xml ...>
<Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic Admin
Server "server1" for domain "citi1">
<Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration p
roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
24)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3SrvrHi adam,
I wish to let u know that your ****-key.der file is not generated correctly. I
suppose you must have used Certificate Requeste Generator of WLS to generate the
key file and the request file.
please follow the following to get your system running:
(1) Generate a new certificate request making sure that you enter "yourmachine.domain.com"
in the Full Host name field within the certificate request generator. Fill all
the required values like the state should be filled in full not with abreviations
etc(do not fill the ones which are not required. That means do not fill the password
field and random string field...etc )then u will get a key file and the request
file..press the submit button on the same page to test the key file with Verisign..if
all fields are filled correctly then it says so..if not it will bounce back saying
an ERROR..so see to it that u get the right key file..i.e. ****;key.der file.
(2) Save the certificate request in a text file. (including the ----BEGIN CERTIFICATE
REQUEST-- and END CERTIFICATE REQUEST)
(3) Go to https://www.thawte.com/cgi/server/test.exe and paste the above request.
(4) Do NOT choose any other options as the default options are set correctly
(unless you are using a domestic build of the weblogic server which requires a
different license).
(5) Save the certificate obtained in a text file and save it as a .pem file
(6) Also save the root certificate obtained in the above URL (see the 2nd line
from the top) in .pem format and use this file against the ServerCertChain name.
(7) Make sure you enter the certificate key and server certificate fields with
the correct path to the key and cert (inclusive of the file names).
After having done the above steps restart the server and you should be able to
get SSL to work. Hope the above information
If not then mail me at [email protected].
Sujit.
adamfeng <[email protected]> wrote:
"hi, all,
I got your information from weblogic.developer.interest.security.
I have a question about the SSL certificate
1. I generate the private key file using Weblogic certificate servlet,
2. get the request, then goto thawte get the response
3. goto weblogic console -> server -> ssl, specify the filename, click
"Enable", click "Key Encrypted"
4. change the startWeblogic.cmd, adding -Dpkpassword=adminadmin
But when I restart the weblogic, got the following error msg:
Starting WebLogic Server ....
<Sep 27, 2001 1:34:29 PM CST> <Notice> <Management> <Loading configuration
file
..\config\citi1\config.xml ...>
<Sep 27, 2001 1:34:35 PM CST> <Notice> <WebLogicServer> <Starting WebLogic
Admin
Server "server1" for domain "citi1">
<Sep 27, 2001 1:34:35 PM CST> <Alert> <WebLogicServer> <Security configuration
p
roblem with certificate file adamfeng-key.der, java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
24)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:390)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr
Maybe you are looking for
-
Why does my Airport Express say "self assigned IP address"? No IP address for the ethernet, and it is not connecting to my cable router any longer...
-
How to avoid pdf to download in IE prior to open?
Hi, I have unique problem. I cant open any pdf file from my outlook 2010 when it shared as link. When I click on the link it shows error "There was an error opening this document. The file can't be found" after opening pdf viewer. But if I keep open
-
Cannot type new outgoing message in utility warehouse webmail when using mozilla firefox
I've always used Mozilla Firefox and Utility Warehouse club webmail e-mail client. Always worked well, no problems. Now I can no longer type up new e-mails. I can call up the contacts name and type in the subject OK but then I can't type the message
-
Is there anyway to create Flash movies from QuickTime and use them on my iWeb site? Thanks
-
Battery life in new macbook pro
I just purchased a new macbook pro and the battery life seems to only be approx 1.5 hours- much less then i expected. Is this normal? The website claims up to 7 hours of wireless internet use.