SSL Certificate Install Problem

Similar Messages

• Godaddy SSL certificate installation problems - intermediate certificate not being recognized

  domain = mail.gottfried.org
  Installed both the certificate and the intermediate certificate from godaddy (used the 10.6 mac os x version)
  Response from:
  http://www.sslshopper.com/ssl-checker.html#hostname=mail.gottfried.org
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
  When I check in 0000_any_443_.conf
  I see:
  SSLCertificateFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. cert.pem
  SSLCertificateKeyFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. key.pem
  SSLCertificateChainFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. chain.pem
  I am assuming that the intermediate certificate should be:
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.chain.pem
  When I look at that certicate it is the same as
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.cert.pem
  When I check keychain and exported both the mail.gottfried.org certificate and also the starfield secure certification authority they match what was installed initially (what I downloaded from Godaddy).
  It looks like in the install process the intermediate certificate is not being linked to the ssl certificate and that the ssl certificate is being used for the chain.
  Anyone have any suggestions?
  I have talked to both Godaddy and Apple Enterprise support. Godaddy has nothing past 10.6 instruction wise (though the support person really tried to help). The Apple rep couldnt really help and if I really want help from them I need to talk to integration where costs start at $700....
  Anyone have an SSL provider that worked properly with 10.8  or has really good support for mountain lion server?
  Please let me know.
  Thanks!

  While you still can, get a refund for the certificate, and get a certificate from somebody else, and preferably one that doesn't need an intermediate?  That'll be the easiest.
  If you're not doing ecommerce or otherwise dealing with web browsers and remote clients that you don't have some control over or affiliation with, you can use a private certificate and get equivalent (or arguably better) security.  Running your own certificate authority does mean you'll learn more about certificates, though.
  Here and here are general descriptions of getting certificates and intermediate certificates loaded, and some troubleshooting here and particularly here (TN2232).  I have found exiting Keychain Access to be a necessary step on various versions.  It shouldn't be, but...
  FWIW and depending on your particular DNS setup and whether you're serving multiple web sites, you'll need a multiple-domain certificate.
  Full disclosure: I've chased a few of these cases around for customers, and it can take an hour or three to sort out what the particular vendor of math, err, certificates has implemented, to confirm the particular certificate formats and possibly convert the certificates where necessary, and to generally to sort out the various posted directions and confusions.  (I'm not particularly fond of any of the major math, err, certificate vendors, either.)

• Lync front end connectivity test fails (SSL certificate / URL problem)

  We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
  The event log error codes are 41024 and 41026.
  Here's the error from the snooper utility: 
  TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
  (0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
  The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
  the internal one. With the external one the certificate is OK.
  If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
  I know about the security risks so this is not what the discussion is about.
  I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
  builder is configured for our external FQDN.

  Hi,
  Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
  Please double check if you enter the correct external base URL on Lync Topology.
  Please also check if the SAN of FE Server certificate correctly.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• SSL Certificate- installation problems - uydo

  Your "Step 1" sounds fine. You don't need to convert the key from .der
  (AFAIK). So no "Step2" ! The Server Certificate Chain File Name is a
  bit of a strange one. As far as I can tell, its just more or less
  means that your actual server certificate (purchased from cert
  provider - Verisign say) is actually from Verisign.
  I got it by:
  Go to the Verisign site (verisign.com)
  Click on gold rosette
  "Verisign secure site - click to verify" to see their certification
  details.
  Then d-click on the gold padlock at bottom of this window to see
  certificate information
  Then click details tab
  Then click copy to file button - to save off what is the '1024 bit'
  root certificate. Use this .cer file as it is as the Server
  Certificate chain file.
  If you need the 512 bit root cert, then simply browse to find a site
  that's using that level of encryption with a verisign certificate.
  I had purchased a certificate, so it wasn't a trial one, so it may be
  that you need a different root certificate from mine.
  If that is the case, I suppose you might have to contact Verisign
  again
  Re step 4 I'm using 6.1, but I didn't need to do that, but If you
  think you do I would put the rootcert for that.
  (your email didn't work so I'm posting this - which might help others
  anyway)
  The original was:
  I'm trying to install the SSL on BEA 6.0, but failed to install it.
  Here are steps I got involved in :
  1. I created a CSR, fetched it to Verisign(trial Server ID), get backthe >certificate. Install this certificate in "Server Certificate File
  Name" in SSL >tab. The private key I got from the CSR process is
  installed at "Server Key >File Name". It's in DER format
  2. I don't know how to use the Utility to convert from Der2pem, orpem2der, >becase the private key I got is in DER format.
  3. I don't know how to get the server chain certificate. How can youcreate a >Server Certificate Chain to install in "Server Certificate
  Chain File Name"?
  4. Do I need to set a Trusted CA File Name in the SSL tab?

  Hi Jon,
  Thank you very much for your explain. Although I followed your steps,I still got
  the same error. Maybe, I'll ask Verisign, because BEA is no help at all.
  Thanks again,
  Uy
  [email protected] (Jon Lee) wrote:
  Your "Step 1" sounds fine. You don't need to convert the key from .der
  (AFAIK). So no "Step2" ! The Server Certificate Chain File Name is a
  bit of a strange one. As far as I can tell, its just more or less
  means that your actual server certificate (purchased from cert
  provider - Verisign say) is actually from Verisign.
  I got it by:
  Go to the Verisign site (verisign.com)
  Click on gold rosette
  "Verisign secure site - click to verify" to see their certification
  details.
  Then d-click on the gold padlock at bottom of this window to see
  certificate information
  Then click details tab
  Then click copy to file button - to save off what is the '1024 bit'
  root certificate. Use this .cer file as it is as the Server
  Certificate chain file.
  If you need the 512 bit root cert, then simply browse to find a site
  that's using that level of encryption with a verisign certificate.
  I had purchased a certificate, so it wasn't a trial one, so it may be
  that you need a different root certificate from mine.
  If that is the case, I suppose you might have to contact Verisign
  again
  Re step 4 I'm using 6.1, but I didn't need to do that, but If you
  think you do I would put the rootcert for that.
  (your email didn't work so I'm posting this - which might help others
  anyway)
  The original was:
  I'm trying to install the SSL on BEA 6.0, but failed to install it.
  Here are steps I got involved in :
  1. I created a CSR, fetched it to Verisign(trial Server ID), get backthe >certificate. Install this certificate in "Server Certificate File
  Name" in SSL >tab. The private key I got from the CSR process is
  installed at "Server Key >File Name". It's in DER format
  2. I don't know how to use the Utility to convert from Der2pem, orpem2der, >becase the private key I got is in DER format.
  3. I don't know how to get the server chain certificate. How can youcreate a >Server Certificate Chain to install in "Server Certificate
  Chain File Name"?
  4. Do I need to set a Trusted CA File Name in the SSL tab?

• SSL certificate installed in Apache - determine browser's encryption

  Hi all,
  I have Apache Web Server and WebLogic6.1 Application Server. The two are
  connected by a plugin. All my web pages are installed in the Application
  server, ie. in WebLogic. I am using Apache Web Server just to direct the
  client requests to WebLogic Application Server.
  I have installed 128 bit SSL in the Apache Web Server, and left WebLogic as
  is with its default SSL encryption.
  My question is, is it possible to determine whether the client's browser has
  128 bit encryption or not, using servlets that reside in WebLogic
  Application Server? If yes, how?
  Thanks in advance,
  Regards,
  Jaya

  Hi,
  Thanks for your mail. The browserhawk is really a good software, but my
  purpose is to determine the browser settings from servlet, so that I can
  inform the user to upgrade his/her browser from 40 bit encryption to 128 bit
  encryption.
  Thanks,
  Jaya
  "Utpal" <[email protected]> wrote in message
  news:[email protected]..
  My question is, is it possible to determine whether the client's browserhas
  128 bit encryption or not, using servlets that reside in WebLogic
  Application Server? If yes, how?
  Have you tried http://www.cyscape.com/products/bhawk/javabean.asp .
  On the top right click on the [more] , it will run a browser test foryou.
  I hope that halps.
  -utpal
  "Vikor" <[email protected]> wrote in message
  news:[email protected]..
  Hi all,
  I have Apache Web Server and WebLogic6.1 Application Server. The two are
  connected by a plugin. All my web pages are installed in the Application
  server, ie. in WebLogic. I am using Apache Web Server just to direct the
  client requests to WebLogic Application Server.
  I have installed 128 bit SSL in the Apache Web Server, and left WebLogicas
  is with its default SSL encryption.
  My question is, is it possible to determine whether the client's browserhas
  128 bit encryption or not, using servlets that reside in WebLogic
  Application Server? If yes, how?
  Thanks in advance,
  Regards,
  Jaya

• Problems installing SSL certificates for more than one alias on iMS 5.2

  I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
  Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
  Environment: Full 420R, Solaris 8, iMS5.2
  Thanks in advice

  Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
  Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
  So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

• Installing a new SSL Certificate to Exchange

  Hi,
  We have a Windows Server 2008 R2 machine running Exchange 2010 (sorry, there wasn't an option for a 2010 forum). As a company which handles payments, we need to be PCI DSS registered and the scan has picked up a failing point being we don't have
  an SSL Certificate installed. I have purchased one via GoDaddy and followed the instructions on their site to install it, however the PCI DSS scan is still failing because of the following reason:-
  "The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority."
  The certificate at the top of the chain is the 'built-in' default certificate. How do I promote the installed GoDaddy certificate to the top of the chain?
  Thanks

  Hi,
  Please refer to this similar thread.
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/e80a77f8-4f88-439e-85dd-76463c7a69d3/certification-authority?forum=winserversecurity
  And try to Save your root CA(s) public certificate in PEM format into a text file to PCI DSS scanner.
  Hope this will be helpful for you.

• Host name on SSL certificate did not match the alias name in the URL addres

  To the XI gurus,
  One of our vendors had problem to send us xml invoices because the url address had our server alias name and the SSL certificate we asked them to install had the server name.
  To resolve this issue, can we install two certificates (one has the alias name and one has the server name) at our XI server or we can only have one SSL certificate installed at any time?
  Thanks!
  Fisher Li

  Fisher Li,
  > we can only have one SSL certificate installed at any time?
  To my knowledge we can install  only one certificate.
  Cheers
  Agasthuri

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• Problem installing SSL certificate for CPS

  I work at a medium-sized University, and we have used
  Contribute 3 with CPS1.11 for well over a year. Recently, however,
  the Contribute clients began having difficulty logging in to CPS.
  At first this was intermittent, but is now constant. Adobe support
  suggested replacing the CPS self-signed SSL certificate with a
  genuine one, because apparently the self-signed certificate is
  causing communication delays and timeouts.
  I have the certificate, and am trying to use keytool (see
  http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
  to install it, but it is asking me for a keystore password, which I
  don't know. Apparently the standard defaults are "changeit" or
  "passphrase", but neither of these work.
  As a test, I created a fresh install of CPS and attempted to
  list the keys in the keystore, but again was asked for a keystore
  password and the defaults did not work. Adobe support suggested I
  ask here. Anybody have any experience installing a certificate for
  CPS?

  Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new:
  SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Problem Installing a SSL Certificate on a RD Server

  I'm trying to install a 3rd party SSL Certificate (GoDaddy) on my RD Session Host server (2008 R2).  I generated the request through IIS, received the cert from GoDaddy and imported it into [Certificates(Local Computer)\Personal\Certificates]. 
  I then went to RD Session Host Configuration,  and RDP-Tcp, and chose to select certificate.... however, I'm not given a choice...instead I receive a dialogue box saying "There are no certificates installed on this Remote Desktop Session Host server". 
  Any ideas why I cannot choose the cert?  Do I request the cert improperly ?  I'm stuck here...  thanks in advance for any tips!
  Scott

  It looks like you have the correct certificate but perhaps didn't import it the correct way. Did you create the Certificate Request on the same machine as you imported it? Otherwise you don't have the private key. If not them import the certificate on the
  same where you created the CR and then export the certificatye and make sure you select to export the private key as well and then import it on the RDS. If you followed the import steps correctly I suggest you contact GoDaddy to make sure the delivered
  a valid certificate.
  Kind regards,
  Freek Berson
  http://microsoftplatform.blogspot.com/

• Problem Installing Entrust SSL Certificate

  Hello:
  We are using BEA Weblogic 6.1 SP1. This year when we renew SSL certificate, we changed vendor from Verisign to Entrust. I just got the certificate from Entrust. Here's what happended:
  1. In the Entrust certificate email, it says "Entrust would like to inform you that as of January 1, 2004, the current GTE Corporation chain certificate that is distributed with all Entrust SSL certificates, will no longer be distributed with certificates that have an expiry date greater than January 1, 2006". However, I can't get Weblogic started on SSL without a valid ServerCertificateChainFileName. So I got the ServerChainFile from http://www.entrust.net/tech/weblogic6/removechain.cfm and saved the certificate into entrust-cert.pem file.
  2. It works on the server with BEA development license. However, when I move it to test web server with "SSL/Export" license, it gives this error "<License allows low strength (export) SSL.>" and Weblogic won't even start on both HTTP and SSL port.
  3. After trying all sorts of things and nothing helped, I'm wondering whether it's OK to use the same CSR request I generated using Weblogic certificate servlet last year, since no information has been changed since then?
  Does anybody have similar experience and can you shed some light on how to solve this issue. Should I contact Entrust to get a low strength SSL?
  Thanks in advance!
  Jenny

  It looks like you have the correct certificate but perhaps didn't import it the correct way. Did you create the Certificate Request on the same machine as you imported it? Otherwise you don't have the private key. If not them import the certificate on the
  same where you created the CR and then export the certificatye and make sure you select to export the private key as well and then import it on the RDS. If you followed the import steps correctly I suggest you contact GoDaddy to make sure the delivered
  a valid certificate.
  Kind regards,
  Freek Berson
  http://microsoftplatform.blogspot.com/

• URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

  Hi,
  I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
  I am trying to get work with url: https://reports.mydomain.com
  I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
  https://reports.mydomain.com/ReportServer - works fine
  https://reports.3pro.hr/Reports/ - I got error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  In rsreportserver.config I have:
  <Add Key="SecureConnectionLevel" Value="2"/>
  When looking my ReportServerService_date.log file I have something like:
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  Also, error shown in log file:
  appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
  ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
  Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
  -- Hrvoje Kusulja

  I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
  before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
  but I didn't roll them back either so they may have been necessary.)
  Step 1:
  Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
  file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
  SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
  Step 2: 
  In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
  <Add Key="SecureConnectionLevel" Value="3"/>
  Step 3:
  In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
  is valid for your certificate.  For example, if my cert matches *.mydomain.local:
  <UrlRoot>
  https://myserver.mydomain.local/ReportServer
  </UrlRoot>
  Step 4:
  Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
  the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
  broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
  Step 5:
  This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
  The corrected value should be the same as in step 3, for example:
  <ReportServerUrl>
  https://myserver.mydomain.local/ReportServer
  </ReportServerUrl>
  Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
  Good luck!

• Problem in installation of free SSL certificate on Weblogic using keytool

  We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
  Steps followed:-
  1) To generate keystore and private key and digital cerficate:-
  keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
  2) To generate CSR
  keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
  3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
  4) Same certificate is put into same keystore using following command
  keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
  5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
  (intermediateCa.cer file is downloaded from verisign site)
  keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
  6) After this configuration we used weblogic admin module to configure Keystore and SSL.
  7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
  Private key alias: mykey2
  PassKeyphrase: webconkeystorepassword
  Location of keystore: location of webconkeystore.jks file on server
  8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
  Error on console:
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
  <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  If anyone knows the solution ,please help us out.Thanx in advance.
  I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

  Thanx all guys for your interest and support.
  I have solved this issue.
  We have weblogic 9 on unix env.
  Following steps which I followed:
  #generate private key
  keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
  #generate csr
  keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
  Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
  We copied that text file in "ert4nov2009.crt" rt file used below.
  Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
  roo ca in "root4nov2009.cer" file.
  intermediate ca in "intermediateca4nov2009.cer"
  both these files used in
  #import root certificate
  keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
  #import intermediate ca certificate
  keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
  #install free ssl certifiate
  keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
  #after this admin configuration
  In weblogic admin console module, we did following settings:-
  1. under Configuration tab
  a. Under KeyStore tab
  For keystore , we selected "Custom identity and Custom Trust"
  Under Identity,
  Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
  Custom Identity Keystore Type: JKS
  Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
  Same we copied Under "Trust", as we have not created separate keystore for trust.
  Save setting.
  b. Under SSL tab
  Identity and Trust Locations: select "Keystores"
  Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
  Save setting.
  c. Under General tab
  Check checkbox "SSL Listen Port Enabled"
  and mention ssl port "SSL Listen Port"
  Save setting.
  After this activate changes.You might see error on admin module.
  Using command prompt, stop the server and again restart and then try to access using https and port ...
  you will definately get output...
  in our case issue might be due to key size..we used 1024 key size ..it solve problem.
  for your further reference plz find link below..it is also helpful.
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674