SSL certificate installed in Apache - determine browser's encryption

Similar Messages

• SSL Certificate Install Problem

  To all Sun App Server Gurus,
  I face a major challenge trying to install an SSL certificate on our Application Server.
  The Manage Database was successful.
  I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
  The certificate is issued and validated by our CA.
  I follow the steps according the documentation to import the certificate.
  I specify the following to import the certificate
  1) Certificate for : o This Server
  2) Cryptographic Module: internal
  3) Key Pair File Password: **************
  4) Message Text (with headers):
  -----BEGIN CERTIFICATE-----
  U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
  -----END CERTIFICATE-----
  5) Click OK
  The next screen shows the certificate information which are correct as well.
  After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
  After I click OK the Admin GUI displays the following error in the browser: "Not Found
  The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
  Security > General
  Log Level: finest
  Audit Logging Enabled: unchecked
  Default Realm: file
  Anonymous Roule: ANYONE
  In the admin server log I get the following entry:
  WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
  I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
  I also reinstalled the App Server twice so far and used the default options.
  If anyone could please help me with this that would be extremly helpful.
  Thank you.
  Regards,
  Martin

  try converting your key from der2pem using
  java utils.der2pem {keyfile  in der} {keyfile out in pem}
  thanks
  kiran
  "eraldo" <[email protected]> wrote in message
  news:[email protected]..
  hi,
  I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
  Solaris 8). Following the post 5457 (found in your newsgroup) I made
  this steps:
  - I generated CSR using web application /certificate
  - I sent CSR to Entrust.com obtaining a certicate and a chain
  certificate
  - I configured the server under "Configuration - SSL" with following
  parameters:
  - Enabled = true
  - Listen port = 8002
  - Server Key File Name = <path to private key ".der" file>
  - Server Certificate File Name = <path to Entrust CRT ".pem" file>
  - Server Certificate Chain File Name = <path to Entrust CA ".pem"
  file>
  - Key Encrypted = true
  - I changed startWebLogic.sh:
  - added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
  line
  Launchin' the script I got the following exception:
  <Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
  configuration problem with ce
  rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
  java.io.IOException: weblogic.security.Ciph
  erException: Invalid padding length 48>
  java.io.IOException: weblogic.security.CipherException: Invalid
  padding length 48
  atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
  atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
  at weblogic.Server.main(Server.java:35)
  Any idea?
  Thanks in advance,
  Eraldo

• Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

  Hi,
  'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
  I get the following error when attempting to access WebLogic via Apache:
  Internet Explorer cannot display the webpage
  These are the last lines in wlproxy log:
  Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
  Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
  Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
  I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
  Do you know if there are limitations to the certificate length that the plug-in can use?

  Yes 4096 bit Certificates are not supported by the plugin.
  You can use up to 2048 bit.
  There is a Bug which clearly mentions it.
  I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
  Hope this helps.
  Faisal Khan
  Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

• Problems installing SSL certificates for more than one alias on iMS 5.2

  I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
  Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
  Environment: Full 420R, Solaris 8, iMS5.2
  Thanks in advice

  Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
  Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
  So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

• Installing a new SSL Certificate to Exchange

  Hi,
  We have a Windows Server 2008 R2 machine running Exchange 2010 (sorry, there wasn't an option for a 2010 forum). As a company which handles payments, we need to be PCI DSS registered and the scan has picked up a failing point being we don't have
  an SSL Certificate installed. I have purchased one via GoDaddy and followed the instructions on their site to install it, however the PCI DSS scan is still failing because of the following reason:-
  "The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority."
  The certificate at the top of the chain is the 'built-in' default certificate. How do I promote the installed GoDaddy certificate to the top of the chain?
  Thanks

  Hi,
  Please refer to this similar thread.
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/e80a77f8-4f88-439e-85dd-76463c7a69d3/certification-authority?forum=winserversecurity
  And try to Save your root CA(s) public certificate in PEM format into a text file to PCI DSS scanner.
  Hope this will be helpful for you.

• Access certificates installed in browser

  Hi!,
  Does anybody know a way to access the certificates installed in client's browser from an applet?.
  I've found an applet that works with IE+JNI, so it should be possible, but I need it for Mozilla too. It could be diferent implementations, that isn't so important.
  Have anyone done it?.

  Mozilla have its own crypto API and provider. For more details look at http://www.mozilla.org/projects/security/pki/jss/
  In order to use such API in an applet you will have to sign your applet to gain required sequrity privilegies.

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• Host name on SSL certificate did not match the alias name in the URL addres

  To the XI gurus,
  One of our vendors had problem to send us xml invoices because the url address had our server alias name and the SSL certificate we asked them to install had the server name.
  To resolve this issue, can we install two certificates (one has the alias name and one has the server name) at our XI server or we can only have one SSL certificate installed at any time?
  Thanks!
  Fisher Li

  Fisher Li,
  > we can only have one SSL certificate installed at any time?
  To my knowledge we can install  only one certificate.
  Cheers
  Agasthuri

• WILL MAC OS 10.4 server SUPPORT SHA-2 SSL CERTIFICATES

  Am running Mac OS Server 10.4.11 on a PowerPC Mac Mini (1.42GHz) and currently have SHA-1 SSL certificate from GoDaddy.
  They want everyone to upgrade to a SHA-2 (SHA256) SSL certificate for Google's Chrome browser which will soon start showing SSL errors for SHA-1 certificates.
  Is Mac OS Server 10.4.11 capable of serving up a SHA-2 SSL certificate?  (I originally renewed last Feb. to a SHA-2 certificate, but many browsers didn't recognize it, so I re-keyed to a SHA-1 certificate that is good to 12/31/15.

  Hi, I do not know, but I doubt it.
  Here's the 10.4 Server forum if you want to ask over there...
  Mac OS X Server v10.4 and earlier

• SHA-2 SSL certificates supported on Server v10.5?

  Am upgrading Mac OS Server 10.4.11 on a PowerPC Mac Mini (1.42GHz) to Server 10.5  and currently have SHA-1 SSL certificate from GoDaddy.
  They want everyone to upgrade to a SHA-2 (SHA256) SSL certificate for Google's Chrome browser which will soon start showing SSL errors for SHA-1 certificates.
  Is Mac OS Server 10.5 capable of serving up a SHA-2 SSL certificate?  (I originally renewed last Feb. to a SHA-2 certificate, but many browsers didn't recognize it, so I re-keyed to a SHA-1 certificate that is good to 12/31/15.
  Mac mini, Mac OS X Server (10.4.11, upgrading to 10.5.x), Power PC 1.42GHz

  Hi, I do not know, but I doubt it.
  Here's the 10.4 Server forum if you want to ask over there...
  Mac OS X Server v10.4 and earlier

• SSL Certificate Export Password

  Hi ,
  I am trying to export certificate and Key from CSS, Unforunately i do not have password from them.
  Is their anyway to recover password or can i export keys and certificate without password.
  Thanks in Advance
  Aniruddha

  I think the only way to export the key is to use the password issues when importing the key. The SSL Certificate and Key are stored in DES encryption. There is no way to get the key without the password for the certificate and key except to break DES or guess the password.

• Expired SSL certificate errors in browser after installing a new Certificat

  I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?

  Here is the output but i noticed that there are three of the same key(sitecert)
  wadm> certutil -L -d .
  sitecert                                                     u,u,u
  sitecert                                                     u,u,u
  Thawte SGC CA - VeriSign, Inc.                               CT,,
  sitecert                                                     u,u,ui guess now the question is how to get ride of the 2 offending certs in the database.

• Install SSL certificate for Oracle HTTP server

  I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
  I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
  I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
  With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
  I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
  First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
  According to oracle steps, I have to create a CSR and then import the certificate into the wallet
  http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
  However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
  The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
  I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
  Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
  2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

  I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
  If i can get OWM working to create a successful certificate them the problem would be resolved.
  I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.

• Howto install a signed SSL Certificate

  Hi,
  I installed a new Novell File Reporter 2.0.
  When I open the Browser I get a self signed Certificate.
  Where can I install my signed SSL Certificate?
  Thank you
  Thomas

  TEggers,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/