SSL Certificate question (minor issue)

I have a Windows 2012 server setup with RDS.  I have about 10 virtual machines already setup - my whole VDI infrastructure.  Everything is working fine - accessing the vm's internally and externally, however, I have issues w/the certificate.
I am using a self-signed certificate (until I can my client to pay for a real SSL cert).
I have created an A record for my DNS at my hosting company that points to my public IP (e.g. remote.mycompany.com instead of typing in the IP address), the port forwarding on my router kicks in and sends the https traffic to my RD Gateway (my Windows 2012)
and the user will see the RDWeb page and can log in from there.  The cert is pointed to remote.mycompany.com too.  However, my server is called vdi-remote2.mycompany.com.  Naturally, when using IE to access the RDWeb page, their address bar
in IE will be red with the cert error/warning.
First they are greeted with the "There is a problem with this website's security certificate" and will click on continue to the this website.  Upon inspection of the certificate, it will say "This CA Root certificate is not trusted.  To
enable trust, install this certificate in the Trusted Root Certification Authorities store."  Ok, I can install it (and have), but I still get the red address bar in my IE.
Needless to say, I'd like to clean this all up.  The users are non-technical people and when they see this stuff, they freak out.  We know what it all means - we're technical folks, but I'd like to clean it all up and just have it nice and security.
 Green or no address bar when using https in the address bar.
How can I clean this all up though when I have external users accessing https://remote.mycompany.com/rdweb and internal users accessing https://vdi-remote2/rdweb.  I don't recall the possibility to have two certs for one website (the RDWeb).  So,
I'm a bit confused on all this cert stuff.  I could keep everything as is and just train the users, but I'd rather not.
Thank you in advance for your reply.

Hi Steve,
Thanks for your comment.
Yeah, your understanding is correct as you have commented that “Things are working, but ONLY after I install the cert in the trusted root certification authorities store.”
Trusted certificate is required for RDS server.
I would like to suggest you that first of all certificate must be placed in (local computer)/Personal Store, and the
certificate must be signed by trusted authority. Please check below link which state that “If the RD Gateway server is configured to use a Secure Sockets Layer (SSL) certificate that is not signed by a trusted
certification authority, users might be unable to connect to internal network resources (computers) through the RD Gateway server. “ 
RDS: RD Gateway must be configured to use an SSL certificate signed by a trusted certification authority
You may export your certificate (and its private key) to a .pfx file using the Certificates mmc snapin.  By that way you can use the .pfx file for the RDS Role Services.
Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
For your comment “One user was having issues.  Once I installed the cert on her computer, she has no more issues logging in and launching a remote session. “, I can say that if the issue is mostly due to certificate only then
if you will purchase trusted authority certificate then as per my knowledge you’re all problem regarding login and certificate will be solved.
More information:
1. Configuring RDS 2012 Certificates and SSO
2. RD Web Access Web site to use a trusted certificate
(Thread might helpful to understand)
Hope it helps!
Thanks,
Dharmesh

Similar Messages

  • Office Web Apps Server SSL Certificate

    Hi
    I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
    I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
    If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
    Regards.

    Hi,
    Thanks for your posting in this forum.
    I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
    Thanks for your understanding.
    Best Regards,
    Wendy
    Wendy Li
    TechNet Community Support

  • NAC SSL certificate Issue

    I recently applied a signed certificate to both the CAM and CAS. ever since then I have been having problems with the system. In the perfigo logs on the CAM I receive a lot of messages with "Certificate chaining error" in them. My question is what is the best way to roll back the signed certificates to the self signed ones? Any other suggestions would be greatly appreciated.
    Thanks in advance.

    Hi Giles,
    Thanks for te update. The problem I am facing is:-I have 2 SSL certificates on my ACE and I have also configured 2 server farms (farm1 and farm2)each associated with ssl certificate, now the problem i am facing is when we access the farm2 serverfarm we are issued the certificate of farm1 wereas i need to be getting the certificate from the farm2.
    Thanks in advance.
    Regards
    Sum

  • OPEN SSL certificate generation issue--bpel email activity

    Hi all,
    I need to send a mail from bpel using email activity.
    I made all settings changes.I downloaded OPENSSL software and I need to generate smtp ssl certificates?
    But while generation of ssl certificates I am getting some issue
    OpenSSL> openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:465>
    gmail.cert
    openssl:Error: 'openssl' is an invalid command.
    Standard commands
    asn1parse ca ciphers crl crl2pkcs7
    dgst dh dhparam dsa dsaparam
    ec ecparam enc engine errstr
    gendh gendsa genrsa nseq ocsp
    passwd pkcs12 pkcs7 pkcs8 prime
    rand req rsa rsautl s_client
    s_server s_time sess_id smime speed
    spkac verify version x509
    Message Digest commands (see the `dgst' command for more details)
    md2 md4 md5 rmd160 sha
    sha1
    Cipher commands (see the `enc' command for more details)
    aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
    aes-256-ecb base64 bf bf-cbc bf-cfb
    bf-ecb bf-ofb cast cast-cbc cast5-cbc
    cast5-cfb cast5-ecb cast5-ofb des des-cbc
    des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
    des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
    des-ofb des3 desx idea idea-cbc
    idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc
    rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
    rc4 rc4-40
    Can any one suggest me ,What I entered is correct or not?how to generate smtp certificates?
    Thanks in advance
    Krishna

    Fabian,
    Are you familiar with Firefox OS? The reason I say this is because the email client cannot create a certificate excaption. This is actually by design. This is by design: https://wiki.mozilla.org/Gaia/Email/Features#Security
    This support request at Mozilla was placed specifically for the Firefox OS product, for which only a single email client exists.
    That being said the good folks on the Mozilla Bugzilla, were able to show me how to look up another alias for these servers which does in fact work and does in fact match the SSL certificates. Though Dreamhost support could not provide me with said information, and said information does not in fact exist in the DreamHost wiki.
    I find repeated insistance from Dreamhost represenatives that I should just live with SSL certificate exceptions, when there are actual valid server names in existence to match the certificates in question, rediculous.
    The fact that you are posting this non solution for a product it isn't even applicable for is beyond unhelpful. It actually serves to muddy the waters.

  • Microsoft Is Rushing to Fix Improperly Issued SSL Certificate

    Microsoft Security Advisory 3046310
    Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
    To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue.
    For more information see:
    https://technet.microsoft.com/en-us/library/security/3046310
    ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
    If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
    Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
    Microsoft MVP - Consumer Security
    SpywareHammer

    You appear to be complaining about how Mail executes security. Turns out there is no one standard about how security is handled by Mail. 802.11x has nothing to do with that. 802.11x is simply a wireless router protocol. If you want a feature added to any Mac OS X software go to the feedback page:
    http://www.apple.com/feedback/
    or sign for a free Apple Developer account, and file a bug report here:
    http://bugreporter.apple.com/
    This is a user to user forum, and no one here can guess as to why Apple has incorporated certain features into Mail while others are not included. Please read the Terms of Use on the right more carefully. We'd have to guess Apple's programming policy to answer your questions.

  • A fix for the Mozilla Firefox SSL Certificate Validation Security Weakness vulnerability? This appears to be an issue with not revalidating certificates when loading HTTPS pages from cache.

    We have to close vulnerabilities for PCI & Cybertrust certification. We have upgraded users running Firefox to version 7.0.1 but we are still receiving the message: Mozilla Firefox SSL Certificate Validation Security Weakness. Researching the issue, it appears to be related to certificates not being revalidated when loading HTTPS pages from cache. The bug report I found is:
    Bug 660749 - Firefox doesn't (re)validate certificates when loading a HTTPS page from the cache

    cookies.squite answer is Today at 5:15 PM .
    New profile, same problem.
    We've already established it is not a add-ons problem but obviously there will be less add-ons in this new profile to help exclude.
    Since there is two PC profiles on the PC, I tried the second profile, same problem. Used the RESET FF function on the second PC profile...same thing...even followed the instruct for uninstall &re-install...same problem.
    (3) different virus scanners, no hard core problems.
    Suspect how I have something in Windows setup that no one else is using?

  • Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

    Hello,
    I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
    Azure Management portal shows the status of Hybrid Connection as established.
    However, the website throws an error when trying to open a connection
    <
    addname="DefaultConnection"
    connectionString="Data
    Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
    providerName="System.Data.SqlClient"
    />
    (The same website, with the same connection string deployed on SQL Server machine works correctly).
    I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
    [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
    [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
    I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
    The certificate chain was issued by an authority that is not trusted             
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
    Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
    Stack Trace:
    [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
    [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
    System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
    System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
    System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
    System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
    System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
    System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
    System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
    System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
    System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
    System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
    System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
    System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
    System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
    System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
    System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
    System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
    System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
    System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
    System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
    System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
    System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
    System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
    System.Data.SqlClient.SqlConnection.Open() +96
    System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
    [EntityException: The underlying provider failed on Open.]
    System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
    System.Data.EntityClient.EntityConnection.Open() +104
    System.Data.Objects.ObjectContext.EnsureConnection() +75
    System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
    System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
    System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
    System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
    CloudShop.Services.ProductsRepository.GetProducts() +216
    CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
    CloudShop.Controllers.HomeController.Index() +1130
    lambda_method(Closure , ControllerBase , Object[] ) +62
    System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
    System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
    System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
    System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
    System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
    System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
    System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
    System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
    System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
    System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
    System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
    System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
    System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
    Regards,
    Michal
    Michal Morciniec

    Same issue here, looking for more information !

  • Certificate question in Web Dispatcher End-To-End SSL scenario

    Hy experts,
    in end-to-end SSL scenario the web dispatcher (WD) is not used to encrypt/decrypt data, it is only used to forward requests.
    So I think we do need a certificate for the portal server, but none for the web dispatcher itself, right?
    Another point is which data should be given for CN, DN, OU etc in this scenario (Portal or WD ??)
    kind regards
    Tom

    Tom,
    For end to end SSL you do not need a certificate for the Web dispatcher but your J2EE engine should be configured to be accessible over SSL.
    If you get the SSL certificate issued for the J2EE based on the name of the J2EE host it will result in a warning message as portal will be accessed using host name of Web dispatcher, so get the certificate issued under the name of the web dispatcher hostname. So, adjust your CN, DN, OU accordingly.
    Cheers!!

  • CF7 and JDK 1.4.2 - EV SSL Certificate Issue

    Let me start off by telling the group that we do not use CF for any of our applications.  We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use.  We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API.  About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy.  I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck.  Here are the details:
    EV Certificate issued by DigiCert (4096-bit).
    Customer is on CF7 and JDK 1.4.2.
    When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application.  He is using cfhttp to post his requests.  We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates.  Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
    Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
    Thanks in advance to those gurus that reply.  I have attached a sample post from our customers logs with non-essential data removed.
    I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
    - Dave

    Dave,
    I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
    I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
    so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
    to either CF 8 or CF 9 to get the issue quickly resolved.
    I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
    if I do find a solution, I'll definitely post it there for you.
    Cheers

  • SSL certificates and Web Services Usage inside Oracle Database Questions!

    We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
    Service1 is already working, and we can call the service from PL/SQL without troubles.
    However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
    Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
         - SSL Certificates:
    1- Can installed certificates in the Database put in risk the stability of the database?
              2- Can installed certificates in the Database generate performance issues?
              3- Can installed certificates reloading the Databases?
              2- Can installed certificates in the Database generate security issues?
         - Web services:
    1- Can web services calling from the Database put in risk the stability of the database?
    2- Can web services calling from the Database generate performance issues?
    3- Can web services calling from the Database generate security issues in the DMZ?
    Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
    Those are the links describing the procedure mentioned above.
    1 -http://www.kotti.es/2009/11/oracle-wallet/
    DB: Oracle 9i.
    Average number of lines in file: 300
    Periodicity: Twice at day.

    Thiago:
    You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
    I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
    http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
    Regards,
    Jason

  • Firefox does not recognize SSL Certificate issuer Entrust Certification Authority – L1K, but Entrust Certification Authority – L1C is ok?

    We have a new Entrust SSL Certificate with issuer Entrust Certification Authority – L1K which Firefox does not recognize. Internet Explorer and Chrome are ok.
    On a different system we have an Entrust SSL Certificate with issuer Entrust Certification Authority – L1C which is ok with Firefox.

    Did you verify that all intermediate certificates are installed on the server?
    You can inspect the certificate chain via a site like this:
    *http://www.networking4all.com/en/support/tools/site+check/
    *https://www.ssllabs.com/ssltest/

  • When accessing Intranet sites that use SSL Certificates issued by our internal PKI, FF for Windows give an error of "improperly formatted DER-encoded message"

    When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
    Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.

    Hi Guigs2,
    From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
    registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
    The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?

  • Snow Leopard Server - SSL Certificate Issue

    Hi. I am hoping someone can shine some light into an issue I am currently experiencing with SSL Certificates on the Snow Leopard Server which hosts out websites. This past weekend an SSL certificate pertaining to our primary domain expired which caused users to receive error messages prior to accessing the website ... the error message stated "the site's security certificate has expired!"
    I have since renewed the certificate via networksolutions.com and applied it on the Mac server. The certificate was applied successfully and i have added the certificate the sites along with restarting the apache to take in the settings. However, the certificate is not propagating out at all. I have also restarted the mac server as well in case there was something in the cache causing issues but unfortunately, the issue still exists.
    I have also removed the certificate entirely and reapplied it from scartch to make sure the original certificate wasn't causing any issues.
    Has anyone else incurred a similar issue or would anyone have any insight on how to possibly resolve the issue?
    Thank you!

    Just a quick update. the DNS seems fine but I am getting errors in the logs as follows.
    May 12 09:37:34 server jabberd/sm[2084]: version: jabberd sm 2.1.24.1-326.5
    May 12 09:37:34 server org.jabber.jabberd[2082]: ERROR: router died. Shutting down server.
    May 12 09:37:34 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
    May 12 09:37:34 server jabberd/sm[2084]: attempting connection to router at 127.0.0.1, port=5347
    May 12 09:37:34 server jabberd/sm[2084]: shutting down
    May 12 09:38:45 server jabberd/sm[2167]: version: jabberd sm 2.1.24.1-326.5
    May 12 09:38:45 server jabberd/sm[2167]: attempting connection to router at 127.0.0.1, port=5347
    May 12 09:38:45 server jabberd/sm[2167]: shutting down
    May 12 09:38:45 server org.jabber.jabberd[2165]: ERROR: router died. Shutting down server.
    May 12 09:38:45 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
    I checked the the crash report which has the follow kernal issue.
    Exception Type: EXCBADACCESS (SIGBUS)
    Exception Codes: KERNPROTECTIONFAILURE at 0x000000010011adb0
    Crashed Thread: 0 Dispatch queue: com.apple.main-thread
    Any ideas?

  • SSL/Certificate creation/distribution questions

    I'm extremely new to SSL and using certificates and have been having some trouble figuring out exactly how to create and implement them.
    Environment background:
    Currently, my entire network is closed off from the outside world. It's a mac-only network, basically sandboxed from a PC-only network via a router (to provide access to the internet, that's provided from the PC network). No port forwarding is set up and I don't have any external IP addresses pointing to my router, so currently there's no way for an outside source to see my network. With not really any need for secure traffic, SSL and certificates aren't really needed (basically, it's a video dept at a university with ~150 users). However, once I get external access (the main IT dept's been "working" on this with our ISP for, um, about a year <coughcough>), I'm wanting to do some stuff with VPN as well as wikis and chat (chat could theoretically be useful internally now). Even though we don't really have much worth hacking, once I get a window to the outside world, I'd like to button up my server/network as much as possible.
    Since all my services will be set up and provided by me, I'm comfortable using certificates I create instead of purchasing any--if I knew how to do this, which brings me to my questions. I've tried creating a certificate within Server Admin, but it says it's not trusted (and clients don't seem to see it, anyway). I've also tried the instructions here: www.eclectica.ca/howto/ssl-cert-howto.php, but got an error when actually running the openssl command (OpenSSL is installed and appears to be functional). How do I get a trusted certificate(s) and then, how do I distribute them to the clients so they see and use them? Exactly what path are these created to, or should be placed, etc?
    I'd initially like to use SSL for increasing the security of my logins (all network users), but like mentioned, I'd also like to secure other services (is a cert needed/useable for VPN?). In that regard, do I only need one certificate, or would I need certificates for each separate service?
    Sorry for the long post, but thanks for any help.

    Hi There,
    If you create a "self signed" certificate you will get warning messages in your browser but can configure your browser to accept these warnings. This is ok if it is just a local access machine and you are the only one accessing it.
    If outside people are going to be accessing it, you will want to use a 3rd party SSL certificate from a trusted authority such as Verisign, GeoTrust etc.
    Here is a good article on how to create the CSR on 10.6
    http://support.apple.com/kb/HT3976
    Hope this Helps,
    Eric Holtzman
    Hosting 4 Less

  • Only firefox is reporting my SSL certificate as revoked. How can I fix this issue?

    I have recently re-keyed and re-installed an SSL certificate on my server (https://beta.alicorsolutions.com:2087) running WHM on linux.
    The SSL certificate is passing all the 3rd party SSL tests (https://www.ssllabs.com/ssltest/analyze.html?d=beta.alicorsolutions.com) and works perfectly fine in Chrome and IE. However, in Firefox I get an error page that says: "Peer's Certificate has been revoked. Error code: sec_error_revoked_certificate".
    After doing some searching, I can see that the problem is specific to firefox and the only way everyone else seems to be fixing the problem is by turning off OCSP under Preferences > Advanced > Validation.
    This of course is not an acceptable long-term solution. I need to fix this issue as quickly as possible, ay help at all would be appreciated. Please let me know if there's any other information I can provide that would assist you in solving this issue.

    hello jcsarda, it's only working in chrome because its security settings are more relaxed per default (when you set chrome to check for certificate revokation in settings > advanced > HTTPS/SSL it shows the same error for me). i don't know about IE...

Maybe you are looking for

  • Af:query client side validation

    Hello, I have an application with 2 ViewObjects (based on SQL), each with its own ViewCriteria. I have 2 pages, each containing 1 of the ViewCriteria as af:query with results table. Each ViewCriteria has a number of fields, all f which are selectivel

  • Regarding Subcontracting Challan:

    Dear SAP  Gurus., One  Purchase order (Subcontract ) created with two Parent items (Say suppose A, B) (  Parent Item  A----> Child Componet (despatched to subcontractor)   X    Parent Item  B----> Child Componet (despatched to subcontractor)   Y) Des

  • Getting error mi_RcFunctionSet identifier(mt_ReturnCode) not found

    I am in a process of executing the LODCUST.ksh for loading the Oracle tables. While doing this i am getting following error: 153822 Identifi (:mi_RcFunctionSet) ERROR: mi_RcFunctionSet identifier(mt_ReturnCode) not found EJR: Internal Error (mt_Funct

  • Why is Mail not respecting my choice for hiding addresses?

    Twice now I have sent out group emails to from Mail, and specifically checked to make sure that "When sending to a group, show member addresses" is NOT checked. Yet somehow I get replies with every mail address visible. Why is that? It is really a pr

  • How I can open Audition cc?, it says "updated"

    How I can open Audition cc?, it says "updated"