SSL certificate selection weirdness in iCal server config

Similar Messages

• Why is the SSL Certificate "Edit" button disabled in Server Settings?

  I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
  I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
  My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
  Anyway, I'm stumped. Any suggestions are welcome.

  venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)

• What SSL certificates needed for the FTP server

  Hi,
  I want to create certificate fot the FTP server is there any specific format for the FTP server. what i have to create for Secure communication.
  plz tell me in detail.
  Thanks
  Ravi

  Does anyone have any comments on this post? We would especially appreciate some input from Microsoft reps to help us ensure we're setting up the correct firewall rules.
  Thanks,
  -Taylorbox

• Office Web Apps Server SSL Certificate

  Hi
  I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
  I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
  If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
  Regards.

  Hi,
  Thanks for your posting in this forum.
  I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
  Thanks for your understanding.
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Snow Leopard Server - SSL Certificate Issue

  Hi. I am hoping someone can shine some light into an issue I am currently experiencing with SSL Certificates on the Snow Leopard Server which hosts out websites. This past weekend an SSL certificate pertaining to our primary domain expired which caused users to receive error messages prior to accessing the website ... the error message stated "the site's security certificate has expired!"
  I have since renewed the certificate via networksolutions.com and applied it on the Mac server. The certificate was applied successfully and i have added the certificate the sites along with restarting the apache to take in the settings. However, the certificate is not propagating out at all. I have also restarted the mac server as well in case there was something in the cache causing issues but unfortunately, the issue still exists.
  I have also removed the certificate entirely and reapplied it from scartch to make sure the original certificate wasn't causing any issues.
  Has anyone else incurred a similar issue or would anyone have any insight on how to possibly resolve the issue?
  Thank you!

  Just a quick update. the DNS seems fine but I am getting errors in the logs as follows.
  May 12 09:37:34 server jabberd/sm[2084]: version: jabberd sm 2.1.24.1-326.5
  May 12 09:37:34 server org.jabber.jabberd[2082]: ERROR: router died. Shutting down server.
  May 12 09:37:34 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
  May 12 09:37:34 server jabberd/sm[2084]: attempting connection to router at 127.0.0.1, port=5347
  May 12 09:37:34 server jabberd/sm[2084]: shutting down
  May 12 09:38:45 server jabberd/sm[2167]: version: jabberd sm 2.1.24.1-326.5
  May 12 09:38:45 server jabberd/sm[2167]: attempting connection to router at 127.0.0.1, port=5347
  May 12 09:38:45 server jabberd/sm[2167]: shutting down
  May 12 09:38:45 server org.jabber.jabberd[2165]: ERROR: router died. Shutting down server.
  May 12 09:38:45 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
  I checked the the crash report which has the follow kernal issue.
  Exception Type: EXCBADACCESS (SIGBUS)
  Exception Codes: KERNPROTECTIONFAILURE at 0x000000010011adb0
  Crashed Thread: 0 Dispatch queue: com.apple.main-thread
  Any ideas?

• Outlook Web Access fails after migrating SSL certificate to dedicated SSL gateway

  Hi we have just migrated our SSL certificate form our Outlook exchange server, outlook web access works perfectly but two of our users who have Blackberry devices set up to get their email via owa now fail. 
  Everything worked fine before the migration.
  The new SSL gateway is an Apache box running mod_proxy, mod_SSL and mod_sec.  Protecting the box running owa and IIS6.
  I can provide the http.conf etc, but I can see the traffic passed by Apache but I am getting a 401 message on the way back through to the device.
  Is there a specific IIS/Exchange or Apache config I need to enable to allow BB access?
  Thanks in advance
  Mike

  Hello there!
  You may have run up against some of the complexities between BIS and OWA. There are a couple of circumstances where BIS can't integrate to OWA. Plus, if the mailbox name changed, that may be the problem as well. While I'm neither a BIS nor OWA admin, I can point you to information resources that hopefully can help you.
  Try this article.
  And this one.
  And this one.
  And this one.
  You also can search the public KBs for more relevant articles:
  http://www.blackberry.com/btsc/microsites/microsite.do
  Good luck and let us know!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• GoDaddy SSL Certificates in WLS v 10.3.1.0

  I have no experience with SSL, and I am struggling to install an SSL certificate from GoDaddy.
  WebLogic Server was provided with third party software we purchased, and that vendor
  "cannot answer questions about third party software". GoDaddy could not provide instructions
  for WLS, and said we should select "Other".
  I was able to create a custom keystore, self-signed certificate, and CSR. That was sent to GoDaddy,
  and I received a certificate and a bundle (gd_bundle.crt) from them. I have been floundering since
  then. I also tried getting a Class 2 and intermediate certificate here:
  [https://certs.godaddy.com/anonymous/repository.seam]
  All I have been able to get working has been the self-signed certificate, which is okay for now, as
  the application is for use within our company.
  Any advice on getting the correct certificates into the correct identity store and trust store will be
  appreciated. I am willing to start from square one, if someone can provide step by step instructions
  that are likely to work.
  Thanks in advance!
  Rich

  Drop me a mail, I can help you offline
  [email protected]
  -Faisal
  http://weblogic-wonders.com

• Error after SSL Certificat update

  I updated the SSL certificate on a Win2003 SP2 server with IIS6.0
  The initial certificat was a single URL certificate and is replaced by a wildcard one.
  After installing the certificate (and it's CA chain) using the mmc I changed the certificate in IIS and configured the SSLBinding using "cscript.exe
  adsutil.vbs".
  The result is an SSL ERROR.
  The CA chain and the certificate are two CRT files.
  Here is the result of the "certutil.exe -store my"
  command :
  C:\Documents and Settings\Administrateur.W2K79>certutil -store my
  ================ Certificat 0 ================
  Numéro de série : 4899717f3b1ba89dedb7c472d575cb01
  Émetteur: CN=Thawte SSL CA, O=Thawte, Inc., C=US
  Objet: CN=*.bourgenbresse.fr, OU=Collectivite, O=COMMUNE DE BOURG EN BRESSE, L=B
  OURG EN BRESSE, S=Ain, C=FR
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): eb 03 df 43 a8 03 e5 5f b1 52 fc e7 5b a9 0b 0c 19 2a 15 8a
  Aucune information sur le fournisseur de clé
  Pas de propriétés pour le jeu de clé dans le magasin
  ================ Certificat 1 ================
  Numéro de série : 023fcc
  Émetteur: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
  Objet: CN=www.portailenfance.bourgenbresse.fr, OU=Domain Control Validated - Qui
  ckSSL(R) Premium, OU=See www.geotrust.com/resources/cps (c)11, OU=GT68088061, O=
  www.portailenfance.bourgenbresse.fr, C=FR, SERIALNUMBER=R2RJ3sRPOrW0Q3XZYvvpcP05
  TqodNAru
  Il ne s'agit pas d'un certificat racine
  Hach. cert. (sha1): 12 49 a6 95 9a 67 05 86 d9 a3 64 cb a7 a7 78 ee 6c eb 94 52
    Conteneur de clé = cecd6bee4621365b6e763b9bfcd773cf_b3f7eefb-5c14-4333-a5bb-29
  d40b271698
    Fournisseur = Microsoft RSA SChannel Cryptographic Provider
  Succès du test de cryptage
  CertUtil: -store La commande s'est terminée correctement.
  Please help !

  It seems that the key for the wild card certificate has not been found. The output shows a valid key for the other cert. ("1") but no key information for the wild card cert ("0"). I assume, that when you double-click the certificate in
  the computer's Personal store you don't see the message You have a Private Key...
  (on the bottom of the General tab), right?
  Windows 2003 sometimes needed some extra effort to "connect" key and certificate, in addition to just importing it (I am assuming that you imported it to the machine where you had created the key).
  Check if the command line tool certutil is available. If not, install the W2K3 admin pack (download e.g.
  here).
  Double-click the new server certificate, go to Details...
  Scroll down the list of attributes and locate the Serial Number. Copy the serial number value.
  At the command shell run as a local admin:
  certutil -repairstore my "<Serial Number>"
  If this has been successful you should now see the message You have a Private Key... when double-clicking the certificate.
  Elke

• Can't allocate any users to use iCal Server

  Have successfully set up 10.6.1 server. DNS and Open Directory both OK. iCal service is running on default port 8008 and is using the default server dns name.
  The problem we're having is that in Workgroup Manager we cannot allocate a user to use iCal. Under the Advanced settings tab for a user where you enable calendaring for the user the pull down menu only shows "No calendar host selected", the configured iCal server is not displayed.
  This has occurred on three separate fresh installs on three separate boxes.
  Any ideas appreciated!

  That doesn't really make any sense. I can connect iCal 10.5.x clients to the iCal 10.6 test server just fine and they pulled down test data. I plugged in account details and connected to the users iCal server calendar account.
  Perhaps you misunderstood them? The guy I spoke with told me that you manage almost all calendar data on the wiki/mypage tool now and not in workgroup manager. Users can access their calendar on mypage, groups manage their calendars via the wiki. It may not be ideal (I would have preferred using workgroup manager for this stuff) but it seems to work. You can also manage delegation to your calendar via the iCal client. If something specific for you isn't working, it'd probably be better to open a thread on these forums and post details if a specific feature isn't working so people can help you.
  The only feature I really find lacking with this web method of management is that you can't really have a user without that user having a calendar (and having access to that calendar). The SACL only prevents them from connecting via iCal client but they can still connect via the mypage tool.
  Also, 10.6 is a new server version and 10.5 had many of these same issues (perhaps more). Either you have this on a test server and you wait it out and just report fixes to Apple or you jumped the gun and installed it on a production server at which point you accepted the risk of a new server OS. Doing so on client systems is one thing (they're easily rolled back), servers is a completely different matter and should be handled with care. Obviously 10.5.x server matured enough for you to want to use it so 10.6 likely will as well so just bide your time on a test server and try to improve the release by reporting bugs or roll back to 10.5 and continue to use it until you're ready to jump to 10.6.
  In short, as of now, the "enable calendaring on this host" has nothing to do with whether a user can access iCal services on a 10.6.1 host. If you create a user in workgroup manager, the current behavior is that they now have at a bare minimum, a web calendar. If you enable the SACL for iCal, I believe you can limit access via the iCal client but they'd still have web access. If this behavior is poor (I believe it is and would prefer more fine grained control) then make sure and report it.

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• After updating SSL Certificate, iCal is saying the certificate has expired.

  Having a problam with iCal after updating our SSL certificate. The certificate expired recently so we renewed it with godaddy and followed the steps on their site to update it on our server. Everything seemed to have gone fine, under server admin in the certificates section it shows the certificate is valid through 2015 and I have Mail and iCal both set to use that certificate (it is the only one you can select.). E-mail works fine but when you connect with iCal it says there is a problem with the certificate. When I click details it shows the certificate has expired and shows the esperation date of the old certificate. I have tried to delete and import the new certificate again but still have the same issue. It seems that some how iCal is still holding the old certificate. Does anyone know what is going on? Did I make a mistake somewhere?

  Hi,
  According to your post, I understand that client face an problem “The linked image cannot be displayed.  The file may have been moved, renamed, or deleted.  Verify that the link points to the correct file and location” after change SSL certificate.
  If I misunderstand your concern, please do not hesitate to let me know.
  Do you see the "page cannot be displayed" error only from your DC server or also from a Windows 7 client machine? What browser do you use and what version?
  Please run “certutil –store” command from a command to verify that the certificate is correctly installed in the certificate store. Also run “certutil -store my” to check the certificate from CA.
  If the certificate is already installed, please refer to below link to check the value of Cache in registry:
  https://support.microsoft.com/en-us/kb/2753594
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

  Hi,
  I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
  I am trying to get work with url: https://reports.mydomain.com
  I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
  https://reports.mydomain.com/ReportServer - works fine
  https://reports.3pro.hr/Reports/ - I got error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  In rsreportserver.config I have:
  <Add Key="SecureConnectionLevel" Value="2"/>
  When looking my ReportServerService_date.log file I have something like:
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  Also, error shown in log file:
  appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
  ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
  Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
  -- Hrvoje Kusulja

  I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
  before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
  but I didn't roll them back either so they may have been necessary.)
  Step 1:
  Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
  file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
  SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
  Step 2: 
  In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
  <Add Key="SecureConnectionLevel" Value="3"/>
  Step 3:
  In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
  is valid for your certificate.  For example, if my cert matches *.mydomain.local:
  <UrlRoot>
  https://myserver.mydomain.local/ReportServer
  </UrlRoot>
  Step 4:
  Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
  the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
  broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
  Step 5:
  This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
  The corrected value should be the same as in step 3, for example:
  <ReportServerUrl>
  https://myserver.mydomain.local/ReportServer
  </ReportServerUrl>
  Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
  Good luck!

• How to use SSL certificates in OSX Server

  I have setup OSX server with a host name that is pointed properly to my OSX server. My question is about using certificates that were purchased through my domain registrar.
  I bought a cert and after the validation process, I was given a link to download 4 certificate files.
  AddTrustExternalCARoot.crt
  DV_NetworkSolutionsDVServerCA2.crt
  DV_USERTrustRSACertificationAuthority.crt
  [domain name].crt
  So after downloading these and opening them one by one, I installed them in the keychain as a system cert.
  The part I cant figure out is how to use the domain cert instead of the one that the server creates upon completion of setup (the self signed one).
  On the certificate selection in the sidebar, I can choose Import a certificate identity, but when I drag my domain cert into the box, it shows up as a non-identity cert and the Import button is still grayed out. I dragged all four certs there and all of them show as non-identity certs.
  If I go down the path of the Get a Trusted Certificate, it takes me through the CSR request which I dont think I need since i have my certificates already.
  Am I missing a step? Or do I need to export from the keychain, then import into the server application? Seems like the new certificates should show up in the server application. Any help would be greatly appreciated.

  I got the answer and wanted to post for anyone that happened to have this question.
  During the SSL cert setup, it asks where your domain is hosted and since it was hosted by Network Solutions, I chose that option which doesnt do the CSR request. I had to choose Other/VPS.
  Once I did that, I was able to generate a CSR in the server application and get my certificate issued again by pasting the request code on my registrars website. Once I received those certs, I dragged my domain cert into the Pending one listed in the certificate list.
  Also I chose Apache/ModSSL as the type of server. Hope that helps and new people like myself in setting up the server application.

• SSL certificate unconfigured, but web server still defaults to https

  Hi all,
  I set up my web page as indicated in the Lion Server: Advanced Administration manual (Server/Web/Data/Sites/Default). I originally had a self-certified ssl certificate set up for all services, and the web server defaulted to port 443 with the following page:
  Index of /
  Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 PHP/5.3.6 with Suhosin-Patch Server at *****.com Port 443
  I removed the ssl certificate, but it keeps going to the same page. I have  default.html and index.html files in the directory, and I figure at least one of those should. Any suggestions?

  Camelot,
  Thanks for the reply. I'm not offended by your suggestion that it's something simple that I've overlooked, rather I'm hoping that it is.
  I have selected the certificate on the appropriate site on the web panel. When you visit the site link In my original message, you'll see that the correct certificate is being served, but it appears as expired to the browser, even though it shows as valid in Server Admin.
  I also found it in the Keychain utility, and it also shows as a valid certifcate there. I did find an entry in the Keychain utility for an earlier attempt at installing an expired certificate, so I deleted that entry.

• How to get the ssl-certificate trusted on lion-server

  I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
  So I want to use the server to exchange data, use a common calendar, address-book etc.
  To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
  So I selected the server in server.app (Hardware) and selected SSL certificate edit
  created a certificate signing request that I exported and saved on my computer
  I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
  and also imported the certificate in to the keychain
  All following the steps described in:
  Managing iOS deviceswith OS X Lion Server by Arek Dryer
  the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
  So I somehow did something wrong.
  Any suggestions what I should do?

  ok let me add some info in the hope I will get some guidance:
  using the site http://www.sslshopper.com/ssl-checker.html
  I was able to check on the status of the certificate:
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
  since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
  I guess I would be helped if there is a step by step manual how to install a root certificate