SSl certificate with form listerner servlet
We have ssl implemented at Apache and Forms. the forms are running in https mode and we were using j2se 1.4. Now I have upgraded the j2se to 1.5
now the certificates are going to expire and in have to renew them. For Apache it is clear that i have to renew it.However for forms i am not sure--
In meetalink Doc ID: 123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications, it is mentioned that
"In Forms Listener Servlet --All communication between the client PC and the forms server is routed via the apache port and forms servlet eliminating the need for the additional certificate required by the Forms Listener Server architecture. HTTPS Users wishing to use J2SE 1.4.2.x must use the Forms Listener Servlet. The following steps are necessary only if you are using the Forms Listener Server"
So i want to know that do i still need to renew the certificate for forms? Or will i be able to access forms without any forms certificate after it expires?
Thanks
I did not implement SSL with Forms Listener Servlet on 11i, but in R12 (which use Forms Listener Servlet) a separate certificate is no longer needed for Forms since Forms will share the same wallet as the Oracle HTTP Server. So, you should be able to access your forms without renewing the certificate for forms.
Note: 376700.1 - Enabling SSL in Release 12
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=376700.1
Similar Messages
-
New SSL certificate with 2048 bit shows error: (Fehlercode: sec_error_unknown_issuer)
installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
== URL of affected sites ==
https://www.dongil.at/I have also tried all the solutions mentioned - but no luck.
I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
- Lasse -
Wildcard SSL Certificates with MFE?
Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
Before doing anything I figured I'd try a website that used a wildcard certificate.
When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
Thanks.This is interesting question. I look forward testing this myself
What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you! -
I purchased SSL certificate from GoDaddy for this website: www.mtnpine.com. This is a motel website with a reservation page. I want this page to have "secure" credit card entries for customers. GoDaddy now informs me that they only sold me the certificate but cannot help me set it up or script it into my website. Disappointing. Can anyone help me?
MariaNobody responded on this forum, so I called GoDaddy and got my answer.
-
Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in
Hi,
'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
I get the following error when attempting to access WebLogic via Apache:
Internet Explorer cannot display the webpage
These are the last lines in wlproxy log:
Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
Do you know if there are limitations to the certificate length that the plug-in can use?Yes 4096 bit Certificates are not supported by the plugin.
You can use up to 2048 bit.
There is a Bug which clearly mentions it.
I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
Hope this helps.
Faisal Khan
Edited by: Faisal Khan on Feb 27, 2010 2:08 PM -
Problem with form or servlet???
hello..
i am trying to send some form data to a servlet for processing..
here is the code for the form
<table border="0">
<form action="details.upd" method="post" name="upd">
<tr><td>Username</td><td><input name="uname" type="text" size="25" maxlength="30"
value=<%=session.getAttribute("user") %> /></td>
</tr>
<tr>
<td>password</td><td><input name="pass" type="password" size="25" maxlength="30" />
</td></tr>
<tr><td>confirm password</td><td><input name="pass2" size="25" maxlength="30" type="password"/></td></tr>
<tr><td>Email</td><td><input name="mail" type="text" size="25" maxlength="30"
value=<%=session.getAttribute("EMAIL") %> /></td></tr>
<tr><td align="center"><input name="submit" type="button" value="Update" /></td></tr>
<tr><td align="center"><input name="ch" type="hidden" value="det"/></td></tr>
</form>
</table>
here is the web.xml entry for my compiled servlet
<servlet>
<servlet-name>update</servlet-name>
<description>
Servlet used for updates sent from landlord sessions
</description>
<servlet-class>UpdateServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>update</servlet-name>
<url-pattern>*.upd</url-pattern>
</servlet-mapping>
the problem is that when i click the submit button to send the data, nothing happens....absolutely nothing. the page just stays as it is...please can u spot any fatal error in the code?
I have looked and looked without success..please helpyeah..i solved that.. but now i am getting another
problem...
why does this code...
Stringuser=(String)session.getAttribute("user");
gives me a class cast exception????
please helpBecause the object named "user" in your session isn't
a String.ok...thks -
Can't install ssl certificate with orapki
Hi!
I've been having issues with the oracle wallet manager so was advised by oracle support to use orapki instead.
As the oracle user I did generated the certificate request in the following mannger:
orapki wallet create -wallet $ORACLE_HOME/wallet -pwd <<mypassword>>
orapki wallet add -dn <<mydn>> -keysize 1024 -wallet $ORACLE_HOME/wallet
orapki wallet export -wallet $ORACLE_HOME/wallet -dn <<mydn>> -request $ORACLE_HOME/wallet/newcrt.req
and then sent newcrt.req to the issuing authority.
They gave me four files in return:
mycertificate.crt
IPSServidores.cer
IPSCACLASEA1.cer
IPS-IPSCABUNDLE.cer (a bundle of the above 2 together)
I renamed the .cer files to be .crt files.
I then attempted the following (to add a trusted certificate):
orapki wallet add -wallet $ORACLE_HOME/wallet/ -trusted_cert -cert $ORACLE_HOME/wallet/IPSServidores.crt
I was asked for my password, which I typed in and then was confronted with the message:
Unable to load wallet at /opt/oracle/product/10.1.3.1/OracleAS_1/wallet/
Googling around led me to think that I had the password wrong, but this is almost impossible as I typed the commands into a txt file that I saved and just copied them into the command prompt so the line that I created the password on is still available for view.
What else could possibly be wrong? Thanks!!!hi Marius
I guess ur following the below steps properly
The installation consists of three main parts:
a) Importing the Primary Root CA
b) Import the Intermediate Certificate and Cross Certificate
c) Installing your SSL123 certificate
a) Importing the Primary Root CA
1. Launch Oracle Wallet Manager.
2. Click Operations and select Import Trust Certificates from the menu
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
b) Importing the Intermediate and Cross certificates
1. Launch the Oracle Wallet Manager.
2. Click Operations > Import Trust Certificates from the menu.
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
6. Repeat the same steps for the Cross certificate
c) Importing your SSL123 certificate
1. Click Operations > Import User Certificate from the menu bar.
2. The Import Certificate dialog appears.
3. Select the Paste the Certificate radio button, and click OK.
4. The Import Certificate dialog appears.
5. Paste the entire contents of your SSL123 Certificate file and click OK.
6. A message should show that the certificate was imported successfully.
7. When you return to the main window, wallet status should show "Ready."
Regards
Fabian -
SSL Certificates with SAN going away next year
if my SCCM internet based client management requires SSL with SAN, what do we do after October 2015 when entities will no longer issue Certs with the IP or Intranet Alternative names? see godaddy article:
http://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls?locale=en
thanks,
azin
azwrightthe issuer has issued the cert for now, but says will no longer support it when it expires.
Additionally, I thought the whole point of purchasing a 3rd party cert was that the clients would already trust it and not need to run the certutil to import the cert. Right now, i'm getting a GetDP error saying IP address not found, but I can actually
go to my server on the Internet. It then gives me a Cert error saying not trusted. I will try the certuil.exe and see if that resolves the issue, but the expiration and it not being supported after that is something I will need to dig further.
thanks,aw
azwright -
Certadmin is adding new SSL certificate with wrong name
I'm using certadmin to add a new certificate from Thawte. Did it successfully the past few years, but can't do it this year for some reason. It looks like everything is working, but when I go to look at the store after adding the cert it comes up with the same name as last year's certificate. For example,
portal.rhsmith.umd.edu u,u,u
portal_2003 u,u,u
portal_2003 u,u,u
server-cert u,u,u
...where portal_2003 is the name of last year's cert. Before running certadmin there was just one of 'em. The .nickname does change to the new name I entered in, but it doesn't get stored with that name and the gateway gets confused. Changing .nickname to portal_2003 lets the gateway start, but it's finding the old (about to expire) cert, not the new one I just bought. Any ideas, anyone?
Thanks for your help,
--ErnieSolved my own problem... went in with ipscertutil directly and removed some old certificates. This seemed to uncorrupt the store and I was then able to add the certificate.
-
Syslog Collector failure with third party SSL certificate
Hello,
We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.
I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)
Thanks....!!!
= Uwe =The subscriber list is empty because we could not add the subscription after the swapping the certs. Sorry, was asked to obscure the host names - it shows host name only not FQDN.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,198, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,201, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:36,694, Service started...
SyslogCollector - [Thread: Thread-9] WARN , 14 Feb 2010 10:42:04,383, Unable to add monitor for
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 14 Feb 2010 11:07:42,369, Could not send syslogs, removing the subscriber...Connection refused
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,499, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,501, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,850, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:06,047, Service started...
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,732, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,735, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:34,148, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:37,352, Service started...
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,112, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,115, System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,565, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:38,168, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,806, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,816, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:44,220, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:47,493, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,424, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,427, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,781, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:04,007, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,851, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,854, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:34,303, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:37,834, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,156, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,166, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,516, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:54,734, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,673, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,676, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:34,130, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:37,759, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,526, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,533, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,886, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:46,111, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,144, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,147, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,604, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:38,116, Service started...
Our secondary host shows a subscriber, however no syslog packets are seen. Also, this subscriber can not be unsubscribed (deleted).
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,098, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,101, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:09:22,723, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:22,770, Service started...
SyslogCollector - [Thread: Thread-11] WARN , 18 Feb 2010 16:14:07,828, Unable to add monitor for
SyslogCollector - [Thread: Thread-13] WARN , 18 Feb 2010 16:14:08,008, Unable to add monitor for
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,557, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,560, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,205, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,263, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:33,277, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,728, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,733, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,786, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,857, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:37,869, Service started... -
Problem installing SSL certificate for CPS
I work at a medium-sized University, and we have used
Contribute 3 with CPS1.11 for well over a year. Recently, however,
the Contribute clients began having difficulty logging in to CPS.
At first this was intermittent, but is now constant. Adobe support
suggested replacing the CPS self-signed SSL certificate with a
genuine one, because apparently the self-signed certificate is
causing communication delays and timeouts.
I have the certificate, and am trying to use keytool (see
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
to install it, but it is asking me for a keystore password, which I
don't know. Apparently the standard defaults are "changeit" or
"passphrase", but neither of these work.
As a test, I created a fresh install of CPS and attempted to
list the keys in the keystore, but again was asked for a keystore
password and the defaults did not work. Adobe support suggested I
ask here. Anybody have any experience installing a certificate for
CPS?Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new:
SSL Certificate Verifier
Check out new:
PowerShell FCIV tool. -
Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)
Hi folks,
I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
Anybody been there done that?
Thanks very much,
-Adam vonNiedaI'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1] To BottomTo Bottom
SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
Thanks,
Hussein -
We have a new Entrust SSL Certificate with issuer Entrust Certification Authority – L1K which Firefox does not recognize. Internet Explorer and Chrome are ok.
On a different system we have an Entrust SSL Certificate with issuer Entrust Certification Authority – L1C which is ok with Firefox.Did you verify that all intermediate certificates are installed on the server?
You can inspect the certificate chain via a site like this:
*http://www.networking4all.com/en/support/tools/site+check/
*https://www.ssllabs.com/ssltest/ -
Using existing SSL Certificate for Web Dispatcher
Hi,
We've registered a SSL certificate with wildcard option via GlobalSign. The history of this process is as below:
1. We created a Certificate Request with IIS and send it to GS (GlobalSign).
2. They send us the certificate file Globalsign Primary Secure Server CA and Globalsign Server Sign CA files.
3. Import all ceritifcates into IIS and then exported the certificate into a Cert.pfx file.
4. By using this file, we are able to import the SSL certificate into J2EE WAS 640 of Portal system.
5. Now we want to use same certificate to establish a web dispatcher installation as intermediate server for internet access.
Web Dispatcher documentations says to create a pse and req file with sapgenpse program and then send it to CA (here globalsign) to get a certificate.
But when we asked GS, they told us to use the certificate they send us before. They cannot create a certificate file for the ourput of web dispatcher. It will be billed us if we persist.
So, we have to find a way to use the existing certificate to enable SSL of Web Dispatcher.
Any idea?Hi Huseyin,
I also have the same scenario. We also want to use the same certificate from verisign for our webdispatcher.
Do you know how to do. Can you help me.
Thanks and Regards,
Sailesh K -
I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !Hi, I very recently had a similar problem...our existing 3rd party ssl external Verisign certificate expired!!!!
I have'nt been able to in the past configure a 3rd party ssl certificate into our current Groupwise 7 system due to lots of various methods of doing this task....i got quite confused and if you do not do things in the correct order the whole process will need to ber started over again.
Ive managed to eventually cracked it and figure out a simple and more structured approach to setting this up.
The following was in relation to applying the 3rd party external certificate to WEBACCESS
This was the steps i took:
Firstly ensure you have the registered details you completed already with your 3rd party SSL supplier, they should have provided you with a:
OU
O
L
S
C
the CN is the webaddress or DNS name your users will hit to access your secured page - we will add this later.
1) Highlight the container where your server is located which will be the host application part of the webaccess that the ssl is assigned to.
(my setup is, i have my main grpwise system in one tree, my application - webaccess component in a separate tree) - we need to re-create the SSL object in the second tree or the container where the application component is located.
2) Right-click to create an object > from the list choose > NDSPKI:Key Material.
3) Give a name for the certificate name object > then select the second option > Custom.
(This will allow you to enter more specific information relating to the 3rd party ssl certificate)
4) The next screen select "External Certificate authority" - this would be your 3rd party ssl. Click next
5) Next screen asks for the Key size, accept the default value of "2048 bits" > tick "Allow private key to be exported", click next.
6) Next screen asks for the Certificate Parameters, depending on the order of your, CN, OU,O,L,S,C
I clicked the edit button and then clicked the small arrow icon to switch the SSL URL around so that my .cn=webserver url address will be read first then the - OU,O,L,S,C.
(PLEASE NOTE: The (OU,O,L,S,C) should be identical to what was initially registered with your 3rd party SSL supplier.
7)Once you are happy with the details click "Finish".
8) You will immediately be asked where to save the "b64" file that will be generated which will be sent off to your 3rd party supplier for re-minting.
choose a file name - ensure no hyphens,or special characters etc are used and keep to the 8.3 naming length just to avoid any long name issues, i do believe that by adding a hyphen may cause problems as the system automatically puts a hyphen to separate the names automatically hence that is why its advised not to use this.
I saved my file to root of my c:\
9)Once this has been done and you click save, send the file off to your 3rd party SSL supplier, they will re-mint the "b64" file and you should get back 2 files:
a)file.cer
b)Intermediate.cer
(filenames could be anything)
10) Select the "KMO object" you created earlier in step 2, then goto the Certificate tab > Trusted Root certificate" tab to import the Intermediate.csr file sent to you.
Select import > then read from file and browse for the "Intermediate.csr" file - i chose root of my c:\ to save the re-minted 2 files sent back to me.
Select the Intermediate file, you should see some encrypted characters show in the blank screen, then select Ok or finish.
If you see a pop up window stating " Subject name mismatch error" dont worry this is merely a cosmetic issue due to the details not being in the exact naming order, it has been IMPORTED!!
Click OK.
Once you have done this you should see your first key pair file imported, check the subject name, Issuer name, effect date, expiration date, certificate status details, these should all show the 3rd party certificate details.
Then next part is to import the second key pair file.
Click Certificate>Public Key Certificate tab > import.
Select to read from file> then browse for the file.csr
You should see the encrypted characters, then select ok or finish.
Now you have competed the difficult part you now need to tell you application what SSL object to point to in order to use the SSL encryption.
For webaccess, you have to edit the apache conf files and enter the name of the SSL/KMO object you created earler.
11) Goto your application server that will use the ssl, then browse to:
server\sys\apache2\conf
edit a file called "httpd.conf"
then
amend or add the section:
SecureListen 443 "Verisign"
Save theses changes - then shut down your web services on the server, apache, etc. ie, type :
Apache shutdown commands:
ap2webdn
tc4stop
admsrvdn
Apache load commands:
apache2
ap2webup
tc4stop
admsrvup
wait a minute or so so that the services can be unloaded.
If you think its safer to do so, you can restart the server - that way you know for sure that everything has been unloaded and re-loaded cleanly.
ALL done.
SSL now in operation and working.
I carried out this method - my own steps and this worked for me.
Good luck!!!
Dennis
Originally Posted by shale999
I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !
Maybe you are looking for
-
Use of NAS disk for project material
I intend to buy a new computer. I have used and vill continue use a 2 TB NAS disk in the system to store photos, documents and videolips. It is a Synology DS111 with Gigabit Ethernet connection. I will use this computer for videoediting. I have used
-
IPad Screen Goes Black, But Still SOUND?!?!
Hello all, As my Title, it says The IPad Screen Goes black. But when i try to scribble around I heard a noise of unlocking it. Even i tryed Home button and Power button for 10 Sec. HHHHHELPPPPP Please Answer Quickly As Possible!
-
Crystal Reports XI Release 2: Error message when trying to install
I am unable to install Crystal Reports XI Release 2 onto my computer. After putting CD1 into my computer and clicking install, I get the following error message: "Error applying transforms. Verify that the specified transform paths are valid." A c
-
Unable to configure Smarttalk in My BT
How do I configure the settings for a SmartTalk phone account when MY BT won't let me because it is still "processing a previous request" and won't show the mobile phone? It has been like this for a week now ..... I need to check the settings because
-
Is it possible to perform a photomerge Panorama using Adobe Photoshop Elements 13?
Is it possible to perform a photomerge Panorama using Adobe Photoshop Elements 13?