SSL Certificates with SAN going away next year

if my SCCM internet based client management requires SSL with SAN, what do we do after October 2015 when entities will no longer issue Certs with the IP or Intranet Alternative names? see godaddy article:
http://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls?locale=en
thanks,
azin
azwright

the issuer has issued the cert for now, but says will no longer support it when it expires.
Additionally, I thought the whole point of purchasing a 3rd party cert was that the clients would already trust it and not need to run the certutil to import the cert. Right now, i'm getting a GetDP error saying IP address not found, but I can actually
go to my server on the Internet. It then gives me a Cert error saying not trusted. I will try the certuil.exe and see if that resolves the issue, but the expiration and it not being supported after that is something I will need to dig further.
thanks,aw
azwright

Similar Messages

New SSL certificate with 2048 bit shows error: (Fehlercode: sec_error_unknown_issuer)

installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
== URL of affected sites ==
https://www.dongil.at/

I have also tried all the solutions mentioned - but no luck.
I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
- Lasse

Lync SSL certificates (One SAN for Edge and Frontend?)

I'm in the process of generating public SSL certificates for our enterprise Lync environment. We are running a pool of frontend servers, edge servers, mediation servers, and director servers.
My question is can I generate one UCC SAN with like 10 domains and use them for all the servers that need it or will I have to have one SAN for like the Edge servers, one SAN for the front-end servers, and one for the director servers?

You can use one big certificate, but you may want a different subject name for different roles (specifically between the edge and front end) Many third party cert authorities will allow you to reissue another copy of the cert to do this as long
the names inside the cert don't change.
For the front end, you'll want the common name (or subject name) to be the pool name:
http://technet.microsoft.com/en-us/library/gg398094.aspx
For the edge, you'll want the access edge name as the subject name.
http://technet.microsoft.com/en-us/library/gg398920.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications

Wildcard SSL Certificates with MFE?

Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
Before doing anything I figured I'd try a website that used a wildcard certificate.
When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
Thanks.

This is interesting question. I look forward testing this myself
What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

SSL certificates with iWeb

I purchased SSL certificate from GoDaddy for this website: www.mtnpine.com. This is a motel website with a reservation page. I want this page to have "secure" credit card entries for customers. GoDaddy now informs me that they only sold me the certificate but cannot help me set it up or script it into my website. Disappointing. Can anyone help me?
Maria

Nobody responded on this forum, so I called GoDaddy and got my answer.

SSl certificate with form listerner servlet

We have ssl implemented at Apache and Forms. the forms are running in https mode and we were using j2se 1.4. Now I have upgraded the j2se to 1.5
now the certificates are going to expire and in have to renew them. For Apache it is clear that i have to renew it.However for forms i am not sure--
In meetalink Doc ID: 123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications, it is mentioned that
"In Forms Listener Servlet --All communication between the client PC and the forms server is routed via the apache port and forms servlet eliminating the need for the additional certificate required by the Forms Listener Server architecture. HTTPS Users wishing to use J2SE 1.4.2.x must use the Forms Listener Servlet. The following steps are necessary only if you are using the Forms Listener Server"
So i want to know that do i still need to renew the certificate for forms? Or will i be able to access forms without any forms certificate after it expires?
Thanks

I did not implement SSL with Forms Listener Servlet on 11i, but in R12 (which use Forms Listener Servlet) a separate certificate is no longer needed for Forms since Forms will share the same wallet as the Oracle HTTP Server. So, you should be able to access your forms without renewing the certificate for forms.
Note: 376700.1 - Enabling SSL in Release 12
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=376700.1

Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

Hi,
'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
I get the following error when attempting to access WebLogic via Apache:
Internet Explorer cannot display the webpage
These are the last lines in wlproxy log:
Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
Do you know if there are limitations to the certificate length that the plug-in can use?

Yes 4096 bit Certificates are not supported by the plugin.
You can use up to 2048 bit.
There is a Bug which clearly mentions it.
I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
Hope this helps.
Faisal Khan
Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

What will happen to MobileMe mailboxes in MacMail when MobileMe goes away this year?

I use the Mac mail application to handle and store years of messages for business and home use. Currently, I store the bulk of my e-mail archives, which I use regularly, on my Mac, rather than on MobileMe (which is what appears in the Mail application in the Mailbox List).
I love the ease of Time Machine, but recently had a serious outage after a series of power surges, which destroyed thousands of dollars of electronics in my home. My computer equipment had surge protection and came through fine, but I still worry about the fragility of storing data long-term in the same location as my work and home computers. I'm increasingly looking for cloud-based solutions for secure long-term storage and back-up. I've experimented with Drop Box and have migrated to iCloud, which works so much better than MobileMe that it's stunning.
Specifically, regarding the Apple Mail app, I split my storage of e-mail archives between mailboxes "On My Mac" and in "MobileMe." Can I move the Mac-based archives to "MobileMe," or will those mailboxes go away with the final transition to iCloud and the disappearance of MobileMe? And if those are to continue as a feature iCloud, can I be sure those archives (including file attachments) will be available to me in the future without worry about corruption or other data loss?
Thanks.

My issue is not moving folders from .mac to iCloud. The issue is that in the Mail app, my Folder List shows messages can be stored either "On My Mac," i.e. stored locally on my hard drive, or on "MobileMe," which is in the cloud. However, since I have migrated to iCloud, why does the Mail app continue to show my cloud-based e-mail storage under "MobileMe."
This raises the obvious question as to whether these archived folders labeled "MobileMe" will disappear when MobileMe fully shuts down this year. Does anyone have documentation addressing this question. If the folders listed under "MobileMe" are indeed in iCloud, why aren't they now labeled "iCloud," instead of "MobileMe"?
I don't believe this is an obvious question. For example, my understanding is that any files I have currently stored in my iDisk space on MobileMe will be lost at the shut-down of MobileMe because the iDisk app will not be supported in iCloud. At present, those files and my iDisk folders are accessible to me, even though I've migrated to iCloud and can no longer sign into other legacy MobileMe services, such as http://me.com/mail.
To be clear, I'm not looking for opinions or guesses about what might happen when MobileMe shuts down. I'm looking for Apple documentation on what services and legacy data stored in the cloud through MobileMe will be available in iCloud post-shut-down and what steps need to be taken in advance to ensure that I don't lose data.
Thanks.

Certadmin is adding new SSL certificate with wrong name

I'm using certadmin to add a new certificate from Thawte. Did it successfully the past few years, but can't do it this year for some reason. It looks like everything is working, but when I go to look at the store after adding the cert it comes up with the same name as last year's certificate. For example,
portal.rhsmith.umd.edu u,u,u
portal_2003 u,u,u
portal_2003 u,u,u
server-cert u,u,u
...where portal_2003 is the name of last year's cert. Before running certadmin there was just one of 'em. The .nickname does change to the new name I entered in, but it doesn't get stored with that name and the gateway gets confused. Changing .nickname to portal_2003 lets the gateway start, but it's finding the old (about to expire) cert, not the new one I just bought. Any ideas, anyone?
Thanks for your help,
--Ernie

Solved my own problem... went in with ipscertutil directly and removed some old certificates. This seemed to uncorrupt the store and I was then able to add the certificate.

Can't install ssl certificate with orapki

Hi!
I've been having issues with the oracle wallet manager so was advised by oracle support to use orapki instead.
As the oracle user I did generated the certificate request in the following mannger:
orapki wallet create -wallet $ORACLE_HOME/wallet -pwd <<mypassword>>
orapki wallet add -dn <<mydn>> -keysize 1024 -wallet $ORACLE_HOME/wallet
orapki wallet export -wallet $ORACLE_HOME/wallet -dn <<mydn>> -request $ORACLE_HOME/wallet/newcrt.req
and then sent newcrt.req to the issuing authority.
They gave me four files in return:
mycertificate.crt
IPSServidores.cer
IPSCACLASEA1.cer
IPS-IPSCABUNDLE.cer (a bundle of the above 2 together)
I renamed the .cer files to be .crt files.
I then attempted the following (to add a trusted certificate):
orapki wallet add -wallet $ORACLE_HOME/wallet/ -trusted_cert -cert $ORACLE_HOME/wallet/IPSServidores.crt
I was asked for my password, which I typed in and then was confronted with the message:
Unable to load wallet at /opt/oracle/product/10.1.3.1/OracleAS_1/wallet/
Googling around led me to think that I had the password wrong, but this is almost impossible as I typed the commands into a txt file that I saved and just copied them into the command prompt so the line that I created the password on is still available for view.
What else could possibly be wrong? Thanks!!!

hi Marius
I guess ur following the below steps properly
The installation consists of three main parts:
a) Importing the Primary Root CA
b) Import the Intermediate Certificate and Cross Certificate
c) Installing your SSL123 certificate
a) Importing the Primary Root CA
1. Launch Oracle Wallet Manager.
2. Click Operations and select Import Trust Certificates from the menu
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
b) Importing the Intermediate and Cross certificates
1. Launch the Oracle Wallet Manager.
2. Click Operations > Import Trust Certificates from the menu.
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
6. Repeat the same steps for the Cross certificate
c) Importing your SSL123 certificate
1. Click Operations > Import User Certificate from the menu bar.
2. The Import Certificate dialog appears.
3. Select the Paste the Certificate radio button, and click OK.
4. The Import Certificate dialog appears.
5. Paste the entire contents of your SSL123 Certificate file and click OK.
6. A message should show that the certificate was imported successfully.
7. When you return to the main window, wallet status should show "Ready."
Regards
Fabian

Will iWeb still be available through Lion OS even though mobleMe is going away?

I justed downloaded Lion, iWeb is still available but is it going away next year with iDisk?

iWeb has already essentally gone away. But if you are publishing your website via MobileMe, then that will cease next June. I suggest you check out MobleMe and iWeb.

Syslog Collector failure with third party SSL certificate

Hello,
We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.
I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
        at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
        at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
        at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
        at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
        at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)
Thanks....!!!
= Uwe =

The subscriber list is empty because we could not add the subscription after the swapping the certs. Sorry, was asked to obscure the host names - it shows host name only not FQDN.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,198, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,201, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:36,694, Service started...
SyslogCollector - [Thread: Thread-9] WARN , 14 Feb 2010 10:42:04,383, Unable to add monitor for
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 14 Feb 2010 11:07:42,369, Could not send syslogs, removing the subscriber...Connection refused
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,499, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,501, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,850, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:06,047, Service started...
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,732, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,735, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:34,148, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:37,352, Service started...
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,112, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,115, System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,565, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:38,168, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,806, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,816, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:44,220, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:47,493, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,424, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,427, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,781, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:04,007, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,851, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,854, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:34,303, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:37,834, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,156, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,166, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,516, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:54,734, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,673, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,676, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:34,130, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:37,759, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,526, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,533, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,886, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:46,111, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,144, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,147, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,604, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:38,116, Service started...
Our secondary host shows a subscriber, however no syslog packets are seen. Also, this subscriber can not be unsubscribed (deleted).
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,098, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,101, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:09:22,723, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:22,770, Service started...
SyslogCollector - [Thread: Thread-11] WARN , 18 Feb 2010 16:14:07,828, Unable to add monitor for
SyslogCollector - [Thread: Thread-13] WARN , 18 Feb 2010 16:14:08,008, Unable to add monitor for
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,557, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,560, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,205, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,263, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:33,277, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,728, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,733, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,786, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,857, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:37,869, Service started...

Currently running 17.0.1, I have been experiencing crashes with this and 3 previous updates with zero issues prior, for years, hoping someone has a solution?

The computer can be sitting idle or opening a simple business e-mail and it just crashes for no reason. I do not surf the internet or go places other than business sites. This is a well and correctly maintained computer hoping there is a simple known solution.

madperson,
Thank you you for response and efforts. My dilemma is I have to respond to five different E-mail accounts from five different businesses with all using the GoDaddy's Starfield software. This has worked flawlessly for years with Firefox. I have to rely on the notifier because I can not have them all open while working and require the alert.
Since my request for help I have paid a lot more attention to the issue finding Firefox crashing 100% of the time during pdf format downloads with many from .gov sites. Odd, but I do receive the download but must restart Firefox.
I am beginning to question a switch I made in start pages as the possible cause. I have used iGoogle as my start page for years able to put my interest only on it but they have announced they planned to cease their offering next November so I looked around finding a service that is 20 times better that iGoogle called Protopage.
This start page service is limited only by ones imagination and have changed most of the way I work as a result. I used to use Firefox as the truck to carry the workload in tabs rather than Safari because as you know it has its limitations.
I have begun to use Safari as the default and bookmarked Protopage, ATT.net, and iGoogle as my start pages and bookmarked the rest of the often accessed items from weather to translators. I have one non-business Hotmail e-mail account that Safari restricts certain services like linked videos so I use Firefox and once I start it I leave it on for the day to carry the hotmail and the 5 .com's turning off Safari.
I have contacted Protopage with the issue because it has one quirk in it when in use that I can live with because of its unlimited abilities but feel it may also be responsible for the Firefox issue.
Regarding resetting Firefox, I did go into my Mac and searched every last bit of Mozilla and removed it. I then removed GoDaddy's Starfield alerter, emptied the trash, ran Clean My Mac, rebooted, ran Clean my Mac a second time and then reloaded a fresh OS X in. I reloaded GoDaddy's software and Firefox and all seemed well for several hours until I opened Protopage which could have been purely coincidental so as time allows I will better sort that process that led to the issue reoccurring.
It may be a week or two before I have the time to further study the issue but if there is a glitch between Firefox and Protopage, Firefox should get after it because with iGoogle going away many will find Protopage. By the way, on all our Macs we have both BitDefender and MacScan2 as a witness having never found the first item as we are not surfers but just business oriented.
When I sort it I will report back. Thanks again madperson. /joe

Problem installing SSL certificate for CPS

I work at a medium-sized University, and we have used
Contribute 3 with CPS1.11 for well over a year. Recently, however,
the Contribute clients began having difficulty logging in to CPS.
At first this was intermittent, but is now constant. Adobe support
suggested replacing the CPS self-signed SSL certificate with a
genuine one, because apparently the self-signed certificate is
causing communication delays and timeouts.
I have the certificate, and am trying to use keytool (see
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
to install it, but it is asking me for a keystore password, which I
don't know. Apparently the standard defaults are "changeit" or
"passphrase", but neither of these work.
As a test, I created a fresh install of CPS and attempted to
list the keys in the keystore, but again was asked for a keystore
password and the defaults did not work. Adobe support suggested I
ask here. Anybody have any experience installing a certificate for
CPS?

Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new:
SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.

SSL certificates and GWIA

I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !

Hi, I very recently had a similar problem...our existing 3rd party ssl external Verisign certificate expired!!!!
I have'nt been able to in the past configure a 3rd party ssl certificate into our current Groupwise 7 system due to lots of various methods of doing this task....i got quite confused and if you do not do things in the correct order the whole process will need to ber started over again.
Ive managed to eventually cracked it and figure out a simple and more structured approach to setting this up.
The following was in relation to applying the 3rd party external certificate to WEBACCESS
This was the steps i took:
Firstly ensure you have the registered details you completed already with your 3rd party SSL supplier, they should have provided you with a:
OU
O
L
S
C
the CN is the webaddress or DNS name your users will hit to access your secured page - we will add this later.
1) Highlight the container where your server is located which will be the host application part of the webaccess that the ssl is assigned to.
(my setup is, i have my main grpwise system in one tree, my application - webaccess component in a separate tree) - we need to re-create the SSL object in the second tree or the container where the application component is located.
2) Right-click to create an object > from the list choose > NDSPKI:Key Material.
3) Give a name for the certificate name object > then select the second option > Custom.
(This will allow you to enter more specific information relating to the 3rd party ssl certificate)
4) The next screen select "External Certificate authority" - this would be your 3rd party ssl. Click next
5) Next screen asks for the Key size, accept the default value of "2048 bits" > tick "Allow private key to be exported", click next.
6) Next screen asks for the Certificate Parameters, depending on the order of your, CN, OU,O,L,S,C
I clicked the edit button and then clicked the small arrow icon to switch the SSL URL around so that my .cn=webserver url address will be read first then the - OU,O,L,S,C.
(PLEASE NOTE: The (OU,O,L,S,C) should be identical to what was initially registered with your 3rd party SSL supplier.
7)Once you are happy with the details click "Finish".
8) You will immediately be asked where to save the "b64" file that will be generated which will be sent off to your 3rd party supplier for re-minting.
choose a file name - ensure no hyphens,or special characters etc are used and keep to the 8.3 naming length just to avoid any long name issues, i do believe that by adding a hyphen may cause problems as the system automatically puts a hyphen to separate the names automatically hence that is why its advised not to use this.
I saved my file to root of my c:\
9)Once this has been done and you click save, send the file off to your 3rd party SSL supplier, they will re-mint the "b64" file and you should get back 2 files:
a)file.cer
b)Intermediate.cer
(filenames could be anything)
10) Select the "KMO object" you created earlier in step 2, then goto the Certificate tab > Trusted Root certificate" tab to import the Intermediate.csr file sent to you.
Select import > then read from file and browse for the "Intermediate.csr" file - i chose root of my c:\ to save the re-minted 2 files sent back to me.
Select the Intermediate file, you should see some encrypted characters show in the blank screen, then select Ok or finish.
If you see a pop up window stating " Subject name mismatch error" dont worry this is merely a cosmetic issue due to the details not being in the exact naming order, it has been IMPORTED!!
Click OK.
Once you have done this you should see your first key pair file imported, check the subject name, Issuer name, effect date, expiration date, certificate status details, these should all show the 3rd party certificate details.
Then next part is to import the second key pair file.
Click Certificate>Public Key Certificate tab > import.
Select to read from file> then browse for the file.csr
You should see the encrypted characters, then select ok or finish.
Now you have competed the difficult part you now need to tell you application what SSL object to point to in order to use the SSL encryption.
For webaccess, you have to edit the apache conf files and enter the name of the SSL/KMO object you created earler.
11) Goto your application server that will use the ssl, then browse to:
server\sys\apache2\conf
edit a file called "httpd.conf"
then
amend or add the section:
SecureListen 443 "Verisign"
Save theses changes - then shut down your web services on the server, apache, etc. ie, type :
Apache shutdown commands:
ap2webdn
tc4stop
admsrvdn
Apache load commands:
apache2
ap2webup
tc4stop
admsrvup
wait a minute or so so that the services can be unloaded.
If you think its safer to do so, you can restart the server - that way you know for sure that everything has been unloaded and re-loaded cleanly.
ALL done.
SSL now in operation and working.
I carried out this method - my own steps and this worked for me.
Good luck!!!
Dennis
Originally Posted by shale999
I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !

SSL Certificates with SAN going away next year

Similar Messages

Maybe you are looking for