SSL - Verisign Certificate Expiry message

Hi,
We are getting a warning message in our XI production system regarding
the certificate expiry(Validity of certificate from list with PSE type
>SSL Client (Standard)< ends in 3 days).
Once checked in STRUST t-code it is found that the below certificate is
getting expired within 3 days.
Owner OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY L
Issuer OU=Class 3 Public Primary Certification Authority,
Serial Number 254B8A853842CCE358F8C5DDAE226EA4
Valid From 17.04.1997 00:00:00 to 24.10.2011 23:59:59
We couldn't able to identify what it does and the process for renewing
it. Kindly provide your support/suggestion on this.
Regards,
Anil

Hi,
Try to renew your SSL certificate from SAP market place and import into your SAP system using STRUSTSSO2.
After successful importing the certificate you can delete the system message in SM02.
I hope it will help you.
Regards,
Kiran .V

Similar Messages

Can not import Verisign certificate

Dear all,
I am trying to import a Verisign certificate in my ABAP BW 3.5
Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
PSE so that it contains field SP, it is more like installing a new
certificate.
What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
I then created the CSR request to Verisign. I received
the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
When I apply the response, by pasting the contents of the text
file created above, I get the message:
"CA Certificate missing in database"
I have already looked at notes 508307, 518185, 510007, 1074447, 511919
I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
I am also sure that the Verisign CA root certificate exists in the
database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
Many thanks in advance for your help
Regards
Andreas

Just created a new SSL PSE and imported the certificate chain again and this time it worked...

Cacerts verisign certificate expires Jan 08 2004

Two Verisign Certificates in the jdk 1.4 keystore 'jdk1.41/jre/lib/security/cacerts' expire on Thu Jan 08 2004.
They are stored with alias 'verisignclass2ca' and 'verisignclass3ca'.
A Weblogic Server Message looks like this:
<Dec 16, 2003 5:39:13 PM CET> <Notice> <WebLogicServer> <BEA-000298> <Certificate expires in 22 days: [
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@3e
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Thu Jan 08 00:59:59 CET 2004]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232]
Algorithm: [MD2withRSA]
Signature:
0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....
]>
Does anybody know,
what that means for ssl ?
Is there a Patch or a new cacerts file for download ?
Thanks a lot.
Ede

I would assume that there are not that many certificates still
being used that use those CA certs for their CA.
As you probably noticed, there are a bunch of newer Verisign
CA certs in that trust store (cacerts). The newer CA certs are
probably the ones being used by certificates that are currently
in use.
I suppose you have to ship the older CA certs until they become
invalid. I doubt that Verisign issued any certificates with those
old CA anytime recently.
-Steve

Error 403.7 - Forbidden: SSL client certificate is required

Hi people!
I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
_THE CODE_
package principal;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import entidade.Certificado;
public class SSLClient {
private static final int PORT_NUMBER = 443;
private static final String HTTPS_ADDRESS = "10.200.140.117";
private static String strCabecalhoMsg = "";
private static String strDadosMsg = "";
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
System.setProperty("javax.net.ssl.keyStorePassword", "senha");
System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","ssl,handshake,record");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
Certificado.getArranjoCharSenhaCertificadoServidor());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksT);
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
try{
// method to load the values of the strings strCabecalhoMsg and strDadosMsg
carregarXMLCabecalhoDados();
SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
socket.startHandshake();
String [] arr = socket.getEnabledProtocols();
URL url = new URL("https://10.200.140.117/dirNotes");
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setDoInput(true);
urlc.setUseCaches(false);
Object[] params = {strCabecalhoMsg, strDadosMsg};
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(url);
call.setOperationName("serviceName");
String ret = (String) call.invoke(params);
System.out.println("Result: " + ret);
catch (UnknownHostException uhe) {
uhe.printStackTrace();
System.err.println(uhe);
catch (Exception uhe) {
uhe.printStackTrace();
System.err.println(uhe);
private static void carregarXMLCabecalhoDados()
try
BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
String str;
while((str=input.readLine()) != null)
strCabecalhoMsg += str ;
System.out.println("Cabe�a: " + strCabecalhoMsg);
input = new BufferedReader( new FileReader("notas/nota.xml"));
while((str=input.readLine()) != null)
strDadosMsg += str ;
System.out.println("Nota: " + strDadosMsg);
catch (FileNotFoundException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (IOException e)
// TODO Auto-generated catch block
e.printStackTrace();
_THE TRACE_
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
*others trusted certs*
trigger seeding of SecureRandom
done seeding SecureRandom
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
*many chains and related data*
Found trusted certificate:
Version: V3
Subject:
*many trusted certificates and related data*
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
Server Nonce:
0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
Master Secret:
0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
Client MAC write Secret:
0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
Server MAC write Secret:
0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
Client write key:
0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
Server write key:
0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : Certificados/certificadoSondaMonitor.jks
keyStore type is : JKS
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: Certificados\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
adding as trusted cert:
* many certificates*
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
many chains again
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
Server Nonce:
0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
Master Secret:
0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
Client MAC write Secret:
0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
Server MAC write Secret:
0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
Client write key:
0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
Server write key:
0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 282
main, WRITE: TLSv1 Application Data, length = 8208
main, WRITE: TLSv1 Application Data, length = 1102
main, READ: TLSv1 Application Data, length = 1830
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
     {}:return code: 404
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
     {http://xml.apache.org/axis/}HttpErrorCode:404
(404)Not Found
     at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
     at org.apache.axis.client.Call.invoke(Call.java:2767)
     at org.apache.axis.client.Call.invoke(Call.java:2443)
     at org.apache.axis.client.Call.invoke(Call.java:2366)
     at org.apache.axis.client.Call.invoke(Call.java:1812)
     at principal.SSLClient.main(SSLClient.java:86)
(404)Not Found
-----

I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
public class NFeClient {
     static{
          Security.addProvider(new BouncyCastleProvider());
     public static void main(final String[] args) throws Exception {
          final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
          final String keyStoreProvider = "BC";
          final String keyStoreType = "PKCS12";
          final String keyStore = "/home/mendes/certificados/cert.p12";
          final String keyStorePassword = "xxxx";
          System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
          System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
          System.setProperty("javax.net.ssl.keyStore",keyStore);
          System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
          System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
          final SSLContext context = SSLContext.getInstance("TLS");
          final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
          final KeyStore ks = KeyStore.getInstance(keyStoreType);
          ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
          kmf.init(ks, keyStorePassword.toCharArray());
          context.init(kmf.getKeyManagers(), null, null);
          final URL url = new URL(path);
          final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
          httpsConnection.setDoInput(true);
          httpsConnection.setRequestMethod("GET");
          httpsConnection.setRequestProperty("Host", "iis-server");
          httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
          httpsConnection.setSSLSocketFactory(context.getSocketFactory());
          try{
               final InputStream is = httpsConnection.getInputStream();
               final byte[] buff = new byte[1024];
               int readed;
               while((readed = is.read(buff)) > 0)
                    System.out.write(buff,0,readed);
          }catch(final IOException ioe){
               ioe.printStackTrace();
}and the response of the server is always the same:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
     at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM

B2B ebMS certificate expiry fix failing in MLR 8

Hi Gurus,
As mentioned in the metalink note 803466.1, that the ebms certificate expiry fix is given in MLR 8.
I have applied MLR 8 and trying to send a signed message. I have followed the instructions given in the note.
Steps followed were
1) Make a backup of the Database and Application server.
2) Apply the latest Patch. At the minimum, MLR8 (8233048).
3) Add the following entry in the file <OracleHome>/opmn/conf/opmn.xml
Under "<ias-component id="B2B" status="enabled">"
<variable id="CLASSPATH"
value="$ORACLE_HOME/ip/lib/osdt/osdt_xmlsec.jar" append="true"/>
4) Add the following entry in the <OracleHome>/ip/config/tip.properties
oracle.tip.adapter.b2b.ebms.OSDT=true
5) Restart B2B and execute the scenario
The messages fail with the below error in b2b.log.
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity:decryptAndVerify Exception Error -: AIP-51924: The message failed the security check
2009.05.09 at 10:23:23:303: Thread-10: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity:decryptAndVerify Exception stack trace Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51931: There was an error while decrypting or verifying the message
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1105)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
When the property oracle.tip.adapter.b2b.ebms.OSDT=true is disabled in tip.property the signed messages do not error out.
Is there anything else that needs to be done.
Kindly help.
Thanks in advance
Regards,
Cema.

Hi Gurus,
As mentioned in the metalink note 803466.1, that the ebms certificate expiry fix is given in MLR 8.
I have applied MLR 8 and trying to send a signed message. I have followed the instructions given in the note.
Steps followed were
1) Make a backup of the Database and Application server.
2) Apply the latest Patch. At the minimum, MLR8 (8233048).
3) Add the following entry in the file <OracleHome>/opmn/conf/opmn.xml
Under "<ias-component id="B2B" status="enabled">"
<variable id="CLASSPATH"
value="$ORACLE_HOME/ip/lib/osdt/osdt_xmlsec.jar" append="true"/>
4) Add the following entry in the <OracleHome>/ip/config/tip.properties
oracle.tip.adapter.b2b.ebms.OSDT=true
5) Restart B2B and execute the scenario
The messages fail with the below error in b2b.log.
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity:decryptAndVerify Exception Error -: AIP-51924: The message failed the security check
2009.05.09 at 10:23:23:303: Thread-10: B2B - (DEBUG) oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity:decryptAndVerify Exception stack trace Error -: AIP-51924: The message failed the security check
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.verifyAttachmentSignature(EBMSOSDTSecurity.java:1408)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1071)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
2009.05.09 at 10:23:23:303: Thread-10: B2B - (ERROR) Error -: AIP-51931: There was an error while decrypting or verifying the message
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSOSDTSecurity.decryptAndVerify(EBMSOSDTSecurity.java:1105)
     at oracle.tip.adapter.b2b.exchange.ebms.EBMSExchangePlugin.decodeIncomingMessage(EBMSExchangePlugin.java:704)
     at oracle.tip.adapter.b2b.engine.Engine.processIncomingMessage(Engine.java:1474)
     at oracle.tip.adapter.b2b.engine.Engine.incomingContinueProcess(Engine.java:2573)
     at oracle.tip.adapter.b2b.engine.Engine.handleMessageEvent(Engine.java:2443)
     at oracle.tip.adapter.b2b.engine.Engine.processEvents(Engine.java:2398)
     at oracle.tip.adapter.b2b.data.MsgListener.onMessage(MsgListener.java:527)
     at oracle.tip.adapter.b2b.data.MsgListener.run(MsgListener.java:374)
     at java.lang.Thread.run(Thread.java:534)
When the property oracle.tip.adapter.b2b.ebms.OSDT=true is disabled in tip.property the signed messages do not error out.
Is there anything else that needs to be done.
Kindly help.
Thanks in advance
Regards,
Cema.

Signing in mail with a verisign certificate

I have 2 certificates bought from Verisign that I used previously under 10.6.
I made a clean install of 10.6 and then updated to 10.7, but even if I managed to import the certificates in the keychain access, the buttons in mail proposing the signature and encryption of emails doesn't appear.
Thank you in advance for your help

I haven't been able to resolve this issue using Mail and a Verisign certificate. So instead I tried Comodo and my Mail system now works perfectly with both signature and encryption. So perhaps the problem lies with Verisign rather than Apple......
And Comodo is free, see http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

SOAP Receiver over SSL - server certificate troubles

Hello all,
I have a scenario with SOAP receiver communication channel with comunnication over SSL. In the URL there is a IP address for a reason I will not mention ... simply there must be IP address in URL and not a host name.
When I access the SOAP server with internet browser it gives me a server certificate with HOST NAME in CN. I placed this certificate to the "trusted container" in J2EEVisAdmin - Key Storage.
Now you might already suspect the trouble: the certificate CN doesn't match with URL. This is obvios error we got many times on the internet (even in e-banking sector .. but we are able to skip it with our internet browsers' possibilities.
Could I set up something in J2EE server as same as in internet browser ???
Thank you in advance.
Rgds
Tom

Got it,
SAP Note : 791655
HTTPS/SSL Properties
Property Name = [default]
messaging.ssl.httpsHandler=iaik.protocol.https.Handler
messaging.ssl.securityProvider=iaik.security.provider.IAIK
messaging.ssl.trustedCACerts.viewName=TrustedCAs
messaging.ssl.serverNameCheck=false
Description:
The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.
The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.
Regards,
Bhavesh

How can I get an up to date Verisign certificate??

For an app I need the Verisign certificate. I downloaded one from a link provided in this forum but once installed I see it valid until "15-07-2009" -- no good for me, I'm in August.
Trawling the Verisign site didn't help ease the frustration.
Any pointers?
It's a VeriSign Class 3 Code Signing Certificate. I've already updated the Nokia firmware to the latest version.

I can't seem to find any other place to put this but here.
I have the same exact issue as the person who started this thread.
I have a valid VeriSign Class 3 code signing certificate and when trying to do a OTA for a E63 phone the message shows "certificate not recognizable".
VeriSign blames Nokia.
What can I do for this?

Webservice call failed during execution (SSL and certificates) on NetWeaver 7.30

Hey experts,
i need your help!
We make webservice calls to sap me with our own software.
We connect to our software via SSL and certificates e.g. https://host:50001/XMII/CM/POD/MEDialogsWeb.irpt
At the beginning the software runs without any problems and than we become the following message on all our webservice:
thats the webservice configurations
(configuration - connectivity - single service administration):
(configuration - security - authentication and single sign-on)
if we restart the software after the error display, the webservice call runs successfully again.
is it a timeout?
can anybody help us?
Thanks,
Markus
our system info:
NetWeaver 7.30 Java
SAP ME 6.0
software runs log looks as following
software doesn't runs log looks as following
security Log Entry
more info from security_00.0.log
#2.0 #2014 06 06 14:51:17:136#+0200#Warning#/System/Security/WS#
com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-RT#tc~sec~wssec~service#C0000A650AD826FF0000000100000BEC#3855850000000005#sap.com/me~ws#com.sap.engine.services.wssec.authentication#Guest#0##207092CAED7111E3A01A0000003AD5EA#23386e31ed7911e39d560000003ad5ea#23386e31ed7911e39d560000003ad5ea#0#Thread[HTTP Worker [@648881277],5,Dedicated_Application_Thread]#Plain##
Received unsupported callback: com.sap.engine.interfaces.security.auth.SetLogonTicketCallback
Received unsupported callback: com.sap.engine.lib.security.http.HttpSetterCallback
Read data of type username and value MEFLEX from wsse:Security header and set on module javax.security.auth.callback.NameCallback
Read data of type username and value from HTTP header and set on module javax.security.auth.callback.NameCallback
Read data of type password and value xxx from wsse:Security header and set on module javax.security.auth.callback.PasswordCallback
Read data of type password and value xxx from HTTP header and set on module javax.security.auth.callback.PasswordCallback
Authentication for web service ShopOrderService, configuration ShopOrderService using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for further info).

Hi,
the authentication for the second call is failing. Have you tried suggest log level from note 880896 - Web Service authentication failure? I would also try to use something like SoapUI to test if the issue is caused by your application or something wrong on SAP side. Also coparing messages for the first and second calls might give you answer.
Cheers

Portal, SSL, mapping certificate to user id

Hello,
We're trying to configure our EP 7.0 SP15 to use SSL/client certificates. SAP Web Disp is not used.
Valid client certificate has been issued and installed on PC and CA has been created on server. Certificate is required for SSL usage.
When accessing the portal using https://servername.xxx.com:500001/irj/portal on the log in screen for the portal a message is shown : "Your certificate will be mapped to your user id". There are also prompts for user id and password.
The next time I try to log on this message is shown again and I am prompted for user id and password again. I had hoped that the user id and certificate was mapped and the prompt for user id/pw was skipped and I was logged on directly. Not so...
I have also tried to manually assign the certificate to my user id - no luck...
The description for using client certificates for user authentication on help.sap.com has (to my knowledge) been followed.
Hints and help will be greatly appreciated.
Thanks.
/Christian
Edited by: Christian Holm on Aug 25, 2008 2:52 PM

... or try this here: Maintaining Certificate Mappings Automatically
http://help.sap.com/saphelp_nw70/helpdata/de/44/200cb204a75cfbe10000000a155369/content.htm
Regards,
Volker

How to Import Self-signed SSL server certificates in Adobe AIR applications

Hi,
I am using secure AMF endpoints for remote object communication from AIR client.
since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
Is there any mechanism to import the server certificate in AIR application..?
Please provide suggestions.
Thanks

I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????

Monitor certificates expiry in linux servers

Hi,
Can anyone let me know if we can monitor certificate expiry on Linux servers in SCOM 2012 R2
Thanks in Advance
Bharath

Bharath,
Not sure what certificates you are wanting to monitor on your Linux servers but if openssl can read them you can run something like this in a UNIX/Linux Shell Command Rule.
This will get the dates of the certificate the SCOM UNIX/Linux agent uses.
openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -dates
notBefore=Sep 19 18:11:48 2013 GMT
notAfter=Sep 19 18:21:36 2024 GMT
From here you would need to parse out exactly what you need but should be easy to configure and trigger the rule if the date is expired. Of course if the date is expired on the SCOM agent this will not work as SCOM will fail to communicate with the
agent. :)
Regards,
-Steve

Verisign Certificates renewal Issue

Hi
We are running Sun Java Web Server 7.0 update 5 and wanted to renew verisign certificates for 2 more years.
What i did:
1. Got the certificates from Verisign with last year CSR (i'm not sure if previous CSR can be used or not)
2. Using admin console (browser based) , i went to "server certificates" ->"install" and could successfully installed them (but there was a warning that duplicate nick name) and i selected ls2 (listener-2 for https)
3. admin console shows renewal successful and expiry year is 2011.
4. I also restarted both admin and web services
But the problem that when i access the application from browser, it still says the expiry year as 2009.
Please advise.
Prvn

Well ... I don't know WHICH three *db files you copied, or from where you copied them in the admin-serv directory.
If the admin server appears to be working as expected, and the instance appears to be working as expected, then just make sure the admin server isn't telling you that changes have been made on the instance (if it is then tell it to copy the changes and make them the new current version).
Depending on which files you copied from where you may end up with the admin server having the wrong certificates. This could cause a problem for any nodes that are registered with it. I think you'd already see a problem if this were going to break things though.
In a perfect world everything is just working as expected now, and you're done. If you want to be extra cautious, though, you should restore the admin server's key3 and cert8 databases from a backup (these databases contain the self-signed certificate and its associated keys that were created when you installed Web Server).

Importing Verisign Certificate on PIX7.1

Hi there,
After having importet Verisign Intermediate CA onto my PIX, I've send the CSR request to Verisign and gotten a Certificate back. Now when I try to import the returned certificate on the PIX, I get an error :
Failed to parse or verify imported certificate
Now, I've tried clearing all certs, reauthenticate the CA etc.
Any ideas?
Is it a problem that the CA is Intermediate? Can the CSR attributes contain spaces?
Pix is running latest version 7
Kind regards
Kelvin Dam

Hi koksm,
Yeah - I got it to work. I dont know how many of these steps you have done, but heres how I did it :
RSA-keys are probably already generated (also needed for ssh-access), but if you ever need to reissue the cert, regenerate the rsa keys, otherwise the CSR will be exactly the same and not accepted by the 3rd party CA:
crypto key generate rsa
Then define the trustpoint:
crypto ca trustpoint Verisign
crl optional
enrollment terminal
subject-name CN=host.domain.com,OU=Unit,O=Organisation,C=NL,St=xxx,L=xxx,[email protected]
Import root CA cert (make sure you have the correct one, preferably without intermediate CA (RA)):
crypto ca authenticate Verisign
---BEGIN--- or ---END--- lines do not matter>
quit
INFO: Certificate has the following attributes:
Fingerprint: 069f6979 16669002 1b8c8ca2 c3076f3a
Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
Generate the CSR:
crypto ca enroll Verisign
% Start certificate enrollment ..
% The subject name in the certificate will be: xxxx
% The fully-qualified domain name in the certificate will be: hostname.domain.com
% Include the device serial number in the subject name? [yes/no]: no
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:
MIICNjCCAZ8CAQAwgbwxJTAjBgkqhkiG9w0BCQEWFnNlcnZpY2VkZXNrQGR5bm9t
aWMubmwxEjAQBgNVBAcTCUJpbHRob3ZlbjEQMA4GA1UECBMHVXRyZWNodDELMAkG
---End - This line not part of the certificate request---
Redisplay enrollment request? [yes/no]: no
Notice this is generate without ---BEGIN--- and ---END--- lines which you do need to add when submitting the form to the 3rd party CA.
After succesful verification by the CA you'll be returned a certificate which you can import with or without the ---BEGIN--- and ---END---- lines, so you might as well just copy the complete text:
crypto ca import Verisign certificate
% The fully-qualified domain name in the certificate will be: xxx.domain.com
Enter the base 64 encoded certificate.
End with the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIDcTCCAtqgAwIBAgIQIHOwJ7acK6Fmibyhf67HlDANBgkqhkiG9w0BAQUFADC
MXN/DqZw504SdlIkm3K4Dt7kSa5NILlncBiPhJJPJRjcOk6wRB6vuGG85uz6twR
nq4BqbMitzpgxvK12hgS9ZDy62kC
-----END CERTIFICATE-----
quit
INFO: Certificate successfully imported
Make sure you activitate the trustpoint either as for use on all interfaces or on a specific interface using:
ssl trust-point thawte.com [interface]
One more thing - the verisign root cert, I did NOT get from their webpage, but I took the one that accompanies the Internet Explorer.
Hope it helps
Kdam

I am getting a certificate error message and there is no link on the page to add this site as an exception.

I am trying to open up the web page where we log into our employee email. Evidently the security certificate has been changed. I am getting a certificate error message, but I am not seeing a link provided where I can click to add this web site as an exception.

This is a user to user forum. You are defintely in wrong place.

SSL - Verisign Certificate Expiry message

Similar Messages

Maybe you are looking for