SSLVPN 3rd Party Certificate, still get "untrusted site" with mobile device

Similar Messages

• SSLVPN 3rd Party Certificate

  Hi,
  We are in the process of deploying SSLVPN for our company. We already bought two ASA5510 with SSLVPN licenses on both. I am going to install the firewalls into two seperate data centers to provide redundancy. Two different external IPs but we'll publish it with a single URL so we can load-balance. My question is, do we need to purchase two SSL Certificates? Or should we just purchase one and export then import it on the other firewall?
  Your thoughts? Thanks in advance.
  John

  Hi John,
  There are different ways to get this to work with VPN load-balancing.
  However, we need to have a good understanding of how this is supposed to work.
  When the Master receives a new SSL connection, based on the load-balancing algorithm, it makes the decision to whether redirect the session to another ASA or accept the connection.
  The SSL connection will point to the Cluster URL, so you need a certificate for the cluster including the cluster URL in the CN attribute field.
  We must keep in mind, that the cluster does not take the connection, but a specific ASA does, so we also need a valid certificate for each ASA.
  Now, to solve this issue, I would recommend to you to check on the following link and choose the best option for you:
  ASA VPN Load Balancing/Clustering with Digital Certificates Deployment Guide
  Keep me posted.
  Please rate any post you find useful.

• Exchange Server 2010 Edge Transport Subscription Issue while moving Internal CA Certificate to 3rd Party Certificate

  My Client have a Exchange 2010 Organization with Single Domain Single Forest.
  They were using Internal CA Certificate and a TLS Cert.
  As a POC we are doing a POC for Exchange 2010 Hybrid Office 365 Environment.
  For this 3rd Party CA is Mandatory and they have bought a Geo Trust Certificate.
  Now when they have installed cert on both HUB as well as EDGE servers, he was prompted to do edge subscription again.
  HUB and CAS are combined on the server at both Main and DR Site.
  When they try to do edge subscription again they are getting the following error.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.

  I was finding out the solution and got this.
  1-Certificate will import on both EDGE and HUB Servers.
  2-Edge Sync will use Self-Sign Certificate (but I an unable to find how do I configure this)
  3-some communication between Edge and Hub will be encrypted via 3rd party Certificate.
  Could anyone suggest, which services on HUB must based in this 3rd party cert.
  All the external communication must be encrypted via 3rd party CA and communication between HUB-EDGE will set on self-sign Cert. How do I do this.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.
  Hi,
  Please run Get-ExchangeCertificate | fl to check your Exchange certificate settings. Also confirm if the 5E470560626E313646730C177FCA66728E2BAFF7 certificate is your trusted 3rd party cert.
  Please use Enable-ExchangeCertificate cmdlet to assign SMTP service to your self-signed certificate in your Edge server.
  Regards,
  Winnie Liang
  TechNet Community Support

• PKI setup using 3rd party certificates

  I want to configure SCCM in our environment using are existing certificate creation infrastructure. I do not want to use Microsoft Certificate services. Instead I'd rather use our OpenSSL solution. However I cannot find good documentation to work with using
  3rd party certificates. Everything is related around Microsoft's certificate services.
  Has anyone had any luck implementing SCCM in this manor? Documentation available to aid?

  So we are planning to setup https across the board and going through the blogs and TechNet article - I see that internal PKI is a requirement and you just cannot do away with 3rd party/external certificate, correct ??
  I am working on a scenario where the customer does not want to implement internal PKI but use external certificate either by GoDaady or Thawte or VeriSign where possible at all times but looks like you can't use the external certificate to act as ConfigMgr
  Web Certificate or ConfigMgr DP Cert?
  given the following scenario
  https://social.technet.microsoft.com/Forums/en-US/ac34ebdf-c932-4075-b4a3-ebe572ffab0e/scenario-multi-tenant-configmgr-2012-r2-and-same-ip-address-range-for-multiple-customer?forum=configmanagerdeployment#868600a8-e8eb-471a-b767-761305636041
  for clients to communicate to DP's/Secondary Sites configured in HTTPS, we still need internal PKI ?
  I guess the answer is yes to all.. but just confirming :)

• WLC5760 - CSR request for 3rd party certificate

  I need to generate a CSR request to obtain a 3rd party certificate for my WLC.
  i am not sure how i can do that. all document availble are for wlc 4400.
  let me know if the same process will apply to wlc5760 as well.

  Thanks Matteo,
  I managed to get it done, Yes I used OpenSSL to generate CSR.
  Here what I have learnt about it, including WebAuth Cert installation on 5760. This may be useful to someone else.
  http://mrncciew.com/2014/07/30/5760-webauth-certificates/
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Farm member not using 3rd party certificate

  I have a Microsoft server 2008 R2 RDS farm using a broker and NLB farm nodes.
  In the farm member node ( not the broker ), I open  “Remote Desktop Session Host Configuration” tool I selected “member of farm RD Connection Broker” and in the “general” tab under the “certificate” section I clicked “select” and picked the 3rd party
  Certificate.
  This is a Farm member. When I use a rdp client to go to farmName.domain.com I get a pop up with a certificate error and it shows the certificate as serverName.domain.com and not the name in the “farm” certificate.
  How can I troubleshoot this issue.

  Hi,
  Iniitally seems the certificate is not from valid trusted authority. So please check the trusted authority. Apart there is mismatch in certificate name with server name. 
  The name in the Subject line of the server certificate (certificate name, or CN) must match the FQDN, or the DNS name that the client uses to connect to the RD Gateway server, unless you are using wildcard certificates or the SAN attributes of certificates.
  If your organization issues certificates from an enterprise certification authority (CA), a certificate template must be configured so that the appropriate name is supplied in the certificate request. 
  The certificate must be trusted on clients. That is, the public certificate of the CA that signed the RD Gateway server certificate must be located in the Trusted Root Certification Authorities store on the client computer.
  In addition, please check beneath article for reference.
  Configuring Remote Desktop certificates
  http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How can I set Firefox 8.0 to accept 3rd party cookies ONLY from selected sites but NOT from any other sites?

  I do not like to accumulate 3rd party cookies and would simply not check the Accept 3rd Party Cookies box in Preferences. BUT in order to use my bank's web page I have to accept 3rd party cookies from a separate site that manages some of their transactions (like paying bills). This means I have to accept 3rd party cookies and then delete them by hand OR I have to check the accept box each time I use the bank's website and then uncheck it when I am done.

  Thanks, but that is not what I was trying to do. I do not want to block cookies from a single site. I do not want to block all 3rd party cookies.
  What I want to do is ACCEPT 3rd party cookies only from ONE site but NOT from any other site.

• When using firefox I cannot signin to sites, but can get to sites with tabs on toolbar but cannot signout when I siginin, I have uninstalled the program and reinstalled it but still have the same problem?

  <blockquote>Locking duplicate thread.<br>
  Please continue here: [[/questions/891666]]</blockquote>
  When using Firefox I cannot signin to sites, but can get to sites with tabs on toolbar but cannot signout whe signin, I have uninstalled the program and reinstalled it but still have the same problem.

  That problem can be caused by the Yahoo! Toolbar that extents too much downwards and covers the top part of the browser window and thus makes links in that part of the screen not clickable.
  *https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes
  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.com/kb/Safe+Mode
  You can keep an eye on this thread:
  *[[/forums/contributors/707748]]

• Cisco IOS CA using 3rd Party Certificate

  Hi,
  Can I use 3rd Party certificate such as verisign, on Cisco IOS CA ? All i can see on cisco.com is self-signed certificate from router.
  Thanks
  -santo-

  Santo,
  That's fair enough. A key information to make sure customers understand that a private PKI infrustructure is (for the purpose of deployment such as GETVPN) as secure as provided by third part party.
  Private PKI is not based on self signed certificates - only the root CA might need something like it :-)
  That being said, for reliability and flexability I really suggest storing CA (ser, CRL, OCSP, backup of public/private keys) files on storage external to the router.
  Key takeway is that a properly managed private PKI solution for deployments like DMVPN/GETVPN others is as secure as external 3rd party services (and often time order of magnitude cheaper).
  M.

• 3rd party certificate on WiSM controllers

  Hi,
  On my corporate wireless net, there is an SSID to allow guests to reach the Internet. They receive a voucher with 1-day valid credentials and are asked to open a browser, which is redirected to a login page https://1.1.1.1/login.html.
  The controllers in the acnhor group have a 3rd party certificate installed. It is generated for a company URL like: guest.companyname.com
  So when the browser hits the login screen, it stops and issues a warning about receiving a valid certificate but for a different URL.
  We have an external DNS-record which resolves the company URL to 1.1.1.1.
  I see a possible solution, if the URL of the Internal (default) URL can be changed to https://guest.companyname.com/login.html because if this is keyed in manually, I receive the login page right away without warnings. This is obviously what we want the guest to see.
  The controllers run 7.0.230.0 software as well as the WLC.
  Hope someone has the simple answer to this???

  Putting 1.1.1.1 (VIP address) is a test to bypass the certificate.  It is pretty simple, if you have done it a hundred times.  But to start of from the basic, make sure that the user is being anchored to the guest wlc.  You should see an entry of the client on the guest anchor and the client should be in the WEBAUTH_REQD state until they go through the login proccess in which they will be in the RUN state.  If you don't , then I can see why the 3rd party certificate is not working.  SO you should see the client on the foreign and the anchor wlc.  Make sure of this first.
  Did you not restart the anchors when you put in the FQDN in the VIP?
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• With a student full creative cloud, do I still get free sites to publish?

  With a student full creative cloud, do I still get free sites to publish?

  I'm having a similar issue. Absolutely nowhere during the registration/purchase process for CC Student/Teacher does it mention that free sites are not included. In fact, in numerous places, it suggests the exact opposite.

• How can I use a 3rd party XML parser such as xerces with OC4J ?

  Hi all tech experts,
  I am using Oracle Application Server 10g Release 2 (10.1.2) and i have
  installed Portal and Wireless and OracleAS Infrastructure on the same
  computer.
  i tried all the solutions on this thread
  Use of Xerces Parser in out application with Oracle App Server 9.0.4
  but still fighting.
  I have also posted this query on OTN on following thread
  How can I use a 3rd party XML parser such as xerces with OC4J?
  but no reply....
  Please help me on this issue.
  Since OC4J is preconfigured to use the Oracle XML parser which is xmlparserv2.jar.
  i have read the following article which states that
  OC4J is preconfigured to use the Oracle XML parser. The Oracle XML parser is fully JAXP 1.1 compatible and will serve the needs of applications which require JAXP functionality. This approach does not require the download, installation, and configuration of additional XML parsers.
  The Oracle XML parser (xmlparserv2.jar) is configured to load as a system level library of OC4J through it's inclusion as an entry in the Class-Path entry of the oc4j.jar Manifest.mf file. This results in the Oracle XML parser being used for all common deployment and packaging situations. You are not permitted to modify the Manifest.mf file of oc4j.jar.
  It must be noted that configuring OC4J to run with any additional XML parser or JDBC library is not a supported configuration. We do know customers who have managed to successfully replace the system level XML parser and the Oracle JDBC drivers that ship with the product, but we do not support this type of configuration due to the possibility of unexpected system behavior and system errors that might occur from replacing the tested and certified libraries.
  If you absolutely must use an additional XML parser such as xerces, then you have to start OC4J such that the xerces.jar file is loaded at a level above the OC4J system classpath. This can be accomplished using the -Xbootclasspath flag of the JRE.
  i have also run the following command
  java -Xbootclasspath/a:d:\xerces\xerces.jar -jar oc4j.jar
  but no success.
  How could i utilize my jar's like xerces.jar and xalan.jar for parsing instead of OC4J in-built parser ?
  All reply will be highly appreciated.
  Thnx in advance to all.
  Neeraj Sidhaye
  try_catch_finally @ Y !

  Hi Neeraj Sidhaye,
  I am trying to deploy a sample xform application to the Oracle Application Server (10.1.3). However, I encountered the class loader issue that is similar to your stuation. I tried all the three solutions but the application is still use the Oracle xml paser class. I am wondering if you have any insight about this?
  Thanks for your help.
  Xingsheng Qian
  iPass Inc.
  Here is the error message I got.
  Message:
  java.lang.ClassCastException: oracle.xml.parser.v2.XMLElement
  Stack Trace:
  org.chiba.xml.xforms.exception.XFormsException: java.lang.ClassCastException: oracle.xml.parser.v2.XMLElement
       at org.chiba.xml.xforms.Container.dispatch(Unknown Source)
       at org.chiba.xml.xforms.Container.dispatch(Unknown Source)
       at org.chiba.xml.xforms.Container.initModels(Unknown Source)
       at org.chiba.xml.xforms.Container.init(Unknown Source)
       at org.chiba.xml.xforms.ChibaBean.init(Unknown Source)
       at org.chiba.adapter.servlet.ServletAdapter.init(ServletAdapter.java:153)
       at org.chiba.adapter.servlet.ChibaServlet.doGet(ChibaServlet.java:303)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
       at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:719)
       at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:376)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:870)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
       at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
       at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: java.lang.ClassCastException: oracle.xml.parser.v2.XMLElement
       at org.chiba.xml.xforms.Instance.iterateModelItems(Unknown Source)
       at org.chiba.xml.xforms.Bind.initializeModelItems(Unknown Source)
       at org.chiba.xml.xforms.Bind.init(Unknown Source)
       at org.chiba.xml.xforms.Initializer.initializeBindElements(Unknown Source)
       at org.chiba.xml.xforms.Model.modelConstruct(Unknown Source)
       at org.chiba.xml.xforms.Model.performDefault(Unknown Source)
       at org.chiba.xml.xforms.XFormsDocument.performDefault(Unknown Source)
       at org.chiba.xml.xforms.XFormsDocument.dispatchEvent(Unknown Source)
       at org.apache.xerces.dom.NodeImpl.dispatchEvent(Unknown Source)
       ... 18 more

• Know of a good 3rd party app to sync Outlook Tasks with iPhone?

  Know of a good 3rd party app to sync Outlook Tasks with iPhone?
  Thanks,
  Monty

  This can not be discussed here I'm afraid.

• Creating a site for mobile devices

  Good morning,
  I have a number of questions relating to the creation of a
  site for mobile devices. My client has given me the assignment to
  re-design his current website, and to also create a sub-site
  suitable for mobiles. I have spent a number of hours looking around
  on the Internet and trying to gain a better understanding of these
  issues. Still, a number of questions remain. if you can give me any
  additional understanding, that would be great.
  Question 1:
  Is my understanding correct: I basically need to create two
  sites, one for the wide-screen browser, and one for the mobile
  browser? I can direct visitors to the mobile site using a CSS or
  javascript link - if their browser identifies them as a mobile
  browser?
  Question 2
  Mobile devices come in all sorts of shapes and sizes and
  versions. PDA\s and iPhone's have different screensizes and
  resolutions that smart--phones, which in turn are different again
  from older and simpler phones. Should I design a site for a number
  of different types of phones? That would a huge amount of work...
  Question 3
  I also own Device Central, an App which I should think is
  very useful in this situation. But I fail to understand it! OK, so
  I can see what my photo or website or flash file looks like on my
  Nokia N73 - but I am not designing specifically for that phone. I
  also want my design to look good on all the other phones! My client
  needs a website that is not tailored to one phone, but to all
  phones.
  Question 4
  And why does Device Central not have profiles for the iPhone?
  I would think it is popular enough to warrant its own profile... (I
  post this from the Netherlands, where the iPhone is not carried
  yet, and so I have only ever held one in my hand). Is this because
  the iphone can see regular sites just fine?
  Question 5
  How does Dreamweaver help me build a mobile site?
  Question 6
  My client wants to show video on his website. In fact, that's
  what this website is all about: showing sports-videos from high
  profile sporting events. Which video-formats are most suitable?
  Question 7
  Do all mobile phones support flash? Or only a few? Or none?
  It seems to me that a flash website would allow for more creativity
  in the design.
  Thanks for any help you can give. Any resources you could
  point me to are also very welcome...
  Sincerely,
  Rogier Bos
  Rotterdam, The Netherlands

  Macnimation wrote:
  > Hi,
  >
  > I'm experimenting with creating a small site off a
  standard site, for mobile
  > phone/devices.
  >
  > Basically, I want to load a basic list page, which has
  links to pages that
  > will display and run flash movies.
  >
  > The flash movies, in FLV format are already at 640 x 480
  which run fine in the
  > main site.
  >
  > Is it simply to resize the movies to fit the mobile
  content size , or will
  > they "auto" resize?
  >
  > Do I have to chnage the webserver configuration in
  anyway, its a standard IIS
  > site at the moment, but MySQL with apache is also an
  option.
  >
  > Would standard html do or would the pages have to be
  done using xhtml or wml?
  >
  > I would like if possible to get this infomration first
  before starting it, so
  > I can possibly reduce delays.
  >
  > Any help or pointers to tutorials would be grateful
  >
  I'd like to check out the PDA scene some day soon, too. In
  the meantime,
  there's a recent discussion of this topic here:
  http://www.sitepoint.com/forums/showthread.php?p=3288343#post3288343
  www.geobop.org - Family Websites
  www.invisible-republic.org - Adult political websites (Mature
  adults only)

• When dowloading itunes, constantly get error message 'Apple Mobile Device -could not be installed- Verify you have sufficient privileges to install system services.

  When downloading itunes to my pc, get error message 'Apple mobile device could not be installed - verify you have sufficient privileges to install system services'
  i am forced to abort/cancel. Can anyone help please?

  Me too. And if someone comes back on here with the same solution of "uninstall and re-install", please provide further advice after you have done that 3 times and the program still has the same problem in addition to the "failure to load the C runtime library" R6034 issue. I have removed itunes 3 times however I do not have permission to remove the program files/apple file and the uninstall doesn't remove it.
  You're not alone buddy.
  Frustrated.