Steps involved in validating a server's certificate

Similar Messages

• Steps involved in Uninstalling SQL Server service packs

  Hi,
  Came to know that we can uninstall sql server service packs from SQL 2008 SP1 onwards.
  Question is, for suppose i have installed SQL 2008 SP3 and found problem. Now I want to uninstall SP3, what are the steps involved to uninstall a service pack? Can we also uninstall QFE, Cummulative updates and hotfix's as well?
  How does sql server does the rollback or uninstall of service pack behind the scenes?
  Appreciate your help.
  Thank you.

  Hello,
  @Cheer08: When SP1 CU3 and SP1 CU4 were released we found that some SQL Server users had issues with SSIS and SSRS, when these CUs were
  uninstalled we found the issues continue, and we were back to normal when we reapplied SP1 or SP1 CU2.
  @Samantha: About the Resource DB, it certainly plays a factor on applying updates and upgrading process, which is explained
  here. About how it is used to allow rollback of updates
  in SQL Server, the Resource DB seems to be used to copy back the objects and semantics to system databases as explained in the following article.
  http://extremeexperts.com/sql/yukon/resourcedatabase.aspx
  @Samantha: no official documents to my knowledge, I just have a real world experience on this as I mentioned to @Cheer08.
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• What r the steps involved in validation ?

  Hi All,
  Can u give me the steps to be performed in maintaining validations in FI
  which r the tcodes used and what r maintained in it.
  what r the steps to be performed by the abaper.
  its urgent
  helpful answers are rewarded
  thanks everyone

  yes ,i've registered in rggbr000 by cpoying this to zrggbr000
    exits-name  = 'U900'.                  "single validation: only one
    exits-param = c_exit_param_none.        "data record used
    exits-title = text-102.                 "Example EIS
    APPEND exits.
  also i've coded
  form U900
  endform.
  in the same  zrggbr000
  after that how this form is called during the runtime.
  thats what the problem is

• Validating a server's certificate

  I am writing an app that does an https post of a request and gets a result returned. The company that I am interacting with has a certificate from verisign. I know nothing about certificates! I need to validate their certificate in code as I do this transaction. I need to validate that their cert is current, check the authority and the url. Anyone have an example of this type of action? Do I do this right before the post or does this happen during the post? Sorry I am such a newbie!
  Thanks!
  Bill

  Hello!!!
  I've a similar problem. I need validate a client certificate against my server. I'm researching in this field and I've learning some things. You need have one keystore, this is the place where the certificates are stored. In this keystore you need have the CA root certificates (Certificate Authory or similar), so to speak, the trusted certificates (verisign, thawte, etc). Your application trust by default in this entities. You can add more entities when you want, only you need the CA root certificates to import them. Afterwards, you need validate a client certificate against this keystore, so the client cert must have a sign from a CA inside it. Then we're going to validate the cert asking to the keystore if the client cert exists inside it, first look for the same CA root that the client cert have and if this CA root exists then we will look for final client cert, and if this certificate exists then the process will be ok.
  This is the process more or less, I'm sorry if I can't explain me better, so you can read more of this in the java tutorial or the JSSE tutorial, or JCE tutorial.
  If you have installed J2SE in your machine, you will see the keystore in C:\Documents and Settings\<your_user>\.keystore
  and c:\j2sdk1.4.1_02\jre\lib\security\cacert
  This is my code, works, but I need do finish it:
  package autenticacion;
  import java.security.KeyStore;
  import java.security.Security;
  import java.security.cert.CertificateFactory;
  import java.security.cert.X509Certificate;
  import java.util.*;
  import com.novell.ldap.LDAPConnection;
  import com.novell.ldap.LDAPException;
  import com.novell.ldap.LDAPJSSESecureSocketFactory;
  import com.sun.net.ssl.SSLContext;
  import java.io.*;
  public class TestCert {
  KeyStore keyStore;
  String keyStorePath;
  char[] keyStorePassword;
  public TestCert(){
       this.keyStore = null;
       this.keyStorePath = "";
       this.keyStorePassword = null;
  public TestCert(KeyStore keyStore, String keyStorePath, char[] keyStorePassword){
       this.keyStore = keyStore;
       this.keyStorePath = keyStorePath;
       this.keyStorePassword = keyStorePassword;
  public static void main( String[] args )
       FileInputStream keyStoreIStream = null;
  try
  String keyStorePath = "D:/JAVA/j2sdk1.4.1_02/jre/lib/security/cacerts";//"c:/Documents and Settings/instalador/.keystore";
  char[] keyStorePassword = "changeit".toCharArray();//"password".toCharArray();
  String pathFileName = "c:/mykeyFile.cert";
  //dynamically set SunJSSE as a security provider
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // Open the keystore file.
  try
  // Open the stream to read in the keystore.
  keyStoreIStream = new FileInputStream(keyStorePath);
  catch( FileNotFoundException e )
  // If the path does not exist then a null stream means
  // the keystore is initialized empty. If an untrusted
  // certificate chain is trusted by the user, then it will be
  // saved in the file pointed to by keyStorePath.
  keyStoreIStream = null;
  // Create a KeyStore Object
  KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
  // Init the Keystore with the contents of the keystore file.
  // If the input stream is null the keystore is initialized empty.
  keyStore.load(keyStoreIStream, keyStorePassword);
  // Close keystore input stream
  if(keyStoreIStream != null)
  keyStoreIStream.close();
  keyStoreIStream = null;
            //Array en el que se guardan todos los certificados que nos envien.
                 //X509Certificate[] chain = (X509Certificate[]) request.getAttribute("java.security.cert.X509Certificate");
  //isChainTrusted
                 TestCert test = new TestCert( keyStore, keyStorePath, keyStorePassword );
                 X509Certificate[] cert = test.getCertFromFile(pathFileName);
                 test.getAcceptedIssuers();
                 System.out.println(test.isChainTrusted(cert));
  catch( Exception e )
       e.printStackTrace();
  System.out.println( "main Error: " + e.toString() );
  } finally{
       try{
            if(keyStoreIStream!=null){
                 keyStoreIStream.close();
       }catch( Exception e){
            e.printStackTrace();
       System.out.println( "main Error: " + e.toString() );
  // getAcceptedIssuers retrieves all of the certificates in the keyStore
  // and returns them in an X509Certificate array.
  public X509Certificate[] getAcceptedIssuers()
  X509Certificate[] X509Certs = null;
  try
  // See how many certificates are in the keystore.
  int numberOfEntry = keyStore.size();
  // If there are any certificates in the keystore.
  if(numberOfEntry > 0)
  // Create an array of X509Certificates
  X509Certs = new X509Certificate[numberOfEntry];
  // Get all of the certificate alias out of the keystore.
  Enumeration aliases = keyStore.aliases();
  // Retrieve all of the certificates out of the keystore
  // via the alias name.
  int i = 0;
  while (aliases.hasMoreElements())
       String alias = (String)aliases.nextElement();
  System.out.println(alias);
  X509Certs[i] = (X509Certificate)keyStore.getCertificate(alias);
  System.out.println(X509Certs);
  i++;
  catch( Exception e )
  System.out.println( "getAcceptedIssuers Exception: "
  + e.toString() );
  X509Certs = null;
  return X509Certs;
  // isChainTrusted searches the keyStore for any certificate in the
  // certificate chain.
  private boolean isChainTrusted(X509Certificate[] chain)
  boolean trusted = false;
  try
  // Start with the root and see if it is in the Keystore.
  // The root is at the end of the chain.
  for (int i = chain.length - 1; i >= 0; i-- )
  if (keyStore.getCertificateAlias(chain[i]) != null)
  trusted = true;
  break;
  catch( Exception e )
  System.out.println( "isChainTrusted Exception: "
  + e.toString() );
  trusted = false;
  return trusted;
  * Obtiene el certificado de un fichero y lo pasa a un objeto de la clase X509Certificate.
  private X509Certificate[] getCertFromFile(String filename){
            X509Certificate chain[] = null;
            FileInputStream fis = null;
            try{
            //The following example parses a PKCS#7-formatted certificate reply stored in a file and extracts all the certificates from it:
            Vector v = new Vector();
            fis = new FileInputStream(filename);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Collection c = cf.generateCertificates(fis);
            Iterator i = c.iterator();
            while (i.hasNext()) {
            X509Certificate cert = (X509Certificate)i.next();
            System.out.println(cert);
            v.add(cert);
                 chain = new X509Certificate[v.size()];
                 chain = (X509Certificate [] ) v.toArray(chain);
            } catch (Exception ex){
                 ex.printStackTrace();               
            } finally {
                 try{
                      fis.close();
                 }catch (Exception ex){
                      ex.printStackTrace();               
            return chain;
  If you do finish your code I'd like you tell me something.
  Bye.

• SSL Certificate appears valid in Server Admin, but as expired in browsers

  I've imported a certificate from Thawte that expires June 29 2008. It shows the correct dates within the Certificates tab of Server Admin, and everthing looks fine, but when I load an https: page on my server, the browser tells me that the certificate expired June 30 2007.
  This is a fairly new Mac Pro running OSX 10.5.2 Leopard Server, and Apache 2.2.
  If you click on the embedded icon from Thawte that links to their site for verification, it also shows that the certificate is valid.
  I've deleted and re-imported it a few times, and rebooted the server, but it always shows as expired in browsers.
  Sample page with link to Thawte;
  https://cstore.uvic.ca/index-ssl.lasso
  Thanks in advance to anyone who can help me get this fixed.
  Brad.
  Message was edited by: FastCompany

  Camelot,
  Thanks for the reply. I'm not offended by your suggestion that it's something simple that I've overlooked, rather I'm hoping that it is.
  I have selected the certificate on the appropriate site on the web panel. When you visit the site link In my original message, you'll see that the correct certificate is being served, but it appears as expired to the browser, even though it shows as valid in Server Admin.
  I also found it in the Keychain utility, and it also shows as a valid certifcate there. I did find an entry in the Keychain utility for an earlier attempt at installing an expired certificate, so I deleted that entry.

• Missing the "Microsoft Exchange Server Auth Certificate"

  Hi Everyone,
  I have a single Exchange box.    
  Was integrating my Lync and Exchange and noticed some issues after configuring my Lync pre-reqs: http://technet.microsoft.com/en-us/library/jj721919.aspx
  Following the line of communication and event logs, I quickly saw that the error was not on my Lync Server, but on my Exchange.  The "Microsoft Exchange Server Auth Certificate" that is created during Ex2013 install was missing.
   It was not there to give out tokens for the Server to Server authentication required to integrate Lync, Exchange, and Sharepoint.
  Running Get-AuthConfig: http://technet.microsoft.com/en-us/library/jj215766(v=exchg.150).aspx
  pointed to a thumbprint that did not exist anymore.  
  I confirmed this by checking the local cert store (local computer>personal>certificates), looking in the ECP (servers>certificates), and also running Get-ExchangeCertificate
  In my Exchange Server event log, I found the following errors: 
  Log Name: Application
  Source: MSExchange Certificate Deployment
  Date: 6/8/2014 4:00:50 AM
  Event ID: 2005
  Task Category: General
  Level: Warning
  Keywords: Classic
  User: N/A
  Computer: server.domain.com
  Description:
  Federation or Auth certificate not found: ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation
  Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.
  Event Xml:
  2005
  3
  1
  0x80000000000000
  2391484
  Application
  server.domain.com
  ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3
  AND
  Log Name: Application
  Source: MSExchange OAuth
  Date: 6/8/2014 1:25:41 PM
  Event ID: 2004
  Task Category: Configuration
  Level: Warning
  Keywords: Classic
  User: N/A
  Computer: server.domain.com
  Description:
  Unable to find the certificate with thumbprint ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
  Event Xml:
  2004
  3
  2
  0x80000000000000
  2397430
  Application
  server.domain.com
  ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3
  Googling has only produced one article that is about another issue that I would have found further down the line if I wasn't testing within the pre-reqs.  The solution is the same, but the article is somewhat poorly written and does not respond to all
  the comments enough to leave one feeling it's 100% correct.  
  http://blogs.technet.com/b/jenstr/archive/2012/11/22/getting-internal-server-error-500-when-creating...
  The broad strokes are clear:
  The fix is to create a new "Microsoft Exchange Server Auth Certificate" by using the following sequence of cmdlets In EMS on the MBX server:
  1. New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
  Do not accept to replace the SMTP certificate when prompted
  2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
  3. $a=get-date
  4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
  Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
  5. Set-AuthConfig –PublishCertificate
  6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
  Remember to do iisreset on both CAS and MBX servers. Then finally, you can try to re-issue the New-CsPartnerApplication cmdlet.
  65 Million Dollar question:
  Is the syntax in part 1 correct?  Two people says to add the domain?  Jens responds, but it's vague.  What would the correct command look like?  I do not know where to add the -DomainName within the command and which name I
  should add?  The FQDN of the CAS?
  New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services
  smtp
  Thank you everyone

  Hi,
  Yes, we need to specify a valid FQDN for either the Subject or the DomainName parameter. Please run the following command:
  New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services
  smtp
  Then following the other steps in your posting to re-create the Microsoft Exchange Server Auth Certificate.
  Regards,
  Winnie Liang
  TechNet Community Support

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• Sun.security.validator.ValidatorException: No trusted certificate found

  Hello,
  I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
  I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
  -Djavax.net.ssl.trustStore=/Path-to-file  -Djavax.net.ssl.trustStorePassword=password     On my development environment I can call the Web Service correctly.
  Although, on the production environment, I am getting the following exception:
  javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy171.send(Unknown Source)
       at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
       at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
       at java.lang.Thread.run(Thread.java:619)
  Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
       ... 6 more
  Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  333)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
       ... 9 more
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
  d certificate found
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
  nnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
  0)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  275)
       ... 14 more
  Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  09)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  49)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more     Both systems are configured with the same JBoss, JVM, ...
  The certificate details are:
  Owner=
    CN=*...., OU=..., O=..., L=..., ST=..., C=PT
  Issuer=
    CN=..., O=..., C=PT
  Version=3
  Serial Number=BC81A81843E26C2597CD10354588F61E
  Valid From=Monday, 3 March 2008 18:50
  Valid Until=Tuesday, 3 March 2009 18:50
  Signature Algorithm=SHA1withRSA
  Fingerprints=
      MD5:     0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
      SHA1:    35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
  Key Usage= critical
      List:
      . digitalSignature
      . keyEncipherment
      . dataEncipherment
      . keyAgreement
  Extended Key Usage= none
       On production I have also tried adding the following properties:
  -Djavax.net.ssl.keyStore=/Path-to-file  -Djavax.net.ssl.keyStorePassword=password     But I still get the error.
  Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
  Any help would really be welcome.
  Thanks in advance.
  Best regards,
  Victor Batista

  Hi,
  Thanks for your prompt reply.
  I have also tried to add all the chain of certificates on my truststore, although I get the exception:
  Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 moreAnd all the certificates are valid.
  I really don't understand what is going on.
  Can I Ignore expired certificates? Any property?
  When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
  Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
  The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
  Thanks in advance,
  Victor

• Steps involved in adding USB external HDD to a TC

  Please forgive me if this question is somewhere in the forum, I haven’t been able to find it. At least I haven’t been able to find the actual steps involved (but I’m sure that they are probably right in front of me).
  Here is my problem. I have a 1Tb Time Capsule, an iMAC, a MacBook, a MacBook Pro. I am running out of some space on my TC and have had to exclude a few directories in order to get it to successfully backup. I would like to back up all of my directories if possible.
  After reading the post by Pondini , I http://discussions.apple.com/thread.jspa?threadID=2296894 I see that I can add external USB drives to my time capsule (http://web.me.com/pondini/Time_Machine/TCQ4.html). If I want to add, lets say 2 usb drives and then backup each computer to its own drive. Is it simple a matter of getting a powered usb hub, and then on each individual computer configure its individual time machine backup (system preferences -> Time Machine -> Select Disk? Or do I control all of this from my ‘master’ computer, which is the iMAC? If this is the case, then what would be the steps involved.
  Does this question make sense?

  JM43 wrote:
  Is it simple a matter of getting a powered usb hub, and then on each individual computer configure its individual time machine backup (system preferences -> Time Machine -> Select Disk?
  Yup.
  Depending on the sizes, you might want to get a single large drive and back up 2 of the Macs to it. You could partition it so each one has it's own space, or let them share the whole drive.
  Just be sure to format it/them +*Mac OS Extended+* with the GUID Partition Map scheme.
  Or do I control all of this from my ‘master’ computer, which is the iMAC?
  No, it isn't a "master." You may use it that way, but only a Mac running OSX Server is considered as a "master." All your Macs are equal.
  One suggestion, though; I'd recommend backing the iMac up to a directly-connected USB (or, better, FireWire) external HD. That's much faster and more reliable, and will reduce the amount of traffic on your network.

• The verification of the server's certificate chain failed

  Hi All,
  Not sure this is the right forum for this but never mind.
  I am trying to get abap2GApps working and am having problems with the client certificates.
  I am getting the below error in ICM :-
  [Thr 06] Mon Jul 30 09:34:47 2012
  [Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
  [Thr 06]    session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"
  [Thr 06] SecudeSSL_SessionStart: SSL_connect() failed
    secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
  [Thr 06] >>            Begin of Secude-SSL Errorstack            >>
  [Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
  ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E
  ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
  [Thr 06] <<            End of Secude-SSL Errorstack
  [Thr 06]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
  [Thr 06]   SSL NI-sock: local=172.30.7.170:59036  peer=172.30.8.100:80
  [Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT
  [Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]
  Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.
  For accounts.google.com they use (this set works) :-
  1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
  2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
  3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  For docs.google.com they use a different set of SSL certs. :-
  1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
  2) CN=Google Internet Authority, O=Google Inc, C=US
  3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Can anyone explain what I am doing wrong or how to correct this?
  Thanks
  Craig

  Further UPDATE
  After removing every certificate related to docs.google.com I still get the same error!
  I have even tried downloading the root certificate directly from GeoTrust themselves and yet I still get the same error.
  I have even resorted to running SAP program ZSSF_TEST_PSE from note 800240 to check the PSE and all is well!
  Referring to SAP Note 1318906 suggests I am missing a certificate in the chain but I am not!
  "Situation: The ICM is in the client role and the following entry is displayed in the trace:
  ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
  Reason:You try to set up a secure connection to a server, but the validity of the certificate cannot be verified because the required certificates are not available.
  Solution:The missing certificates are listed in the trace file. You must use transaction STRUST to insert these certificates in the Personal Security Environment (PSE) that is used for the connection. The certificates are usually made available to you by the server administrator. If the certificates are public Certification Authority (CA) certificates, you can also request the certificates there."
  What could possibly causing this?
  Please help!
  Craig

• Microsoft Exchange Server Auth Certificate Error

  I have new install the Exchange server 2013. I accidentally assigned the IIS service to the Microsoft Exchange Auth Certificate. now i'm facing problem to connect exchange server from outlook.
  The Error shows
  "There is a problem with the proxy server's security certificate.  The name on the security certificate is invalid or does not match the name of the target site
  name.  Outlook is unable to connect to the proxy server. (Error Code 10)."
  Certificate shows error
  "This CA root Certificate is nit trusted because it is not in the Trusted Root Certificate Authorities store"
  Please help me...
  Thanks

  HI Winnie,
  if i use root CA from AD CA can solve this issue?
  Please see the result:
  [PS] C:\Windows\system32>Get-ExchangeCertificate | FL
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=Microsoft Exchange Server Auth Certificate
  NotAfter           : 12/19/2018 12:37:13 PM
  NotBefore          : 12/19/2013 12:37:13 PM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 30F29F3C289D448A4244C95D267B9976
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=Microsoft Exchange Server Auth Certificate
  Thumbprint         : 514DDBBDAB0878766B9D305A0D500CBEA334E109
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=Microsoft Exchange Server Auth Certificate
  NotAfter           : 12/18/2018 3:51:00 PM
  NotBefore          : 12/18/2013 3:51:00 PM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 2AAA1A565B385794473CE3AC8D3A85F4
  Services           : IIS, SMTP
  Status             : Valid
  Subject            : CN=Microsoft Exchange Server Auth Certificate
  Thumbprint         : 5E6026E8C9CC18BFE3684E58CD2876AC97A2514D
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=DBH-EX01
  NotAfter           : 12/11/2018 7:25:05 PM
  NotBefore          : 12/11/2013 7:25:05 PM
  PublicKeySize      : 2048
  RootCAType         : Registry
  SerialNumber       : 1C611FA9102B64B3462A0100FEF74A12
  Services           : IMAP, POP, IIS, SMTP
  Status             : Valid
  Subject            : CN=DBH-EX01
  Thumbprint         : 2FD1A8D2141DCA036F3DD5BE1191FD1FB6966EE9
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {WMSvc-DBH-EX01}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=WMSvc-DBH-EX01
  NotAfter           : 12/9/2023 5:03:46 PM
  NotBefore          : 12/11/2013 5:03:46 PM
  PublicKeySize      : 2048
  RootCAType         : Registry
  SerialNumber       : 4013857FC4683FA940C6DCC87A83A05F
  Services           : None
  Status             : Valid
  Subject            : CN=WMSvc-DBH-EX01
  Thumbprint         : BAE5A99C48FDFDBDBDE1E158833F862BB977DC01

• Use custom not ConfigMgr SQL Server Identification Certificate

  Hello,
  I noticed that during the database creation steps in System Center 2012 Configuration Manager, the SQL server's instance gets assigned a SSL Certificate called ConfigMgr SQL Server Identification Certificate.  I currently have one that
  I have assigned by our own PKI solution as I am pointing this to our SQL cluster.
  Is there anyway to use my PKI issued certificate over the self-signed one that gets deployed by System Center during the installation process?  When I use my own PKI issued certificate, System Center is unable to connect saying there is an issue with
  the certificate (which I know is untrue as other applications can communicate to the cluster fine with my PKI issued certificate).
  Thanks in advance!

  Hi,
  This technet article might be of more help.
  PKI Certificate Requirements for Configuration Manager
  http://technet.microsoft.com/en-us/library/gg699362.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM 2007 Site Server Signing Certificate - Any Way to Extend Life of Template

  Good morning,
  It looks like my Site Server Signing certificate can't be renewed past the five year validity that the template was given.  So, come Feb. 14th, I can't renew my existing Site Server Signing certificate.  Is there any way to extend the life of the
  certificate template so I can just "renew" the existing certificate on my server as opposed to creating and distributing a new one?  Thanks for any help anyone can provide.

  Good morning,
  It looks like my Site Server Signing certificate can't be renewed past the five year validity that the template was given.  So, come Feb. 14th, I can't renew my existing Site Server Signing certificate.  Is there any way to extend the life of the
  certificate template so I can just "renew" the existing certificate on my server as opposed to creating and distributing a new one?  Thanks for any help anyone can provide.

• How to connect to Windows 2008 VPN server with certificate support

  Unfortunatelly if I select any Windows 2008 server compatible protocol (PPTP, L2TP) I cannot select PKI certificate, its only available for Cisco VPN. Yet my company has 1000 laptops and utilizing Windows 2008 Server for VPN (Cisco is too expensive and unnecessary because VPN is part of Windows Server). PKI certificate is required for connection security.
  Any plans to enable certificates for PPTP or L2TP in 2.1 firmware? Even better would be to add SSTP protocol with certificate support, because it takes only one standard TCP connection (https) per user (uses least possible NAT resources for heavy loaded NATed WiFi spots). Also in some public places https is the only option to connect as PPTP and L2TP are filtered.

  Hi Shahzad,
  >>how to connect sql server 2008 r2 sp2 with visual studio 2013 ultimate?
  Based on your issue, if you wan to connect the sql server 2008 r2 sp2 from VS2013 IDE. I suggest you can try the Ammar and darnold924's suggestion to check your issue.
  In addition, I suggest you can also refer the following steps to connect the sql server 2008 r2 sp2 with visual studio 2013 ultimate.
  Step1: I suggest you can go to VIEW->SQL Server Object Explorer->Right click SQL Server->Add SQL Server.
  Step2: After you connect the SQL Server 2008 r2 sp2 fine, I suggest you can go to VIEW->Server Explorer-> right click the Data Connection->Add Connection.
  And then you can create the connect string in the Add Connection dialog box.
  Hope it help you!
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• What are the steps involved in configuring Oracle EBSR12 after installation

  What are the steps involved in configuring Oracle EBS R12 after installation is complete?
  We have an empty oracle EBS R12 installed and up and running. We do not have anything configured.
  Please direct me to the documents that can be followed to do initial steps for the application functionality to work.
  Thanks,
  SR

  What are the steps involved in configuring Oracle EBS R12 after installation is complete?
  We have an empty oracle EBS R12 installed and up and running. We do not have anything configured.
  Please direct me to the documents that can be followed to do initial steps for the application functionality to work.All Oracle EBS Docs 11i/R12 can be found at:
  Oracle Applications Documentation
  http://www.oracle.com/technetwork/documentation/applications-167706.html
  Thanks,
  Hussein