Suddenly getting a warning about a self issued certificate for a secure connection failure..is this a spoof?

Similar Messages

• [svn:fx-trunk] 11454: ASyncList class ASDoc change: added explicit warning about the lack of support for re-inserting pending items .

  Revision: 11454
  Author:   [email protected]
  Date:     2009-11-04 18:17:33 -0800 (Wed, 04 Nov 2009)
  Log Message:
  ASyncList class ASDoc change: added explicit warning about the lack of support for re-inserting pending items.
  QE notes:
  Doc notes:
  Bugs:
  Reviewer:
  Tests run:
  Is noteworthy for integration:
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/framework/src/mx/collections/AsyncListView.as

• Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

  In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
  on this computer" and un-checked "Use simple certificate selection".
  My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
  client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
  drop down.
  Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
  TIA,
  -Rick

  Hi Rick,
  Thank you for your patience.
  According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
  know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• HT204350 Started the transfer process from my old MacBook to a new MacBook pro using Migration assistant 12 hours ago. The screen says transferring your information. Moving about 270 GB using an Ethernet cable  directly connected. Is this normal?

  Started the transfer process from my old MacBook to a new MacBook pro using Migration assistant 12 hours ago. The screen says transferring your information. Moving about 270 GB using an Ethernet cable  directly connected. Is this normal?

  You can get a thunderbolt to firewire adapter. You can then get a firewire 400 to 800 cable and put the old computer in target mode. Then you can follow these instructions.
  http://support.apple.com/kb/HT4889
  Choose migrate from other disk or volume.

• Self Signed Certificate for Web Proxy 4.0.2

  Does anyone have instructions on how to create and install self signed Certificate for Web Proxy Server 4.0.2? My OS is RHEL 4.
  Shed.

  Unfortunately you will not be able to do that from the GUI.
  You will have to use certutil frin proxy-install/bin/proxy/admin/bin/certutil
  Make sure that your LD_LIBRARY_PATH includes proxy-install/bin/proxy/lib
  (start -shell will give you a shell with all necessary paths set.)
  create a file called password-file which contains your password to your cert database
  your cert database resides in the alias directory of proxy installation.
  certutil -S -s "CN=My Issuer" -n myissuer -x -t "C,C,C" -1 -2 -5 -m 1234
  -f password-file -d certdir

• How to replace self-signed certificate for enterprise manager console

  Does anyone know how to change self-signed certificate for https access to Enterprise Manager console, which is issued during installation of Oracle 11g?

  Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
  Not sure how relevant it will be for 11g, sorry :(

• Generating Self Signed Certificate for iPlanet Directory Server for testing

  Hi Experts,
  I am unable to find how to generate self signed certificate for iPlanet Directory Server for testing purpose. Actually what i mean is i want to connect to the iPlanet LDAP Server with LDAPS:// rather than LDAP:// for Secured LDAP Authentication. For this purpose How to create a Dummy Certificate to enable iPlanet Directory Server SSL. I searched in google but no help. Please provide me the solution how to test it.
  Thanks in Advance,
  Kalyan

  Here's one I did earlier.
  Refers to Solaris 10
  SSL Security
  add a new certificate that lasts for ten years (120 months).
  stop the instance:
  dsadm stop <instance>
  Remove DS from smf control:
  dsadm disable-service <instance>
  Change Certificate Database Password:
  dsadm set-flags <instance> cert-pwd-prompt=on
       Choose the new certificate database password:
       Confirm the new certificate database password:
  Certificate database password successfully updated.
  Restart the instance from the dscc:
  DSCC -> start <instance>
  Now add a new Certificate which lasts for ten years (120 months; -v 120):
  `cd <instance_path>`
  `certutil -S -d . -P slapd- -s "CN=<FQDN_server_name>" �n testcert �v 120 -t T,, -x`
       Enter Password or Pin for "NSS Certificate DB":
  Stop the Instance.
  On the DSCC Security -> Certificates tab:
       select option to "Do not Prompt for Password"
  Restart the instance.
  On the Security -> General tab, select the new certificate to use for ssl encryption
  Restart the instance
  Stop the instance
  Put DS back into smf control:
  dsadm enable-service <instance>
  Check the smf:
  svcs -a | grep ds
  # svcs -a|grep ds
  disabled Aug_16 svc:/application/sun/ds:default
  online Aug_16 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads
  online 17:04:28 svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1

• I get a warning about using an old version even after installing v24.

  Several websites (including Mozilla) give me a warning about using an old version. I'm currently on v24 and when I take the advice to upgrade it simply re-installs v24 again but the out of date message doesn't go away!

  Philipp,
  Sorry, should have read the ENTIRE message you sent. Problem solved - thank you so much. Have a great day.

• In PS C6 I'm getting a warning that "No color management" setting for printer isn't supported. Why?

  I'm using Photoshop Extended CS6. I'm printing to either an Epson Stylus Pro 9900 or an Epson SP4900. In the print dialog, I get a warning I haven't seen in a long time. It says the setting "No Color Management" at the printer is not supported. This is patently false. I am given a link to download the Adobe Color Print Utility (which gives abominable results; I know this from repeated uses in the past), and a service note saying this issue is for Photoshop CS5. Clearly there is a problem, possibly a bug.
  I have never had CS5 installed on this machine. I do have PS CS5.5 and PS CS6 on this machine (I have used all versions of CS in various suites from the start of the product line).
  Can anyone explain this annoying intrusion on my workflow? Of course "no printer management on printer/Photoshop manages color" works... There must be an explanation.
  Thanks.

  An excellent question, and worthy, in fact of an essay, if not a chapter in a book on color management and proofing issues. And as you suggested earlier, it's a philosophical question (not strictly conceptual to my way of thinking).
  It's also a question I can't answer, in terms of practicality and a personal sense of efficacy in dealing with a monolithic process (producing a print). That is, I can't answer for you, or anyone else I'd venture to say.
  Stepping back for the briefest of moments, we should remember we live, on computers, in a virtual world. Whatever we see is a simulation, or if you prefer a simulacrum. Plato would probably say, not much better than the play of shadows on the cave wall from the flickering flames.
  It's called soft proofing for a reason. The only hard proof is a print. I am old enough to remember the days when producing a color print from a chrome (requiring an internegative) or even directly from negative images, was an art, best left to skilled technicians in a lab. And even then it was an iterative process. Making an image ready for accurate color rendition in lithographic reproduction was the same things, maybe times ten. And required sometimes a whole team of skilled technicians, the last of them being the press operator. You can't appreciate the full impact of these facts of life back then unless you have been "on press" in some plant, invariably in the hinterlands, looking at actual press proofs under 6500K calibrated proofing lights, comparing them against the original chrome, the separation proofs used to make the plates. You had to understand not only the physics (and biology) of RGB imaging, but the intricacies of subtractive technology, aka CMYK. As in so much else in life, less is more, and so you had to understand that sometimes the least adjustment was the best (because you were also dealing with the physical constraints of layers of ink on paper), so if an image looked too green on the press sheet, it might be best to throttle up on the magenta just a touch, rather than cut back on the yellow and cyan. You balanced one against the other, because of the possible effects on other parts of the image.
  This long-winded, probably tiresome if not boring, anecdote is meant to be illustrative of the analogous situation in which we find ourselves printing images with digital technology, combined with electromechanical devices spraying pigmented fluids in drops measured in picoliters of volume on substrates of varying physical properties related to absorbency, refractive index, contribution to an arcane phenomenon known as metamerism.
  We can't hope to see anything but a, pardon the expression, simulacrum of the combination of the effects of these phenomena (and other phenomena as a result of the interdigitation of these different technologies, at the software level, and even more so at the hardware level), at least not on a screen (which introduces a whole other set of variables). We can't see what we will get unless we actually go through the ordeal and expense of producing a hard proof. And then using our experience and deductive skills to make adjustments, not unlike maneuvering a rover on the moon from a control station on earth, that will produce the desired outcome within a very narrow (I assume) set of parameters.
  Personally, I prefer working in Lightroom and in Photoshop in order to produce the image I would like to see in an ideal, if you like a Platonic, world. If what was on the screen could somehow be transferred magically to the surface of a lovely unsullied sheet of Arches cold press watercolor paper, 350g/m^2 coming out of an Epson 9900... (I've done it). Not so easy.
  What the soft proofing capabilities of Photoshop are good for, from my point of view, is to show me how far off the image I am looking at as ideal will fall short on the intended target substrate. I must always remember, it is not a wholly accurate rendition of what the printer will do with a sheet of paper from a particular production run, with the particular combination of inks (with varying dates of origin of manufacture), never mind the vagaries of temperamental nozzles in the printhead, not to mention conditions of humidity, temperature, etc.
  What the softproof tells me is that the red in that scarf on my subject really needs bumping up, if I expect the level of vibrancy I see I need in the ideal rendition. And I make the adjustment in the RGB representation on the screen, etc. When I have made my by guess and by gosh adjustments to all problem areas as suggested by the soft proof (it is only as accurate after all as the RGB image is in depicting any realistic expectation of a final result—the only assurance I have is that if I really want people to see my image as I see it on the screen I had better show them the screen...), I make a print. Sometimes I have to make two or three until I am satisfied this is truly the best I will get from the beautiful, but arcane, surface of the paper I have chosen.
  In short, it's a risky business, and expensive.
  If you want fast and affordable, frankly, stick to premium grade high gloss surfaces, preferably from Epson, in your case, or the manufacturer of your printer in general (Canon, incidentally, produces spectacular results on their Pixma Pro series printers and their own papers, especially the Pro Luster surface... I don't even bother with soft proofing... so there is an exception even to this rule I am taking a lot of time to point out to you). High gloss papers tend to have the widest gamut, give the deepest blacks, and the best renditions of saturated color, red and blue particularly, for some reason often the hardest spectral colors to render with the level of saturation you might like. Especially if you tend to shoot vividly colored subjects.
  If you regularly use matte surface, or so-called fine art or watercolor surfaces, I think even if you adhere to the workflow implied in your question... Just set the computer and screen to "soft proof" in effect in Photoshop and work from their, and hope for the best... you are in for massive chronic dissatisfaction.
  One last thing, I produce what I consider a basic working image in Lightroom, add further effects using a battery of third party effects software (from Google Nik, OnOne, Imagenomic, AlienSkin, etc.) and then go to work further on the image in Photoshop, but I never save the image, except as a revised file, once I'm done with Lightroom adjustments (which are never applied to the RAW file, but kept as meta-instructions separately in the LR database). So any effects added produce a new file. Any changes in Photoshop produce a new file. And when I am working, finally on an image to make into a committed hard print, I NEVER save the settings I use to produce a print, including a print I deem acceptable for exhibition. If nothing else, I can honestly tell a print buyer they are getting a unique "hand-made" image. I don't feel I'm operating a factory after all, but a studio. Further, changes in technology occur dynamically and continuously. I don't know what I would do with the settings I derived from working solely in the "soft-proofing" mode you think you might prefer in your workflow, if a new paper or ink set, or printer came along that solved the problems I had to fudge around to get a decent print with the existing technology at the time. At least if I work solely in RGB trying to achieve an "ideal" rendition, I will always be able to start from that same point, the next time I want a print worth saving of that image.
  We've gone, or I've gone, way off topic here, and I beg the indulgence of anyone else who might be reading this, hoping for a simple fix to the original simple problem.
  H

• Question about IDS Self Study Guide for IDS

  Hello,
  i'm searching for a self study guide for the ips (ASA-SSM-10/20) where i can see how to configure signatures and deployment.
  Thanks in advance for your help
  regards
  Klaus

  The signature configuration for the SSM module is identical to any of the other IPS sensors. The root of all IPS documentation is here:
  http://cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html
  Here is the ASA 7.1 doc on how to move traffic to the SSM
  http://cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ssm.html

• ASA self-signed certificate for Anyconnect 3.1, which attributes?

  Hi everybody,
  I can't find the detailed information which attributes are exactly needed for the Anyconnect 3.1 client to correctly identify the VPN server -ASA 8.4(4)1
  I have added two servers in the client connection profile:
  IP address, primary protocol IPsec
  IP address/non-default port number, primary protocol SSL
  Connecting via IPsec only issues a warning about "untrusted source" (I didn't import the certificate as trusted, but that's not the issue)
  Connecting via SSL issues an additional warning "Certificate does not match the server name".
  The self-signed certificate (created with ASDM) includes the IP address as DN cn, additionally as alternate identity "IP address". I have exported the certificate and parsed it with openssl (after re-encoding to PKCS#12 DER) and apparently no attributes are included.
  I would like to give it a try with certtool and openssl to generate a self-signed certificate which is accepted by the Anconnect 3.1, where can I find a detailed description, which attributes are required for Anyconnect SSL sessions? I'm convinced the identity (DN cn) is OK.

  Shamelessly bumping this question,
  Anyone out there (maybe from Cisco) who can tell us, which atttributes are required on a self signed certificate?
  I keep getting "Certificate does not match the Server Name" for SSL-VPN, IPsec-VPN is fine for the same server.

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• How to Generate a Proper Self Signed Certificate for RV180W

  Right now the Self-signed Certificate on my RV180W generates errors as it was issued to the MAC address instead of the current IP address. Could someone please provide me insrtucions on Generating a Self-Signed certificate (or 1 from my Windows Server 2012 Certification Authority) that will eliminate the constant barreage of certificate errors I get when trying to access the management interface of my device?  the internal domain is mythos.local, netbios name of MYTHOS, and the device name in question is surtur.
  Thanks in advance,
  Robert Hessenauer

  Anybody?  It is unlike everyo9ne to ignore a post without comment for 9 days.
  Not complaining (woll maybe just a bit)
  Robert Hessenauer

• I'm having a problem accessing Bupers Online using my CAC reader. I get an error that says safari can't establish a secure connection to the website. Does anyone know how to fix this?

  I am having a problem accessing Bupers Online on OS X Mountain Lion. I get an error that says Safari cant establish a secure connection with Bupers Online. Does anyone have any tips to access Bupers?

  I don't use CAC certificates, but since updating to 10.9.3, I too am getting the same error, BUT only with some HTTPS sites (e.g., https://webmail.pairlite.com), not all. Meanwhile, Firefox (was 12.0, now 29.0.1) connects with no issue.
  I too have verified date/time is set automatically, checked for (and fixed) disk integrity errors and permissions, and rebooted, all to no avail.
  Update:
  Well...heck. Tried accessing the problematic site via the Guest account, and that WORKED. So...back to the drawing board.