Support for Global SSL certificates  - not

Similar Messages

• Is there a way to change the CSR for install SSL Certificate for CCMADMIN

  HI there,
  Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
  For that, I have exported a csr to buy a ssl certificate from verisign.
  The problem is the csr includes fqdn an not just the servername
  But the users just have to type in the servername to reach the server.
  Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
  thanks
  Marco

  Hi
  You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
  Command Syntax
  set web-security orgunit orgname locality state country alternate-host-name
  Parameters
  • orgunit represents the organizational unit.
  • orgname represents the organizational name.
  • locality represents the organization location.
  • state represents the organization state.
  • country represents the organization country.
  • alternate-host-name (optional) specifies an alternate name for the host when you generate a
  web-server (Tomcat) certificate.
  Note When you set an alternate-host-name parameter with the set web-security command,
  self-signed certificates for tomcat will contain the Subject Alternate Name extension with
  the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
  contain Subject Alternate Name Extension with the alternate host name included in the CSR.
  Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
  Regards
  Aaron
  Please rate helpful posts...

• ISE: Guest SSL Certificate Not Trusted Error

  Team,
  We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
  I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
  Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
  Please advice
  Thanks in advance

  The only solution that can competely resolve your issue is to get a certificate from any trusted  CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may  appear sometimes.

• Disable weak ciphers and support for all SSL protocols prior to v3.

  I am very new to Weblogic and I need a little help with the SSL configurations. I received a security audit back and discovered that Weblogic's SSL is running weak ciphers and also supporting unacceptable versions of SSL (we require a minimum of SSLv3 and need to deny connections with anything less). That said, can anyone point me in the right direction for disabling weak ciphers as well as forcing support for SSLv3 and up only for client connections. I am running Weblogic 10.3.
  Edited by: David Pulliam on Jan 26, 2011 8:31 AM

  Hi David,
  -Dweblogic.security.SSL.protocolVersion=SSL3 —> Using this JAVA_OPTION will allow Only SSL V3.0 messages are sent and accepted. So add the mentioned JAVA_OPTION in the server start script along with the below OPTION:
  -Dweblogic.security.disableNullCipher=true
  Also you can do the following in your "config.xml" to make sure that the Weblogic will not accept weak and medium weak passwords:
  <ssl>
         <enabled>true</enabled>
        <ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
        <ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
        <hostname-verification-ignored>true</hostname-verification-ignored>
        <listen-port>7002</listen-port>
        <server-private-key-alias>aliasHere</server-private-key-alias>
        <server-private-key-pass-phrase-encrypted>encryptedpassphraseHere</server-private-key-pass-phrase-encrypted>
  </ssl>Thanks
  Jay SenSharma
  http://middlewaremagic.com/weblogic (Middleware magic Is Here)

• WILL MAC OS 10.4 server SUPPORT SHA-2 SSL CERTIFICATES

  Am running Mac OS Server 10.4.11 on a PowerPC Mac Mini (1.42GHz) and currently have SHA-1 SSL certificate from GoDaddy.
  They want everyone to upgrade to a SHA-2 (SHA256) SSL certificate for Google's Chrome browser which will soon start showing SSL errors for SHA-1 certificates.
  Is Mac OS Server 10.4.11 capable of serving up a SHA-2 SSL certificate?  (I originally renewed last Feb. to a SHA-2 certificate, but many browsers didn't recognize it, so I re-keyed to a SHA-1 certificate that is good to 12/31/15.

  Hi, I do not know, but I doubt it.
  Here's the 10.4 Server forum if you want to ask over there...
  Mac OS X Server v10.4 and earlier

• SSL certificates not visible while RFC destination creation

  Hi all,
  I am setting up an RFC destination to connect to external server and which uses SSL certificates for its authorization.
  So i have imported the Client certificates into STRUST.
  While setting up an RFC connection of type G, in the security tab when we select the SSL security certificate radio button, will we be able to see the certificates(in the combo box) that we have imported in STRUST.
  Currently, though i have imported the Client certificates into STRUST, i am not able to see them in the SS security certificates combo box.
  Kindly help me out.
  Cheers,
  Siva Maranani.

  Well, first of all we should avoid confusion by using the term "<i>ABAP destination</i>" rather than "<i>RFC destination</i>" (although ABAP transaction SM59 still has this old title).
  When referring to an "ABAP destination of type G" we are talking of an outbound http connection to a non-ABAP server (e.g. an SAP J2EE server or any other http server).
  I'm not sure whether you are aware that in this context "<i>SSL client certificate</i>" refers to the ABAP <u>system</u> (which is the SSL client in this scenario). This is different from scenarios where "X.509 client certificate" refers to a certificate which is assigned to an individual <u>user</u> (using a web browser). <b>In the given scenarios, where two systems are the communication peers, SSL cannot be used for user authentication.</b> That fact is often misunderstood.
  By default you'll find 3 different SSL certificates (actually: PSEs) in an ABAP system (which can be used only after enabling SSL, of course - see note 510007 for instructions):
    - SSL Server
    - SSL Client (anonymous)
    - SSL Client (Default)
  Well, the "<i>SSL Client (anonymous)</i>" is actually not really a "client certificate" but used for outgoing http requests where you do not intend to send your own SSL client certificate. Since you cannot use the server's SSL client certificates for user authentication it might make sense to use "<i>SSL Client (anonymous)</i>" is most cases.
  Please notice: you have to add the server's SSL certificate (respectively the root CA certificate and potentially intermediate CA certificates) to the certificate list of the "<i>SSL Client (anonymous)</i>" PSE (using STRUST). By default, that list is empty - consequently no SSL server certificate is trusted (in contrast to a web browser which is already shipped with a long list of "trusted CAs").
  Only when the (remote) server demands SSL client certificates it might make sense to use either "<i>SSL Client (Default)</i>" or to define a new SSL client certificate (for the ABAP system that submits the https request).
  Please notice:
  SSL client certificates need to be issued by an Certification Authority (CA) in order to be accepted by the SSL server.
  In addition to importing the SSL server's certificate to the certificate list of the SSL client PSE (see above: <i>anonymous SSL client</i>) you also need to export the root CA certificate (and potentially all intermediate CA certificates) of the SSL client certificate and import it to the (remote) SSL server's keystore (kindly refer to the manuals of that server for instructions).
  Kind regards, Wolfgang
  PS: I assume that you have imported some certificates to the certificate list of a SSL client PSE. In SM59 only those SSL client PSEs are listed: "<i>SSL Client (anonymous)</i>", "<i>SSL Client (Default)</i>" and all SSL client PSEs that you might have defined in addition (using transaction STRUST => <i>Environment</i> => <i>SSL Client Identities</i>).

• When a site asks for a client certificate, not all certificates are presented.

  At www.pkiuniversity.com/sandbox/index.php, I am asked for a client certificate. I get to choose from a list of the certificates issued by startcom but not my own. The extended key usage does mark it for client authentication. The root certificate corresponding to the signing private key is also in the store. Why don't these certificates pop up. They do in Safari.

  If you're interested, I get my certificate from
  reloid.com/enrollments/cheapcerts3/getcert.php?email=[email protected]
  This is designed to be a very insecure certificate with no chance of being added to the built-in cache.

• HT201359 After filling out all account information on iTunes, I receive a message telling me to contact iTunes support for help, but do not know why I need help. I simply want to purchase an album that exceeds my credit balance I have. Why can't I finish

  After filling out my complete acct info in iTunes Store in order to purchase an album that exceeds the amt of my credit from a gift card, I am prompted to check with the customer support for iTunes, and it will not simply charge my credit card that I provided in full. Why do I need help? I followed the complete procedures asked to add this credit card method of Payment. What is the problem?

  We are fellow users here on these forums. You can contact iTunes Support via this link and ask them for help (we won't know why you are getting the message) : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page

• How  to   find  article based  support  for  ipad  or  technical notes

  how  to   find  article based  support  for  ipad  or  technical notes

  The problem comes from VBUK/VBUP which are the control tables for most of SD tables (from VBAK/P to LIKP/PS and VBRK/P) and manage uniqueness of id in the module (and stores statuses). Even item tables don't refer to their header but both refer to the same VBUK record.
  e.g.
  LIPS : VBELN/POSNR -> VBUK/VBUP -> but you will only find LIKP/PS itself and no record in VBAK/VBAP
  LIPS : VBELV/POSNV -> VBUK/VBUP -> you should find VBAK/VBAP
  The table VBFA "Sales Document Flow" manages the relations from/to between two different SD documents which exist in VBUL/P and in only one other table depending on type of document. (Also note that the exact relationship may sometimes be modified to some extent by Customizing SD.)
  As Katan wrote, look for views defined in ddic, look also at logical databases (SE36) like VLV.
  You can also find valuable information in OSS notes/documents like 185530 - Performance: Customer developments in SD.
  Regards,
  Raymond

• Can't access Exchange ActiveSync server - SSL certificates not being used

  When I try to set up my email via Exchange ActiveSync to a corporate server, I am unable to connect. I am using the same exact settings as on an iPhone, where I am able to successfully connect.
  Reading the console log in the iPhone configuration utility, the problem appears to be that the iPad is not using the corporate certificates I have installed to enable SSL access to the Exchange server. These certificates are installed in the exact same way they are on my iPhone, where they work correctly.
  Has anyone else had a similar problem accessing Exchange mail using SSL certificates? Any ideas on how to fix this? Or is this a bug in the iPad software?

  IM having the same problem. iPhone works fine on exchange atvwork but iPad with same settings says cannot connect to exchange server. Have you figured anything out yet?
  Tom

• SSL certificate not valid

  Just started receiving 'server's security certificate not valid for palm.imap.mail.yahoo.com' error early this morning. I have a (Sprint) Palm Pre (P100EWW) on version 1.4.1.1. How do I correct?

  I have tried removing palm and still cannot get it to work!   any other ideas?   I did notice it changed the port to 995 when I first was entering my email info.   It used to be set to 993?
  Also, what do you put in the username....  is that the beginning part of the yahoo id prior to @yahoo.com?

• QM in procurement: block invoice for payment if certificate not received

  Hi,
  I want to know if it possible to automatically block an invoice for payment if certificate in procurement hasn't been received.
  I don't want to block the material, that is: I want to receive the material, transfer it in unrestricted stock but I shouldn't pay the invoice until its correspondant certificate is received.
  Is it possible?
  How should I proceed?
  Thanks in advance.
  Luis.

  Try user exit MIRO
  LMR1M001 User exits in Logistics Invoice Verification
  MRMN0001 Message output and creation: Logistics Invoice Verifica

• SSl certificate not available in the protocols properties

  Hello,
  I try to use SSL encryption on SQL 2008R2. I've bought a SSL 123 certificate from Thawte. I've installed this certificate in the MMC certificate snapin (personal folder). I've also imported the primary and secondary certificates of Thawte.
  The certificate has been requested and installed under admin credentials. The SQL Server runs under the same credentials.
  The serveur runs as a stand-alone server (no domain). The full name of the serveur is the same as the name mentioned in the certificate (myserver.mydomain.com) (mydomain.com has been added as DNS suffix in the advanced name properties)
  select @@servername returns myserver.mydomain.com
  The certificate appears correctly in IIS.
  I've read many topics about this subject but I did not found any solution.
  Thanks in advance for help,
  Best regafds,
  Guy

  Hello,
  The certificate used by SQL Server to encrypt connections is specified in the following registry key:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.x\MSSQLServer\SuperSocketNetLib\Certificate
  This key contains a property of the certificate known as thumbprint that identifies each certificate in the server. If this is null that means Certificate is not imported properly or having some issues.
  You can refer to the Troubleshooting section in the
  KB article to determine whether the certificate that you installed is valid.
  Regards,
  Fanny Liu
  If you have any feedback on our support, please click here.
  Fanny Liu
  TechNet Community Support

• Thawte SSL certificate not trusted?

  I've been searching Google for solutions but haven't found anything. Had to enable SSL for the meeting server so that it would work from behind a firewall that was blocking the FMS. Bought a SSL123 certificate from a Thawte reseller. I installed it following instructions. Now when connecting to the meeting server brings up a message that the certificate was signed by an unknown authority, and then connectaddin generally crashes and I have to "Force Quit".
  Does anyone know how to resolve this? Is it the certificate itself? Could it be configuration?

  Need to add the "Intermediate CA Certificate" to the pem file, as per https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLI NK&id=SO13881 (it took both my cert reseller and Adobe support several days to reach that conclusion - and the Adobe phone support person told me about this solution just as the email from my cert reseller came in!)
  I just opened the pem file in notepad, copied and pasted the above cert under it (as per http://www.connectusers.com/forums/cucbb/viewtopic.php?pid=4315#p4315), fixed EOL characters, saved, restarted services and it worked.

• After reinstall, SSL certificates not accepted.

  Hello there!
  I've reinstalled my Macbook Air (Mid 2012, OS X Mountain Lion 10.8.2) due to a problem when I lost my password.
  When I launched an app like Safari, Mail or Chrome, I've experienced the same problem. Pages using the SSL encryption were unsupported, not working. It shows the problem with the certificate which is not acceptible, old.
  Please, help me out there.
  In the meantime, I will be using Firefox, which works just fine (strange!).
  Thank you all very much!
  A.

  This is looking like its headed for a common problem people have been having with the GoDaddy certs - mind shooting me a PM with the url that you're using to sync with?  Got a bad feeling the cert compatibility problems are real - especially if Win Mobile devices are unaffected.
  Here's a similar problem:  http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=2600
  And another with some explanation: http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=4693&view=by_date_ascending&...
  Message Edited by Imaginos on 02-13-2009 05:11 PM