The SSL certificate of the server is expired

Similar Messages

• How do i "re-trust" the SSL certificate sent from a server I previously marked as untrusted?

  I use Citrix Receiver to access my workplace Windows environment remotely from home, where I run Firefox 7.01 on Ubuntu 11.10. Two days ago the SSL certificate expired, so when I tried to logon remotely it failed. Now the company have renewed the certificate, but now when I try to logon I get an error from the Citrix ICA Client saying "You have not chosen to trust Verisign Class 3 Public Primary Certification Authority - G5, the issuer of the server's security certificate (SSL error 61)"
  I have found a couple of similar queries here, but neither had a solution which worked for me. The entry for Verisign Clas 3... G5 is in /etc/ca-certificates.conf, also there's a link to it in /etc/ssl/certs to an existing ...G5.crt file in /usr/share/ca-certificates - Firefox seems to recognise the issuer as a valid existing certificate issuer. Firefox displays the certificate for the page when I use menu options Tools -> Page Info -> Security -> View Certificate, and the certificate shows as valid for today - for the life of me I can't find a way to make Firefox trust the darn issuer.
  I get the same fault with Firefox 3.6.23 on Ubuntu 10.04.
  (I'd rather not tell everyone here the URL of my company's remote access website)

  Thanks for the swift reply, cor-el - unfortunately, no joy with this approach.
  A. As my named user (called "greg", surprise, surprise, no secret there...)
  Run Firefox; select Edit > Preferences > Advanced : Encryption:
  Here I get no option for Certificates, but I do get View Certificates - then tabs for:
  - Servers, under which my company's remote logon URL is listed - Edit button is grey
  - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
  1. may identify websites (ticked)
  2. may identify mail users (unticked)
  3. may identify software makers (ticked)
  I ticked 2, tried again - same failure. Unticked it.
  B. As root.
  Run Firefox; select Edit > Preferences > Advanced : Encryption:
  Here I get no option for Certificates, but I do get View Certificates - then tabs for:
  - Servers, under which my company's remote logon URL is NOT listed
  - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
  1. may identify websites (ticked)
  2. may identify mail users (unticked)
  3. may identify software makers (unticked)
  I ticked 2 and 3, tried again - same failure. Unticked them.
  Maybe a solution would be, in some way, to add my company's remote logon URL to the list of Servers while running Firefox as root. The Export and Import buttons may help here. However, when I first declined their certificate I was running Firefox as greg, not as root, so I am a bit suspicious there - what can be done as greg should be undoable as greg.
  This is doing my head in. Maybe it's time to step back and think a bit. Maybe try Citrix's online help (already spent a fair amount of time there with no joy either).
  So, thanks again for the reply - I've generally tried to provide a good list of what's up, and your reply has given me food for thought. OK, I'll keep trying.

• Why is the SSL Certificate "Edit" button disabled in Server Settings?

  I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
  I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
  My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
  Anyway, I'm stumped. Any suggestions are welcome.

  venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)

• How to get the ssl-certificate trusted on lion-server

  I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
  So I want to use the server to exchange data, use a common calendar, address-book etc.
  To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
  So I selected the server in server.app (Hardware) and selected SSL certificate edit
  created a certificate signing request that I exported and saved on my computer
  I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
  and also imported the certificate in to the keychain
  All following the steps described in:
  Managing iOS deviceswith OS X Lion Server by Arek Dryer
  the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
  So I somehow did something wrong.
  Any suggestions what I should do?

  ok let me add some info in the hope I will get some guidance:
  using the site http://www.sslshopper.com/ssl-checker.html
  I was able to check on the status of the certificate:
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
  since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
  I guess I would be helped if there is a step by step manual how to install a root certificate

• Why, when I successfully connect to Server 2012 Essentials R2 via Anywhere Access does the Remote Desktop Connection use the self signed certificate for RDP instead of the SSL certificate I installed when I set up access anywhere?

  Scenario:
  Windows Server 2012 R2 Essentials
  I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
  So far so good.
  The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
  a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
  The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local  instead of the SSL Certificate I installed, which is
  remote.acmedomain.com
  If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
  My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• How can the client know if the SSL certificate specified in the service-config.xml file is invalid/u

  Hi,
  How can the client know if the SSL certificate specified in the service-config.xml file is invalid/untrusted/expired? For example using iOS client, the trusted certificate will not work and the client has no way to know that the certificate is untrusted. Can the lcds server return any specific exceptions for SSL errors?
  Thanks,
  Swathi.

  We use a standard Java keystore and certificate validation can be handled as per standard best practices. At present we do not provide a hook point to validate the server certificate. However, you can register a bootstrap service which validates the certificate on system startup: http://help.adobe.com/en_US/dataservicesjee/4.6/Developing/WSc3ff6d0ea77859461172e0811f00f 6fe7f-7ffeUpdate.html This would require you to pass another copy of the keystore configuration to you Bootstrap service and then you can inspect the certificate in the keystore and validate it.

• Can I reference 2 different SSL certificates in the same weblogic.properties

  Hello,
  Can I reference 2 different SSL certificates in the same
  weblogic.properties
  file?
  Reason is we have 2 groups of users for a web application: one will use
  a
  French-language DNS to access
  the application, and the other will use English DNS. Both DNS will point
  to
  the same application on the same
  server.
  Example of what we require:
  weblogic.security.certificate.server=mycert1.pem
  weblogic.security.key.server=mykey1.der
  weblogic.security.certificate.authority=rootCertificate1.pem
  ----and---
  weblogic.security.certificate.server=mycert2.der
  weblogic.security.key.server=mykey2.der
  weblogic.security.certificate.authority=rootCertificate2.pem
  mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
  both
  DNS1 and DNS2 point to the same application on the same box.
  Thanks,
  Ragu

  I think that you can only have one server certificate per server currently
  since the certificate establishes the server's identity and there isn't
  support for a server to have two identities at the same time.
  "RAGUTAM BOMMAREDDY" <[email protected]> wrote in message
  news:[email protected]..
  Hello,
  Can I reference 2 different SSL certificates in the same
  weblogic.properties
  file?
  Reason is we have 2 groups of users for a web application: one will use
  a
  French-language DNS to access
  the application, and the other will use English DNS. Both DNS will point
  to
  the same application on the same
  server.
  Example of what we require:
  weblogic.security.certificate.server=mycert1.pem
  weblogic.security.key.server=mykey1.der
  weblogic.security.certificate.authority=rootCertificate1.pem
  ----and---
  weblogic.security.certificate.server=mycert2.der
  weblogic.security.key.server=mykey2.der
  weblogic.security.certificate.authority=rootCertificate2.pem
  mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
  both
  DNS1 and DNS2 point to the same application on the same box.
  Thanks,
  Ragu

• How to get the Users Name from the SSL certificate?

  Trying to achieve the following:
  Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
  Does SSO do this or something else?

  Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
       File scriptFile = File.createTempFile("script", ".js");
       FileWriter fw = new FileWriter(scriptFile);
       fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
       fw.flush();
       fw.close();
       BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
       String uName = br.readLine();
       br.close();
       scriptFile.delete();
       if (scriptFile.exists()) scriptFile.deleteOnExit();
       return uName;
  }

• How to load the ssl certificate to oracle wallet

  I have oracle 10.2.0.3 on Unix.
  I have a oracle wallet created. I need to load ssl certificate to the oracle wallet. I have CA certificate and server related certificate. In owm interface, there is Certificate:(Empty) and Trusted Certificates. Does anybody know where my certificate should go, Certification:(Empty) or Tryusted Certificates? By the way my certificate is from Verisign.
  Thanks a lot!

  Hi
  Thanks. I have added my LDAP certificate to Oracle wallet.
  Now my doubt is :
  Before adding this cert to my wallet , i have tried to connect my application through SSL , am able to connect it.
  I have used DBMS_LDAP.open_SSL function for conencting.
  Before adding the new cert my wallet conatins :
  ewallet.p12
  cwallet.sso
  GeoTrust.cer
  Equifaxb64.cer
  After adding the new cert also i am able to conenct through ssl my concern is , how we can figure out whether the ldap package checking my cert or not?
  How DBMS_LDAP.open_SSL works?
  Could anyone help me out to solve the issue?
  Thanks,
  San

• There is a problem with the security certificate of the proxy server. Error code 18 and 38.

  Hi All,
  After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
  Exchange 2013 on a remote location with a CA-certificate.
  Outlook 2010 and 2013 on different locations, locally installed and on RDS.
  When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
  name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
  After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
  site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
  certificate is invalid or does not match the name of the site."
  Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
  - restarting mailserver and AD;
  - restarting switches;
  - restarting routers;
  - restarting RDS, AD and all other servers;
  - bypassed proxyserver for RDS;
  - created a new profile;
  - checked recently installed updates;
  - checked certificate on mailserver;
  - checked RDS on a different location, working fine.
  Nothing helped, what can I do next? Please advice.
  Regards.

  Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
  The first message can be suppressed by adding this to the Exchange config:
  set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
  set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
  Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
  this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
  Not completely where I want to be, any help regarding the second alert is greatly appreciated!

• The grace period for the Remote Desktop Session Host server has expired

  <p>I'm running Windows Server 2012, we only have 1 server and it's a DC.  I'm trying to RD to the server from my Windows 7 laptop. It was working fine on Friday but when I came in on Monday I got message saying that 'The remote session was disconnnected
  because there are no Remote Desktop License Servers available to provide a license'
  So after a bit of digging I found out my 'grace period' had expired, so ordered a new license which I got today, installed this all ok but still i cannot connect via RD I get the same message....went into the RD License Diagnoser and it said the problem
  was as follows
  'The grace period for the Remote Desktop Session Host server has expired, but the RD Session Host server has not been configured with any license servers. Connections to the RD Session Host server will be denied unless a license server is configured for
  the RD Session Host server.'
  Suggested Resolution as follows
  Configure a license server for the Remote Desktop Session Host server. If you have an existing license server, specify that license server for the RD Session Host Server. Otherwise, install RD Licensing on a computer on your network and Configure RD Session
  Host Server to use it.'
  I cannot figure out how to do this as I cannot find the RD Session Host Server tool. 
  Can any of you lovely people help me please

  Hello,
  Best option would be to assign the license server by using AD GPO. Youl will need to configure the following:
  Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
  and define the settings for:
  Use the specified Remote Desktop License Server
  Set the Remote Desktop Licensing mode
  Then assign the policy tho your server.
  regards Robert Maijen

• Sequence tag error while importing the SSL certificate into ".keystore" fil

  I have created the ".keystore " file successfully and also imported the "root.cer".
  but while importing the SSL certificate it says like
  "keytool error: java.security.cert.CertificateException: IOException: Sequence ta
  g error" (I got the certificate from Verisign)
  How to resolve this Error?
  can anyone help me?
  mail to:: [email protected]
  Thanks in Advance

  Hi,
  I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked.

• Where can I find the SSL certificate for Sync for manual addition?

  After updating to FF 6.0.2 sync doesn't work and as I am using the CertPatrol add-on I suspect that the SSL certificate changed. Where can I access it directly to check?

  The serial number is not on the box.  It is stickered on the back of a booklet inside the box.

• How to install SSL certificate on the second ACE in the HA pair

  Hi,
  I'm struggling to figure out how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
  On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
  How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
  Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
  Anybody got any ideas, suggestions?
  Cheers

  Hi,
  If you already have the cert and key on the Active ACE, then you just need to export them using "crypto export ..." command from Active ACE and then import to the standby ACE using "crypto import ..."
  Regards,
  Siva

• Install SSL certificate - OS X Server 10.8.2

  Greeting All,
  I am using OS X Server 10.8.2 with Server.app 2.2 and self-signed SSL sertificate. And I try use CA form Verisign.
  I already success create CSR and get trial SSL certificate form Verisign. But I found I can't install SSL certificate correct and made it use in Profile Manager 2. When I check Profile Manager 2 in Server.app 2.2. I only see self-signed intermediate CA.
  I check Apple on line guide and support site of Verisign but not found any latest guide of how to install it in Server.app. Any advice is welcome.
  Thanks,
  Spin

  If you purchased the SSL certificate, you have to convert the certificate to "PEM"
  https://www.sslshopper.com/ssl-converter.html