Third party ca certificate

hi all
acc i am try to get certificate from ca server.but i can not take
can anyone please tell me how can i get certificate
i have one router and one ca server wwhich is config on microsoft server 2003
plase tell me about doc which give me proper knowlege about this task.

There are many good documents on the 'net covering how to do this.
Please have a look at http://mickvaites.com/2009/06/creating-a-thawte-csr-and-then-installing-the-ssl-certificate-on-cisco-ios/ and simply think "Windows Server 2003" instead of "Thawte" as the Certificate Authorty (CA).

Similar Messages

How Do You Generate a 2048bit CSR for a Third Party SSL Certificate for LMS 4.0.1?

Our site requires Third Party SSL certificates to be installed on our servers. We have an agreement with inCommon. I have to supply a CSR in order to obtain the SSL certificate.
My installation is on a Windows 2008 server and I had the self-signed CSR already but it is only 1024 bits. Is there someplace in the GUI or OS where I can change the encryption?

This is a shot in the dark, but since CiscoWorks is using (I believe) Tomcat as the web server, could you run keytool to generate the CSR?
http://help.godaddy.com/article/5276
You could also use an online CSR gererator such as:
http://www.gogetssl.com/eng/support/online_csr_generator/
The key (pun intended) is having the private key on your server so that when you get the signed certificate and install it (using sslutil) it will be usable.
Hope this helps.

Third Party CA certificate requirement for Cisco expressway C and E

Hi All,
We have implemented MRA solution for our customer, We had ask to procure the CA certificate from Third party CA certificate issuing vendor.
We had shared CSR request generated from Expressway C and E application to generate SSL certificate, As per cisco document we had ask to procure “Quick SSL premium single domain” CA certificate for Expressway Series E and C server but as per the certificate issuing vendor, the application required “Quick SSL premium multi domain” as they observed extra SANs in CSR generated from the Expressway C and E applications. Need help to find out application required certificate, who are using Third Party CA certificate for MRA solution.

First of all, I don't see how you cant get away with single domain certificate. I have looked into this more. This is because you need to add your domain name in the SAN as detailed below.
Secondly, I am not sure where you are going to generate the certificates from..You should generate your CSR from here..
Go to Maintenance > Security certificates > Server certificate
NB: Customer’s service discovery domain is required to be included as a DNS SAN in all Expressway-E server certificates
This is what the CSR page looks like

SSL - Installing Third party secure certificates

Hi,
I am having problem while importing third party secured certificates (Verisign).
In STRUST, after import It was still saying Self-Signed message for third party certificates. I am not sure weather this is correct behavior or not.
After launch browser, the certificate status showing with message
"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."
Please help me to solve this issue. Any other procedure we need to follow to import third party certificates
Thanks in advance
Regards
Srinivas

I'm guessing, you'll need to download the Verisign Trusted Root CA certificate from verisign.com and import it into your certificate list in STRUSTSSO2. Under the System PSE node.
If you doubeclick the response certificate from Verisign, you may be able to see what is heirarchy / trust chain for verisign certs. If it's more than just root, cert, you'll probably need to add the intermediate certs too. Check out verisign link, maybe it'll explain better.
https://www.verisign.com/support/ssl-certificates-support/page_dev028341.html
Also is the self signed message on teh SSL Server PSE node, or the server node? it shouldn't say self-signed if it's the (as example below) sapserver_sid_00 node.
SSL Server
|_ sapserver_sid_00
Hope that helps.
regards,
Laurence...
disclaimer:
The content of this message is my personal opinion only and, the statements I make here in no way represent my employer's position on the issue, nor am I authorized to speak on behalf of my employer on this matter.

Third Party Email Certificate

Hi,
I am in a project that using three java based application in a SOA.
Those applications have some needs to send email to a third party user, who don't have email account in our domain.
I've told to use email certificate to ensure the security, what I want to ask is, is there any need for every application to invoke the certificate (which I'm going to install in my mail server) to put it in every email send? or I just install the email certificate in the email server and registering my domain? I really need help on this, thank you.

Either your code or the API will need to do the same as any other mail client and compose a properly signed and optionally encrypted message.
In the case of a normal mail client, the user's certificate is stored somehow on the client. In highly secure environments, that certificate is stored on an ID card which must be physically inserted in a reader attached to the system sending the message. In that case, the actual signing is done by the card. A more common alternative is that the certificate is stored in a local DB and password protected. For example, Thunderbird keeps the user's certificates in a local file:
* Tools->Options...
* Advanced
* Certificates
* View Certificates
* Import
I do not know if the JavaMail API has any features to help you with this. You should ask about that in the JavaMail forum:
JavaMail

Syslog Collector failure with third party SSL certificate

Hello,
We recently replaced our self-signed SSL certificates with certificates provided by our agency. After the change subscription attempts to the collector in [RME>Tools>Syslog>Syslog Collector Status] failed: SCLA0126: Could not subscribe to the Collector.
I believe the problem originates with the way the CSRs are handeled. An identification number rather than the actual FQDN must be provided in the common name field and this number is expected by the CA. A chain was built with multiple government CAs, and warnings received that the chain does not end in a trusted CA. My hands are bound by this policy - is there a way to make this work or any suggested workaround? Tried a DNS CNAME with the id number. No joy. I haven't tried renaming the host to the id number but I might if you think it might work and then will just cname the current hostname. We are running Solaris 10 systems. Here is the error from AnalyzerDebug.log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
        at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
        at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
        at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
        at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
        at com.cisco.nm.rmeng.fcss.common.FcssSyslogCollector.<init>(FcssSyslogCollector.java:95)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.notifySubscribers(SyslogAnalyzerEngine.java:975)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerEngine.start(SyslogAnalyzerEngine.java:1031)
        at com.cisco.nm.rmeng.sa.SyslogAnalyzerService.main(SyslogAnalyzerService.java:55)
Thanks....!!!
= Uwe =

The subscriber list is empty because we could not add the subscription after the swapping the certs. Sorry, was asked to obscure the host names - it shows host name only not FQDN.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,198, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:33,201, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 10:37:36,694, Service started...
SyslogCollector - [Thread: Thread-9] WARN , 14 Feb 2010 10:42:04,383, Unable to add monitor for
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 14 Feb 2010 11:07:42,369, Could not send syslogs, removing the subscriber...Connection refused
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,499, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,501, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:02,850, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 11:23:06,047, Service started...
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,732, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:33,735, System Initialized.
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:34,148, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 14 Feb 2010 23:59:37,352, Service started...
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,112, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,115, System Initialized.
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:34,565, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 15 Feb 2010 23:59:38,168, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,806, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:43,816, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:44,220, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 11:57:47,493, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,424, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,427, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:00,781, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 14:12:04,007, Service started...
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,851, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:33,854, System Initialized.
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:34,303, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 16 Feb 2010 23:59:37,834, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,156, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,166, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:51,516, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 16:42:54,734, Service started...
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,673, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:33,676, System Initialized.
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:34,130, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 17 Feb 2010 23:59:37,759, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,526, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,533, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:42,886, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:55:46,111, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,144, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,147, System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:34,604, Subscriber list is empty!
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:38,116, Service started...
Our secondary host shows a subscriber, however no syslog packets are seen. Also, this subscriber can not be unsubscribed (deleted).
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,098, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:19,101, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:09:22,723, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:09:22,770, Service started...
SyslogCollector - [Thread: Thread-11] WARN , 18 Feb 2010 16:14:07,828, Unable to add monitor for
SyslogCollector - [Thread: Thread-13] WARN , 18 Feb 2010 16:14:08,008, Unable to add monitor for
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,557, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:29,560, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,205, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 16:32:33,263, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 16:32:33,277, Service started...
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,728, Logging System Initialized.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:33,733, System Initialized.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,786, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] WARN , 18 Feb 2010 23:59:37,857, Unable to resurrect connection to a subscriber.
SyslogCollector - [Thread: main] INFO , 18 Feb 2010 23:59:37,869, Service started...

Third party Certificate not showing up in SQL configuration manager drop down box

Hi,
I have an SQL instance that needs to use a third party SSL certificate for all communications to that SQL instance. I have installed my third party certificate via MMC and it is showing under the Personal Folder.
However, when i go into the SQL configuration manager and right click the instance name > Properties > Certificates, it is not showing in the drop down box.
I am currently using MS SQL Server 2008 R2, which is installed on Windows Server 2012.

Hi,
If the certificate cannot be used for SQL Server and hence will not be visible in SQL Configuration manager. Check the validity of the installed certificate. It may not has the correct DNS name.
I suggest you request a new third party certificate from the vendor with the correct DNS name. Install it on SQL Server environment, then you should see certificate form the configuration manager dropdown box.
Thanks.
Tracy Cai
TechNet Community Support

Generate CSR for Third-Party Certificates

Hi All,
i have an issue when i tried to Generate CSR for Third-Party Certificates,
i follow step by step in the document of cisco until this step:
3.
Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
In order to copy and paste the information into the enrollment form, open the file in a text editor that
does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
to the website of the third−party CA for more information on how to submit the CSR through the
enrollment tool.
After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
sends back the signed certificate via e−mail.
4.
Copy the signed certificate information that you receive back from the CA into a file.
This example names the file CA.pem.
my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
Please help and Thanks you.
Regards,
Jasa

you have to do more steps using openssl.
before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
Then you have to copy and paste on a notepad or gedit:
SSL (the certificate that they give you)
Intermediate (the certificate that you obtain from the company that gives you the certificate)
Root (the certificate that you obtain from the company that gives you the certificate)
name the text file like: allcerts.pem
then... you have to run this commands:
C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
If you have doubts please contact me.
Have fun!

Importing third party certificate

I'm trying to import a third party test SSL certificate (infact I have
tried several including one from thawte, instantSSL) using ConsoleOne
v1.3.6f. I have Certificate server v2.23 build 34 snapin and nici
2.7.0-2. I created the CSR without a problem.
Each time I try to import the certificate, when I click on Finish,
ConsoleOne just shuts down. No error messages. Nothing.
When I restart ConsoleOne, the certificate hasn't been imported.
Have tried ConsoleOne on other workstations with the same result.

Slawrence,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Error While importing third party certificate

Hi,
In my application I'm using HTTPS for secure connectivity.For that purpose I signed my midlet using a third Party certificate (GoDaddy's Certificate).But when I'm hitiing the url it is not working.
I've done this with generating my own certificate with Tomcat.It is working fine there.I followed the following topic to create Certificate for TomCat
http://143.129.203.3/s/sitter/sl2nap/javaSSLprogr.htm
but when i'm hitiing some live url then it is not working!
Please provide me proper help if possible
Thanx in advance

Slawrence,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Activesync client Certificate authentication with third party CA

Hi, I have to configure ActiveSync certificate based authentication, and use a third party CA.
What informations and fields must I configure on the cert template, to use it for activesync ?
For now I've a template with the CN (FirstName LastName) for the Subject Name and a Subject Alternative name with UserPrincipalName (user@domain). Is it enough ?
Do I must publish the user's certificate in AD ?
Thanks

Just one additional thing to consider, as I have seen it go wrong in the past.
Make sure that whatever certificate solution you decide upon will be suitable for your internal clients (Outlook) as well as autodiscover, external name, etc.
I have seen where people put in mail.domain.com in the SAN field, and everything works great for external clients. However, internal clients who connect to
mbx01.domain.com (the internal server name) get errors, as this server name is not on the certificate.
To make this work, you generally have two options:
Put the internal name of the server on the certificate as well - requires a certificate that allows multiple names (may be referred to as a
UC certificate or 'SAN Options' or something like that, depending on vendor)
Setup split-DNS, so your internal clients also use mail.domain.com
internally
I realize that this doesn't answer your original question, but I have seen this being done wrong many times, and this will hopefully save some headache.

SSL with third party certificate

Hi All,
I followed the configuration mentioned in the white paper
Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
I have a third party certificate (file format - .der, I got .cer from that).
With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
Any suggestions please…

Hi All,
I followed the configuration mentioned in the white paper
Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
I have a third party certificate (file format - .der, I got .cer from that).
With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
Any suggestions please…

Replace Self-Signed FAST Search Certificate with Third Party Certificate

We are trying to replace the Self-Signed FAST Search Certificate with Third Party Certificate in our SP 2010 environment. And are facing issues while enabling the SSL communication between the FAST servers and the corporate servers.
Our FAST search servers are in a different farm than that of the Corporate Servers.
The details of the certificate we received is as follows:
Issued to : FastSearchCert
Issued By: Issuer Name
Valid From: 4/21/2015 to 4/20/2017
We were able to successfully renew the certificate on the FAST Search Server by following the below steps:
1. Login to the Administrative and the Non-Administrative nodes
of the FAST server. Go to Windows Service and stop the FAST Search for SharePoint and the FAST Search for SharePoint Monitoring services in both the servers.
Follow the below steps in the Administrative Node followed by the Non-Administrative Node
2.
Install the certificate in the following paths in the certificate store:
“Certificates(Local Computer)\Personal”
“Certificates(Local Computer)\Trusted Root Certification Authorities”
3. Ensure that the user account configured for the “FAST Search Server 2010 for SharePoint” has access to the private key of the certificate.
4. Go the Administrative node of the FAST farm and follow the below steps:
Go to the certificate store.
Expand the Personal folder and then click the Certificates folder. Double-click the third party signed FAST certificate.
Open the Details tab and then click Thumbprint. Note down this thumbprint.
5. Next, open
Microsoft FAST Search Server 2010 for SharePoint with Administrator
Privileges.
6.
Navigate to the directory, “D:\FASTSearch\installer\scripts” and execute the below command to replace the current certificate with the newly created
third party signed FAST certificate.
.\ReplaceDefaultCertificate.ps1 -thumbprint "certificate thumbprint".
7. The FAST certificate was renewed successfully.
Once the certificate has been renewed successfully in both the nodes, follow the below step:
8. Start the FASTSearch for SharePoint and the FAST Search
for SharePoint Monitoring services in the administrator server.
Next, while enabling the SSL communication between the FAST servers and the other corporate servers, we follow the below steps:
1.
Copy the new certificate from any of the FAST servers to all the web-front end and application servers in the corporate farm, in order to enable SSL communication between these servers and the FAST farm.
2. Also, copy the script
‘SecureFASTSearchConnector.ps1’ from the location “%FASTSearchFolder%\installer\scripts” in the FAST servers
to the web-front end and application servers of the corporate farm.
3. Follow the below steps on each of the servers in the corporate farm:
Open ‘SharePoint 2010 Management Shell’ with administrator privileges and navigate to the directory in which
SecureFASTSearchConnector.ps1’ script is located.
And then, execute the below command:
.\SecureFASTSearchConnector.ps1 -certThumbprint "certificate thumbprint" –ssaName “FASTCibtebtSSA” –username “DOMAIN\SP_Farm”
Where,
-certThumbprint
- Thumbprint of the certificate
-ssaName – FAST Content SSA
-username – The account configured to run the SharePoint
Search Service
On execution of the above command, we receive an error message stating that the "Connection to the Content Distributor servername.corp.abc.org: 14391 could not be validated...instance of FAST search server backend is running"
Please help us resolve this issue. We have not been able to find the cause of the above error for a long time.
Any help is much appreciated.

Your tip on exporting from eDir to locate a missing private key was very helpful. Here are my steps to renew an expired third party certificate when the private key, generated 30 months ago in my case, could not be located.
In iManager, browse the tree and locate the likely certificate object. The Attributes for the object show Subject Name = webmail.acme.com. Selected the certificate and exported to webmailcert.pfx.
Then, the openssl commands in TID 7004039, "How to convert a SSL PFX to a PEM file", were run against the .pfx file to create cert.pem, key.pem and server.key files.
TID 7015500, "How to determine if private key belongs to public key (certificate)", was followed to determine if the public key (downloaded from third party) and private key (just retrieved from iManager) match - they did - that is, the private key converted from webmailcert.pfx matches the downloaded certificate.
TID 7013103, "How to create a .pem File for SSL certificate Installations", was followed to manually create a server.pem file using openssl.
TID 7010584, "How to setup SSL Certificate for Apache", part labeled "Additional Information" was followed to modify /etc/apache2/vhosts.d/vhost-ssl.conf file. Server.pem file created above copied to /etc/apache2/ssl.crt/ and /etc/ssl/servercerts/ directories as specified in vhost-ssl.conf.
Restarted apache2.
www.digicert.com has an SSL Certificate Checker that can be used to verify the installation is successful.

How do i use Third Party certificates when setting up Lync 2013

Hi,
I'm currently installing a trial of Lync 2013 for my company and it has got to the stage of adding in certificates. My company have no wish to add in a Certificate Authority unless its vital, they have asked if its possible to use a third party certificate
provider. I have no idea how to go about this and would appreciate any help on where to get a certificates from as well as how to import these into Lync.
Many thanks
John

Yes it is possible. Thankfully Lync makes it very easy. When you deploy Lync one of the steps in the Lync Deployment Tool is to Request and Assign Certificates.
It's a wizard that will create the CSR for you and basically include all the required names.
You will however need UCC certificates for most things (that support multiple Subject Alternate Names) so it may get a little expensive.
The CA you choose is really up to you, but GoDaddy do some pretty reasonably priced UCC certificates. Digicert is also another commonly used CA
If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
www.lynced.com.au | Twitter
@imlynced

Try to implement SSL for OMS console - Third Party Certificate

Using 10.2.0.5.0 of Grid control. 11.1.0.7.0 DB
Internet Explorer (or any browser)
enter
https://hostname.com:1159/em/
gets
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
I have tried to follow instructions in Method 2
http://download.oracle.com/docs/cd/B16240_01/doc/em.102/e10954/security2.htm
emctl secure oms -trust_certs_loc <loc of trusted_certs.txt>
completes without error
I have a third party certificate from GEOTRUST. I have downloaded the Root CA certificate from GEOTRUST and placed them both in a file called trusted_certs.txt
I have also imported both certificates in Oracle Wallet Manager. I can see the details within OWM and they are correct.
I followed instructions in metalink How to provide HTTPS browser access to the Grid Control Console using a third party certificate? [ID 736103.1]
When I view the certificate from IE after 'opmnctl startall', the cert is from grid control not GEOTRUST.
It seems like the 'emctl secure oms ...' overwrites the wallet in $OMS_HOME/sysman/wallets/oms_hostname
SSL is a part of Oracle's Best Practices for Grid Control but has anyone gotten it to work?
Thanks in advance.

These Certifications Authorities are supposed to work out of the box:
Class 1 Public Primary Certification Authority by VeriSign, Inc.
■ Class 2 Public Primary Certification Authority by VeriSign, Inc.
■ Class 3 Public Primary Certification Authority by VeriSign, Inc.
■ Secure Server Certification Authority by RSA Data Security, Inc.
■ GTE CyberTrust Root by GTE Corporation
■ GTE CyberTrust Global Root by GTE CyberTrust Solutions, Inc.
■ Entrust.net Secure Server Certification Authority by Entrust.net ((c) 1999
■ Entrust.net Limited, www.entrust.net/CPS incorp. by ref. (limits liab.))
■ Entrust.net Certification Authority (2048) by Entrust.net ((c) 1999
■ Entrust.net Limited, www.entrust.net/CPS_2048 incorp. by ref. (limits liab.))
■ Entrust.net Secure Server Certification Authority by Entrust.net ((c) 2000
■ Entrust.net Limited, www.entrust.net/SSL_CPS incorp. by ref. (limits liab.))
Has anyone used these with OEM?
Verisign is $600 year - ouch
Entrust is $200

Third party ca certificate

Similar Messages

Maybe you are looking for