Timestamping the certificate

Similar Messages

• Where is the certificate stored?

  In my jnlp file, I have set
  <security>
  <all-permissions/>
  </security>
  So the first time the user attempts to use the jnlp file, the user is asked if they would like to accept the certificate. After they have done so, where is that certicate stored? In a cacerts file? If so, which one?

  You may get certificates as "EC" (meaning Extension, certificate) or "AC" (meaning Application Certificate).
  Some earlier versions of javaws had a bug where they are allwase put in as "EC"
  for understanding the cache contents:
  the first leter is taken from the following:
  /** Main type of entries */
  char DIRECTORY_TYPE = 'D'; // Used internally
  char TEMP_TYPE = 'X'; // Used internally
  char VERSION_TYPE = 'V'; // Used internally
  char INDIRECT_TYPE = 'I'; // Used internally
  // Main JNLP types for downloaded resources
  char RESOURCE_TYPE = 'R'; // JAR/CLASS/IMAGE
  char APPLICATION_TYPE = 'A'; // Application-Desc
  char EXTENSION_TYPE = 'E'; // Extension-Desc
  char MUFFIN_TYPE = 'P'; // Muffins! (PersistenceService)
  the second leter comes from:
  char MAIN_FILE_TAG = 'M'; // The main resource
  char NATIVELIB_FILE_TAG = 'N'; // A dir for native jar expantion
  char TIMESTAMP_FILE_TAG = 'T'; // The timestamp file
  char CERTIFICATE_FILE_TAG = 'C'; // A certificate stored
  char LAP_FILE_TAG = 'L'; // LocalApplicationProperties
  char MAPPED_IMAGE_FILE_TAG = 'B'; // Translated images (such as bmp)
  char MUFFIN_ATTR_FILE_TAG = 'U'; // running out - U is for mUffin
  this is taken from the DiskCache.java in the SCSL rleases of 1.4.2 available at:
  http://wwws.sun.com/software/communitysource/j2se/index.html
  /Dietz

• Looking for help to update the certificate for my Exchange Email Account...

  I'm trying to update the certificate for my Exchange Email Account...Dell had me delete the account, install the new certificate on my phone, and set up the email again...But it still won't work and acts like it can't find/use the new cert.  Any suggestions besides a hard resest of the phone?

  That's a great question, LSchmitz!
  Is the e-mail account on your cell phone? Which device? If its on your phone, an Exchange e-mail, may need to be provisioned/ set up by your employer/ IT department.
  VanessaS_VZW
  Follow us on Twitter @VZWSupport
  If my response answered your question please click the "Correct Answer" button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!

• How do I use the Certificate Assistant to set up secure email for clients

  I was at first thrilled to find the Certificate Assistant, and now I'm frustrated. I need to have secure, encrypted email for my psychotherapy clients. I thought that if I created my own certificate authority and then issued certificates to my clients, I would be fine. But I can't get this to work. I set up my own authority, but when I try to get a certificate (using a different email account) I can't get it to work. For example, I go to the website created on mac.com and click the "download an invitation" button and then click the download, which opens the Assistant. I fill out the form, but I get an error saying I haven't configured an email account. How do I "configure" an email account? I mean, I use this account all the time; what more configuration does it need?
  Second question. Will anybody with a Windows machine be able to use that webpage? Seems like it's a mac only program, so what good is it in the real world?
  I know I could try to do this with Thawte or whatever, but asking my clients to get trusted so I can use encryption is unreasonable. If not having my own authority (if I could get THAT to work) is there any other way? Are there any good things to read about this? With the federal HIPAA privacy requirements, there are lots of doctors wrestling with this question.

  If you are referring to your "iCloud account", then simply tap "settings / iCloud" - delete the account you are currently logged in with, and add the correct one.
  iCloud Set up - http://www.apple.com/ca/icloud/setup/.

• How do I remove the certificat error everytime I try to access the Cisco Unified CM Administration web-page?

  Hi,
  Every time I want to have access to the Cisco Unified CM Console (System version: 7.0.1.11000-2), I use the https://10.10.x.x/ccmadmin/showHome.do homepage on my client computer, but when I open the page, I get a SSL certificate error, stating no trust to this webpage security certificate and if I those "continue to this page (not recommended)", I get access to the Cisco Unified CM Console web page.
  I have tried to add the https://IP-adress to secure web pages in Internet Explorer 7, but this to no avail, it does not help.
  How do I add this certificate to a trusted something, so I do not get this warning every time I open the page?
  Kind regards,
  Carl-Marius

  Hi Michael,
  It worked when I change the IP-address to the name that was written in the certificate, and imported the certificate to Internet Explorer.
  Thank you for your fast and very precise help!
  Kind regards,
  Carl-Marius

• Windows server 2012 update standalone installer error: the certificate for the signer of the message is invalid

  I have a windows server 2012 Hyper V machine which acts as a web front end for my sharepoint 2013 farm.
  It is set to install updates automatically.
  I have 4 patch to install to correct an issue with my search:
   KB
  2567680, KB
  2554876 , KB
  2708075 , KB
  2472264 
  These are Microsoft patches
  Whenever I try to install them I receive an error
  Googling the error, I have tried extracting the file and using CMD prompt to install the xml file to install but to no avail.
  I have installed Windows Identity Foundation as a role. It is necessary for this to be 
  I have also noticed that all updates for a couple of weeks have failed. I have 2 other servers in the farm, both of which are joined to the same private network cannot look for updates with another error. Not sure if these are related.
  Anyone know of anything like this?
  Thanks in advance

  right-click the file and select properties.
  On "Digital Signatures" the tab, select the "Microsoft Corporation" entry and click "Details"
  In the "Digital Signature Details" dialog, click "View Certificate"
  In the  "Certificate" dialog, click "Install Certificate..."
  In the "Certificate Import Wizard" dialog, select "Local Machine" (though current user might work, didn't use it, so I can not attest to it) and click "Next"
  Select the "Place all certificates in the following store" option and click "Browse"
  In the "Select Certificate Store" dialog, select "Trusted Publishers" and click "Ok"
  Back in the "Certificate Import Wizard" click "Next"
  You should now be at the "Completing the Certificate Import Wizard" step of the "Certificate Import Wizard" ... click "Finish"
  You should get "Import was successful"
  You should now be able to install the package.
  gimme some slamming techno!!!!

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• "The certificate is not trusted because no issuer chain was provided" error in all browsers for all websites.

  As it says, Chrome, Firefox, and Internet Explorer all give the certificate error message for any and every website attempted - including the Firefox add-ons page. The specific error is the "no issuer chain was provided".
  1) This problem is not on my computer - it is on my mother's computer in another city. Therefore, I cannot attempt every little possibility without flying over there - I'm looking for things I can tell her to do over the phone. The problem started today. I've already given her the list of anti-malware programs to go install and run from here:
  https://support.mozilla.org/en-US/questions/982393
  Note that, of course, she will have to accept the security certificate override to get to these things - I hope this isn't bad.
  2) The problem started after she tried to use Skype, it hung for a very long time and would never log on. So she tried to reinstall it - and she said she clicked through a number of agreement screens and believes she may have installed malicious 3rd party software. This is ridiculous, is Skype now putting malware on people's computers through these bogus 3rd party add-ons at installation? I suppose it is possible Skype was hanging because of some other problem - but she did manage to reinstall Skype and got it to work (but now her internet certificates won't).
  3) She has BitDefender. I am aware that it says here:
  https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
  that she should turn off SSL scanning. She turned it off, it did not solve the problem. She turned it off and restarted, it did not solve the problem. She has had it on for the past 6 months and it has never caused a problem.
  4) In addition, BitDefender reported today that it stopped a malicious program called MySearchDial.exe from attempting something it shouldn't. We went through this removal guide:
  http://malwaretips.com/blogs/start-mysearchdial-removal/
  however, the software MySearchDial was never actually installed into the windows install list, and we did not find any addons/plugins in any of the browser lists (note that Firefox add-ons cannot be accessed with a certificate error, it gives the error message but DOES NOT give you the option to add an exception so you can't access the add-ons). The only thing we found was (a) MySearchDial was default in the IE search engine list, despite there being no add-on, and (b) MySearchDial.exe was in the temp folder (now deleted). I note that I had BitDefender scan the temp folder *before* I deleted MySearchDial.exe, and it claimed no threats were found. What? It was BitDefender that warned me of it in the first place!
  5) Time and date are correct.
  6) Checked the Win 7 install log, only Skype, Skype Click-to-Call, and (for some reason) Mircosoft Visual Studio 2010 and Visual C++ were installed or altered today. I got paranoid about Click-to-call and asked her to uninstall it, but it didn't solve the problem.
  7) The OS is Win7 64bit Home.
  Anything beyond endless Malware removal programs (via list linked above) that we should try?

  The only way to know what is going on is to retrieve the certificate and check who is the issuer.<br />
  It is always possible that the server doesn't send the full certificate chain (intermediate certificates), so it might help to post a link to this website
  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Verification Failed. The certificate for this server is invalid

  I am trying to backup my iPad to iCloud.  I get:
  Verification Failed.  The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
  I am logged onto the wifi at work and I can surf the Internet so the connection is OK.
  How do I begin to debug this issue?

  Hey everyone,
  I had this issue for few months already! I have a @me.com mail address, theoretically should be compatible with iCloud, just for some reason, it's not working!!
  The mail all work fine on my macbook and iPhone, just the ipad kept showing the error message, the "verification failed".
  The internet is wi-fi and it all working fine.
  Now here is the solution.
  Make sure you got internet connected fine.
  Go Setting --> Mail, Contacts, Calendars --> Add Account --> Other
  --> Add Mail Address -->
  in the description, it will auto showing "Me", don't change it!
  Go "Next" -->
  in the Incoming Mail Server
  Host Name --> Type "imap.mail.me.com"
  Then your user name and password
  in the Outgoing Mail Server
  Host Name --> Type "smtp.mail.me.com"
  Then your user name and password
  Then next and save it.
  This should work, it works for me,
  Hope this helps!!

• Xcode - "The certificate for this server is invalid"

  Hi,
  I'm trying to log into my Xcode Server (with it's own self-signed certificate) from my work iMac, I receive the following message:
  "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “[server name]” which could put your confidential information at risk. Would you like to connect to the server anyway?"
  The only option is "OK" which just prompts the login screen again, it doesn't allow me to "connect anyway".  How do I get around this? :/

  What account are you trying to access? Skype or some other site and you are being redirected to Skype?

• The certificate for this server is invalid skype

  I am attempting at access My Account on an iPhone 5, I am getting a message saying the certificate for this server is invalid.  You might be connecting to a server that is pretending to be "secure.skype.com" which could put your confidential information at risk.
  My date, time and time zone are all correct.  Any suggestions?

  What account are you trying to access? Skype or some other site and you are being redirected to Skype?

• My 4th generation iPod Touch won't let me get on to the App Store. When I log on to iTunes, an alert pops up that says the certificate for the server is invalid, and that it may be a server pretending to be iTunes. What should I do?

  My iPod won't let me on to the App Store, and whenever I go on to ITunes, an alert pops up that the certificate for the server is invalid, and that I may be connecting to a server that is only pretending to be iTunes.apple.com and my personal info may be at risk. I downloaded an emulator yesterday from coolroms.com but deleted the app this afternoon. I cleared my safari search data, my cookies and data, and web inspector, which still didn't work. I then proceeded to reset my iPod and then download the newest version of IOS 6.1.5 but yet still am having problems. Also to the App Store and iTunes, several other apps aren't working. Any help here?

  Also, when I go on to safari, another alert pops up that safari cannot verify the identity of the website, anything that I type in to as common as google.com. It gives me 3 options to either cancel, look at details, and continue. I've looked at the details of the website of Google and it is legitimate the site. Any help?

• I have multiple devices with the same cerificate, once I have a an exception for one, FF denys access to the others. I cannot change the certificates, I need to stop FF blocking them.

  I have multiple devices with the same cerificate, once I have an exception for one, FF denys access to the others. I cannot change the certificates, I need to stop FF blocking them.
  == This happened ==
  Every time Firefox opened
  == I attempt to access a web front end on an IBM SVC device

  You can't use the same certificate more than once.
  See also [[Certificate contains the same serial number as another certificate]]

• The certificate on my applications install DVD has expired. I am unable to reinstall with this dvd on my snow leopard on macbook pro. Pl help.

  The certificate on my applications install DVD for bundled software has expired. I am unable to reinstall with this dvd on my snow leopard on macbook pro. Pl help. If I use Lion, it works fine with the expired certificate. But doesnt work with snowleopard.

  Create a DMG file of your DVD (instructions here: http://www.wikihow.com/Make-a-DMG-File-on-a-Mac).
  Then follow the instructions here: http://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatu res/

• I created a signature ID and customized the signature; however, when I go to sign it only shows the name layout or graphic image? How do I go back to using the certificate?

  Dear Forum
  I was using Adobe version XI and the signature feature disappeared from the menu. Now I downloaded Acrobat Reader DC. Using the menu and instructions I created a signature ID and customized the signature; however, when I go to sign a document it only shows the name layout or graphic image? How do I go back to using the certificate that I created?
  Any help would be greatly appreciated.
  Regards
  Carlos

  Firefox works fine on Windows 2000 SP4 for me.
  Any chance you have a dial-up connection that uses a web accelerator to speed the loading of content?