Try to implement SSL for OMS console - Third Party Certificate

Similar Messages

• Configuring PI SSL for communicating with third-party web services

  Hi,
  I'm trying to load a COMODO certificate into a J2EE environment running in NetWeaver 7 (no enhancement packs), in order to connect to an external web service using SSL
  I have been looking at this reference:
  http://help.sap.com/saphelp_nw70/helpdata/en/a0/a5d13f83a14d21e10000000a1550b0/frameset.htm
  and in this document (and many others i've read) it talks about requiring a server key pair to support SSL.
  http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  My question is - is there a way to use the self-signed root CA certificates instead of having to generate CSRs and sign certs?  I ask this because it seems completely impractical to have to generate key pairs for each SAP installation that is required to access a third-party web service.
  Furthermore, the SSL connection may only be for the web service and I'd rather not have to ask that the entire J2EE server is switched to SSL in order to make this secure connection. I've recently discovered the AXIS framework for the SOAP adaptor however I'm not familiar with it and can't identify whether you could use this for the SSL handshake and avoid having to a) generate certificate key pairs and b) switch your J2EE server to SSL
  Does anyone have experience connecting to a third-party service using VeriSign, COMODO or Thawte certificates and can clear this up for me?
  Regards,
  John

  Did you resolve your issue?
  I´m posting some comments that maybe can help newer administrators facing similar doubts.
  I´m using NW PI 7.1 EHP1 also and some interfaces were developed for using an external site providing web services through SSL (HTTPS) connection.
  As in browser navigation, secure sites protected with SSL has a certificate emited by a international CA. We didn´t perceive the "handshake" in the most of cases because normally the web browser has a group of trusted CAs loaded on its certificate store.
  With SAP PI and its WAS Java a similar procedure occurs with a small difference. The WAS Java didn´t have the trusted CAs loaded on KeyStorage. So, when the adapter tries to establishing a connection with an HTTPS site (it is a background process)  a "handshake" is required to accepting the certificate and produces a error.
  We completes the handshake importing the entire certificate chain (you can upload the site´s certificate to your browser and export it as file) on Keytore under the Trusted CAs view.
  Hope this can help someone. It´s an "easy" part of SSL communication.
  Now I´m trying to configure the inverse: Some third party consuming the PI web services using SSL. I have an additional component on inbound/ incoming connections that is the SAP Web Dispatcher.
  The Help.sap.com is the reference but as always its a little difficult to find the (sequential) path following the links (go ahead, go ahead, go ahead, go back, go back, go ahead)...
  Regards,
  Rodrigo Aoki

• Generate CSR for Third-Party Certificates

  Hi All,
  i have an issue when i tried to Generate CSR for Third-Party Certificates,
  i follow step by step in the document of cisco until this step:
  3.
  Now that your CSR is ready, copy and paste the CSR information into any CA enrollment tool.
  In order to copy and paste the information into the enrollment form, open the file in a text editor that
  does not add extra characters. Cisco recommends that you use Microsoft Notepad or UNIX vi. Refer
  to the website of the third−party CA for more information on how to submit the CSR through the
  enrollment tool.
  After you submit the CSR to the third−party CA, the third−party CA digitally signs the certificate and
  sends back the signed certificate via e−mail.
  4.
  Copy the signed certificate information that you receive back from the CA into a file.
  This example names the file CA.pem.
  my issue is where i sould copy and paste the CSR information into any CA enrollment tool. i just have done create mykey.pem and myreq.pem in my folder OpenSSL\bin
  Please help and Thanks you.
  Regards,
  Jasa

  you have to do more steps using openssl.
  before you obtain the third−part certificate, you have to copy that on a notepad text, and you have to obtain an intermediate and root certificate from the company that gives you the certificate.
  Then you have to copy and paste on a notepad or gedit:
  SSL (the certificate that they give you)
  Intermediate (the certificate that you obtain from the company that gives you the certificate)
  Root (the certificate that you obtain from the company that gives you the certificate)
  name the text file like: allcerts.pem
  then... you have to run this commands:
  C:\OpenSSL\bin>openssl pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:yourpassword -passout pass:yourpassowrd
  C:\OpenSSL\bin>openssl pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:yourpassword -passout pass:yourpassword
  Then you are going to have a file named: finalcert.pem, thats the one you have to update to the WLC. please note that on those lines "yourpassword" is the password you use when you create the certificate and its going to be the same that you have to use for upload to WLC.
  Note that you have to use openssl version 0.9.8 because its the only version thats WLC support
  If you have doubts please contact me.
  Have fun!

• SSL with third party certificate

  Hi All,
  I followed the configuration mentioned in the white paper
  Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
  I have a third party certificate (file format - .der, I got .cer from that).
  With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
  In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
  Any suggestions please…

  Hi All,
  I followed the configuration mentioned in the white paper
  Oracle Forms Services 10g: Configuring Transport Layer Security with SSL An Oracle White Paper July 2005 (frm10gss.pdf). That is working fine.
  I have a third party certificate (file format - .der, I got .cer from that).
  With this certificate i need to configure the Application Server 10g. For this certificate i didn't created certificate request and sent to the third party.
  In the steps motioned in the frm10gss.pdf where i have to make changes to include the third party certificate and not to consider the default oracle OCA certificate. Or with that Certificate how can i configure the SSL.
  Any suggestions please…

• Third party Certificate not showing up in SQL configuration manager drop down box

  Hi,
  I have an SQL instance that needs to use a third party SSL certificate for all communications to that SQL instance. I have installed my third party certificate via MMC and it is showing under the Personal Folder.
  However, when i go into the SQL configuration manager and right click the instance name > Properties > Certificates, it is not showing in the drop down box.
  I am currently using MS SQL Server 2008 R2, which is installed on Windows Server 2012. 

  Hi,
  If the certificate cannot be used for SQL Server and hence will not be visible in SQL Configuration manager. Check the validity of the installed certificate. It may not has the correct DNS name.
  I suggest you request a new third party certificate from the vendor with the correct DNS name. Install it on SQL Server environment, then you should see certificate form the configuration manager dropdown box.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Error While importing third party certificate

  Hi,
  In my application I'm using HTTPS for secure connectivity.For that purpose I signed my midlet using a third Party certificate (GoDaddy's Certificate).But when I'm hitiing the url it is not working.
  I've done this with generating my own certificate with Tomcat.It is working fine there.I followed the following topic to create Certificate for TomCat
  http://143.129.203.3/s/sitter/sl2nap/javaSSLprogr.htm
  but when i'm hitiing some live url then it is not working!
  Please provide me proper help if possible
  Thanx in advance

  Slawrence,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Replace Self-Signed FAST Search Certificate with Third Party Certificate

  We are trying to replace the Self-Signed FAST Search Certificate with Third Party Certificate in our SP 2010 environment. And are facing issues while enabling the SSL communication between the FAST servers and the corporate servers.
  Our FAST search servers are in a different farm than that of the Corporate Servers.
  The details of the certificate we received is as follows:
  Issued to : FastSearchCert
  Issued By: Issuer Name
  Valid From: 4/21/2015 to 4/20/2017
  We were able to successfully renew the certificate on the FAST Search Server by following the below steps:
  1.  Login to the Administrative and the Non-Administrative nodes 
  of the FAST server. Go to Windows Service and stop the FAST Search for SharePoint and the FAST Search for SharePoint Monitoring services in both the servers.
  Follow the below steps in the Administrative Node followed by the Non-Administrative Node
  2. 
  Install the certificate in the following paths in the certificate store:
  “Certificates(Local Computer)\Personal”
  “Certificates(Local Computer)\Trusted Root Certification Authorities”
  3. Ensure that the user account configured for the “FAST Search Server 2010 for SharePoint” has access to the private key of the certificate.
  4. Go the Administrative node of the FAST farm and follow the below steps:
  Go to the certificate store.
  Expand the Personal folder and then click the Certificates folder. Double-click the third party signed FAST certificate.
  Open the Details tab and then click Thumbprint. Note down this thumbprint.
  5. Next, open
  Microsoft FAST Search Server 2010 for SharePoint with Administrator
  Privileges.
  6.
  Navigate to the directory, “D:\FASTSearch\installer\scripts” and execute the below command to replace the current certificate with the newly created
  third party signed FAST certificate.
  .\ReplaceDefaultCertificate.ps1 -thumbprint "certificate thumbprint".
  7. The FAST certificate was renewed successfully.
  Once the certificate has been renewed successfully in both the nodes, follow the below step:
  8. Start the FASTSearch for SharePoint and the FAST Search
  for SharePoint Monitoring services in the administrator server.
  Next, while enabling the SSL communication between the FAST servers and the other corporate servers, we follow the below steps:
  1. 
  Copy the new certificate from any of the FAST servers to all the web-front end and application servers in the corporate farm, in order to enable SSL communication between these servers and the FAST farm.
  2.   Also, copy the script
  ‘SecureFASTSearchConnector.ps1’ from the location “%FASTSearchFolder%\installer\scripts” in the FAST servers 
  to the web-front end and application servers of the corporate farm.
  3.  Follow the below steps on each of the servers in the corporate farm:
  Open ‘SharePoint 2010 Management Shell’ with administrator privileges and navigate to the directory in which
  SecureFASTSearchConnector.ps1’ script is located.
  And then, execute the below command:
   .\SecureFASTSearchConnector.ps1 -certThumbprint "certificate thumbprint" –ssaName “FASTCibtebtSSA” –username “DOMAIN\SP_Farm”
   Where,
  -certThumbprint 
  - Thumbprint of the certificate
  -ssaName – FAST Content SSA
  -username – The account configured to run the SharePoint
  Search Service
  On execution of the above command, we receive an error message stating that the "Connection to the Content Distributor servername.corp.abc.org: 14391 could not be validated...instance of FAST search server backend is running"
  Please help us resolve this issue. We have not been able to find the cause of the above error for a long time.
  Any help is much appreciated.

  Your tip on exporting from eDir to locate a missing private key was very helpful. Here are my steps to renew an expired third party certificate when the private key, generated 30 months ago in my case, could not be located.
  In iManager, browse the tree and locate the likely certificate object. The Attributes for the object show Subject Name = webmail.acme.com. Selected the certificate and exported to webmailcert.pfx.
  Then, the openssl commands in TID 7004039, "How to convert a SSL PFX to a PEM file", were run against the .pfx file to create cert.pem, key.pem and server.key files.
  TID 7015500, "How to determine if private key belongs to public key (certificate)", was followed to determine if the public key (downloaded from third party) and private key (just retrieved from iManager) match - they did - that is, the private key converted from webmailcert.pfx matches the downloaded certificate.
  TID 7013103, "How to create a .pem File for SSL certificate Installations", was followed to manually create a server.pem file using openssl.
  TID 7010584, "How to setup SSL Certificate for Apache", part labeled "Additional Information" was followed to modify /etc/apache2/vhosts.d/vhost-ssl.conf file. Server.pem file created above copied to /etc/apache2/ssl.crt/ and /etc/ssl/servercerts/ directories as specified in vhost-ssl.conf.
  Restarted apache2.
  www.digicert.com has an SSL Certificate Checker that can be used to verify the installation is successful.

• CDN Third party certificate

  When will CDN on azure support SSL for custom domain. Its almost so long we are discussing and facing a huge impact on our sales and support queries. Our entire application sits on azure. We need a solution ASAP. It has been a long wait.

  hi,
  Thanks for posting!
  As far as I know, It may be not supported that you use the Third party certificate to custom CDN domain. You could vote this feature request on this link (http://feedback.windowsazure.com/forums/169397-cdn/suggestions/1332683-access-to-cdn-over-ssl-https
  ). Also, I will report this issue.
  Thanks.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How do i use Third Party certificates when setting up Lync 2013

  Hi,
  I'm currently installing a trial of Lync 2013 for my company and it has got to the stage of adding in certificates. My company have no wish to add in a Certificate Authority unless its vital, they have asked if its possible to use a third party certificate
  provider. I have no idea how to go about this and would appreciate any help on where to get a certificates from as well as how to import these into Lync.
  Many thanks
  John 

  Yes it is possible. Thankfully Lync makes it very easy. When you deploy Lync one of the steps in the Lync Deployment Tool is to Request and Assign Certificates.
  It's a wizard that will create the CSR for you and basically include all the required names.
  You will however need UCC certificates for most things  (that support multiple Subject Alternate Names) so it may get a little expensive.
  The CA you choose is really up to you, but GoDaddy do some pretty reasonably priced UCC certificates. Digicert is also another commonly used CA
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
  www.lynced.com.au | Twitter
  @imlynced

• Install third party certificate on MAC os X

  Hello,
  I have installed leport 10.5.X on my machine. I am new bie for MAc and want to install intermediate certificate for my domain from Digicert. I have registered from Digicsert. Please help me to how can I install on the machine. I also need to create a new certificate but when I tried to add it shows an error message like this.
  "There are no valid root or intermediate certificate authorities available to sigh certificates. Use the "create certificate Authority" option to create a certificate authority."
  Can anybody please help me to what should be the next step.
  And how can I install third party certificate.
  Thanks in advance.

  There is a product called VolumeWorks that is supposed to do this. I looked at the demo, but I could not get it to see the extra space so I ended up backing it all up and erasing the Raid and doing a block copy with Carbon Copy Cloner.

• WLC526 third party certificate?

  Hi!
  Is it possible to install a third party certificate on the WLC526 Controller?
  Would be great for Web Authentication for my Guest Wlan!
  Thankx
  David

  Hi,
  If the certificate cannot be used for SQL Server and hence will not be visible in SQL Configuration manager. Check the validity of the installed certificate. It may not has the correct DNS name.
  I suggest you request a new third party certificate from the vendor with the correct DNS name. Install it on SQL Server environment, then you should see certificate form the configuration manager dropdown box.
  Thanks.
  Tracy Cai
  TechNet Community Support

• How to implement SSL for Portal with ADS (for Adobe besed MSS Application)

  Hi Experts,
  What is the Minimum setting is required to implement the SSL for Portal with ADS.
  Http is working fine with Portal with ADS and R/3 for Adobe Based MSS Form.
  Please let me know.
  Regards
  Ali

  Rajat,
  Nice to see your reply...
  Could you please write me the steps how to do that.
  I would like to implement SSL only in portal. So is that mandatory to implement the SSL in ADS and R/3 too.
  Please what are the minimum setting is required.
  Sure points will be rewarded
  Regards
  Ali

• Error when creating PO for sales order (third party)

  Hi All,
  I have been trying to create a new PO from a purchase requisition. This PR is a third party PR with Account assignment category S. Also it is sales order related.
  When I try to save the PO it gives me two errors as shown below :
  "No upate of sales order 30081586 from purchase order (error V4 115)"
  "System error (error in method PO_POST)"
  Has anyone come across such an error? Is this because of something wrong in sales order?
  Regards,
  V S

  Hi ,
  Check note 849480 .
  according to this note the cause is
  "You create a purchase order with reference to a purchase requisition (PReq) that was generated as a result of a third-party order or an individual customer order. If another purchase order with reference to this sales document is changed at the same time (in another window or by another user) and the first purchase order is saved in the meantime, the associated sales order item is not updated and a termination occurs with error message ME 816, "System error: (error in method po_post)".
  This is basically a program error .To solve this follow the correction instructions mentioned in note 849480.
  Regards,
  Anupam

• Suggestion for Apple or Third-party software company?

  My first question is, where should I post the following suggestion for an improvement in FCP or for the creation of a third party software – suggested sites, blogs, etc.?
  Next, my recommendation, and then my explanation of the reason why (including my personal semi-disaster):
  Recommendation: That someone create a “Project Management” software for FCP (essentially a file management program that runs in the background) that organizes and tracks all of the files created during editing/post production – including the log/capture or log/transfer of the original footage, the audio files, stills, effects, etc, AND all of the files created by the program -- Live Type, Motion, Soundtrack Pro, and Color (especially color). The reason for this is that FCP has an incredibly complicated filing system that results in shots, files, documents, etc., being distributed all over the place – and not all known to the filmmaker or identified in the documentation. And, that condition can lead to disaster – see below.
  Explanation: I just finished my first HD project using Studio 2, including sound track pro and color. After completing what I though was the absolute final version, I burned a one-off DVD and ran it by several filmmaker and non-film maker friends. They all spotted a small sound problem with one cut, so I went back to tweak it – and discovered that ALL of the footage had gone offline. I had nothing, nada, zilch. I had saved earlier sequences (rough cut, polished cut, etc.) and all the original footage appeared, but I had taken the final version into color for some corrections and adjustments, and ALL of those shots/files were missing.
  After burning what I believed to be the final cut, I had cleaned up my hard disk, moving stuff to my backup hard disk, to my RAID array, and to the trash. So, after the initial shock and complete panic, several hours of searching all of these drives, led me to the file that contained the files that contained the color corrections – in my trash, which fortunately had not been emptied. I have no idea where the files were before or how they got into the trash – obviously they were not added to the scratch disk with all of the original footage.
  Part of the difficulty of finding the shots was the discovery that color creates a file folder, that holds a set of file folders, each of which holds only one shot. In order to reconnect, I had to move the parent folder to the desktop, and then move all of the shots, one at a time. into a single folder, and then point reconnect to that folder. Problem solved.
  However, now I face that question of archiving the project, moving all of the files off my hard drive so I can use the space for my next film, and I am terrified that I will leave something out, and not be able to recover the project in the future. Having a project management software that organizes and coordinates all of that would be a lifesaver – and well worth the purchase price.
  Anyone who would like to explore this idea, please feel free to contact me – [email protected].

  You've just learned a hard lesson. Put your current energy into your education, not finding a way to wallow in ignorance.
  There already is a hardware device that will do what you want. It's called a "manual". In particular, the sections that relate to "where the program stores media". Pay very close attention to those sections and set up your computer so that all the scratch and storage pointers are aimed where you want. It's very simple to have them all go to one drive.
  Then, when it's time to archive the project because you are starting a new project, just purchase another hard drive for the new project. They are absurdly inexpensive these days.
  Remove the drive with your project to be archived from your computer (since you now know how to keep all the files organized, they will be all together) - and plug in a new disk for the next project.
  If you want a backup, use carbon copy cloner to simply duplicate the drive (or simply just copy the relevant folders- you'll know which ones) to another drive (or get a RAID 1 device)
  good luck,
  x

• Release strategy for PR in Third party case

  Hi,
  We have this third party scenario where Purchase reqs are created at the time of Sales Order creation. A release strategy is attached to these purchase req by defining a custom field in MMaster, whenever qty goes up or equal to tht field release strategy is applied.
  The problem is, for the same material's PR, the release strategy is set in one case whereas for other PR (of different sales order) it is not set. Please help let me know what could have gone wrong.
  Thx.
  Amit

  Per your information you say that based on a custom field qty in material master release strategy is triggered. Do you have any charecteristic maintained for the Release strategy anything other than this parameter- because there must be some difference between the 2 Reqs.
  Or check the change history in Material master it may be possible that at the time of second sales order if the field value was changed so that release strategy was not triggered.
  Please give more details
  Thanks
  Deepak