Unable to reinstall SSL Certificate

Similar Messages

• Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

  Hi,
  We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
  We are following the below steps,
  Under "Server Certificates" tab,
       -> Click on "Install" button.
       -> On "Select Configuration" click on "Next" button.
       -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
       -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
       -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
       -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
  There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
  So, say currently the subdomains present are,
  1.abc.com
  2.abc.com
  so on...
  and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
  Please let us know if you have solution to this problem.
  Thanks,
  Rajesh

  Hi Rajesh,
  That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
  The chain should be installed using the "Certificate Authorities" tab per the following steps:
  1) Login to the Admin Console.
  2) Click Edit Configuration from Common Tasks > Configuration Tasks.
  3) Click the Certificates > Certificate Authorities tab from the Configurations page.
  4) Click the Install... tab from the Certificate Authorities (CAs) page.
  An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
  You should then see the CA and intermediate certificate(s) listed in the security database.
  If you have access to MOS, more details can be found in the MOS KM Note:
     Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
  regards
  Tracey

• Unable to configure SSL certificate on Apex

  I am trying to configure ssl certificate in one apex application.
  http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
  as per the above document first step is create a wallet with SSL certificate information.
  While creating wallet i am trying to import the CA certificate and User Certificate.
  But i am not able to import the certificates properly. I am getting error messages.
  Error Message :
  User certificate installation failed
  Possible Errors;
  -- Input was not a valid certificate.
  -- No matching certificate was found
  -- CA certificate is needed for certificate chain not found please install it first.
  What could be the reason for this. and solution for this problem ?

  Yes I am using OWM ( Oracle Wallet Manager)
  First I have created a new wallet and then i did create service request.
  Then Import user certificate and import CA certitificates are enabled.
  Then tried to import the certificates above mentioned errors are coming.....
  Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
  Any how if do import user certificate first it will show an error saying install ca certificate first.
  Message was edited by:
  Santhosh Kumar T

• After reinstall, SSL certificates not accepted.

  Hello there!
  I've reinstalled my Macbook Air (Mid 2012, OS X Mountain Lion 10.8.2) due to a problem when I lost my password.
  When I launched an app like Safari, Mail or Chrome, I've experienced the same problem. Pages using the SSL encryption were unsupported, not working. It shows the problem with the certificate which is not acceptible, old.
  Please, help me out there.
  In the meantime, I will be using Firefox, which works just fine (strange!).
  Thank you all very much!
  A.

  This is looking like its headed for a common problem people have been having with the GoDaddy certs - mind shooting me a PM with the url that you're using to sync with?  Got a bad feeling the cert compatibility problems are real - especially if Win Mobile devices are unaffected.
  Here's a similar problem:  http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=2600
  And another with some explanation: http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=4693&view=by_date_ascending&...
  Message Edited by Imaginos on 02-13-2009 05:11 PM

• Unable to set (ssl) certificate on a SQL Server 2012 clustered instance

  Hello everyone!
  I'm trying to encrypt the SQL Server communication with SSL but I can't add the certificate in the configuration manager. I've found and tried a lot of different explaination but none of them worked. I'll described what I've done and hope someone will point
  out what I'm missing.
  Here is my situation:
  - SQL Server 2012 Enterprise Edition. Instance name = INSTANCE, FQDN =  SQINSTANCE.mydomain.com. The instance is running under a customized service account: mydomain\sql_sa
  - Two cluster nodes running Win Server 2008R2: NODE1.mydomain.com and NODE2.mydomain.com. Cluster itself is CLUSTER.mydomain.com
  What I've done:
  1) Asked the team in charge to generate a certificate issued to "SQINSTANCE.mydomain.com" with aliases to "NODE1.mydomain.com", "NODE2.mydomain.com" and "CLUSTER.mydomain.com". I get a certificate with "p7b"
  as extension
  2) Connect on "NODE2.mydomain.com" with account "mydomain\sql_sa". Opened MMC and added the certificate under "Personnal" folder. I tried to add it with "Current user" and "Local computer" settings. Saw both
  on internet since I use a specific service account
  3) Get the thumbprint of the certificate and add it under HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL11.INSTANCE\MSSQLServer\SuperSocketNetLib\Certificate. (I triple checked to remove blanks or special characters)
  4) Reboot the node
  5) Open the SQL Server Configuration Manager, go to the network properties. Certificate does not appear in the list
  I tried to check with certutil and saw the certificate in the output. Some guys talked about some private key but I don't see this particularity in my situation. I tried to check if the certificate is valid and, according to the criterias, it is.
  Does anyone can help me with this?

  Hi,
  Are you sure you've got the certificate correct?  http://msdn.microsoft.com/en-us/library/ms191192.aspx
  To use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server
  on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1.<your
  company>.com and test2.<your
  company>.com, and you have a virtual server named virtsql, you need to install a certificate for virtsql.<your
  company>.com on both nodes. You can set the value of the ForceEncryptionoption
  toYes
  In your case, shouldn't it be created for CLUSTER.mydomain.com?
  Thanks, Andrew
  My blog...

• The certificate on my applications install DVD has expired. I am unable to reinstall with this dvd on my snow leopard on macbook pro. Pl help.

  The certificate on my applications install DVD for bundled software has expired. I am unable to reinstall with this dvd on my snow leopard on macbook pro. Pl help. If I use Lion, it works fine with the expired certificate. But doesnt work with snowleopard.

  Create a DMG file of your DVD (instructions here: http://www.wikihow.com/Make-a-DMG-File-on-a-Mac).
  Then follow the instructions here: http://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatu res/

• Can't reload ssl certificate after reinstall

  So I dont know if I did this correctly or not.
  I needed to do a clean install of my system software. So I backed up my registered SSL certificate by selecting it in Keychain Access and Exporting it to an external drive under the name certificate_backup.p12
  After the reinstall I imported the certificage back into my Keychain. In Server.app->Myserver->Settings I clicked edit next to SSL certificate. In the Certificate dropdown list I selecteded the imported SSL certificate and hit OK. In the Server.app window a the little loading icon spins and then finaly stops. The SSL certificate field says Custom. If I click on edit it shows all services but Web have the imported SSL certificate applied to them.
  Every time I try to set the imported SSL certificate to the Web service it appears to fail. There does not appear to be any specific error in the Web service error log other than "Server should be SSL-aware but has no certificate configured"
  I am not sure if I have backed up my certificiate correctly or imported it correctly for that matter. I do not know how to solove this issue.
  Any help would be appreciated thanks!

  No.
  The best you can do is copy and paste elements from your site into a new iWeb project file, named "Domain" on your HD.
  I understand why you and many others would think your "project" file is stored on your iDisk, but unfortunately you are now learning the difference between project and presentation...
  Here's a metaphor:
  You took some pics on your digital camera, edited in Photoshop and printed the pics and since then erased the pics off your camera/computer. Can you still edit those pics in Photoshop?

• Problem with OAS Instance Name y Host Name to create trial ssl certificate

  Hi, everyone
  I have a problem when creating a trial ssl certificate from Verisign page, affer a live assistance, that page rejected my CSR generated from OAS, saying thay my common name has invalid characters.
  My Oracle Application Server installation name: Instance.HostName is:
  IAS_IND01.ind-internet
  So, Verisign told me this name can't contain "_" or "-" characters for example.
  I need to know if it's possible to change the instance name and if OAS host name changes also if i change server's host name.
  I wouldn't like to reinstall all over again.
  Please help.
  Regards
  David

  Hi,
  No your AS server will not automatic. even if you change your host name.
  If U 'll try to change your host name, be carefull when U 'll try to start you AS instacne
  it ' not start anymore , AS user hosts fill to get full quallified name of your host.
  U 've two choices
  -1 delete your AS, then change your hosts name, then new installtion of AS
  2- If U 've exprience with AS, just breng your AS down, change your hosts name,
  U 'll need to do some changes in your AS, just read admininstrator Guide.
  Cheers,
  Hamdy

• Exchange 2010: How to renew an SSL certificate?

  Hi all.  I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010.  I really don't want to mess this one up by cobbling together partial answers
  from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out. 
  This is a standard GoDaddy 5-domain UCC certificate.  There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet).  The existing certificate expires in a month or so. 
  I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
  has addressed all my concerns, or in some cases information conflicts.  So my concerns for example are:  can you do a renewal for a certificate before the old one expires?  It is actually a renewal, or are you adding a 2nd certificate? 
  Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  Thank you. 

  -->Can you do a renewal for a certificate before the old one expires? 
  Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
  -->It is actually a renewal, or are you adding a 2nd certificate? 
  You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
  -->Do you have to do anything in IIS or does EMC or EMS do all that for you? 
  You will have to do it from MMC or EMS. No need to do anything from IIS.
  Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
  1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
  folder
  Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
  2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
  3. Open Exchange MMC. Go to Server configuration. Right click on the pending request.  Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
  4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
  5.Delete the old one certificate from MMC.
  From EMS use this command 
  Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
  You can see the the certificate thumprints using Get-ExchangeCertificate command
  MAS. Please dont forget to mark as answer if it helped.

• File Adapter FTP SSL SSL Certificate Exception

  After reviewing the results of searching on this error, I do not find anything that fits my situation:
  SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
  I am not using X.509 certificate for client authentication.
  My connection is using a non-public certificate.
  I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
  I am getting the following error:
  Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
  Any recommendations?

  Hi,
  The main reasons for this error are:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other people have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  Hope it solves your querie.
  Regards,
  Caio Cagnani

• Configuring SSL certificates on ALBPM Studio

  Hi,
  I am invoking a web service which is deployed on a web logic server which is a secure server and needs SSL certificates to communicate. I have the certificates but don’t know how to configure it to my ALBPM Studio.
  Can I configure those to studio or do I need to deploy my code on the Enterprise edition installed on application server having these SSL certificates? But in that case I would land up investing so much time in deploying the code on server after even a small change. Since I don’t have those certificates configured to my studio it is not allowing me to catalog the service in my project and throwing Introspection error. The details of the error are mentioned below:
  +[Error] Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..+
  +[Error] Instrospection exception: Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target...+
  Can anyone throw any pointers on this type of error
  Thanks,
  Akshay

  In order to communicate with SSL secured webservices (those with WSDL end point starting as https:// you need to have certificates from these servers.
  For BPM Standalone these are the steps
  1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
  2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
  3. Run the following command at a command prompt:
  C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
  4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
  5. You will then get the following message if all is successful - "Certificate was added to keystore".
  6. Restart Tomcat (inbuilt server in BPM Studio).
  This should solve your problem.
  Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
  http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File
  Arvind
  Visit my blog at http://soa-bam-bi.blogspot.com/ for more tips on BPM & SOA

• Why is the SSL Certificate "Edit" button disabled in Server Settings?

  I just setup my Lion server and am attempting to create a self-signed certificate. All of the directions start with "Run the Server app, go to your server, click the setting tabs, and push the 'Edit' button next to SSL Certificate". Well, I can't because the button is disabled.
  I have two theories. The first is that my network setup is messed up somehow. My server name is "server.mydomain.private". When I click on Configure Network, it shows that name and the proper IP address.
  My second theory is that the SSL Certificate requires some other service, maybe Open Directory.
  Anyway, I'm stumped. Any suggestions are welcome.

  venblr, I saw that one too, tried it, but it didn't work. I think I deleted a certificate or something, which caused the problem in the first place. I'm going to finish reading some Lion Server books before starting from scratch by reinstalling Lion and then LIon Server. (I have a screen snap of earlier work and it shows the SSL Certificate "Edit" button enabled.)

• CF7 and JDK 1.4.2 - EV SSL Certificate Issue

  Let me start off by telling the group that we do not use CF for any of our applications.  We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use.  We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API.  About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy.  I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck.  Here are the details:
  EV Certificate issued by DigiCert (4096-bit).
  Customer is on CF7 and JDK 1.4.2.
  When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application.  He is using cfhttp to post his requests.  We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates.  Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
  Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
  Thanks in advance to those gurus that reply.  I have attached a sample post from our customers logs with non-essential data removed.
  I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
  - Dave

  Dave,
  I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
  I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
  so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
  to either CF 8 or CF 9 to get the issue quickly resolved.
  I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
  if I do find a solution, I'll definitely post it there for you.
  Cheers

• Wildcard * SSL Certificates for TTA??

  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on the name
  for wildcard certs?
  Cyrus

  Hi Cyrus
  I was loosely referring to PKI rules e.g.
  http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
  http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
  Wildcarding isn't supported. I understand what you are trying to do now
  but it won't work because the software is looking for a certificate
  matching a single server.
  The certrequest command is just a wrapper script for openssl so it won't
  stop you doing anything the openssl command believes may be valid. You don't
  actually need to use this command it's just there for convenience, you
  could do everything just using openssl.
  The current documentation doesn't explictly state that you can't use
  wildcards in certificates but it does say you need a certificate for a
  SGD server. My understanding of the wildcard issue is that it is up to
  a particular application to decide what is appropriate.
  http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
  Regards
  Barrie
  On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
  May I inquire as to where these rules are listed regarding SSL Certs, I
  didn't see anything to the effect in the documentation. Also why weren't
  the rules enforced at certificate generation time. Even the validation
  command (tarantella security certinfo) had no problems.
  The CSR generation/signing went through flawlessly and created a wildcard
  cert that Apache could use. It's one thing if the whole cert process
  couldn't handle a wildcard, but it seems like everything would have worked
  if only the applet accepted a wildcard regex match.
  Regards,
  Cyrus
  barrie wrote:
  Hi Cyrus
  No, sorry. The rules say you can't do that. You are required to have a
  certificate for a node not a network.
  Regards
  Barrie
  On 2005-08-05, CM <[email protected]> wrote:
  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to
  name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on thename
  for wildcard certs?
  Cyrus

• SSL Certificate Install Problem

  To all Sun App Server Gurus,
  I face a major challenge trying to install an SSL certificate on our Application Server.
  The Manage Database was successful.
  I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
  The certificate is issued and validated by our CA.
  I follow the steps according the documentation to import the certificate.
  I specify the following to import the certificate
  1) Certificate for : o This Server
  2) Cryptographic Module: internal
  3) Key Pair File Password: **************
  4) Message Text (with headers):
  -----BEGIN CERTIFICATE-----
  U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
  -----END CERTIFICATE-----
  5) Click OK
  The next screen shows the certificate information which are correct as well.
  After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
  After I click OK the Admin GUI displays the following error in the browser: "Not Found
  The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
  Security > General
  Log Level: finest
  Audit Logging Enabled: unchecked
  Default Realm: file
  Anonymous Roule: ANYONE
  In the admin server log I get the following entry:
  WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
  I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
  I also reinstalled the App Server twice so far and used the default options.
  If anyone could please help me with this that would be extremly helpful.
  Thank you.
  Regards,
  Martin

  try converting your key from der2pem using
  java utils.der2pem {keyfile  in der} {keyfile out in pem}
  thanks
  kiran
  "eraldo" <[email protected]> wrote in message
  news:[email protected]..
  hi,
  I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
  Solaris 8). Following the post 5457 (found in your newsgroup) I made
  this steps:
  - I generated CSR using web application /certificate
  - I sent CSR to Entrust.com obtaining a certicate and a chain
  certificate
  - I configured the server under "Configuration - SSL" with following
  parameters:
  - Enabled = true
  - Listen port = 8002
  - Server Key File Name = <path to private key ".der" file>
  - Server Certificate File Name = <path to Entrust CRT ".pem" file>
  - Server Certificate Chain File Name = <path to Entrust CA ".pem"
  file>
  - Key Encrypted = true
  - I changed startWebLogic.sh:
  - added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
  line
  Launchin' the script I got the following exception:
  <Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
  configuration problem with ce
  rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
  java.io.IOException: weblogic.security.Ciph
  erException: Invalid padding length 48>
  java.io.IOException: weblogic.security.CipherException: Invalid
  padding length 48
  atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
  atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
  at weblogic.Server.main(Server.java:35)
  Any idea?
  Thanks in advance,
  Eraldo