UNIFIED MANAGER ALERT : on EXPIRING SSL certificates in clustered Data ONTAP systems

Similar Messages

• Expired SSL certificate errors in browser after installing a new Certificat

  I recently install a new SSL certificate from Thawte following the same process as the last time in installed. The install seemed to work for a couple days and then i stared getting calls reporting an expired SSL Certificate. I verified that the proper cert was still installed and it was. what actually got the ball rolling again was disabling the listener associated with my secure site and re enabled it. that workd for 2 days and now the website is reporting an expired SSL cert. any clue what is going on?

  Here is the output but i noticed that there are three of the same key(sitecert)
  wadm> certutil -L -d .
  sitecert                                                     u,u,u
  sitecert                                                     u,u,u
  Thawte SGC CA - VeriSign, Inc.                               CT,,
  sitecert                                                     u,u,ui guess now the question is how to get ride of the 2 offending certs in the database.

• Unrecognized update of expired ssl certificate

  hi there
  i installed open ssl to serve pages through apache using https by following this support page
  http://developer.apple.com/internet/serverside/modssl.html
  after a successful year, my server certificate expired. my users now get the following error message...
  "xxx is a site that uses a security certificate to encrypt data during transmission, but its certificate expired.
  you should check to make sure that your computer's time (currently set to xxx) is correct."
  i followed the same steps again to renew the certificate, but it still produces the same error message eve after the update. i've even tried deleting any references to the old certificates from the keychain, in case there was some old pointer, but that hasn't seemed to work either.
  the situation is causing my users some consternation and is cause for mistrust. how can i get the update to be recognized?

  To confirm, I was able to connect to https://rumi.smarthome.cs.cmu.edu/ and saw the valid certificate.
  I'm not an expert on SSL by any means, but I do believe your certificate should match the host name of the server. And as for virtual hosts, see Apache's documentation on using SSL:
  http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
  Summary: you cannot use name-based virtual hosting to host multiple SSL sites on one server. You can use different IP addresses or different ports.
  Matt

• Any adverse effect of an expired SSL certificate

  I wanted to understand if there are any adverse effects if the SSL certificate has expired. Going logically, the communication channel between server and client browser would not be secure. I would give an example to this, if the site is say https://www.xyz.com
  1) Would the site be accessible if the SSL certificate has expired, I guess yes?
  2) Any other adverse effects?
  I hope, I have been able to explain the question clearly.
  Requesting a reply to my query.
  Regards

  Thanks for your update. It is connecting using https. The SSL certificate is not generated at OS (RHEL) level but is done most probably at Tomcat server level which I am trying to check from the developers.
  Regards

• Installing Verisign SSL Certificate on NW 700 Java system

  Hello Experts,
  For our NW700 Java system, we have got Verisign SSL Certificate. Installation instructions from Verisign says - we need to install Intermediate Certificate also along with SSL certificate for our Common Name.
  Can you please let me know how we install Verisign SSL Certificate on NW700 JAVA system using Visual Admin.
  Instructions from Verisgn says:
  Install Intermediate Certificate on server.
  Install SSL certificate.
  Thanks
  Davinder

  Hello Patrick,
  Thanks for the information:
  you created a keypair for SSL in the Key Store service interface in the Visual Administrator, generated a CSR response and sent it to Verisign. Now you have the CSR response from Verisign - is my understanding of the situation correct?
  Absolutely right
  You can import this into the Key Store service, by highlighting the private key of the keypair and choosing 'Import CSR Response'. Now your key pair is signed.
  Successfully done.
  After this i can see that PRIVATE KEY (IssueDN has been changed to Verisign)
  But CERTIFICATE ISSUER DN is not changed.
  Now if i try to access the site with https, able to do properly and if click on the Lock icon on the browser, i can see certificate is 3 Chained
  Verisign Trial Secure Server Root CA - G2
  ----> Verisign Trial Secure Server CA - G2
  ----> -> Training.pearson.com (this is my Common Name)
  So it looks to be working fine.
  However there is no chain formed. You need to now follow the aforementioned note and export the private key and public key certificate separately by higlighting the private key and choosing 'Export'. Export with the 'Files of type' drop down box set to (*p8), and after exporting the private key you will be able to export the public key cert. This is step 6 and 7 of the note. Now follow steps 8-12 to form the chain
  No Chains has been made in Visual Admin, and i tried these on another server - it works as you are saying.
  But is there any benefit of importing Intermediate, Root Certificates - as mentioned in SAP note steps 8 to 12.
  If yes, then is it mandatory to make the chain till 3rd level (means Root Certificate also).
  Once the chain is loaded into the Key Store, you need to ensure that the Java dispatcher is configured to send the signed server certificate for the relevant SSL ports - see here http://help.sap.com/saphelp_nw04/helpdata/en/5c/15f73dd0408e5be10000000a114084/content.htm
  Edited by: Julius Bussche on Aug 10, 2009 3:44 PM
  code --> quote

• Expired SSL Certificate

  hi,
  I have imported an expired certificate into XI using STRUST for a site https://test.com
  When i try to test the connection to the above site, throws up an error ICM_HTTP_SSL_ERROR.
  I could see the trace file in SMICM and it explains the error saying that certificate error.
  I don't think XI would send any messages to the external system if the certificate has expired? Am i right?
  Is there any other option to send messages through HTTPS?
  Thanks,
  Tirumal

  >>I don't think XI would send any messages to the external system if the certificate has expired? Am i right?
  yes.
  >>Is there any other option to send messages through HTTPS?
  for this i need some more information like , What is your Scenario? what is the adapter you configured in the receiver side?..
  regards,
  Jeyakumar

• What's the process to replace an SSL certificate

  I have to replace an expiring SSL certificate in this server and can't recall the procedure. I have the new cert, and intermediate CA, but can't remember what utilities to use to replace the old with the new.

  The image replace works perfectly with a masked image intact,  only if the two images dimensions are the same.
  However, doing the following gets you 95% of the way with just a final tweak of the mask:
  select the image on the slide
  Format > Copy Animation
  then replace image
  Format > Paste Animation
  Format > Image > Edit Mask

• How to ignore SSL certificate warning only for a specific internal subnet?

  I understand my issue may be a little unique, but I am sure some people have come across it. I am working with some test gears that have either self-signed certificates or flat out invalid/expired SSL certificates. Since this is a lab/test environment I don't want to have to go through the trouble of generating my own certificates and load them on each test device, since they come and go quite a bit.
  Is there a way to tell Firefox to ignore SSL warning, but only for a given subnet? For example, if the SSL certificate is presented by anyone in 10.11.12.0/24, accept it without question, but if it's coming from anywhere else, check its validity.
  I doubt this will ever be a main feature for Firefox, but perhaps someone has come across an add-on that does this?

  I suggest you to ignore self signed certificates. You should get some low priced SSL certificates to prevent your website from warnings.
  I preferred to buy ssl certificates from reseller, as its low pricing.
  Some good resellers are:
  [http://servertastic.com servertastic.com]
  [https://www.sslrenewals.com SSLRenewals.com]
  and you can google it for more reseller list.

• How do I install a CSR & SSL Certificate in Adobe Muse while hosting the website with GoDaddy, not Business Catalyst?

  I have designed a website and I want to host it with GoDaddy. I also want to install a SSL Certificate so I can get the HTTPS://mydomain.com instead of the HTTPS://mydomain.worldsecuresystems.com that I get with BC. Is there a way to install the SSL Certificate in Adobe Muse so that I can do this?

  This is something you'd have to do on Go Daddy, its not something that would be done in Muse.
  Go Daddy's page on their SSL service is: SSL Certificates | Secure Your Data & Transactions - GoDaddy

• How do I install a new SSL certificate?

  I am running Weblogic 6.1 on Windows 2000. I recieved a renewal notice from Verisign
  and purchased new certificates. I would like to put them in place but am a bit
  lost. I am new to Weblogic and am used to installing certificates in IIS. There
  seems to be no "install" feature under Weblogic.
  Do I just change the name of the path to point to the new certificate?
  Will I need to stop and restart the Weblogic services? Does this have the potential
  to take down the website?
  Any help would be greatly appreciated.
  Thanks in advance.
  ~Sheri

  This is something you'd have to do on Go Daddy, its not something that would be done in Muse.
  Go Daddy's page on their SSL service is: SSL Certificates | Secure Your Data & Transactions - GoDaddy

• "Automatic Maintenance Certificate" is not updating satellite systems

  Hi,
  I want to activate Automatic Maintenance Certificate via solution manager to my satellite systems
  Solution Manager is 7.01 at SPS23
  Satellite systems are all on Netweaver 7.01 SPS06
  Right now, Solution Manager receives automatically the maintenance certificate.
  Unfortunately, my satellite systems do not receive it.
  on my satellite system (PRD - ECC 6.04), in SDCCN, I see that job "Maintenance Package" shows these messages:
  Maintenance Package completed
  Updating license data completed from destination  [Maintenance Package]
  No active master Solution Manager destination maintained. [Maintenance Package]
  Updating license data not possible [Maintenance Package]
  note that I reviewed completely SAP note 1280664 to no avail.

  Hi Daniel,
  This is exactly the solution.
  I finally also found another solution from http://forums.sdn.sap.com/post!reply.jspa?messageID=9122507#9122507
  In managed system, goto SDCCN, browse through the menu options to reach task specific settings and then edit the RFC destination settings.
  In RFC settings you get to see RFC of SM system.
  Make the SM destination as master destination. Tick the Master checkox.
  Thanks for your help.

• SSL Certificate for Software LifeCycle Management

  Dear Friends,
  We have Solution Manger 70 with EhancementPack 1 (Java 7.01 SP4). Trying to configure the Software LifeCycle Management and I am stuck at the first stage i.e. generating SSL SSL Certificate.
  Here is what I have done and please let me know on how to proceed...
  - Installed SAP Cryptographic libraries, all the necessary Profile parameters and activated HTTPS...
  - STRUSTSSO2 --> Created SSL Server PSE
  - Generated the Certificate Requests for the SSL Server PSE
  - Copied the Certificate Request.
  - Opened the https://service.sap.com/tcs site
  - Requested for SSL Test Server Certificate by pasting the Copied the Certificate Request and generated the certificate response in a "PKCS # 7 Certificate Chain" format.
  - Copied the Generated Imported Certficate from SAP Trust center Site, and Imported the Certificate response for SSL Server using STRUSTSSO2.
  What else I am missing here?????????
  How to generate the Import Certifcate in a crt file format for SSL client (Anonymous or Standard) PSE's?????????
  Kindly help me with these issue ASAP.
  Thank you,
  Nikee

  Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
  a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
  b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

• SSL certificate expiration CCMS Monitoring

  Hi All,
  We are using ECC 6.0 server, HP-Unix and Oracle 10.2.0.5 database.
  CCMS monitoring is setup in our environment for alerts Monitoring. We use SSL certificates for SSO logins.
  As we know SSL certificates get expire in approx one year and when 2-3 days left in certificate expiration system start showing message to all uses for this cetificate expiration.
  Now we are planning to include SSL certificate expiration in CCMS monitoring so that whenever before 10-15 days we get a message for certificate expire and we implmenet the certificate without any User intervention.
  Now we search a lot but I do not find any option available in RZ20 and RZ21 to include this alert in CCMS.
  Please let me do we have any way by which we can get an message of certification before user get this message.
  Shivam

  Hi Murali,
  Thanks for the reply.
  I checked links and they are meeting my requirement but one thing I could not find is SSL information in RZ20.
  I checked RZ20 tcode and I do not find where SSL information is available to assign auto reaction method to it to start getting Alert.
  Can you please help me where I can find SSL certification path in RZ20.
  Shivam

• SSL Certificate Expired Indesign CS6

  So I open Indesign this morning and find that the SSL Certificate has expired. So my question is, since Adobe has come out with CC, is this going to be the trend at Adobe? Is this going to be Adobe's way of telling me to go CC? Because I am certainly not impressed that I have to go in and change settings so I do not get the message posted below every time I open Indesign, which is a legitimate paid for copy. I am planning on going to CC, but when I am ready. As you can tell I am not pleased to be posting this.

  Fyredept wrote:
  So I open Indesign this morning and find that the SSL Certificate has expired. So my question is, since Adobe has come out with CC, is this going to be the trend at Adobe? Is this going to be Adobe's way of telling me to go CC? Because I am certainly not impressed that I have to go in and change settings so I do not get the message posted below every time I open Indesign, which is a legitimate paid for copy. I am planning on going to CC, but when I am ready. As you can tell I am not pleased to be posting this.
  I may be totally wrong here, but this might be originating in the security settings of your browser or other Internet connection settings. SSL is a more-secure way for stuff to travel the 'Net, and some browsers or other Internet tools that manage your accounts and connections, have a setting to make SSL the connection type every time to open a Web site or page. There should be somewhere in yor browser or elsewhere in your Internet account connections manager, that specifies using SSL always. There may be a way to reset the certificate, or to request that it be renewed. Perhaps check with your ISP (Internet Service Provider) tech support. Possibly the SSL issue is managed at their level. Also, if you're in a corporate environment, check with your IT support folks.
  HTH
  Regards,
  Peter
  Peter Gold
  KnowHow ProServices

• SSL Certificate expired

  Hello
  I've updated our internal application SSL certificates on our core WAEs group, for some reason it didn't push the updated ones down to the branch WAEs. The users are getting the expired cert error. The work around for now was to disable the SSL cert. Is there a procedure on how to update the SSL certs on your core WAEs? How can I check the branch WAE where the expired cert if being stored, it's not showing up when you issue a show
  crypto certificates. I went and updated the existing ones with the new ones and the date had changed correctly.
  WAEs - 4.2.1
  CM - 4.4.1

  Hi John,
  I believe Ahmad is talking about this link, here is the corrected one:
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v431/configuration/guide/policy.html#wp1138543
  As per the document, the certificates should be propogated to WAE and replace the expired one. Why it did not happen in your case, I believe requires some investigation. It may be that the CM-WAE connectivity is/was broken or may be the WAE is managed by CM but is configured in such a way that CM can not update config on WAE. This could happen if you are using Device Groups and if WAE is not part of that group.
  Hope this helps.
  Regards.
  PS: If this answers your question, please mark this as Answered.