Untrusted Root Certificate when using zac reg

Similar Messages

• Untrusted root certificates?

  So I was browsing my computer today (checking out another problem I'm not so concerned about) and I noticed something. In my Keychain, under "System", I have 2 certificates listed as "This root certificate is not trusted". Both have names starting with com.apple, so I'm less worried, but I'm wondering if other people have these on their systems and if they're normal. I don't know what these things do, so I haven't touched them, and I'm not going to post the full names in case it publishes a possible vulnerability in my computer.

  Are you sure you have Passwords selected on the left?
  Also... this is from the Safari Help Viewer for Root Certificates
  When you go to a secure webpage—for instance, to do online banking—Safari checks the site’s certificate and compares it with certificates that are known to be legitimate. If Safari doesn’t recognize the website’s certificate, or if the site doesn’t have one, Safari will let you know.
  For more detailed information on how Safari works with certificates, see this topic:
  Certificates and secure websites
  How to respond to a certificate warning:
  Click Show Certificate, and inspect the certificate for suspicious information.
  Look for a message that says, “This certificate was signed by an untrusted issuer.” If you see this message, click Cancel, and do not go to the website.
  Click the triangle next to the word “Details.” Check to make sure that the name and organization sections match those of the person or organization that owns the website. If anything looks unusual or is not what you expect, click Cancel, and do not go to the website.
  If you continue to the website, double-check the address in Safari’s toolbar to confirm that it is the correct address for the page you want to visit. The address should begin with “https://,” and the name of the website should be spelled correctly. Sometimes fraudulent websites masquerade as trusted websites by changing one or two letters of the trusted website’s address.
  Contact the administrator of the website, explaining the problem and requesting more information.
  If you continue, the certificate will be stored on your computer, and this warning won’t be displayed again for this website until you quit and restart Safari. If you like, you can remove the certificate later using Keychain Access. For instructions, open Keychain Access and choose Help > Keychain Access Help.
  Carolyn

• How to identify which root certificate is used?

  How to identify which root certificate(on terminal) is used when a terminal is connecting to a https website?
  SecurityInfo.getServerCertificate() only returns the certificate send from the https server.
  But how could know the which local root certificate is used to verify the certificate send from the https server?
  Is there a method or class in MIDP 2.1?
  Thanks

  UP�Cthis question is urgent. Hope anyone can answer me!

• Untrusted connection Error when using google search field in top line. Ok with other search engines

  When opening www.google.dk and searching from the page, everything is ok
  When using Google search engine in the address line search bar the error is present
  When changing to Yahoo, bing or another search engine in the search bar, the error is not present
  So, the error
  "www.google.com uses an invalid security certificate.
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)"
  is only present when using google search engine in the search bar
  Have tried to delete the files cert8.db and key3.db with no success
  Read about firewall settings, but Bullguard firewall was not covered

  In your "More system details" it says your address bar search provider is Babylon, not Google. Perhaps that's the problem? Or are you using a shortcut to force the address bar search to Google?
  This add-on will reset your address bar search to Google: https://addons.mozilla.org/firefox/addon/searchreset/
  That might not stick if you have an add-on which reverts the setting. You can disable nonessential and unrecognized extensions here:
  orange Firefox button (or Tools menu) > Add-ons > Extensions category
  Also, you might need to edit or delete your user.js file to prevent your settings from being overridden at the next startup. This article has info on that: [[How to fix preferences that won't save]].
  Any luck?

• Need help with Digital Certificates when used with Adobe Acrobat

  Hi,
  I need some urgent help for one of my project. Any help or
  guidence would be very much appreciated...
  I am using Digital Certificates with Adobe Reader 6.0 and
  above and currently if I want to install the process it requires
  around 2 steps. Below are the steps.
  Once the install now button is clicked.
  Step 1. Click on set contract set.
  Step2. Click on first un check box, Adobe 7.0 or Adobe 6.0
  Step3. Click OK,
  Now the Question or issue is, I want to make the above
  mentioned steps 1 to step2 automated, once a user downloads this
  Digital certificate over the Web. Else if I can pre-select the 2
  steps for the ease of the user.
  Any help to get this automated would be much
  appreciated......Do let me know if anybody has any further
  questions...
  Pls help...and thanks for helping in advance..much
  appreciated...
  Cheers
  Ashish

  Hi Ashish,
  Since the title of your post refers to Adobe Acrobat, and the
  mention of RoboHelp is conspicuously absent, I suspect you are in
  the wrong forum. You probably need the Acrobat forum instead.
  Regards,
  Anne

• Removing / updating root certificates?

  I know from the documentation I've reviewed that the root certificate store isn't easily viewed in webOS. There is a knowledge base article that lists certs that come pre-installed (at least in 2.x), but that's the closest I've come to being able to see them.
  I have a need to remove one of the root certificates that came pre-installed, and I can't seem to find a way to do it. If I have to, I am open to writing an application toward this end, but I'm finding it difficult to believe that there isn't some easier way, or some HP internal tool that might do this.
  Do any of you have any suggestions? I really don't want to trust a particular CA for one minute longer than I have to.
  Alternatively, can anyone at HP tell me if you are planning to release a CRL for any of the compromised Diginotar CA certs, and if so, how quickly?
  I'm most concerned about this on the Touchpad and original Pre.
  Thanks.
  Post relates to: Pre p100eww (Sprint)

  I'm curious about the intent to do a wholesale update of the root certificates in a server operating system. I would think you should consider yourself lucky, because there are practical limits to the size of the Trusted Root Certificate Store (64kb of certificates,
  which is 175-200 of them, depending on their data size).
  A more surgical approach is to only install a new root certificate when it is needed for a specific purpose. Otherwise, certificates that are expired can generally just be deleted.
  However, for an alternative approach to this process, I would suggest installation of KB931125 to a **WORKSTATION** operating system (a reference VM not actually used by anybody would be even better), and then EXPORT those certificates that you actually
  need from that reference system and import them to where they are needed.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Updating Root Certificates

  I have been unable to fully update the root certificates on my Windows 2008 Server machine. I have tried doing a manual install using https://www.verisign.com/support/roots.html and there are still certificates that are not updated, but used to be trusted
  before certification expiration. Is there a way to update these roots automatically by Windows without messing with Group Policy settings? Or a way to update individual roots via Windows?
  Thanks.

  I'm curious about the intent to do a wholesale update of the root certificates in a server operating system. I would think you should consider yourself lucky, because there are practical limits to the size of the Trusted Root Certificate Store (64kb of certificates,
  which is 175-200 of them, depending on their data size).
  A more surgical approach is to only install a new root certificate when it is needed for a specific purpose. Otherwise, certificates that are expired can generally just be deleted.
  However, for an alternative approach to this process, I would suggest installation of KB931125 to a **WORKSTATION** operating system (a reference VM not actually used by anybody would be even better), and then EXPORT those certificates that you actually
  need from that reference system and import them to where they are needed.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• When loading my online banking it says untrusted connection but when I try to add exception it says the site has a valid certificate and exception is not required, but still wont connect

  When trying to connect to online banking this is what I get.
  This Connection is Untrusted
  You have asked Firefox to connect
  securely to www.txn.banking.pcfinancial.ca, but we can't confirm that your connection is secure.
  Normally, when you try to connect securely,
  sites will present trusted identification to prove that you are
  going to the right place. However, this site's identity can't be verified.
  What Should I Do?
  If you usually connect to
  this site without problems, this error could mean that someone is
  trying to impersonate the site, and you shouldn't continue.
  Technical Details
  I Understand the Risks
  When I click on I understand the risks and try to add an exception I get this:
  This site provides valid, verified identification. There is no need to add an exception.
  yet I can't get passed this and connect to the site!

  What are the Technical details showing as the cause?
  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  *https://support.mozilla.org/kb/Secure+Connection+Failed
  Try to rename the file cert8.db to cert8.db.old in the Firefox Profile Folder to remove all intermediate certificates that Firefox has stored by visiting secure websites.<br />
  If that helped to solve the problem then you can remove the renamed file cert8.db.old unless you have user certificates that you may want to export first and import them in the new file.<br />
  Otherwise you can restore the certificates by renaming (copying) the file back to cert8.db<br />
  Firefox will automatically store new intermediate certificates when you visit websites that send them.<br />
  You can use this button to go to the Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Open Containing Folder

• Go Daddy UCC Certificate: "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update"

  Hello,
  I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
  by Microsoft Remote Connectivity Analyzer:
  "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
  Note: even if I got the error, Outlook Anywhere and
  ActiveSync services work fine.
  Environment:
  - Exchange 2007 with SP3
  - Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
  I already read and followed instructions on this TechNet post
  Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
  So after an investigation I understand the issue above is related to SSL certificate
  Certification Path (see screenshots below).
  NO ERRORS on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
  repository
  Starfield Technologies (http://www.valicert.com)
  is under Trusted Root Certification Authorities repository
  ERROR on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
  repository
  Can you add some useful information ?
  I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
  Regards,
  Luca Fabbri
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

  Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
  goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
  You can get rid of it
  https://certs.godaddy.com/anonymous/repository.seam
  Download the cert
  ◦gd_cross_intermediate.crt
  Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
  Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
  James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

• Firefox throws "This Connection is Untrusted" when using hostname, but not when using IP address

  I am remotely accessing a website which has iFrame in it. The website uses https, but iFrame tag has "src" pointing to a site using http only. However, when I remotely go to the site, iFrame shows the message below although the ''src" url is http only (there is no SSL certificate) when I use IP address (https://10.10.101.156:8006/apprecovery/admin/Core/Storage) in address bar instead of hostname (https://hostname:8006/apprecovery/admin):
  ===
  This Connection is Untrusted
  You have asked Firefox to connect
  securely to d37t50w1, but we can't confirm that your connection is secure.
  Normally, when you try to connect securely,
  sites will present trusted identification to prove that you are
  going to the right place. However, this site's identity can't be verified.
  What Should I Do?
  If you usually connect to
  this site without problems, this error could mean that someone is
  trying to impersonate the site, and you shouldn't continue.
  d37t50w1 uses an invalid security certificate.
  The certificate is not trusted because it is self-signed.
  (Error code: sec_error_ca_cert_invalid)
  ===
  Why is it giving this when using hostname but not when IP address is using?

  Corrected first para above:
  I am remotely accessing a website which has iFrame in it. The website uses https, but iFrame tag has "src" pointing to a site using http only. However, when I remotely go to the site, iFrame shows the message below although the "src" url is http only (there is no SSL certificate) when I use hostname address (https://<hostname>:8006/apprecovery/admin) in address bar. But I dont see the message in iFrame when I instead use IP Address (https://<IP Address>:8006/apprecovery/admin) to go to main website.

• Machine freezez/lock ups when using password protected certificates in IE 11 Windows 8.1 Pro

  When using certificates that have a password enabled and private keys we find the machine hangs up competly with the memory usage jumping to 99%. The main process being the Local Secuirty Authority Process that causes the machine to lock up. The work
  around we have is to remove this certificate and import a new certificate making sure we un-tick the check box for private key password.
  Not sure if this
  KB2813237 is linked, but this hotfix is available for Windows 8.1 Pro OS.

  Hi  Simon,
  You can try that suggestion and check whether it is solved and give your result, if there is any other issue, you can post it back.
  Regards
  Wade Liu
  TechNet Community Support

• Error when using sapgenpse import_own_cert to import a signed certificate

  We have installed a WebDispatcher and want to use SSL and executed the following steps:
  1. Generate Self-Signed Certificate and CSR by:
  sapgenpse get_pse -p SAPSSLS.pse -r SAPSSL.req "CN=emsd3c.cs-apps.carestreamhealth.com, OU=IT, O=Carestream Health, C=US"
  2. User service.sap.com/trust SSL Test Server Certifcated service to signed the CSR which looks like
  BEGIN CERTIFICATE-----
  MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEUNhcmVzdHJlYW0g
  SGVhbHRoMQswCQYDVQQLEwJJVDEsMCoGA1UEAxMjZW1zZDNjLmNzLWFwcHMuY2Fy
  ZXN0cmVhbWhlYWx0aC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP+w
  TmRWeRlt1tg5GnjMloRhezO6lRJ1mhgNcWGQTECtAXDVypnznTFhimj3OG1zgW
  gItJ1u4GjvQuYR2w2T92UrV3mnORrlHfpYOBCngRwQWfSaG7Ih5g3NeQ4bAq60Ap
  0BwVg9hTpjZfTXfqYQHyzYPk6Pv9c+l0m3Va/DMfAgMBAAGgADANBgkqhkiG9w0B
  AQUFAAOBgQBw6ipAyPUor96WGIOu93v7jjxE0uLuCMkfjaHnuqpYaOWM7z6XQn
  2jWMwEKG4vsvU1X5azUuqA1yidH5+GXTD0VCbXUqLWZEP6S2FMJXixv/e3QELYrT
  qBee2JDYPAdoMkKX/cwshFwXXo41R/gjEwn6aBDg9jkA70xFZEOjTQ==
  BEGIN CERTIFICATE-----
  The certificated signed by SAP looks like and I have created a file called d3c_test.cer to contain it:
  BEGIN CERTIFICATE-----
  MIIC5zCCAlCgAwIBAgIDANTZMA0GCSqGSIb3DQEBBQUAMFAxCzAJBgNVBAYTAkRF
  MRwwGgYDVQQKExNTQVAgVHJ1c3QgQ29tbXVuaXR5MQ8wDQYDVQQLEwZTZXJ2ZXIx
  EjAQBgNVBAMTCVNlcnZlciBDQTAeFw0wOTA3MjkxNzM4NDVaFw0wOTA5MjcxNzM4
  NDVaMIGAMQswCQYDVQQGEwJERTEcMBoGA1UEChMTU0FQIFRydXN0IENvbW11bml0
  eTEYMBYGA1UECxMPQ2FyZXN0cmVhbUhlYXRoMQswCQYDVQQLEwJJVDEsMCoGA1UE
  AxMjZW1zZDNjLmNzLWFwcHMuY2FyZXN0cmVhbWhlYWx0aC5jb20wgZ8wDQYJKoZI
  hvcNAQEBBQADgY0AMIGJAoGBAPjouDXa5nj8UQN77E53KCn1Xv2mI4uQMwz2cv
  2YLL0086PfLzv+GZgMNsykmFzCAw2Nq2PthvhRhIUSZmCWgF36vN3GnwYPhc3flw
  bvYGkeyFvJ3i3I0xiZTwVdvNDnd/GmLH6VCqCEbIwPXEJJamWop6SumaHl7h5KgV
  aaqPAgMBAAGjgZ0wgZowDAYDVR0TAQH/BAIwADAlBgNVHRIEHjAchhpodHRwOi8v
  c2VydmljZS5zYXAuY29tL1RDUzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8B
  Af8EBAMCBPAwHQYDVR0OBBYEFHBRAASwukLlThOY+NbGKycJGjjIMB8GA1UdIwQY
  MBaAFIHbg/NK+zUYCLkBvbcdW51zNVtJMA0GCSqGSIb3DQEBBQUAA4GBAIxe9gRz
  7UdawNwiIyKo2jvg6P0VnvPRMiyfMJdtbaTarinJmgP2yghMGKx84twvEds9GV42
  xUXbX/AHdgI3ef8N/WXvs15Hi4GnMdb/d7zhz3DAcjajbr7xmFycFFqRSwJ68Kb0
  JF2cZLtwh9G0dJZMbT5ihJ61mCVMXvIbH27s
  END CERTIFICATE-----
  3. Execute the following commend to import SAP's response (d3c_test.cer)
  sapgenpse import_own_cert -c d3c-test.cer -p SAPSSLS.pse
  Receive the following error:
  sapgenpse import_own_cert -c d3c-test.cer -p SAPSSLS.pse
  Please enter PIN: ****
  import_own_cert: Installation of certificate failed
  ERROR in ssf_install_CA_response: (1280/0x0500) Incomplete FCPath, need certificate of CA : "CN=Server CA, OU=Server, O=SAP Trust Community, C=DE"
  ERROR in ssf_install_certs_into_pse: (1280/0x0500) Incomplete FCPath, need certificate of CA : "CN=Server CA, OU=Server, O=SAP Trust Community, C=DE"
  Any help will be appreciated.
  Thanks
  Rivers

  Hi Sri Garimella,
  As you have mentioned above to donwload root certificate also & giv the command as
  sapgenpse -import_own_cert -c d3c-test.cer -p SAPSSLS.pse -r <RootCA_cert_file>.
  Could you please help me from where can i get the RootCA_cert_file ?
  In service market place I am unable to find RootCA_cert_file.
  Could you please elloborate the issue ?
  Regards
  Hari

• Do I have to use certificates when writing an HTTPS server

  I'm writing a client app and a server app. The client will connect to the server via HTTPS. A browser will never connect to this HTTPS server, just the client I have written. Can I skip the step of using certificates? I've been told it isn't a requirement. I just want SSL communication, that is all.
  When I try to do this, I get a handshake error, "no cipher suites in common'' coming from the client. The client seems okay because I can get it to connect to other secure web sites.
  So, certificates...must use in this case, or no?
  Thanks!!!

  Hi,
  I think you must use certificates if you want to do SSL communication.
  When using Netscape Navigator or IE to access files on a server that only has DSA-based certificates, a runtime exception occurs indicating that there are
  no cipher suites in common .
  By default, certificates created with keytool use DSA public keys. Navigator and IE do not use DSA public keys in their enabled cipher suites.
  To interact with IE or Navigator, you should create certificates that use RSA-based keys. To do this, you need to specify the -keyalg RSA option when using keytool. For Example:
  keytool -genkey -alias duke -ketstore testkeys -keyalg rsa
  Hope this will help you.
  Regards,
  Anil.
  Technical Support Engineer.

• Exchange 2007 Certificate Expired Error when using VPN

  We recently did a server migration to a new domain (split away from part of the company - sept 2013).  I set up the exchange certs and everything worked fine, even when people used the vpn.  Recently (it probably started a few months ago) it has
  started giving cert errors again, but just for VPN users.
  This happens when someone takes their computer or has Outlook 2010 set up on their home computer.  They VPN in and when the program starts, it gives the certificate errors for exchange and for autodiscover saying "The security certificate has expired
  or is not yet valid".  I have checked to make sure that the certs are in fact up to date and are pointing to the correct certificates in IIS.  They haven't changed since I originally set them up.  
  One of the users sent me a picture of the certificate and it is the old cert (that is expired) that used to belong to the previous address when we used the other (completely different) exchange server.  The other users haven't sent me the errors they
  see, but I assume they are similar.  They are able to use exchange if they hit ok on the error box.  I couldn't find anywhere online saying that there was any kind of local caching for certs - it should always call home when connecting.  So
  why are their systems pulling up the old cert when they VPN in, but not when they are hardwired to the internal network on the same computer?
  When using the internal network without the vpn, there aren't any error messages.
  Any ideas?  I've looked around the forums, but I didn't see anything that has helped.  I'm using godaddy for my certs currently.

  Hi,
  Since the Outlook clients work well without VPN, I suggest re-build the VPN (if you don't mind) to verify whether it is a caches issue.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• I'm on a website that states it requires a client certificate to validate identity.  When I select a certificate to use to connect to the website, it goes back to the list of certificates.  I can't seem to get anywhere. Help!

  I am on a website that requires a client certificate to validate identity.  When I select a certificate to use, it goes back to the list of certificates. I can't seem to get anywhere. Help!

  You should be given the certificate, or cookie, by the website.  See if in Preferences (under Safari on the menu bar), Privacy, do you have certificates blocked Always?