Upload certificates for SSL in Box-to-Box redundancy

Similar Messages

• Microsoft certificate for SSL

  Hi All,
  I am trying to use the certificate generated from Microsoft Windows for SSL between
  IIS and WLS. When I generated the certificate, I also export the private key.
  Then I use this certificate and private key to create an identity keystore using
  ImportPrivateKey, but failed - can not import. DOes anyone know:
  (1) the certificate generated from Microsoft windows 2000 can be used in WLS for
  SSL?
  (2) If can, how to make this working?
  Thanks a lot for any helps.
  Weili

  There should be no problem importing the Microsoft key and certificate as long
  as they are in expected format and the password is correct. ImportPrivateKey can
  import certificate and key in der or pem files with the key in pkcs8 format.
  Pavel.
  "Weili Zhong" <[email protected]> wrote:
  >
  Hi All,
  I am trying to use the certificate generated from Microsoft Windows for
  SSL between
  IIS and WLS. When I generated the certificate, I also export the private
  key.
  Then I use this certificate and private key to create an identity keystore
  using
  ImportPrivateKey, but failed - can not import. DOes anyone know:
  (1) the certificate generated from Microsoft windows 2000 can be used
  in WLS for
  SSL?
  (2) If can, how to make this working?
  Thanks a lot for any helps.
  Weili

• Installing certificates for ssl mailservers

  Hello all,
  I tried to install the ssl certificates for all my mailservers as directed in mail help.
  It says something like that. If you receive a warning for an unknown certificate choose "show certificate" and draw the certificate icon onto your desktop. Doubble click on it to put it to your keychain.
  Meanwhile I put the certificates of all mailservers I use into my personal and the system keychain and I still receive the warning for all mailservers that they use an unknown certificate.
  What shall I do now?

  I found out that the names of the servers were not 100% identical.
  I used pop.provider.com instead of pop3.provider.com, as mail was able to connect do pop.provider.com I didn't realize that this could be a problem.

• Installing Verisign Certificate for SSL - please help

  I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generator servlet to
  generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
  like it's in .pem format). Now, I've gone to the admin console and entered what
  I thought were the right values in the right places, but WLServer doesn't seem
  to like what I've entered and/or the files themselves. Here's what I have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
  from the actual domain name) - This is the file generated automatically by the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
  this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
  cert into this file - documentation real fuzzy on this step so it's probably wrong).
  SSL is enabled, listening on the default port of 7001, client certificate not
  enforced.
  Now, when I boot the server, I get the following error in the log file: ####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
  <system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the location I specified,
  so does that error mean it can't find it or that the file itself is corrupt?
  That's just the file that was autogenerated by the servlet, i don't see how it
  could be corrupt! Also, I assume that's just the first error ... if I fix that
  one, there likely will be more. I especially don't understand the part about
  the chain file as the documentation is so unclear to me about putting multiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

  Hi Josh,
  Jus to reconfirm are you sure that the Server key and Server Cert are not
  interchanged ?
  The error message indicates that private key is being read as a certificate.
  Maybe its not a explicit error message and instead should be
  Security configuration problem with private key file
  config/mydomain/my_domain_com-key.der
  Are you able to run with the democerts provided with weblogic ?
  yeshwant
  <system> <> <000296> <Security configuration problem with certificate
  file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
  Hey Yeshwant,
  Thanks for the tip. I did not use a password when creating the CSR request and
  the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
  Thanks,
  Josh
  Yeshwant <[email protected]> wrote:
  Hi Josh
  when you generated the csr using the certificate webapp , did you use
  a password ie are you using a password
  envrypted private key ?
  if yes you will have to provide that value in the start sript using the
  system property
  weblogic.management.pkpassword=actualpassword and also make sure that
  the Use Encrypted box is checked.
  If not make sure that the Use Encrypted box in the console under the
  ssl tab is unchecked.
  Yeshwant
  Josh Daynard wrote:
  I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generatorservlet to
  generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
  like it's in .pem format). Now, I've gone to the admin console andentered what
  I thought were the right values in the right places, but WLServer doesn'tseem
  to like what I've entered and/or the files themselves. Here's whatI have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
  from the actual domain name) - This is the file generated automaticallyby the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
  this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
  cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
  SSL is enabled, listening on the default port of 7001, client certificatenot
  enforced.
  Now, when I boot the server, I get the following error in the log file:####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
  <system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the locationI specified,
  so does that error mean it can't find it or that the file itself iscorrupt?
  That's just the file that was autogenerated by the servlet, i don'tsee how it
  could be corrupt! Also, I assume that's just the first error ... ifI fix that
  one, there likely will be more. I especially don't understand thepart about
  the chain file as the documentation is so unclear to me about puttingmultiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

• Certificate for SSL

  Another question after watching videos and reading books about setting up a mail server...
  It seems like I really want to use SSL encryption for sending mail back and forth to the server, will I be able to use the Default certificate that appears in Server Admin? Or do I need to purchase something from somewhere?
  Thanks.

  Either will work, but a self signed certificate (like the default one), will not be seen as trusted. If it is only you using your mail server, then there is nothing to worry about. Encryption will still take place, you just need to accept the certificate as trusted.

• Details required for ssl certificate

  Hi
  u r going to be implement ssl on WEBAS. For this is it requires client certificates for ssl  for the webbrowser .So if is it requires to renew.
  regards...

  Hi All,
  got an answer from SAP Support and ICM restart isn't requrired anymore since >= NetWeaver 710.
  Please see SAP Note 510007 - Setting up SSL on Web Application Server ABAP under:
  When, as of NetWeaver 710, you save or overwrite an SSL PSE, STRUST signals the PSE change to the icman, whereby the PSEs used for SSL are reloaded at runtime.  Existing communication connections are not impaired as a result. However, all SSL session caches are emptied in icman so that all new SSL connections go through a complete SSL Handshake. On servers with a very large number of simultaneous connections, this could lead to an increase in the CPU load and increased response times.
  You are able to see respective information's as well at ICM trace.
  Regards,
  Jochen

• Using HttpSupport library for SSL with User Id/Password

  Does anybody know how to use UDS HttpSupport library for SSL connection which requires user id and password?
  Got no problem so far in getting pages using https and HttpBaseRequest but can't figure out how to setup user id and password for logging in to server. Have tried https://userid:password@server/... but UDS treated password@server as the port!
  Any help is appreciated.

  I assume you mean that you need to provide the password needed for a certificate for SSL authentication.
  For both client and server, these are configuration items.
  If you want to do HTTP authorization, which is not related to SSL, you should use the Authorization and WWW-Authenticate (in a 401 response) to get a user name and password to the server.

• When I first am looking at my newly uploaded photos in "Library", a box appears near the bottom of the photo that says "loading" (the photo looks good to me), then it is more "faded" and does not look as good.  Is there some setting on that I am not aware

  When I am first looking at my newly uploaded photos in "Library," a box appears near the bottom of the photo that says "Loading".  While it is loading, I usually think the photo looks "good".  After the photo is done loading, it looks more washed out.  Is there some sort of setting that I might have on (or that I need to turn on) so that this does not happen.  I have Lr4.  Thanks.

  Hi Tracy,
  There used to be a way to see if poster was new to the forum.., anyway - welcome to the forum.
  As I was alluding to, biggest differences in initial display are due to:
  * Camera calibration profile.
  * Auto-exposure/contrast settings (for which compensations have been auto-applied in camera, but not in Lightroom).
  So, choose a matching camera calibration profile (whether that's an option or not depends on your camera model - they're available for many but not all models) if you prefer one of them over "Adobe Standard" (the factory default profile).
  Also, your camera covers for underexposure due to non-optimal auto-exposure/contrast setting, Lightroom doesn't, so your options are:
  * turn it off in camera.
  * learn to compensate manually (or automatically via a plugin) in Lightroom.
  Of course, in addition to preferred defaults (alt-click big "reset" button in dev module), come up with some presets which are appropriate for your druthers and type of photography.. e.g. these will compensate Nikon ADL settings:
  http://www.robcole.com/LrForumSupport/ADL%20Compensations%20%282012%29.zip
  Cheers,
  Rob

• SSL Certificates for running J2ME applications.

  We have developed a J2ME application for browing/uploading/downloading files from mobile device but we need SSL certificates to make our application work on mobile phones.
  If anyone has knowledge of purchasing certificates for different handsets then please let us know as that would help us to launch our application on all handsets supporting JSR.

  Hi JonRunheim,
  Firstly, are the certificates purchased from an external Certificate Authority (CA) or internal?
  On your Remote Desktop Session Hosts, can you bring up MMC, add the Certificates snap-in (for computer account, and then local computer)
  Under Certificates\Personal\Certificates - check that the certificate you are using shows the small key symbol on top of the certificate icon (this indicates the private key). If you open the certificate, and select 'Certification Path' does it show three
  levels of certificates, with all three certificates showing as 'This certificate is ok' under status?
  If you repeat this process on one of your Windows 7 clients, (or from a server, and select 'Another computer' when adding the certificate snap-in) if you expand 'Trusted Root Certification Authorities\Certificates' and 'Intermediate Certification Authorities\Certficates'
  are the certificates on the server matching those in your client?
  If the CA is external, and they aren't present, you can manually update the list.
  Download:
  http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  Right click on the authroot.stl and select ‘Install CTL’
  Select the default ‘Automatically select the certificate store based on the type of certificate’ and click next, then click finish. This should manually update your trusted certificate
  authorities.
  If your CA is internal, and they aren't present on the client, you need
  to manually import your CA.
  Hope this helps.
  http://chrisocallaghan.blogspot.com/

• How to set initial value for a dropdown box?

  Hi,
  Within Netweaver 2004S (BI 7.0) we use integrated planning. In one of our applications we want to use a dropdown box (created with the WAD) to make a selection possible for a characteristic.
  We set up a pre-query to fill the dropdown box (via data binding CHARACTERISTIC_SELECTION) with the proper values. This works fine.
  We pass on the choosen entry (via command SET_VARIABLES_STATE) to a second variable that is used in another query. This command is triggered after the user makes a selection in the dropdown box. Also this works fine. After selection of one entry, the output of the second query is limited.
  We have the following problem: the first time a blank selection entry is added to the dropdownbox and that no values are passed on to the second query. Because it seems that the user first must choose an entry.
  What we would like to do is that one of the found values of the pre-query is automatically selected in the dropdown box and passed on to the second variable (to limit the second query).
  I give you an example:
  The first query delivers value A, B, and C for the characteristic of the dropdown box.
  The first time the dropdown box showns an empty entry, and three additional entries A, B and C. The second query shows all results, because the second variable doesn't receive any value via the command SET_VARIABLES_STATE. The command is not yet triggered.
  When you select A, B or C, the command is triggered and the second query shows only results for the choosen entry (this is correct). Now the empty entry has disappeared from the dropdown box. Only the entries A, B and C are left.
  Is it possible to set up the dropdown box on such a way (or add some script coding around it) that in the initial show for the dropdown box one of the entries is choosen automatically, so that the empty line is not part of the value set of the dropdown box and that the command connected to the dropdown box (in our case the SET_VARIABLES_STATE) is carried out automatically?
  Please, who can help us with this?
  Kind regards and thanks in advance,
  Marcel.

  Hi,
  In BW 3.5,say you want to set default for calmonth.
  In order to avoid the “ALL” option from appearing in the dropdown box,
  filter infobject 0CALMONTH for DP1 by any valid value.
  In the object Data_provider include the lines in Bold:
  <object>
  <param name="OWNER" value="SAP_BW"/>
  <param name="CMD" value="SET_DATA_PROVIDER"/>
  <param name="NAME" value="DP1"/>
  <param name="QUERY" value="WORKSHOP_CALMONTH_DROPDOWN"/>
  <param name="INFOCUBE" value="0D_SD_C03"/>
  <<b>param name="FILTER_IOBJNM" value="0CALMONTH"/>
  <param name="FILTER_VALUE" value="200401"/></b>
  DATA_PROVIDER: DP1
  </object>
  Hope this helps.
  Anu.

• Can you no longer have a background color for the text box in the new version of hp photo creations

  just updated to the new version of HP Photo Creations, used to be able to have a colored background for the text box - is that no longer possible in this new (not better) version????!!!!! Uuuuuuuuuugh

  Hi Lainey.
  Thanks for asking. We're working on bringing back that feature. In the meantime, here's another way to add text backgrounds: Add a placeable graphic and then click the Arrange button to send it to the back, behind the text.
  That approach also gives you more interesting shapes. The new alignment guides make it a snap to align a graphic with a text box. In the example below (it may take a day for the image to show up here), I also used the new Premium Editing Features to change the color of the graphic.
  P.S. — Applying a thick border to an empty text box (also using the Premium Editing Features) is another way to create a background shape. That has the advantage of letting you pick any color for the box. You'll also find several new text styles at the bottom of the new text menu.
  Let us know if we can help further,
  RocketLife 
  RocketLife, developer of HP Photo Creations
  » Visit the HP Photo Creations Facebook page — news, tips, and inspiration
  » See the HP Photo Creations video tours — cool tips in under 2 minutes
  » Contact Customer Support — get answers from the experts

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

  Hi,
  I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
  Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
  Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
  Please suggest how to pass both the certs from client Application..

  Hi,
  This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
  And for more information, you could refer to:
  http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
  Regards

• How to set minimum size for the 'location' box in toolbars?

  I reorganized my toolbars by merging the location and tabs bar. I have the location on the left hand side and the tabs *next* to it, like this:
  [ (<)(>) [LOCATION] /tab\/tab\/tab\ ]
  Unfortunately when the number of tabs increases, the location box becomes so small that I cannot even see the url of the site I'm in...
  Is there a way to force a minimum width for the location box? I couldn't find a setting in about:config for it (I imagine that this would be a browser.urlbar setting)

  You rock! The combination of fixed width tabs with the stylish Add-on, and the single line of script below just made my day!
  #main-window[sizemode="maximized"] #TabsToolbar, #TabsToolbar > #urlbar-container { min-width: 350px; }
  Many thanks!

• Is there a way to change the CSR for install SSL Certificate for CCMADMIN

  HI there,
  Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
  For that, I have exported a csr to buy a ssl certificate from verisign.
  The problem is the csr includes fqdn an not just the servername
  But the users just have to type in the servername to reach the server.
  Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
  thanks
  Marco

  Hi
  You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
  Command Syntax
  set web-security orgunit orgname locality state country alternate-host-name
  Parameters
  • orgunit represents the organizational unit.
  • orgname represents the organizational name.
  • locality represents the organization location.
  • state represents the organization state.
  • country represents the organization country.
  • alternate-host-name (optional) specifies an alternate name for the host when you generate a
  web-server (Tomcat) certificate.
  Note When you set an alternate-host-name parameter with the set web-security command,
  self-signed certificates for tomcat will contain the Subject Alternate Name extension with
  the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
  contain Subject Alternate Name Extension with the alternate host name included in the CSR.
  Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
  Regards
  Aaron
  Please rate helpful posts...