Using existing SSL Certificate for Web Dispatcher

Similar Messages

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Use public SSL certificate for WebAccess 8 on SLES10 Linux S

  Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
  Thanks in advance.
  Wilson

  wilsonhandy wrote:
  > Currently my WebAccess 8 server is running on NetWare. I want to move
  > my WebAccess to SLES10 SP3 server and use public SSL certificate from
  > third-party on SLES 10. I think this is just to get apache to use the
  > public cert on SLES 10 Linux server and nothing to change on
  > WebAccess, right?
  Yeah, it's purely an Apache config. No need to do anything to
  WebAccess just to get SSL working.
  Novell Knowledge Partner
  Enhancement Requests: http://www.novell.com/rms

• Using an SSL certificate for Exchange 2013

  Hi,
  I am not sure if this is the correct forum to post this question in.
  Basically we are migrating from Exchange 2007 to Exchange 2013. Our 2013 machines have both roles installed and do everything. They are configured in a DAG. We have no hardware load balancing/reverse proxy or etc. inside or outside.
  We use an alias of mail.domain.com to connect to OWA/ActiveSync and etc from the Internet.. this alias would point to mail1.domain.com which is the IP of the first Exchange 2013 server.
  If that server were to break, we would point the alias of mail.domain.com to mail2.domain.com which is the IP of the second Exchange 2013 server. Clients would not need any changes before they started connecting to the remaining mail server (eventually)
  and email would continue.
  I know this is not an ideal setup, but for now it is what we have and would keep us running in the event of server failure.
  My question is, when I request a certificate, do I need two of them with mail1.domain.com and mail2.domain.com as their primary and SAN of mail.domain.com OR do I request one certificate with mail.domain.com as the primary host and SAN of mail1.domain.com
  and mail2.domain.com (and install the one certificate on both servers).
  I want to include mail1.domain.com and mail2.domain.com as this can be helpful for testing and/or during migration.
  I hope that makes some sense and appreciate any help people can offer.
  Thanks!

  You do not need server names in the certificate if you are using mail.domain.com only in all of the URL settings.  You will want autodiscover.domain.com, however.
  Consider configuring a different internal and external name for Outlook Anywhere so that Outlook knows whether it is connecting from the Internet or internally.  For internal Outlook Anywhere, use a name that you don't publish to the Internet. 
  For example, use mail.domain.com for everything except internal Outlook Anywhere, use mailinternal.domain.com.  Put mail.domain.com, mailinternal.domain.com and autodiscover.domain.com in the certificate.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Installing SSL Certificate for ITS WGate with sapgenpse

  Hello.
  We have setup Web Dispatcher and ITS WGate on the same host. Dispatcher accepts connections from 443 and ITS accepts connections from 8000.
  We have done SSL Settings for Web Dispatcher with sapgenpse successfully.
  But as WGate is running on Microsoft IIS Server, we couldn't install the same certificate response to Microsoft IIS. Is there a way to install certificate for ITS Server with sapgenpse tool or IIS Server's tool?
  Or should we demand another SSL response from CA generated from Microsoft IIS Server?
  Thanks in advance.
  Edited by: teknikdanisman on Jan 15, 2010 10:42 AM

  I have solved the problem. I have exported the SSL key with sapgenpse in format P12 and imported from IIS.

• Iplanet 6.0 creating a development SSL certificate for internal use

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

• SSL certificates and Web Services Usage inside Oracle Database Questions!

  We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
  Service1 is already working, and we can call the service from PL/SQL without troubles.
  However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
  Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
       - SSL Certificates:
  1- Can installed certificates in the Database put in risk the stability of the database?
            2- Can installed certificates in the Database generate performance issues?
            3- Can installed certificates reloading the Databases?
            2- Can installed certificates in the Database generate security issues?
       - Web services:
  1- Can web services calling from the Database put in risk the stability of the database?
  2- Can web services calling from the Database generate performance issues?
  3- Can web services calling from the Database generate security issues in the DMZ?
  Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
  Those are the links describing the procedure mentioned above.
  1 -http://www.kotti.es/2009/11/oracle-wallet/
  DB: Oracle 9i.
  Average number of lines in file: 300
  Periodicity: Twice at day.

  Thiago:
  You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
  I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
  http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
  Regards,
  Jason

• How we can get SSL certificate for any site?

  i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

  Hi,
  Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
  Based on your description, I’m a little confused with your question. Did you mean that want to know why need
  SSL certificate for website?
  Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
  and your server.
  An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
  a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
  Managing Certificates
  SSL and Certificates
  Understanding Self-Issued
  Certificates in SBS 2003 & SBS 2008
  Installing a GoDaddy Standard
  SSL Certificate on SBS 2008
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If anything I misunderstand or any update, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Changing SSL certificate for ICM

  Hello,
  I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
  Is there any possibility to change working certificate? What should I do to make such change?

  > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
  > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
  OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
  > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
  > (for internet use the certificate in on the reverse proxy in the DMZ).
  Here I've got another problem.
  I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
  As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
  In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
  If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
  Many thanks for your help,
  regards,
  Konrad

• Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)

  Hi,
  I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
  My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
  For reskilling, I will assume I will have to do some command line stuff here ...
  eg: keytool -genkey -keyalg RSA -keystore hostname.key
  to create the key,
  keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
  to create the csr, and
  keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
  to import the new cert
  Suggestions or comments for anyone who has tried this before would be appreciated.
  Regards,
  Brian

  I've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
  david

• WLC: which software-version support SHA2 certificates for Web Authentification and Web Management ?

  Hello,
  I tried to install new SHA2 3th-Party certificates on our WLCs. There are old WiSM1-Boards and 2504 to support our old 1230 Access Points, running 7.0.251.2, which didn't install it, although the config manual for 7.6 and 8.0 say that SHA2 certificates are supported since 7.0.250.0. When I tried to install the SHA2-certificates I get the message "File transfer failed" an the log says:
  *TransferTask: Dec 12 13:22:14.394: #UPDATE-3-CERT_INST_FAIL: updcode.c:1869 Failed to install Webauth certificate. rc = 1
  *TransferTask: Dec 12 13:22:14.394: #SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4085 Cannot PEM decode private key
  I tried to install the same certificates on our WiSM2-Boards, running 7.4.121.0 and I failed too. The same certificates could be installed on a 2504 running 8.0.100 without any problems.
  In all 3 cases I tried to install unchained certificates for web management and Level 3 chained certificates  for web authentication. I used the following guides to get the certificates (e.g. taken from the config manual 8.0.100):
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.pdf
  Which software versions support SHA2 certificates and which didn't ? Is the a list for it ?
  Regards

  Hello,
  I solved the problem. First I used a Debian Linux system with Openssl 1.0.1. After I searched the internet using one of the log messages above I found sites which mentioned to use Openssl 0.9.x. So I tried a productive and security fixes Debian Linux System running Openssl 0.9.8 and I succeeded. The wlcs accepted the certificate files and used it after a reboot. The Web GUI still shows a SHA1 Fingerprint, but the certificate signature Algorithm is SHA2:
  Signature Algorithm: sha256WithRSAEncryption
  When you check the openssl.org homepage Openssl 0.9.8 is still one of the actual version of openssl and is still available and fixed. But the Openssl Roadmap says:
  "We don't want to have to maintain too many branches. This is likely to include a timescale for the EOL of version 0.9.8"
  I don't know the differences between certificates made with openssl 0.9.8 and 1.0.1. Is there anybody who can explain it to me ?
  Regards

• Single point of failure for web dispatcher

  Hi
  I need advise on how can i resolve single point of failure for web
  dispatcher in case the web dispatcher goes down on another system, what
  are the alternative which can be used to avoid this.
  In our enviroment we have db server with two application server and web
  dispatcher is installed on db server and i need to know what can i do when
  the web dispatcher on db server crashes and cannot be restarted at all.
  We are running oracle 10.2.0.2.0 on AIX 5.3.
  Regards,
  Codlick

  Hi Codlick,
  the answer is, you cannot (switch to two web dispatchers).
  If you want to use two web dispatchers, they need something in front, like a hardware load balancer. This would actually work, as WD know their sessions and sticky servers for those. But remember you always need a single point for the incoming address (ip).
  Your problem really is about switchover groups. Both WD need to run in different switchover groups and need to switch to the same third software. I'm not sure if your switchover software can handle this (I'm not even sure if anyone can do this...), as this means the third WD needs to be in two switchover groups at the same time.
  Hope this helps,
  Regards,
  Benny

• PAM for Web Dispatcher 7.20

  Hi Gurus,
  I could not find the Web Dispatcher in the PAM lists so I post my question here:
  Which Windows Server platforms are supported for Web Dispatcher 7.20?
  We currently run Web Dispatcher 7.0 on WIN to serve our ERP systems on HP-UX and the whole system landscape will be migrated to WIN Server 2008 R2.
  Is it possible to install WebDisp 7.2 in parallel to 7.0 for test purposes with our new WIN system landscape that is already existing?
  Many thanks and best regards
  Günter

  Hi Markus,
  the PAM of Web Dispatcher 7.20 (as sub entry of NW 70 as you told me) contains the entry:
  WINDOWS SERVER 2008/X64 64BIT
  Do you know whether WINDOWS SERVER 2008/X64 64BIT R2 is supported or not?
  Thanks once again and best regards
  Günter

• How to sign a java applet using iPlanet SSL certificate?

  Dear all,
  I have a IPlanet web server with SSL installed,
  can I use the SSL certificate to sign my java applet which will run on the server? how to sign a java applet in this scenario? somebody please help me! thanks!
  yours sincerely
  dashel

  Why can't you create jar files?

• Self Signed Certificate for Web Proxy 4.0.2

  Does anyone have instructions on how to create and install self signed Certificate for Web Proxy Server 4.0.2? My OS is RHEL 4.
  Shed.

  Unfortunately you will not be able to do that from the GUI.
  You will have to use certutil frin proxy-install/bin/proxy/admin/bin/certutil
  Make sure that your LD_LIBRARY_PATH includes proxy-install/bin/proxy/lib
  (start -shell will give you a shell with all necessary paths set.)
  create a file called password-file which contains your password to your cert database
  your cert database resides in the alias directory of proxy installation.
  certutil -S -s "CN=My Issuer" -n myissuer -x -t "C,C,C" -1 -2 -5 -m 1234
  -f password-file -d certdir