Verify certificate

Similar Messages

• Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

  Hi,
    I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
  certificate from the server".
  When I installed ROOT CA cert  manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
  Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
  Please help me troubleshoot this problem

  Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it.  In this situation, if there are a lot of non-domain joined machines
  a third party certificate is the way you need to go.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Verify certificate using Bouncycastle (J2ME)

  Good evening. I have a problem.. I'm trying to verify certificate but signatures doesn't match!!!
  byte[] cert_decoded = Base64.decode(pem_cert);
  ASN1InputStream ais = new ASN1InputStream(cert_decoded);
  DERObject obj = ais.readObject();
  ASN1Sequence seq = (ASN1Sequence)obj;
  ais.close();
  X509CertificateStructure cert = new X509CertificateStructure(seq);
  // getting certificate signature
  byte[] signature = cert.getSignature().getBytes();
  // trying to get "to be signed" structure
  TBSCertificateStructure tbs = cert.getTBSCertificate();
  // is it correct? trying to get bytes array of TBS..
  byte[] tbs_byte = tbs.getEncoded();
  RSAEngine engine = new RSAEngine();
  // Is it correct? Cert uses "RSAwithSHA1"..
  SHA1Digest digest = new SHA1Digest();
  // Public key i'v got before from signing CA cert...
  PSSSigner signer = new PSSSigner(engine, digest, 0);
  signer.init(false, pub);
  signer.update(tbs_byte, 0, tbs_byte.length);
  boolean istrue = signer.verifySignature(signature);
  In all cases i'm getting FALSE 8( what's wrong, please help! 8(
  I tried to sign TBS data using CA's private key but signatures doesn't match anyway...

  I found example code here: http://www-128.ibm.com/developerworks/library/j-midpds.html
  Below is that code pieced together with some minor fixes (seems they
  had outdated calls to verifySignature() and generateSignature()).
  This program runs and returns true for me. Maybe this can
  help you figure out what's going on with your code...
  import java.math.BigInteger;
  import java.security.SecureRandom;
  import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
  import org.bouncycastle.crypto.digests.SHA1Digest;
  import org.bouncycastle.crypto.engines.RSAEngine;
  import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
  import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
  import org.bouncycastle.crypto.params.RSAKeyParameters;
  import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
  import org.bouncycastle.crypto.signers.PSSSigner;
  import org.bouncycastle.util.encoders.Base64;
  public class RSASigBCLW {
      private static BigInteger pubExp = new BigInteger("11", 16);
      private static RSAPrivateCrtKeyParameters privKey;
      private static RSAKeyParameters pubKey;
      public static void main(String[] args) {
          try {
              _main(args);
          } catch (Exception e) {
              System.out.println("ERROR: " + e.getMessage());
       * @param args
      public static void _main(String[] args) throws Exception {
          SecureRandom sr = new SecureRandom();
          RSAKeyGenerationParameters RSAKeyGenPara = new RSAKeyGenerationParameters(
                  pubExp, sr, 1024, 80);
          RSAKeyPairGenerator RSAKeyPairGen = new RSAKeyPairGenerator();
          RSAKeyPairGen.init(RSAKeyGenPara);
          AsymmetricCipherKeyPair keyPair = RSAKeyPairGen.generateKeyPair();
          privKey = (RSAPrivateCrtKeyParameters) keyPair.getPrivate();
          pubKey = (RSAKeyParameters) keyPair.getPublic();
          String message = "this is a test message.";
          String signature = getSignature(message);
          boolean b = verify(message, signature, getMod(), getPubExp());
          System.out.println("verify? =" + b);
      // Public key specific parameter.
      public static String getMod() throws Exception {
          return (new String(Base64.encode(pubKey.getModulus().toByteArray())));
      // General key parameter. pubExp is the same as pubKey.getExponent()
      public static String getPubExp() throws Exception {
          return (new String(Base64.encode(pubExp.toByteArray())));
      static public String getSignature(String mesg) throws Exception {
          SHA1Digest digEng = new SHA1Digest();
          RSAEngine rsaEng = new RSAEngine();
          PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
          signer.init(true, privKey);
          byte[] mbytes = mesg.getBytes();
          signer.update(mbytes, 0, mbytes.length);
          byte[] sig = signer.generateSignature();
          String result = new String(Base64.encode(sig));
          return result;
      static public boolean verify(String mesg, String signature, String mod, String pubExp) {
          BigInteger modulus = new BigInteger(Base64.decode(mod));
          BigInteger exponent = new BigInteger(Base64.decode(pubExp));
          SHA1Digest digEng = new SHA1Digest();
          RSAEngine rsaEng = new RSAEngine();
          RSAKeyParameters pubKey = new RSAKeyParameters(false, modulus, exponent);
          PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
          signer.init(false, pubKey);
          byte[] mbytes = mesg.getBytes();
          signer.update(mbytes, 0, mbytes.length);
          boolean res = signer.verifySignature(Base64.decode(signature));
          return res;
  }

• Verify Certificate when opening Mail

  Hi,
  I hope someone can help. Every time I open up Mail,on my iMac, I get a "Verify Certificate" dialogue box. With the following message;
  "Mail can't verify the identity of mail.me.com.
  The certificate for this server is invalid.You might be connecting to a server that is pretending to be"mail.me.com" which could put your confidential information at risk. Do you want to connect to the server anyway?
  I click connect and the mail works fine. However, the message reappears every time on opening mail.
  I have tried the following,
  1. I have opened the certificate and clicked on the "Always trust "mail.me.com" when connecting to "mail.me.com"" but this will be not ticked the next time I open Mail.
  2. I have deleted then reopened the account.
  3. I have deleted the ByHost file in User/library/preferences.
  4. I have used the Keychain access and selected always trust for the certificate. It will not stay selected.
  Is there any way I can get rid of this message. It does not occur when opening the account from my MBP.
  Thanks

  Greetings,
  If you have the same account(s) setup on your Macbook Pro and it works fine there, I'd say your Mail preferences file is corrupt. So, if you make a copy of the com.apple.mail.plist file on your Macbook Pro and move it to Home/Library/Preferences on the problem Mac (which will overwrite the current file), then restart Mail, it should work fine again.

• Safari is unable to verify certificate.

  Safari is unable to verify certificate. Can someone pls advise how to fix this issue? Im getting an error while trying to access adcbactive.com/Login page.
  Many Thanks
  Aby

  abytoaby,
  When I attempt to access adcbactive.com I'm getting a "Phishing" warning through the Open Dns servers that I'm using.  In fact, Open Dns is blocking me from loading that site.  Be careful...

• Verify Certificate Mail blocked

  After opening mail verify certificate popped up and will not allow me to connect, cancel, shut down, or restart my macbook air. 
  Both the connect and cancel buttons are grey and not letting me click them. Also even when I try to close the window or quit mail it will say that I can't.

  Then no window accepts any clicks, so restart is not possible any more. I have to press the kill-button an the back. Not good at all.

• Verify Certificate - Mail

  Hello,
  I have came across the problem of Verify Certificate that started just after renewign the old one.
  To fix this on the users side and only if you are sure the server that writen is yours or you trust it just follow those stepps:
  Click  - GO - Utilities - Keychain Access.
  Under the Category Click on Certificates and on your right click Get info on the one you face problems with.
  Click on the arrow near the Trust and then choose on the "When using this certificate:" scrool down Always Trust.
  Then just restart Mail and give it a min to resync.
  I hope it helps.
  Alon.

  Then no window accepts any clicks, so restart is not possible any more. I have to press the kill-button an the back. Not good at all.

• Constant Verify Certificate Message in Mail

  Hi Forum,
  in mail on my Mac Mini i get a constant message of:
  Verify Certificate
  The Identity of "Server" cvannot be verified.
  the server it mentions is an old email i used to use but now dont. Its been deleted from my accounts and doesntr exist. I cant find anywhere in this or internet accounts that makes reference to this server?!?!?! How can i find it. Its constant. I cancel the message and it reappears.

  First, and most important, never change the trust settings of any SSL certificate unless you created it yourself. That's one of the most dangerous things you can do with a computer.
  Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
  Step 1
  From the menu bar, select
   ▹ System Preferences... ▹ Date & Time
  Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
  Check the box marked
  Set date and time automatically
  if it's not already checked, and select one of the Apple time servers from the menu next to it.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /System/Library/Keychains/SystemCACertificates.keychain
  Right-click or control-click the highlighted line and select
  Services ▹ Show Info
  from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
  Repeat with this line:
  /System/Library/Keychains/SystemRootCertificates.keychain
  If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.
  Step 3
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
  In the Keychains list, there should be items named System and System Roots. If not, select
  File ▹ Add Keychain
  from the menu bar and add the following items:
  /Library/Keychains/System.keychain
  /System/Library/Keychains/SystemRootCertificates.keychain
  From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu at the top, select
  When using this certificate: Use System Defaults
  Close the inspection window. You'll be prompted for your administrator password to update the settings. Revert all the certificates with non-default trust settings. Never again change any of those settings.
  Step 4
  Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
  Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
  Help ▹ Keychain Access Help
  from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
  Step 5
  From the menu bar, select
  Keychain Access ▹ Preferences ▹ Certificates
  There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
  Step 6
  Triple-click anywhere in the line of text below on this page to select it:
  /var/db/crls
  Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
  Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
  A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
  Step 7
  Reboot, empty the Trash, and test.

• Exchange mail setup - unable to verify certificate

  When i set up my exchange mail account, just after i enter the exchange server details, i get a message saying "unable to verify certificate" and the option to "accept", which i did.
  Thereafter i get the error message "failed account verification"
  Does anyone know what the issue / workaround here is?

  OK, here is my information from Outlook OMA.
  =============================================
  Outlook(R) Mobile Access
  Copyright (C) 2001-2003, Microsoft Corp. All rights reserved.
  Ok
  Outlook(R) Mobile Access Server: EDCOWA02
  Outlook(R) Mobile Access Server, Microsoft(R) Exchange: 6.5.7226.0
  Outlook(R) Mobile Access Server, Microsoft(R) Windows: 5.2.3790.0
  Outlook(R) Mobile Access Server, Microsoft(R) .Net Framework: 1.1.4322.2407
  Mailbox Server: EDCEXC01
  Mailbox Server, Microsoft(R) Exchange: 6.5.7226
  User Mailbox: Luis.Cavada
  Rendering Format: html32
  User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
  ========================================================
  Can someone help me in figuring out what is the user name and exchage server which i need to setup in my iphone 3G Exchnage settings.
  I have tried everything I cound think of, but no luck !
  Thanks,

• Owsm policy step verify certificate

  We try to use the OWSM for client authentication using "verify certificate". for what i understand of it i have to send along the public certificate with my request and that certificate should be in the trusted store. Can this store be the same store as the wallet the http server is already using.
  when i look for the details of the verify certificate step i see that there are a few prerequisites
  Prerequisite Steps      Verify Signature, Decrypt and Verify, or if the transport security uses SSL.
  i use a https://<server>/gateway/services/SID0003006?wsdl as endpoint from within the webserviceproxy and added the following before setting the endpoint in de proxy.
  System.setProperty("javax.net.ssl.keyStore", "/home/maqish/keystore");
  System.setProperty("javax.net.ssl.keyStoreType", "JKS");
  System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
  System.setProperty("javax.net.ssl.trustStore", "/home/maqish/keystore");
  System.setProperty("javax.net.ssl.trustStoreType", "JKS");
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  I have added the server certificate in my trusted keystore and the public key is send to the server to be added as a trusted certificate.
  using verify certificate it should be possible to verify that a request is from a trusted source. but this does not seem to work very well. or else there could be some other problem in my thoughts.
  anyone who tried the same? or has ever used the policy step verify certificate?

  i do use the soa suite and jdeveloper 10.1.3.3 i have created a webservice which i have deployed to the soa application server. using this webservice works using http and https
  when i use owsm to add this webservice as a service this also works. using http and https
  when i add the request policystep verify certificate i get the following error
  Failed to initialize pipeline 'Request' in policy 'repeater(0.1)

• Can't verify certificate

  I've just changed email provider and I'm starting to get the mail can't verify certificate message every time I open up Mail. I remember I had this before but can't for the life of me remember what I did to finally resolve the issue! I've checked the "always trust" checkbox but the certificate message still appears. Please help!

  I'm having the same problem, and checking and unchecking the "Always trust..." box. I've even tried closing mail and reopening it. I've tried sending an email from the account to my gmail account, confirming the email has been received, and then closing and reopening Mail. Still I get the "Mail can't verify" message.
  I'm NOT using SSL for my mail. HOWEVER, since I have a hosting account, and since my email on that account is IMAP, and since there's special group of emails that I want to access on my cell and laptop too, I created another email address and am making sure that these particular emails are going there.
  That means that two email accounts are going to the same mailserver address - mail.[mydomainname].com. The MTP is the same for incoming and outgoing.
  I've repaired permissions. I've even attempted to throw away my plist, but that will be a nightmare of epic proportions, since getting rid of the plist means that all my accounts and mailboxes are gone and I'd have to recreate everything.
  This is a fairly new issue.
  Can anyone help Alan and me?

• Webutil 10g unable to verify certificate

  hi, i have problems with webutil setup
  i follow all steps in all setup guides, but when i try to start the form, jinitiator shows "unable to verify the certificate"
  all jars were signed
  does anybody know how i can fix this problem?

  solved removing certificate on jinitiator and reload certificate, clear browser cache

• Lync 2010 Client unable to verify certificate - External access

  we have recently setup Lync 2013 and it is working fine internally.  I am now trying to setup external access. We only require the remote users to be able to use their client externally without VPN.  
  I have setup the edge server with 1 NAT'd public ip address and FQDN option. So the 3 services are using the same IP but different port(as shown below).  
  access access.domain.com port 5061
  webconf access.domain.com port 444
  A/V access.domain.com port 443
  I used our internal CA to issue internal and external certificates and then added the Internal CA as a trusted root CA on the machine with the client trying to connect externally.
  I have published the following records to external dns:
  _sip_tls.domain.com which points to access.domain.com
  access.domain.com points to the public ip on the firewall
  I expected at this point that I would be able to login. Auto configuration times out externally.  If I manually set the external server name to "access.domain.com" and try to sign in it says "there was a problem verifying the certificate
  from the server".  
  the logs on the client says: 
  SECURE_SOCKET: negotiation failed: 80090322, principal name: [access.domain.com]
  Also I can see the traffic going from my external client to the firewall to the edge server.
  I understand that the external certificate on the edge should be through a public CA but we won't be using any of federation options so my internal CA cert should work for logging in through the client?  What am i missing? 
  Let me know if i can provide more info.
  Thanks!

  Happy to help BUT..
  Just keeping with TechNet etiquette.
  we have moved on to a new issue so we really need to see a new question as that way the posts are helpful to the whole community and easy to find based on the question asked
  Some advice given above has assisted in directing you to the root cause, please mark these as helpful, remember that assistance is given voluntarily and every contributor needs recognition
  Please mark posts as answer/helpful if it answers your question.
  Blog -  LyncSorted

• Mail repeatedly asks to verify certificate

  Hi
  Using Mail 3.6 on 10.5.8
  When I send from my .me account I am repeatedly ask to verify the recipient, with an oval connect button.
  Can I stop mail from asking me this every time?
  AS

  To Clarify,
  "Mail can't verify the identitiy of "smtp.mail.me.com".
  The certificate for this serve was signed by an unknown certifying authority.  You might be connecting to a server that is pretending to be "smtp.mail.me.com" which could put your confidential information at risk.  Would you like to connect to the server anyway?
  I get three balloons to chose from, show certificate, cancel, and connect.

• Verify certificate in Safari

  Hello,
  While browsing the Web in Safari I frequently get a pop-up message that says, "Safari can't verify the indentity of the website 'platform.twitter.com' or 'platform.facebook.com'." This message appears randomly and indicates I need to select continue or cancel before I am able to view the site I was interested in browsing. If I select cancel I am still able to browse on the site, but everytime I click a hyperlink to continue browsing the same pop-up comes back. If I hit continue, I am brought to a blank page with an "access denied" message.
  Everytime I look at the certificate it is linked to Facebook somehow (take a look at the screen shots) even though I am not using Facebook when the message appears. I actually don't have a Facebook account. I am not sure why this is happening and would love to make it stop. I do not want to jeopordize my security online; however, I cannot browse the internet with this message appearing eveytime I am navigating within a website.
  Please help....
  Thank you!

  Check the time and date are correct and being updated to your location in system preferences
  You know facebook tracks you when you log out right? it's these things that are doing this
  Facebook changes it's cookies when you log out, so then on websites they can track you
  http://www.zdnet.com/blog/facebook/facebook-tracks-you-online-even-after-you-log -out/4034