VeriSign Certificate  OR Unified Testing Initiative (UTI) root Certificate?

Similar Messages

• Can not import Verisign certificate

  Dear all,
  I am trying to import a Verisign certificate in my ABAP BW 3.5
  Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
  PSE so that it contains field SP, it is more like installing a new
  certificate.
  What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
  I then created the CSR request to Verisign. I received
  the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
  When I apply the response, by pasting the contents of the text
  file created above, I get the message:
  "CA Certificate missing in database"
  I have already looked at notes 508307, 518185, 510007, 1074447, 511919
  I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
  I am also sure that the Verisign CA root certificate exists in the
  database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
  I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
  Many thanks in advance for your help
  Regards
  Andreas

  Just created a new SSL PSE and imported the certificate chain again and this time it worked...

• Importing Verisign Certificate on PIX7.1

  Hi there,
  After having importet Verisign Intermediate CA onto my PIX, I've send the CSR request to Verisign and gotten a Certificate back. Now when I try to import the returned certificate on the PIX, I get an error :
  Failed to parse or verify imported certificate
  Now, I've tried clearing all certs, reauthenticate the CA etc.
  Any ideas?
  Is it a problem that the CA is Intermediate? Can the CSR attributes contain spaces?
  Pix is running latest version 7
  Kind regards
  Kelvin Dam

  Hi koksm,
  Yeah - I got it to work. I dont know how many of these steps you have done, but heres how I did it :
  RSA-keys are probably already generated (also needed for ssh-access), but if you ever need to reissue the cert, regenerate the rsa keys, otherwise the CSR will be exactly the same and not accepted by the 3rd party CA:
  crypto key generate rsa
  Then define the trustpoint:
  crypto ca trustpoint Verisign
  crl optional
  enrollment terminal
  subject-name CN=host.domain.com,OU=Unit,O=Organisation,C=NL,St=xxx,L=xxx,[email protected]
  Import root CA cert (make sure you have the correct one, preferably without intermediate CA (RA)):
  crypto ca authenticate Verisign
  ---BEGIN--- or ---END--- lines do not matter>
  quit
  INFO: Certificate has the following attributes:
  Fingerprint: 069f6979 16669002 1b8c8ca2 c3076f3a
  Do you accept this certificate? [yes/no]: yes
  Trustpoint CA certificate accepted.
  Generate the CSR:
  crypto ca enroll Verisign
  % Start certificate enrollment ..
  % The subject name in the certificate will be: xxxx
  % The fully-qualified domain name in the certificate will be: hostname.domain.com
  % Include the device serial number in the subject name? [yes/no]: no
  Display Certificate Request to terminal? [yes/no]: yes
  Certificate Request follows:
  MIICNjCCAZ8CAQAwgbwxJTAjBgkqhkiG9w0BCQEWFnNlcnZpY2VkZXNrQGR5bm9t
  aWMubmwxEjAQBgNVBAcTCUJpbHRob3ZlbjEQMA4GA1UECBMHVXRyZWNodDELMAkG
  ---End - This line not part of the certificate request---
  Redisplay enrollment request? [yes/no]: no
  Notice this is generate without ---BEGIN--- and ---END--- lines which you do need to add when submitting the form to the 3rd party CA.
  After succesful verification by the CA you'll be returned a certificate which you can import with or without the ---BEGIN--- and ---END---- lines, so you might as well just copy the complete text:
  crypto ca import Verisign certificate
  % The fully-qualified domain name in the certificate will be: xxx.domain.com
  Enter the base 64 encoded certificate.
  End with the word "quit" on a line by itself
  -----BEGIN CERTIFICATE-----
  MIIDcTCCAtqgAwIBAgIQIHOwJ7acK6Fmibyhf67HlDANBgkqhkiG9w0BAQUFADC
  MXN/DqZw504SdlIkm3K4Dt7kSa5NILlncBiPhJJPJRjcOk6wRB6vuGG85uz6twR
  nq4BqbMitzpgxvK12hgS9ZDy62kC
  -----END CERTIFICATE-----
  quit
  INFO: Certificate successfully imported
  Make sure you activitate the trustpoint either as for use on all interfaces or on a specific interface using:
  ssl trust-point thawte.com [interface]
  One more thing - the verisign root cert, I did NOT get from their webpage, but I took the one that accompanies the Internet Explorer.
  Hope it helps
  Kdam

• Signing in mail with a verisign certificate

  I have 2 certificates bought from Verisign that I used previously under 10.6.
  I made a clean install of 10.6 and then updated to 10.7, but even if I managed to import the certificates in the keychain access, the buttons in mail proposing the signature and encryption of emails doesn't appear.
  Thank you in advance for your help

  I haven't been able to resolve this issue using Mail and a Verisign certificate. So instead I tried Comodo and my Mail system now works perfectly with both signature and encryption. So perhaps the problem lies with Verisign rather than Apple......
  And Comodo is free, see http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

• How can I get an up to date Verisign certificate??

  For an app I need the Verisign certificate. I downloaded one from a link provided in this forum but once installed I see it valid until "15-07-2009" -- no good for me, I'm in August.
  Trawling the Verisign site didn't help ease the frustration.
  Any pointers? 
  It's a VeriSign Class 3 Code Signing Certificate. I've already updated the Nokia firmware to the latest version. 

  I can't seem to find any other place to put this but here.
  I have the same exact issue as the person who started this thread.
  I have a valid VeriSign Class 3 code signing certificate and when trying to do a OTA for a E63 phone the message shows "certificate not recognizable".
  VeriSign blames Nokia.
  What can I do for this?

• Verisign Certificates renewal Issue

  Hi
  We are running Sun Java Web Server 7.0 update 5 and wanted to renew verisign certificates for 2 more years.
  What i did:
  1. Got the certificates from Verisign with last year CSR (i'm not sure if previous CSR can be used or not)
  2. Using admin console (browser based) , i went to "server certificates" ->"install" and could successfully installed them (but there was a warning that duplicate nick name) and i selected ls2 (listener-2 for https)
  3. admin console shows renewal successful and expiry year is 2011.
  4. I also restarted both admin and web services
  But the problem that when i access the application from browser, it still says the expiry year as 2009.
  Please advise.
  Prvn

  Well ... I don't know WHICH three *db files you copied, or from where you copied them in the admin-serv directory.
  If the admin server appears to be working as expected, and the instance appears to be working as expected, then just make sure the admin server isn't telling you that changes have been made on the instance (if it is then tell it to copy the changes and make them the new current version).
  Depending on which files you copied from where you may end up with the admin server having the wrong certificates. This could cause a problem for any nodes that are registered with it. I think you'd already see a problem if this were going to break things though.
  In a perfect world everything is just working as expected now, and you're done. If you want to be extra cautious, though, you should restore the admin server's key3 and cert8 databases from a backup (these databases contain the self-signed certificate and its associated keys that were created when you installed Web Server).

• Installing verisign certificates

  Hi
  I have two load-balanced portal gateways , and I need to install a Verisign certificate on them.
  The question is: Do i have to create a csr request for each server and ask for separate certificates (obviously registering the same fqdn host name)??
  thanks a lot

  If your gateways have different hostnames, you have to get a separate certificate for each host. Otherwise, you will get a certificate mismatch error. If your gateways share the same hostname in a load balancing environment, one certificate can serve both servers. There may be licensing issues with this depending on your Certificate provider.
  To accomplish this task, create your CSR on gateway1, get it signed and install it. After gateway1 is complete, copy all the files in /etc/opt/SUNWps/cert/<profilename> from gateway1 to gateway2. Don�t forget the .files.
  Steve

• Cacerts verisign certificate expires Jan 08 2004

  Two Verisign Certificates in the jdk 1.4 keystore 'jdk1.41/jre/lib/security/cacerts' expire on Thu Jan 08 2004.
  They are stored with alias 'verisignclass2ca' and 'verisignclass3ca'.
  A Weblogic Server Message looks like this:
  <Dec 16, 2003 5:39:13 PM CET> <Notice> <WebLogicServer> <BEA-000298> <Certificate expires in 22 days: [
  Version: V1
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@3e
  Validity: [From: Mon Jan 29 01:00:00 CET 1996,
                 To: Thu Jan 08 00:59:59 CET 2004]
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  SerialNumber: [    e49efdf3 3ae80ecf a5113e19 a4240232]
  Algorithm: [MD2withRSA]
  Signature:
  0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
  0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
  0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
  0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
  0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
  0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
  0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
  0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....
  ]>
  Does anybody know,
  what that means for ssl ?
  Is there a Patch or a new cacerts file for download ?
  Thanks a lot.
  Ede

  I would assume that there are not that many certificates still
  being used that use those CA certs for their CA.
  As you probably noticed, there are a bunch of newer Verisign
  CA certs in that trust store (cacerts). The newer CA certs are
  probably the ones being used by certificates that are currently
  in use.
  I suppose you have to ship the older CA certs until they become
  invalid. I doubt that Verisign issued any certificates with those
  old CA anytime recently.
  -Steve

• Importing Verisign Certificate to Integrated ITS

  We currently have external ITS running on Microsoft IIS.  We are switching to integrated ITS and would like to import our existing Verisign certificate(s) to SAP WebAS 6.40 on ECC5.  We have tried exporting the certificate from IIS and importing it to SAP but the export file format - .pfx and others do not seem to be supported by SAP.  Has anyone done this successfully?  Thanks!

  We currently have external ITS running on Microsoft IIS.  We are switching to integrated ITS and would like to import our existing Verisign certificate(s) to SAP WebAS 6.40 on ECC5.  We have tried exporting the certificate from IIS and importing it to SAP but the export file format - .pfx and others do not seem to be supported by SAP.  Has anyone done this successfully?  Thanks!

• Verisign certificate & Chain File Name

  Perhaps a newbie question, but here goes:
  I am having trouble installing a Verisign certificate on my Weblogic 6.0
  server. I have my private key and certificate file installed properly I
  believe, but am unsure what to put in the Certificate Chain File entry
  in the console. I only have 1 certificate for this server. I have tried
  to
  a) leave it empty - in which case it uses a default file name which does
  not exist
  b) use the certificate I got from Verisign
  c) export a class 3 certificate from my browser and use that file
  In all the cases that I give it an existing file name, I get the
  following stack trace:
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at
  weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
  security configuration, weblogic.security.AuthenticationException:
  Incorrect encrypted block possibly incorrect
  SSLServerCertificateChainFileName set for this server certificate>
  weblogic.security.AuthenticationException: Incorrect encrypted block
  possibly incorrect SSLServerCertificateChainFileName set for this server
  certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)

  OK. Found out what it was.
  The Server Certificate Chain File name is what Verisign calls the
  Intermediate Certificate. So what you need to do is grab that cert off the
  Verisign site, paste it into a new file on your server and put that file
  name in as the path to the Chain File name.
  New question: Why the 2 names for the same thing ? The documentation could
  be a bit clearer here, as it's a very simple process that seems more
  complicated than it needs to be (IMHO).
  Brian Hall wrote:
  Perhaps a newbie question, but here goes:
  I am having trouble installing a Verisign certificate on my Weblogic 6.0
  server. I have my private key and certificate file installed properly I
  believe, but am unsure what to put in the Certificate Chain File entry
  in the console. I only have 1 certificate for this server. I have tried
  to
  a) leave it empty - in which case it uses a default file name which does
  not exist
  b) use the certificate I got from Verisign
  c) export a class 3 certificate from my browser and use that file
  In all the cases that I give it an existing file name, I get the
  following stack trace:
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at
  weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
  security configuration, weblogic.security.AuthenticationException:
  Incorrect encrypted block possibly incorrect
  SSLServerCertificateChainFileName set for this server certificate>
  weblogic.security.AuthenticationException: Incorrect encrypted block
  possibly incorrect SSLServerCertificateChainFileName set for this server
  certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at
  weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at
  weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)

• Difference b/w OCA certifciate and verisign certificate

  What is the difference b/w OCA certifciate and verisign certificate
  Do we need to buy the OCA certificate as well as I understand that we need to buy verisign certificate?
  Thanks

  A certificate is not a single entity. It helps if you know how to administer certificates using the openssl commandline tool. A certificate is a signed public key.
  This is how it works in using the oracle tools:
  First, a wallet is created using the wallet manager (owm) or orapki. A wallet at that point consists of some trusted CA (Certificate Authority) certificates, and probably already the (non visible) private key.
  Next, a CSR (Certificate Signing Request) is made using the wallet manager or orapki. This is a non-signed version of the certificate.
  This is where the OCA comes into play. The OCA is the oracle version of a Certificate Authority. Using the CA, you can sign your certificate yourself. The signer certificate (the certificate of the OCA) is not officially listed as trusted certificate.
  If you send your CSR to verisign, verisign signs it for you. The advantage verisign has, is it's certificate (the signer certificate) is officially listed as trusted certificate. That's the reason people use verisign for their certificates.

• How do I renew my Verisign certificate

  Our Verisign certificate is about to expire and we need to replace it. Verisign can generate a new certificate based on our original request. Does this mean that all I should really have to do is to open Oracle Wallet, delete the old user certificate and add the new user certificate? Are there other steps?

  I create a new request and a new wallet. Now I'm having trouble installing it on the app server. See Re: Install renew-ed user certificate in Wallet manager

• Unity Connection 8.5 Single Inbox with Verisign Certificates

  Hi,
  I am trying to connect CUC 8.5.1.12900-7 to Exchange 2010 using Basic authentication with SSL.
  I am having problems when I get to the test user stage and think the problem may be caused by certificates.
  To obtain the certificates that I have installed on CUC I got one of the users to connect to OWA and then exported the certificates associated with the connection and then loaded then onto CUC - is this the right way to do it? - there does not seem to be any documentation that covers this in detail.
  Can anyone point me in the right direction or at least let me know how to troubleshoot the problem?
  Thanks

  You want to export the root CA certificate from OWA and import it to both the tomcat-trust and connection-trust stores. When I did this last week on 8.6(1)a I did not have to restart Tomcat although that has been required in the past. You can spot the root CA certificate by choosing the Certificate Path tab, selecting the highest certificate in the chain, opening it, select the Details tab, and click Copy to File. When you save it you will want the Base-64 encoded file and need to manually change the file extension from .CRT to .PEM.
  Additionally, you can rule SSL out by unchecking the Validate Certificates for Exchange Servers checkbox. This will allow the SSL session even if the certificate fails validation.
  Other issues I have seen:
  The permissions granted to the Exchange user did not delegate to that user/mailstore or you accidentally missed a step.
  The AutoDiscover folder in IIS is not allowing Basic authentication. The Exchange architect I worked with last week wouldn't enable this so I ended up using NTLM authentication instead since both EWS and AutoDiscover were allowing Integrated WIndows Auth.

• How to sign the applet with verisign certificate?

  Hi,
  I got a test certificate from the Verisign.
  Now I want to know, how to sign my applet with that certificate?
  Thanks,
  Siva E.

  Hi!
  You have to create a keystore wich contains the certificate. I think you call keystore -import "verisign.cert"Try the command, and it will tell you what it needs.
  To do the acutal signing of an applet (jar-file), you write somehting like this:
  jarsigner  -keystore "NameOfKeystore" -keypass "PasswordToPrivKey"  -storepass "PasswordToStore" "YourJarFile.jar" "CertAlias"The cert alias is an alias you created when importing the certificate. Hope it Helps!
  Henrik

• SGD 4.20.983 and Verisign certificate

  Hi,
  We have server SGD 4.20.983 with verisign X509 certificate in this format:
  VeriSign/RSA Secure Server CA
  server.dom.com
  This certificare will expire in dec/19/2006.
  We renew this certificate with verisign, but we receive the certificate in this format:
  VeriSign Class 3 Public Primary CA
  - Verisign Class 3 Secure Server CA
  -server.dom.com
  In SGD version 4.3 have the reference list in URL http://docs.sun.com/source/819-6255/what_certs.html, but I dont find any similar reference in SGD 4.20.983 verion
  My question is about SGD 4.20.983 will be direct recognized by access in browser mode and by native client mode?
  Thanks for any help for my question.
  Best Regard�s
  Marcelo Moreira Martins
  [email protected]
  Technical Consultant - Tarantella Systems Engineer
  SE- Systems Engineer - M3 System Integrator.
  Sun Microsystems do Brasil - Authorized Reseller
  +55-51-3333-2644 - Office
  +55-51-81679382 - Mobile Phone
  Visit the EduSoft web site: http://www.sun.com/edu/edusoft/

  We need to use a valid certificate and not a customca (test certificate) because we use in production enviroment for enterprise access.
  This certificate will be recognized by browser and native client ?
  We dont like to import de sign certificate for any browser and native client for access the service.
  Best Regard�s
  Marcelo Moreira Martins