Wildcard * SSL Certificates for TTA??

Similar Messages

• Wildcard SSL Certificates with MFE?

  Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
  We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
  Before doing anything I figured I'd try a website that used a wildcard certificate.
  When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
  My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
  If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
  Thanks.

  This is interesting question. I look forward testing this myself
  What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
  Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

• SA520 Wildcard SSL Certificate?

  I have a wildcard SSL certificate for our domain from RapidSSL.  I installed the intermediary certificates fine but I can't get the acutal cert to install.  I get the message "Can't Upload Invalid Self Certificate" message.  Has anyone else ever successfully used a wildcard cert with an SA?

  Hello Mr. Williamson,
  In order to get a new SSL certificate please follow the next instructions:
  STEP 1 : Click Administration > Authentication.
  The Authentication (Certificates) window opens.
  STEP 2 For each type of certificate, perform the following actions, as needed:
  • To add a certificate, click Upload. You can upload the certificate from the PC
  or the USB device. Click Browse, find and select the certificate, and then
  click Upload.
  • To delete a certificate, check the box to select the certificate, and then click
  Delete.
  • To download the router’s certificate (.pem file), click the Download button
  under the Download Settings area.
  STEP 3 To request a certificate from the CA, click Generate CSR.
  The Generate Certification Signing Request window opens.
  a. Enter the distinguished name information in the Generate Self Certificate
  Request fields.
  • Name: Unique name used to identify a certificate.
  • Subject: Name of the certificate holder (owner). The subject field populates
  the CN (Common Name) entry of the generated certificate and can contain
  these fields:
  - CN=Common Name
  - O=Organization
  - OU=Organizational unit
  - L= Locality
  - ST= State
  - C=Country
  For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
  Whatever name you choose will appear in the subject line of the generated
  CSR. To include more than one subject field, enter each subject separated
  by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
  • Hash Algorithm: Algorithm used by the certificate. Choose between MD5
  and SHA-1
  • Signature Algorithm: Algorithm (RSA) used to sign the certificate.
  • Signature Key Length: Length of the signature, either 512 or 1024.
  • (Optional) IP Address, Domain Name, and Email Address
  b. Click Generate.
  A new certificate request is created and added to the Certification Signing
  Request (CSR) table. To view the request, click the View button next to the
  certificate you just created.
  Or you could check it on the next link. please check page 191
  http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
  hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Thank you

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Can't install a wildcard SSL certificate

  Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
  I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
  However, this is where it gets strange...
  The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
  Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
  I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
  Any insights appreciated! TAA

  In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
  You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
  openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
  The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
  Good luck with it

• Wildcard SSL certificates

  Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wildcard certificates comes with limitation of being able to install it on only one physical machine. I assume CSS would be considered one physical machine if SSL traffic is terminated on the CSS, however, wanted to find out whether wildcard SSL certificate is supported on CSS. We are using CSS11503 and depending on whether it supports wildcard certificate, we are planning on purchasing SSL accelerator.

  Thanks for the information, Gilles. Looking at the pricing structure of SSL certificates, I wonder why wildcard certs aren't widely used as one would expect based on the cost. Well, I guess I will find out when I implement one. Thanks again.

• How we can get SSL certificate for any site?

  i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

  Hi,
  Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
  Based on your description, I’m a little confused with your question. Did you mean that want to know why need
  SSL certificate for website?
  Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
  and your server.
  An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
  a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
  Managing Certificates
  SSL and Certificates
  Understanding Self-Issued
  Certificates in SBS 2003 & SBS 2008
  Installing a GoDaddy Standard
  SSL Certificate on SBS 2008
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If anything I misunderstand or any update, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• RV120W SSL Certificate for Client

  Hello,
  When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
  Firmware:
  1.0.2.6
  Help?

  Hello Sir, My name is Eric Moyers. I also responded to your other thread.
  I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
  Thanks
  Eric Moyers
  Cisco Network Support Engineer
  SBSC WIreless and Surveillance SME
  CCNA, CCNA-Wireless
  1-866-606-1866

• Changing SSL certificate for ICM

  Hello,
  I'd like to change SSL certificate for ICM service. I've change it in STRUST, but when I run web browser, server sends old one. IT is very odd, that ICM still works after deleteing all "SSL Server" certificates in STRUST. I tried to restart whole SAP system, but it did not help.
  Is there any possibility to change working certificate? What should I do to make such change?

  > I often use transaction SMICM -> Administration -> ICM -> Exit soft to restart only the ICM without interrupting the whole SAP system.
  > You should increase the ICM trace level, restart it and look at the trace file to try to find out what's wrong.
  OK, ICM runs properly now. I have no idea why, as I did not change anything. Maybe "soft restart" invoked few times helped.
  > Of course. In my company we use our own internal CA for intranet use and Verisign for internet use.
  > (for internet use the certificate in on the reverse proxy in the DMZ).
  Here I've got another problem.
  I've started with something simple. STRUST->SSL server->Create Certificate Request. My CA has signed this request. Now, when I'm trying to install signed certificate, I got an error "Cannot import certificate response".
  As my CA is not signed by any well known CA e.g. VeriSign), I've added my CAs certificate to SAP database (as root CA and server CA), butit did not help.
  In SSL server, I've got "(self signed)" below "own certif." field and I cannot change it
  If it's not a big problem, could you write down, what should I do to install external SSL certificate signed by not well-known CA.
  Many thanks for your help,
  regards,
  Konrad

• SSL certificate for database

  Hi all,
  I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
  And also how to get SSL certificate for database form Godaddy?
  Any help would be great.
  Thanks
  Rajitha
  --------------------------------------------------------------------------------

  Pl refer to Oracle® Database Advanced Security Administrator's Guide
  10g Release 2 (10.2) from Oracle documentation.
  You will find useful information on that related to this.
  Dilipkumar Patel.

• Installing an SSL certificate for a CSS 11503

  I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
  I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!

  Allen,
  The portion of the configuration guide related to SSL certificates and keys can be found here:
  http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
  To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
  ~Zach

• Iplanet 6.0 creating a development SSL certificate for internal use

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

  With IHS I can create my own SSL certificate when I want to do development work locally. I don't need to pay for a commercial one.
  Is there a tool to create my own SSL certificate for development work with iplanet 6.0?

• URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

  Hi,
  I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
  I am trying to get work with url: https://reports.mydomain.com
  I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
  https://reports.mydomain.com/ReportServer - works fine
  https://reports.3pro.hr/Reports/ - I got error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  In rsreportserver.config I have:
  <Add Key="SecureConnectionLevel" Value="2"/>
  When looking my ReportServerService_date.log file I have something like:
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
  configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
  Also, error shown in log file:
  appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
  ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
  The remote certificate is invalid according to the validation procedure.
  Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
  -- Hrvoje Kusulja

  I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
  before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
  but I didn't roll them back either so they may have been necessary.)
  Step 1:
  Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
  file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
  SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
  Step 2: 
  In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
  <Add Key="SecureConnectionLevel" Value="3"/>
  Step 3:
  In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
  is valid for your certificate.  For example, if my cert matches *.mydomain.local:
  <UrlRoot>
  https://myserver.mydomain.local/ReportServer
  </UrlRoot>
  Step 4:
  Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
  the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
  broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
  Step 5:
  This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
  The corrected value should be the same as in step 3, for example:
  <ReportServerUrl>
  https://myserver.mydomain.local/ReportServer
  </ReportServerUrl>
  Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
  Good luck!

• Install SSL certificate for Oracle HTTP server

  I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
  I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
  I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
  With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
  I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
  First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
  According to oracle steps, I have to create a CSR and then import the certificate into the wallet
  http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
  However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
  The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
  I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
  Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
  2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

  I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
  If i can get OWM working to create a successful certificate them the problem would be resolved.
  I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.

• Using existing SSL Certificate for Web Dispatcher

  Hi,
  We've registered a SSL certificate with wildcard option via GlobalSign. The history of this process is as below:
  1. We created a Certificate Request with IIS and send it to GS (GlobalSign).
  2. They send us the certificate file Globalsign Primary Secure Server CA and Globalsign Server Sign CA files.
  3. Import all ceritifcates into IIS and then exported the certificate into a Cert.pfx file.
  4. By using this file, we are able to import the SSL certificate into J2EE WAS 640  of Portal system.
  5. Now we want to use same certificate to establish a web dispatcher installation as intermediate server for internet access.
  Web Dispatcher documentations says to create a pse and req file with sapgenpse program and then send it to CA (here globalsign) to get a certificate.
  But when we asked GS, they told us to use the certificate they send us before. They cannot create a certificate file for the ourput of web dispatcher. It will be billed us if we persist.
  So, we have to find a way to use the existing certificate to enable SSL of Web Dispatcher.
  Any idea?

  Hi Huseyin,
  I also have the same scenario. We also want to use the same certificate from verisign for our webdispatcher.
  Do you know how to do. Can you help me.
  Thanks and Regards,
  Sailesh K