Wildcard SSL Server 3.2.1

Similar Messages

• Can't install a wildcard SSL certificate

  Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
  I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
  However, this is where it gets strange...
  The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
  Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
  I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
  Any insights appreciated! TAA

  In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
  You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
  openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
  The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
  Good luck with it

• Wildcard SSL Certificates with MFE?

  Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
  We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
  Before doing anything I figured I'd try a website that used a wildcard certificate.
  When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
  My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
  If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
  Thanks.

  This is interesting question. I look forward testing this myself
  What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
  Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

• Wildcard ssl

  So our company has a Wildcard SSL Certificate that we use for most of our websites, and I've just setup a new 10.8 server for the use of profile manager.  I've added our Wildcard SSL certificate to the systems keychain and trusted in but for the life of me I can't get the SSL Cert to take.  I see it listed in the Server manager and select it and save the changes, but then I open up the SSL Cert again and there is nothing selected.
  Any ideas?
  Thanks in advance.

  So in server app go to
  Hardware>Settings then click edit beside SSL certificate
  Click manage certs and hit the + and create certificate identity
  On the first page of the wizard you want to check "override defaults"  step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension.  in the dNSName you want to enter *.mydomain.com.  Finish the wizard and allow it access to your keychain.
  Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL.  Download your certs.  Go back into server app
  Hardware>Settings then click edit beside SSL certificate
  Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert"  and drag in your server.mydomain.com.crt cert (the one you downloaded).
  Next open up keychain access app and select:
  System
  Certificates
  then drag in the intermediate cert (need to enter your local admin password)
  That should link your cert up
  Let me know if that makes sense

• Wildcard * SSL Certificates for TTA??

  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on the name
  for wildcard certs?
  Cyrus

  Hi Cyrus
  I was loosely referring to PKI rules e.g.
  http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
  http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
  Wildcarding isn't supported. I understand what you are trying to do now
  but it won't work because the software is looking for a certificate
  matching a single server.
  The certrequest command is just a wrapper script for openssl so it won't
  stop you doing anything the openssl command believes may be valid. You don't
  actually need to use this command it's just there for convenience, you
  could do everything just using openssl.
  The current documentation doesn't explictly state that you can't use
  wildcards in certificates but it does say you need a certificate for a
  SGD server. My understanding of the wildcard issue is that it is up to
  a particular application to decide what is appropriate.
  http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
  Regards
  Barrie
  On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
  May I inquire as to where these rules are listed regarding SSL Certs, I
  didn't see anything to the effect in the documentation. Also why weren't
  the rules enforced at certificate generation time. Even the validation
  command (tarantella security certinfo) had no problems.
  The CSR generation/signing went through flawlessly and created a wildcard
  cert that Apache could use. It's one thing if the whole cert process
  couldn't handle a wildcard, but it seems like everything would have worked
  if only the applet accepted a wildcard regex match.
  Regards,
  Cyrus
  barrie wrote:
  Hi Cyrus
  No, sorry. The rules say you can't do that. You are required to have a
  certificate for a node not a network.
  Regards
  Barrie
  On 2005-08-05, CM <[email protected]> wrote:
  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to
  name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on thename
  for wildcard certs?
  Cyrus

• Possible Safari wildcard SSL issue

  I really hope this is the right venue for this sort of thing. This is my first post here, so please forgive me if this is not the place.
  That said, I think that I have run into an issue with the way that wildcard SSL is handled in Safari.
  I have an SSL cert for *.sld.tld (a wildcard cert) I expect the cert to operated properly with 'www.some.sld.tld' under SSL but interestingly, that won't work under Safari.
  I'm sorry to be dry and cite RFPs, but I think it best illustrates the problem and perhaps why both Firefox and Opera will allow for the above as valid in SSL with a wildcard cert.
  The author for RFC2818 (which is the RFC I think that most folks will probably point to regarding this issue) says "Matching is performed using the matching rules specified by [RFC2459]." and then goes on to give some examples.
  RFC2459 says, "For URIs, the constraint applies to the host part of the name. The constraint may specify a host or a domain. Examples would be "foo.bar.com"; and ".xyz.com". When the the constraint begins with a period, it may be expanded with one or more subdomains. That is, the constraint ".xyz.com" is satisfied by both abc.xyz.com and abc.def.xyz.com. However, the constraint ".xyz.com" is not satisfied by "xyz.com". When the constraint does not begin with a period, it specifies a host. " - Page 35 RFC 2459
  and this:
  "DNS name restrictions are expressed as foo.bar.com. Any subdomain satisfies the name constraint. For example, www.foo.bar.com would satisfy the constraint but bigfoo.bar.com would not." - Same page RFC 2459
  Specifically, if you substitute 'abc' with 'www' in this phrase from above -".xyz.com" is satisfied by both abc.xyz.com and abc.def.xyz.com., you pretty much get what I want to have happen in Safari. Specifically, www.sld.tld and www.def.sld.tld would be both valid for HTTPS requests using the wildcard *.sld.tld SSL certificate.
  If I have DNS control of a domain and I have a wildcard cert for that domain, then really based on logic and the RFC cites above, any valid DNS sub domain under the controlled domain should be available for SSL.
  Tell me where I am going wrong here. Or, if I actually found a problem, please fix the bug when you can.
  I don't wish to be accused of self promotion, so I won't list my real world URL example here, however if someone at Apple would like to have it, they are welcome to contact me and I will provide a direct example of the problem.
  Thanks,
  CommerceCompany

  I have not independently researched the RFCs, but I am running into a similar problem and require a similar solution as you request. In my case, the issue arises in Mail.app instead of Safari.
  I found the following reference in another forum, which would indicate that this person's interpretation of the RFC for wildcard domains in certificates is that an asterisk (*.foo.com) is only valid at one sub level (this interpretation is opposite yours, unfortunately). This behavior seems counter-intuitive, and I, like you, would hope that it would match all sub levels under foo.com.
  http://www.dreamhoststatus.com/2007/06/17/ssl-certificate-renewal-for-most-custo mers/#comment-42283
  In my case, I am trying to secure mail connections using SSL in Mail.app when connecting to a mail server hosted by a hosting company (MediaTemple.net). Their hosting domain is gridserver.com, and their SSL cert is for *.gridserver.com. Their hosted mail servers are provided via machine names similar to the following:
  myhosteddomain.com.myaccountnumber.gridserver.com
  Even after storing the *.gridserver.com cert in my keychain appropriately, this will not match in Mail.app.
  Other forums (including the one above) seem to indicate that other mail clients honor the wildcard match for all manner of subdomains, regardless of whatever the 'correct' interpretation of the RFCs are. I hope that Apple will either set us straight on an appropriate way to achieve this, set us straight on why it is a dangerous thing to do, or consider modifying their certificate matching in Mail and Safari, etc., to support these subdomain issues.

• Install GoDaddy wildcard SSL on WLC 2504 conroller

  I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
  I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
  What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
  Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

  Seth,
  I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.
  Kudos to Robert Wells for finding this:
  "I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."
  The Windows version of OpenSSL I used was the 0.9.8y Light version from:
  http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe
  I hope this helps someone out there with this problem.
     - Ken

• Install wildcard SSL on Cisco Prime Infrastructure 1.4

  I'm trying to install a wildcard SSL on a Cisco Prime Infrastrucure 1.4.
  I've manage to install this certificate on the Cisco 5508 WLC, however not so much success with the Cisco Prime.
  There are alot of documentation regarding the installtion of CSR certificates however I could not find anything related to wildcard or public key certificates from Cisco.
  I did find the following from a NetBoyers, I've tried this process however this seems to apply for NCS versions prior to 1.4 as it was unsuccessful
  Any assistance would be creatly appreciated.

  I was able to follow the procedure in the Admin Guide to successfully import and use a CA-issued wildcard certificate (from GoDaddy) with unencrypted private key where the original CSR was not generated by the Prime Infrastructure server.
  Prime needs to be defined with a record in your DNS serving the domain in the wildcard certificate. In my case I am using both an A record and cname alias.
  Following a server restart the wildcard certificate appears fine in Chrome, Firefox and IE when I browse to https://prime.<my_customer's_domain>.
  Below are the commands I used. You would need to have your own certificate and keyfile. My certificate includes the full chain - server certificate, intermediate certificate and root certificate in that order.
  PI01/admin# copy ftp://192.168.254.7/privatekeyplaintext.pem disk:
  Username: admin
  Password:
  PI01/admin# copy ftp://192.168.254.7/gd_bundle-g2-g1.crt disk:
  Username: admin
  Password:
  PI01/admin#
  PI01/admin# root
  Enter root password : 
  Starting root bash shell ... 
  ade # pwd
  /root
  ade #
  ade # cd ..
  ade #
  ade # cd localdisk
  ade # ls -al
  total 68
  drwxr-xr-x 8 root root 4096 Nov 2 09:51 .
  drwxr-xr-x 28 root root 4096 Oct 28 11:22 ..
  lrwxrwxrwx 1 root root 20 Jul 14 13:11 crash -> /opt/CSCOlumos/crash
  drwxr-xr-x 2 root root 4096 Jul 15 23:31 defaultRepo
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ftp
  -rw-rw-rw- 1 root gadmin 6710 Nov 2 09:51 gd_bundle-g2-g1.crt
  drwx------ 2 root root 16384 Apr 17 2014 lost+found
  -rw-rw-rw- 1 root gadmin 1679 Nov 2 09:50 privatekeyplaintext.pem
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ssh
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 telnet
  drwxr-xr-x 2 root root 12288 Nov 2 09:57 tftp
  ade #
  ade # mv ./gd_bundle-g2-g1.crt ./defaultRepo
  ade # mv ./privatekeyplaintext.pem ./defaultRepo
  ade #
  ade # exit
  exit
  PI01/admin# show repository defaultRepo
  PI01-140715-0330.tar.gpg
  PI01-140716-0330.tar.gpg
  gd_bundle-g2-g1.crt
  privatekeyplaintext.pem
  PI01/admin#
  PI01/admin# ncs key importcacert wildcardcert gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing certificate to trust store
  PI01/admin#
  PI01/admin# ncs key importkey privatekeyplaintext.pem gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing RSA key and matching certificate
  PI01/admin#
  PI01/admin# ncs stop
  Stopping Network Control System...
  This may take a few minutes...
  Network Control System successfully shutdown.
  Plug and Play Gateway is being shut down..... Please wait!!!
  Stop of Plug and Play Gateway Completed!!
  SAM daemon process id does not exist
  DA daemon process id does not exist
  DA syslog daemon process id does not exist
  PI01/admin# ncs start
  Starting Network Control System...
  This may take a few minutes...
  Network Control System started successfully.
  PI01/admin#

• Wildcard SSL Cert

  Is it possible to install a wildcard SSL cert in Messaging Server? I attempted to install the cert that I have and I am giving an error saying "cert was not generated for this server".
  Thanks,
  Pete

  I have managed to use pk12util to import the wildcard cert into the trust store. I have used configutil to set the appropriate parameters to enable SSL and POP over SSL. However, when I start the server I get the following error in the imta log file: General Error: SSL initialization error: ASockSSL_Init: PK11 auth failed to *.unca.edu (-8177).

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy

• A fatal error when attempting to access the SSL server credential private key. Error code 0x8009030d. Windows 8.1.

  Hi,
  We develop a server-side application which receives incoming https connections using self-signed certificate. It was all ok while we were using Windows 7 or Windows 2008 as OS, but when our clients started installing Windows 8 as server OS they encountered
  big problem: application got unavailable in few hours after start. 
  In event logs we have following:
  A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
  After restart, application recreates certificate and all works normal few hours till next fatal error.
  This
  article did not help us. And I repeat that this error appears only on Windows 8 (we tested on Windows 8.1). Windows 2012 Server we did not test yet.
  How we can solve this problem?
  Best regards.

  Hi,
  Since this article released in 2008,I suspect the code mentioned in this article doesn't  supprot Windows 8.
  And since the certificate was written by C#,I suggest you submit a new case on MSDN Forum as they will be more professional on your issue:
  https://social.msdn.microsoft.com/Forums/en-US/home
  Regards,
  Kelvin hsu
  TechNet Community Support

• SSL Server: No available certificate or key.... exception

  Hi,
  I want to create a very simple SSL Server for testing purposes.
  I have searched google and these forums for an answer, but anything that I found did not help (will say below what I tried).
  Here is my code:
  import java.io.IOException;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLServerSocketFactory;
  public class Server {
       private int port = 25000;
       private SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
       public Server() {          
            try {
                 SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(port);
                 Echo echo = new Echo(socket);
                 Thread t = new Thread(echo);
                 t.start();
            } catch (IOException e) {
                 e.printStackTrace();
       public static void main(String[] args) {
            new Server();
  }and
  import java.io.BufferedReader;
  import java.io.BufferedWriter;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.io.OutputStream;
  import java.io.OutputStreamWriter;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLSocket;
  public class Echo implements Runnable {
       SSLServerSocket socket;
       public Echo(SSLServerSocket socket) {
            this.socket = socket;
       @Override
       public void run() {
            try {
                 SSLSocket connectedSocket = (SSLSocket) socket.accept();
                 // creating the streams
                 InputStream inputstream = connectedSocket.getInputStream();
              InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
              BufferedReader in = new BufferedReader(inputstreamreader);
              OutputStream outputstream = connectedSocket.getOutputStream();
              OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
              BufferedWriter out = new BufferedWriter(outputstreamwriter);
              // echoing...
              String input = "";
              while (input.compareTo("abort") != 0) {
                   input = in.readLine();
                   System.out.println("Server received message: " + input);
                   out.write(input + " " + input);
                   out.flush();
            } catch (IOException e) {
                 e.printStackTrace();
  }When I run the code, I get
  javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
       at Echo.run(Echo.java:24)
  Line 24 in Echo.java is SSLSocket connectedSocket = (SSLSocket) socket.accept();
  I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  I have tried relative and full pathnames for javax.net.ssl.keyStore, as well as copying the keystore right into the directory with the class-files
  I have tried to set javax.net.ssl.keyStore (and javax.net.ssl.keyStorePassword) via the command line's -D switch and via System.setProperty
  After all that failed, I even tried to import the generated public key into the server's keystore as well
  No matter what I did, I always get above exception upon calling accept().
  I am using Java 6 (Java(TM) SE Runtime Environment (build 1.6.0_17-b04)) on Windows 7 64 Bit
  Any help is appreciated.

  I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  Are you sure you created a keystore with an RSA keypair, and not a DSA keypair?

• Step by Step : How to Create an SSL Server Certificate (Part 3)

  How to Create an SSL Server Certificate (Part 3)
  In the previous part you have completed step 10, now you are almost there.
  Step 11:
  This is another very important step.
  Leave the settings as is or tick more options if you know what you do.
  Step 12:
  Again leave as it is.
  Step 13:
  Another important step !
  In the DNS Name field enter the host name(s) separated by spaces (or commas), e.g.
  myserver.name.private myserver.dyndns.org
  You can enter your local IP if you wish.
  Step 14:
  Certificate Assistant now procedes to create your certificate. Within a few seconds you should see the new certificate in your Keychain.
  Switch to Server App (if at this stage Server App has crashed, don't worry , re-open Server App and proceed.
  Repeat step 2 described in Part 1 and select the new certificate from the drop-down menu of available certificates.
  You may want to use this certificate for all services (iChat, iCal, Mail, Web) or create different ones.
  If you use the same certificate for all services the name of the certificate is diplayed next to "SSL Certificate", if you don't you will see "Custom" instead.
  Addendum:
  1. Do not forget to open port 443 in your router to enable https connections.
  2. Enable SSL in your iCal account settings if you wish.
  Enjoy your server !

  Hi,
  Are you talking about the Mercedes leaderboard ad?  Because that look a lot more complicated than "fade in - fade out" images?
  Anyway... I am looking at the easiest way to create a banner ad with fade in - fade out images that I have created in illustrator.
  This tutorial helped me alot.
  http://www.youtube.com/watch?v=gFw-1D8yaMs&NR=1
  cheers

• Use Wildcard SSL Cert to Monitor Non-Domain COmputers

  Hello,
    I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
  TIA,
  Jim

  Hi,
  The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
  certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Problems Reading SSL  server socket  data stream using readByte()

  Hi I'm trying to read an SSL server socket stream using readByte(). I need to use readByte() because my program acts an LDAP proxy (receives LDAP messages from an LDAP client then passes them onto an actual LDAP server. It works fine with normal LDAP data streams but once an SSL data stream is introduced, readByte just hangs! Here is my code.....
  help!!! anyone?... anyone?
  1. SSL Socket is first read into  " InputStream input"
  public void     run()
            Authorization     auth = new Authorization();
            try     {
                 InputStream     input     =     client.getInputStream();
                 while     (true)
                 {     StandLdapCommand command;
                      try
                           command = new StandLdapCommand(input);
                           Authorization     t = command.get_auth();
                           if (t != null )
                                auth = t;
                      catch( SocketException e )
                      {     // If socket error, drop the connection
                           Message.Info( "Client connection closed: " + e );
                           close( e );
                           break;
                      catch( EOFException e )
                      {     // If socket error, drop the connection
                           Message.Info( "Client connection close: " + e );
                           close( e );
                           break;
                      catch( Exception e )
                           //Way too many of these to trace them!
                           Message.Error( "Command not processed due to exception");
                           close( e );
                                          break;
                                          //continue;
                      processor.processBefore(auth,     command);
                                  try
                                    Thread.sleep(40); //yield to other threads
                                  catch(InterruptedException ie) {}
            catch     (Exception e)
                 close(e);
  2 Then data is sent to an intermediate function 
  from this statement in the function above:   command = new StandLdapCommand(input);
       public StandLdapCommand(InputStream     in)     throws IOException
            message     =     LDAPMessage.receive(in);
            analyze();
  Then finally, the read function where it hangs at  "int tag = (int)din.readByte(); "
  public static LDAPMessage receive(InputStream is) throws IOException
      *  LDAP Message Format =
      *      1.  LBER_SEQUENCE                           --  1 byte
      *      2.  Length                                  --  variable length     = 3 + 4 + 5 ....
      *      3.  ID                                      --  variable length
      *      4.  LDAP_REQ_msg                            --  1 byte
      *      5.  Message specific structure              --  variable length
      DataInputStream din = new DataInputStream(is);
      int tag = public static LDAPMessage receive(InputStream is) throws IOException
      *  LDAP Message Format =
      *      1.  LBER_SEQUENCE                           --  1 byte
      *      2.  Length                                  --  variable length     = 3 + 4 + 5 ....
      *      3.  ID                                      --  variable length
      *      4.  LDAP_REQ_msg                            --  1 byte
      *      5.  Message specific structure              --  variable length
      DataInputStream din = new DataInputStream(is);
         int tag = (int)din.readByte();      // sequence tag// sequence tag
      ...

  I suspect you are actually getting an Exception and not tracing the cause properly and then doing a sleep and then getting another Exception. Never ever catch an exception without tracing what it actually is somewhere.
  Also I don't know what the sleep is supposed to be for. You will block in readByte() until something comes in, and that should be enough yielding for anybody. The sleep is just literally a waste of time.