Search Results

Search found 3314 results on 133 pages for 'certificate authority'.

Page 15/133 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • JEP 124: Enhance the Certificate Revocation-Checking API

    - by smullan
    Revocation checking is the mechanism to determine the revocation status of a certificate. If it is revoked, it is considered invalid and should not be used. Currently as of JDK 7, the PKIX implementation of java.security.cert.CertPathValidator  includes a revocation checking implementation that supports both OCSP and CRLs, the two main methods of checking revocation. However, there are very few options that allow you to configure the behavior. You can always implement your own revocation checker, but that's a lot of work. JEP 124 (Enhance the Certificate Revocation-Checking API) is one of the 11 new security features in JDK 8. This feature enhances the java.security.cert API to support various revocation settings such as best-effort checking, end-entity certificate checking, and mechanism-specific options and parameters. Let's describe each of these in more detail and show some examples. The features are provided through a new class named PKIXRevocationChecker. A PKIXRevocationChecker instance is returned by a PKIX CertPathValidator as follows: CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXRevocationChecker prc = (PKIXRevocationChecker)cpv.getRevocationChecker(); You can now set various revocation options by calling different methods of the returned PKIXRevocationChecker object. For example, the best-effort option (called soft-fail) allows the revocation check to succeed if the status cannot be obtained due to a network connection failure or an overloaded server. It is enabled as follows: prc.setOptions(Enum.setOf(Option.SOFT_FAIL)); When the SOFT_FAIL option is specified, you can still obtain any exceptions that may have been thrown due to network issues. This can be useful if you want to log this information or treat it as a warning. You can obtain these exceptions by calling the getSoftFailExceptions method: List<CertPathValidatorException> exceptions = prc.getSoftFailExceptions(); Another new option called ONLY_END_ENTITY allows you to only check the revocation status of the end-entity certificate. This can improve performance, but you should be careful using this option, as the revocation status of CA certificates will not be checked. To set more than one option, simply specify them together, for example: prc.setOptions(Enum.setOf(Option.SOFT_FAIL, Option.ONLY_END_ENTITY)); By default, PKIXRevocationChecker will try to check the revocation status of a certificate using OCSP first, and then CRLs as a fallback. However, you can switch the order using the PREFER_CRLS option, or disable the fallback altogether using the NO_FALLBACK option. For example, here is how you would only use CRLs to check the revocation status: prc.setOptions(Enum.setOf(Option.PREFER_CRLS, Option.NO_FALLBACK)); There are also a number of other useful methods which allow you to specify various options such as the OCSP responder URI, the trusted OCSP responder certificate, and OCSP request extensions. However, one of the most useful features is the ability to specify a cached OCSP response with the setOCSPResponse method. This can be quite useful if the OCSPResponse has already been obtained, for example in a protocol that uses OCSP stapling. After you have set all of your preferred options, you must add the PKIXRevocationChecker to your PKIXParameters object as one of your custom CertPathCheckers before you validate the certificate chain, as follows: PKIXParameters params = new PKIXParameters(keystore); params.addCertPathChecker(prc); CertPathValidatorResult result = cpv.validate(path, params); Early access binaries of JDK 8 can be downloaded from http://jdk8.java.net/download.html

    Read the article

  • How to add chain of certificate in spring ws client request

    - by hudi
    I have simply spring ws client which sending request to some url: @SuppressWarnings("unchecked") private JAXBElement<O> sendSyncSoapRequest(final JAXBElement<I> req, final String iszrUrl) { if (iszrUrl != null) { return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(iszrUrl, req); } else { return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(req); } } Now I need attach chain of certificate to the soap request. How should I do this ? Please help

    Read the article

  • Can SSL Wildcards have multiple/nested levels of wildcard?

    - by Don Faulkner
    I know that an SSL wildcard certificate (*.example.org) can be used to support many names under the domain (a.example.org, b.example.org, c.example.org). I also know that the * is only good for matching a single level of name. That is, *.example.org will not work on a.b.example.org. What if I used a certificate with the name ..example.org? I'd like to build a certificate with the following name configuration: CN=example.org subjectAltName=DNS:example.org, DNS:*.example.org, DNS:*.*.example.org, DNS:*.*.*.example.org I've tried building a few like this as self-signed certificates, but I've not had good results. For example, chrome tells me "Server's certificate does not match the URL." Is it possible to have nested wildcards in a certificate, or do the popular browsers not support this?

    Read the article

  • Encryption By Certificate

    - by user1817240
    I am encrypting customer name in database at database level. While saving in database only first letter of customer name is saved and hence while decrypting only first letter is retrieved. The following code shows the test sp. ALTER PROCEDURE [dbo].[spc_test_insert] ( @sFIRST_NAME typ_encryptedtext, ) AS BEGIN DECLARE @sSENCRYPTION_KEY char(15) DECLARE @sCERTIFICATE char(22) SET @sSENCRYPTION_KEY='SymmetricKey1' SET @sCERTIFICATE='CustomerCertificate' OPEN SYMMETRIC KEY SymmetricKey1 DECRYPTION BY CERTIFICATE CustomerCertificate; INSERT INTO test_table ( FIRST_NAME, ) Values ( -- Add the Params to be Added... EncryptByKey(Key_GUID(@sSENCRYPTION_KEY),@sFIRST_NAME), ) CLOSE SYMMETRIC KEY SymmetricKey1 END encryption decryption working fine in normal insert but its not working in stored procedure.

    Read the article

  • SQLAuthority News – 7th Anniversary of Blog – A Personal Note

    - by Pinal Dave
    Special Day Today is a very special day – seven years ago I blogged for the very first time.  Seven years ago, I didn’t know what I was doing, I didn’t know how to blog, or even what a blog was or what to write.  I was working as a DBA, and I was trying to solve a problem – at my job, there were a few issues I had to fix again and again and again.  There were days when I was rewriting the same solution over and over, and there were times when I would get very frustrated because I could not write the same elegant solution that I had written before.  I came up with a solution to this problem – posting these solutions online, where I could access them whenever I needed them.  At that point, I had no idea what a blog was, or even how the internet worked, I had no idea that a blog would be visible to others.  Can you believe it? Google it on Yahoo! After a few posts on this “blog,” there was a surprise for me – an e-mail saying that someone had left me a comment.  I was surprised, because I didn’t even know you could comment on a blog!  I logged on and read my comment.  It said: “I like your script,but there is a small bug.  If you could fix it, it will run on multiple other versions of SQL Server.”  I was like, “wow, someone figured out how to find my blog, and they figured out how to fix my script!”  I found the bug, I fixed the script, and a wrote a thank you note to the guy.  My first question for him was: how did you figure it out – not the script, but how to find my blog?  He said he found it from Yahoo Search (this was in the time before Google, believe it or not). From that day, my life changed.  I wrote a few more posts, I got a few more comments, and I started to watch my traffic.  People were reading, commenting, and giving feedback.  At the end of the day, people enjoyed what I was writing.  This was a fantastic feeling!  I never thought I would be writing for others.  Even today, I don’t feel like I am writing for others, but that I am simply posting what I am learning every day.  From that very first day, I decided that I would not change my intent or my blog’s purpose. 72 Million Views – 2600 Posts – 57000 comments – 10 books – 9 courses Today, this blog is my habit, my addiction, my baby.  Every day I try to learn something new, and that lesson gets posted on the blog.  Lately there have been days where I am traveling for a full 24 hours, but even on those days I try to learn something new, and later when I have free time, I will still post it to the blog.  Because of this habit, this blog has over 72 millions views, I have written more than 2600 posts, and there are 57,000 comments and counting.  I have also written 10 books, 9 courses, and learned so many things.  This blog has given me back so much more than I ever put it into it.  It gave me an education, a reason to learn something new every day, and a way to connect to people.  I like to think of it as a learning chain, a relay where we all pass knowledge from one to another. Never Ending Journey When I started the blog, I thought I would write for a few days and stop, but now after seven years I haven’t stopped and I have no intention of stopping!  However, change happens, and for this blog it will start today.  This blog started as a single resource for SQL Server, but now it has grown beyond, to Sharepoint, Personal Development, Developer Training, MySQL, Big Data, and lots of other things.  Truly speaking, this blog is more than just SQL Server, and that was always my intention.  I named it “SQL Authority,” not “SQL Server Authority”!  Loudly and clearly, I would like to announce that I am going to go back to my roots and start writing more about SQL, more about big data, and more about the other technology like relational databases, MySQL, Oracle, and others.  My goal is not to become a comprehensive resource for every technology, my goal is to learn something new every day – and now it can be so much more than just SQL Server.  I will learn it, and post it here for you. I have written a very long post on this anniversary, but here is the summary: Thank You.  You all have been wonderful.  Seven years is a long journey, and it makes me emotional.  I have been “with” this blog before I met my wife, before we had our daughter.  This blog is like a fourth member of the family.  Keep reading, keep commenting, keep supporting.  Thank you all. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: About Me, MySQL, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL

    Read the article

  • SQL SERVER – How to See Active SQL Server Connections For Database

    - by Pinal Dave
    Another question received via email - “How do I I know which user is connected to my database with how many connection?” Here is the script which will give us answer to the question. SELECT DB_NAME(dbid) AS DBName, COUNT(dbid) AS NumberOfConnections, loginame FROM    sys.sysprocesses GROUP BY dbid, loginame ORDER BY DB_NAME(dbid) Here is the resultset: Reference: Pinal Dave (http://blog.SQLAuthority.com)Filed under: PostADay, SQL, SQL Authority, SQL DMV, SQL Query, SQL Server, SQL Tips and Tricks, T SQL

    Read the article

  • SQL SERVER – List All the DMV and DMF on Server

    - by pinaldave
    “How many DMVs and DVFs are there in SQL Server 2008?” – this question was asked to me in one of the recent SQL Server Trainings. Answer is very simple: SELECT name, type, type_desc FROM sys.system_objects WHERE name LIKE 'dm_%' ORDER BY name Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Pinal Dave, SQL, SQL Authority, SQL Query, SQL Scripts, SQL Server, SQL Tips and Tricks, T SQL, Technology Tagged: SQL DMV

    Read the article

  • SQLAuthority News – Microsoft SQL Server Protocol Documentation Download

    - by pinaldave
    The Microsoft SQL Server protocol documentation provides detailed technical specifications for Microsoft proprietary protocols (including extensions to industry-standard or other published protocols) that are implemented and used in Microsoft SQL Server to interoperate or communicate with Microsoft products. The documentation includes a set of companion overview and reference documents that supplement the technical specifications with conceptual background, overviews of inter-protocol relationships and interactions, and technical reference information. Microsoft SQL Server Protocol Documentation Reference : Pinal Dave (http://blog.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Documentation, SQL Download, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • SQL SERVER – Change Database Access to Single User Mode Using SSMS

    - by pinaldave
    I have previously written about how using T-SQL Script we can convert the database access to single user mode before backup. I was recently asked if the same can be done using SQL Server Management Studio. Yes! You can do it from database property (Write click on database and select database property) and follow image. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, SQL, SQL Authority, SQL Query, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • SQL SEVER – Finding Memory Pressure – External and Internal

    - by pinaldave
    Following query will provide details of external and internal memory pressure. It will return the data how much portion in the existing memory is assigned to what kind of memory type. SELECT TYPE, SUM(single_pages_kb) InternalPressure, SUM(multi_pages_kb) ExtermalPressure FROM sys.dm_os_memory_clerks GROUP BY TYPE ORDER BY SUM(single_pages_kb) DESC, SUM(multi_pages_kb) DESC GO What is your method to find memory pressure? Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Pinal Dave, SQL, SQL Authority, SQL Optimization, SQL Performance, SQL Query, SQL Scripts, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • SSL certificate on IIS 7

    - by comii
    I am trying to install a SSL certificate on IIS 7. I have download a free trial certificate. After that, this is the steps what I do: Click the Start menu and select Administrative Tools. Start Internet Services Manager and click the Server Name. In the center section, double click on the Server Certificates button in the Security section. From the Actions menu click Complete Certificate Request. Enter the location for the certificate file. Enter a Friendly name. Click OK. Under Sites select the site to be secured with the SSL certificate. From the Actions menu, click Bindings.This will open the Site Bindings window. In the Site Bindings window, click Add. This opens the Add Site Binding window. Select https from the Type menu. Set the port to 443. Select the SSL Certificate you just installed from the SSL Certificate menu. Click OK. This is the step where I get the message: One or more intermediate certificates in the certificate chain are missing. To resolve this issue, make sure that all of intermediate certificates are installed. For more information, see http://support.microsoft.com/kb/954755 After this, when I access the web site on its first page, I get this message: There is a problem with this website's security certificate. What am I doing wrong?

    Read the article

  • SQLAuthority News – Microsoft SQL Server 2005 Service Pack 4 RTM

    - by pinaldave
    Service Pack 4 (SP4) for Microsoft SQL Server 2005 is now available for download. SQL Server 2005 service packs are cumulative, and this service pack upgrades all service levels of SQL Server 2005 to SP4 . Download Microsoft SQL Server 2005 Service Pack 4 RTM Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Documentation, SQL Download, SQL Query, SQL Server, SQL Service Pack, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology

    Read the article

  • SQL SERVER – Wait Stats – Wait Types – Wait Queues – Day 0 of 28

    - by pinaldave
    This blog post will have running account of the all the blog post I will be doing in this month related to SQL Server Wait Types and Wait Queues. SQL SERVER – Introduction to Wait Stats and Wait Types – Wait Type – Day 1 of 28 SQL SERVER – Single Wait Time Introduction with Simple Example – Wait Type – Day 2 of 28 Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQL Wait Stats, SQL Wait Types, T SQL, Technology

    Read the article

  • SQLAuthority News – SQL Server 2008 R2 System Views Map

    - by pinaldave
    SQL Server 2008 R2 System Views Map is released. I am very proud that my organization (Solid Quality Mentors) is part of making this possible. This map shows the key system views included in SQL Server 2008 and 2008 R2, and the relationships between them. SQL Server 2008 R2 System Views Map Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Documentation, SQL Download, SQL Query, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology

    Read the article

  • SQLAuthority News – Win MS Office License – Last 2 days

    - by pinaldave
    Just a note for everybody who is from India and want to win FREE Office License, participate in very easy contest here. SQLAuthority News – Virtual Launch Event for Office 2010 – Contest – Win MS Office License Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology Tagged: Contest, Office2010

    Read the article

  • Exchange 2010 POP3/IMAP4/Transport services complaining that they can't find SSL certificate after blue screen

    - by Graeme Donaldson
    We have a single-server Exchange 2010 setup. In the early hours of this morning the server had a blue screen and rebooted. After coming back up the POP3/IMAP4 and Transport services are complaining that they cannot find the correct SSL certificate for mail.example.com. POP3: Log Name: Application Source: MSExchangePOP3 Date: 2012/04/23 11:45:15 AM Event ID: 2007 Task Category: (1) Level: Error Keywords: Classic User: N/A Computer: exch01.domain.local Description: A certificate for the host name "mail.example.com" couldn't be found. SSL or TLS encryption can't be made to the POP3 service. IMAP4: Log Name: Application Source: MSExchangeIMAP4 Date: 2012/04/23 08:30:44 AM Event ID: 2007 Task Category: (1) Level: Error Keywords: Classic User: N/A Computer: exch01.domain.local Description: A certificate for the host name "mail.example.com" couldn't be found. Neither SSL or TLS encryption can be made to the IMAP service. Transport: Log Name: Application Source: MSExchangeTransport Date: 2012/04/23 08:32:27 AM Event ID: 12014 Task Category: TransportService Level: Error Keywords: Classic User: N/A Computer: exch01.domain.local Description: Microsoft Exchange could not find a certificate that contains the domain name mail.example.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default EXCH01 with a FQDN parameter of mail.example.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. The odd part is that Get-ExchangeCertificate show the cert as enabled for all the relevant services, and OWA is working flawlessly using this certificate. [PS] C:\Users\graeme\Desktop>Get-ExchangeCertificate Thumbprint Services Subject ---------- -------- ------- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ....S. CN=exch01 YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY ....S. CN=exch01 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ IP.WS. CN=mail.example.com, OU=Domain Control Validated, O=mail.exa... Here's the certificate in the computer account's personal cert store: Does anyone have any pointers for getting POP3/IMAP4/SMTP to use the cert again?

    Read the article

  • SQL SERVER – ERROR: FIX using Compatibility Level – Database diagram support objects cannot be installed because this database does not have a valid owner – Part 2

    - by pinaldave
    Earlier I wrote a blog post about how to resolve the error with database diagram. Today I faced the same error when I was dealing with a database which is upgraded from SQL Server 2005 to SQL Server 2008 R2. When I was searching for the solution online I ended up on my own earlier solution SQL SERVER – ERROR: FIX – Database diagram support objects cannot be installed because this database does not have a valid owner. I really found it interesting that I ended up on my own solution. However, the solution to the problem this time was a bit different. Let us see how we can resolve the same. Error: Database diagram support objects cannot be installed because this database does not have a valid owner. To continue, first use the Files page of the Database Properties dialog box or the ALTER AUTHORIZATION statement to set the database owner to a valid login, then add the database diagram support objects. Workaround / Fix / Solution : Follow the steps listed below and it should for sure solve your problem. (NOTE: Please try this for the databases upgraded from previous version. For everybody else you should just follow the steps mentioned here.) Select your database >> Right Click >> Select Properties Go to the Options In the Dropdown at right labeled “Compatibility Level” choose “SQL Server 2005(90)” Select FILE in left side of page In the OWNER box, select button which has three dots (…) in it Now select user ‘sa’ or NT AUTHORITY\SYSTEM and click OK. This will solve your problem. However, there is one very important note you must consider. When you change any database owner, there are always security related implications. I suggest you check your security policies before changing authorization. I did this to quickly solve my problem on my development server. If you are on production server, you may open yourself to potential security compromise. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Error Messages, SQL Query, SQL Server, SQL Tips and Tricks, T SQL

    Read the article

  • wildcard ssl certificate - exchange 2010 - POP/IMAP problem

    - by Sise
    previously we have requested a wildcard ssl certificate from godaddy for our major domain. one of the reasons was the new established exchange server 2010. usually you require following names included in certificiate: FQDN (e.g. mail.whatever.com) Hostname (mail) Domain name (whatever.com) Autodiscover.whatever.com MX Record with the wildcard certificate these are all covered (except of the local hostname). During creation/importing of the ssl certificate into exchange 2010, exchange first asks, if a wildcard certificate is used and then encounters an error - due to the certificate is a wildcard certificate and not a certificate especially generated for the FQDN, SSL for POP and IMAP can not be provided. couldn't find any workaround or solution for this on google, so I hope, maybe some one here has an answer or solution for me! :) the exchange 2010 is running on a windows server 2008 R2 enterprise. thanks in advance and best regards, sise

    Read the article

  • Why is site serving different SSL certs to different browsers?

    - by TRiG
    The SSL certificate on menswearireland.com and on www.menswearireland.com works fine on Safari, Chrome, SeaMonkey, K-Meleon, QtWeb, Firefox, and Opera. However, Internet Explorer claims that there is an error: The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) Another site hosted on the same managed server shows no errors: achill-fieldschool.com and www.achill-fieldschool.com work fine on IE, even though as far as I can tell the certificate is set up identically. What am I doing wrong? This is a LAMPP server running Plesk. It looks like the server is showing different certificates to different clients. To some clients it shows a RapidSSL certificate made out to www.menswearireland.com with menswearireland.com as a valid alternative name. To other clients, it shows a Parallels Panel certificate, made out to Parallels Panel. Here are results from a few different online SSL checkers: most say it's fine, while two show errors. Three online checkers say it's valid Comodo SSL Check shows it as valid DigiCert SSL Check shows it as valid SSL Shopper SSL Check shows it as valid Common name: www.menswearireland.com SANs: www.menswearireland.com, menswearireland.com Valid from October 2, 2012 to November 4, 2013 Serial Number: 559425 (0x88941) Signature Algorithm: sha1WithRSAEncryption Issuer: RapidSSL CA Another online checker seems to see a completely different certificate GeoCerts SSL Check shows it as invalid Common name: Parallels Panel Organization: Parallels Valid from August 15, 2012 to August 15, 2013 Issuer: Parallels Panel Another online checker sees more than one certificate Symantic SSL Check shows it as invalid The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Incidentally, on both menswearireland.com and achill-fieldschool.com the homepage will redirect from HTTPS to HTTP. To see SSL details, visit the page /account on both (that page will redirect from HTTP to HTTPS). I’ve found more information in a more detailed online SSL checker. https://www.ssllabs.com/ssltest/analyze.html?d=menswearireland.com This site works only in browsers with SNI support My understanding is that SNI (RFC 6066) is a method for putting many SSL sites on one shared IP address and port. This does not work on Internet Explorer on older versions of Windows (this has to do with the version of Windows, not the version of Internet Explorer). However, all our SSL sites are on a unique IP address, so we shouldn’t need SNI.

    Read the article

  • SonicWall and Windows CA

    - by Nathan C
    I'm attempting to import a certificate created by a CA I've set up in Windows using AD CS. I've done the following: 1) Created my own CA (MyCompany) 2) Enabled web services (mostly for ease of configuration) 3) Generated a certificate request on the Sonicwall itself 4) Used web services to sign the certificate 5) Imported the sign certificate into the Sonicwall ...this caused the certificate to show "No" for the Verified field. 6) Imported the CA's certificate. This is where I get stuck. I attempted to import the CRL list, but get the following error: CRL Error - Verification failed using CA certificate. No further errors appear in the logs. Without the CRL list the certificate won't verify and it doesn't appear under the "Administration" page so I can select it for use via HTTPS. Any ideas?

    Read the article

  • Websphere SSL handshake with active directory cluster

    - by ring bearer
    We have a WebSphere based application that uses Active Directory(AD) based security configurations. Under WebSphere "Global security" we have configured the active directory server and connection parameters. Active directory server is actually a cluster of four servers, say, serverdc01, serverdc02,serverdc03 and serverdc04. Each of these servers have their own root certificate with CN=serverdc01, CN=serverdc02 ..so on. So to set up SSL communication, I need to retrieve certificate of active directory and save it in WebSphere's trust store. When I retrieve certificate by putting AD server name, port and retrieve certificate I randomly get certificate of one of the serverdc01,serverdc02 ... Then I save that certificate to trust store. Question is : Do I have to save certificate from each of the serverdc01,serverdc02 ...in cluster to WebSphere's trust store? What are general strategies so that each server in the cluster does not require its own root certificate?

    Read the article

  • Do I need a ssl certificate if just pointing my domain to Cloudfront?

    - by hashpipe
    I have a website running on a domain (e.g site.com). I have an additional domain(e.g sitecdn.com) which basically points to Amazon Cloudfront for delivery. Amazon Cloudfront in turn basically fetches the data from the main domain (site.com). I use this setup primarily to have multiple subdomains of my sitecdn.com to point to assets via the cdn. The main website has a ssl certificate, and I intend to put all assets served from the cdn as https links only. Something like <img src="https://img.sitecdn.com/image.jpg" /> I'm a little confused whether I need a ssl for my cdn domain. In cloudfront I can set the setting to allow both https and http traffic. Do I need a ssl certificate for this ? If yes, then where do I install the ssl certificate, since I don't have a server for sitecdn.com.

    Read the article

  • How to issue machine certificates to Android devices trying to connect to L2TP VPN (L2TP/IPsec with Certificate)?

    - by John Hendrix
    I are trying to find a way to connect Android devices to our VPN box running Windows Sever 2008. We manage to configure a couple Android devices to connect via PPTP. However, I would like to be able to connect using L2TP/IPSec with certificates instead. I've managed to export and apply the Enterprise CA's certificate on the Android phone, but are totally lost on how to issue a machine certificate to the Android phone. Is it even possible? If so, what are steps I should take to issue the machine certificate and enable the Android phone to connect via L2TP/IPsec with certificates? Thank you for your help!

    Read the article

  • How to issue machine certificates to Android devices trying to connect to L2TP VPN (L2TP/IPsec with Certificate)?

    - by John Hendrix
    I are trying to find a way to connect Android devices to our VPN box running Windows Sever 2008. We manage to configure a couple Android devices to connect via PPTP. However, I would like to be able to connect using L2TP/IPSec with certificates instead. I've managed to export and apply the Enterprise CA's certificate on the Android phone, but are totally lost on how to issue a machine certificate to the Android phone. Is it even possible? If so, what are steps I should take to issue the machine certificate and enable the Android phone to connect via L2TP/IPsec with certificates? Thank you for your help!

    Read the article

  • Keep your Root Authorities up to date

    - by John Breakwell
    Originally posted on: http://geekswithblogs.net/Plumbersmate/archive/2013/06/20/keep-your-root-authorities-up-to-date.aspxBy default, Windows will automatically update it’s internal list of trusted root authorities as long as the Update Root Certificates function is installed. This should be enabled by default and takes manual intervention to remove it. With this component enabled, the following happens: If you are presented with a certificate issued by an untrusted root authority, your computer will contact the Windows Update Web site to see if Microsoft has added the CA to its list of trusted authorities. If it has been added to the Microsoft list of trusted authorities, its certificate will automatically be added to your trusted certificate store. If the component is not installed and a certificate from an untrusted CA is encountered then the following text will be seen: This is an inconvenience for the person browsing the site as they need to click to continue. Applications, though, will be unable to proceed and will throw an exception. Example: ERROR_WINHTTP_SECURE_FAILURE 12175 (0x00002F8F) One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. If you look at the certificate’s properties, you can see the “Issued by:” value:   This must match a Trusted Root Certificate Authority in the current user’s certificate store.   So turn on automatic updating of trusted root authority certificates. For Windows Vista and above, this option is controlled through Group Policy. See the “To Turn Off the Update Root Certificates Feature by Using Group Policy” section of the following Technet article: Certificate Support and Resulting Internet Communication in Windows Vista If Windows Update is a blocked site then download and deploy the latest pack of root certificates from Microsoft: Update for Root Certificates For Windows XP [May 2013] (KB931125)   Failing that, find a machine that has the latest root certificates installed and export them from there: Open up the Certificates console. Right-click the required Trusted Root Certificate Authority certificate Choose Export from “All Tasks” to open up the Certificate Export Wizard Choose an export file format – DER should be fine Provide a file name and complete the export. Move the file to the machine that’s missing the certificate Right-click the file and choose “Install Certificate” to open up the Certificate Import Wizard Allow the wizard to automatically select the certificate store and complete the import On a side note, for troubleshooting certificate issues it can be helpful to clear the SSL state:

    Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >