Search Results

Search found 3314 results on 133 pages for 'certificate authority'.

Page 6/133 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • SSL Certifcate Request s2003 DC CA DNS Name not Avaiable.

    - by Beuy
    I am trying to submit a request for an SSL certificate on a Domain Controller in order to enable LDAP SSL, and having no end of problems. I am following the information provided at http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 & http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl Steps taken so far: Create Servername.inf with the following information ;----------------- request.inf ----------------- [Version] Signature="$Windows NT$ [NewRequest] Subject = "CN=servername.domain.loc" ; replace with the FQDN of the DC KeySpec = 1 KeyLength = 1024 ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ;----------------------------------------------- Create Certificate request by running: certreq -new Servername.inf Servername.req Attempt to submit Certificate request to CA by running: certreq -submit -attrib "CertificateTemplate: DomainController" request.req At which point I get the following error: The DNS name is unavailable and cannot be added to the Subject Alternate Name. 0x8009480f (-2146875377) Trouble shooting steps I have taken so far 1. Modify the Domain Controller Template to supply Subject Name in Request restart Certificate Service, include SAN in Request, same error. 2. Re-installed Certificate Services / IIS / Restarted machine countless times Any help resolving the issue would be greatly appreciated.

    Read the article

  • "Countersigning" a CA with openssl

    - by Tom O'Connor
    I'm pretty used to creating the PKI used for x509 authentication for whatever reason, SSL Client Verification being the main reason for doing it. I've just started to dabble with OpenVPN (Which I suppose is doing the same things as Apache would do with the Certificate Authority (CA) certificate) We've got a whole bunch of subdomains, and applicances which currently all present their own self-signed certificates. We're tired of having to accept exceptions in Chrome, and we think it must look pretty rough for our clients having our address bar come up red. For that, I'm comfortable to buy a SSL Wildcard CN=*.mycompany.com. That's no problem. What I don't seem to be able to find out is: Can we have our Internal CA root signed as a child of our wildcard certificate, so that installing that cert into guest devices/browsers/whatever doesn't present anything about an untrusted root? Also, on a bit of a side point, why does the addition of a wildcard double the cost of certificate purchase?

    Read the article

  • OCS 2007 Access Edge Server Certificate issue

    - by BWCA
    We are currently building additional OCS 2007 R2 Access Edge Servers to handle additional capacity.  We ran into a SSL certificate issue when we were setting up the servers. Before running the steps to Deploy an Edge Server, we successfully imported our SSL certificate that we use for external access on all of the new servers.  After successfully completing the first three Deploy Edge Server steps one one of the new servers, we started working on Step 4: Configure Certificates for the Edge Server.  After selecting Assign an existing certificate from the common tasks list and clicking Next to select a certificate, there were no certificates listed as shown below.   The first thing we did was to use the Certificates mmc snap-in to review the SSL certificate information.  We noticed in the General tab that Windows does not have enough information to verify this certificate and in the Certification Path that the issuer of this certificate could not be found for the SSL certificate that we imported successfully earlier.     While troubleshooting, we learned that we could not access the URL for the certificate’s CRL to download the CRL file due to restrictive firewall rules between the new OCS 2007 R2 Access Edge Servers and the Internet. After modifying the firewall rules, we were able to download the CRL file and when we reran Step 4 to assign an existing certificate, the certificate was listed.

    Read the article

  • Validating key/certificate pairs with M2Crypto when a certificate chain is needed

    - by Charles Duffy
    M2Crypto.X509.X509 objects have a verify(pkey) method, which provide a means of testing that a given certificate does in fact sign a specified key. This is a good and useful thing -- except that sometimes the certificate I want to verify in this way is invalid without the use of an intermediate certificate, which this API does not appear to allow a way to specify. Is there an alternate means of validating a certificate / private key pair which will work even when the certificate is unable to stand alone?

    Read the article

  • How can I configure apache2 to use a non - exportable ssl certificate managed by windows?

    - by Samuel Rossille
    On Windows Server 2008 R2, my IT administrator has installed a certificate using the windows certificate management tool. The certificate is for *.thedomain.com. He set it up as not exportable for security reasons: I'm not suposed to be able to put my hands on the certificate. This configuration would allow me to use the certificate with microsoft products, but not to go away with the certificate. Q: It there a way to configure Apache 2 to use this certificate "the windows way"?

    Read the article

  • Install new root certificate authority (CA) in windows

    - by er4z0r
    I am trying to use ninite to get my new laptop set up quickly. However when I try to install, windows complains about the CA. The website ninite.com also shows certificate problems. They use a root CA (COMODO Certification Authority) that is not included into windows 7 by default. However I am not able to install that CA. I can view the certrification path for the ninite.com cert. I can view the cert for COMODO. However I cannot see any option to install it. Any clues?

    Read the article

  • startx doesnt run gives an error xauth unable to link authority files

    - by Sandeep
    I have installed windows xp on VPC and have installed cygwin-x on that virtual machine. When i run startx command. I get the following error: xauth: creating new authority file /home/Administrator/.serverauth.1480 xauth: unable to link authority file /home/Administrator/.serverauth.1480, use /home/Administrator/.serverauth.1480-n xauth: creating new authority file /home/Administrator/.Xauthority xauth: creating new authority file /home/Administrator/.Xauthority xauth: unable to link authority file /home/Administrator/.Xauthority, use /home /Administrator/.Xauthority-n xauth: creating new authority file /home/Administrator/.Xauthority xauth: creating new authority file /home/Administrator/.Xauthority xauth: unable to link authority file /home/Administrator/.Xauthority, use /home /Administrator/.Xauthority-n giving up. xinit: No such file or directory (errno 2): unable to connect to X server xinit: No such process (errno 3): Server error. xauth: creating new authority file /home/Administrator/.Xauthority

    Read the article

  • startx doesnt run gives an error xauth unable to link authority files

    - by Sandeep
    I have installed windows xp on VPC and have installed cygwin-x on that virtual machine. When i run startx command. I get the following error: xauth: creating new authority file /home/Administrator/.serverauth.1480 xauth: unable to link authority file /home/Administrator/.serverauth.1480, use /home/Administrator/.serverauth.1480-n xauth: creating new authority file /home/Administrator/.Xauthority xauth: creating new authority file /home/Administrator/.Xauthority xauth: unable to link authority file /home/Administrator/.Xauthority, use /home /Administrator/.Xauthority-n xauth: creating new authority file /home/Administrator/.Xauthority xauth: creating new authority file /home/Administrator/.Xauthority xauth: unable to link authority file /home/Administrator/.Xauthority, use /home /Administrator/.Xauthority-n giving up. xinit: No such file or directory (errno 2): unable to connect to X server xinit: No such process (errno 3): Server error. xauth: creating new authority file /home/Administrator/.Xauthority

    Read the article

  • Generated signed X.509 client certificate is invalid (no certificate chain to its CA)

    - by Genady
    I use Bouncy Castle for generation of X.509 client certificates and sing them using a known CA. First I read the CA certificate from the certificate store, generate the client certificate, sign it using the CA. Validation of the certificate is failed doe to the following issue A certificate chain could not be built to a trusted root authority. As I understand this is due to the certificate not being related to the CA. Here is a code sample: public static X509Certificate2 GenerateCertificate(X509Certificate2 caCert, string certSubjectName) { // Generate Certificate var cerKp = kpgen.GenerateKeyPair(); var certName = new X509Name(true,certSubjectName); // subjectName = user var serialNo = BigInteger.ProbablePrime(120, new Random()); X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator(); gen2.SetSerialNumber(serialNo); gen2.SetSubjectDN(certName); gen2.SetIssuerDN(new X509Name(true,caCert.Subject)); gen2.SetNotAfter(DateTime.Now.AddDays(100)); gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen2.SetSignatureAlgorithm("SHA1WithRSA"); gen2.SetPublicKey(cerKp.Public); AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(caCert.PrivateKey); Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(caKp.Private); // used for getting a private key X509Certificate2 userCert = ConvertToWindows(newCert,cerKp); if (caCert22.Verify()) // works well for CA { if (userCert.Verify()) // fails for client certificate { return userCert; } } return null; } private static X509Certificate2 ConvertToWindows(Org.BouncyCastle.X509.X509Certificate newCert, AsymmetricCipherKeyPair kp) { string tempStorePwd = "abcd1234"; var tempStoreFile = new FileInfo(Path.GetTempFileName()); try { // store key { var newStore = new Pkcs12Store(); var certEntry = new X509CertificateEntry(newCert); newStore.SetCertificateEntry( newCert.SubjectDN.ToString(), certEntry ); newStore.SetKeyEntry( newCert.SubjectDN.ToString(), new AsymmetricKeyEntry(kp.Private), new[] { certEntry } ); using (var s = tempStoreFile.Create()) { newStore.Save( s, tempStorePwd.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator()) ); } } // reload key return new X509Certificate2(tempStoreFile.FullName, tempStorePwd); } finally { tempStoreFile.Delete(); } }

    Read the article

  • Watchguard SSL Certificate problems

    - by Bill Best
    We recently purchased a Watchguard XTM 510. The hope is to replace our ISA 2006 proxy with this UTM product. We are having some issues with secured sites in our test setup. Currently We are still running traffic through the ISA server and I have the Watchguard also setup to be connected to the network. Where we run into problems is when I set in ISA the HTTPS site's location to be forwarded through the XTM, I get a certificate could not be validated error. Therefore I think Ive narrowed it down to two possibilities. One, the certificate needs to be installed on the XTM. Im not 100% sure this is the case as I believe this should just be acting as strictly a proxy and forwarding all the traffic through no questions asked. Either way if I try to import a certificate to the XTM I always get a certificate validation failed error message. These are generally converted pfx to pem files. Second, the XTM CA certificate needs to be installed on the ISA server so that they may communicate. I have done this but it didn't seem to do anything. I believe this should be working and was hoping someone has struggled through this before.

    Read the article

  • Telling subversion client to ignore certificate errors

    - by Pekka
    I have set up a copy of Redmine through the Bitnami Redmine Stack and am having trouble accessing a remote SVN repository through https. The trouble seems to be related to the fact that I don't have a signed certificate, and the certificate provided doesn't match the host name (I am accessing the same server through a number of host names). I am new to Ruby, Mongrel, Rails and Redmine. Following the advice in this forum thread, I changed the path Redmine uses to invoke the svn client in \apps\redmine\lib\ redmine\scm\adapters\subversion_adapter.rb from SVN_BIN = "svn" to SVN_BIN = "svn --trust-server-cert --non-interactive --config-dir c:/user/temp" I was hoping that the --trust-server-cert option would fix the certificate problem. However, I am still getting the following error message in mongrel.log: svn: OPTIONS of 'https://server.xyz:8443/svn/reponame': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://server.xyz:8443) Does anybody know what to do about this? Additional info: I re-started the mongrel service after each change I am sure the configuration change has taken effect because subversion has created a full configuration directory in c:\user\temp I can access the remote repository using command line svn no problem The remote repository runs on a Windows box with VisualSVN

    Read the article

  • How to log invalid client SSL certificate in SSL

    - by matra
    I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to do this? I probably can not use WireShark, because client certificatethat is passed from the client is probably already encryped. I am running a WIndows 2003 server. Matra

    Read the article

  • How to make iPhone Cisco VPN client work with ASA with certificate authentication

    - by Ben Jencks
    I have an ASA that's providing IPsec VPN services using certificate authentication (no xauth, just the certs). It works perfectly with the Cisco IPsec VPN Client. Now I'm trying to let iPhones connect. I've installed the CA cert and a client certificate on the iPhone with a profile using iPCU, along with the VPN configuration. Then connecting gives the error "Could not validate the server certificate". Additionally, the ASA logs the error "Received encrypted Oakley Informational packet with invalid payloads". FWIW, I receive the same invalid payload error when trying to use the Snow Leopard IPsec client to connect. Has anyone successfully gotten the iPhone IPsec client to work with certificate auth?

    Read the article

  • How do I renew an expired Ubuntu OpenLDAP SSL Certificate

    - by Doug Symes
    We went through the steps of revoking an SSL Certificate used by our OpenLDAP server and renewing it but we are unable to start slapd. Here are the commands we used: openssl verify hostname_domain_com_cert.pem We got back that the certificate was expired but "OK" We revoked the certificate we'd been using: openssl ca -revoke /etc/ssl/certs/hostname_domain_com_cert.pem Revoking worked fine. We created the new Cert Request by passing it the key file as input: openssl req -new -key hostname_domain_com_key.pem -out newreq.pem We generated a new certificate using the newly created request file "newreq.pem" openssl ca -policy policy_anything -out newcert.pem -infiles newreq.pem We looked at our cn=config.ldif file and found the locations for the key and cert and placed the newly dated certificate in the needed path. Still we are unable to start slapd with: service slapd start We get this message: Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output: slapd -h 'ldap:/// ldapi:/// ldaps:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ Here is what we found in /var/log/syslog Oct 23 20:18:25 ldap1 slapd[2710]: @(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:40:04) $#012#011buildd@allspice:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Oct 23 20:18:25 ldap1 slapd[2710]: main: TLS init def ctx failed: -1 Oct 23 20:18:25 ldap1 slapd[2710]: slapd stopped. Oct 23 20:18:25 ldap1 slapd[2710]: connections_destroy: nothing to destroy. We are not sure what else to try. Any ideas?

    Read the article

  • HowTo import Certificate (pfx) with private key in WinXP

    - by Gunther
    Hello, I tried the whole day just to import a cetrificate in winXP, but I allways failed. I did following: Create the certificate with private key (no pasword): makecert -sr LocalMachine -ss My -pe -sky exchange -n "CN=TestCert" -a sha1 -sv TestCert.pvk TestCert.cer Then put certificate and private key together into pfx file: pvk2pfx.exe -pvk TestCert.pvk -spc TestCert.cer -pfx TestCert.pfx Import pfx file with commandline tool (German System): winhttpcertcfg.exe -i TestCert.pfx -a NT-AUTORITÄT\NETZWERKDIENST -c LOCAL_MACHINE\My Error: Unable to import contents of PFX file. Please make sure the filename and path, as well as the password, are correct. Hint: "NT-AUTORITÄT\NETZWERKDIENST" -- "NT-AUTHORITY\NETWORKSERVICE" Filename is ok, password was not set. Even if I set the password (e.g. "MyPassword") in Step 1 and type at the end of step 3: ... -p MyPassword I got the same error. Then I tried to import in the certificate console (mmc with certificate snap-in). There i got following error: "Der private Schlüssel, den Sie importieren, erfordert möglicherweise einen Dienstanbieter, der nicht installiert ist." -- "The imported private key may requires a service-supplier which is not installed". But the Microsoft Crypto-Service is up and running. What else can I do? On Windows Vista and Windows 7 I got this running without these problems. I need this Certificate to run a WCF Service. Thanks in advance for any hint. Regards, Gunther

    Read the article

  • Redmine subversion won't ignore certificate error even if told

    - by Pekka
    I have set up a copy of Redmine through the Bitnami Redmine Stack and am having trouble accessing a remote SVN repository through https. The trouble seems to be related to the fact that I don't have a signed certificate, and the certificate provided doesn't match the host name (I am accessing the same server through a number of host names). I am new to Ruby, Mongrel, Rails and Redmine. Following the advice in this forum thread, I changed the path Redmine uses to invoke the svn client in \apps\redmine\lib\ redmine\scm\adapters\subversion_adapter.rb from SVN_BIN = "svn" to SVN_BIN = "svn --trust-server-cert --non-interactive --config-dir c:/user/temp" I was hoping that the --trust-server-cert option would fix the certificate problem. However, I am still getting the following error message in mongrel.log: svn: OPTIONS of 'https://server.xyz:8443/svn/reponame': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://server.xyz:8443) Does anybody know what to do about this? Additional info: I re-started the mongrel service after each change I am sure the configuration change has taken effect because subversion has created a full configuration directory in c:\user\temp I can access the remote repository using command line svn no problem The remote repository runs on a Windows box with VisualSVN

    Read the article

  • How to check a digital certificate?

    - by StackedCrooked
    I have extracted a certificate from a cable modem. Now I want to verify if this certificate is valid. If I understand correctly, the verification process consists of having the issuer sign the subject's public key and then comparing the result with the subject's signature. This signing process is done using the issuer's private key, which nobody but the issuer has access to. So even if I have both certificates on my PC, there is no way for me to verify the subject's validity. From this I can only conclude that the verification must be implemented as a remote service. The problem is that I don't know what remote service I need to access to verify this certificate. The issuer is "AVM GmbH Cable Modem Root Certificate Authority". How can I find the webservice for verification? Is there standard lookup mechanism for this?

    Read the article

  • One SSL certificate (one domain) for two servers ?

    - by marioosh.net
    I have two servers. On SERVER1 i have configured SSL certificate (on Apache) for domain https://somedomain.com. I need to connect to my working domain some app that exists on remote server SERVER2 - working app for example: https://remoteapps.com/remoteApp. I used mod_proxy to do it, but SSL certificate doesn't work. ProxyPass /remoteApp https://remoteapps.com/remoteApp ProxyPassReverse /remoteApp https://myapp.com/remoteApp How to make certificate for https://somedomain.com/remoteApp work too ?

    Read the article

  • Attach certificate to remote desktop connection - not gateway services

    - by Jordan S
    I have a Windows server that I want to attach a 3rd party signed certificate for remote desktop connections. This is not a remote desktop services server, i.e. it is just remote desktop administration. There is lots of info on the internet about attaching a certificate to remote desktop services, but I want to attach mine to just plain remote desktop connection for administration purposes. If anyone know how to do this, please holler! I have imported the certificate into the Remote Desktop store in the certificates mmc snap in, and have tried running the wmic command in this question (Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode?) but this fails. THANKS!

    Read the article

  • Import Java Trusted Certificate to JRE

    - by Zalastax
    I need to install a certificate from a Java app to a lot of people. I want to use a one click program or batch file to import it as a Trusted Certificate(in Control Panel-Security-Certificate). Then they won't need to press always allow first time they use the application. I have extracted the needed certificate as both a .csr and as a .cer (the .csr via Control Panel and the .cer via keytool). Now I need to get one of them back without any clicking in menus. I don't really understand the documentation of importing .cer with keytool and would like an example. Or are there an easier way than using keytool?

    Read the article

  • Exchange 2010 certificate errors

    - by Frederik Nielsen
    I have a problem with my newly setup Exchange environment for our hosted customers. First off, when configuring the outlook client, it gives a certificate warning although the certificate has been bought and setup. I am using a setup like this: autodiscover.CUSTOMERDOMAIN.TLD CNAME autodiscover.exchange.COMPANYDOMAIN.TLD (Companydomain is our company that hosts the exchange servers, customerdomain being the customers domain) Shouldn't that work? I know that Microsoft does something like that for Office365, but I really don't think they buy a certificate for every customer.. So I guess some redirection should be setup somehow - any guidance? Next thing: When we accept that error, and move on to actually starting Outlook, it states that the certificate is not valid for the RPC proxy server exchange.COMPANYDOMAIN.TLD - this domain is not right, as that domain is not included in the certificate. I would instead like this domain to be mail.exchange.COMPANYDOMAIN.TLD I tried to run this script setting both internal and external URL's to be the same, with no luck. Any guidance on this one? I am running Exchange 2010 SP2, with CAS, HT and MBX split up on 3 different servers.

    Read the article

  • Generating wildcard SSL certificate

    - by Xiè Jìléi
    I can make a single SSL certificate for several different domain names: www1.example.com www2.example.com www3.example.com But *.example.com doesn't work. How can I make a single SSL certificate for all sub domains within .example.com? P.S. Here is the extension part of the generated certificate: X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:*.example.com It's simply not matched by any sub-domain under example.com by the browser.

    Read the article

  • Unable to renew certificate in certmgr.msc in windows 2003

    - by VicF
    I am trying to renew a certificate using CertManager on Windows 2003 Server. (I have also used the certificate plug-in in MMC but its the same thing.) I am logged in with the Administrator account. When I select any of my Personal certificates and go to the All-Tasks menu I only see Open and Export. I do not see the "Renew Certificate with New Key" or "Renew this certificate with the same key" options. How do I get those options to show up? I there some security policy or service that I need to run?

    Read the article

  • How to dump the Subject Alternative Name (SAN) from an SSL certificate file

    - by LonelyPixel
    I know that I can dump the entire information from a PEM certificate file with this command: openssl x509 -in certfile -noout -text And I've already found another direct parameter to show me only the expiry date of a certificate: openssl x509 -in certfile -noout -enddate But is there also a shortcut to get only the alternative names? Like when a certificate can be used for example.com as well as www.example.com. In the full dump, it's here: Certificate: Data: X509v3 extensions: X509v3 Subject Alternative Name: DNS:www.example.com, DNS:example.com I'd just like to save me the hassle to parse this output and get the domain names only. Is that possible? Otherwise, what would be best practices to parse this output? What can be assumed, what may change? Could I use a regexp like X509v3 Subject Alternative Name:\s*DNS:(\S+)(?:, DNS:(\S+))*?

    Read the article

  • How do I renew a Web Server certificate in Windows Server 2008?

    - by Mark Seemann
    The SSL certificate for my web site just expired a few days ago, and I would like to renew it. I originally issued it two years ago using my Windows 2008 Certificate Authority, and it's worked without a hitch in all that time, so I would like to renew the certificate as simply as possible to make sure that all the applications relying on that certificate continue to work. I can open an MMC instance and add the Certificates snap-in for the Local Computer. I can find the relevant certificate under Personal, but I can't renew it. When I select Renew certificate with new key I get the following message: Web Server Status: Unavailable The permissions on the certificate template do not allow the current user to enroll for this type of certificate. You do not have permission to request this type of certificate. However, I can't understand this, as I'm logged on as a Domain Admin and I'm running the MMC instance in elevated mode. I've checked the Web Server certificate template, and Domain Admins have the Enroll permission on this template. FWIW, I also tried rebooting the server. How can I renew the certificate?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >