Search Results

Search found 2455 results on 99 pages for 'dbcontrol certificate expire'.

Page 9/99 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • New Key for expired certificate?

    - by aglassman
    I need to create a new certificate for an internal server. It is self signed. Is there an easy way to just extend the expiration date of the current certificate? If not, can I reuse the current key, or do I need to generate a new one? I'll be using Java keytool. All info I can find online it looks like I need to create a new keystore, but I'd rather skip that step if possible just to keep things simple.

    Read the article

  • Problem to Import certificate to Apache tomcat: Failed to establish chain from reply

    - by Ilya
    Hi, After I got certificate, I tried to import it as specified here: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File But I got this error: C:\Program Files (x86)\Java\jre6\binkeytool -import -alias tomcat -keystore C:\ SSL.keystore -file C:\SSL\SSL_Internal_Certificate_for_isdc-planning.cer Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply I need to import first chain certificate, by apache document Import the Chain Certificate into you keystore keytool -import -alias root -keystore \ -trustcacerts -file When I printed the certificate it's issuer is: Issuer: CN=Intranet Basic Issuing CA 2B I downloaded the chain certificates: Intranet Basic Issuing CA 1A(1).crt Intranet Basic Issuing CA 1A(2).crt Intranet Basic Issuing CA 1A.crt Intranet Basic Issuing CA 1B(1).crt Intranet Basic Issuing CA 1B(2).crt Intranet Basic Issuing CA 1B.crt Intranet Basic Issuing CA 2A(1).crt Intranet Basic Issuing CA 2A.crt Intranet Basic Issuing CA 2B(1).crt Intranet Basic Issuing CA 2B.crt Intranet Basic Policy CA(1).crt Intranet Basic Policy CA.crt Root CA.crt Issuer of Intranet Basic Issuing CA 2B.crt is Intranet Basic Policy CA and its Issuer is:Root CA certificate But I can't import 3 certificates into root alias. And imported "Intranet Basic Issuing CA 2B.crt" into root and then rerun import of tomcat alias But got the same error: keytool error: java.lang.Exception: Failed to establish chain from reply What is correct way to import correct chain certificate. Thanks in advance Ilya

    Read the article

  • Error using httlib's HTTPSConnection with PKCS#12 certificate

    - by Remi Despres-Smyth
    Hello. I'm trying to use httplib's HTTPSConnection for client validation, using a PKCS #12 certificate. I know the certificate is good, as I can connect to the server using it in MSIE and Firefox. Here's my connect function (the certificate includes the private key). I've pared it down to just the basics: def connect(self, cert_file, host, usrname, passwd): self.cert_file = cert_file self.host = host self.conn = httplib.HTTPSConnection(host=self.host, port=self.port, key_file=cert_file, cert_file=cert_file) self.conn.putrequest('GET', 'pathnet/,DanaInfo=200.222.1.1+') self.conn.endheaders() retCreateCon = self.conn.getresponse() if is_verbose: print "Create HTTPS connection, " + retCreateCon.read() (Note: No comments on the hard-coded path, please - I'm trying to get this to work first; I'll make it pretty afterwards. The hard-coded path is correct, as I connect to it in MSIE and Firefox. I changed the IP address for the post.) When I try to run this using a PKCS#12 certificate (a .pfx file), I get back what appears to be an openSSL error. Here is the entire error traceback: File "Usinghttplib_Test.py", line 175, in t.connect(cert_file=opts["-keys"], host=host_name, usrname=opts["-username"], passwd=opts["-password"]) File "Usinghttplib_Test.py", line 40, in connect self.conn.endheaders() File "c:\python26\lib\httplib.py", line 904, in endheaders self._send_output() File "c:\python26\lib\httplib.py", line 776, in _send_output self.send(msg) File "c:\python26\lib\httplib.py", line 735, in send self.connect() File "c:\python26\lib\httplib.py", line 1112, in connect self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) File "c:\python26\lib\ssl.py", line 350, in wrap_socket suppress_ragged_eofs=suppress_ragged_eofs) File "c:\python26\lib\ssl.py", line 113, in __init__ cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Notice, the openSSL error (the last entry in the list) notes "PEM lib", which I found odd, since I'm not trying to use a PEM certificate. For kicks, I converted the PKCS#12 cert to a PEM cert, and ran the same code using that. In that case, I received no error, I was prompted to enter the PEM pass phrase, and the code did attempt to reach the server. (I received the response "The service is not available. Please try again later.", but I believe that would be because the server does not accept the PEM cert. I can't connect in Firefox to the server using the PEM cert either.) Is httplib's HTTPSConnection supposed to support PCKS#12 certificates? (That is, pfx files.) If so, why does it look like openSSL is trying to load it inside the PEM lib? Am I doing this all wrong? Any advice is welcome. EDIT: The certificate file contains both the certificate and the private key, which is why I'm providing the same file name for both the HTTPSConnection's key_file and cert_file parameters.

    Read the article

  • Certificate Trusts Lists in IIS7

    - by BrettRobi
    I am trying to enable mutual authentication for my WebService hosted in IIS7. I have the server side cert setup and working but cannot figure out how to get a Certificate Trust List created and setup in IIS7 so that I can require and validate client side certificates. All of my client side certs are signed by my own root cert so I need to create a CTL that contains just my root cert and then have IIS validate client provided certs against the CTL. Can anyone shed some light on how to do this? IIS6 had a UI for assigning a CTL, but I can find nothing similar in IIS7. Update: I have now successfully used MakeCTL in wizard mode to create a CTL with a Friendly Name. However I don't have adsutil support on my IIS7 box so via other posts elsewhere I am trying to use the 'netsh http add sslcert' command to assign the CTL to my site. Before I could use this command I had to remove the existing SSL cert that was assigned to my site for server authentication. Then in my netsh command I specify the thumbprint of that very same SSL cert I removed, plus a made up appid, plus 'sslctlidentifier=MyCTL sslctlstorename=CA'. The resulting command is: netsh http add sslcert ipport=10.10.10.10:443 certhash=adfdffa988bb50736b8e58a54c1eac26ed005050 appid={ffc3e181-e14b-4a21-b022-59fc669b09ff} sslctlidentifier=MyCTL sslctlstorename=CA (the IP addr is munged), but I am getting this error: SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated. I am sure the error is related to the CTL options because if I remove them it works (though no CTL is assigned of course). Can anyone help me take this last step and make this work? UPDATE 01-07-2010: I never resolved this with IIS 7.0 and have since migrated our app to IIS 7.5 and am giving this another try. Per the response from Taras Chuhay I installed IIS6 Compatibility on my test server and tried the steps he documented using adsutil.vbs (which can also be found here). I immediately ran into this error: ErrNumber: -2147023584 Error trying to SET the Property: SslCtlIdentifier when running this command: adsutil.vbs set w3svc/1/SslCtlIdentifier MyFriendlyName I then went on to try the next adsutil.vbs command documented and it failed with the same error. I have verified that the CTL I created has a Friendly Name of MyFriendlyName and that it exists in the 'Intermediate Certification Authorities\Certificate Trust List' store of LocalComputer. So once again I am at a dead standstill. I don't know what else to try. Has anyone ever gotten CTL's to work with IIS7 or 7.5? Ever? Am I beating a DEAD horse. Google turns up nothing but my own posts and other similar stories. Update 2/23/10 - I've confirmed with Microsoft that this is a bug with IIS 7.5, but it does work with IIS 7. Check out this link for details: http://viisual.net/configuration/IIS7-CTLs.htm Update 6/08/10 - I can now confirm that KB981506 resolves this issue. There is a patch associated with this KB that must be applied to Server 2008 R2 machines to enable this functionality. Once that is installed all works flawlessly for me.

    Read the article

  • How to export User cert with private key in PKCS12 format

    - by andreas-h
    I'm running Win2008R2, and have installed an Enterprise CA. I can create user certs, but no matter what I do, I cannot export the private key. I'm using the un-touched User certificate template, and the "allow export of private key" option is selected. Still, whenever I go to the "export" dialogue of the certificate (both as user and as administrator), I don't get asked if I want to export the private key, and the option to select PKCS12 format is grayed out. Any help is greatly appreciated!

    Read the article

  • Cant connect to mysql using self signed SSL certificate

    - by carpii
    After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key --ssl-ca=ca.cert Enter password: ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1) Ok, I remember reading theres some problem with connecting to the same server via SSL. So I download the client keys down to my local box, and test from there... ~> mysql -h <server> -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key --ssl-ca=ca.cert Enter password: ERROR 2026 (HY000): SSL connection error Its unclear what this "SSL connection error" error refers to, but if I omit the -ssl-ca, then I am able to connect using SSL.. ~> mysql -h <server> -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 37 Server version: 5.5.25 MySQL Community Server (GPL) However, I believe that this is only encrypting the connection, and not actually verifying the validity of the cert (meaning I would be potentially vulnerable to man-in-middle attack) The ssl certs are valid (albeit self signed), and do not have a passphrase on them So my question is, what am I doing wrong? How can I connect via SSL, using a self signed certificate? MySQL Server version is 5.5.25 and the server and clients are Centos 5 Thanks for any advice Edit: Note that in all cases, the command is being issued from the same directory where the ssl keys reside (hence no absolute path)

    Read the article

  • lighttpd with multiple IPs, each with a UCC certificate and many hostnames

    - by Dave
    I'd like to get lighttpd working with UCC certificates, but I can't seem to figure out the correct syntax. Essentially, for each IP address, I have one UCC certificate and a bunch of hostnames. $SERVER["socket"] == "10.0.0.1:443" { ssl.engine = "enable" ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem" ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem" $HTTP["host"] =~ "mywebsite.com" { server.document-root = /var/www/mywebsite.com/htdocs" } The above code works fine for one hostname, but as soon as I try to set up another hostname (note the same SSL cert): $SERVER["socket"] == "10.0.0.1:443" { ssl.engine = "enable" ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem" ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem" $HTTP["host"] =~ "anotherwebsite.com" { server.document-root = /var/www/anotherwebsite.com/htdocs" } ...I get this error: Duplicate config variable in conditional 6 global/SERVERsocket==10.0.0.1:443: ssl.engine Is there any way I can put a conditional so that only if ssl.engine is not already enabled, enable it? Or do I have to put all my $HTTP["host"]s inside the same $SERVER["socket"] (which will make config file management more difficult for me) or is there some entirely different way to do it? This has to be repeated for multiple IPs too (so I'll have a bunch of SERVER["socket"] == 10.0.0.2:443" etc), each with one UCC cert and many hostnames. Am I going about this the wrong way entirely? My goal is to conserve IP addresses when I have many websites that are related and can share an SSL certificate, but still need their own SSL-accessible version from the appropriate hostname (instead of a single secure.mywebsite.com).

    Read the article

  • Prevent SSL certificate being returned for a specific domain

    - by jezmck
    Apologies for a long question: We've taken on a new client whose web hosting was previously on their in-house server which still has their Exchange/Outlook email. We now host their domain (and many others) on our server. They're complaining that they're getting errors in Outlook. I don't understand the AutoDiscover stuff at the root of the problem, but believe that I just need to stop the SSL certificate on our server being returned when requested at a particular domain: Yes it is, the issue lies with "{newclient}.com" being pointed to your server IP and that server has Port 443 open with an SSL certificate associated to it. So when Outlook/ActiveSync use autodiscover to find the mailbox settings it find your SSL (because 443 is open) and flags it as an error. The solution is to close 443 so its not discovered, Autodiscover will then proceed to mail.{newclient}.com via the MX / ServiceRecords and discover the correct SSL. I'm new here and there was no hand-over, so I don't know whether other currently hosted sites need to accept SSL connections, though I suspect some will, or may in future. This is a live server, so I can't risk trying loads of options in case I take the server offline! I feel like I should be adding something like the following to vhosts.conf. <VirtualHost *:443> ServerName {newclient}.com ServerAlias www.{newclient}.com SSLEngine Off SSLCertificateFile {NONE} SSLCertificateKeyFile {NONE} </VirtualHost> Apologies for the fact that I don't know enough about this subject to be able to ask the question more clearly!

    Read the article

  • Unable to access site over HTTPS using self signed certificate

    - by James
    I am developing a REST API which I want to secure with SSL/TLS. I have implemented a large part of the API which I have tested over HTTP, however, I am now at the stage where I want to switch it over to use HTTPS. At the moment the API is hosted on a Windows XP professional SP2 box running IIS 5.1 (development environment only) and I used the SelfSSL.exe tool from the IIS 6.0 Resource Kit Tools to generate a server certificate. I then configured my API to use this certificate which all appeared to work fine as I attempted to connect to my API using HTTP and I get a 403 response saying "... must be accessed over a secure channel...". However, the problem is when I attempt to access the same the API over HTTPS it just appears to hang! As this is a development environment at the moment I don't have a domain name (just a static IP address) and the API is running on port 81. Also (incase it matters) the API is the default site (I replaced it). Any ideas why I can't connect using HTTPS?

    Read the article

  • HTTPS and Certification for dummies

    - by Poxy
    I had never used https on a site and now want to try it. I did some research, but not sure that I understood everything. Answers and corrections are greatly appreciated. Here we go: To use https I need to generate ‘private’ and ‘public’ keys for the web server I use. In my case it’s apache (manual: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html) Https protocol should be bind to port 443. Q: How to do it? Is it done by default? Where can I check configuration? Aplying https. Q: If I see https in browser does it mean that the data traffic on the page IS encrypted? Any form on the page would submit data via https? Though all the data gonna be encrypted, the browsers would still show ugly red messages. This is just because they do not know anything about my certificate. They have about a hundred certificates pre-installed but mine is not one of them, obviously. But the data IS encrypted by https. If I want browsers to recognize my certificate, I would need to have it signed by one of the certification authorities (ca) that has its certificate pre-installed (e.g. thawte, geotrust, rapidssl etc). UPD: To reed about ssl/tsl: The First Few Milliseconds of an HTTPS Connection, I found it very informative. Examples for PHP (openssl.org) of how to make use of ssl/tsl on the server side are published here.

    Read the article

  • Would an invalid certificate cause an 0x8004010F sync error?

    - by hydroparadise
    We just migrated from Exchange 2003 to 2007 which was a combo primary AD/DNS server and it has not gone smoothly. We are now down to getting a new certificate (a bureaucratic process thats out of my hands) and users getting the 0x8004010F sync issue. We are only using Outlook 2007 as our email client and the sync error appears exactly as so: 9:21:44 Synchronizer Version 12.0.6562 9:21:44 Synchronizing Mailbox '<User>' 9:21:44 Done 9:21:44 Microsoft Exchange offline address book 9:21:44 0X8004010F Now, I have read a number of technet articles on this issue anywhere from adding an A record in the DNS for autodiscover.domain.com to syncing the old OAD to the new OAD. In otherwords, theres lots of thing to try, but trial and error at this point might be hazardous to ther server's health and I am trying to narrow down the list of things to try. What has me thinking that the sync error could be related to the certificate is an event error message that says the following: Microsoft Exchange could not find a certificate that contains the domain name mail.ccufl.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Mail with a FQDN parameter of mail.ccufl.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key. I am not fully clear on how the Exchange Transport Service is related to Syncronization, but my hunch is that it probably not related to there not being a valid certificate. So to recap, would an invalid certificate cause an 0x8004010F sync error?

    Read the article

  • Do any well-known CAs issue Elliptic Curve certificates?

    - by erickson
    Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it? I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications. Bounty Criteria To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion. Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

    Read the article

  • certutil -ping fails with 30 seconds timeout - what to do?

    - by mark
    Dear ladies and sirs. The certificate store on my Win7 box is constantly hanging. Observe: C:\1.cmd C:\certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\set PROMPT=$P($t)$G C:\(13:04:28.57)certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)set PROMPT=$P$G C:\ Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G

    Read the article

  • How to make an x.509 certificate from a PEM one?

    - by Ken
    I'm trying to test a script, locally, which involves uploading a file using a Java-based program to a FileZilla FTPES server. For the real thing, there is a real certificate on the FZ server, and the upload step (tested alone) seems to work fine. I've installed FileZilla Server on my dev box (so it'll test uploading from localhost to localhost). I don't have a real certificate for it, of course, so I used the "Generate new certificate..." button in FZ. It works fine from an interactive FTPES program (as long as I OK the unknown cert), but from my Java program it throws a javax.net.ssl.SSLHandshakeException ("unable to find valid certification path to requested target"). So how do I tell Java that this certificate is OK with me? (I know there's a way to change the Java program to accept any certificate, but I don't want to go down that route. I want to test it just as it will happen in production, and I don't want to ignore unknown certificates in production.) I found that Java has a program called "keytool" that seems to be for managing this sort of thing, but it complains that the certificate file that FZ generated is not an "x.509" file. A posting from the FZ side said it was "PEM encoded". I have "openssl" here, which looks like it's perfect for converting between certificate formats, but I think my understanding of certificate formats is wrong because I'm not seeing anything obvious. My knowledge of security certificates is a bit shaky, so if my title is stupidly wrong, please help by fixing that. :-)

    Read the article

  • Disable Google Chrome warning if security certificate is not trusted

    - by sippa
    Hi, I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate. I have a few sites in my bookmarks that use HTTPS but none of them have trusted certificates, so each time I visit them I manually have to click "Proceed anyway" in the warning and it's getting kind of annoying. Is there any way to disable the warning or somehow add these sites to some kind of safe list? Thanks

    Read the article

  • Save Remote SSL Certificate via Linux Command Line

    - by Jim
    Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content. The gui equivalent to what I'm looking for would be to browse to the HTTPS site, double-click on the browser "secure site" icon, and export the cert. Except the goal here is to do it non-interactively. Thanks, Jim

    Read the article

  • BES 5.0 SSL Certificate

    - by Superfly
    I have recently installed BES 5.0 on a Hyper-V (i know it's not officially supported) 64-bit Server 2008 box with a remote SQL 2005 database. I successfully installed and was able to access the Blackberry Administration Service but was getting untrusted certificate errors so I followed the documentation for importing CA and BAS certificates with the Java keytool. They imported successfully but now the BAS webpage shows a "page cannot be displayed" error. TSupport is no help at all. Any ideas?

    Read the article

  • Unable to add certificate to the Trusted Root Certification Authorities in Windows 7

    - by user20358
    I am trying to add an apple developer certificate for sending Push notifications to my Trusted Root Certification Authorities section. I get an error like so: "The import failed because the store was read only, the store was full or the store did not open correctly" I am logged in as an administrator. I can't think of any way to solve this. Has anyone been able to fix a similar issue before? Thanks for your time...

    Read the article

  • Problem during installing certificate on Windows 7

    - by Rodnower
    Hello, I have Windows 7 installed and some certificate in .pfx format. I succeed installing it to local store and store of domain user with administrator privileges, but when I connect with local administrator and try to install it I get error: The import failed because the store was read-only, the store was full, or the store did not open correctly. Any ideas? Thank you for ahead.

    Read the article

  • SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

    - by Tiffany Walker
    ERROR: SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch STEPS: openssl genrsa -out SITE.TLD.key 2048 openssl req -new -key SITE.TLD.key -out SITE.TLD.csr (send CSR to SSL site to sign) add CERT to SITE.TLD.crt add CA to SITE.TLD.ca chained them: cat SITE.TLD.crt SITE.TLD.ca > chained.cert Any Idea what I am doing wrong? I am using LiteSpeed HTTPd

    Read the article

  • iphone application ad-hoc installation on windows gives invalid certificate error

    - by Lorenzo Boccaccia
    I've an application that need to be deployed to some testers. those with windows machine are reporting that the certificate used for signing the application couldn't be installed because of an unknown critical extension (1.2.840.113635.100.6.1.4) is there a way to make that critical extension known to windows (vista 64bit specifically)? I'm guessing that all this system of extension give user the ability to register callbacks to interpret the various added extensions (it would be totally useless otherwise)

    Read the article

  • SSL certificate: suggestions for choosing the CA [closed]

    - by dan
    Hi all. I am running a public web application. I would like to get a SSL certificate from a CA. Have you got any suggestions or a CA that you are happy of using (or the opposite)? What are the things I should be careful about? My requirements are: _ it must be recognized by all browsers (desktop and mobile) _ it must be not too expensive (up to 60$/year) Can I get something good with that money? Thanks, Dan

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >