ACS appliance fails to recognize an installed certificate

Similar Questions

• ACS appliance 4.2 - database replication internal problem

  HelloW

  I'm yunchoul jung in Korea

  now I'm setting up ACS unit 1113 ver4.2

  in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.

  so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address

  I don't understand a procedure of solution in the documentation below.

  Thank you for your help in advance

  Problem: 127.0.0.1 is a reserved address

  You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.

  but you notice this error message in the secondary unit:

  Replication of database of ACS denied - incompatibility of secret shared incoming

  When you try to change the key of course AAA under Network Configuration Server error message is

  returned.

  This is due to a known bug,

  Symptom: 127.0.0.1 address appears in ACS and the replication fails

  Conditions:

  Install Acs S/W version 4.2.0.124

  Disable the network adapter

  Enable network card

  * Go to the network settings page.

  * Should see the AA server IP to be a return loop

  Workaround solution:

  For windows: remove the 127.0.0.1 entry

  For the device: back up the database, install ACS on windows, restore, delete

  the entry, make a backup and restore on the device

  http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCso39795

  Kind regards

  ~ JG

  Note the useful messages

• Secure connection failed Firefox 33.0.2 (certificate Secure Connection failed sender is invalid.) (Code d'erreur: sec_error_ca_cert_invalid))

  Updated to 33.0.2 and now on some self-signed sites that use my internal network servers, I get the Secure Connection failed Firefox 33.0.2 (certificate Secure Connection failed sender is invalid.) Error code: sec_error_ca_cert_invalid). Sites are used to administer my internal servers and have current certificates. Is there a work around or fix for this problem? I should stay on older versions of FF.

  Thank you.

  Hello bpainter77, I think that this issue will be addressed in a next update - set an exception for pages with a sec_error_ca_cert_invalid error can work with the beta version of firefox 34 already: http://www.mozilla.org/firefox/beta/

• ThinPro 4.3 - Citrix Receiver 13 - use HPDM to install certificates?

  Hello

  I have an existing environment of about 1200 of the T610.  and we are migrating to a new citrix farm.  on customers now receiving light is 12.  I'm moving to Citrix receiver 13 and install new certificates.

  Is it possible to install certificates using HPDM?  I tried options command line with "high-cert-mgr", but for some stupid reason, he began as a script of hpdm because he needs an x environment.

  I tried to copy them down to the thin client, putting the new cert in the directory/usr/lib/ICAClient/keystore/cacerts and run c_rehash on the directory, but I always get the certificate error.

  What I am doing wrong, everybody has it works?

  Thank you in advance for your help!

  Best regards, Fred

  I thought about it.

  Am I missing something basic?  is there an easier way to do this?

  You must copy the certificate to PEM format in 3 locations (with the extension .crt)

  / Writable/usr/lib/icaclient/keystore/cacerts / *. CRT

  Writable/home/user/.freerdp/certs/*. CRT

  / Writable/usr/local/share/ca-certificates / *. CRT

  Then, you create a link in/writable/etc/ssl/certs (with the .pem extension) of the cert file located in

  / Writable/usr/local/share/ca-certificates

  Then, you need to run

  / writable/etc/ssl/certs c_rehash

  in a work order.

  complicated to say the least.

  Am I missing something basic?  is there an easier way to do this?

  Thank you

• Service Pack 3 for Windows XP does not recognize that it is connected to the USB ports. I get a notice that something has been plugged, but Windows fails to recognize regardless of the question.

  Service Pack 3 for Windows XP does not recognize that it is connected to the USB ports. I get a notice that something has been plugged, but Windows fails to recognize regardless of the question.

  Disconnect all USB storage.

  Run this tool by do right click and choose 'run as administrator '.

  Of course, all first extract it:

  http://www.Uwe-Sieber.de/files/drivecleanup.zip

  If your XP is 32 bits, use the Win32 folder.

  Reset.

  If you still can't find the drive, assign it a drive letter in disk management.

• User of Vista Home Premium (preload), KB2742595 and KB2789642 fail to update/pre-installed to update. Any suggestions?

  I am user of Vista Home Premium (preload), two important updates: KB2742595 and KB2789642 fail to update/pre-installed to update (tried on more than 1 occasion, individually and collectively). There have been other updates since that successfully updated. Any suggestions? Thank you very much.

  See the RESPONSE message in this thread-online http://answers.microsoft.com/thread/5b39ddc7-8b23-4459-9bf4-c1e0d6c07437

• Windows update fails to download and install updates and cannot start defender and windows firewall.

  Original title: windows update fails problems to download and install the updates and windows firewall and defender will also not start?

  Windows update fails to download and install the updates and defender and windows firewall will not also start? What can I do?

  Hi Speete66,

  ·         You receive an error message or error code in Windows Update?

  ·         What happens when you try to start the windows firewall and windows defender? You receive an error message?

  ·         You have any other antivirus software or protection installed on the computer?

  ·         Did you do changes on the computer before the show?

  Follow the suggestions below for a possible solution:

  Method 1: I suggest you to consult the article in the Microsoft Knowledge Base and check if it helps.

  You cannot install some programs or updates

  http://support.Microsoft.com/kb/822798

   

  Method 2:  If the method above does not help, then you can reset Windows Update components and check.

  Reset Windows Update components.

  http://support.Microsoft.com/kb/971058

  You can also view the article mentioned for more information below:

  Problems with installing updates

  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-problems-with-installing-updates

  Let us know the results.

• Ignore CSR for installing Certificate wildcard in IDRAC6

  Hello

  I want to install the wildcard for IDRAC6 certificate. We manage more than 200 DELL servers.

  So get CSR and publish each possess the certificate makes no sense.

  Does anyone know how to ignore CSR and install Certificate wildcard for IDRAC6?

  Command line or GUI, both make me happy.

  Maybe in the case of OMSA will be appreciated.

  Thank you.

  Best solution.  I was able to download a certificate wildcard on 8 of our PE R710, R715 and R815 machines.  They are all iDRAC6.

  The key is to increase the key length before you download the wildcard certificate.

  Copy of key SSL and CRT (thus intermediate.crt files if necessary) files Linux host that has access to the RACADM utility

  Intermediate.CRT and concat your.crt

  Cat your.crt intermediate.crt > combo.crt

  VI the combi.crt and make sure that there is a hard return between the two certificiates.

  -CERTIFICATE OF END-
  -BEGIN CERTIFICATE-

  Increase the size of the key to modern SSL certificates

  racadm - r 192.168.rac.addr u root Pei yourPass config g cfgRacSecurity o cfgRacSecCsrKeySize 2048

  Download your private key

  racadm - r 192.168.rac.addr u root Pei yourPass sslkeyupload t 1 f your.key

  Download the certificate of Combo

  racadm - r 192.168.rac.addr u root Pei yourPass sslcertupload t 1 f combo.crt

  This will cause a restart of the iDRAC.  It will take about 5 minutes to complete

  Once done... *. example.NET certificate works

  Jim

• Install certificates for EAP - TLS does ACS does not work

  Hi all

  I have two problems.

  I produced a CSR ACS and sent my people to windows this and they published my ACS with a certificate. Cool.

  I'm going to download the GBA and I put a 'private key file?

  What is this file? and where can I get a? What is this long string of characters that generate the CSR, I sent the boys of windows?

  Also, I managed to just put any old rubbish in there? and I was surprised he accepted.

  Restarted the service IS and I tried to turn it on eap - tls on the "Overall Authentication Configuration" page to get only the message

  Could not initialize authentication PEAP or EAP - TLS because that Protocol

  certificate is not installed. Install CA using "ACS."

  «Configuration of CA page»»

  Now, I'm a little confused, because if have the installer GBA incorrectly, because of my lack of understanding of what this private key file and how it relates to all which?

  Thx a lot indeed.

  Ken

  I'm having the same problem. It seems the guys from windows to generate a cert that it must be exportable, which offers also private key file. I tried the following without success document. It can work for you, however, http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configuration_example09186a008020a45c.shtml

  I also tried to have the ACS to generate a certificate self-signed, that works. But on the client, you must uncheck the box validate the server certificate because GBA is not a trusted certificate servers. Right now I'm trying to understand how ad to publish the ACS as a trusted cert server so windows knows to do trust the cert of the ACS. Through all this, I found that you can configure in several ways, the most difficult part is to find a way that works for you.

• ACS 3.3 invalid or corrupted SSL certificate installed

  Hello

  I installed a new SSL certificate to replace the old one which was about to expire. After this update of cert, I can access is no longer the ACS server for admin purposes. I get the error "cannot establish connection cifered because the certificate presented by is invalid or damaged. Error code:-8101 "or something similar that the message is in Spanish.

  I tried to restart the CSAdmin service without success. I also watched ath the different CS tools but none of them does this nor is the Guide to GBA.

  Is there a way to remove the certificate from the command line or other?

  AY help would be appreciated because I don't want to reinstall/rebuild the server.

  Thank you

  Niels

  If the EC is 3.3.4 or below then it can be disabled through the registry. 4.x do not have registry settings to tweak.

  For 4.x

  A possible workaround we have is that if a GBA backup taken prior to activation of the HTTPS is there, we can restore the same and work around the problem.

  For 3.3.x

  To restore access using http on your server, you must change the registry setting

  to disable the https. Here's the location of the key "reg":

  HKEY_LOCAL_MACHINE \SOFTWARE \Cisco \CiscoAAAv3.2 \CSAdmin \Config \HTTPSSupport

  Change this value from 2 to 1.

  Kind regards

  ~ JG

  Note the useful messages

• How to install certificates root DOD under linux?

  I need to access this site: https://www.netfocus.netc.navy.mil/nrotc/candidate_app/Login.aspx to apply for the NROTC scholarship. I had been able to access this site last year, however, I've updated firefox and all I get is a "Secure connection failed" error now. Well, when I try to install the AC on this site DOD root certificates: http://dodpki.c3pki.chamb.disa.mil/rootca.html , I get an alert without end that say "this certificate cannot be verified and is not imported. What should I do to install this? I really need access the first site.

  The site seems to use TLS 1.0
  It works if I add the domain to the whitelist.

  The site may attempt to return to a lower version of TLS in a way that is no longer allowed in current versions or maybe use a deprecated suite of encryption.

  You can open the topic: config page through the address bar and use the search bar to locate this pref:

  • Security.TLS.insecure_fallback_hosts

  You can double-click the line to edit the prefs and add the FQDN (www.netfocus.netc.navy.mil) to the value of this preference.
  If there are already websites (domains) in this list, then add a comma and the new domain (without space).
  There should be only areas separated by a comma in the column value (example.com,www.example.com).

  If this help you can contact this Web site and ask them to look into this and update their security.

• vRealize 7 - NSX Automation deployments fail due to problems of certificate with vRealize Orchestrator

  Hello community,

  After you have installed the latest version of vRA, vRO, and NSX I run questions when you apply components that use components of the NSX. First of all: details of the version:

  -vRA: 7.0.0 (build 3292778)

  -vRO: 7.0.0.16989 (build 331003)

  -NSX: 6.2.1 (build 3300239)

  vRO plugin versions are delivered with the vRO version listed above with the exception of the plugin NSX, which has been updated to the latest version (1.0.3 published on 17.12.15).

  In the configured tenant vRO is configured as endpoint. I can check the data collection is running and working. I can see the plugin NSX for vRO runs the workflow 'create endpoint NSX' from time to time using the configured user of vRA VRO.

  In the configured tenant vRO is thus configured as server default for ASD vRO. Connection test is successful. When you save the config I'm prompted to approve the vRO certificate, which I confirm. Note that the thumbprint specified matches the footprint of the vRO certificate that I get during the visit of the vRO system on https://vro:8281. I am able to navigate the vRO vRA designer workflows, therefore: connection seems established.

  Within vRO the vRA COFFEE and plug-ins IAAS have been saved successfully. I am able to browse the inventory of plugin for both plugins.

  To solve the problem, I created a new unified plan within the design section of vRA with the following configuration:

  -Transport box: my area of transport configured NSX (checked: manual creation on this area using NSX works very well)

  -Routed res pol. Bridge: my reference for the dash cluster to use Pol

  -The only component dragged to canvas is a 'network and safety'-> 'On-Demand NAT Network' that uses a profile preset 1-to-many network as is "Parent network profile" without manual modification.

  -Note that, although there is a plan very simple example to illustrate the problem, it happens with any model that I have set up if any component is confgured requiring the NSX plugin for vRO.

  "Whenever I ask this plan, the request fails with the error message:" ","application [fa1e0689-0d06-4308-a914-e498c0d1fd99]: 404 not found "

  Looking in vCenter, NSX and vRO I can check that nothing is really trigged when you ask for the action plan.

  Consider the vRA /storage/log/vmware/vcac/catalina.log becomes very visible:

  com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.isEndpointAlive:88 -
  vRealize Orchestrator endpoint with url [https://s00-vro.my.domain:8281/vco] is not alive. 
  Exception message:> [Host name 's00-vro.my.domain' does not match the certificate subject provided by the peer (CN=s00-vro.my.domain, OU=VMware, O=My Company, C=DE)]
  
  com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.getFirstAliveEndpointByPriority:200
  - vRealize Orchestrator endpoint [https://s00-vro.my.domain:8281/vco] with priority 1 is not alive. Skipping.
  
  org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolv
  er.logException:189 - Handler execution resulted in exception: Endpoint not found. There are no vRealize Orchestrator endpoints that are alive.
  
  com.vmware.vcac.platform.service.rest.resolver.ApplicationExceptionHandler.handleHttpStatusCodeException:673 - 404 Not Found
  org.springframework.web.client.HttpClientErrorException: 404 Not Found
  ...
  ...
  ...
  
  

  Please note that I double checked the certificate. This is a self-signed certificate created using the 7.0 vRO new control panel, the one I get when you go to https://vro:8281. It is valid and the object (issed to CN) matches perfectly the hostname entered the ASD and endpoint configuration in the vRA. It is separable and time on all components of the server is in sync with the use NTP.

  Now, I even re-generated certificate and re-registered and rebooted all the components, but while I can see that the certificate has been updated all components I always get the same question.

  Never had this problem with the previous version of the NSX / vRA / vRO. I checked the documentation if nothing has changed here, but did not find what I'm doing wrong. Anythimg I'm missing here? Any bug?

  OK, this seems to be the issue. So put atleast to previous day since version ofvRO (cannot check if it's true for charges vRO 7 installs as well but it is probably) vRO 'control center' will generate certificates based SHA1 vRA love not for actions that use the endpoint in the vRA vRO. ASD seems to work without these problems.

  Sidenote: VRO upgraded installs will also come with SHA1 based CERT if they use a self-signed cert created by vRO. However: you would think that it is sufficient to recreate the cert using the control center. But it turns out it isn't, because it will generate a (new) based SHA1 cert.

  What I did to solve the problem:

  1. create a vRO SSH2 based certificate without the cert extensions, similar to the one that ships with built-in vRA vRO. I tend to use xCA for these jobs, but openSSL will do as well. The exact format required for the certificate of vRO is not documented, but I can make sure you need it like this: PEM certificate in key private and public including format PKCS #1, formatted as follows:

  -----BEGIN RSA PRIVATE KEY-----
  (Your private Key: your_vro_server.key)
  -----END RSA PRIVATE KEY-----
  -----BEGIN CERTIFICATE-----
  (Your primary certificate: your_vro_server.crt)
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  (Your intermediate certificate: intermed.crt)
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  (Your root certificate: root.crt)
  -----END CERTIFICATE-----
  

  I had problems when I used the key extensions so I would say you don't use and don't create a very basic cert without extensions V3, as indicated on the right of the image to my last post (ideally, you want to have a cert with the same properties as the cert is used by the device of integrated vRO vRA unless of course different CN) etc.).

  2. use the vRO control center located at https://your-externa-vro:8283 / vco-controlcenter / #/ and move to--> Orchestrator Server SSL certificate certificates. Use the action to import to import your PEM cert. It should tell you that you need to restart your device vRO. Then RESTART the device (for not just restart the service, this seems not be sufficient).

  3 al ' vRA remove the Endpoint vRO everywhere wherever it has been configured. Also, I removed the vRO to the ASD config just to make sure that nothings left.

  4 reboot the vRA power (IAAS can be left as what). I needed to do this because I have seen that the keystore at some point would keep beeing crushed by CERT vRA (?), I deleted it (AND I checked that they are deleted) reappears in the keystore after a while. After a reboot, the problem was gone, the keystore was clean.

  5. Add the configuration of endpoint and ASD vRO. Accept the certificate.

  6. the works.

  Therefore, while I have no more time to solve the problems more than I guess the problem is the SHA1 function certificate generated by the device of vRO. The internal unit is equipped with a SHA2 based cert that works and after that change the external device SHA1 cert in a basic cert SHA2 all works.

• VCenter Server Appliance fails without VT in nested ESXi 5.1 support

  I am trying to run vCenter Server Appliance in a nested ESXi 5.1 64-bit environment.

  At the start of the vCenter Server Appliance, it fails with:

  This virtual machine is configured for 64-bit operating systems. However, the 64-bit mode is not possible.

  This host does not support VT for more information, see http://VMware.com/info?id=152 .

  My configuration is:

  Hardware Intel Serverboard S1200BTS

  Intel Xeon E3-1230 V2 3.30 GHZ CPU

  (This processor supports VT + EPT)

  BIOS Intel VT is enabled

  Intel VT for directed IO is enabled

  Latest version of the BIOS

  HW-ESXI 5.1 vhv.allow = "TRUE" is defined

  VM-ESXi 5.1 CPU/MMU virtualization - Intel VT + EPT active

  vCenter Server Appliance has been installed with the VMware-vCenter-Server-Appliance-5.1.0.5200-880472_OVF10.ova file.

  What I'm missing here?

  MNGZ wrote:

  Set vhv.enable = 'TRUE' in my nested ESXi 5.1 makes no difference.

  Did you put this in the .vmx file for your ESXi 5.1 VM?

• Problem - cannot install Certificate

  I'm trying to install the trial version creative cloud on my Mac. I get this message: cannot install the application due to a certificate problem.  The certificate does not match the certificate of the installed application, does not support upgrades of the application or is not valid.  Please contact the application author.

  There is no error number

  Thank you for the Julienc27025156 update.  This means that you are able to connect to the activation successfully servers.

  201 error indicates that the download has been started but interrupted or packages were damaged.  When several attempts were unsuccessful 201 error may occur.

  Details about errors must be contained in the DLM.log file.  For more information on how to locate and check the file DLM.log see troubleshoot Adobe Creative Cloud installation problems with the log files .  I recommend you to provide the log file to your network administrator, they allow to check the address that fail are configured correctly on your network.

• SUN ONE Web server (6.1) @ install Certificate Err: SSL_ERROR_NO_CERTIFICATE

  Hello
  
  I'm trying to Setup SSL (activate HTTPS) on Sun - a Web server. Here are the steps that I have the following details and the error:
  
  Security @ Create Database > > successful
  Security @ request a certificate > > successful (password 'Key pair file' is the same with respect to the database, which has been setup above). Receive an email with "new certificate request".
  Facility security certificate @ > > failed
  
  Certificate of > > > this server
  Select the module to use with this certificate > > >
  Encryption module: internal
  Pair mot_de_passe_fichier_cles: < same step 1 and step 2)
  Enter certificate name ONLY if the certificate is not for 'This Server' > > >
  Text message (with headers): include text that says - START CERTIFICATE - and - END CERTIFICATE->
  
  italics On clicking the button OK get the following window:
  
  "BOLD"
  System error: model of certificate
  Having received a certificate of vacuum.
  
  The returned system error-12885 number, which is
  SSL_ERROR_NO_CERTIFICATE: cannot find the certificate or
  key needed for authentication.
  "BOLD"
  
  
  NOTE: sudo privileges are given to a USER account to start and stop Web services on Solaris box. ROOT privileges are not owned by the same USER account.
  
  Please advice what could be the problem.
  
  Thank you
  REDA

  Send your newly received email with the signing certificate request to your CA and get a certificate. Then install.