Correct to redirect to an ssl certificate code

Similar Questions

• Cisco ASA 5505 and comodo SSL certificate

  Hey all,.

  I'm having a problem with setting up the piece of Certificate SSL of Cisco AnyConnect VPN. I bought the certificate and installed it via the ASDM under Configuration > VPN remote access > Certificate Management > identity certificates. I also placed the piece of 2 CA under the CA certificates. I have http redirect to https and under my browser, it is green.

  Once the AnyConnect client installs and automatically connect I get no error or anything. The minute I disconnect and try to reconnect again, I get the "VPN Server untrusted certificates! ' which is not true because the connection information to be https://vpn.mydomain.com and the SSL certificate is configured as vpn.mydomain.com.

  On that note, it lists the IP address instead of the vpn.mydomain.com as the unreliable piece of this. Now of course I don't have the IP as part of the SSL-cert, just the web address. On the side of the web, I have a record A Setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.

  What I'm missing here? I can post config if anyone needs.

  (My Version of the Software ASA is 9.0 (2) and ASDM Version 7.1 (2))

  Yes that's correct. technically, it will take you to EKU as keys to authenticate server who was a little forced in version 3.1. But eventually, he was taken away. If you get no error using the browser and ot only comes with the anyconnect client. Most likely, you do not have to configured values. I can confirm that if you can share the fqdn with me also, you can try the upgrade and check it out.

  Thank you

  Bad Boy

• Failure of the conversion due to SSL certificate problems - can work around this problem?

  I began the process of migration of a collection of virtual machines in an environment of KVM to an existing cluster of vSphere and try to use the converter (5.5) do a dynamic conversion/migration of a Ubuntu box, but it does not reason create the virtual disk on one of the hosts because of the SSL certificate, and I found no other messages or articles specifically on this (looks like most associated with SSL include improving speed)

  In the worker newspaper, I can see that:

  • The converter is able to successfully create the target VM
  • The attempt to create the virtual disk is defective for the certificate SSL is not invalid (all systems in the cluster appear to be using default certificates from VMware).  In the log file of the worker:

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL_IsVerifyEnabled: failed to read the registry value. Falling back to the default behavior: verification on. LastError = 0

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL: SSL unknown error

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] SSL: connection failed

  2014-08 - 07T 09: 35:13.947 - 07:00 [warning 06620 'Default'] [, 0] NfcNewAuthdConnectionEx [NFC ERROR]: unable to connect to peer. Error: The certificate of the remote host has these problems:

  ->

  -> * The host certificate chain is incomplete.

  ->

  -> * unable to get local issuer certificate

  2014-08 - 07T 09: 35:13.947 - 07:00 [info 06620 'Default'] Sysimgbase_DiskLib_OpenWithPassPhrase failed with 'NBD_ERR_NETWORK_CONNECT' (error code: 2338)

  • The goal of the virtual machine is removed.

  Is it possible to simply disable the validation of certificate for this process?  In the newspaper, it looks like a registry key that it would control, but I have not found any information on this subject (or guessed correctly).  Or can I import this certificate on the local Windows system running converter to get around it (I could not with this approach, but either)

  It's really not clear to me which system validation.  While the worker log shows it connect to the vSphere host, there is no such line indicating it connects to the host where the target VM is located, and it looks like this is the host with the certificate which is considered not valid.   Validation occurs not on my local system running the converter? (the parameters of the vCenter server shows that the box 'vCenter requires a verification of certificates SSL host' is unchecked already)

  Thank you

  Scott

  You might want to take a look at Re: an error occurred when opening a virtual disk. Make sure that the converter server and source running machines have network access to the ESX/ESXi hosts source and destination and let me know if it works for you.

• Requirments for URLLoader() on Android SSL certificate

  Recently the certificate SSL on my site https://www.jollysnpas.com has been updated and now all https requests, made by the URLLoader() on Android are denied. This is only a problem when running on a real android device.

  I try to get my hosting provider to investigate, however they may not be very useful so I hope someone here can determine why the new SSL certificate is rejected so I can get to fix their SSL certificate.

  to reproduce the error, the following code illustrates the problem.

  package

  {

  import flash.display.Sprite;

  import flash.events.Event;

  import flash.events.HTTPStatusEvent;

  import flash.events.IOErrorEvent;

  to import flash.events.ProgressEvent;

  import flash.events.SecurityErrorEvent;

  import flash.net.URLLoader;

  import flash.net.URLLoaderDataFormat;

  import flash.net.URLRequest;

  import flash.net.URLRequestMethod;

  to import flash.net.URLVariables;

  SerializableAttribute public class URLLoaderExample extends Sprite

  {

  private var loader: URLLoader;

  public void URLLoaderExample()

  {

  Super();

  var url: String = " " https://www.jollysnaps.com/ ";

  var request: URLRequest = new URLRequest (url);

  var requestVars:URLVariables = new URLVariables();

  Request.Data = requestVars;

  Request.Method = URLRequestMethod.POST;

  loader = new URLLoader();

  loader.dataFormat = URLLoaderDataFormat.TEXT;

  loader.addEventListener (ProgressEvent.PROGRESS, loading, false, 0, true);

  loader.addEventListener (Event.COMPLETE, complete, false, 0, true);

  loader.addEventListener (HTTPStatusEvent.HTTP_STATUS, httpStatusHandler, false, 0, true);

  loader.addEventListener (SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler, false, 0, true);

  loader.addEventListener (IOErrorEvent.IO_ERROR, error, false, 0, true);

  Loader.Load (request);

  }

  private void Completed(e:Event):void {}

  trace (e.Target.Data);

  try {}

  var responseVars:Object = JSON.parse (e.target.data);

  } catch (err: error) {}

  trace (err.name + "" + err.message);

  }

  }

  private void Loading(e:ProgressEvent):void {}

  If {(e.bytesTotal)

  trace ((Math.round ((100 / e.bytesTotal) * e.bytesLoaded)) m:System.NET.SocketAddress.ToString () + '%');

  } else {}

  trace ("file has no size");

  }

  return;

  }

  private void httpStatusHandler (e:HTTPStatusEvent): void {}

  trace ("httpStatusHandler:" + e.type);

  return;

  }

  private void securityErrorHandler (e:SecurityErrorEvent): void {}

  trace ("securityErrorHandler:" + e.text);

  return;

  }

  private void error(e:IOErrorEvent):void {}

  trace ("error:" + e.text + "Type:" + e.type);

  return;

  }

  }

  }

  The code works correctly by running anywhere, but android, showing the contents of the file returned by the URL query. The managed code correctly with the old SSL certificate, but not the new SSL certificate. now, it will fail with the error.

  error: Error #2032: error in workflow. URL: https://www.jollysnaps.com/ Type: ioError

  It's a bit missleading error like what actually happens is android refuses to make the URL request, because it does not trust the SSL certificate and therefore will not send the data over an unreliable link.

  If the URL is replaced by a Web server with a real such as SSL certificate.

  https://www.GoDaddy.com/

  Then, the code works correctly.

  To be clear that I am looking to establish what is inconsistent between the SSL for the site certificate https://www.jollysnaps.com/ and the URLLoader running on an Android device, so I can report to my Web host because they don't seem to take seriously my problem.

  Thanks in advance

  Well it turns out that after watching this post

  olation-error-in-Adobe-Flash-MOVI http://StackOverflow.com/questions/6142137/Bad-Certificate-Name-causes-Security-sandbox-VI

  I discovered the solution.

  The certificate was changed from

  www.jollysnaps.com

  TO

  jollysnaps.com

  While https://www.jollysnaps.com/ applications work well in iOS, BlackBerry and OSX on Android, they fail, however, wish to https://jollysnaps.com/ work.

• How to accept a new ssl certificate in Thunderbird?

  7.15.15
  I can't get or send emails on my cell phone two days ago.
  - Neither the "Configuration Options for certificates" worked to bring in the certificate that I use that allows you to send and receive e-mail. Under the "Digital Signature" or "Encryption" when I press "Select" to select a certificate, I get the pop-up message "Certificate Manager cannot locate a valid certificate... ». When I press 'View certificates' certificate that I use is listed under 'Servers' and the 'authorities' and is up to date.
  -In addition, under Tools - Options - Advanced - certificates for: "when a server requests my personal certificate", I selected "Ask Me every time" and left "query OSCP responder servers to confirm...". ', the box is checked.

  I think that this problem is bound to accept a new ssl certificate has been recently renewed. I've never had this problem before. How to start accepting a new certificate?

  Thank you.

  No you can not communicate with the server using a common product of Mozilla. In a short while you will not be able to co interact with it with any product. The operator/administrator of the server needs to fix their server to issue certificates 1024-bit or better. Or stop using TLS.

  The best explanation of this change and it's because I've seen is here https://weakdh.org/
  (right at the bottom of the page is what you need to do stuff)

  In essence, that the server does not have a security flaw serious patched and Mozilla products have been modified to not interact with servers that have not corrected the vulnerability. Vulnerability leaves you open to man in the middle attack on piracy.

• When you access Intranet sites that use SSL certificates issued by our internal PKI, FF for Windows gives an error of "incorrectly put in the form of message coded DER"

  When to access Intranet sites who have the SSL certificates issued by our internal PKI, FF for Windows gives an error message - an error occurred when connecting to myshaw. Security Library: improperly formatted DER encoded message. (Error code: sec_error_bad_der)

  Chrome and IE work fine. This is a PKI again using the signature SHA-2 algorithm.

  I was able to identify the problem. Our public key infrastructure has been using some signature algorithms that FF did not support.

• Thunderbird does not recognize a self-signed SSL certificate

  Dear support,

  I have a very strange problem that I don't understand.

  I run a server ISP offering IMAP and TLS/SSL HTTPS encryption. Both services use the same SSL certificate issued by RapidSSL/GeoTrust Server edward.ennabe.de

  When I open an https connection to the server, Firefox correctly solves the certificate chain and use the certification authority root Equifax (which is correct).
  However, when I try to connect to a mailbox via Thunderbird, all I get in the hierarchy of certificates is my server edward.ennabe.de. I don't think that it's "working as intended", or is it?

  Is something wrong with my Thunderbird or My Dovecot configuration? What is really strange that firefox recognizes it correctly.

  Thanks in advance

  Kind regards

  ZeroEnna

  In Thunderbird, click the 'Détails' tab in the display of the certificate.
  See all certificates of CA listed in the field "Certificate hierarchy" also installed in your Thunderbird certificate store?
  When checking this look for the tab 'authorities '.
  If there are no certificates listed in the missing chain in the Thunderbird certificate store (for some reason any), you can try to export it in Firefox and import them into Thunderbird.

• All the sites SSL Web I visit displays the message "this connection is untrusted" and shows me a false SSL certificate for a different domain name.

  When I visit a Web site that requires SSL I displays the message "this connection is untrusted". Any Web site that I visit, it's always exactly the same message and the same SSL certificate that she is no longer valid for www.thawte.com

  support.Mozilla.org uses an invalid security certificate.

  The certificate is not approved, because no sender string has been provided.
  The certificate is valid for www.thawte.com
  The certificate expired on 11/11/2011 23:59. The time now is 11:46 28/01/2012.

  When I click "Add the Exception" on a Web site and view the certificate, it is exactly the same certificate with the exact same serial number.

  I had a similar problem with Internet Explorer showing a 404 error when I visited SSL protected pages but to do a restore of the system a month ago to correct this. All other bowsers are / were very good.

  I installed Firefox 3.x month last to test something that is when the problem started. I have since uninstalled Firefox 3.x and reinstalled the latest version. I deleted all the preferences/settings, disabled modules and reinstalled many times. I did a Windows system restore to before that the problem started with no luck.

  The time / Date on my computer are correct. I have no firewall other than the windows one. I had no antivirus (netbook) until I installed a (Avast) yesterday to see if a virus was causing issues (found nothing). This problem arises on any internet connection (tested to work and home).

  Try bypassing the caveat

  or try to use the module Skip Cert error (to jump to the SSL/TLS certificate error page)

  Thank you

  Please check 'Resolved' the answer really solve the problem, to help others with a similar problem.

• Impossible to get websites to use respective SSL certificates

  Mac OS 10.10.5

  Server 5.0.15

  I have a question where the default web site ("Server (SSL) Web site" ") is in conflict with the SSL certificates for my three other SSL sites.

  The configuration of my website (Note: server IP is 192.168.1.100)

  • Web Server SSL (all IP addresses) site - cert for domain1.com (work)
  • Domain1.com (192.168.1.10) SSL - cert for domain1.com (work)
  • Domain2.com (192.168.1.20) SSL - cert for domain2.com (cert draws for domain1.com, invalid identity)
  • Domain3.com (192.168.1.30) SSL - cert to domain3.com (cert draws for domain1.com, invalid identity)

  My DNS records:

  • Primary area - Domain1.com
    • A: Domain1.com 192.168.1.10
    • NS: Domain1.com
  • Primary area - Domain2.com
    • A: Domain2.com 192.168.1.20
    • NS: Domain2.com
  • Primary area - Domain3.com
    • A: Domain3.com 192.168.1.30
    • NS: Domain3.com
  • Reverse zone - 1.168.192
    • PTR: 192.168.1.10 Domain1.com
    • PTR: 192.168.1.20 Domain2.com
    • PTR: 192.168.1.30 Domain3.com
    • NS: Domain1.com
    • NS: Domain2.com
    • NS: Domain3.com
  • Reverse zone - 100.1.168.192.in - addr.arpa
    • PTR: 192.168.1.100 server.domain1.com
    • NS: server.domain1.com

  Whatever the cert is selected for the default Web site apply to all SSL Web sites. The only way I can force everyone to use their respective certificates is to set the IP address of the Web site to be the same as the IP of the server (in this example 192.168.1.100). It works, but which prevents the work Profile Manager.

  I'm 99% sure that I have my DNS configured correctly (right now all a records point to 192.168.1.100 as a temporary solution), but I'm willing to take another look, if someone has a suggestion clearly and concisely. Ideally, each DomainX.com would have an IP de.10.20 et.30.

  So how can I do all three Web sites use different IP addresses AND their respective certificates? Is this possible?

  (I appreciate any suggestion at this stage. This question is impossible to find an answer anywhere on the internet after about 9 months of research).

  Solution for someone who comes looking for this problem!

  After talking to the Apple Enterprise support:

  The site services will assuming that you only have one certificate for all Web sites. Unless you want to really roll up your sleeves and get down and dirty with the Apache configuration files, you must have a valid certificate for all areas, you use AND give each site its own IP address.

  When configure you your certificate, the host name must look like this:

  Server.Domain1.com (this is the name of your common)

  *. Domain1.com

  *. Domain2.com, etc..

  I used a StartCom certificate class 2 IV SSL ($ 59 / year).

  Then, assuming you know how to import a verified certificate, use it for all services that need and all the websites you want course (why wouldn't you use https, anyway?)

• Pre complains about SSL certificate on the exchange server

  Hello.  I just got a pre and tries to set up to communicate with an exchnage server.  Pre complains and will not set up the connection with this error message: «"SSL certificate error.» Is the date and time correct? ».  The date and time are correct, but the server is running a self signed certificate.  This causes no problems with iPhones that use a lot of people here.

  How can I fix it?  It is not all parameters for this problem.

  I spent the weekend trying to test and understand what was going on.  I found that if I nominated the e-mail server (name after HTTPS: / / in Setup) the same as the name of certificate displayed in the Certificate Manager (Launcher > Device Info > more info > Menu > Certificate Manager), the error should disappear.  The problem for me was that the name of cert in cert Manager was different from address of mail server (in my case server. [domain .local] instead of mail. ([Domain_name] .com).  The transformation it seems to use is:

  (1) find the certificate...

  (2) CN is HTTPS: / / in the installer?

  (3) If no, use error 'Verify the certificate, date and time not correct' (or whatever it is) - If Yes, go to HTTPS: / /.

  (4) Exchange requires safety pin?  If no, proceed to synchronize - if so, use error "unsupported of security policies.

  So I looked more closely CERT and it held several common names (CN) for the cert.  It seems that ANY OTHER DEVICE can filter through the list of common names, and use the one that works.  The Pre uses only (whether first or last, I don't know).

  So, there are two options for the certificate problem (I guess the 3rd is that you can return the phone):

  FIRST SOLUTION

  =====================

  (1) check the name of cert in cert Manager.

  (2) if it is a name that can be resolved DNS (i.e.  [mail]. [mywebsite]. [com]) then change this setting in your exchange installation program in the mail server field beside the HTTPS: / /.

  This will only fix it if your COMPUTER administrator has with permissions on the used field.  It is possible that an alias is used on other areas

  SECOND SOLUTION (as I have done)

  =================================

  (1) ensure that your Certification Authority is installed.  You can do it by clicking START > ADMINISTRATIVE TOOLS > CERTIFICATION AUTHORITY - OR - on a computer on your network using IE/Safari/Firefox and typing http://server/certsrv.  If the page is found, then you are installed, if not, then you will need to have installed.

  NOTE: SBS 2003 WILL AWARD A CERT TO THE IIS WITHOUT THE ROOT CA.  THIS SEEMS TO BE THE PROBLEM WITH THE AUTO CERTS GENERATED I HAD

  (2) If you have not installed it, go to this topic, it is well written to get step by step instructions how to install, create demand for cert, create the cert and install the cert (it took me about 30 min).   http://www.MSExchange.org/tutorials/SSL_Enabling_OWA_2003.html

  NOTE: IF YOU ALREADY HAVE A CERT ON IIS, YOU NEED TO REMOVE IT AS IT IS "DEFECTIVE" CERT BEFORE YOU CAN REQUEST A NEW CERTIFICATE.  YOU MAY BE ABLE TO REINSTALL OVER THE NEW CERT, BUT I DON'T KNOW

  (3) open https://mail.domain.com/exchange on your computer - display details of the cert and save the file on your desktop - if you are using a laptop, you can also install it on your laptop to use for use outside the Office (this is also a good back-up that you can use to get more later if needed again).

  (4) plug your pre in USB mode.

  (5) slide the cert and unplug the USB cable

  (6) go to cert Manager

  7) tap on the icon of "Sun" at the bottom left

  (8) press on the new file cert that you save in USB mode

  (9) to confirm that the new cert appears with the name of the correct mail server

  10) go to the e-mail program and configure the exchange account

  The above will create a REAL root cert (not IIS domain root Cert) that the Pre can work with.

  Really, I don't know that how/why Palm overlooked this possibility because they claimed so-called does not want to sell to companies who need strict security requirements.  For me, it means a small / medium company that has limited IT supports (according to the needs, pay as you or green guy with limited knowledge).  Then, why they test the GER in this environment, I'm not sure.  I bet they were tested on their own network, which has all the correct methods, best practices for the management of cert.  I guess it's like the developers that they have offended and almost lost their support until turned it over and said: 'sorry, we really want make you programs for our platform WebOS. ".  We've just been paranoid for so long salivate us when the bell rings. "They just didn't beta test this well enough.  The sad result of this is that Sprint will have to address all of the sheets because this certificate simple reading process was given only minimal recognition capabilities.

  But having said that - I'm now completely in love with my pre!

  I'm happy to try to help if you need it.  I found a lot of the forum of solutions were not enough detailed, so do not hesitate to contact.

• How to install the ssl certificate in windows server 2008?

  Hello

  Can someone give me the steps to install the SSL certificate on my application hosted on windows server 2008 R2?

  Hello

  Although technet.microsoft.com should be the best forum for the problems of server below is a guide on how to install an SSL certificate.

  It will be useful.

  To install your newly acquired in IIS 7 SSL certificate, first copy the file somewhere on the server and then follow these instructions:

  1. Click on the start menu, go to administrativetools and click on Manager of Services Internet (IIS).
  2. Click the server name in the links on the left column. Double-click server certificates.

     

  3. In the Actions column to the right, click Complète Certificate Request...

     

  4. Click on the button with the three points, and then select the server certificate that you received from the certificate authority. If the certificate does not have a .cer file extension, select this option to display all types. Enter a friendly name that you can keep track of certificate on this server. Click OK.

     

  5. If successful, you will see your newly installed in the list certificate. If you receive an error indicating that the request or the private key is not found, make sure that you use the correct certificate and you install it on the same server that you generated the CSR on. If you are sure these two things, you just create a new certificate and reissue or replace the certificate. If you have problems with this, contact your certification authority.

     

  Bind the certificate to a Web site

  1. In the column of links on the left, expand the sites folder, and click the Web site that you want to bind the certificate to click links... in the right column.

     

  2. Click the Add... button.

     

  3. Change the Type to https , and then select the SSL certificate that you just installed. Click OK.

     

  4. You will now see the listed link for port 443. Click close.

     

  Install all the intermediate certificates

  Most of the SSL providers issue certificates of server out of an intermediate certificate so you will need to install the intermediate certificate on the server as well or your visitors will receive a certificate error not approved. You can install each intermediate certificate (sometimes there are more than one) by following these instructions:

  1. Download the intermediate certificate in a folder on the server.
  2. Double-click the certificate to open the certificate information.
  3. At the bottom of the general tab, click the install Certificate button to start the Certificate Import Wizard. Click Next.

     

  4. Select place all certificates in the following store , and then click Browse.

     

  5. Select the Show physical stores checkbox, then expand the Intermediate certificate authorities folder, select the below folder on the Local computer . Click OK. Click Next, and then click Finish to complete the installation of the intermediate certificate.

     

  You may need to restart IIS so that it starts the new certificate to give. You can verify that the certificate is installed correctly by visiting the site in your web browser using https rather than http.

  Links

  • Move or copy an SSL certificate on a Windows Server to another Windows Server
  • How to disable SSL 2.0 in IIS 7
  • How to configure the SSL in IIS 7.0
  • Video tutorials to install an SSL certificate in IIS 7 to NetoMeter

  Kind regards

  Joel

• Internal and external customers see certificate of Cisco router, NOT Exchange SSL certificate

  Cisco 876 Integrated Services router (ISR)
  Exchange Server 2010 SP1

  Customer: 2013 Outlook, OWA, ActiveSync WP7/WP8 (?)

  Put us in place a new Cisco ISR. Almost everything works fine, with a few exceptions. Exchange e-mail stopped altogether for several days until I realized that I needed to redirect the ports, SMTP, HTTP, and HTTPS, by external to the Exchange Server. Now, mail flow is fine, but...

  Every time I start Outlook, I get a certificate error. When I look at the certificate in the error popup, it points actually to certificate self-signed Cisco router. When we try to use the Windows phones, they get a "certificate error" and direct the user to the network administrator. Even with OWA: a certificate error, even if it can be "accepted" / overridden.

  Each customer can still work, with the exception of Windows phones. In Outlook and OWA, mail is always be sent and received, but must be accepted manually that the certificate is wrong before the customer takes care, and then it takes a little longer to load.

  Any ideas?

  I did "" port forwarding on the pots of 25, 80 and 443. Again, I did it yesterday and now mail seems to flow, whereas before, even if we could enter the client with Certificate error, message not be received. (There was also a problem with mail however not passed, but that was due to our mail relay provider and was set yesterday as well...)

  Everything worked fine with the previous router (obviously). It was a high-end, the level of consumption Fritz! Box commonly used in Germany. I also had to allow ports through this box is not unlike using the nat ip inside static commands on the 876, but I don't know what he could have let his own or why SRI is the Exchange Server application SSL certificate hijacking.

  Thanks in advance for any help.

  jeremyNLSO
  CCNA Routing & Switching, CCNA security
  MCITP, MCTS
  Berlin, Germany

  If we have actually figured this out today. The internal DHCP Server distributing the a DNS Server public as well as the internal DNS. The internal DNS was time and the customer became the external IP address of the public DNS and it received an unexpected cert of the router. Once we removed the public DNS servers from the DHCP server and used only DNS servers in-house, that the issue went away. Logical after we realized what was going on.

• On ASA 5520 SSL certificate configuration

  Hello

  I have an SSL certificate from a third party that shows under the identity of ADSM, howerver analysis of verification of the firewall shows that the SSL certificate is signed with an unknown certification Authority. I installed through primary and secondary certificate from the third party under the authority of certification the SMDA but when I check the SSL certificate it still shows as self-signed. Don't miss what other measures. I have attached a few screenshots.

  Thank you for your help.

  Wo

  Hello

  You have activated the correct trustpoint in Configuration > device management > advanced > component settings SSL? On this screen, there a "Certificates" section where you can select the trustpoint appropriate for each interface.

  The trustpoint will reference the certificate that you imported, and the interface will reference this trustpoint. Until you activate, the ASA will continue to use the self-signed certificate.

  Hope that helps.

  -Mike

• ACS 3.3 invalid or corrupted SSL certificate installed

  Hello

  I installed a new SSL certificate to replace the old one which was about to expire. After this update of cert, I can access is no longer the ACS server for admin purposes. I get the error "cannot establish connection cifered because the certificate presented by is invalid or damaged. Error code:-8101 "or something similar that the message is in Spanish.

  I tried to restart the CSAdmin service without success. I also watched ath the different CS tools but none of them does this nor is the Guide to GBA.

  Is there a way to remove the certificate from the command line or other?

  AY help would be appreciated because I don't want to reinstall/rebuild the server.

  Thank you

  Niels

  If the EC is 3.3.4 or below then it can be disabled through the registry. 4.x do not have registry settings to tweak.

  For 4.x

  A possible workaround we have is that if a GBA backup taken prior to activation of the HTTPS is there, we can restore the same and work around the problem.

  For 3.3.x

  To restore access using http on your server, you must change the registry setting

  to disable the https. Here's the location of the key "reg":

  HKEY_LOCAL_MACHINE \SOFTWARE \Cisco \CiscoAAAv3.2 \CSAdmin \Config \HTTPSSupport

  Change this value from 2 to 1.

  Kind regards

  ~ JG

  Note the useful messages

• MSE 8510: default SSL certificate expired

  Hello community,

  the SSL certificate self-signed of our MSE8510 that has been Setup automatically during installation has expired. Is there a way to create a new directly on the box or do I need to do external and transfer?

  Someone has a short guide on how to do it?

  Thank you

  Renz

  Check:

  http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/articles/mcu_certify_https_connections_157.shtml

  Its always a good idea to browse the first cisco documentation site! :-)

  You will find also some information when you use google, such as:

  http://blog.codesalot.com/2010/11/25/creating-certificates-fo-Codian-MCU/

  Please remember useful frequency responses (using the stars below) and mark answers useful or correct .