Faced with Windows 2008 R2 PKI, self-signed certificates &; view iPad customer Secure Authentication to view connection server: UGH!
Background: I was instructed to create a VMware View isolated laboratory test so that HIGHER-UPS can see how they could access the VM dedicated as well as how their developers could put related clones on-the-fly. The project was successful! Yay!
Addendum: A boss wants to see how VMware View works when accessing his computer virtual dedicated via his iPad on the internet... And who needs a secure SSL connection.
The problem is: the domain name I chose casually because the lab did not belong to me... So I can't have a real certificate from a trusted commercial certification authority.
So I'll try to roll my own public Windows 2008 R2 PKI and... All that forcing the iPad to use DC/DNS server in the lab... Get only the single get iPad trust view connection server by importing a sort of certificate.
Can I export/import a certificate of the CA of DC to the iPad via an attachment... And it happens with confidence. But how to create a login to view the server certificate and electronic-mail/import in the iPad so it happens with confidence? Whenever I try to export the certificate of the certificate of the view connection server store, send it to the iPad and install... The connection server certificate appears as 'not reliable' and the VMware View client will not connect.
(Of course, I could get sloppy and set the iPad Client to accept untrusted connections... "But I want to solve the problem of approved connection).
I could be missing something royally on the self-signed certificates and certificate chains.
(It is a first for me dealing with Active Directory Windows Certificate Services. In the past, I always just installed expensive commercial SSL CA certificates in the certificates Windows Server stores before.)
Any help or direction, you can provide would be appreciated. I'm rather confused.
See you soon!
Keegan
Hello
Maybe was your initial problem that the provided certificate must be a descendant of a trusted root, such as Verisign cert or
the root certificate must be installed and all the intermediate certificates in the trust chain down to the one you use?
Concerning
AndyR
Tags: VMware
Similar Questions
-
Hi all.
I use Forms 11 g 11.1.2.1 and updating JRE 7 45.
I have create a jar file containing gif icons files using this procedure:
(1) create the jar file:
set path = % path %; C:\Oracle\Middleware\Oracle_FRHome1\jdk\bin (my ORACLE_HOME/jdk)
jar - cvf webfigolos.jar *.gif
(2) self sign the file:
c:\Oracle\Middleware\asinst_1\bin > sign_webutil.bat c:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar
Jars is signed but with a warning:
Generate a signature key certificate aaosa2015 = auto...
keytool error: java.lang.Exception: key pair not generated, al alias < aaosa2015 >
loan is
.
There are errors or warnings while generating a self signed certificate. Pleas
e revisiting.
.
Backup as c: C:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar
\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar.old...
1 file (s) copied.
Signature using ke c:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar
y = aaosa2015...
.. own made.
But I can use this file. The application crashes and get this error from the java console:
network: connection http://myluism-pc:7001/forms/lservlet; jsessionid = p98GTL5Fh6XnQcykySBhLWq2823HwHlPGZ16TYHVv93006N4mmdl!-947562687 with proxy = LIVE
network: connection http://myluism-PC:7001 / with proxy = LIVE
Exception in thread "AWT-EventQueue-3" java.lang.NoClassDefFoundError: oracle/ewt/laf/basic/SelColorChange
at oracle.ewt.laf.oracle.OracleTreeUI.createItemPainter (unknown Source)
at oracle.ewt.laf.basic.BasicTreeUI._getItemPainter (unknown Source)
at oracle.ewt.laf.basic.BasicTreeUI.getItemPainter (unknown Source)
at oracle.ewt.dTree.DTreeBaseItem.getSize (unknown Source)
at oracle.ewt.dTree.DTree.paintCanvasInterior (unknown Source)
at oracle.ewt.EwtComponent.paintInterior (unknown Source)
at oracle.ewt.lwAWT.SharedPainter._paintInterior (unknown Source)
at oracle.ewt.lwAWT.SharedPainter.paintExtents (unknown Source)
at oracle.ewt.lwAWT.LWComponent._paintComponent (unknown Source)
at oracle.ewt.lwAWT.LWComponent.paint (unknown Source)
at oracle.ewt.EwtComponent.paint (unknown Source)
at oracle.ewt.lwAWT.SharedPainter.paintExtents (unknown Source)
at oracle.ewt.lwAWT.LWComponent._paintComponent (unknown Source)
This used to be a very simple procedure, but it has stopped working...!
Don't know if the jar file is well born, or if it is corrupt.
I can't start my application.
Help, please!
Best regards, Luis.
Try again with the JRE 7 10 update, I get a problem with the update of JRE 7 45, but when I tried the update of JRE 7 10, it works fine.
For the objective test, disable the check
Java Panel-> advance-> mixed Code-> disable verification (unchecked)
-
cannot install self-signed certificates sbs2008 on Vista SP2 with IE8
I use SBS2008 Setup and it is to use self-signed certificates,
My laptop is Windows Vista SP2 with IE8.
When I try and connect to my OWA SBS2008 Web site, I get this error: there is a problem with this site's secure certificate.
I tried to solve my problem with this solution: http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx , don't worry! In date; May 8, 2008
I also looked at: http://support.microsoft.com/default.aspx?scid=kb; EN-US; 932156 , dated; November 19, 2008
This link is on the page above: download the update for Windows Vista (KB932156) package now. , dated March 24, 2008. I understand that all of the above links are ment to work with Vista & IE7, there is no mention of the Service Pack level.
This patch really works on Vista SP2 with IE8 or do I have to change the registry and if so, this key is always the right pair?
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
Thank you
Hello
Questions like these are much better handled in the TechNet IT Pro Forums.
My moderator tools cannot transfer messages on Windows forums, please re - ask you question there.
http://social.technet.Microsoft.com/forums/en-us/itprovistanetworking/threads
-
RTMPS with self-signed certificate
Hello
I have a simple Webcam movie, publish live video
FMS 2.0.2 r51 dev under Debian 3.1r2 edition
and then he plays in another video-window.
It works very well and rtmp, rtmpt, but with rtmps I get
the error "NetConnection.Connect.Failed".
I have prepared a simple and all assembled test scenario
info here: http://pref.dyndns.org:8080/live/live.html
The certificate has been created by me in this way:
openssl req - x 509 - days 365 - newkey rsa:1024.
-self-signed - certificate.pem - keyout pub-sec-.pem
And implement defaultRoot_/Adaptor.xml:
"< name HostPort ="edge1"ctl_channel =": 19350 ">: 1935, 80,-443 < / HostPort >"
... jumped...
/Home/afarber/certs/self-signed-certificate.PEM < SSLCertificateFile > < / SSLCertificateFile >
< SSLCertificateKeyFile type = "EMP" > /home/afarber/certs/pub-sec-key.pem < / SSLCertificateKeyFile >
secret of < SSLPassPhrase > < / SSLPassPhrase >
< SSLCipherSuite > ALL:! ADH:! BASS:! EXP:! MD5:@strength < / SSLCipherSuite >
I'm sure that the server works as I see in the var:
localhost adapter [2675]: listener started (_defaultRoot__edge1): 443 (secure)
I also tried to put
Import mx.remoting.Service;
Import mx.services.Log;
Import mx.remoting.debug.NetDebug;
NetDebug.initialize ();
at the top of my AS code, but the NetConnection debugger
window displays no information at all, for some reason any:
http://pref.dyndns.org:8080/live/NetDebug-empty.gif
Concerning
AlexI found the solution-
There is a bug in the current Flash Player:
If a pop-up window of dialogue for a reason any
(as unknown CA or not is not host name)
then the cert will be rejected even if you
Click 'yes '.If you are generating a cert self-signed like this:
OpenSSL genrsa-des3-out ca.key 4096
openssl req - new - x 509 - days 365 - key ca.key - out ca.crtOpenSSL genrsa-des3-out server.key 4096
openssl req - new - key server.key - out server.csrOpenSSL x 509 - req-days 365 - in server.csr - CA ca.crt - CAkey ca.key - set_serial 01 - out server.crt
(increase the 01 above for each new cert).
and then import the ca.crt from above in your
browsers (i.e. double-click on Windows for IE
Open from Mozilla Firefox and click OK).Concerning
Alex -
Pavilion p7 - 1227c needs the network drivers that work with Windows 2008 server R2
I bought this new Pavilion P7 - 1227C at Costco so that I can install Windows Server 2008 r2 with Hyper-V role
I managed to install Windows 2008 server but unable to t the wireless or ethernet to work. I tried to use the driver 64 bit Windows 7 without success.
I think return Costco if I can't get the network driver that will work with Windows 2008 Server R2
Thanks, in advance.
Tour37
Hi Paul,.
Thanks for the link, I was able to download AR816X_V.0.14.15_WHQL.
The driver works for Windows 2008 Server R2. I just need to find the drivers for the wireless card.
Best regards
Round 37
-
Problem with Windows 2008 Enterprise
Hello!
I have a problem with Windows 2008 Server. I have a server with the operating system and I shared network folders and more restricted to different users. Random users cannot connect to moments share files and then automatically recovers. Remote access to the server is enabled. Sometimes I can connect to the server sometimes didn't. Below is a photo with a message.Hello
Support for Windows Server is not provided in these forums. On the other hand, it please repost your question in the relevant Microsoft TechNet forum here:
http://social.technet.microsoft.com/Forums/en-us/category/windowsserver .
Thank you. :)
-
ASA SHA2 support with self-signed certificates
Is it possible to use the signature SHA2 algorithm generating a certificate self-signed on an ASA? I can't find any documentation on orders that have control of things like the signature algorithm when you use self-signed certificates. I have seen documentation SHA2 is supported from 8.4.2 for the signature algorithm, but it always refers to the import of a certificate from an external certification authority.
Hi William,.
You can only generate self-signed certificate on the SAA SHA1. The solution is to import a certificate from a 3rd party with signature SHA2 algorithm.
Here is the value for the same application:-
ASA support for SHA - 2 for crypto IPsec and operations of the public key infrastructureCSCuj67576
https://Tools.Cisco.com/bugsearch/bug/CSCuj67576/?reffering_site=dumpcr
Kind regards
Dinesh MoudgilPS Please rate helpful messages.
-
Self-signed certificate installed successfully but with VR error device
HI gurus,
I'm in the middle of the upgrade of RS 5 5.1 RS for replication of vSphere.
I'm trying to install and register the device VR 5.1.
On the configuration tab I filled out the Info: and tried to produce the certificate and start the service.
It comes up with the following msg.
Self-signed certificate installed successfully.
WARNING: Bad service state: execv() arg 2 must contain only strings.
The info I have completed are as follows:
VRM Host: ip address of host vrm
Name of the Site of VRM: virtual site of DR (FQDN) appliance
vCenter Server Address: address of the server vCenter DR FQDN
vCenter Server Port: 80
vCenter Server Admin Mail: e-mail administrators
Thanks in advance!
Here's your answer...
Edit the/etc/sysconfig/network/config file.
Find this line:
NETCONFIG_DNS_STATIC_SERVERS = «»
Change the line and put a DNS server IP address in quotes.
Restart your device and try again.
Edit: Still one thing, make sure that you deploy the version of the appliance corresponds to your version of vCenter. vCenter Server 5.5 uses the replication device 5.5, 5.1 VC uses 5.1 etc.
-
Performance problems on Oracle 11 G with Windows 2008 64 bit.
Hello world
I noticed that our database is going bad and low every week. My server has 16 GB of RAM and 10 GB are dedicated to the database Oracle, it is a 11.2.0.1 with Windows 2008 R2 SP1 64 bit. I would like to know according to the values of the movement following you guys recommend to adjust in the init.ora:
ORCL.__db_cache_size = 5402263552
ORCL.__java_pool_size = 33554432
ORCL.__large_pool_size = 33554432
ORCL.__pga_aggregate_target = 3657433088
ORCL.__sga_target = 6878658560
ORCL.__shared_io_pool_size = 0
ORCL.__shared_pool_size = 1308622848
ORCL.__streams_pool_size = 33554432
* .memory_target = 10511974400
* .open_cursors = 5000
* .optimizer_mode = "RULE".
* runoff = 300
According to the target memory on how values can be increased the process, pga_agregate_target, etc.
We also have problems with the bug Bug 9593134 "connection to Oracle 11 g are slow and can take anywhere from 10 seconds to 2 minutes." there is a difficulty on linux by removing dns names on this subject, but someone has experience on windows platforms?
Thanks to all and sorry for my English.
Kind regards.
Arturo.Concerning the long connection times, have you tried to use the network (such as Wireshark) packet capture software to determine that the client computer when a connection attempt is initiated?
The Oracle database time can help the model statistics and wait events extensive system you diagnose performance problems related to poor (you should not only look at the statistics, but rather capture the current values, wait a while, statistics capture again and compare the evolution of the values of the statistics). A statspack report may also help - but a trace 10046 to level 8 or 12 is more appropriate if you are able to identify a few sessions that have performance problems.
I claim not just blindly changing the settings, even if I'm curious about:
* Why the session level setting OPEN_CURSORS is set to 5000 - you expect a single session to hold cursors open 5,000?
* Why do you use the obsolete RULE based optimizer?
* Why the MEMORY_TARGET parameter is used when the target SGA_TARGET and PGA_AGGREGATE are specified?Charles Hooper
http://hoopercharles.WordPress.com/
IT Manager/Oracle DBA
K & M-making Machine, Inc. -
Is Oracle 10g compatible with windows 2008?
Hi all
Is Oracle 10g compatible with windows 2008?
What are the oracle 10g of the OS compatible with? It is compatible with the VMware environment too?
Concerning
Arunuser12273523 wrote:
Hi allIs Oracle 10g compatible with windows 2008?
Yes
What are the oracle 10g of the OS compatible with? It is compatible with the VMware environment too?
Please check
http://www.Oracle.com/technology/software/products/database/index.html
Concerning
Rajesh -
WebLogic 10.3 with Windows 2008 R2
Hello
Is Weblogic 10.3.0 certified with Windows 2008 R2 EE (64-bit)?
Thanks in advance,
Radu DobrinescuYou can see a list of the OS supported from the following link:
http://www.Oracle.com/technology/software/products/IAS/files/fusion_certification.html
In this quest for link: configuration system required and taken platforms supported for Oracle WebLogic Server 10.3
It will provide you with an excel spreadsheet listing all the configurations supported for WLS 10.3.
Sheet excel says that:
Oracle WebLogic Server: 10Rg3 (10.3) is supported for
Intel EM64T, AMD64
Windows 2008 (including SP1 +)Thank you
Sandeep -
TLS fails on linux self-signed certificates
on firefox 38.1.0 under centOS 6.6 I have some problem with TLS.
When it first happened I re fact cert using keys of 2048 bytes. It seemed if address the issue when you navigate to similar addresses to https://localhost/somesite, however, I have try https://localhost:10000 with the fact that it still fails:
An error occurred during a connection to localhost.localdomain:10000. The certificate server included a public key which was too low. (Error code: ssl_error_weak_server_cert_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
The signing certificate is algorithim-> PKCS #1 SHA-1 with RSA encryption
The algorithim public key is-> PKCS #1 RSA encryption
The key has been creating 07/06/15 for a period of 10 years is a Version 1 cert issued by myself with the info
E = [email protected]
CN = localhost
UO = hq
O = permite
L = Stone Mountain
ST = ga
C = usIt was a problem of webmin.
To fix this /etc/webmin/miniserv.pem edition replace the cert and private key sections.
Use a new generated key and self-signed certificate. If you follow the instructions of centOS, the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt
-
Can I generate self-signed certificates free for Nexus 9 K?
Hi, I have 22 9Ks Nexus that I just upgraded to 3,0000 I4 so I can use the REST API.
I use vRealize Orchestrator for automation, and I can't access the REST API on the Orchestrator help link, as certificates are at expiration.
I can't find much information on this subject for the 9 K, unless the 9Ks are mode of the AIT, in this case I think that TACS are the only people who can generate a certificate.
Does anyone know otherwise work around this? Otherwise, I'll have to approach a TAC case for 22 certificates generated :-/
Cheers, Dom
I'm not familiar with the technology with what you're trying to integrate, but here's a guide on how generate a custom SSC (self-signed Cert) on a device:
#conf t
#hostname DEVICE01-NOTE: must not be changed
#ip - domain test.localgenerate a General key label SSC_KEY module 2048 rsa key #crypto
#crypto pki trustpoint SSC_LOCAL
#subject - name, CN = DEVICE, DC = test, DC = local
#enrollment selfsigned
# crl revocation checking
#rsakeypair SSC_KEY 2048#crypto ca enroll COMMAND SSC_LOCAL HIDDEN: initiate the creation of SSC
% Include the serial number of the router in the name of the topic? [Yes/No]: no
% Include an IP address in the name of the topic? [None]:
% Generate self signed certificate router? [Yes/No]: YesRouter self-signed certificate created successfully
After this make sure that you do NOT change the host name of the device :)
-
Create a self-signed certificate
When I use ADM to access my router I always get a message that I have established a connection with "ip address", but the certificate belongs to IOS-self-signed-cert... etc. I generated RSA keys with the address. How to generate a new self-signed certificate that includes the ip address of the router? Thank you.
self-signed certificate
You can use the "crypto pki trustpoint name" command on the router to create a self-signed certificate.
Check this link for configurtion:
-
Hi all
How to create a self-signed certificate?
Concerning
CNUHi ALAIN,
You should use the utility orapki for this (to AS10g). 'Orapki' is a utility that is shipped along with the installation of the Oracle Application (path on windows $ORACLE_HOME/bin/orapki.bat) server and you can use the same to generate the wallet and certificate for your test object.
Here are the steps, first of all, let's create an empty wallet and the other will add a self certificate signed to it.
1 C:\Oracle10g\midtier2\bin\orapki.bat wallet create - portfolio. Eu1 - pwd
2. Add C:\Oracle10g\midtier2\bin\orapki.bat wallet - wallet. -1024 key size - dn "CN = sample" - self_signed - pwd eu1 - validity 365Kind regards
Anuj
Maybe you are looking for
-
Hello I'm trying to programmatically control the legend of a chart graph. I wrote a labview code and I can't find what the problem is here.The legend does not work correctly as I hope. I sent some input values (STRINGS) in the Plot.Name of the node p
-
Mac OS compatibility 10.8.2 with HP Color Laser Jet 5550 dtn and HP Laserjet 4240 N
My Macbook Pro retina was just upgraded to 10.8.2 this morning. I am more able to print to any of the printers on our network of office, and I think that this was due to the "upgrade". Anyone else has this problem, and what is the solution? I can'
-
You say that my plan had expired and when can I manage plan does not open any page I do?Doesn't have the button "Edit payment details.
-
Your system is out of memory application
Try to open Dreamweaver is triggering this error in OS X, I have to force to leave. I can't recreate the issue with any other application. Any suggestions? So far I tried to reinstall OS X, reinstall Dreamweaver and removing the Dreamweaver MacFileCa
-
I take the test and found this code-public class Outer { public void someOuterMethod() { //Line 5 } public class Inner { } public static void main(String[] argv) { Outer ot = new Outer(); //Line 10 } } The following code frag