HPDM: HPDM replace self signed SSL certificates for server HDPM and master repository

Similar Questions

• Thunderbird does not recognize a self-signed SSL certificate

  Dear support,

  I have a very strange problem that I don't understand.

  I run a server ISP offering IMAP and TLS/SSL HTTPS encryption. Both services use the same SSL certificate issued by RapidSSL/GeoTrust Server edward.ennabe.de

  When I open an https connection to the server, Firefox correctly solves the certificate chain and use the certification authority root Equifax (which is correct).
  However, when I try to connect to a mailbox via Thunderbird, all I get in the hierarchy of certificates is my server edward.ennabe.de. I don't think that it's "working as intended", or is it?

  Is something wrong with my Thunderbird or My Dovecot configuration? What is really strange that firefox recognizes it correctly.

  Thanks in advance

  Kind regards

  ZeroEnna

  In Thunderbird, click the 'Détails' tab in the display of the certificate.
  See all certificates of CA listed in the field "Certificate hierarchy" also installed in your Thunderbird certificate store?
  When checking this look for the tab 'authorities '.
  If there are no certificates listed in the missing chain in the Thunderbird certificate store (for some reason any), you can try to export it in Firefox and import them into Thunderbird.

• Install a new SSL certificate for Server 2008 R2

  Hello

  We have a Windows 2008 R2 server running of the machine. As a company that manages payments, we need to be registered PCI DSS and the scan picked up a point of failure is that we do not have an SSL certificate installed. I bought a via GoDaddy and followed the instructions on their site to install it, but the PCI DSS Analysis is always a failure for the following reason: -.

  "The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certification authority."

  The certificate at the top of the string is the default "integrated". How to promote the certificate GoDaddy installed at the top of the chain?

  Thank you

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Sefl-signed ssl certificate is not possible?

  Hi all
  
  the ILO is not yet possible to let flex' webservice or httpservice to connect to a
  WebService https secured by a self-signed certificate? There is absolutely no reason
  for me to buy a 'real' certificate just for encryption purposes.
  I installed crossdomain.xml on the target server, the Web service works well when pasting
  the URL in the browser and I have installed the certificate in IE (which I use here), then
  is no error and shows the OWL small lock in the address bar. But Flex refuses to work,
  except for run the application locally (means by clicking on "run" in flex builder).
  I'm using Flex 2.01 so important.
  
  So, could someone help me? Or Flex so ignorant for self-signed webservices?
  
  Good bye
  sysFor

  Hi sysfor,

  I am using the appropriate production and development self-signed SSL certificates in & don't test, no problems so far.
  Flex/Flash is not the authentication of SSL certificates - this task is delegated to the browser.

  So I suppose you are faced with a different type of problem - your crossdomain.xml is not configured correctly.
  Have you checked the log of policyfiles.txt?
  Another point, you're probably doing is called direct URL (https://myhost/path). Instead, you must use a relative path. For example if your swf file has been downloaded from the server myhost, then he should just make the calls in / path.

  See you soon,.
  Dmitri.

• Red vCenter - unable to check CA (PSC) signed SSL certificate vCenter VMware

  I am trying to deploy a new Horizon view 7 based on vSphere environment 6 U2 to replace our pod 5.3 view existing. I have a Windows Server vCenter Server with separate PSC of Windows. I used the PSC signed the SSL certificate for vCenter and downloaded and added the certificate authority root for the required workstations and servers via Group Policy. If I navigate to vCenter from your desktop with CA root installed all is well on the HTTPS front. I added this vCenter Server in my environment view but it appears in red on the dashboard view. I clicked on the vcenter Server and checked the certificate, but at no time should you go green. The two connection servers have the CA root installed and if I launch a browser from the connection to the server itself, then navigate to the vCenter FQDN certificate is approved.

  Any ideas?

  I cannot create pools for this reason that the view is not currently communicate with vCenter as well and it won't let me choose a virtual machine model.

  If you need to know more details please let me know and I'll happily supply.

  Thanks in advance.

  Having re-read the Horizon view documentation 7 to confirm that I had taken the correct steps already, I decided to restart both of my new server connection, that solved the problem. My vCenter server now shows in green in the dashboard and I was able to successful deployment of desktop computers.

• Cannot save vSphere Web Client after the replacement of the SSL certificate

  Hi all

  I have followed the Articles of Derek Seaman on the replacement of all the certificates in vSphere 5.1 and have since turned to the VMware KB Articles. I replaced the certificates for the SSO, the inventory Service and vCenter Server with no problems (other than having to use OpenSSL-Win64 for vCenter certificate that I could not get the x 86 version certificate of work, makes no sense, but I'll take the small victory).

  If you follow the guide of vmware to replace the web service certificate, http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC & docType = kc & docTypeID = DT_KB_1_1 & externalId = 2035010, I get to step 12, enter the VMware vSphere Client Web back to vCenter Single Sign On and the following error:

  ##########################

  D:\Program Files\VMware\Infrastructure\vSphereWebClient\SsoRegTool > regTool.cmd registerService - cert "C:\ProgramData\VMware\vSphere Web Client\ssl" - ls - url ( https://(Server URL): 7444/lookupservice/sdk - username admin@system-domain - password (password) - dir 'D:\Program Files\VMware\Infrastructure\vSphereWebClient\SsoRegTool\sso_conf' - ip "*." ' * ' - serviceId-file 'D:\Program Files\VMware\Infrastructure\vSphereWebClient\serviceId'

  No file properties not found
  Initialization of provider of record...
  SSL certificates for https://vsphere.au.ray.com:7444/lookupservice/sdk
  SSL certificates for https://vsphere.au.ray.com:7444 / sso-adminserver/sdk
  Unhandled exception trying to escape: null
  Return code is: OperationFailed
  100

  ##########################

  VMware technical support suggested I uninstall all components, delete all databases and try again. I have done this and have exactly the same result.

  Has anyone seen elsewhere or managed to solve?

  Chris

  So, I managed to solve this problem. Not sure that this applies to everyone, but my problem was caused by registering using among other names of the subject in the SSL certificate for the SSO rather than the common name of the certificate.

  For example, the server name is server1.company.com. It is the common name of the certificate. But one of SAN of the certificate has been "vSphere.company.com".  If I used this other name in one of the component records that they would fail. I found that I have to use the common name. Even if the alternative names of job access to via your browser web, there is no certificate warning, if the registration of components using these names, it would fail.

  It seems crazy that you can use any of the San... then why allow us to make?

  Initially, I tried to replace the authentication certificate ONLY when the town was called vsphere.company.com, rather than the hostname of the server, and which is installed. However, try to install the Web Client would fail. When you come to the step where you have to accept the certificate of SSO, the installation fails because the common name of the certificate does not have the host name of the SSO server. It seems insane to me... why the host name of the server running the SSO should still come in when all calls are over HTTPS is simply absurd!

  I confirmed this with VMware Technical Support and they checked my conclusions.

• CA-signed SSL certificates on vCenter 5.1 installation (server or device)

  I recently updated my 5.0 to 5.1 ESXi ESXi hosts and they all kept CA-signed SSL certificates that I installed previously. I did a new install of vCenter 5.1 server where the box even ran SSO, inventory, vCenter Server and Manager Update Services. After installing, everything worked perfectly except that none of the vCenter services used my CA-signed SSL certificate - only 5.1 ESXi hosts had these.

  So, I followed the instructions in replacing default vCenter 5.1 and ESXi certificates PDF found at http://www.vmware.com/resources/techresources/10318. The document is terrible. For example, page 10 lists the locations by three default certificates SSL on Windows 2008. None of these paths are correct. The first a typo of extra space between "Program" and "Data" and the other two say "Program Files" when they should have been "ProgramData". This is just the beginning of the problems.

  If you follow the instructions to the letter, you'll break vCenter. I got frustrated and thought I'd give the vCenter 5.1 device a shot. With regard to the Certificates SSL signed by CA, it was worse. The vCenter 5.1 device can even automatically generate a new SSL certificate if you change the host name (turn on generation auto-certificat, change of hostname and restart). It gives an error 653 during the boot process and keeps the original of the certificate. Even bother trying the steps on page 18 of the above-mentioned guide - you will get just the same mistake 653.

  It seems to me that VMware did not all tests around the CA-signed SSL certificate on vCenter 5.1 installation. It's amazing to me that the installation of the SSL certificate is so tedious for ESXi and vCenter when vShield Manager 5.1 has a very simple process that works well (and is similar to the installation procedure for Certificate SSL on the DRAC, ASR, breeding various firewalls, etc.).

  I did a lot of research on Google and found various articles on the installation of the SSL certificate, but most were based on GA pre - 5.1 products. If you have any installation of certificates SSL CA-signed success with vCenter Server or device 5.1 GA, let me know how you got around some of these issues. Please indicate if your vCenter Server or device will run on a 5.1 GA ESXi host as well. Please do not answer about vCenter 5.0 - I had no problem with SSL certificates (other than it was more painful to be).

  Thanks in advance,

  Nate

  Finally I managed to install giving him to 127.0.0.1 instead of the period of INVESTIGATION, accessible from the outside of the vCenter server, it's very well in my case the vCenter and VUM server are on the same VM but its not exactly ideal for deployments of more large.

• Flex + self signed SSL Cert

  We have an SSL certificate that is self-signed on our application server. When we run the application flex from outside of our network and try to access the web service, flex throws the following error:

  Failed to load the WSDL. If there are currently online, please verify the format of the WSDL and URI file

  We did install the certificate on client computers for IE and Firefox, but nothing seems to fix it, as we have tested the service via http and it works fine, but when you switch to https is when it breaks. To test further we loaded the wsdl for the service from outside of our network and were able to see with the crossdomain.xml file that resides on the server. At this point, we are at a loss of what could be the problem.

  Does anyone have any suggestions?

  Thanks in advance. If you need information additional just ask.

  Pony up the $15 for a cert play. You've already spent more in a way that tries to "solve" this problem.

• SSL certificate for access to the administration of a WSA

  Can someone point me to a guide on how to install an ssl certificate for access to the administration of a WSA?

  Curiously, all the documents that I could find so far talk of SSL certificate for HTTPS decryption...

  Page 367 of this doc.  http://www.Cisco.com/c/dam/en/us/TD/docs/security/WSA/wsa8-0/wsa8-0-6/WSA_8-0-6_User_Guide.PDF

• Setting the SSL certificate for the web user interface

  How can I configure the SSL certificate for the management of a SG300 interface? I don't seem to find the configuration option in the web gui?

  Hello Dirk,.

  For import / create / modify h99350 ssl please go to ' ' security > SSL server > SSL server authentication settings.

  HTTPS is enabled by default.

  Thank you and best regards,

  Siva

• SG300-28 import self-signed SHA2 certificate to the SSL Protocol (including the format? How do I?)

  1. What is the format a certificate and private key combination should play during import to use SSL?

  2. how actually import you - via CLI or web interface.

  I'm trying to import an SSL certificate that is self-signed in the SG300-28 to secure the connection to the web interface of the switch. The certificate is signed by my own 'certification authority' / custom root certificate.

  I tried to do it via the graphical interface of web management (security > SSL server > server SSL authentication) and the command-line via SSH. I will detail my exact process below. I had no problem importing a certificate created in the same way to the Cisco RV320 router, although the web interface is different.

  How to create a certificate that is accepted by the switch?

  (Image Active) firmware version: 1.4.0.88

  My approach:

  1. OpenSSL 1.0.1f January 6, 2014; on an ubuntu 14.04 machine
  2. Create my own, certificate of self-signed root:

   openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 3650 -out rootCA.pem

  3. create a private key and the real certificate and sign them using the rootCA.pem:

   openssl genrsa -out switch.key 2048 openssl req -new -key switch.key -out switch.csr openssl x509 -req -in switch.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out switch.crt -days 3500

  for later use, export the public key of the switch.key - file using

   openssl rsa -in switch.key -pubout > switch.pubkey

  4. open the web interface of the switch and check for the SSL settings (Security > SSL server > server SSL authentication).

  4.1 click "import certificate".

  4.2 paste the contents of the switch.crt file in the ' certificate:'-textbox

  4.3 to import pair of RSA keys

  4.4. Paste the contents of the switch.pubkey file in the public key field

  4.5 by selecting the 'Clear text' radiobutton control and paste the contents of the inside switch.pubkey

  4.6 click 'apply '.

  4.7 receive an error message 'invalid key head '.

  The private key looks like this (oviously, I created a new one for this example):

   -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA3gOvNzKqULXnT7zL9fl4KJAZMo5eYHfwPSN0wl385na37oHz [23 more lines truncated] aB7Pooa60anjIVJmlSIp4WJ8U+52BMKJZ5rqHnJ1sBBo1zpAtcdspg== -----END RSA PRIVATE KEY-----

  I also receive a header invalid key error when you try to import the private via CLI SSH key using:

   switch(config)#crypto key import rsa

  I also converted the certificate and the private in PKCS12 and then back to the PEM key that gives me the following private key "head" which is not always accepted when pasting in the CLI:

   Bag Attributes localKeyID: FE 24 88 34 66 BE E9 DB CE 4E 91 23 2C 0E 03 B1 A7 58 32 24 Key Attributes:  -----BEGIN PRIVATE KEY----- MIIEvgIBA[...] -----END PRIVATE KEY-----

  What key header miss / what am doing wrong in general?

  It seems that ' import key cryptographic rsa "command is not suitable for import SSL key related private, but rather for the importation of SSH keys. Code "key header is missing" means that switch expects anything other than "-----BEGIN RSA PRIVATE KEY-----", for example the headers that you can see after the execution of ' view keys cryptographic rsa "(- START PRIVATE KEY ENCRYPTED SSH2-).

  To get your SSL certificate installed, you have two options:

  The CLI option:

  • create a RSA private key with command

   switch(config)#crypto certificate 2 generate key-generate 1024

  • create the certificate request with

   switch#crypto certificate 2 request

  (don't forget to provide all information for this order, including '' cn '' and so on). Note that this command must be executed inside the privileged mode and not in mode configuration as the previous command.

  • After you run this command, you'll get sign certificate request (CSR). Copy and paste it into the new file on the server that hosts your certification authority.
  • now sign this CSR file with the command that you have already used:

   openssl x509 -req -in switch.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out switch.crt -days 3500

  • After signing to just open the file "switch.crt" and copy all content between BEGIN and END section including.
  • and import this certificate with order

   switch(config)#crypto certificate 2 import

  • and finally for your certificate to be active, do it with the following command:

   switch(config)#ip https certificate 2

  WebGUI option:

  Here, the procedure is similar to the CLI:

  • You must click on "Generate certificate request" in the "Security-> SSL server-> server SSL authentication" section, fill in all necessary data and click on "Generate certificate request."
  • you will get CSR data you need to paste into the server with the certificate of the CA.
  • sign the certificate with the command openssl similar as mentioned previously
  • and import a certificate with maintaining "import RSA Key-Pair" unchecked.

  Personally I've never managed to get imported both key and certificate from the outside.

• Flex iOS app refuses to connect to a self-signed SSL server: error 2032

  Hello everyone, thank you for reading this and I hope you could help me with this problem.

  I'll cut to the Chase. I am currently working on a mobile app in Flex for Android and iOS and the app has to get a few HTTP requests and retrieve information from a server, which is currently developing a teammate.

  Everything had to be working very well until we decided a few days before when we have integrated a SSL self-signed certificate in order to make connections more secure, etc.

  On the side of the app, this change, lying just to replace the http with https url and it seems to work perfectly, or that's what we thought.

  Tests on the Simulator or on an Android device worked well, he just showed the warning provided access to a server that had a rogue certificate that could be ignored without any problem. But when we tried to test a Release on a camera of the iPhone version, it would not just work more. A connection every time trying to be established with the server, error 2032 flash is triggered and it fails miserably does not display not warning about certificates not approved at all. For me, it's really confusing that it works on Android devices, but not on the iPhone device.

  I searched on the Web for people having the same problem but I couldn't find an answer to this specific issue of Flex-iOS-Self-signature-SSL. I found this post unanswered questions: http://forums.adobe.com/message/3359072#3359072 but nothing much.

  I tried to create a crossdomain.xml file on the server with guaranteed set to false, and some other stuff to avoid crossdomain policies, but it changed nothing and the problem persists.

  I'm really out of clues, sort of desperate and have no idea how fix it. If anyone knows something related to this problem, please, help me, I'll be less grateful.

  Thank you!

  We decided to buy a verified SSL certificate, and it worked. We can say that the problem is solved, but it wasn't actually because the connection must be established and that the invited user to accept or decline the self-signed certificate, not only do not make the connection.

• Flex [mobile] iOS app refuses to connect to a self-signed SSL server: error 2032. Ring the bells?

  Hello everyone, thank you for reading this and I hope you could help me with this problem.

  I'll cut to the Chase. I am currently working on a mobile app in Flex for Android and iOS and the app has to get a few HTTP requests and retrieve information from a server, which is currently developing a teammate.

  Everything had to be working very well until we decided a few days before when we have integrated a SSL self-signed certificate in order to make connections more secure, etc.

  On the side of the app, this change, lying just to replace the http with https url and it seems to work perfectly, or that's what we thought.

  Tests on the Simulator or on an Android device worked well, he just showed the warning provided access to a server that had a rogue certificate that could be ignored without any problem. But when we tried to test a Release on a camera of the iPhone version, it would not just work more. A connection every time trying to be established with the server, error 2032 flash is triggered and it fails miserably does not display not warning about certificates not approved at all. For me, it's really confusing that it works on Android devices, but not on the iPhone device.

  I searched on the Web for people having the same problem but I couldn't find an answer to this specific issue of Flex-iOS-Self-signature-SSL. I found this post unanswered questions: http://forums.adobe.com/message/3359072#3359072 but nothing much.

  I tried to create a crossdomain.xml file on the server with guaranteed set to false, and some other stuff to avoid crossdomain policies, but it changed nothing and the problem persists.

  I'm really out of clues, sort of desperate and have no idea how fix it. If anyone knows something related to this problem, please, help me, I'll be less grateful.

  Thank you!

  We decided to buy a verified SSL certificate, and it worked. We can say that the problem is solved, but it wasn't actually because the connection must be established and that the invited user to accept or decline the self-signed certificate, not only do not make the connection.

• Replace self-signed CERT with CA Cert signed

  I have a vCAC 6.1 environment.  I use the vCAC documentation to replace the self signed CERT CERT.  When I get to this step in the documentation it fails - VCloud Automation Center Library

  Is the below error telling me there is a problem with the wstvcacapp01 cert?  Problem RemoteCertificateNameMismatch?

  C:\Program Files (x 86) \VMware\vCAC\Web API\ConfigTool > Vcac - Config.exe DownloadRootCertificates - Pkcs7CertPath "C:\Program Files (x 86) \VMware\vCAC\Web API\SSO.p7b"-v

  System.Data.Services.Client.DataServiceQueryException: An error occurred during the processing of this request. -> System.Data.Services.Client.DataServiceClientException: <! DOCTYPE html >

  < html >

  < head >

  < title > certificate is not approved (RemoteCertificateNameMismatch). Subject: CN = wstvcacapp01.cticore.local, OR is CTIW, O = NJVC, L is Ofallon, S = HE, C = US footprint digital: 9A80D1EC61170B87C4203DBC8256FDB2326A8EA

  C < /title >

  < name meta = "viewport" content = "width = device-width" / > "

  < style >

  body {do-family: "Verdana"; police-weight: normal; do-size: .7em; color: black ;}}

  p {do-family: "Verdana"; font-weight: normal; color: black; margin-top:-5px}}

  b {font family: "Verdana"; make-weight: bold; color: black; margin-top:-5px}}

  H1 {do-family: "Verdana"; police-weight: normal; do-size: 18pt; color: Red}

  H2 {do-family: "Verdana"; police-weight: normal; do-size: 14pt; color: Maroon}

  pre {font family: "Consolas", "Lucida Console", Monospace; do-size: 11pt; margin: 0; padding: 0.5em line-height: 14pt}

  . Marker {make-weight: bold; color: black; text-decoration: none ;}}

  .version {color: gray ;}}

  . Error {margin-bottom: 10px ;}}

  . Expandable {text-decoration: underline; make-weight: bold; color: navy; cursor: hand ;}}

  @media screen and (max-width: 639px) {}

  pre {width: 440px; overflow: auto; white-space: pre-wrap; dressing: break-Word ;}}

  }

  @media screen and (max-width: 479px) {}

  pre {width: 280px ;}}

  }

  < / style >

  < / head >

  < body bgcolor = "white" >

  < span > < H1 > server error in ' / repository ' Application. < hr width = 100% size =-1 color = silver > < / H1 >

  < h2 > < i > certificate is not reliable (RemoteCertificateNameMismatch). Subject: CN = wstvcacapp01.cticore.local, OR is CTIW, O = NJVC, L is Ofallon, S = HE, C = US footprint digital: 9A80D1EC61170B87C4203DBC8256FDB232

  6A8EAC < /i > < / h2 > < / span >

  < police = "Helvetica, Geneva, Arial, SunSans-Regular, without-serif ' > '"

  < b > Description: < /b > an unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and its origin

  in the code.

  < br > < br >

  < b > Details of Exception: < /b > VMware.Cafe.UntrustedCertificateException: certificate is not reliable (RemoteCertificateNameMismatch). Subject: CN = wstvcacapp01.cticore.local, OR = CTIW, O = NJVC, L = Ofal

  LON, S = HE, C = us fingerprint: 9A80D1EC61170B87C4203DBC8256FDB2326A8EAC < br > < br >

  < b > error Source: < /b > < br > < br >

  < table width = 100% bgcolor = "#ffffcc" >

  < b >

  < td >

  < code >

  An unhandled exception is generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception below stack trace.

  < code >

  < table >

  < /tr >

  < /table >

  < br >

  < b > Stack Trace: < /b > < br > < br >

  < table width = 100% bgcolor = "#ffffcc" >

  < b >

  < td >

  < code > < pre >

  [UntrustedCertificateException: certificate is not reliable (RemoteCertificateNameMismatch).] Subject: CN = wstvcacapp01.cticore.local, OR is CTIW, O = NJVC, L is Ofallon, S = HE, C = US footprint digital: 9A80D1EC61170B87C4203D

  BC8256FDB2326A8EAC]

  System.Net.TlsStream.EndWrite (IAsyncResult asyncResult) + 8277683

  System.Net.ConnectStream.WriteHeadersCallback (IAsyncResult ar) + 213

  [WebException: the underlying connection was closed: an unexpected error occurred on a send.]

  System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) + 8286956

  System.Net.Http.HttpClientHandler.GetResponseCallback (IAsyncResult ar) + 98

  [HttpRequestException: an error occurred when sending the request.]

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; & lt; GetResource & gt; b__0 & gt; d__3.MoveNext () + 601

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; RetryWebRequestWrapper & gt; d__97.MoveNext () + 1144

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; GetResource & gt; d__7'1. MoveNext() + 692

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; CreateSecurityTokenServiceAsync & gt; d__2f. MoveNext() + 366

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; GetHolderOfKeyTokenAsync & gt; d__4.MoveNext () + 321

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; CreateDefaultSecurityContextAsync & gt; d__34.MoveNext () + 306

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; CreateAsync & gt; d__1d'1. MoveNext() + 397

  System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (Task task) + 144

  System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (Task task) + 84

  VMware.Cafe. & lt; CreateAsync & gt; d__1a'1. MoveNext() + 330

  [AggregateException: one or more errors occurred.]

  System.Threading.Tasks.Task'1.GetResultCore (Boolean waitCompletionNotification) + 5863512

  DynamicOps.Repository.Runtime.SecurityModel.CafeSecurityProvider... ctor (SecurityModelContext CurrentContext) + 172

  DynamicOps.Repository.Runtime.SecurityModel.SecurityModelContext... ctor (String ConnectionString) + 202

  DynamicOps.Repository.Runtime.Common.RepositoryRuntime.Initialize () + 812

  [HttpException (0x80004005): one or more errors occurred.]

  System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode (HttpContext context, HttpApplication app) + 12639357

  System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS (appContext, HttpContext context, MethodInfo [managers] IntPtr) 175

  System.Web.HttpApplication.InitSpecial (HttpApplicationState State, MethodInfo [managers], IntPtr appContext, HttpContext context) + 304

  System.Web.HttpApplicationFactory.GetSpecialApplicationInstance (IntPtr appContext, HttpContext context) + 404

  System.Web.Hosting.PipelineRuntime.InitializeApplication (IntPtr appContext) + 475

  [HttpException (0x80004005): one or more errors occurred.]

  System.Web.HttpRuntime.FirstRequestInit (HttpContext context) + 12656404

  System.Web.HttpRuntime.EnsureFirstRequestInit (HttpContext context) + 159

  System.Web.HttpRuntime.ProcessRequestNotificationPrivate (IIS7WorkerRequest wr, HttpContext context) + 12496021

  < / pre > < / code >

  < table >

  < /tr >

  < /table >

  < br >

  < hr width = 100% size = 1 = silver color >

  < b > Version information: < /b > Microsoft .NET Framework Version: 4.0.30319; ASP.NET Version: 4.0.30319.34237

  < / make >

  < / body >

  < / html >

  <!--

  [UntrustedCertificateException]: certificate is not reliable (RemoteCertificateNameMismatch). Subject: CN = wstvcacapp01.cticore.local, OR is CTIW, O = NJVC, L is Ofallon, S = HE, C = US footprint digital: 9A80D1EC61170B87C4203

  DBC8256FDB2326A8EAC

  at System.Net.TlsStream.EndWrite (IAsyncResult asyncResult)

  at System.Net.ConnectStream.WriteHeadersCallback (IAsyncResult ar)

  [WebException]: the underlying connection was closed: an unexpected error occurred on a send.

  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult)

  at System.Net.Http.HttpClientHandler.GetResponseCallback (IAsyncResult ar)

  [HttpRequestException]: an error occurred when sending the request.

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  to VMware.Cafe.JsonRestClient. <>c__DisplayClass1 1. < < GetResource > b__0 > d__3.MoveNext)

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  at d__97.MoveNext (VMware.Cafe.JsonRestClient). < RetryWebRequestWrapper >

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  to VMware.Cafe.JsonRestClient. < GetResource > d__7'1. MoveNext()

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  to VMware.Cafe.ComponentRegistryClientFactory. < CreateSecurityTokenServiceAsync > d__2f. MoveNext()

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  at d__4.MoveNext (VMware.Cafe.ComponentRegistryClientFactory). < GetHolderOfKeyTokenAsync >

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  at d__34.MoveNext (VMware.Cafe.ComponentRegistryClientFactory). < CreateDefaultSecurityContextAsync >

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  to d__1d'1. MoveNext() VMware.Cafe.ComponentRegistryClientFactory. < CreateAsync >

  -End of the stack trace from the old location where the exception was thrown-

  to System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (task task)

  to System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (task task)

  to d__1a'1. MoveNext() VMware.Cafe.ComponentRegistryClientFactory. < CreateAsync >

  [AggregateException]: one or more errors occurred.

  to System.Threading.Tasks.Task'1.GetResultCore (Boolean waitCompletionNotification)

  to DynamicOps.Repository.Runtime.SecurityModel.CafeSecurityProvider... ctor (SecurityModelContext currentContext)

  to DynamicOps.Repository.Runtime.SecurityModel.SecurityModelContext... ctor (String connectionString)

  at DynamicOps.Repository.Runtime.Common.RepositoryRuntime.Initialize)

  [HttpException]: one or more errors occurred.

  at System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode (HttpContext context, HttpApplication app)

  at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS (IntPtr appContext, HttpContext context, managers of MethodInfo [])

  to System.Web.HttpApplication.InitSpecial (HttpApplicationState State, MethodInfo [managers], IntPtr appContext, HttpContext context)

  at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance (IntPtr appContext, HttpContext context)

  at System.Web.Hosting.PipelineRuntime.InitializeApplication (IntPtr appContext)

  [HttpException]: one or more errors occurred.

  to System.Web.HttpRuntime.FirstRequestInit (HttpContext context)

  at System.Web.HttpRuntime.EnsureFirstRequestInit (HttpContext context)

  at System.Web.HttpRuntime.ProcessRequestNotificationPrivate (HttpContext context, IIS7WorkerRequest wr)

  ->

  at System.Data.Services.Client.QueryResult.ExecuteQuery)

  to System.Data.Services.Client.DataServiceRequest.Execute [TElement] (DataServiceContext, QueryComponents queryComponents context)

  -End of the exception stack trace internal-

  to System.Data.Services.Client.DataServiceRequest.Execute [TElement] (DataServiceContext, QueryComponents queryComponents context)

  to System.Data.Services.Client.DataServiceQuery'1.Execute)

  to System.Data.Services.Client.DataServiceQuery'1.GetEnumerator)

  to System.Linq.Enumerable.FirstOrDefault [TSource] (IEnumerable 1 source)

  at System.Data.Services.Client.DataServiceQueryProvider.ReturnSingleton [](Expression expression) TElement

  to System.Linq.Queryable.FirstOrDefault [TSource] (IQueryable 1 source)

  at DynamicOps.Repository.CafeClientAbstractFactory.LoadComponentRegistryUri)

  to System.Lazy'1.CreateValue)

  to System.Lazy'1.LazyInitValue)

  at DynamicOps.Repository.CafeClientAbstractFactory.get_CafeUri)

  at VMware.Cafe.ComponentRegistryClientFactory.ctor (ICafeServiceClientFactoryFactory abstractFactory)

  at DynamicOps.Repository.CafeClientAbstractFactory.CreateClientFactory)

  to System.Lazy'1.CreateValue)

  to System.Lazy'1.LazyInitValue)

  at VMware.Cafe.Client.Registration.DownloadRootCertificates (String rootEncryptionCertPath, String rootSigningCertPath, String pkcs7Path)

  to VMware.VcacConfig.ComponentRegistryCommands.DownloadRootCertificates.Execute (CommandLineParser Analyzer)

  WARNING: Zero return Code. The command failed.

  I could be totally wacky, but the first thing vcac devices and server identity must be in pem format.

  Sounds the root string that you import.

  I say the following:

  http://www.virtualizationteam.com/cloud/generating-certificates-for-the-identity-appliancevcac-appliance.html

  This will tell you how to create certificates and import them.

• SSL certificate for the Security Server external facing

  Dear all,

  Today, I bought an external SSL certificate of DigitCert for our security server. I imported the certificates in the personal certificate (computer account) on the Security Server store. DigiCert provided three certificates, root CA, CA server and the other with the name of our domain. I renamed the vdm to the friendly name of the existing self-signed certificate and used the friendly name for the certificate vdm has our domain name. Subsequently, I rebooted consulting on the Security server. They are all released on except the "Display Blast Secure Gateway" service which entered the suspended state.

  On our facility, we have a connection to the server and a security server. To the Security Server, we use a different domain name for connecting to the server. We have an internal PKI and the connection to the server uses an SSL certificate.

  connection to the server = server01.internaldomain.com

  Security Server = server02.externaldomain.com

  Why the certificate cannot be loaded to view Blast Secure Gateway? I missed something?

  Thank you

  Edy

  I solved it. It was with the private key of the certificate. This is the reason that the Blast Secure Gateway could not load.