Import certificates

Similar Questions

• BlackBerry Smartphones Smartcard - import certificates

  I have BlackBerry 8900 and Smartcard reader v1 and I am trying to make them work together.

  I am able to pair together, BlackBerry sees the smart card reader. I can import certificates, but after that I don't see all the new certificates on my list of certificate. The card is ok, the certificate is here - I checked on my PC

  What I am doing wrong? Are there additional measures to obtain the certificates of my card? We think that the more I wonder about is that I'm also never requested on the smartcard PIN.

  OK, I solved it myself.

  Apparently BlackBerry requires that each certificate contains user e-mail. I tried with another card that has a certificate with information from e-mail and it worked. It is a pity however that I have received no warning/information that a certificate is wrong and buggy 'imported certificates' message mislead me that everything went very well.

• Adobe Reader 11 Rollout - Set 'Import' certificates so that the user does not

  Hello

  My company, which has 1800 + users, is upgraded to Adobe Reader 10 for Adobe Reader via SCCM 2012 11.0.04.  I created a package using the Adobe Customization Tool, and everything works as expected, with the exception of the security prompt that appears at first launch of import certificates.  I tried to use a tweak registry to disable verification, but that doesn't seem to work, but after some thought rather security would select "Import" to the first launch, without intervention of the user, if possible.

  Is this possible?

  Thank you

  Rich

  I ended up doing this

  REM move files locally

  Mkdir "c:\apps\Adobe_Reader_11004."

  xcopy /s /e /i "\\servername\package_source\Adobe\Reader\11.0.04\Custom Installer" "c:\apps\Adobe_Reader_11004."

  REM install AR11

  'c:\Apps\Adobe_Reader_11004\setup.exe '.

  REM move files of certificates to prevent importation popup on first launch

  xcopy /s /e /i "C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security\*.acrodata" C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\11.0\Security"\ «»

  And the popup did not come to the top for the first two criteria.  I'll wrap up in SCCM and try again, but I think it's good to go.  Changes to the registry Clreaed out of my custom install since it was garbage.

• Impossible to import certificates

  I'm trying to import USG/DoD certificates in Firefox on Ubuntu 12.04LTS 23. When I try to import them, he is apparently going well (no error message), but they are not displayed in Certificate Manager. I tried both the DoD Configuration module (http://www.forge.mil/Resources-Firefox.html) and manually import root certificates (http://dodpki.c3pki.chamb.disa.mil/rootca.html), and the results are the same.

  The extension works great for me on Linux.

  Try renaming the file cert8.db in the Firefox profile folder in cert8.db.old or remove the cert8.db file to remove the intermediate certificates that Firefox has stored.

  If it helped to solve the problem, then you can delete the renamed file cert8.db.old.
  
  Otherwise you can rename (or copy) the file cert8.db.old to cert8.db to restore previous intermediary certificates.
  
  Firefox automatically records the intermediate certificates when you visit Web sites that send such a certificate.

  You can click on the button update DoD Certs in the window that opens if you click on the preferences of the extension on the subject: addons (Firefox/tools > Modules > Extensions) page.

  If this does not disable all other extensions in case some interfere.

  • https://support.Mozilla.org/KB/troubleshooting+extensions+and+themes

• Problem importing Certificate SSL in gateway desktop remotely

  Hello

  Windows 2008 R2

  Our SSL wildcard (by Go Daddy) certificate has expired, I have renewed, went into IIS, created a CSR, apply the CSR, downloaded the version of IIS of GoDaddy. completed CSR in IIS, applied the intermediate certificate, went into MMC and import the certificate into the local computer store.

  BUT... I have problems with the gateway Office remotely.  I can't import the cert generic it.  I'm in management gateway > properties > SSL certificate and take the option "Select an existing certificate" I see the generic cert, I select it and click on apply, it flashes away and then apply it is grayed out, so I click on OK, but says still no cert... status says I need a cert.  So it's like it is not recognizing the cert or is the kind of evil?

  Thought he could be authority, so I tried it with several different admin on the global domain IDs.

  I also went through MMC and imported the cert in the location of the remote office certificates, but who don't seem to have any impact.

  What I am doing wrong?

  Go Daddy suggests cert regeneration, but I don't want to do it again unless I need to.

  Any ideas?

  Thanks in advance!

  After much research, found this https://support.microsoft.com/en-us/kb/959120

  Changed the link for port 443 and it worked!

• Import certificate DSA 7 Windows

  Hey people,
  I am trying to import a DSA certificate in the personal store of a Win7 box and I see an error "... the private key that you are importing might require a cryptographic service provider that is not installed on your system.
  I'm trying to import a DSA certificate, I created using openssl. When I try and import an RSA certificate, which is located in the same directory on the system, I have no problem.

  Any ideas on how to install firmware cryptographic services that supports the DSA?

  Thank you

  Bob

  Hi Bob,

  The Microsoft Answers community focuses on the context of use. Please reach out to the business community of COMPUTING in the TechNet forum below:

  http://social.technet.Microsoft.com/forums/en/category/w7itpro/

• Could not import the chained certificates.

  Hello!

  I'm trying 2 import certificates. One is root (appeal certificate name issuer.pem), and the other is signed by the root (let's call it intermediate.pem).

  Issuer.PEM-

  BEGIN CERTIFICATE-----

  MIIFKDCCAxACCQCC7BPV + 4sWeDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB
  VTETMBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGaXNzdWVyMRAwDgYDVQQL
  DAdzaWduaW5nMQ8wDQYDVQQDDAZpc3N1ZXIwHhcNMTQxMDEwMTYxMjE1WhcNMTUx
  MDEwMTYxMjE1WjBWMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEP
  MA0GA1UECgwGaXNzdWVyMRAwDgYDVQQLDAdzaWduaW5nMQ8wDQYDVQQDDAZpc3N1
  ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8JTUuI6DkndeSOolE
  + RlJmdXGqPyS + nyPV/99SI8OsC/Q5iBnZLF0YB + vOMyVa7Dv5dDvn/2ixaOvcO35
  i3jfpv008Z0s8UxEMotZPE/FXU9zLq5xwEmxixyze839bZr9R35G0IzeihhBz5si
  HIFJB9UgXTmj67cMOzjaUJoOXGmTJv4IjHiIAq0Fr3v + TmFsSJ3uK95pHlPr1tix
  1PM4U26R68/XCKYw4DRlwA21t8hSSOXB2hiRq55ztrG + k4KSNSgfPBEXGzZ2n + Ir
  ooDYrA7YXsAzDyn3rB3D2pnnADhYEdZ7js4zmurKozV6gY7Mb3tWQXewqYK0njNM
  oUD/ecV8wcSmaxaseelhmX + wce7YFUfdqDPgZ + 5amdtoE5P4vo2jSfTEWzLF + MFx
  pHZ5I22uaG0uctXJwUwTxZH4sRGC6V5Mrnx8x8nF6U15FovSbfP813kld3ftCI23
  6S0XY9mex4Z8d8sOTLq6XBo/pkVXYlVreymGcnL9jUqzKTpYcBtoyW7uNKrIPKtU
  S5oeb37o8x, nWIJvU5mCo0RuFw8BkpXGfg, rZXx4AX1k, MUI-oFxg1URHRgF-cf0
  DSWRW2XkxFxk7GTEMM0XKanilgzc5IiaxQ8JZh0InOpjZO7DFfsWzsqbt2sjm98Y
  Fad8n9OgmfyAgsmSPtRERrV + bQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQBUfBSI
  EFDb1rVxItjiioLeXppYwOKvdtpZS8tslv82HP0honJj/0V + 3d0hZblD/RHlFMC8
  w2FVheNeYWWQLnRvC9ZXfU2TuOYb80ek8NVgSOHI42IuxByEb2XKU7yaqYDWiRAD
  nIkNA9okNAXkDm57Hl8b5q9vEWcVT3wdstfHTg7M16bWsG05BUqhIJn7ODTCkReS
  HTyctxLKShTJJpxrTA3syqIaH8vAcn7ZXA3irMslNKY19Jcw7ZVAclVkk9LVtt/M
  MwuWfVw5adtOfDH/SisLfQEfX6ZaNPmfSduQ9maY5 + hZFSiCsGdD0SsnTNQF6qiJ
  1C1P3Co53CBJBZ8raouHOr5edaO2kmnulx5ZwBAI3y5b5FXYkKfiDdruubF9dQbH
  MUoPfSQsfBdqzn9oRmZONfVlMFHhR7qSIFjpzXsPWISY8o0fOkc8HeXxuvOW9Hdz
  RTFsrOVy / UYm4igkMU8 + FyFo9ov3sLOEk4pyQT7nGAlCEtufiFlsJMvJ8V23kSYB
  gqhv5v4TTvhNQVX5z + sOpeLznS8MseWzv4oPAsYYDS9iKsOG3IVCEDccbKHD79nP
  5OXdd6Wrrdi6 + vgJ in us / hyUynuUBeslT7h4mx0dtpHWdg5SAoZU6q / + J866TGiPJ0
  NgZX4Lkd5imY + kzZSXqKvP + 70zdFmJvx/gvEZg is

  CERTIFICATE OF END-

  Intermediate.PEM-

  BEGIN CERTIFICATE-----

  MIIFOTCCAyECCQDZCX + QdnE1ajANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB
  VTETMBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGaXNzdWVyMRAwDgYDVQQL
  DAdzaWduaW5nMQ8wDQYDVQQDDAZpc3N1ZXIwHhcNMTQxMDEwMTYxMjI5WhcNMTUx
  MDA1MTYxMjI5WjBnMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEV
  MBMGA1UECgwMaW50ZXJtZWRpYXRlMRUwEwYDVQQLDAxpbnRlcm1lZGlhdGUxFTAT
  BgNVBAMMDGludGVybWVkaWF0ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
  ggIBALGh2FcTbld22gGQqgzh2a27NEKoN795kG5zTOQuRjHPH7XIA8FBSgCF + 9ZK
  7ODhBBL2txABeYFWv6g8PVdeIr4uZdKQ8g2pap4 + 8v5Vpky1DiPGoWyV7e7yFUdK
  sNtfoHA3KVewQ0PZZAHFFQO6atePu3hKcRlyOtbIYO3TtQTM3utCXZFuJpn0mqsG
  CRO5l + NErzrFf3rfzK8Ko/ENtSxl2tb9gMJApG0NBjcHxvvhm7ZEWgkLs91XDFOq
  z10Tm8XW2BIPTeDH/SW1cCZ2vZ2HbmRePgoyhNb9aR4ciTDkfFWe8tR6z2F2g9KB
  PYXVgdqvSaYfR6bGzUKU25lehaqrDBcVUjfZiJGVB6EhTZBb + / hCTQ9y/y6uEFjZ
  JUVlcetcTmPQvEO64lOAb79UE9P14QJ + 1CQRlnyQgWnOLsQ7nWgCX9 + ULx5UZnXD
  DhyeNGJ1U9hN7jDfunTsnIHz30dv6lXhXy5Ne1OdmM0zVI5BzuwMjvIgpXyAijiO
  kackqfqZFxTAAfMioVsj0vpUAM6GeBTlagPAIDn0h + QJU6X38xJNWwa9/Q3bn52d
  zuAJ/0Ejc9GRWzXsau/Ht9dwdZjWrdmM1nURtju9E3Q3VfUEYo3kwIKIzyVFavN0
  + NIaiY7ZM3zIMEk9gMqa0S5EcA6gktCQG3Vi2M0iLCTVS + dpAgMBAAEwDQYJKoZI
  hvcNAQEFBQADggIBAK1E6K2DapEJt8gI0De8L/MgwIuUA4Ox2SlGsOWyD4owYkev
  hEmPaQj96/gkxXE7MMrEytuSbHi9/yTe5DsEH + X56nuJk5exawaxAlB/5zoCnTRQ
  diZNlc5Sb8XZjlg33CZs8AQNqNUcPn6fo1T0hltgMnEUYdRclDMNYbNc3QNWeeKN
  RP80WTQWmCKBuff9QHnlWDicBlOSlXkcupqtc/kl2dwBGSdNOdFWCyHabzqoErEF
  vxQRMGDzhpmJV8T8VeksW9QThlCOOSiI7yxecVvD/I0xlFEOFjwgIn7nNJMDsEmy
  wNS, puKrFg7ge, E6aGJH3kgEPf9pr52kuRUoLEUacR6AuLjKDqOyi, ZdYcJj4omg
  EgW2Dowrs3w5xoiJ + 5GKIHUsVjZZwIrgi9Ies3NnfYXv + VE2gGavRC0kxZ3 + Ls + z
  Cb9mbB4dqdiByBboSciPH/rzRF8KZo/L1czwM4WQ + FxpE / yCBM2Dn7MumSacF07T
  M9yhUzHkqx83LwObxt9udhV6A4nuiMhU3db9Qmlizqn5dHsnNcrLha0In-iKJ/7 t
  XB + U + Sl82x4goTcfzYRMQdaJe9sxy3Co5gMh13dVU062UPoZwq + 9O0suooYaGfhD
  uZ8ljVJ9/jbtatyo4KP4Q4VFtR5DoCQhGgAe1z9p5A3t3vmk3PgoSwCzw7c4

  CERTIFICATE OF END-

  As you can see that these certificates are chained-

  OpenSSL verify CAfile - intermediate.pem issuer.pem
  Intermediate.PEM: OK

  However, after the importation of the issuer.pem, when I try to import intermediate.pem, FF gives.

  "Is not a certificate authority certificate, so it cannot be imported into the list of certificate authority."

  I have no idea what you're up to, but if these two certificates are supposed to be Cert CA, none of them have defined appropriate extension:

  X509v3 extensions:

  X509v3 Basic Constraints:
   CA:TRUE
  

  It is advisable to also specify a Point of Distribution CRL or an OCSP URL.
  If I issue certs today, I wouldn't pick 256 as hash algorithm SHA - 2, SHA - 1.

• Can I import my SMIME certificate in OSX 10.11.1

  I try to create own CA and sign created certificates according to the procedure described here:

  http://ServerFault.com/questions/103...AIL-encryption

  It works perfectly on my Linux machine. I can import certificates to Thunderbird, sign and encrypt emails.

  But I have a problem in AppleMail on OSX ver 10.11.1. It is possible to import to keychain ca.crt but .p12 individual certs are impossible to import.

  No idea what to do?

  The exact configuration of the required for SMIME certificate is different from a normal 'client' certificate however if your certificate works for SMIME in Linux and Thunderbird I will assume that you have the correct aspect.

  The other thing to look at is for this purpose, you must use a type .p12 certificate file that will contain the private key and certificate (public). She is as virtual as this file is password protected. Some but not all software knowing that .p12 files should be password protected will meet this requirement when a .p12 file is created, but not all are also helpful. It could be if your .p12 file is not password protected it is not recognized.

  I would then normally use Keychain Access to import the .p12 file and actually if you double-click a .p12 file Keychain Access will normally automatically launched. You want to import in to your login keychain.

  Note: Because you are using a self-signed rootCA you need to have been imported and trust the rootCA .crt file. This must be imported in to your keychain in system not your login keychain. Import simply there not automatically trust it, you may need to select in Keychain Access and explicitly trust it.

  PS. as SMIME is used for emails and emails can go for both external and internal parts, it is usually far, far better to use a SMIME certificate officially generated rather than a self-signed. It is because if you get an official, it will be automatically approved by system of everyone, while if you are using a self-signed one, you will need to get everyone to install and to trust your first rootCA .crt file. It is possible to get the free official SMIME certificate of various organizations. I use Comodo, but I believe that Thwate among other offers also a free.

• Menu of certificate import Z10 blackBerry does not

  I tried to import self-signed and certificate user on usb and wifi, as shown here: http://docs.blackberry.com/en/smartphone_users/deliverables/47561/als1342708099072.jsp

  When I choose the certificate store, I want to update, and then click Next, the application crashes / freezes. None of the buttons on the bottom answer ("back / select all / update / Import"), and none of the certificates I copied on my phone are listed.  I have to drag up from the bottom and close the application.

  I even tried e-mailing certificates to myself and to import, without success.  When I go to view the certificates, I am invited to a password over and over again, even to enter the password each time.

  I tried to remove the battery, install the OS recent update (10.1.0.4181) and make a secure erase. The import certificate tool crashes even when there is no certificate in the Cert folder.  My phone is unlocked and unbranded, so I did not all restrictions.

  I ran out of ideas and time troubleshooting.  Your help is appreciated.

  I thought about it.  When you go in the Cert folder on the device, there is a subfolder sdcard that points to the root (/) of the SD card.  When you go to this folder, I noticed there were a few files (not the certificate files) that I had stored there (that I now moved).  After that I opened them, the import tool seems to work very well.  It seems that the import tool was trying to read these files and has been suspended because they were not the files of certificates/cannot read the files / whatever the reason.

• SG300-28 import self-signed SHA2 certificate to the SSL Protocol (including the format? How do I?)

  1. What is the format a certificate and private key combination should play during import to use SSL?

  2. how actually import you - via CLI or web interface.

  I'm trying to import an SSL certificate that is self-signed in the SG300-28 to secure the connection to the web interface of the switch. The certificate is signed by my own 'certification authority' / custom root certificate.

  I tried to do it via the graphical interface of web management (security > SSL server > server SSL authentication) and the command-line via SSH. I will detail my exact process below. I had no problem importing a certificate created in the same way to the Cisco RV320 router, although the web interface is different.

  How to create a certificate that is accepted by the switch?

  (Image Active) firmware version: 1.4.0.88

  My approach:

  1. OpenSSL 1.0.1f January 6, 2014; on an ubuntu 14.04 machine
  2. Create my own, certificate of self-signed root:

   openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 3650 -out rootCA.pem

  3. create a private key and the real certificate and sign them using the rootCA.pem:

   openssl genrsa -out switch.key 2048 openssl req -new -key switch.key -out switch.csr openssl x509 -req -in switch.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out switch.crt -days 3500

  for later use, export the public key of the switch.key - file using

   openssl rsa -in switch.key -pubout > switch.pubkey

  4. open the web interface of the switch and check for the SSL settings (Security > SSL server > server SSL authentication).

  4.1 click "import certificate".

  4.2 paste the contents of the switch.crt file in the ' certificate:'-textbox

  4.3 to import pair of RSA keys

  4.4. Paste the contents of the switch.pubkey file in the public key field

  4.5 by selecting the 'Clear text' radiobutton control and paste the contents of the inside switch.pubkey

  4.6 click 'apply '.

  4.7 receive an error message 'invalid key head '.

  The private key looks like this (oviously, I created a new one for this example):

   -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA3gOvNzKqULXnT7zL9fl4KJAZMo5eYHfwPSN0wl385na37oHz [23 more lines truncated] aB7Pooa60anjIVJmlSIp4WJ8U+52BMKJZ5rqHnJ1sBBo1zpAtcdspg== -----END RSA PRIVATE KEY-----

  I also receive a header invalid key error when you try to import the private via CLI SSH key using:

   switch(config)#crypto key import rsa

  I also converted the certificate and the private in PKCS12 and then back to the PEM key that gives me the following private key "head" which is not always accepted when pasting in the CLI:

   Bag Attributes localKeyID: FE 24 88 34 66 BE E9 DB CE 4E 91 23 2C 0E 03 B1 A7 58 32 24 Key Attributes:  -----BEGIN PRIVATE KEY----- MIIEvgIBA[...] -----END PRIVATE KEY-----

  What key header miss / what am doing wrong in general?

  It seems that ' import key cryptographic rsa "command is not suitable for import SSL key related private, but rather for the importation of SSH keys. Code "key header is missing" means that switch expects anything other than "-----BEGIN RSA PRIVATE KEY-----", for example the headers that you can see after the execution of ' view keys cryptographic rsa "(- START PRIVATE KEY ENCRYPTED SSH2-).

  To get your SSL certificate installed, you have two options:

  The CLI option:

  • create a RSA private key with command

   switch(config)#crypto certificate 2 generate key-generate 1024

  • create the certificate request with

   switch#crypto certificate 2 request

  (don't forget to provide all information for this order, including '' cn '' and so on). Note that this command must be executed inside the privileged mode and not in mode configuration as the previous command.

  • After you run this command, you'll get sign certificate request (CSR). Copy and paste it into the new file on the server that hosts your certification authority.
  • now sign this CSR file with the command that you have already used:

   openssl x509 -req -in switch.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out switch.crt -days 3500

  • After signing to just open the file "switch.crt" and copy all content between BEGIN and END section including.
  • and import this certificate with order

   switch(config)#crypto certificate 2 import

  • and finally for your certificate to be active, do it with the following command:

   switch(config)#ip https certificate 2

  WebGUI option:

  Here, the procedure is similar to the CLI:

  • You must click on "Generate certificate request" in the "Security-> SSL server-> server SSL authentication" section, fill in all necessary data and click on "Generate certificate request."
  • you will get CSR data you need to paste into the server with the certificate of the CA.
  • sign the certificate with the command openssl similar as mentioned previously
  • and import a certificate with maintaining "import RSA Key-Pair" unchecked.

  Personally I've never managed to get imported both key and certificate from the outside.

• Could not import the Wildcard on SAA certificate

  Hi all

  I'm trying to implement a GoDaddy Wildcard (*. mydomain.mytld) cert for a number of clubs, among which there is our ASA. I put away the old certs and did some housekeeping on their trustpoints, etc., with the result pretty much own config. (I'm on 8.3).

  I needed to register for the cert in a different area (Exchange 2010) and I exported the cert in cisco-pasteable format REB to make it ready for deployment ahead on the ASA. Here's what I've done (with cry ca debugging on), causing a failure to import the wildcard certificate. Can anyone shed light on what I'm doing wrong? What I was doing was essentially installation TP for root and intermediate and then import the actual device cert.

  The installation program two trustpoints for RootCA and intermediate TP:

  gate0 (config) # crypto ca trustpoint gdroot
  gate0(config-ca-Trustpoint) # Terminal registration
  gate0(config-ca-Trustpoint) # revo no
  ---------

  gate0 (config) # crypto ca trustpoint gdinter
  gate0(config-ca-Trustpoint) # register terminal
  domain name full mydomain.tld gate0(config-ca-Trustpoint) #.

  ----------------

  These authenticate:

  authenticate the cry ca gate0 (config) # gdroot
  Enter the base-64 encoded certificate authority.
  End with the word "quit" on a line by itself
  -BEGIN CERTIFICATE-

  -CERTIFICATE OF END-
  quit smoking

  INFO: Certificate has the following attributes:
  Fingerprints: [snip]
  Do you accept this certificate? [Yes/No]: Yes

  Certificate of the CA Trustpoint accepted.

  % Certificate imported successfully
  CRYPTO_PKI: Recording of Cert not found, return E_NOT_FOUND
  View the contents of the current certificate:
  1 certificate:
  SERIES: 00
  ISSUER: OU = Go Daddy class 2 Certification Authority, o = Go Daddy Group\, Inc., c = US
  CRYPTO_PKI: crypto_process_ra_certs (trust_point = gdroot)

  authenticate the cry ca gate0 (config) # gdinter
  Enter the base-64 encoded certificate authority.
  End with the word "quit" on a line by itself
  -BEGIN CERTIFICATE-
  -CERTIFICATE OF END-
  quit smoking

  INFO: Certificate has the following attributes:
  Fingerprints: [snip]
  Do you accept this certificate? [Yes/No]: Yes

  Trustpoint "gdinter" is a subordinate certification authority and is a non self-signed certificate.

  Certificate of the CA Trustpoint accepted.

  % Certificate imported successfully
  gate0 (config) # CRYPTO_PKI: Cert record not found, return E_NOT_FOUND
  CRYPTO_PKI: No appropriate trustpoints not found to validate the serial number of certificate: 0301, object name: serialNumber = 07969287, cn = Go Daddy Secure Certification Authority, or =http://certificates.godaddy.com/repository, o is GoDaddy.com------, Inc., l is Scottsdale, st = Arizona, c = US, name of the issuer: OU = Go Daddy class 2 Certification Authority, o = Go Daddy Group\, Inc., c = US.

  CRYPTO_PKI: Recording of Cert not found, return E_NOT_FOUND
  View the contents of the current certificate:
  1 certificate:
  SERIES: 0301
  ISSUER: OU = Go Daddy class 2 Certification Authority, o = Go Daddy Group\, Inc., c = US
  Certificate 2:
  SERIES: 00
  ISSUER: OU = Go Daddy class 2 Certification Authority, o = Go Daddy Group\, Inc., c = US
  CRYPTO_PKI: crypto_process_ra_certs (trust_point = gdinter)

  Import the "peripheral": wildcard cert

  Crypto ca import gdinter RECs
  ATTENTION: Registration certificate is configured with a complete domain name
  that differs from the fqdn of the system. If this certificate will be
  used for VPN authentication, this can cause connection problems.

  You want to continue with this registration? [Yes/No]: Yes

  % The FQDN in the certificate name will be: mydomain.tld

  Enter the base 64 encoded certificate.
  End with the word "quit" on a line by itself

  -BEGIN CERTIFICATE-
  -CERTIFICATE OF END-
  quit smoking

  ERROR: Cannot analyse or check the imported certificate
  CRYPTO_PKI: cannot define ca cert object (0 x 722)
  CRYPTO_PKI: status = 65535: could not get the key of the cert usage

  You can see a problem due to not have generated the CSR on the SAA (with ASA's private key) because you use a character generic cert.

  There is a here document which explains how to get around that.

• Stopped working self-signed certificates

  All a sudden (and not after a Firefox update) 41.0 Firefox stopped accepting SSL certificates self-signed on various websites that it had been accepted for months. I generated certificates myself.

  The link / button to add exceptions and import the certificate has disappeared from the "Untrusted connection" error page

  Things I've tried so far:

  • Import certificates via preferences > advanced > Certificates > view certificates > servers. The imported certificates, but Firefox seems to ignore.
  • Exit Firefox, remove cert8.db in my profile, then restart Firefox
  • Restart Firefox in safe mode
  • Import the certificate in the keychain of the OS (what makes Web sites work on Chrome and Safari)

  Generated certificates are signed "PKCS #1 SHA-256 with RSA encryption", they are not expired and have been generated with

     openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt
  

  In addition to the issue of trust, https://www.ssllabs.com/ssltest/ reported no problems with these certificates, they are fine ("' If trust issues are ignored: has '")

  The only way I can access these sites Web is via a private window: If the certificate has been imported previously (via preferences) private session window accesses Web sites without problem. If the certificate has not been imported, again, I have the option to add a temporary exception and after that is done, it works fine.

  This problem does not appear on another computer, even if the Firefox profile is synchronized between the two.
  The problem does not appear on Firefox 41.0 a colleague (same OS and hardware)
  Certificates signed by a real certification authority are accepted very well.

  UPDATE:

  I have marked this as resolved, but apparently the problem returned once a week, completely randomly.

  The best solution I've found so far is to leave Firefox, delete the following files from my profile, and then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.DB

  Finally, I fixed that by doing a Firefox "Refresh" (under topic: support) and re - sync my profile.

• I am trying to sign a certificate (using Mac) and Firefox will not accept the password.

  The certificate is used to authenticate my identity.

  He rejects every time - turn the box a certificate with password space empty. I've seen a few questions about certificate issues in Firefox there a few months they will be solved? Any ideas of a workaround in the meantime?

  Hello
  I had the same problem, and I read somewhere that, according to a mozilla knowledge base article, the password is a requirement for import certificates (although the corresponding KB page is now unavailable)

  I tried the following and it worked for me:
  -certificates of export on the desktop
  -remove the certificates in firefox
  -set a master password on firefox (preferences - security - using the master password)
  -import certificates

  You should now be able to sign.
  Hope this helps

• Apply wildacart Anyconnect VPN certificate

  Hello

  I am applying for the first time + CLI wildcard certificate.

  I have 3 files with the .pem viz root cert, intermediate cert and private key. And the password used for the import.

  I'm following the URL: http://www.cisco.com/c/en/us/support/docs/interfaces-modules/catalyst-65...

  When creating trustpoint / import certificate, I don't get the keyword "PEM". So can't continue, can someone help please?

  I'm running an ASA 5510 with Version 9.1 (6)

  ASA(config-ca-Trustpoint) # Terminal registration?

  mode of crypto-ca-trustpoint commands/options:
  

  ASA (config) # crypto import server ca - tank.com?

  set up the mode commands/options:
  certificate to import a certificate from the terminal
  PKCS12 PKCS12 import from the terminal format

  Thank you

  Krishna

  Hello

  Great keep us informed.

  Kind regards

  Aditya

  Please evaluate the useful messages.

• ASA v 8.2 (4) cannot install the certificate sha2

  Based on documentation and business major certificate information, entrust to verisign etc this should work for v 8.2.3.9 and higher

  I upgraded from 8.2 (1) to 8.2 (4), but always on display that ERROR could not analyse or verify imported certificate, same problem when I try to install

  the intermediate1 and moyen2 certificate.

  Why you are upgrading from an old version of extremly to a version still very old? 8.2 (5) 58 is the 8 real, 2-bail.

  SHA - 2 is fully supported in 8.2 (5) from.