iOS 10 with certificate self-signed in MS Exchange

Similar Questions

• See imprint SHA of the certificate self-signed client webvpn ASA?

  When connecting to an ASA with certificate self-signed, using Cisco AnyConnect Secure Mobility Client 3.1 (10010), the AnyConnect client presents the big red warning box, which is good.  The user must turn off "Block for unknown servers connections" in the preferences in order to complete the connection.

  Is it possible for the user to view the fingerprint SHA1/SHA3 cert self-signed, before disabling the safety block?  I could have sworn that older versions of the AnyConnect client allow the user view the certificate details and fingerprints before choosing to accept and connect.

  You can't make AnyConnect 3.x or 4.x as far as I know. Even a set of Diagnostics and Reporting Tool (DART) does not include this information.

  It is quite easy to inspect although if you simply browse to the ASA to almost any browser interface. From there, you can review the site certificate (ASA), including the footprint of the RSA public key.

• Use the certificate self-signed on TS 2008R2

  Hello reader,.

  We use Firefox on a Terminal server with about 20 servers server farm environment.
  We use a lot of intranet sites for which we have the certificate self-signed by our domain controller.

  In Firefox users get prompt security sec_error_unknown_issuer. As much as I red that Firefox does not check for local free self-signed certificates.
  Is there a way we could set up for all users, they do not see the above error-> specific <-websites (intranet)?

  We do not want the users to add the Security (certificate) as exception 20 times for EACH intranet website on 20 servers dispute.
  It is something that I can edit in mozilla.cfg on each server or is there another solution?

  Thanks in advance,
  Kind regards
  Martijn

  I solved the problem with manual below:

  http://community.Spiceworks.com/how_to/15158-Firefox-trust-a-local-certificate-authority-for-all-users-and-computers

• Looking for input on the replacement of certificates self-signed

  After many hours trying to find an answer, I now turn to the experts for assistance here.  I have Setup initially vcloud with a self-signed certificate and I am looking for help.  After some research, I was able to create a new key file with my CA-signed certificate.  However, I have problems beyond the portion of reconfigure.

  First off I am struck by the: 1433 bug I had when I initially configure vcloud where the configure script does not pick up the port number.  The workaround for this is to add: 1433 to the host name as it the entrance as the port number.  Now that I'm gone, I get an error NewInstall_preInit sql.  I don't understand not even why I need a "newInstall" as I already have a database works.  Here is my command output, maybe one of the guru here can point me in the right direction.

  [root@vcloud bin] # cd/opt/vmware/vcloud-director/bin/configure
  Welcome to the vCloud Director configuration utility.
  You will be asked to enter a number of parameters which are necessary for
  Configure and start the vCloud Director service.
  Please enter the path to the keystore of Java that contains your SSL certificates and
  private key: /opt/vmware/vcloud-director/cert.ks
  Please enter the password for the key file:
  Please enter the password for the private key for the certificate of "http":
  Please enter the password for the private key for the certificate of "consoleproxy":
  The following data types are supported:
  1 oracle
  2 Microsoft SQL Server
  Enter the type of database [default = 1]: 2
  Enter the host (or IP address) to the database: vmgmt1:1433
  Enter the database [Default = 1433] port: 1433
  Enter the name of the database [default = vcloud]: vcloud
  Enter the name of the instance [default = MSSQLSERVER]: vcloud
  Enter the database user name: his
  Enter the database password:
  Connection to the database: jdbc:jtds:sqlserver://vmgmt1:1433:1433 / vcloud; socketTimeout = 90; instance = vcloud
  loading /opt/vmware/vcloud-director/db/mssql/NewInstall_PreInit.sql
  [2 reports]
  Execution of SQL query error: ' IF ((SELECT is_read_committed_snapshot_on FROM sys.databases WHERE database_id = DB_ID()) <>1).
  BEGIN
  DECLARE @sql varchar (8000)
  SELECT @sql = '
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET SINGLE_USER WITH IMMEDIATE RESTORATION.
  ALTER DATABASE ' ' + DB_NAME() + ' "ALLOW_SNAPSHOT_ISOLATION DEFINED;
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT;
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET MULTI_USER;
  '
  Exec (@SQL)
  END '.
  java.sql.SQLException: Option "SINGLE_USER" cannot be defined in database 'master '.
  at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:368)
  at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2816)
  at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2254)
  at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:636)
  at net.sourceforge.jtds.jdbc.JtdsStatement.processResults(JtdsStatement.java:584)
  at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:546)
  at net.sourceforge.jtds.jdbc.JtdsStatement.executeImpl(JtdsStatement.java:723)
  at net.sourceforge.jtds.jdbc.JtdsStatement.execute(JtdsStatement.java:1157)
  at com.vmware.vcloud.configure.Db.executeSqlBatch(Db.java:231)
  at com.vmware.vcloud.configure.Db.executeSqlScript(Db.java:190)
  at com.vmware.vcloud.configure.Db.createTables(Db.java:142)
  at com.vmware.vcloud.configure.Db.maybeInitialize(Db.java:301)
  at com.vmware.vcloud.configure.ConfigAgent.configureDatabase(ConfigAgent.java:1631)
  at com.vmware.vcloud.configure.ConfigAgent.start(ConfigAgent.java:396)
  at com.vmware.vcloud.configure.ConfigAgent.main(ConfigAgent.java:295)
  Communication with the database error: Option SINGLE_USER cannot be defined in the master database.

  Just a stab in the dark - the guides call say use a user for vcloud (named: vcloud) not "its".

  Our vcloud database user login has a default instance of the vcloud database.  Maybe this will get around the question (seems to me that THE default connection is master - and before the change of the "vcloud" database scripts he tries to put in single-user mode.

• Safari no longer works with SSL self-signed certificates?

  With the last Safari (9.0.3) on OS X (running 10.11.3) and iOS (9.2.1) operating system, I can no longer connect to sites that use self-signed SSL certificates. Previously, I was warned that the site certificate was not "valid", but given the opportunity to continue anyway. This is the behavior I want to come back. It still works fine in Chrome, Firefox. but now just Safari gives me an error "Safari can't open the Page" as it would if it could not reach the server. Specifically, it says "Safari can't open the page https://myselfsignedhost.com because Safari is unable to establish a connection to the server myselfsignedhost.com.

  It does not give me the opportunity to inspect the certificate, add the certificate to my keychain, trust the cert, ignore the warning once or anything else that would be useful... He's just pretending like it can't connect. Am I missing something? How to restore old functionality? This 'bug' makes safari completely useless for me.

  OK, some info... This seems to apply only to SOME sites with self signed SSL CERT... The only obvious thing I can think is that maybe it applies to sites where the SSL certificate when the page was first loaded?

  If I open a new window private, I can access the page without problem. If I open a new standard, I can also open the page, until I quit safari. Once I left, it stops loading with the same error...

  If I manually add the SSL certificate to my keychain as being approved, the page also works... There may be a cache of certificate somewhere that is out of date?

• Unable to connect to SMTP using TLS with a certificate self-signed on OSX 10.10.1 (T31.3 &amp; 24.6)

  I can't connect to my server SMTP with TLS on port (send 465 or 587 / 995 receive) using Thunderbird 31.3 or my OS X 10.10.1 24.6 (Didier) MacBook Pro.

  However, I am able to send and receive mail from the same account on my Windows 7 machine using Outlook 2007, using the same settings I configured in Thunderbird. I added the certificate etc.

  http://img.Photobucket.com/albums/v631/Napoleon_BlownApart/ScreenShot2014-12-16at121323pm.PNG (Taken when using 24.6)

  I am the admin of the server and the password and other settings on the side Server are correct! (I'll take a look at the evolution at the same time. I am already back to an earlier version of Firefox because of sloppy coding and broken features).

  Any ideas?

  If the server name is a secret, how you expect to receive mail. Please, we have pretty bad without guessing. Seriously what you are done using a self signed certificate, they are free by https://www.startssl.com/

  My guess is it of OSX who dislikes the self-signed certificate, how Thunderbird to deal with Windows. As you have a copy install Thunderbird and see if it is a question of OSX.

• Certificate self-signed for remote VPN CLIENT access

  Hi people,

  I am trying to achieve two-factor authentication, first with RADIUS & 2nd with self-signed certificate. If I generated of self-signed certificate & trying to import this certificate but error 39 that occur. Only obstacle that authenticate with certificate. I saw some documents for separate setting certifcate servers (CA) & then to import in the clients but I m curious about a certificate automatically generated can be used to authenticate the remote access client.

  ASA additional server failover mode is Local CA is not supported. Is there a way to support local CA.

  Thank you

  Are you talking about using self-signed client certificates? I guess that it will not work. At least it is not scalable. You must use an internal CA for this task. As the local certification authority cannot be used with failover, you can take a Windows Server 2 k 3 or 2 k 8. Another option is to use a router IOS as CA-server. But what take something else as a second factor? I'm a big fan of the use of smartphones with the www.duosecurity.com service.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• ASA uses that certificates self-signed after upgrade to 9.4.1

  I came across a strange issue after upgrade to 9.4.1... (from 9.3)

  However I access the ASA (browser, Anyconnect, etc.), it offers only a self-signed certificate even if an appropriate SSL certificate installed.

  I checked:

  SSL-trust VPN_Portal_TP point
  SSL-trust outside VPN_Portal_TP point
  SSL certificate authentication CAF-timeout 5
  interface outside port 443 SSL certificate authentication

  is configured.

  • CA is installed, too.
  • Reinstalled all certififcates.
  • Reassign the Trustpoints

  Any ideas would be greatly appreciated... Thank you!

  I did have time to test this out on my laboratory unit yet, but there's a thread related here.

  I'm not positive on the standard resolution immediately - it will bring close watch.

  Perhaps the first person to prosecute TAC may share the resolution.

• Replace the certificate self-signed prominent 5.3

  Select a certificate:

  1 Subject: C = US, S = CA, L = CA, O = VMware Inc., unit of ORGANIZATION = VMware Inc., CN = VVVDCVDID03, [email protected]
  Valid from: 31/12/2013-15:56:35
  Valid until the: 31/12/2015-15:56:35
  Footprint: E93EDE1797C55BC61E95DF625AC33EC8D30DD089

  2 object: CN = .net, OR default certificate of VMware View = VVVDCVDID03.mydomain, O = "VMware, Inc.."
  Valid from: 12/30/2013 15:24:20
  Valid until the: 28/12/2023-15:24:20
  Footprint: 671E847CA3A55FC31AA62034174B29EC37D4DF38

  3 object: CN = * .mydomain .net, O is my company Holdings LLC, L = Grant Park, S = Illinois, C = US
  Valid from: 01/08/2014-19:00
  Valid until the: 14/01/2015-07:00
  Footprint: 1D976E97E9B9C55A02470F45618F7E2CD8763B43

  Enter the choice (0-3, 0 to abort): 3
  Remove the link to certificate successfully 18443 port.
  Bind the new certificate to the port.
  ReplaceCertificate successful operation.

  Yet the certificate still shows as invalid and self-signed view Admin and when I join on the site.  It's showing that ranked #2 in the SVICONFIG.

  In addition to this SVICONFIG does not appear to be installed facing the connection to the server at the point 5.3. Or at least I can't.  5.3 documents do not appear to exist. 5.2 only.

  How can I replace the self-signed certificate in my servers connection and security now?

  http://pubs.VMware.com/view-51/index.jsp?topic=%2Fcom.VMware.view.installation.doc%2FGUID-5ED2A8AB-0D5F-495F-B2F7-D7C64C7A021E.html

  http://pubs.VMware.com/view-51/index.jsp?topic=%2Fcom.VMware.view.installation.doc%2FGUID-5ED2A8AB-0D5F-495F-B2F7-D7C64C7A021E.html

  The solution in the end was that the self singing and new cert had the same friendly name of "vrm".  Changed the name of the car to "oldcert" sign and restarted the server connection.  That solved.

• Problem with Extensions self-signed

  I am packing my extension with self signed cert that is created with the ZXPSignCmd executable.

  It works properly and the - verify command confirms the ZXP is good to go.

  When a user install the extension, however, it works only once the first time they open Illustrator after installing it. Every time after that, opening of Illustrator, the Panel is completely empty.

  This problem can be solved by enabling PlayerDebugMode on file .plist to the end user (as indicated for developers in the blog), but obviously this is something that I'm not the final user does. Does anyone have insight as to why the extension Panel does not load once and then breaks? Activation PlayerDebugMode addresses the issue, but I can't understand why. I guess that is has something to do with the way in which it is signed, but I'd like confirmation/clarification if someone knows what's going on.

  Sounds... headscratchy... It is possible to activate the debug (at least in Photoshop) mode so that you can get more information directly in the sandbox. See below

  HTML panels advice: debugging #1 | Photoshop, etc.

  A small Guide to HTML5 Extensions | Adobe Developer Connection

• certificate self-signed in IIS 7.5

  Hello
  We get the "secure connection failed" when you browse an internal site with an auto SSL certificate that is signed by the server. There is no way to add to a list of contacts or circumvent security to work around. I can do to avoid this? We are not looking to buy an external cert only for our internal site. It is version 36.0.4.
  Thank you!
  -Dusty

  It turns out it is the encryption algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA that needed to be added in the. It seems to work fine now.

• VPN client using the certificate self-signed on SAA

  Hello

  I need set up a vpn client that use a certificate automatically generated by the ASA.

  The VPN configuration is easy, especially with the use of the wizard.

  The problem is that I need the procedure to configure the ASA as a CA server and how to send the certificate to the client

  Thank you

  Just to let you know, the ASA can act as a CA server for authentication of cert based for ipsec vpn. It is only possible for sslvpn. So in your case, the client should be the AnyConnect client.

• ASA SHA2 support with self-signed certificates

  Is it possible to use the signature SHA2 algorithm generating a certificate self-signed on an ASA? I can't find any documentation on orders that have control of things like the signature algorithm when you use self-signed certificates. I have seen documentation SHA2 is supported from 8.4.2 for the signature algorithm, but it always refers to the import of a certificate from an external certification authority.

  Hi William,.

  You can only generate self-signed certificate on the SAA SHA1. The solution is to import a certificate from a 3rd party with signature SHA2 algorithm.

  Here is the value for the same application:-

  ASA support for SHA - 2 for crypto IPsec and operations of the public key infrastructure
  CSCuj67576
  https://Tools.Cisco.com/bugsearch/bug/CSCuj67576/?reffering_site=dumpcr
  
  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• Stopped working self-signed certificates

  All a sudden (and not after a Firefox update) 41.0 Firefox stopped accepting SSL certificates self-signed on various websites that it had been accepted for months. I generated certificates myself.

  The link / button to add exceptions and import the certificate has disappeared from the "Untrusted connection" error page

  Things I've tried so far:

  • Import certificates via preferences > advanced > Certificates > view certificates > servers. The imported certificates, but Firefox seems to ignore.
  • Exit Firefox, remove cert8.db in my profile, then restart Firefox
  • Restart Firefox in safe mode
  • Import the certificate in the keychain of the OS (what makes Web sites work on Chrome and Safari)

  Generated certificates are signed "PKCS #1 SHA-256 with RSA encryption", they are not expired and have been generated with

     openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt
  

  In addition to the issue of trust, https://www.ssllabs.com/ssltest/ reported no problems with these certificates, they are fine ("' If trust issues are ignored: has '")

  The only way I can access these sites Web is via a private window: If the certificate has been imported previously (via preferences) private session window accesses Web sites without problem. If the certificate has not been imported, again, I have the option to add a temporary exception and after that is done, it works fine.

  This problem does not appear on another computer, even if the Firefox profile is synchronized between the two.
  The problem does not appear on Firefox 41.0 a colleague (same OS and hardware)
  Certificates signed by a real certification authority are accepted very well.

  UPDATE:

  I have marked this as resolved, but apparently the problem returned once a week, completely randomly.

  The best solution I've found so far is to leave Firefox, delete the following files from my profile, and then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.DB

  Finally, I fixed that by doing a Firefox "Refresh" (under topic: support) and re - sync my profile.

• Creating a self signed certificate - how do you define the "storepass.

  Hi, I am trying to use ADT to create an AIR 2.7 file, but this is the first time I used the command line tool to build an and have problems to understand the process of signing.

  I can generate a keystore cert.p12 from the flash IDE, and it requires a password to the file (-storepass)

  I can also use ADT to create a certificate self-signed from the command line, you can specify here the - keystore (location cert) and - keypass (password for the key in the store)

  I can't find a way to generate a certificate self-signed, where you can specify the two passwords, one for the store (-storepass) and one for the key (-keypass).

  It is a problem because when I go to my file using ADT AIR package, it takes two passwords - storepass and - keypass seized may publish.

  Is anyone know how generate a .p12 self-signed certificate and have a control on the two keys...?

  I spent hours playing and research now so maybe the wrong end of the stick, could do with some help get beyond this issue.

  Thank you

  Sean

  There is that a single password is mandatory in package for ipa that until now I know

  Example of order:

  C:\AdobeAIRSDK\bin\adt.bat-Paquet - target the ipa-test - stores pkcs12 - keystore [KEYFILE] .p12 - storepassKEY PASSWORD] - set service-profile [FILE of AVAILABLE MOBILE] .mobileprovision [NAME of the IPA] .ipa [NAME of THE XML FILE] .xml [NAME of FILE SWF] .swf Icon_29.png Icon_48.png Icon_57.png Icon_72.png default Icon_512.png - Landscape.png default - default Portrait.png - PortraitUpsideDown.png default - default PortraitLandscapeLeft.png - PortraitLandscapeRight.png