LabVIEW and SSL certificate
So I come back on an interesting question that can cause significant problems, unless I can find a reasonable solution.
Until yesterday a number of software programs that run in a number of remote sites were running all fortunately accessing a database. This database is accessible via the HTTPS POST and screw HTTPCLIENT, and for the past two years, everything worked fine while having the true flag to check server, the database is part of a site that is all signed and certified.
However, as of yesterday, they all decide to stop, investigate the server itself it seems that the SSL certificate has switched from the previous period. While browsing the forums of LAVA, I managed to find the reference to the problem with which a LabVIEW ca - bundle.crt file making the obsolete object so not check the validity of the new certificate.
Now, while there is here a workaround which the server verify the Pavilion from true to FALSE switching, I can do all programs work again, there's the issue of having to update and rebuild several years worth of programs. So I was expecting something that I could do outside of LabVIEW to try to solve the problem, I had considered to replace ca - bundle.crt, but I'm not sure of the validity of this idea.
So, any ideas are likely to be accepted if they mean that I don't have to go to several versions of LabVIEW.
TLDR:
I can do something with it to solve the problem?
Welll the good news is that I found a solution. The problem is that I don't know to what extent this solution will get me, it should mean at least I can reach the single database I'm targeting.
Subsequently to the rear since the database certificate (COMODO) provider I found they provide CA bundle which when used to replace the LabVIEW supplied ca - bundle.crt allows the system HTTP access the database without problem.
For remote computers, it's probably fine as it is guaranteed to have the only secure site SSL they will try to access the database that I know the data are compatible with. For my development system however it may still remain a problem that I don't know when I'll have to try to access another site certified and whether or not the new authority will work. Although in all fairness for the moment I don't know if the LabVIEW provided one or the other will work.
I might have to come back to this thread at a later date and to make the point about how everything worked.
Tags: NI Software
Similar Questions
-
ODSEE 11 g and SSL certificate on the cascade replication topology
Hi all
I try to activate SSL on the replication topology cascade Department 11g with 4 cases including 1 hub.
Can I use a multi server SSL certificate to spread on all servers?
Any tips?
Thanks in advance.
Eugene
Hello Eugene,
Yes, it should work.
Either ask a multiple server of your CA certificate and import it on Department via PKCS12
or generate a CSR with a subjectAltName with certutil.
If I remember correctly, add another name of subject certificate is possible on the side this even if it is not present in the request of cert,.
-Sylvain
------
Please check the response as useful or correct when it is appropriate to make it easier for others to find
-
vCenter 5.5 Virtual Appliance and SSL certificates
I currently have vCenter 5.5 under Windows 2008 R2. I've been thinking to replace my Windows with the appliance vCenter vCenter virtual.
I have read the documentation on the SSL certificates for vCenter. I bought a RapidSSL SSL certificate on my current server vCenter. It seems that everything is working correctly, but the documentation I read says I need a different cert for various services such as inventory, Journal browser and AutoDeploy Service.
VCenter requires there really that many different certificates?
Yes, each component of vCenter server requires unique SSL certificate:
Reference:http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf
-
Forms 11 g and SSL certificate...
Hello:
Do you know if a simple SSL certificate works with form of oracle 11g? For example comodo or digicert certificates...
http://www.Comodo.com/business-security/digital-certificates/SSL.php
http://www.digicert.com/SSL-certificate-comparison.htm
do they work? Or I need something special?
Concerning
RicardoForms is just an application. SSL applies to HTTP communication. Forms does not really how you make your SSL connection. If you can successfully establish a connection between the client and the server (middle level) with a SSL connection, forms should work.
So, the question is, ' can you access any content on the client's server through an SSL connection? This must be established before you try to do this with Forms. In other words, can access the home page of Fusion Middleware with a SSL connection?
https://server:port
In the above, enter your name of the server and the SSL port number that you are using. If the SSL certificate has been configured correctly, you should see the homepage of Fusion Middleware. If this isn't the case, it's time for troubleshooting. Do not bother playing with shapes at this point.
-
the upgrade to vCenter 5.1.0b and SSL certificates
someone knows if this minor upgrade will be stomp on the SSL CA (SSO, inventory, vCenter, Crossover, etc.) the certificates that we have thoroughly improved when we went from 4.1 directly to 5.1.0a?
Thank you.
Hello
Your existing certificate will be in place while you perform the upgrade to vCenter server and after upgrade too.
Concerning
Mohammed
-
When I visit a Web site that requires SSL I displays the message "this connection is untrusted". Any Web site that I visit, it's always exactly the same message and the same SSL certificate that she is no longer valid for www.thawte.com
support.Mozilla.org uses an invalid security certificate.
The certificate is not approved, because no sender string has been provided.
The certificate is valid for www.thawte.com
The certificate expired on 11/11/2011 23:59. The time now is 11:46 28/01/2012.When I click "Add the Exception" on a Web site and view the certificate, it is exactly the same certificate with the exact same serial number.
I had a similar problem with Internet Explorer showing a 404 error when I visited SSL protected pages but to do a restore of the system a month ago to correct this. All other bowsers are / were very good.
I installed Firefox 3.x month last to test something that is when the problem started. I have since uninstalled Firefox 3.x and reinstalled the latest version. I deleted all the preferences/settings, disabled modules and reinstalled many times. I did a Windows system restore to before that the problem started with no luck.
The time / Date on my computer are correct. I have no firewall other than the windows one. I had no antivirus (netbook) until I installed a (Avast) yesterday to see if a virus was causing issues (found nothing). This problem arises on any internet connection (tested to work and home).
or try to use the module Skip Cert error (to jump to the SSL/TLS certificate error page)
Thank you
Please check 'Resolved' the answer really solve the problem, to help others with a similar problem.
-
Internal and external customers see certificate of Cisco router, NOT Exchange SSL certificate
Cisco 876 Integrated Services router (ISR)
Exchange Server 2010 SP1Customer: 2013 Outlook, OWA, ActiveSync WP7/WP8 (?)
Put us in place a new Cisco ISR. Almost everything works fine, with a few exceptions. Exchange e-mail stopped altogether for several days until I realized that I needed to redirect the ports, SMTP, HTTP, and HTTPS, by external to the Exchange Server. Now, mail flow is fine, but...
Every time I start Outlook, I get a certificate error. When I look at the certificate in the error popup, it points actually to certificate self-signed Cisco router. When we try to use the Windows phones, they get a "certificate error" and direct the user to the network administrator. Even with OWA: a certificate error, even if it can be "accepted" / overridden.
Each customer can still work, with the exception of Windows phones. In Outlook and OWA, mail is always be sent and received, but must be accepted manually that the certificate is wrong before the customer takes care, and then it takes a little longer to load.
Any ideas?
I did "" port forwarding on the pots of 25, 80 and 443. Again, I did it yesterday and now mail seems to flow, whereas before, even if we could enter the client with Certificate error, message not be received. (There was also a problem with mail however not passed, but that was due to our mail relay provider and was set yesterday as well...)
Everything worked fine with the previous router (obviously). It was a high-end, the level of consumption Fritz! Box commonly used in Germany. I also had to allow ports through this box is not unlike using the nat ip inside static commands on the 876, but I don't know what he could have let his own or why SRI is the Exchange Server application SSL certificate hijacking.
Thanks in advance for any help.
jeremyNLSO
CCNA Routing & Switching, CCNA security
MCITP, MCTS
Berlin, GermanyIf we have actually figured this out today. The internal DHCP Server distributing the a DNS Server public as well as the internal DNS. The internal DNS was time and the customer became the external IP address of the public DNS and it received an unexpected cert of the router. Once we removed the public DNS servers from the DHCP server and used only DNS servers in-house, that the issue went away. Logical after we realized what was going on.
-
Our security policy requires that all web pages admin must be signed by our CA business. I have successfully implemented a SSL certificate 3rd party Auth Web our WLAN of comments, but I need to install a self-signed certificate for the management of the WLC himself. I followed the instructions here:
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
but it was more useful for Web auth. I can't find a specific document explaining how it should be done for the management interface.
Any help much appreciated.
(1) Please use a password. Empty passwords regularly give problems.
(2) you don't recombine the key with the certificate before you download to the WLC:
Combine the CA.pem certificate with the private key, and then convert the file to a .pem file.
Type this command in the OpenSSL application:
openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts
-passin pass:check123 -passout pass:check123
!--- This command should be on one line.
openssl>pkcs12 -in CA.p12 -out final.pem -passin pass:check123 -passout pass:check123
Note: In this command, you must enter a password for the parameters -passin' and -passout . The password is set to the setting -passout must match the setting SubscriptionId is configured on the WLC. In this example, the password is configured at the time the -passin' and settings -passout is check123. Step 4 of the procedure in the section download the WLC third certificate of this document deals with the configuration of the SubscriptionId parameter.
The final.pem is the file that is transferred via TFTP to the Cisco WLC.
Now that you have the certificate of the third-party CA, you must download the certificate to the WLC.
-
Cisco ASA 5505 and comodo SSL certificate
Hey all,.
I'm having a problem with setting up the piece of Certificate SSL of Cisco AnyConnect VPN. I bought the certificate and installed it via the ASDM under Configuration > VPN remote access > Certificate Management > identity certificates. I also placed the piece of 2 CA under the CA certificates. I have http redirect to https and under my browser, it is green.
Once the AnyConnect client installs and automatically connect I get no error or anything. The minute I disconnect and try to reconnect again, I get the "VPN Server untrusted certificates! ' which is not true because the connection information to be https://vpn.mydomain.com and the SSL certificate is configured as vpn.mydomain.com.
On that note, it lists the IP address instead of the vpn.mydomain.com as the unreliable piece of this. Now of course I don't have the IP as part of the SSL-cert, just the web address. On the side of the web, I have a record A Setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
What I'm missing here? I can post config if anyone needs.
(My Version of the Software ASA is 9.0 (2) and ASDM Version 7.1 (2))
Yes that's correct. technically, it will take you to EKU as keys to authenticate server who was a little forced in version 3.1. But eventually, he was taken away. If you get no error using the browser and ot only comes with the anyconnect client. Most likely, you do not have to configured values. I can confirm that if you can share the fqdn with me also, you can try the upgrade and check it out.
Thank you
Bad Boy
-
I have a site that will be us set up the home for and one of their partners said they need a wildcard SSL certificate. can someone point me in the right direction for this please. Thanks in advance.
-Shawn
Hi clover,
If your customer needs absolutely their own certificate... something like https://yourdomain.com, then Yes, you will need switch to another solution. However, as I said, catalyst provides a free certificate and for the most part it is more than acceptable. You will need to provide us with more information... Why your customers need a Wildcard SSL certificate, are looking for secure and subdomains? Are they worried about security when ordering, it is an e-commerce site, you need to do?
-Ryan
-
Firefox for Mac does not recognize a valid SSL certificate
Firefox for Mac does not recognize the SSL certificate that is valid for this site, I got: https://www.georgeglazer.com. It gives a warning "not reliable." However, the Firefox for Windows does not give a warning. This happens even if I clear the cache and it happens in the Mavericks and OS of Yosemite. The certificate is up-to-date and with Comodo. Firefox for Mac is now the only browser producing these errors (v. 39, put updated) - Internet Explorer, Safari and Chrome are not. Our hosting provider has said it's probably a browser issue, perhaps having to do with intermediate certificates in Firefox being obsolete. I really hope you'll solve the problem, as it's annoying for us when we're going to do right by our customers and pay for the SSL certificate. I have attached a picture of the warning and the other from what you see on a PC: a pop-up that says it is a verified SSL certificate and gives details about the issuer, the period of validity, etc.
COMODO should you sent a link to download the file 'bundle' containing the intermediate certificates. Who needs to go in the same directory as the certificate of your site. If you are using a control panel, your host can probably help with this process. And if you bought through them, shame on them for not taking care of this for you already!
-
How to accept a new ssl certificate in Thunderbird?
7.15.15
I can't get or send emails on my cell phone two days ago.
- Neither the "Configuration Options for certificates" worked to bring in the certificate that I use that allows you to send and receive e-mail. Under the "Digital Signature" or "Encryption" when I press "Select" to select a certificate, I get the pop-up message "Certificate Manager cannot locate a valid certificate... ». When I press 'View certificates' certificate that I use is listed under 'Servers' and the 'authorities' and is up to date.
-In addition, under Tools - Options - Advanced - certificates for: "when a server requests my personal certificate", I selected "Ask Me every time" and left "query OSCP responder servers to confirm...". ', the box is checked.I think that this problem is bound to accept a new ssl certificate has been recently renewed. I've never had this problem before. How to start accepting a new certificate?
Thank you.
No you can not communicate with the server using a common product of Mozilla. In a short while you will not be able to co interact with it with any product. The operator/administrator of the server needs to fix their server to issue certificates 1024-bit or better. Or stop using TLS.
The best explanation of this change and it's because I've seen is here https://weakdh.org/
(right at the bottom of the page is what you need to do stuff)In essence, that the server does not have a security flaw serious patched and Mozilla products have been modified to not interact with servers that have not corrected the vulnerability. Vulnerability leaves you open to man in the middle attack on piracy.
-
How can I set up email when the field on the SSL certificate does not match?
I am a customer of Dreamhost and don't know if our situation is unique or not, but both smtp and imap are "mail.example.com" even if the SSL certificate belongs to ' *. DreamHost.com'.
I was not able to set up the email on my flame app because I get the following error:
> Could not establish a connection with "mail.example.com". There may be a problem with your network or server.
I think the problem is the lag of domain name, but I can't find a way to accept the certificate.
Hello!
According to the official DreamHost wiki site , you can try this (cut-and-pasted from the page). If it doesn't work, there are still other options available on the page.
To connect to the mail server using the name of the server dreamhost.com instead of messagerie.votre_domaine.fr.
Use the following steps to determine the name of the server to use:
In the DreamHost Control Panel Click "Account Status" in the upper right hand corner Look for the "Your Email Culster:" at the bottom of the list. Find your cluster in the table below. Use the server name for the incoming server in your mail program.
Name of Server Cluster e-mail
homiemail-sub3 sub3.mail.dreamhost.com
homiemail-sub4 sub4.mail.dreamhost.com
homiemail-sub5 sub5.mail.dreamhost.com
homiemail-master homie.mail.dreamhost.com -
When to access Intranet sites who have the SSL certificates issued by our internal PKI, FF for Windows gives an error message - an error occurred when connecting to myshaw. Security Library: improperly formatted DER encoded message. (Error code: sec_error_bad_der)
Chrome and IE work fine. This is a PKI again using the signature SHA-2 algorithm.
I was able to identify the problem. Our public key infrastructure has been using some signature algorithms that FF did not support.
-
Thunderbird does not recognize a self-signed SSL certificate
Dear support,
I have a very strange problem that I don't understand.
I run a server ISP offering IMAP and TLS/SSL HTTPS encryption. Both services use the same SSL certificate issued by RapidSSL/GeoTrust Server edward.ennabe.de
When I open an https connection to the server, Firefox correctly solves the certificate chain and use the certification authority root Equifax (which is correct).
However, when I try to connect to a mailbox via Thunderbird, all I get in the hierarchy of certificates is my server edward.ennabe.de. I don't think that it's "working as intended", or is it?Is something wrong with my Thunderbird or My Dovecot configuration? What is really strange that firefox recognizes it correctly.
Thanks in advance
Kind regards
ZeroEnna
In Thunderbird, click the 'Détails' tab in the display of the certificate.
See all certificates of CA listed in the field "Certificate hierarchy" also installed in your Thunderbird certificate store?
When checking this look for the tab 'authorities '.
If there are no certificates listed in the missing chain in the Thunderbird certificate store (for some reason any), you can try to export it in Firefox and import them into Thunderbird.
Maybe you are looking for
-
Why Firefox Add autocomplete = "off" for the fields of connection of my own web site?
First of all: it's my own website, my own HTML code. When I look at the source code for my login form (both on my server and delivery to the browser), there is no autocomplete = "off" attribute it. And yet, when I look at the field using FireBug, I s
-
Question on recovery satellite M50-176
Hello worldI have a Satellite M50-176 and I'm unable to get into windows, and I think that I have to restore the OS files.I have three CD/DVD toshiba dated 2005 (the recovery disk, media express recovery CD and CD extra software).I don't want to comp
-
R8500 disorder connect through C1100Z modem (Qwest)
I'm having difficulties to keep the connection or sometimes even to make connection through my modem. (the modem) works on its own, but I bought this router on Ebay non-recorded. Any help appreciated.
-
Use the colors of the alternative type block diagram data?
Options window 2016 LabVIEW to offer this new option: The help file, however, is not the document, and I have been unable to find anywhere in the options window where the data type of alternative block diagram colors could be defined. Any explanation
-
Recently, I unplugged the power supply current to work elsewhere in the House. When I reconnected the power running and left the computer had entered a deep sleep mode. He did wake up, and I could go on until the task was completed. Yet once I lef