Replace self-signed CERT with CA Cert signed

Similar Questions

• HPDM: HPDM replace self signed SSL certificates for server HDPM and master repository

  I am trying to replace the automatically generated self-signed certificates (issued to DM) issued by DM server HDPM and master repository.  I'm NOT arbitration FTPS, HTTPS embedded HPDM or CERT Thin Client Agent server.

  I already have CERT for the installation of our own internal domain CA for FTPS in IIS and the built-in Apache HTTPS server.  These work properly and pass tests of repository for both protocols.  I also have questions for Thin Clients of our internal CA very well.

  I am interested in the HPDM real server cert and cert master repository. These are generated automatically when the two services start.  They use a very weak MD5 hash and key RSA 1024.  I can't find any documentation around that, with the exception of troubleshooting, in which you can remove these certificates restart services and they will be regenerated.

  Here are the paths certs\key
  HPDM % install Path%\MasterRepositoryController\Controller.crt (Cert repository)

  HPDM % install Path%\MasterRepositoryController\Controller.key (repository key)

  HPDM % install Path%\MasterRepositoryController\Client.crt (HPDM Server Cert)

  HPDM % install Path%\Server\Bin\hpdmskey.keystore (Both HPDM server and repository Certs and keys) (not sure what format it is in.  It is not PEM and P12 ok I can say)

  There are also some HPDM % install Path%\Server\bin\hpdmcert.key.  Don't know what it is.  It's the key to the server HPDM but deleting it does nothing and it is never re auto generated in one of my tests.

  I am able to replace the Controller.crt and keys with my own files CA internal those emitted very well.  The service started and no errors occur.  However if I replace the Client.cert (HPDM Server Cert) with my own service will start but there are Socket SSL errors in repository logs and the HPDM server could not connect to the master repository. I have no idea where the key file is supposed to be for HPDM Server Cert.

  Can anyone help with this?  I can't find the configuration files for the service to generate their own certificates.  If I did I would try at least to change the config to do not use MD5.

  Hello

  These certiricates between HPDM server and MRC are not designed for customizable. Please submite one scenario if you have concerns of security on it.

  Just for info:

  hpdmcert. Key is for communication between the server HPDM and gateway HPDM

  hpdmskey.keystore is for communication between the server HPDM and MRC

  server_keystore is for the commhucation between HPDM server and the Console HPDM

• WaveMaker 6.5 and vCO 5.1 - default self signed CERT

  This is a little off topic, but I'm curious to know if anyone out there connected WaveMaker 6.5.x (web service) to vCO 5.1 (SOAP or REST) when the vCO is configured using the default self-signed certificates SSL (vanilla vCO 5.1 device).

  I get the following error even after the importation of the "localhost.localdom" of vCO cert in my Java keystore/restart WaveMaker:

  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: building way PKIX failed: sun.security.provider.certpath.SunCertPathBuilderException: could not find the path of valid certification for target asked

  Looks like real certs should work or if you have them signed by your own CA, but this isn't the case with the application out-of-the-box vCO.

  Related links:

  http://mighty-virtualization.blogspot.com/2012/09/WaveMaker-handling-SSL-certificates.html?showComment=1351627607456#c2610948026372492253

  http://dev.WaveMaker.com/forums/?q=node/8424

  Hello!

  I think that the host name of the certificate must match the host name you are trying to reach.

  The default certificate localhost.localdom works so that, if you try to connect to vCO with localhost.localdom (it might be useful a quick shot, edit the file hosts on your system wavemaker :-))

  To change the certificate on vCO to match the real hostname of the box of vCO, see here:

  http://www.vcoteam.info/learn-VCO/work-with-VCO-over-SSL.html

  http://EnterpriseAdmins.org/blog/virtualization/VCO-appliance-and-SSL-certificates/

  After chaning and removing the old and import a new keystore wavemaker it should work... Let us know! :-)

  As workaround heavyweights: you can skip using WaveMaker webService tool and create your own JavaService. See an example here: http://blog.mightycare.de/en/2012/06/wavemaker-spring-and-vmware-infrastructure/

  PS: The example he uses the old SOAP API of vCO, but you get the feeling (and links to java for the new REST API of https://yourvcoserver:8281/api/docs/downloads.html

  PPS: It's in German, but you can download the sample project at the end of the article. If you need a discussion translation/more about this, let me know...

  See you soon,.

  Joerg

• Flex + self signed SSL Cert

  We have an SSL certificate that is self-signed on our application server. When we run the application flex from outside of our network and try to access the web service, flex throws the following error:

  Failed to load the WSDL. If there are currently online, please verify the format of the WSDL and URI file

  We did install the certificate on client computers for IE and Firefox, but nothing seems to fix it, as we have tested the service via http and it works fine, but when you switch to https is when it breaks. To test further we loaded the wsdl for the service from outside of our network and were able to see with the crossdomain.xml file that resides on the server. At this point, we are at a loss of what could be the problem.

  Does anyone have any suggestions?

  Thanks in advance. If you need information additional just ask.

  Pony up the $15 for a cert play. You've already spent more in a way that tries to "solve" this problem.

• Configure SSL for OUD 4444 port Admin port-> replace the self signed certificates used

  Hi Experts,

  When installing OUD choose Certification self-signed for ports 1636 and 4444.

  Later I change the certificates used by the port of 1636 to a new key file containing the CA certificates. (Track the steps of: https://docs.oracle.com/cd/E52734_01/oud/OUDAG/security_clients_severs.htm#OUDAG00050)

  But same procedure does not have to replace the self signed certificates used by ports 4444!  Everyone is configured SSL (with Cert CA) on the Administration port?

  I couldn't even start the servers, you see an error:

  """

  category = gravity CORE = NOTICE msgID = 458891 msg = the directory server sent a notification to alert generated by the class org.opends.server.core.DirectoryServer (org.opends.server.DirectoryServerShutdown alert type, alert ID 458893): the directory server started the shutdown process.  Stop was launched by an instance of the org.opends.server.core.DirectoryServer class and the reason for the closure was an error occurred trying to start the directory server: NullPointerException (File.java:277 AdministrationConnector.java:843 AdministrationConnector.java:675 AdministrationConnector.java:182 ConnectionHandlerConfigManager.java:356 DirectoryServer.java:2932 DirectoryServer.java:1584 DirectoryServer.java:10108)

  «[27/sep / 2015:06:22:53-0400] category = gravity = NOTICE msgID = 458955 msg = the directory server CORE is now stopped "«»

  Post edited by: 1976902

  Sorry, I cannot help here - here are a few possibilities.

  Change connector Administration certificate

  https://docs.Oracle.com/CD/E52668_01/E54669/HTML/ol7-genssc-auth.html

  The failure of the handshake could occur for various reasons:

  • Incompatible encryption suites in use by the client and the server. This would require the customer to use (or allow) a suite of encryption supported by the server.
  • Incompatible versions of SSL in use (the server can only accept TLS v1, while the client is capable of using SSL v3 only).
  • Incomplete trust for the certificate of the server path
  • The certificate is issued to another area.
  • incomplete certificate trust path between the certificate for the server, and a certification authority root.
  • In most cases, this is because the certificate is not present in the trust store

• Safari no longer works with SSL self-signed certificates?

  With the last Safari (9.0.3) on OS X (running 10.11.3) and iOS (9.2.1) operating system, I can no longer connect to sites that use self-signed SSL certificates. Previously, I was warned that the site certificate was not "valid", but given the opportunity to continue anyway. This is the behavior I want to come back. It still works fine in Chrome, Firefox. but now just Safari gives me an error "Safari can't open the Page" as it would if it could not reach the server. Specifically, it says "Safari can't open the page https://myselfsignedhost.com because Safari is unable to establish a connection to the server myselfsignedhost.com.

  It does not give me the opportunity to inspect the certificate, add the certificate to my keychain, trust the cert, ignore the warning once or anything else that would be useful... He's just pretending like it can't connect. Am I missing something? How to restore old functionality? This 'bug' makes safari completely useless for me.

  OK, some info... This seems to apply only to SOME sites with self signed SSL CERT... The only obvious thing I can think is that maybe it applies to sites where the SSL certificate when the page was first loaded?

  If I open a new window private, I can access the page without problem. If I open a new standard, I can also open the page, until I quit safari. Once I left, it stops loading with the same error...

  If I manually add the SSL certificate to my keychain as being approved, the page also works... There may be a cache of certificate somewhere that is out of date?

• ASA5505 IPSEC only with self-signed certificates

  Hi all

  I have little Cisco training and was assigned to a pilot project. We have cleaning of the ASA from another Department, but I do not have access to support. It is running ASA v9.1 and ASDM 7.1. If all goes well I'll be sent on training and we can buy a nice 5520.

  So I scoured the internet for a guide that is easy to do as my title says, but I'm having major trouble. I find a lot of outwardly signed with self-signed SSL VPN or VPN IPSEC with CERT support but I can't only get ASA self-signed IPSEC IKEv2 with certificate authentication. Also, to make it even worse, I have to provide the user with the software, the profile and the certificate in hand. No access to the web or download portal.

  If you know where I can get good installation guide for this type of use please by all means save me here. If this isn't possible, I'm cool with that, let me know.

  Thank you fo any help you can provide

  Jay

  If the ASA uses a certificate issued by a certification authority that is in-store customer trust root CA, then the certificate of identity ASA didn't need to be imported by the customer.

  Which is why it's usually recommend to follow the path of using experienced public CA because they are alreay included in most modern browsers and so the client has no need to know how to import certificates etc.

  If you are using a local certification authority that is not in the store trusted CA of the customer to deliver your ASA certificate or identity certificates on the SAA signing root then you must take additional measures at the level of the customer.

  In the first case, you could import the CA certificate in the store root CA of the client trusted root. After that, all the certificates it has issued (the IE the ASA certificate of identity) would automatically be approved by the customer.

  On the second case, certificate of identity of the SAA is would have installed on the client because it (the ASA) basically as it's own root certification authority. Usually, I install them in the CA store root confidence of my client, but I guess that's technically not necessary, as long as the customer knows to trust this certificate.

• ASA - a Site with self-signed certificates

  Team,

  ASA version 9.1 (3), ASDM 7.1 (4) on 5505.

  I have a pair of Cisco ASA 5505 that I am trying to establish a tunnel. I do everything with PSK. IKEv2 with AES256 IPSec. No problem...

  However, I learned that I can auto-signer certificates and use them to authenticate each firewall to another. I tried for hours... Generating of certs in all combinations and options, and the export of the P12 in the other firewall, by adding in - no problem

  I have self signed CERTS, so there is no CA.

  Then I'll be back in the connection profile and remove the PSK - flip on to RSA - SIG in the IKE Policy.

  Does anyone have this working with the ASA version, I'm running and care apart from your snippets of configuration especially how you created the pair of keys, self-signed one, exported and adding in the adjacent firewall?

  I don't want to use PSK for authentication.

  Help!

  I never used this way without a CA so I can't guarantee that it will work, but one thing is often forgotten with digital certificates: you assigned the ID-Cert cert in the crypto-plan?

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Replace the certificate self-signed prominent 5.3

  Select a certificate:

  1 Subject: C = US, S = CA, L = CA, O = VMware Inc., unit of ORGANIZATION = VMware Inc., CN = VVVDCVDID03, [email protected]
  Valid from: 31/12/2013-15:56:35
  Valid until the: 31/12/2015-15:56:35
  Footprint: E93EDE1797C55BC61E95DF625AC33EC8D30DD089

  2 object: CN = .net, OR default certificate of VMware View = VVVDCVDID03.mydomain, O = "VMware, Inc.."
  Valid from: 12/30/2013 15:24:20
  Valid until the: 28/12/2023-15:24:20
  Footprint: 671E847CA3A55FC31AA62034174B29EC37D4DF38

  3 object: CN = * .mydomain .net, O is my company Holdings LLC, L = Grant Park, S = Illinois, C = US
  Valid from: 01/08/2014-19:00
  Valid until the: 14/01/2015-07:00
  Footprint: 1D976E97E9B9C55A02470F45618F7E2CD8763B43

  Enter the choice (0-3, 0 to abort): 3
  Remove the link to certificate successfully 18443 port.
  Bind the new certificate to the port.
  ReplaceCertificate successful operation.

  Yet the certificate still shows as invalid and self-signed view Admin and when I join on the site.  It's showing that ranked #2 in the SVICONFIG.

  In addition to this SVICONFIG does not appear to be installed facing the connection to the server at the point 5.3. Or at least I can't.  5.3 documents do not appear to exist. 5.2 only.

  How can I replace the self-signed certificate in my servers connection and security now?

  http://pubs.VMware.com/view-51/index.jsp?topic=%2Fcom.VMware.view.installation.doc%2FGUID-5ED2A8AB-0D5F-495F-B2F7-D7C64C7A021E.html

  http://pubs.VMware.com/view-51/index.jsp?topic=%2Fcom.VMware.view.installation.doc%2FGUID-5ED2A8AB-0D5F-495F-B2F7-D7C64C7A021E.html

  The solution in the end was that the self singing and new cert had the same friendly name of "vrm".  Changed the name of the car to "oldcert" sign and restarted the server connection.  That solved.

• Problem with Extensions self-signed

  I am packing my extension with self signed cert that is created with the ZXPSignCmd executable.

  It works properly and the - verify command confirms the ZXP is good to go.

  When a user install the extension, however, it works only once the first time they open Illustrator after installing it. Every time after that, opening of Illustrator, the Panel is completely empty.

  This problem can be solved by enabling PlayerDebugMode on file .plist to the end user (as indicated for developers in the blog), but obviously this is something that I'm not the final user does. Does anyone have insight as to why the extension Panel does not load once and then breaks? Activation PlayerDebugMode addresses the issue, but I can't understand why. I guess that is has something to do with the way in which it is signed, but I'd like confirmation/clarification if someone knows what's going on.

  Sounds... headscratchy... It is possible to activate the debug (at least in Photoshop) mode so that you can get more information directly in the sandbox. See below

  HTML panels advice: debugging #1 | Photoshop, etc.

  A small Guide to HTML5 Extensions | Adobe Developer Connection

• Faced with Windows 2008 R2 PKI, self-signed certificates & view iPad customer Secure Authentication to view connection server: UGH!

  Background: I was instructed to create a VMware View isolated laboratory test so that HIGHER-UPS can see how they could access the VM dedicated as well as how their developers could put related clones on-the-fly. The project was successful! Yay!

  Addendum: A boss wants to see how VMware View works when accessing his computer virtual dedicated via his iPad on the internet... And who needs a secure SSL connection.

  The problem is: the domain name I chose casually because the lab did not belong to me... So I can't have a real certificate from a trusted commercial certification authority.

  So I'll try to roll my own public Windows 2008 R2 PKI and... All that forcing the iPad to use DC/DNS server in the lab... Get only the single get iPad trust view connection server by importing a sort of certificate.

  Can I export/import a certificate of the CA of DC to the iPad via an attachment... And it happens with confidence. But how to create a login to view the server certificate and electronic-mail/import in the iPad so it happens with confidence? Whenever I try to export the certificate of the certificate of the view connection server store, send it to the iPad and install... The connection server certificate appears as 'not reliable' and the VMware View client will not connect.

  (Of course, I could get sloppy and set the iPad Client to accept untrusted connections... "But I want to solve the problem of approved connection).

  I could be missing something royally on the self-signed certificates and certificate chains.

  (It is a first for me dealing with Active Directory Windows Certificate Services. In the past, I always just installed expensive commercial SSL CA certificates in the certificates Windows Server stores before.)

  Any help or direction, you can provide would be appreciated. I'm rather confused.

  See you soon!

  Keegan

  Hello

  Maybe was your initial problem that the provided certificate must be a descendant of a trusted root, such as Verisign cert or

  the root certificate must be installed and all the intermediate certificates in the trust chain down to the one you use?

  Concerning

  AndyR

• Looking for input on the replacement of certificates self-signed

  After many hours trying to find an answer, I now turn to the experts for assistance here.  I have Setup initially vcloud with a self-signed certificate and I am looking for help.  After some research, I was able to create a new key file with my CA-signed certificate.  However, I have problems beyond the portion of reconfigure.

  First off I am struck by the: 1433 bug I had when I initially configure vcloud where the configure script does not pick up the port number.  The workaround for this is to add: 1433 to the host name as it the entrance as the port number.  Now that I'm gone, I get an error NewInstall_preInit sql.  I don't understand not even why I need a "newInstall" as I already have a database works.  Here is my command output, maybe one of the guru here can point me in the right direction.

  [root@vcloud bin] # cd/opt/vmware/vcloud-director/bin/configure
  Welcome to the vCloud Director configuration utility.
  You will be asked to enter a number of parameters which are necessary for
  Configure and start the vCloud Director service.
  Please enter the path to the keystore of Java that contains your SSL certificates and
  private key: /opt/vmware/vcloud-director/cert.ks
  Please enter the password for the key file:
  Please enter the password for the private key for the certificate of "http":
  Please enter the password for the private key for the certificate of "consoleproxy":
  The following data types are supported:
  1 oracle
  2 Microsoft SQL Server
  Enter the type of database [default = 1]: 2
  Enter the host (or IP address) to the database: vmgmt1:1433
  Enter the database [Default = 1433] port: 1433
  Enter the name of the database [default = vcloud]: vcloud
  Enter the name of the instance [default = MSSQLSERVER]: vcloud
  Enter the database user name: his
  Enter the database password:
  Connection to the database: jdbc:jtds:sqlserver://vmgmt1:1433:1433 / vcloud; socketTimeout = 90; instance = vcloud
  loading /opt/vmware/vcloud-director/db/mssql/NewInstall_PreInit.sql
  [2 reports]
  Execution of SQL query error: ' IF ((SELECT is_read_committed_snapshot_on FROM sys.databases WHERE database_id = DB_ID()) <>1).
  BEGIN
  DECLARE @sql varchar (8000)
  SELECT @sql = '
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET SINGLE_USER WITH IMMEDIATE RESTORATION.
  ALTER DATABASE ' ' + DB_NAME() + ' "ALLOW_SNAPSHOT_ISOLATION DEFINED;
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT;
  ALTER DATABASE ' ' + DB_NAME() + ' ' SET MULTI_USER;
  '
  Exec (@SQL)
  END '.
  java.sql.SQLException: Option "SINGLE_USER" cannot be defined in database 'master '.
  at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:368)
  at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2816)
  at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2254)
  at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:636)
  at net.sourceforge.jtds.jdbc.JtdsStatement.processResults(JtdsStatement.java:584)
  at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:546)
  at net.sourceforge.jtds.jdbc.JtdsStatement.executeImpl(JtdsStatement.java:723)
  at net.sourceforge.jtds.jdbc.JtdsStatement.execute(JtdsStatement.java:1157)
  at com.vmware.vcloud.configure.Db.executeSqlBatch(Db.java:231)
  at com.vmware.vcloud.configure.Db.executeSqlScript(Db.java:190)
  at com.vmware.vcloud.configure.Db.createTables(Db.java:142)
  at com.vmware.vcloud.configure.Db.maybeInitialize(Db.java:301)
  at com.vmware.vcloud.configure.ConfigAgent.configureDatabase(ConfigAgent.java:1631)
  at com.vmware.vcloud.configure.ConfigAgent.start(ConfigAgent.java:396)
  at com.vmware.vcloud.configure.ConfigAgent.main(ConfigAgent.java:295)
  Communication with the database error: Option SINGLE_USER cannot be defined in the master database.

  Just a stab in the dark - the guides call say use a user for vcloud (named: vcloud) not "its".

  Our vcloud database user login has a default instance of the vcloud database.  Maybe this will get around the question (seems to me that THE default connection is master - and before the change of the "vcloud" database scripts he tries to put in single-user mode.

• RTMPS with self-signed certificate

  Hello
  
  I have a simple Webcam movie, publish live video
  FMS 2.0.2 r51 dev under Debian 3.1r2 edition
  and then he plays in another video-window.
  
  It works very well and rtmp, rtmpt, but with rtmps I get
  the error "NetConnection.Connect.Failed".
  
  I have prepared a simple and all assembled test scenario
  info here: http://pref.dyndns.org:8080/live/live.html
  
  The certificate has been created by me in this way:
  openssl req - x 509 - days 365 - newkey rsa:1024.
  -self-signed - certificate.pem - keyout pub-sec-.pem
  
  And implement defaultRoot_/Adaptor.xml:
  "< name HostPort ="edge1"ctl_channel =": 19350 ">: 1935, 80,-443 < / HostPort >"
  ... jumped...
  /Home/afarber/certs/self-signed-certificate.PEM < SSLCertificateFile > < / SSLCertificateFile >
  < SSLCertificateKeyFile type = "EMP" > /home/afarber/certs/pub-sec-key.pem < / SSLCertificateKeyFile >
  secret of < SSLPassPhrase > < / SSLPassPhrase >
  < SSLCipherSuite > ALL:! ADH:! BASS:! EXP:! MD5:@strength < / SSLCipherSuite >
  
  I'm sure that the server works as I see in the var:
  localhost adapter [2675]: listener started (_defaultRoot__edge1): 443 (secure)
  
  I also tried to put
  Import mx.remoting.Service;
  Import mx.services.Log;
  Import mx.remoting.debug.NetDebug;
  NetDebug.initialize ();
  
  at the top of my AS code, but the NetConnection debugger
  window displays no information at all, for some reason any:
  http://pref.dyndns.org:8080/live/NetDebug-empty.gif
  
  Concerning
  Alex

  I found the solution-

  There is a bug in the current Flash Player:
  If a pop-up window of dialogue for a reason any
  (as unknown CA or not is not host name)
  then the cert will be rejected even if you
  Click 'yes '.

  If you are generating a cert self-signed like this:

  OpenSSL genrsa-des3-out ca.key 4096
  openssl req - new - x 509 - days 365 - key ca.key - out ca.crt

  OpenSSL genrsa-des3-out server.key 4096
  openssl req - new - key server.key - out server.csr

  OpenSSL x 509 - req-days 365 - in server.csr - CA ca.crt - CAkey ca.key - set_serial 01 - out server.crt

  (increase the 01 above for each new cert).

  and then import the ca.crt from above in your
  browsers (i.e. double-click on Windows for IE
  Open from Mozilla Firefox and click OK).

  Concerning
  Alex

• Unable to connect to SMTP using TLS with a certificate self-signed on OSX 10.10.1 (T31.3 &amp; 24.6)

  I can't connect to my server SMTP with TLS on port (send 465 or 587 / 995 receive) using Thunderbird 31.3 or my OS X 10.10.1 24.6 (Didier) MacBook Pro.

  However, I am able to send and receive mail from the same account on my Windows 7 machine using Outlook 2007, using the same settings I configured in Thunderbird. I added the certificate etc.

  http://img.Photobucket.com/albums/v631/Napoleon_BlownApart/ScreenShot2014-12-16at121323pm.PNG (Taken when using 24.6)

  I am the admin of the server and the password and other settings on the side Server are correct! (I'll take a look at the evolution at the same time. I am already back to an earlier version of Firefox because of sloppy coding and broken features).

  Any ideas?

  If the server name is a secret, how you expect to receive mail. Please, we have pretty bad without guessing. Seriously what you are done using a self signed certificate, they are free by https://www.startssl.com/

  My guess is it of OSX who dislikes the self-signed certificate, how Thunderbird to deal with Windows. As you have a copy install Thunderbird and see if it is a question of OSX.

• cannot install self-signed certificates sbs2008 on Vista SP2 with IE8

  I use SBS2008 Setup and it is to use self-signed certificates,

  My laptop is Windows Vista SP2 with IE8.

  When I try and connect to my OWA SBS2008 Web site, I get this error: there is a problem with this site's secure certificate.

  I tried to solve my problem with this solution: http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx , don't worry! In date; May 8, 2008

  I also looked at: http://support.microsoft.com/default.aspx?scid=kb; EN-US; 932156 , dated; November 19, 2008

  This link is on the page above: download the update for Windows Vista (KB932156) package now. , dated March 24, 2008. I understand that all of the above links are ment to work with Vista & IE7, there is no mention of the Service Pack level.

  This patch really works on Vista SP2 with IE8 or do I have to change the registry and if so, this key is always the right pair?

  HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots

  Thank you

  Hello

  Questions like these are much better handled in the TechNet IT Pro Forums.

  My moderator tools cannot transfer messages on Windows forums, please re - ask you question there.

  http://social.technet.Microsoft.com/forums/en-us/itprovistanetworking/threads