Security server certificates and naming

Similar Questions

• Help generate the SSL certificate for the Security Server

  Hi people,

  We have server (ss - 01.mydomain.local) security and connection server (cs - 01.mydomain.local). Now intend to install a certificate on the Security server. What should be the common name.

  our Web site is something like access.mydomain.local.

  Also, we plan to install SSL only on security for internet access server, this will affect the internal users, access to the connection to the server.

  Thanks and greetings

  J P Raj

  Take a look at the link below

  https://pubs.VMware.com/horizon-view-60/topic/com.VMware.ICbase/PDF/horizon-view-60-scenarios-SSL-certificates.PDF

  Internal users will not be affected when you install the Security server certificates

  Simply create a CSr file > get certificates and import them to the Security server in the MMC guide explains practically everything. If you already have certificates wildcard certificates, then you can follow the sub process

  (a) export the server certificates

  (1) to connect to the server that has certificates

  (2) for this server to export it to a PFX format certificate.

  (3) open the Microsoft MMC Certificates snap-in for the computer account.

  4) navigate to certificates (Local computer) > personal > certificates.

  (5) right-click on the signed certificate that is to be exported.

  6) click all tasks > export.

  (7) on the Welcome screen, click Next.

  8) click Yes, export the private key.

  (9) if it is an option, click on include all certificates in the certification path.

  (10) enter a password for the private key. This is required for the import certificates.

  (11) to enter a file name and location. For example, C:\certificates\certificate.pfx.

  12) click Next.

  13) click Finish.

  b) import it to the use of broker or planned connection securityr.

  Certificates of thye 1) import (preferable Pfx format) for the server broker or planned connection security.

  (2) open the Microsoft MMC Certificates snap-in for the computer account.

  3) navigate to certificates (Local computer) > personal > certificates.

  (4) right-click the certificates.

  5) click on Import.

  (6) through the pfx and click Next.

  (7) enter the certificate password.

  (8) select Mark keys as being exportable.

  9) click Next.

  10) click Finish.

  (c) restart Consulting Services

  To restart the services:

  Log in as an administrator on the server that is running the Server VMware View connection server VMware View connection or VMware View Server Security.

  Click Start > run, type services.msc and press ENTER.

  In the list of services, right-click on the VMware View connection Server or VMware View Server Security service.

  Click on restart and wait for service to stop and start.

• View security server 404 error - access external Office

  Hi all

  I am a security view in our gateway server deployment and for purposes of test base, we use a self-signed on view security server certificate.

  We are trying to access the external address and the following error.

  

  When you view the web address, we see the following error.

  

  The current set in place is that https traffic (443) intervenes, it strikes at our front door that transfers the SSL and port 80 traffic hits the view Security Server.

  I suspect that this could be a sort of issue of the certificate, or a configuration parameter missing.

  Any advice would be much appreciated.

  Thank you

  Gary.

  I wish that I could provide more assistance, but I do not have an F5 and yet I found the deployment guide that you have already gone through.  The section with the changes necessary for starting servers F5 and safety on page 8.  The only thing that caught my attention was that you need to configure the file locked.properties for servers that require http

  http://www.F5.com/PDF/deployment-guides/VMware-view5-IAPP-DG.PDF

• View Security Server installation issue 5.2

  I try to get my security server upward and running for 2 days now and continues to run into a brick wall.  I always get the following error:

  Error 28083.  Failed installation of IPsec. Please see the C:\users\...\...\vminst.log file for more details.  The journal reveals 'error: could not get a satisfactory response from the connection to the server after the installation of IPsec "

  In an effort to solve the problem, I welcomed the Windows Firewall on the Security Server and the connection to the server to allow all incoming connections.

  I checked that all the Back-End firewall configurations are correct and functioning as required.

  I scrolls http://communities.vmware.com/thread/405121?start=15 & tstart = 0 and made the changes recommended in this thread.

  When I remove completely all GPOS from the connection to the server, then I can successfully create the pairing between the server security and the connection to the server.

  Most of the people looks like it's a start for GPO setting to walk through them.  Well, I have several GPO that is applied in order to be compliant STIG.

  What I'm looking for is, can someone please point me in the right direction as to what the parameters might affect IPsec communication between the 2 boxes?

  Thanks for the help.

  After calling and by opening a ticket with VMware, it seems that I was able to successfully install the Security server.  After they looked through different GPO settings several that have been applied, I changed the setting below and has been able to correctly install after you run gpupdate/force on my login server.

  Options Configuration/policies/Windows Settings / Security Settings / Local Policies/Security / Cryptography system system cryptography: Use FIPS compatible algorithms for encryption, hashing, and signing

  My setting has been activated.  I changed it to disabled and it seemed to solve the current problem.

• Problem with USB auto connect with clients that connect through the Security server...

  Lack of VMware View 5.0.1 with 2 servers connection and a security server. When the clients connect directly to the server connection, USB connection works very well... users can use their USB drives and other devices with their VM. The problem occurs when they attempt to use their USB devices when negotiated through the Security server.

  I know that port 32111 (TCP) must be open between the server security and the connection to the server, but even after doing so it does not always work... customers just to get the scrolling message of office in the USB menu initialization.

  Our current facility is:

  External IP address-> DMZ (Security Server)-> connect to server

  Entrust us our firewall config through our ISP (we are not overloaded with scientists here, it's just me, so things like little help my work load). They are certainly not incompetent (or at least were not in the past). I had to open the external 32111 IP port to the DMZ, then of the DMZ to our connection server that is used for external connections. Everything about VMware View works perfectly for the clients that connect this way, but not USB devices.

  One thing I give is if our having a configuration of VLAN dedicated for customers views influence what either. I'm trying to keep an eye on what ports are open that for our firewall for my records, but I do not see where I openly opened ports on the internal side of security server to our internal network. He must have the port opened directly from the internal face of security server of vmware 32111 discovers clients?

  The firewall Guys tell me that they checked over and over that port 32111 is open throughout the. They also said that they tried to telnet 32111 to our security server port and have nothing back (should have gotten garbage at least according to them).

  An idea of the next steps to take? It is obviously a blocked port, I just have no idea why at this stage.

  I know that port 32111 (TCP) must be open between the server security and the connection to the server, but even after doing it still does not work

  This is not what it takes. The agent is listening on the port 32111, you must open the firewall to allow connections to the Security server for the desktop on port 32111 (same thing you must allow RDP and PCoIP).

  Mike

• Updated blackBerry Smartphones to BBM v7.0.1.23 and receive now "you are trying to open a secure connection, but the server certificate chain is not valid.

  BBM v7.0.1.23

  BlackBerry 8530

  V5.0.0.459 smartphone (Platform 4.2.0.201)

  recently upgraded to BBM V7.0.1.23 and now receive message repeated 'you try to open a secure connection, but the server certificate chain is not valid.

  battery pulled, continues to occur.

  I would appreciate your help to resolve.

  This was bugs me for a few weeks now, after update BBM to try BBM voice

  see article ID KB33968 knowledge base

  http://BTSC.webapps.BlackBerry.com/BTSC/ViewDocument.do;JSESSIONID=39AB1AF3BC35AC4B221973537775C2C7?...

  . . . I tried to insert a link shortcut to the URL, but it was not allowed.

  Looks like a fudge like BB issue a correction. I have not tried myself but is told by the way, but I'll do it later today.

• HPDM: HPDM replace self signed SSL certificates for server HDPM and master repository

  I am trying to replace the automatically generated self-signed certificates (issued to DM) issued by DM server HDPM and master repository.  I'm NOT arbitration FTPS, HTTPS embedded HPDM or CERT Thin Client Agent server.

  I already have CERT for the installation of our own internal domain CA for FTPS in IIS and the built-in Apache HTTPS server.  These work properly and pass tests of repository for both protocols.  I also have questions for Thin Clients of our internal CA very well.

  I am interested in the HPDM real server cert and cert master repository. These are generated automatically when the two services start.  They use a very weak MD5 hash and key RSA 1024.  I can't find any documentation around that, with the exception of troubleshooting, in which you can remove these certificates restart services and they will be regenerated.

  Here are the paths certs\key
  HPDM % install Path%\MasterRepositoryController\Controller.crt (Cert repository)

  HPDM % install Path%\MasterRepositoryController\Controller.key (repository key)

  HPDM % install Path%\MasterRepositoryController\Client.crt (HPDM Server Cert)

  HPDM % install Path%\Server\Bin\hpdmskey.keystore (Both HPDM server and repository Certs and keys) (not sure what format it is in.  It is not PEM and P12 ok I can say)

  There are also some HPDM % install Path%\Server\bin\hpdmcert.key.  Don't know what it is.  It's the key to the server HPDM but deleting it does nothing and it is never re auto generated in one of my tests.

  I am able to replace the Controller.crt and keys with my own files CA internal those emitted very well.  The service started and no errors occur.  However if I replace the Client.cert (HPDM Server Cert) with my own service will start but there are Socket SSL errors in repository logs and the HPDM server could not connect to the master repository. I have no idea where the key file is supposed to be for HPDM Server Cert.

  Can anyone help with this?  I can't find the configuration files for the service to generate their own certificates.  If I did I would try at least to change the config to do not use MD5.

  Hello

  These certiricates between HPDM server and MRC are not designed for customizable. Please submite one scenario if you have concerns of security on it.

  Just for info:

  hpdmcert. Key is for communication between the server HPDM and gateway HPDM

  hpdmskey.keystore is for communication between the server HPDM and MRC

  server_keystore is for the commhucation between HPDM server and the Console HPDM

• Security for the TANDBERG Content Server certificate

  Hello everyone,

  I have a question: How do I renew the security certificate for the TCS web interface?

  Our client has Tanbderg COntent Server installed 4.1 and the certificate has expired, so it is inaccessible by Firefox (the only options are IE10 and less, but they also show a large number of errors).

  Thanks in advance.

  The recording is stored and then transcoded. When the process is complete, you will see registration resulting in the record view > Recorded. Click Play to view the recording. See the online help for more information.

  Installation of a security certificate

  The content Server has implemented SSL (Secure Sockets Layer) Protocol to send the authentication information of the user (username and password) to securely to the user, log in. The SSL implementation means that the web UI must establish its letters of nobility with the browser of the user through an electronic document, called a security certificate.

  Each unit is supplied with a self-signed certificate which is valid for one year. Because self-signed certificates are not a certificate authority approved, when users try to log the unit, most of the browsers displays a message that the site identity can not be verified.

  You can add the unit to the list of sites approved in Internet Explorer or add an exception in Firefox to avoid seeing the connection error messages.  However, Cisco recommends the purchase of a security certificate of a certificate to the authority who has a relationship of trust to an authority root, such as VeriSign or Comodo. These credentials are more likely to be approved by the browser, eliminating the need to add the unit to the list of trusted sites. This certificate must be generated against the Windows computer name or the DNS entry associated with the IP address that is using the device.

  To install your security certificate purchased on the web site of the default unit:

  Step 1 Connect to the appliance using remote desktop, then Start > administrative tools > Internet Information Services (IIS) Manager.

  Step 2 Under Internet Information Services, expand '(local computer)"and then"Web Sites. "

  Step 3 , Right-click on default web site, and then select Properties.

  Step 4 In the Directory security tab, click server certificate in the secure communications section.

  Step 5 Follow the instructions in the Web Server Certificate Wizard to replace the current certificate with your purchase. For more information, see using Internet Information Services.

  You can also install it for the website Administration of Windows Media and website administration of Windows Server in order to avoid security warnings when administrators to connect to these sites.

  When you installed your certificate on web sites, this certificate is then used instead of that self-signed.

  If the security certificate expires, (independent), browsers will display another warning and more no previous warning associated with self-signed certificates. A new certificate request can be generated by using the IIS Web Server Certificate Wizard.  Once this request is generated, another self-signed certificate can be created by using a third-party tool or this request can be sent to a certificate issuing authority. Do NOT remove the expired certificate until you have installed a new because this will prevent any attempt to logon.

• SSL certificate for the Security Server external facing

  Dear all,

  Today, I bought an external SSL certificate of DigitCert for our security server. I imported the certificates in the personal certificate (computer account) on the Security Server store. DigiCert provided three certificates, root CA, CA server and the other with the name of our domain. I renamed the vdm to the friendly name of the existing self-signed certificate and used the friendly name for the certificate vdm has our domain name. Subsequently, I rebooted consulting on the Security server. They are all released on except the "Display Blast Secure Gateway" service which entered the suspended state.

  On our facility, we have a connection to the server and a security server. To the Security Server, we use a different domain name for connecting to the server. We have an internal PKI and the connection to the server uses an SSL certificate.

  connection to the server = server01.internaldomain.com

  Security Server = server02.externaldomain.com

  Why the certificate cannot be loaded to view Blast Secure Gateway? I missed something?

  Thank you

  Edy

  I solved it. It was with the private key of the certificate. This is the reason that the Blast Secure Gateway could not load.

• See 4.5 Security server problems since installing SSL certificate

  I'm having some very strange problems with my view view connection Server 4.5 (front and back) running. I hope someone could shed some light on the problem, because I have tried everything I know to do this job properly.

  Before installing a certificate self-signed server of external connection again, I was running the default VMware certificate. Everything worked very well in this configuration. I installed a new self-signed certificate and now I'm having intermittent problems, the connection to the server:

  1. in the connection from a windows machine I CAN reach the site URL/HTTP to download the client from the view. Once I run the client to view I got the following error: failed connection to connect to the server view. Network error.

  2. I tried to connect via the IP address of the server, ensure that the external URL is correct (everything worked fine before the installation of the SSL certificate).

  3. completely removed security server and reinstalled, restart the services etc. Still not connect on some machines. Connecting from a Wyse compatible iPad still works, never a problem.

  4. If I connect the VPN of the company on the machine that does not work, then launches the Client to view and connect everything works as it should. When I disconnect the VPN and try to connect again, I can connect very well! So I need to connect to the VPN to connect to browse... its really weird. I checked DNS etc and everything is identical with the default certificate. I did so that machines that have problems approve the certificate and I also followed the Cisco ASA firewall logs, I do not see happneing anything different between periods of work and does not.

  Someone at - he never lived something along these lines or can think of anything I can try?

  Thank you!

  I came across this same thing.  The conflict is between the customer to view and your new self-signed SSL certificate.  More precisely the thing causing the problem is the version of the wininet.dll file provided with IE8.  The wininet.dll file provided with IE8 causes some kind of conflict with the customer view 4.5 (if using other SSL certificate that the server generated one) and will not allow the client to view 4.5 software to connect to your server security.  I reported this to VMware (2 weeks ago) so that they should be aware of the problem.

  If you remove your new SSL certificate and return to the one created by the display server then everything works perfectly again.  If you are using a machine with IE6 or IE7 XP remove IE8, it also works very well.  I tried taking the file wininet.dll from XP SP3 IE6 machine and restore this file after installing IE8 and everything seemed to work ok, but probably not the best solution.

  Bottom line is until VMware resolves the conflict with their client to view, you may not use any SSL certificate (other than that of the server is) If you are going to connect to windows machines running IE8 or newer.

• I have a Proxy Server that uses a self-signed certificate, and I can't accept this certificate from Firefox

  I have Firefox installed 37.0.1 on OpenSuse 13.2. I have a proxy server that uses a self-signed certificate, and I tried to add my certificate to the list of authorities and to check all the option displayed to be wz trust no chance.

  I tried to restart firefox, but it did not help.

  I did the same steps in chrome and it works fine.

  appreciate any help.

  After removing my .mozilla in my home directory. Add the certificate to the list of authorities in fact work.

• I need to create public and private keys for the security certificate and I can not find the certificate. Where is he?

  I bought a security certificate, and the site tells me that it has been installed successfully. I need to export the certificate so that I can create public and private keys, but I can't find the certificate to do so.

  Firefox (Firefox Orange) > Options > Options > advanced > Certificates > authorities > export

• Problem with Firefox 13 certificate and secure Web sites

  Hello

  I am using Windows 7 32 bit on a Dell laptop.

  Everything was going well until I've upgraded to Firefox 13 a few days ago. I can't not to connect to Web sites secured like Gmail, Amazon, etc.

  It works perfectly fine in all other browsers is not an OS related issue.

  I use ESET Smart Security 6.0 beta and he hasn't behaved badly with any application.

  I tried the basic solutions as compensation network, the browser history cache, etc. I also reinstalled 13 (own) of Firefox.

  There is no modules or extensions installed in Firefox. The Proxy is set to 'No Proxy'.

  Each click in gmail throws an "Untrusted" error, even if I get certificates and store them permanently.

  I also tried tweaking all: variable config like below, but did not work.

  Browser.XUL.error_pages.expert_bad_cert = true

  Please help because it is extremely difficult to work with these problems.

  Thank you
  Anand

  Bingo!

  I removed SSL scanning from ESET 6.0 and re-installed all the more recent Windows updates. Everything works fine now.

  Thanks for your help!

  Best wishes, Anand

• How will I be informed when getting in and out a site with a secure server

  I can't find where to set the option for this. I could on Firefox 3.6
  Firefox 3.6 gives me a pop up that says I'm entering or leaving a site with a secure server. It's PARAMETERS in the Messages of warning on the Security tab in the window options. When you push the button PARAMETERS, a number of checkboxes allow for different parameters. I can't find it in Firefox 8.

  The settings for the 5 Warning Messages has been removed from security section in Firefox 4 and newer versions. These settings should be accessible through Subject: config now. So you're looking for the first and the third in the list below "parameters of the former in Firefox 3.6 on the Security Panel.

  See: http://kb.mozillazine.org/About:config

  1. type of topic: config in the URL bar and press the Enter key.
  2. If you see a cautionary, accept it (promise to be careful)
  3. Filter = security.warn_
  4. Double-click the pref in the lower panel on the subject: config display to toggle to true or false according to the descriptions below (scroll down to security.warn to see these particular preferences)
     • http://kb.mozillazine.org/About:config_entries #Security.

  Parameters of the ancients in Firefox 3.6 on the Security Panel
  
  Display a dialog warning when:

  • I'm about to view an encrypted page
    • Pref: security.warn_entering_secure
  • I'm about to view a page that uses low-grade encryption
    • Pref: security.warn_entering_weak
  • I leave a page encrypted to one that is not encrypted
    • Pref: security.warn_leaving_secure
  • I submit, information that is not encrypted
    • Pref: security.warn_submit_insecure
  • I'm about to view an encrypted page that contains unencrypted information
    • Pref: security.warn_viewing_mixed

  If this answer solved your problem, please click 'Solved It' next to this response when connected to the forum.

  Not related to your question, but...

  You may need to update some plug-ins. Check your plug-ins and update if necessary:

  • Plugin check-> http://www.mozilla.org/en-US/plugincheck/
  • Adobe Shockwave for Director Netscape plug-in: install (or update) the Shockwave with Firefox plugin
  • Adobe PDF plugin for Firefox and Netscape: Installation/update Adobe Reader in Firefox
  • Shockwave Flash (Adobe Flash or Flash): updated Flash in Firefox
  • Next-generation Java plug-in for the Mozilla browser: install or update Java in Firefox

• But intermediaries 1.2 root and server certificate

  Hello world

  I tried to renew the cert on ASA and I got 4 certificates from the seller

  Intermediate1 and 2

  Root cert

  Server Cert

  Server certificate is for ASA operating as VPN, what is the purpose of the other certs and where should I install them?

  Concerning

  Mahesh

  Hello Manu,

  You need to install the intermediate and the certificate root under certificates of CA on the ASDM.

  And the certificate of the server has installed under the certificate of identity section.

  After that, you need to replace the old trustpoint on SSL of the SAA with the new interface.

  I have attached the screenshots as well.

  Kind regards

  Aditya

  Please evaluate the useful messages and mark the correct answers.