SSL certificates for a clustered environment

Similar Questions

• SSL certificate for access to the administration of a WSA

  Can someone point me to a guide on how to install an ssl certificate for access to the administration of a WSA?

  Curiously, all the documents that I could find so far talk of SSL certificate for HTTPS decryption...

  Page 367 of this doc.  http://www.Cisco.com/c/dam/en/us/TD/docs/security/WSA/wsa8-0/wsa8-0-6/WSA_8-0-6_User_Guide.PDF

• Setting the SSL certificate for the web user interface

  How can I configure the SSL certificate for the management of a SG300 interface? I don't seem to find the configuration option in the web gui?

  Hello Dirk,.

  For import / create / modify h99350 ssl please go to ' ' security > SSL server > SSL server authentication settings.

  HTTPS is enabled by default.

  Thank you and best regards,

  Siva

• The e-mail application does not connect to the Dreamhost servers. Perhaps because of how they configure their SSL certificate for their subdomains.

  http://wiki.DreamHost.com/Certificate_Domain_Mismatch_Error

  Certificate SSL of Dreamhost for their mail servers only at one level of subdomain while many of their clusters of e-mail exist on a second level subdomain. In my view, this translates into an error message 'bad security' of the e-mail application.

  I contacted DreamHost and they say they are unable to solve this problem, or that they will allow me to install an SSL certificate on my virtual domain pointing to my cluster e-mail (even if I had to buy a).

  I understand, it is possible to manually add certificates via adb in a way similar to this: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/

  However what I read this: 1. does not work on the ZTE Open 2. Can only fix only navigation not the web mail client.

  Is there any option that is available to me short of switching hosts?

  Fabian,

  Are you familiar with Firefox OS? The reason why I say this is because the e-mail client cannot create an excaption certificate. In fact, it's design. It's design: https://wiki.mozilla.org/Gaia/Email/Features#Security

  This request for support to Mozilla was placed specifically for the product Firefox OS, for which there is only a single mail client.

  That said many people in the Mozilla Bugzilla, have been able to show me how to find another alias for those servers that actually works and in fact corresponds to SSL certificates. Although Dreamhost support could not provide me with any such information, and such information is not actually in the DreamHost wiki.

  I have a repeated insistence of Dreamhost possibility I should just live with the exceptions of SSL certificate, when there is real existing valid server names to match the certificates in question, silly.

  The fact that you post this solution for one product, so that it is not yet applicable beyond useless. It serves to muddy waters.

• All the sites SSL Web I visit displays the message "this connection is untrusted" and shows me a false SSL certificate for a different domain name.

  When I visit a Web site that requires SSL I displays the message "this connection is untrusted". Any Web site that I visit, it's always exactly the same message and the same SSL certificate that she is no longer valid for www.thawte.com

  support.Mozilla.org uses an invalid security certificate.

  The certificate is not approved, because no sender string has been provided.
  The certificate is valid for www.thawte.com
  The certificate expired on 11/11/2011 23:59. The time now is 11:46 28/01/2012.

  When I click "Add the Exception" on a Web site and view the certificate, it is exactly the same certificate with the exact same serial number.

  I had a similar problem with Internet Explorer showing a 404 error when I visited SSL protected pages but to do a restore of the system a month ago to correct this. All other bowsers are / were very good.

  I installed Firefox 3.x month last to test something that is when the problem started. I have since uninstalled Firefox 3.x and reinstalled the latest version. I deleted all the preferences/settings, disabled modules and reinstalled many times. I did a Windows system restore to before that the problem started with no luck.

  The time / Date on my computer are correct. I have no firewall other than the windows one. I had no antivirus (netbook) until I installed a (Avast) yesterday to see if a virus was causing issues (found nothing). This problem arises on any internet connection (tested to work and home).

  Try bypassing the caveat

  or try to use the module Skip Cert error (to jump to the SSL/TLS certificate error page)

  Thank you

  Please check 'Resolved' the answer really solve the problem, to help others with a similar problem.

• Install a new SSL certificate for Server 2008 R2

  Hello

  We have a Windows 2008 R2 server running of the machine. As a company that manages payments, we need to be registered PCI DSS and the scan picked up a point of failure is that we do not have an SSL certificate installed. I bought a via GoDaddy and followed the instructions on their site to install it, but the PCI DSS Analysis is always a failure for the following reason: -.

  "The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certification authority."

  The certificate at the top of the string is the default "integrated". How to promote the certificate GoDaddy installed at the top of the chain?

  Thank you

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Help generate the SSL certificate for the Security Server

  Hi people,

  We have server (ss - 01.mydomain.local) security and connection server (cs - 01.mydomain.local). Now intend to install a certificate on the Security server. What should be the common name.

  our Web site is something like access.mydomain.local.

  Also, we plan to install SSL only on security for internet access server, this will affect the internal users, access to the connection to the server.

  Thanks and greetings

  J P Raj

  Take a look at the link below

  https://pubs.VMware.com/horizon-view-60/topic/com.VMware.ICbase/PDF/horizon-view-60-scenarios-SSL-certificates.PDF

  Internal users will not be affected when you install the Security server certificates

  Simply create a CSr file > get certificates and import them to the Security server in the MMC guide explains practically everything. If you already have certificates wildcard certificates, then you can follow the sub process

  (a) export the server certificates

  (1) to connect to the server that has certificates

  (2) for this server to export it to a PFX format certificate.

  (3) open the Microsoft MMC Certificates snap-in for the computer account.

  4) navigate to certificates (Local computer) > personal > certificates.

  (5) right-click on the signed certificate that is to be exported.

  6) click all tasks > export.

  (7) on the Welcome screen, click Next.

  8) click Yes, export the private key.

  (9) if it is an option, click on include all certificates in the certification path.

  (10) enter a password for the private key. This is required for the import certificates.

  (11) to enter a file name and location. For example, C:\certificates\certificate.pfx.

  12) click Next.

  13) click Finish.

  b) import it to the use of broker or planned connection securityr.

  Certificates of thye 1) import (preferable Pfx format) for the server broker or planned connection security.

  (2) open the Microsoft MMC Certificates snap-in for the computer account.

  3) navigate to certificates (Local computer) > personal > certificates.

  (4) right-click the certificates.

  5) click on Import.

  (6) through the pfx and click Next.

  (7) enter the certificate password.

  (8) select Mark keys as being exportable.

  9) click Next.

  10) click Finish.

  (c) restart Consulting Services

  To restart the services:

  Log in as an administrator on the server that is running the Server VMware View connection server VMware View connection or VMware View Server Security.

  Click Start > run, type services.msc and press ENTER.

  In the list of services, right-click on the VMware View connection Server or VMware View Server Security service.

  Click on restart and wait for service to stop and start.

• SSL certificate for the Security Server external facing

  Dear all,

  Today, I bought an external SSL certificate of DigitCert for our security server. I imported the certificates in the personal certificate (computer account) on the Security Server store. DigiCert provided three certificates, root CA, CA server and the other with the name of our domain. I renamed the vdm to the friendly name of the existing self-signed certificate and used the friendly name for the certificate vdm has our domain name. Subsequently, I rebooted consulting on the Security server. They are all released on except the "Display Blast Secure Gateway" service which entered the suspended state.

  On our facility, we have a connection to the server and a security server. To the Security Server, we use a different domain name for connecting to the server. We have an internal PKI and the connection to the server uses an SSL certificate.

  connection to the server = server01.internaldomain.com

  Security Server = server02.externaldomain.com

  Why the certificate cannot be loaded to view Blast Secure Gateway? I missed something?

  Thank you

  Edy

  I solved it. It was with the private key of the certificate. This is the reason that the Blast Secure Gateway could not load.

• Impossible to update SSL certificate for Mail account

  My SSl certificate has expired. I bought a new one installed and all other mail client works fine... except this junk called Mac Mail. Now, I can't check my email at all.

  I have 14 accounts on the same server. One account was asked to accept the new certificate (hostname mismatch). All other accounts are now with one! and "taking into accounts online" does nothing. Remove the SSL account does nothing. Remove the old certificate to keychain does nothing.

  It is a valid, rather than a self-signed certificate.

  So while I'm reconfigure everything on a real email client, anyone happen to know how to solve this problem? Every solution proposed elsewhere (other discussions, forums) do not work. Short to delete all accounts and recreate them will work hoping, this seems to be a lost cause...

  Apple, why do they hate you us so much?

  Fixed by wiping the mailbox completely...

• HPDM: HPDM replace self signed SSL certificates for server HDPM and master repository

  I am trying to replace the automatically generated self-signed certificates (issued to DM) issued by DM server HDPM and master repository.  I'm NOT arbitration FTPS, HTTPS embedded HPDM or CERT Thin Client Agent server.

  I already have CERT for the installation of our own internal domain CA for FTPS in IIS and the built-in Apache HTTPS server.  These work properly and pass tests of repository for both protocols.  I also have questions for Thin Clients of our internal CA very well.

  I am interested in the HPDM real server cert and cert master repository. These are generated automatically when the two services start.  They use a very weak MD5 hash and key RSA 1024.  I can't find any documentation around that, with the exception of troubleshooting, in which you can remove these certificates restart services and they will be regenerated.

  Here are the paths certs\key
  HPDM % install Path%\MasterRepositoryController\Controller.crt (Cert repository)

  HPDM % install Path%\MasterRepositoryController\Controller.key (repository key)

  HPDM % install Path%\MasterRepositoryController\Client.crt (HPDM Server Cert)

  HPDM % install Path%\Server\Bin\hpdmskey.keystore (Both HPDM server and repository Certs and keys) (not sure what format it is in.  It is not PEM and P12 ok I can say)

  There are also some HPDM % install Path%\Server\bin\hpdmcert.key.  Don't know what it is.  It's the key to the server HPDM but deleting it does nothing and it is never re auto generated in one of my tests.

  I am able to replace the Controller.crt and keys with my own files CA internal those emitted very well.  The service started and no errors occur.  However if I replace the Client.cert (HPDM Server Cert) with my own service will start but there are Socket SSL errors in repository logs and the HPDM server could not connect to the master repository. I have no idea where the key file is supposed to be for HPDM Server Cert.

  Can anyone help with this?  I can't find the configuration files for the service to generate their own certificates.  If I did I would try at least to change the config to do not use MD5.

  Hello

  These certiricates between HPDM server and MRC are not designed for customizable. Please submite one scenario if you have concerns of security on it.

  Just for info:

  hpdmcert. Key is for communication between the server HPDM and gateway HPDM

  hpdmskey.keystore is for communication between the server HPDM and MRC

  server_keystore is for the commhucation between HPDM server and the Console HPDM

• Red vCenter - unable to check CA (PSC) signed SSL certificate vCenter VMware

  I am trying to deploy a new Horizon view 7 based on vSphere environment 6 U2 to replace our pod 5.3 view existing. I have a Windows Server vCenter Server with separate PSC of Windows. I used the PSC signed the SSL certificate for vCenter and downloaded and added the certificate authority root for the required workstations and servers via Group Policy. If I navigate to vCenter from your desktop with CA root installed all is well on the HTTPS front. I added this vCenter Server in my environment view but it appears in red on the dashboard view. I clicked on the vcenter Server and checked the certificate, but at no time should you go green. The two connection servers have the CA root installed and if I launch a browser from the connection to the server itself, then navigate to the vCenter FQDN certificate is approved.

  Any ideas?

  I cannot create pools for this reason that the view is not currently communicate with vCenter as well and it won't let me choose a virtual machine model.

  If you need to know more details please let me know and I'll happily supply.

  Thanks in advance.

  Having re-read the Horizon view documentation 7 to confirm that I had taken the correct steps already, I decided to restart both of my new server connection, that solved the problem. My vCenter server now shows in green in the dashboard and I was able to successful deployment of desktop computers.

• How to install SSL certificates on ESXi 4.1 hosts?

  I am in a DoD environment and need to install SSL certificates for each of our ESXi hosts.  I may have missed it, but the only one of the official instructions, I can find are for vCenter (Windows).  These must be installed on the current host.

  I have the two Base64 as the pkcs7 (p7b) formats, but prefer to use the pkcs7, since it covers the complete certificate chain (which is important, because DoD case are not part of the standard certificate store).

  Instructions/advice would be much appreciated!

  Hello

  Take a look at page 147:

  http://www.VMware.com/PDF/vSphere4/R41/vsp_41_esxi_server_config.PDF

  The chapter "Replace a default with a CA-Signed Certificate" is what you are looking for

  Concerning

• Impossible to get websites to use respective SSL certificates

  Mac OS 10.10.5

  Server 5.0.15

  I have a question where the default web site ("Server (SSL) Web site" ") is in conflict with the SSL certificates for my three other SSL sites.

  The configuration of my website (Note: server IP is 192.168.1.100)

  • Web Server SSL (all IP addresses) site - cert for domain1.com (work)
  • Domain1.com (192.168.1.10) SSL - cert for domain1.com (work)
  • Domain2.com (192.168.1.20) SSL - cert for domain2.com (cert draws for domain1.com, invalid identity)
  • Domain3.com (192.168.1.30) SSL - cert to domain3.com (cert draws for domain1.com, invalid identity)

  My DNS records:

  • Primary area - Domain1.com
    • A: Domain1.com 192.168.1.10
    • NS: Domain1.com
  • Primary area - Domain2.com
    • A: Domain2.com 192.168.1.20
    • NS: Domain2.com
  • Primary area - Domain3.com
    • A: Domain3.com 192.168.1.30
    • NS: Domain3.com
  • Reverse zone - 1.168.192
    • PTR: 192.168.1.10 Domain1.com
    • PTR: 192.168.1.20 Domain2.com
    • PTR: 192.168.1.30 Domain3.com
    • NS: Domain1.com
    • NS: Domain2.com
    • NS: Domain3.com
  • Reverse zone - 100.1.168.192.in - addr.arpa
    • PTR: 192.168.1.100 server.domain1.com
    • NS: server.domain1.com

  Whatever the cert is selected for the default Web site apply to all SSL Web sites. The only way I can force everyone to use their respective certificates is to set the IP address of the Web site to be the same as the IP of the server (in this example 192.168.1.100). It works, but which prevents the work Profile Manager.

  I'm 99% sure that I have my DNS configured correctly (right now all a records point to 192.168.1.100 as a temporary solution), but I'm willing to take another look, if someone has a suggestion clearly and concisely. Ideally, each DomainX.com would have an IP de.10.20 et.30.

  So how can I do all three Web sites use different IP addresses AND their respective certificates? Is this possible?

  (I appreciate any suggestion at this stage. This question is impossible to find an answer anywhere on the internet after about 9 months of research).

  Solution for someone who comes looking for this problem!

  After talking to the Apple Enterprise support:

  The site services will assuming that you only have one certificate for all Web sites. Unless you want to really roll up your sleeves and get down and dirty with the Apache configuration files, you must have a valid certificate for all areas, you use AND give each site its own IP address.

  When configure you your certificate, the host name must look like this:

  Server.Domain1.com (this is the name of your common)

  *. Domain1.com

  *. Domain2.com, etc..

  I used a StartCom certificate class 2 IV SSL ($ 59 / year).

  Then, assuming you know how to import a verified certificate, use it for all services that need and all the websites you want course (why wouldn't you use https, anyway?)

• Cisco ACS 5.4 Support Wildcard SSL certificates?

  Greetings,

  Is getting ready to order a SSL certificate for my ACS 5.4 newly installed, and before I did that I want to check if 5.4 ACS supports Wildcard SSL.

  Someone help me with this?

  Thank you!!!

  Chris B.

  Hi Chris,

  ACS 5.4 still does not support wildcard certificates.

  Regrads

  Anubhav Gupta

• 11 GR 2 Grid Infrastructure manual start/stop in clustered environment

  Hello

  I have installation 11 GR 2 grid in both a stand-alone environment and a cluster environment and I am looking at some differences regarding post-market manually in these two environments

  In the stand-alone environment, manually stop really just composed of-

  ASM - stop I would use generally "srvctl stop asm ' to do

  Stopping HAS (Oracle Restart) - using "crsctl stop at".

  Would be just the reverse of these

  However things in the clustered environment seem to be a whole different kettle of fish!

  First of all I appreciate this start manual switch of ASM and Cluster resource (in stand-alone environments and Clustered) is not really essential for the operation on the day the day (it's really for food issues) and a server startup or stop will do the necessary start / stop services - so somehow this manual process is a bit contrived for the race on the day the day

  Q1. Given that there are so many different levels of process / demons for the clustered environment - is there still a viable manual start for 11 GR 2 GI procedure in a clustered environment?

  Any help in identifying the manual order to start / stop would be appreciated?

  Thank you

  Jim

  Hello

  You can stop/start the cluster and all resources with "crsctl stop/start crs. There is no need to manually stop the asm, it will be managed by clusterware, as well as the dbs, auditors, etc.

  You can use "crsctl stat res t ' for an overview of the resources managed by the crs.

  "crsctl stat res ora.your_dbname.db Pei" gives you detailed information about the resource, including the start and stop option. Regularly, this should be the immediate mode for the dbs, if you're fine with this mode of closure you can simply use crsctl stop crs to stop everything on a single node.

  Concerning

  Thomas