Using MS CA issued certificate

Similar Questions

• Firefox wrongly think that my site is using an invalid security certificate... clues?

  I recently installed a security certificate on my site.
  I tried different controllers of ssl and certificate seems fine.
  Firefox, however, don't like him and displays a warning page that says:

  www.Academi.pl uses an invalid security certificate.

  The certificate is not trusted because the issuer certificate is not approved.

  (Error code: sec_error_untrusted_issuer)

  This happens on Windows, Mac and Linux computers in my office.
  I also received a number of reports from users of the site who are experiencing the same problem.
  It seems that the problem does not occur in firefox 7.x, but I have to check properly.

  Anyone know a solution to this? I tried to remove the certificates manually in preferences, but it did not help.

  It worked for me! I had given up everything, but when I received this reply in my inbox this morning. I was skeptical at all first, think something so simple could not possibly solve all my problems... He did! Sometimes simple is best. Thank you all for the answers and help for this problem!

• I have a Proxy Server that uses a self-signed certificate, and I can't accept this certificate from Firefox

  I have Firefox installed 37.0.1 on OpenSuse 13.2. I have a proxy server that uses a self-signed certificate, and I tried to add my certificate to the list of authorities and to check all the option displayed to be wz trust no chance.

  I tried to restart firefox, but it did not help.

  I did the same steps in chrome and it works fine.

  appreciate any help.

  After removing my .mozilla in my home directory. Add the certificate to the list of authorities in fact work.

• Unable to connect to SMTP using TLS with a certificate self-signed on OSX 10.10.1 (T31.3 & 24.6)

  I can't connect to my server SMTP with TLS on port (send 465 or 587 / 995 receive) using Thunderbird 31.3 or my OS X 10.10.1 24.6 (Didier) MacBook Pro.

  However, I am able to send and receive mail from the same account on my Windows 7 machine using Outlook 2007, using the same settings I configured in Thunderbird. I added the certificate etc.

  http://img.Photobucket.com/albums/v631/Napoleon_BlownApart/ScreenShot2014-12-16at121323pm.PNG (Taken when using 24.6)

  I am the admin of the server and the password and other settings on the side Server are correct! (I'll take a look at the evolution at the same time. I am already back to an earlier version of Firefox because of sloppy coding and broken features).

  Any ideas?

  If the server name is a secret, how you expect to receive mail. Please, we have pretty bad without guessing. Seriously what you are done using a self signed certificate, they are free by https://www.startssl.com/

  My guess is it of OSX who dislikes the self-signed certificate, how Thunderbird to deal with Windows. As you have a copy install Thunderbird and see if it is a question of OSX.

• Attribute points to the quiz slides using Pools of issue Manager

  Is it possible to assign the points must be reported to a slide when you use Pools of issue Manager?

  If a slide, for example, has 10 points, and another slide is 5 points, when they are both added to a question pool, make loose them their initial number of points and get assigned some number of points chosen when a random slide is added to the pool?

  I hope someone can clarify. Thank you.

  I just checked in Captivate 5 and it seems that the notation is associated to the Question pool, not inserted at random Question slide slide.

  If you are trying to achieve a result where the difficulty of the question has equaled the number of points awarded for doing things, you may need to put in place a number of question pools.  For example a pool of easy questions, another of medium difficulty and a third for really difficult.  Assign points 1 or 2 by default to the easiest, perhaps 5 for medium and 10 points for the hardest.

  That's what I do in fact.

• issue certificates of 802. 1 x authentication and X 509

  Hello

  Can someone please help me with the following question:

  First off I am a guy from Windows Server/PKI/AD etc. rather than CISCO, even if I have a CCNA :)

  I take care of PKI to my company and will work with the team CISCO that are the introduction of CISCO's ISE, we will use X 509 CERT on the suppliants (desktop/laptops Windows computers mainly)

  What I want to know is something pretty basic, but I saw not written anywhere

  Question 1:

  First stop, I guess it's the AAA (ISE) server is the entity that verifies the pleading certificate X 509, rather than the AP (access wireless router for example point)? is that correct

  Question 2:

  As supplicants X 509 certificate is public (for example, it is not secure and anyone can ask what it is normal) I guess the AAA server must encrypt a (random number for example) value with the public key of supplicants (of the X 509 cert) then send this value to the supplicant by which the supplicant decrypts with its private key (that no one else has as usual). Then the supplicant figure the value even with servers AAA public key (which is held in servers announced AAA X 509 cert) cela send on the AAA server and once that deciphers AAA server (with its private key) if the value matches the value originally sent to the supplicant then the AAA server can continue with authentication etc.

  The above assumption is correct?

  If the above is correct, not ISE always act like that or can you lower the security and get just the ISE server to check whether he trusts the issuer of the certificate (CRL does OK) the pleading X 509 Cert and not bother to send the encrypted packet as described above (this of course would ensure not begging-1 is actually "supplicant" - 1).

  Thank you very much in advance

  Ernie

  Answers:

  1 - Yes, ISE verifies the certificate presented by the device of end-user (begging) against his PB of authority certificate TRUSTED internal to import in ISE root and intermediary certificates where you use CA non-public servers (this is my case for EAP - TLS) such as Verisign, Entrust, etc. UNFORTUNATELY, ISE allows you only to have 1 cert for the use of EAP in the list (PEAP, EAP - TLS, etc.), which means that you CAN not EAP - TLS and PEAP running on different SSID. The problem is now that Entrust for example use an intermediary called L1K Entrust which is not included in trust for the devices Apple and Win 7 CA. This causes a certificate not approved for IPADs warning then you need to trust this certificate but for Win 7 features the PEAP TLS Tunnel, Setup will fail if the connection cannot be established if you uncheck "VALIDATE SERVER" on Win 7 for this SSID profile.

  2 - you can create a condition that validates the issuer cert but the authorized Protocol is EAP - TLS or PEAP so that the actual process for one of these protocols, based on my understanding is actually. For example, Protocol PEAP, the configuration of the TLS Tunnel is the 1st step, so once the configured secure tunnel then the inside MSChapv2 + EAPOL is performed and finally the data passes through the tunnel

• ThinPro 4.3 - Citrix Receiver 13 - use HPDM to install certificates?

  Hello

  I have an existing environment of about 1200 of the T610.  and we are migrating to a new citrix farm.  on customers now receiving light is 12.  I'm moving to Citrix receiver 13 and install new certificates.

  Is it possible to install certificates using HPDM?  I tried options command line with "high-cert-mgr", but for some stupid reason, he began as a script of hpdm because he needs an x environment.

  I tried to copy them down to the thin client, putting the new cert in the directory/usr/lib/ICAClient/keystore/cacerts and run c_rehash on the directory, but I always get the certificate error.

  What I am doing wrong, everybody has it works?

  Thank you in advance for your help!

  Best regards, Fred

  I thought about it.

  Am I missing something basic?  is there an easier way to do this?

  You must copy the certificate to PEM format in 3 locations (with the extension .crt)

  / Writable/usr/lib/icaclient/keystore/cacerts / *. CRT

  Writable/home/user/.freerdp/certs/*. CRT

  / Writable/usr/local/share/ca-certificates / *. CRT

  Then, you create a link in/writable/etc/ssl/certs (with the .pem extension) of the cert file located in

  / Writable/usr/local/share/ca-certificates

  Then, you need to run

  / writable/etc/ssl/certs c_rehash

  in a work order.

  complicated to say the least.

  Am I missing something basic?  is there an easier way to do this?

  Thank you

• What everyone uses for an SSL certificate on the wireless controller?

  If I use the SSL certificate generated locally on my WLC Internet Explorer always shows the "untrusted cert alert" when users try to authenticate through the web interface. What can I do to fix this do I need to buy a cert? If so where is the best and the best place to do this? GoDaddy? Also, I bought one for my mail server and had set a domain during the process name. What should I use for my WLC? The URL during the authentication process web show https://1.1.1.1

  RapidSSL is your best bet. It is less than $90 for 1 year with renewal and insurance. 5 years is like $ 380. GoDaddy will not work because they use chained certificates.

  On the VIP, you enter the DNS domain name as what you used on the certificate CN when generating a csr. Of course, you have to solve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Restart the wlc and your done.

• 8.4 ASA using NAT VPN issue.

  Hello

  I'm working on a customer site and they have a problem with one of their VPN (we have other works well), but it is a major issue and I think it's because we use manual NAT and NAT of the object on the same server for different things.

  Traffic between indoors and outdoors:

  It works with a specific manual NAT rule of source from the server 10.10.10.10 object

  Inside

  SRC-> DST

  10.10.10.10-> 1.1.2.10 1.1.1.10-> 1.1.2.10 SNAT = VPN =-> 1.1.2.10 1.1.1.10 1.1.1.10-> 1.1.2.10 <3rd party="" fw="">

  It works with a specific using the NAT on the server of 10.10.10.10 object

  Remote

  SRC-> DST

  1.1.1.10-> 1.1.2.10 1.1.1.10-> 1.1.2.10 <3rd party="" fw="">= VPN =-> 1.1.2.10 1.1.1.10 1.1.1.10-> DNAT 10.10.10.10

  If we have the manual NAT and NAT object it does anyway.

  So the question is (as I am new to zip code 8.3 ASA) should not mix the 2 types of NAt and look at configuring it all with manual NAT or NAT object?

  With the NAT object out it does not work as it is taken in ouside NAT inside all:

  Dynamic NAT (inside, outside) source no matter what interface (this NAT to 1.1.1.1 then does not match the card encryption for VPN)

  and I tried a no - nat above that, but that does not work either.

  Straws and hugging come to mind try to configure a different config. Any pointers in the right direction would be great.

  Kind regards

  Z

  Hello

  I'm not sure that installing even with the explanation. Each NAT configuration I did for VPN used Section 1 Manual / NAT twice.

  You have configured the rule by default PAT that you use as Section 1 NAT rule. NAT rules in the new software are divided into 3 sections

  • Section 1: Manual / twice by NAT
  • Section 2: Purpose NAT
  • Section 3: Manual / double NAT (moved to section 3 using the setting "auto after")
  • The Sections are passed by from 1 to 2 and 3 in order to find a match.

  You should also notice that the Section 1 and Section 3 NAT has "line number" similar to the ACL parameter type. So if you have a default existing PAT rule configured for Section 1 and just add another Section 1 NAT rule without line/order number (VPN NAT) then it will just fall under the existing rule, making the new useless rule.

  I would advice against the use of the rule by default PAT as Section 1 NAT rule. Finally, this means that you be constantly watch and edit its configuration when you try to configure more specific rules.

  As a general rule 3 of the Section the PAT above default configuration would be the following

  NAT (inside, outside) after the automatic termination of dynamic source no matter what interface

  This would mean that you need to remove the old. That would mean as naturally as the change would temporarily dismantling all the current connections through "inside", "Outside" while you change the NAT rule format.

  If after this configure a NAT twice to the VPN (wihtout the setting "auto after"), it will be the rule in article 1 while the default PAT will be Section 3. Of course, Section 1 will be matched first.

  I'm not quite sure of what your setup of the foregoing have understood.

  You're just source NAT?

  I guess that the configuration you do is something like this?

  network of the LAN-REAL object

  10.10.10.0 subnet 255.255.255.0

  purpose of the MAPPED in LAN network

  1.1.1.0 subnet 255.255.255.0

  being REMOTE-LAN network

  1.1.2.0 subnet 255.255.255.0

  NAT static destination of LAN LAN-REAL-MAPPED Shared source (indoor, outdoor) REMOTE - LAN LAN

  If the network 1.1.1.0/24 is supposed to be one that is connected directly to your "external" to the format interface may need to be anything else.

  -Jouni

• Signing in Adobe Reader using XI signed with certificate grayed out

  
  We recently released Adobe Reader XI, we use internally an integrated Adobe Acrobat Microsoft Certificate Server to digitally sign pdf documents using digital certificates, this works on Adobe Acrobat Standard for XI.

  However it seems that Adobe reader has the options under sign > "works with certificates" but everything on the Menu shows greyed out. Are there settings that must be enabled for this make it functional?

  Hi bossombritto,

  Please see the links below, can be a great help:-

  • Impossible to sign documents with certificate (sign and send a PDF file)
  • signature of place use a certificate in gray (Acrobat Reader)

  Kind regards
  Nicos

• Re-use of vCenter SSO certificate

  I was banging my head against the deployment of the single sign-on with my installation of vCenter 5.1 certificates.

  I think I finally have a handle on how to do it using the SSL automation tool.

  So what I wanted to do was blow up all my servers and reinstall all.  I wanted to reuse the certificates that I have already created.

  I think that if I use the same IP address and host name I should be fine.  I'm going basic here?

  There will be no problem as long as CN has the FQDN of the server and the domain OR something that is unique for the SSO service. Just install the servers and redeploy certificates that you are used to.

• with respect to its use and the issue of time to watch on the iphone 6 s

  Hi, I'm a bit confused about the use and timing standy on 6 s 16 gb iphone. so my request is as follows: -.

  1.) after charging my iphone 6 s, 100%, I use it non-stop Messaging on whats app, Yearbook, online, twitter, without interruption. However, I don't watch the videos on you tube. Also my opinion, all location-based services are turned on. so in this case when I use it non-stop, the battery is going for almost 8 hours. so, it is normal that the battery to last for 8-9 hours when the phone is used non-stop.

  Thank you...

  prospects for an immediate response

  PAL Mickey
  

  
  

  Hello

  It seems ok to make battery last another 2/3 hours go into settings

  Disable Apps refresh also Bluetooth so do not use.

  See you soon

  Brian

• External display using Vision Switcher issues

  * Original title: external display issues

  Hi all

  I have problems with external screens.

  First of all:

  Windows 7 pro

  ATI Radeon HD 5450

  I need to be a source of the computer, a switch of vision vision. When I plug the changer (after that I got the computer, so that the true monitor displays already) the computer goes into double mode with the secondary monitor displaying only. It is, the mixer is the second monitor, and the switch does not display the vision (I go to black magic for this part of the problem).

  Unfortunately, windows + P does not change the external display settings.

  Windows + P changes display settings when I have two different monitors connected (not the selector).

  Until I plug in an external display, is there a way to force the computer to always mirror appears with two monitors output? Note that I plugged a second true monitor and changed the mirror screen and the display of these two. When I put the selector, he returned to display only mirrored, high school.

  Or y at - it a keyboard shortcut to switch the primary and secondary monitors around? Or if I could write a macro?

  Just to say it again - I do not see the computer where no matter what windows.

  Thanks in advance!

  Hello

  I understand the inconvenience caused. Let me help you with the issue.

  This could be a problem with the display settings. I suggest you to this first set the primary monitor as the primary monitor. Follow the steps from the link http://windows.microsoft.com/en-IN/windows-vista/Change-display-settings-on-multiple-monitors.

  Connect the switch, then check if the problem persists. If the problem persists, then update your drivers for your adapter display card on the Web site of the manufacturer and the device and check if it helps.

  Just reply with the results and we will continue to help you further.

• Management of memory using integrated Capture issues

  Hello

  I have several questions about memory management using integrated Capture process.
  

  
  

  My env is:

  Oracle Database 11.2.0.4 with the parameter enable_goldengate_replication = true.

  Version 11.2.1.0.3 OGGCORE_11.2.1.0.3_PLATFORMS_120823.1258 14400833

  Windows x 64 (optimized), Oracle 11 g on August 23, 2012 16:50:36
  
  

  
  Using it integrated capture on 11.2.0.4 environment mode, the capture process fails with the error:

  ERROR OGG -02050 not enough memory to honor required database MAX_SGA_SIZE 128.

  
  

  Le parameters are:

  TranlogOptions IntegratedParams () max_sga_size 128)

  
  

  I put the parameter l MEMORY_TARGET to 1.5 GB.

  The way of rethink the role the problem is to set the STREAMS_POOL_SIZE to at least 128 MB and the process already began.

  However,.

  I have several questions about the This behavior:

  1. why not GG dynamic memory pool streamsS value?

  2. If there is no pressure on streams_pool memory, the system would be able to allocate more dynamic memory?

  3 How you can determine If assigned to a procedure of collection of memory is enough?

  Any changes to the level 12 c?

  Thank you very much.

  Arturo

  Hello

  See the link below...

  http://www.Oracle-SCN.com/?p=195

  Kind regards

  Veera

• The use of rights issue

  I am a contract employee who want to use an image of stock adobe for a companies Web site. Is it legal. The company is a commercial company, and it will be on their index page.

  Here's the deal: http://wwwimages.adobe.com/content/dam/Adobe/en/legal/servicetou/Adobe_Stock_Terms_en_US-2 0150313_hpc.pdf