I’m importing a SSL certificate to use in Tomcat in my keystore using keytool and it fails with “Public keys in reply and keystore don’t match” Problem might be declared by the fact that I created a new keystore after I accidentaly removed the old keystore file which I used from my CSR. Now I received a .crt file and a .ca file. What’s the best way to make SSL work under tomcat in my [...]

We have this topology in our company : A new rule says that each document being sent by outlook should be encrypted. we decided using PGP. We already have a certificate ( self signed). the problem is this : john and paul install the certificate . john encrypt using the public key. and send the pgp file to paul. paul need the private key in order to open it ( +verify it). but wait ! [...]

After reading a while , Im trying to understand what kind of certificates will be found at : Personal Other People Trusted Root Certicfiation Authorities will personal will contains only private keys ? I’m a bit confused. What about certificates which arent trusted and I manually trust them , where will they be ? Also , Why do I only have the CurrentUser Tab in my computer ? where is the local computer tab ? [...]

(Please note: this question is one of many “why don’t you just try it?” questions. I certainly will, but since I haven’t found an obvious answer by googling, I thought I might as well make it easier for someone who might need this later by asking on ServerFault) My web application is served over HTTPS behind some load balancers and allows users to authenticate using client certificates in some cases. Now I’m being asked whether [...]

Have an issue where I have installed new certificates on Centos 5 and modified the conf file for the following lines: SSLCertificateFile /etc/pki/tls.certs/name.crt SSLCertificateKeyFile /etc/pki/tls/private/name.key SSLCACertificateFile /etc/pki/tls/certs/group.ca-bundle But everytime i start the httpd service i get the following: > sudo service httpd start > Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog) > Some of your private key files are encrpyted for security reasons. > In order to read them you have to provide the pass [...]

I am trying to add https to the embedded devices I am working on. These devices are generally assigned local ip addresses and so cannot get their own ssl certificates. So essentially my question is how does one get a certificate for a device without a global ip address?? Assumptions: Browsers won’t trust certificates unless they’ve been verified by a trusted CA. However you can only get a verified certificate for a globally unique domain. [...]

I’m using Windows 7 and the Servers are Windows 2008 R2. So far there are at least 4 Servers that show this behavior. Sometimes I get a warning when trying to connect via RDP stating the certificate name is wrong. When I reboot the server this warning disappears. After a reboot or maybe 2 or 3 the warning shows again. I always connect using the hostname only. When the warning is shown, single sign-on does [...]

I’m trying to find-out how important the “ID type” for a SSL certificate is. I’m trying to generate a cert from my firewall to upload to a CA, but having trouble deciding if I should choose an IP, a domain name, or email for the ID Type (subject information). Any insight to choosing which one would help (particularly if there is a best practice for VPN SSL certificates). Asked by mrtechalot Most likely you’ll want [...]

I need to setup a deployment script that imports an SSL certificate that my service uses. I have tried importing with WinHttpCertCfg and with CertMgr to no avail. Here are the command-line arguments I have tried to use with both: winhttpcertcfg.exe -i <certname>.pfx -c LOCAL_MACHINE\My -p <password> -a <user service runs as> and CertMgr.exe -add -all -s -r localMachine -c <cert name> My It seems from what I have investigated that CertMgr does not allow [...]

I’ve got GlassFish 3.1.2 installed on Linux CentOS 6.2, but it’s fronted by Apache web server version 2.2.21 using mod_jk. That is, all traffic to GlassFish passes through Apache port 80 via mod_jk. Now I need to support an HTTPS (domain name) with a certificate purchased from a third party (not sure who yet) for pages served by GlassFish. Do I need to install the SSL certificate’s in GlassFish, or Apache Web server, or both? [...]