I bought a wildcard ssl from Comodo and created the CSR with one of our IIS7 web servers, but now I have been tasked with installing it on a Tomcat server which is not using the Native APR instead running on Java (JSSE). I know I have to create a JKS file with my keystore using the keytool command, but doesn't that just force me to create a new CSR? How can I import the .pfx file into Tomcat with the keytool command?
This source may help you to import the .pfx file into Tomcat - http://mail-archives.apache.org/mod_mbox/tomcat-users/201203.mbox/%3C25624903.96.1332766032984.JavaMail.daniel#cleveland%3E
Related
After following some instructions to Export Configuration from a 2008 server, IIS 7 to a 2019 server, IIS10 IIS on the 2019 server no longer works.
It's pointing at the 'Import' folder, which is where I placed the config files exported from the 2008 server.
I don't know how to reset the IIS 10 instance to just be a clean, normal edition and start from fresh.
I currently receive the message:
Failed to connect
Filename: ...Config\Import\administration.config'...
Error: The configuration section 'moduleProviders' cannot be read because it is missing a section declaration.
I want it to be looking at ...Config, not ...Config\Import.
I found that Disabling the IIS Shared Config did the trick
Powershell:
C:\> Disable-IISSharedConfig
https://learn.microsoft.com/en-us/powershell/module/iisadministration/disable-iissharedconfig?view=windowsserver2022-ps
When I run that command and try to install the certificates, I always get
Enter Password or Pin for "NSS Certificate DB":
But I haven't setup a password. How can this be fixed?
This command creates and install certificates in user home directory (~) under .symfony5/certs folder. Sample of path in Windows : C:\Users\John Doe\.symfony5\certs.
You can delete the contents of the certs directory and reload symfony server:ca:install to reinstall the certificate from scratch.
Trying to publish go dependencies with jfrog rt go-publish go --self=false --deps=ALL and getting x509: certificate signed by unknown authority.
I copied a .pem file into ~/.jfrog/security/, didn't help. Not sure how to diagnose the problem.
I added the .crt file to the .jfrog/security folder and it worked.
I am implementing NGINX module LDAP on an NGINX deployment with the following package on Centos:
nginx-1.4.2-13.el6.art.x86_64 derived from a C65-Atomic repo
This is not an NGINX Plus version, so I need to deploy the module LDAP by myself. I am unable to figure out what is the exact branch/version/commit of the LDAP module to be adopted for this nginx version.
My deployment has none of these files:
nginx-ldap-auth.conf
nginx-ldap-auth-daemon-ctl.sh
... therefore it seems to confirm the LDAP module is not part of this deployment. The LDAP module git repo is located at:
https://github.com/nginxinc/nginx-ldap-auth
I'm trying to consume one HTTPS webservice in Adobe Flash Builder.
when I add the URL I get this error:
There was an error during service
introspection. WSDLException:
faultCode=OTHER_ERROR: Unable to
resolve imported document at
'https://172.21.17.235:9443/testehttpsWeb/sca/testeIOExport1/WEB-INF/wsdl/testehttps_testeIOExport1.wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target
How can I configure my client to consume the Webservice?
We will have to buy ice cream to the person that figured this out!
The solution was to import the certificate not to a JKS truststore, but to the cacarets file, in my case:
keytool -import -alias trusted1 -keystore "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\jre\lib\security\cacerts" -file c:\somepath\mycert.cer
In this case there is no need to add the:
-Djavax.net.ssl.trustStore="c:\somepath\truststore.jks"
...line on FlashBuilder.ini
An imported note is that the DNS Server must be able to translate the Web Service path by name instead of by IP, because in the installed certificate the CN mentions the Web Service server name not it's IP
Regards
Flash Builder is built on top of Eclipse. Eclipse is written in Java, and this is probably the cause of your issue. Java itself doesn't trust any SSL (it doesn't support the root CAs out of the box, nor any certificates). You have to setup a truststore to use SSL with Java.
In eclipse, this means setting up a truststore and adding it's location to the eclipse.ini. To setup the truststore, first browse in your browser to the SSL site you are connecting to, and save the certificate (usually right/left click on the lock icon and follow the steps). The you need to use "keytool" from the Java JDK to create the truststore, such as:
keytool -import -alias trusted1 -keystore c:\somepath\truststore.jks -file c:\somepath\mycert.cer
Then find your eclipse.ini (usually in your Flex Builder or eclipse folder). Add this:
-Djavax.net.ssl.trustStore="c:\somepath\truststore.jks"