We have webserver where certificate Authority webenrollment role installed and it is pointing to Issuing CA

When ever we try https://webservername/certsrv then i can able to request certificates

but when i try https://webserver<Ip Address>/certsrv then in the last step while requesting certificate the following error appears... can anyone help to resolve this

Hi

Our Active Directory  server is Windows 2012 and I am working on migrating our exchange server 2007 to office 365 through the Hybrid deployment .

I would like to install the ADFS on our Active directory sever .

Firstly If i have to install ADFS role , please let me know if i need to install the Active directory certificate services on the active directory server prior to installing the ADFS.

Secondly , i am planning to procure the SSL certificate from Trustico to install on the ADFS server,
Will i be able to  generate the certificate request CSR file on the ADFs server and send it to  Trustico to issue a signed certificate?

Or do i need to install the Active directory certificate services on the AD server and generate CSR and then send to Trustico.

I am doing this  migration for first time , Please correct  where required and let me know how to go about.

Thanks in advance.

I renewed a Godaddy SSL cert and when I install the .crt that they returned the data on the website in IIS is updated however, when I go to the site and check the SSL cert it stil has the old date. I have restarted IIS on the server but, the date hasn't updated. What do I need to do to get the SSL cert date to cjhange on the site?

currently we are having sts.federationdomain.com client asking to setup adfs.federationdomain.com

is there any chance to add this?? or i need to reconfigure it from the scratch with the new name.???

I'm trying to replace the stock certificate that vCenter uses for the web console with a local MS CA certificate so errors don't get thrown about the browsers not trusting the cert.  I have found KBs and attempted to create a cert request with the vSphere utility (vCenter is on Windows Server), then process it on a MS CA (with custom template for this vSphere cert) and then tried to install it via the vSphere utility.  It takes forever and rolls back.  I just have some questions on the fields I enter when I create the request:

It asks for Name in the first part.  Is that just an arbitrary name that doesn't matter?  Or should it be specifically the plain name of the MS server?  Or the FQDN?  Or what?

There is a part where it looks like it assumes you are using VMware based CA, and it asks for the FQDN of the VMCA.  Since I am not using a VMCA, but rather a MS CA, for this field would I enter the FQDN of the MS CA or just the name of the vCenter server?

It looks like when I try to apply the cert, it shuts down all the vCenter services multiple times?  Does replacing this cert affect anything else other than the Web-based management console?   I don't want to screw anything up by doing this.

I had this question after viewing Replacing certificate on Exchange 2010 with wildcard cert.

Team, I have a cert to expire in the coming days, I was given a new Wildcard cert, but I am not sure how to renew or replace the one that is set to expire soon...

Question - Do I simply highlight the Cert that is expiring and Select Renew Exchange Cert? or do I Import the new Cert and then assign the Services that the old Cert had to the new one?  The new Certs I was given are end in CRT...Thanks for any help you can provide

hi guys

So I am going to be installing an SSL certificate on a Linux Amazon EC2. I created the CSR on this instance so I will need to apply the SSL to it to complete the installation.

It is a wildcard SSL certificate. So then I will need to export this SSL certificate and install it on another instance and turn off the other machine. On Windows I know how to export it as a .pfx and install it on another instance, but I don't know how to do this on a Linux machine. It is an amazon EC2 instance.

Are you able to help me accomplish this? What commands do I have to run to export this and then install it again on the new instance?

Thanks for helping
Yashy

Hi guys,

I want to create a rule in IIS (server 2012/2016) that would redirect the full url from http version to https while preserving the full url.

To give you an example, let's say I have 2 domain names: domain1.com and domain2.com. I want to set up a rule that would redirect to an HTTPS version of domain2.com while preserving anything else user typed after the main domain bit.
So the rule would do this:
http://domain1.com redirects to https://domain2.com
http://domain1.com/help redirects to https://domain2.com/help
http://www.domain1.com redirects to https://domain2.com
http://www.domain1.com/help redirects to https://domain2.com/help
http://domain2.com redirects to https://domain2.com
http://domain2.com/services redirects to https://domain2.com/services
http://www.domain2.com redirects to https://domain2.com
http://www.domain2.com/help redirects to https://domain2.com/help

I know how to set up a standard redirect from HTTP to HTTPS but it redirects to the HTTPS version of domain while losing anything user typed after the main domain for example: http://domain1.com/help redirects to https://domain2.com (removes /help bit, while i want to preserve it)

The existing rule is:

<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://domain2.com/{R:1}" redirectType="Permanent" />
</rule>

Hope this makes sense and thanks very much…

I'm reviewing all of my web servers and I'm trying to figure out how to make Chrome happy with the Cipher Suites. Web Servers are Server 2012 R2 and here is what Chrome is reporting:


Now, if I take a look at another example website that does properly validate with Chrome, it looks like this as an example:


It is my understanding that google only views the GCM Ciphers are being secure, that being said I found AES_128_GCM on my Cipher list and moved it to the top, however Chrome still reports the same Cipher Suite as being used.

Can anyone give me some insight?

hi guys

I'm trying to access an apache web server that I just took a copy of. The external IP is: 34.252.113.239. If you put that into a web browser, then you literally get a 'www' put in front of that IP address.

It's a linux server running apache. I'm not a developer, but could you guide me into looking at where the actual redirect might be occurring and take it out so that putting in the external IP will redirect it to the correct place? I.e. if I put in http://34.252.113.239 then that's exactly where it needs to forward to without a www. coming in front of it.

Thanks for helping
Yashy

Here's my environment:

Windows 2012 R2 NAT'd to public via FortiGate firewall.  Running IIS7 only for FTP.
I have one client who sends files in a batch once or twice a day.  the client supplied the SSL certificate for FTPS connection and all works well, mostly.
At some point in the transmission, FTP will stop transferring files and the Windows will log System Event 36888 from Schannel.  The TLS protocol error code is 20 and the SChannel error state is 960.

Research didn't track down an exact solution, but some folks were correcting the same error codes by replacing or 'fixing' the certificate.  I had our client generate a new certificate and installed it, but the errors/disconnects continue to occur.  

File sizes are 114KB and 36KB (they come in pairs).  Today, after replacing the cert, the client sent 240 pairs - 480 individual files - and there were five SChannel reset errors logged.  Each time that happens, the client has to restart the sending process.

the OS is fully updated.

Earlier in troubleshooting, I suspected the firewall - outdated OS/old hardware - and configured the path through our new FortiGate firewall (noted above)

I would much appreciate any input you have on how to troubleshoot further or what may be the cause

Thanks!

= k =

Hi,
how can I disable HTTPS and enable HTTP on apache Tomcat?
Based on my researches I have to modify the server.xml in the root folder of apache tomcat. Must I modify the connector? how?
For my Webapplication I'm connecting to the port 8443

<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="-1" shutdown="SHUTDOWN">
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at 

Select all Open in new window

…