Install your SSL Certificate on Lync 2010

Introduction: Microsoft Lync 2010 combines instant messaging, VoIP calling, live meetings, and videoconferencing, but it’s more than the sum of these parts. Although Lync integrates with almost any PBX, it puts the PC at the center of communications so effectively that it could send your current phone system packing. Lync provides clear VoIP calling and crisp videoconferencing without requiring special network accommodations. It integrates with Microsoft Exchange, Microsoft SharePoint, and Microsoft Office, bringing user presence information to Outlook and SharePoint team sites and allowing instant messages and phone calls to be initiated with a click. Installation steps: On the Windows Start menu, click All Programs > Microsoft Lync Server 2010 > Lync Server Deployment Wizard. In the Lync Server 2010 […]

Read More

Steps to generate CSR on Lync 2010

Introduction: Microsoft Lync 2010 combines instant messaging, VoIP calling, live meetings, and videoconferencing, but it’s more than the sum of these parts. Although Lync integrates with almost any PBX, it puts the PC at the center of communications so effectively that it could send your current phone system packing. Lync provides clear VoIP calling and crisp videoconferencing without requiring special network accommodations. It integrates with Microsoft Exchange, Microsoft SharePoint, and Microsoft Office, bringing user presence information to Outlook and SharePoint team sites and allowing instant messages and phone calls to be initiated with a click. Lync 2010: Generating a CSR On the Windows Start menu, click All Programs > Microsoft Lync Server 2010 > Lync Server Deployment Wizard. In the […]

Read More

How to Install Your New Code Signing Certificate Into The Digicert Certificate Utility

After you have enrolled for your Code Singing Certificate using a CSR generated from the utility you will then have to Import/Install the Code Signing Certificate after it gets issued. The CA should give you a pkxs7 format certificate also known as a .p7b. The way they give you this certificate will vary. Save and move this .p7b file to the system where you have created the CSR using the Utility on. To complete and install your  Code Signing Certificate perform the following. Run the Digicert Certificate Utility by Double-clicking the DigicertUtil.exe. In the Digicert Certificate Utility, Click Code Signing. Click Import. In the Certificate Import window click Browse.. and Open to specify the location and path of your Code […]

Read More

Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

SHA-1 or SHA-256 for Windows kernel-mode Code Signing

Problem Windows Vista and Server 2008 trigger a security warning for code running in kernel mode if the code was signed with a SHA-256 Authenticode certificate. The current workaround is to use a SHA-1 certificate. However, SHA-1 is being deprecated. Patched versions of Windows 7 and newer versions of Windows operating systems will trigger a security warning for code signed with a SHA-1 certificate after December 31, 2015. Certificate Authorities such as Symantec/Digicert state that they will still issue out SHA-1 Code Signing but “SHA-1 Code Signing certificates have a max expiration date of December 30, 2019.” and will be discontinued there after. Patched Windows 7 and newer versions should be unaffected. Kernel-mode code that is signed with a SHA-256 […]

Read More

Web Browsers Now Marking HTTP sites “Not Secure”

Web Browsers have now started marking HTTP sites as  ‘Not Secure’ with release of Chrome 68+. For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Lately at SSL Support Desk – Acmetek we have been getting a lot of clients coming across a “Not secure” message on their website even after installing an SSL Certificate.  Causes: Now with Chrome demanding that everything be in https admins must forward all traffic on websites to https. Non https encryption sessions will show the “Not Secure” message within a Chrome […]

Read More

Troubleshooting: Apache – AH02238: Unable to configure RSA server private key

When restarting Apache, the following error message may appear: Error: AH02238: Unable to configure RSA server private key Cause: This error occurs when the incorrect private key (.key) and or public key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for the certificate. To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor. […]

Read More

Troubleshooting: Apache – SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

When restarting Apache, the following error message may appear: [error] mod_ssl: Init: (www.symantec.com:443) Unable to configure RSA server private key (OpenSSL library error follows) SSL Library Error: 185073780 error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch Cause: This error occurs when the incorrect private key (.key) and or publick key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for […]

Read More

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy. They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address. Please help me with what they should get. Can my customer buy one single Wildcard […]

Read More

Troubleshooting: Exchange – Unable to open OWA, ECP, or EMS after a self-signed certificate is removed from the Exchange Back End Website

Consider the following scenario when you are using Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016: You remove the Microsoft Exchange Self-Signed certificate from the Exchange Back End Website by using Certificates MMC, Remove-Exchangecertificate, IIS Manager or another method. You clear the IIS cache by restart or IISReset. You are installing a new SSL Certificate to your Exchange system. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. The following issues may occur: OWA and ECP display a blank page. ActiveSync users cannot receive emails. Exchange Management Shell will cannot connect and displays the following Error: New-PSSession : [dc.local.mcrlegal.com] Processing data from remote server dc.local.mcrlegal.com failed with the following error message: […]

Read More