Microsoft AD FS SSL installation Instructions

Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. AD FS extends the ability to use single sign-on functionality that is available within a single security or enterprise boundary to Internet-facing applications to enable customers, partners, and suppliers a streamlined user experience while accessing the web-based applications of an organization. SSL Installation steps: a. Using the DigiCert Certificate Utility to Import the SSL Certificate to Your AD FS Server After we validate and issue your SSL Certificate, you can use the DigiCert® Certificate Utility for Windows to import the file to your Microsoft Active Directory Federation Services server. On your Windows 2012/2012R2 AD FS […]

Read More

How to install SSL certificates on Mac OS X Mavericks Server & Yosemite Server

Apple OS X Mavericks is version 10.9 of the OS X computer operating system. New features in OS X Mavericks include inactive memory compression, enhanced support for multiple displays and iCloud Keychain, a built-in password generation, storage and security application. OS X Mavericks debuted at Apple’s Worldwide Developer Conference in June 2013. Mavericks is named after a famous surfing location in Northern California. It is the first version of OS X that is not named after a type of cat; previous versions included Mountain Lion, Snow Leopard and Tiger. The first version of OS X, Cheetah, debuted in 2001, replacing the original Macintosh operating system, Mac OS. Installation Steps: Open the ZIP file containing your SSL Certificate and save the […]

Read More

CSR generation instructions on Mac OS X Mavericks Server & Yosemite Server

Apple OS X Mavericks is version 10.9 of the OS X computer operating system. New features in OS X Mavericks include inactive memory compression, enhanced support for multiple displays and iCloud Keychain, a built-in password generation, storage and security application. OS X Mavericks debuted at Apple’s Worldwide Developer Conference in June 2013. Mavericks is named after a famous surfing location in Northern California. It is the first version of OS X that is not named after a type of cat; previous versions included Mountain Lion, Snow Leopard and Tiger. The first version of OS X, Cheetah, debuted in 2001, replacing the original Macintosh operating system, Mac OS. Steps: Open the Server App. In the Finder window, under Favorites, click Applications […]

Read More

Install your SSL Certificate on Lync 2010

Introduction: Microsoft Lync 2010 combines instant messaging, VoIP calling, live meetings, and videoconferencing, but it’s more than the sum of these parts. Although Lync integrates with almost any PBX, it puts the PC at the center of communications so effectively that it could send your current phone system packing. Lync provides clear VoIP calling and crisp videoconferencing without requiring special network accommodations. It integrates with Microsoft Exchange, Microsoft SharePoint, and Microsoft Office, bringing user presence information to Outlook and SharePoint team sites and allowing instant messages and phone calls to be initiated with a click. Installation steps: On the Windows Start menu, click All Programs > Microsoft Lync Server 2010 > Lync Server Deployment Wizard. In the Lync Server 2010 […]

Read More

Steps to generate CSR on Lync 2010

Introduction: Microsoft Lync 2010 combines instant messaging, VoIP calling, live meetings, and videoconferencing, but it’s more than the sum of these parts. Although Lync integrates with almost any PBX, it puts the PC at the center of communications so effectively that it could send your current phone system packing. Lync provides clear VoIP calling and crisp videoconferencing without requiring special network accommodations. It integrates with Microsoft Exchange, Microsoft SharePoint, and Microsoft Office, bringing user presence information to Outlook and SharePoint team sites and allowing instant messages and phone calls to be initiated with a click. Lync 2010: Generating a CSR On the Windows Start menu, click All Programs > Microsoft Lync Server 2010 > Lync Server Deployment Wizard. In the […]

Read More

How to Install Your New Code Signing Certificate Into The Digicert Certificate Utility

After you have enrolled for your Code Singing Certificate using a CSR generated from the utility you will then have to Import/Install the Code Signing Certificate after it gets issued. The CA should give you a pkxs7 format certificate also known as a .p7b. The way they give you this certificate will vary. Save and move this .p7b file to the system where you have created the CSR using the Utility on. To complete and install your  Code Signing Certificate perform the following. Run the Digicert Certificate Utility by Double-clicking the DigicertUtil.exe. In the Digicert Certificate Utility, Click Code Signing. Click Import. In the Certificate Import window click Browse.. and Open to specify the location and path of your Code […]

Read More

Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

SHA-1 or SHA-256 for Windows kernel-mode Code Signing

Problem Windows Vista and Server 2008 trigger a security warning for code running in kernel mode if the code was signed with a SHA-256 Authenticode certificate. The current workaround is to use a SHA-1 certificate. However, SHA-1 is being deprecated. Patched versions of Windows 7 and newer versions of Windows operating systems will trigger a security warning for code signed with a SHA-1 certificate after December 31, 2015. Certificate Authorities such as Symantec/Digicert state that they will still issue out SHA-1 Code Signing but “SHA-1 Code Signing certificates have a max expiration date of December 30, 2019.” and will be discontinued there after. Patched Windows 7 and newer versions should be unaffected. Kernel-mode code that is signed with a SHA-256 […]

Read More

Web Browsers Now Marking HTTP sites “Not Secure”

Web Browsers have now started marking HTTP sites as  ‘Not Secure’ with release of Chrome 68+. For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Lately at SSL Support Desk – Acmetek we have been getting a lot of clients coming across a “Not secure” message on their website even after installing an SSL Certificate.  Causes: Now with Chrome demanding that everything be in https admins must forward all traffic on websites to https. Non https encryption sessions will show the “Not Secure” message within a Chrome […]

Read More

Troubleshooting: Apache – AH02238: Unable to configure RSA server private key

When restarting Apache, the following error message may appear: Error: AH02238: Unable to configure RSA server private key Cause: This error occurs when the incorrect private key (.key) and or public key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for the certificate. To verify that the certificate and private key math, open the httpd.conf or ssl.conf file in a plain text editor. […]

Read More