Troubleshooting: Apache – SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

When restarting Apache, the following error message may appear: [error] mod_ssl: Init: (www.symantec.com:443) Unable to configure RSA server private key (OpenSSL library error follows) SSL Library Error: 185073780 error:0B080074:x509 certificate routines: X509_check_private_key: key values mismatch OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch Cause: This error occurs when the incorrect private key (.key) and or publick key (.crt/.pem – SSL Certificate) files are selected in the configuration file (https. conf or ssl.conf) Solution: You must use the same private key that was used for CSR generation when you enrolled for your SSL Certificate. Your SSL Certificate is derived from that same private key and will only work for with that single private key. To resolve this issue, specify the correct private key for […]

Read More

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy. They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address. Please help me with what they should get. Can my customer buy one single Wildcard […]

Read More

Troubleshooting: Exchange – Unable to open OWA, ECP, or EMS after a self-signed certificate is removed from the Exchange Back End Website

Consider the following scenario when you are using Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016: You remove the Microsoft Exchange Self-Signed certificate from the Exchange Back End Website by using Certificates MMC, Remove-Exchangecertificate, IIS Manager or another method. You clear the IIS cache by restart or IISReset. You are installing a new SSL Certificate to your Exchange system. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. The following issues may occur: OWA and ECP display a blank page. ActiveSync users cannot receive emails. Exchange Management Shell will cannot connect and displays the following Error: New-PSSession : [dc.local.mcrlegal.com] Processing data from remote server dc.local.mcrlegal.com failed with the following error message: […]

Read More

ASK SSL Support Desk – Where can I get a Base64 encoded .cer format certificate?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: I need a Base64 encoded .cer format certificate to Import into my Websense proxy server. Where can I get that? Short Answer: That is just a regular x509 certificate with a .cer extension. In the world of Public Key Infrastructure (PKI) there are many different file formats. The following are the major ones. pkcs#7/P7B x509/PEM pkcs#12/PFX/P12 x509/PEM Format: The PEM format is the most common format that Certificate Authorities (CA) issue certificates in. PEM […]

Read More

ASK SSL Support Desk – Why Can I not Create a PFX From a Citrix Netscaler?

What is Ask SSL Support Desk? It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community. Question: I’m trying to create a pfx file for wildcard cert *.example.com in Citrix Netscaler but I am Failing to do so. Ive crosses checked with the following directions. What am I doing wrong? https://www.digicert.com/csr-creation-ssl-installation-citrix-netscaler.htm#netscaler_vpx_create_csr Short Answer: That is because Citrix Netscaler cannot create pfx files. Netscaler cannot Create pfx format files. It creates pem apache format. Netscaler systems do on the other hand have the ability to import a pfx file, but that pfx […]

Read More

Website Malware: How to Find Unidentified Malicious Code?

There are a lot of malware scanning services out there that will report any malicious code associated with your website. Some malware services will only report the problematic malicious code, and other services such as Sitelock provided by Acmetek Global Solutions take malware scanning to the next step and will actually remove the malware from your website automatically. If you do not have Sitelock then you will have to manually remove the code yourself. Hopefully this article can help enlighten admins on the general idea of what to search for when manually removing the code to secure your website. Here is The Scenario… You received a notification from a malware scanning service such as the Norton Malware Scan that comes with […]

Read More

Understanding DDoS Attacks & The Tools to See Them.

Distributed Denial-of-Service (DDoS) attacks are not a new concept, but they have proven to be an effective way of devastating targeted companies. As the name implies, DDoS is an attempt to deny a service to legitimate users by overwhelming the target with activity. The Gaming, Media, and IT services industry are typically targets for such attacks, but that is not to say that Government or Financial are not within the scope. What Is a Denial of Service Attack? A DoS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able […]

Read More

How To Verify a Digital Code Signing Signature In Windows.

To verify and check the digital signature of the signed application you can perform the following on any Windows system. From a Windows operating system: Right click the file the main executable file (.exe), select Properties > Digital Signatures. Under Signature list, select the Signature, and click Details. You will see information regarding the Code Signing certificate that was used to sign the executable. Under Countersignatures within the General tab, it will list an entry for a timestamping. If this field is blank, no timestamp exists on this code. For more information, refer to Microsoft knowledge base at: http://msdn2.microsoft.com/en-us/library/z045761b(VS.80).aspx How to Check Your File or Any Applications Signature Using the Digicert Certificate Utility for Windows – Code Signing. Downloading the Digicert Certificate Utility: On your Windows server or […]

Read More

Troubleshooting: Unsupported Protocol – ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Not all browser related errors are associated with SSL Certificates. Many are due to server configurations that set up communication between the website/server to the clients browser. Different browsers will showcase errors differently. But ultimately the troubleshooting process regarding these errors are the same. What is a Protocol or a Cipher? Protocols and Cipher Suites are the actual communication language that performs encryption. When the browser and the server/website communicate they are require to speak the same language. If a server is not configured to use the languages that the browser wants to use then both the browser and the server will not be able to communicate. This results in a communication failure. Errors typically seen pertaining to protocols & […]

Read More

Troubleshooting: SSL Certificate Browser Errors

Troubleshooting SSL Certificate Web Browser Errors can vary depending on its cause. The following warnings are presented by web browsers when you access a site that has a security certificate installed (for SSL/TLS data encryption) that cannot be verified by the browser. Typically this is from a self signed certificate created by a server system for default encryption. Examples Microsoft Edge: “This site is not secure. This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.”   Internet Explorer: “The security certificate presented by this website was not issued by a trusted certificate authority.” Firefox: “The owner of selfsigned.websecurity.symantec.com has configured their website improperly. To protect […]

Read More