Digicert Certificate Utility – Code Signing (Guide)

The Digicert Certificate Utility is probably one of the best certificate encryption tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. jre […]

Read More

How To Enable Or Import A Root Certifciate In Windows Systems Using MMC.

Depending on the circumstance you may be getting mixed results of browser certificate trust or for whatever reason are experiencing an issue with Cross Root Certificates or warning of not fully trusting a chaining root. Cross Root Certificate where used back in the day by some Certificate Authorities to help certificate trust to older outdated server systems, but due to liability of allowing certificate trust to these systems that practice is no longer practiced. SSL Certificates are now used to modernize and update industry standards not give loop wholes around staying secure. To bypass a Cross Root Certificate warning it is a matter of making sure a new updated root is installed on the system in question and that all purposes […]

Read More

Troubleshooting: Error: “java.lang.Exception: Input not an X.509 certificate.”

This Article consists of advanced troubleshooting to a very problematic issue that comes up with versions of Keytool when installing an SSL certificate. There can be numerous causes for this issue. By all normal means when following SSL Installation Instructions for Tomcat using pkcs7 or SSL Installation Instructions for Tomcat using x.509 the user should have a smooth installation, but user may receive the following error message. Issue: During installation of an SSL Certificate on a Tomcat/jBoss system you may get the following error using keytool: Error: “java.lang.Exception: Input not an X.509 certificate.” Causes: The cause of this error can happen for any of the following reasons. Your version of Tomcat keytool will not accept a pkcs7/.p7b format certificate. The certificate that you are […]

Read More

How To Make A Master pkcs7 Format Certificate?

Unlike a x509 (.pem, .cer, .crt) format certificate a pkcs7 format certificate will include an SSL Certificate and its Intermediate CA within its coding. Microsoft type systems utilize pkcs7 format. x509 format is usually used for Apache type systems. Majority of all CA’s will only include the SSL Certificate and its Intermediate CA within a pkcs7 format certificate. Typically roots are not required during installation, but some rare systems such as SAP, versions of Java, IBM, or some other application by design may need it. A Master pkcs7 format certificate will contain the following.. SSL Certificate (Comes standard) Intermediate CA (Comes standard) *Root Certificate* In order to make a full master pkcs7 format certificate for whatever reason, One that contains […]

Read More

Troubleshooting: SAP Incomplete FCPath, need certificate of CA, Certificate chain error

During installation of an SSL Certificate on a SAP system you may get the following error: “Incomplete FCPath, need certificate of CA” (CN=VeriSign Class 3 Public Primary Certification Authority – G5, OU=”(c) 2006 VeriSign, Inc. – For authorized use only”, OU=VeriSign Trust Network, O=”VeriSign, Inc.”, C=US) “import_own_cert: Installation of certificate failed” Causes: Why this error can happen is for the following reasons: SAP systems want to see an the entire SSL Certificate Chain during installation of your SSL Certificate. You are not installing a PKCS7 (.p7b) format certificate. Resolutions: If you receive this error when you are installing an SSL Certificate from any CA you must have a complete Master pkcs#7 format certificate that includes the following.. SSL Certificate Intermediate CA *Root […]

Read More

Troubleshooting: Host headers in Microsoft Server 2013 IIS 8.0 & 8.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

Server 2003 IIS 6 – CSR/Install Instructions for Renewals without removing the existing certificate

Issue Condition: To generate a new CSR without removing the current certificate, a Temporary Dummy website can be created. This workaround will apply for Microsoft IIS 6 server 2003 that currently have certificates installed on their website, but a new CSR with a new key-bit length or different information in the Distinguished Name needs to be created. Creating a temporary website allows you to keep the current certificate active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system and […]

Read More

Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate. “The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.” Or “Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.” This error message occurs due to one or a combination of the following: Its a glitch that can happen from time to time on IIS server 2008 series. The certificate file is formatted incorrectly or the wrong extension file is being used for the installation. The CSR for this certificate […]

Read More

Troubleshooting: Error: “The certificate is invalid for Exchange Server usage”

In Windows Exchange systems you may receive the following error message after the installation of a digital certificate. “The certificate is invalid for exchange server usage”   This warning message occurs due to the following: The SSL certificate cannot be verified to a trusted certificate authority. The SSL certificate that was installed is missing its intermediate CA certificate that helps chain the trust to the root certificate on that system. Resolution: You will have to manually install the correct intermediate CA certificate that goes with your SSL certificate product. Contact your Certificate Authority (CA) for this supplementary certificate. Note: If you purchased your Standard SSL Certificate product from the following CA’s Symantec, GeoTrust, Thawte or RapidSSL you can find the links directly to […]

Read More