Portecle: Advanced Keystore Creation and Manipulation Tool

Portecle is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more. The scenario for using such a tool is if a server system lacks the capability of generating a CSR keypair on its own. Another Senario would be if large networks of multiple server types, data centers and such are faced with a CSR keypair on one system environment and the tireless key store conversions that are required to import a keypair into a different server environment, which can be very time consuming and frustrating. Portecle eliminates the need for a server to create a CSR keypair. It acts as keypair CSR generator where you can generate a single […]

Read More

Troubleshooting: Unsecured or Mixed Content – “Your connection to this site is not fully secure”

Mixed Content warnings happen with all certificates now regardless of certificate type.  The most drastic loss in functionality though is EV certificates. Even though an Extended Validation (EV) SSL certificate may have been installed in https (The channel of the website that performs encryption) on a website some browsers may require that the entire site, all resources, images, and links be secured within in https as well. Failure to do this may turn off the EV green URL bar. Which is a desired feature when purchasing a EV SSL certificate.  If the certificate is not an EV SSL certificate, just a Domain Validated (DV) or Organization Validated (OV) SSL certificate  then typically there may be a padlock missing near the URL bar even though […]

Read More

Troubleshooting: Tomcat x509 – “Failed to establish chain from reply.”

This Article consists of advanced troubleshooting to a very problematic issue that rarely comes up with versions of keytool when installing an SSL certificate in x509 format. Issue: By all normal means when following SSL Installation instructions for Tomcat using X509 you should have a smooth installation, but when importing the Intermediate CA Certificate or SSL Certificate received from the Certificate Authority you may get the following error message still. “Failed to establish chain from reply” Cause: Tomcat/keytool is a picky system. Tomcat wants to see the entire certificate chain before installation of the SSL Certificate. Typically this can be solved by importing the entire chaining path of your SSL Certificate in the following order: Root > Intermediate > SSL Certificate. […]

Read More

Troubleshooting: Missing Private key in Windows Servers

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft systems the private key is hidden away and will only appear once the CSR pending request has been completed. When using Exchange to process the pending request and install a SSL certificate there should be a option available to do this. Typically if there is no option to “complete” the pending request it usually means the following. The CSR was never created on the exchange system that you are currently on. Note: If the […]

Read More

How to create a MMC Snap-In for troubleshooting certificates.

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. Open up a MMC snap in by performing the instructions below. Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next. Note: When troubleshooting browser certificates such as client certificates, email signing certificates, CodeSigning, etc.. you will choose […]

Read More

Windows Server IIS/Exchange – Intermediate Installation

You have successfully installed your SSL Certificate on a windows server system although you might be having some trust issues on certain browsers or applications are not fully trusting your SSL Certificate. This may be due to a lack of an intermediate CA certificate file that helps Chain the Trust to your clients browsers or systems. Or,  instead of installing a pkcs#7 certificate that has the intermediate embedded in the server certificates code you installed an x509 version of your certificate which does not have the intermediate within it. In order to import your SSL Certificate Intermediate CA Certificate perform the following. Step 1: Downloading Intermediate CA certificate: If your intermediate CA certificate for your product is not in the body of […]

Read More