In IIS 10 on a Win 2019 server, I just created the Centralized Certificate Store.
How do I generate a CSR?
The "Generate CSR Request" option is missing.
"next Centralized Certificates" is wrong. You should click "Server Certificates".
Navigate to Server Certificates:
In the center menu, click the Server Certificates icon under the Security section near the bottom.
Select Create a New Certificate:
Enter your CSR details:
In the Distinguished Name Properties window, enter in the required CSR details and then click Next.
Related
I am opening a XLS file over https (which runs over TLS 1.1). While opening file, I am getting error "Revocation information for the security certificate for this site is not available".
If i uncheck "Internet Explorer -> Tools > Internet Options -> Advanced -> Security -> Check for server certificate revocation" option then I am able to open XLS file over http in excel.
But this will set this setting only for my user not for other users. Other users still face this issue.
In website certificate, CRL Distribution Point -> Distribution Point Name -> Full Name URL=http://ss.symcb.com/ss.crl". CRL distribution point URL is not reachable as there is no internet connectivity on the server.
Please suggest how to fix this issue for all the user.
OS : Windows 2012 R2
Office : Office Profession Plus 2016
Thanks
I was able to resolve this issue by configuring the system wide group policy to disable certificate revocation check for all users.
Run > gpedit.msc -> Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > Check for server certificate revocation > Disable
Now I want to try this program (link: http://www.cogno-sys.com/azure-cloud-management/azure-cloud-director-single-click-azure-deployment/ ) because I have some problem to deploy my app to Azure.
So I downloaded it and it requires first to add a subscription ID. But after I fill all field I click the button OK but nothing happening...(I added the certification path and password, too) No error message, nothing else. This pop-up window is on the screen still
(the problem is the same when I ad the Certhumprint and then clikc to Check, but nothing again. If I click the OK button now the error messages show to click to check button first)
Are you using this? Do you have the same problem with it?
I have used it and I found you really need to fill all the fields in the "Add Subscription" dialog. As you are already a Windows Azure user, you may already have a self signed certificate installed in your desktop and exported its PFX and CER in which CER is uploaded to Azure Management Portal.
If you have above setup ready try again "Add Subscription" option in "Cloud Director" and in "Add Subscription" dialog:
First Click "Certificate Thumbprint" option and include the ThumbID of the certificate which is uploaded to Azure Management Portal and then press "Check" button. The Thumb ID color will change from red to green mean it is validated.
Now Click on "Local PFX File" option and select the PFX file using "..." button and enter the PFX password in the "Password" text box.
After you fill all 3 certificate related input field, press "OK" and you will see progress bar active.
If "Cloud Director" team can read this, please this process more intuitive and easy.
there is a setup wizard when you login first time. it should guide you to setup account. initially there was a manual entry form for subscription which has been replaced with setup wizard which should properly guide you.
Incase you are unable to get same, go to Help or application menu and choose "Reset Data" and it shall restart with the wizard and clear all local data.
Raise support ticket if you need help still.
I keep getting this error message in my Event log:
The root of the certificate chain is not a trusted root authority
It seems to be working fine, but I don't like the sound of that error, anyone know why and how to fix this?
The reason is that Sharepoint has it’s own registry of certificates, and you will have to add the CA there as well.
Open “ADFS 2.0 Management”
Expand Service – Certificates
Right click the primary (if more than one) certificate under Token-signing, and select View Certificate
Choose the Details tab, and click “Copy to file…”
Complete the wizard, saving the certificate as “DER encoded binary” (name it ADFSRoot.cer or something)
Copy the .cer file over to your Sharepoint server
Now you have to add this certificate to Sharepoints list of root authorities. You’ll be using the Sharepoint 2010 Management Shell for this operation:
First you start Sharepoint 2010 Management Shell and then you run the following two commands (change the path to where your .cer is located):
$root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\TEMP\ADFSroot.cer")
New-SPTrustedRootAuthority -Name "ADFS Token SigningRoot Authority" -Certificate $root
Now the certificate properties will be listed as a confirmation that the certificate has been added.
If your certificate chain contains more than one certificate, you will have to do this with each one giving them a unique name.
I have an InfoPath form template as a content type in a form library on SharePoint. The form has several data connections which on submit, save it back to a specific form library on SharePoint depending on how one field is filled out.
After I added an additional data connection to receive information from SQL to a drop down control, when the form is opened (new or existing), the following Microsoft security message appears "Microsoft Office InfoPath Security Notice - Microsoft has identified a potential security concern...". This warning appears EVERY time.
I have added these connections as IE Internet Options trusted sites. In the InfoPath form itself, in Tools>Trust Center, I have unchecked (privacy options) "check Microsoft Office documents that are from or link to suspicious Web site in InfoPaths Trust Center".
None of these actions are solving the problem. Is there a way to turn this security warning off?
You may need to change the Security and Trust settings on the form itself. goto Tools -> Form Options -> Security and Trust. If you go full trust then you will probably have to sign it with a code signing digital certificate.
Infopath can generate a digital certificate that will work on your local machine. but when anybody else tries to open the form they will be prompted if they trust the certificate when they open the form.
To get around that problem either purchase a Codesigning certificate from a trusted provider or create one yourself with makecert.exe
Unfortunatly makecert is part of the Windows SDK which is a 570mb download.
The following is a script that I have used to create a Code Signing Certified Authority and a the infopath code signing certificate.
makecert -n "E=Support#{yourcompany},CN=Your Code Signing CA" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "E=Support#{yourcompany},CN=Your Infopath Code Signing Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
You will need to get the root certificate added to to the Trusted Root Certification Authority of the certificate store.
Try moving your data connection to DCL. This is the good practice anyway because it removes the dependency between the database server location and your InfoPath form. In the udcx file you find some security options to configure. If you can't solve the issue using changes in udcx files, you can switch from making direct SQL calls to use web services instead as proxy. This is always good since you get away from the database structure and InfoPath form dependency. InfoPath by default works very well with web services over SSL but it's also possible via http with some adjustments in udcx files.
I have a website running on a Windows 2003 server on IIS 6, serving pages for a LAN where everybody is working with a domain account. On other machines this works fine, no-one has to login to the website, the dynamic scripts pick-up the account-name from the HTTP request.
Only, when browsing from the server itself (via remote desktop e.g.), Internet Explorer still pops up the domain-login-dialog when navigating to this site. (both the usual URL and http://localhost/). This was no problem on the Windows 2000 server we recently migrated the website from.
I had this problem or similar and solved it by:
adding http://localhost to list of Intranet sites, via IE > Tools > options > security > Local intranet > Sites > advanced > add http://localhost. (This is necessary if you have IE Enhanced Security installed which assigns all intranet Web sites and all UNC paths that are not explicitly listed in the Local intranet zone to the Internet zone, even localhost or other domains that don't contain '.' symbol which would normally be considered intranet by default.)
also on Security > Local Intranet > see what level of security you're on, to ensure that logon details are passed through. If it's Custom then click the Custom Level... button, scroll right to the bottom, under User Authentication > logon > for me it's 'Automatic logon only in Intranet zone', which works.
Did you configure IE on your Windows 2003 box for "Enable Integrated Windows Authentication"? This needs to be configured in IE6 to automatically use the logged-in user credentials.
You'll probably have better luck on ServerFault for this issue, as it's probably down to server configuration. Take a look at this KBAlertz.com article, yes it's specific to SharePoint, but some bits are more general. I suspect (given that you've said you've migrated to a new machine), that the issue is around the new machine not being "trusted for delegation" so look at the part titled "Configure trust for delegation for Web parts"
Configure trust for delegation for Web
parts To configure the IIS server to
be trusted for delegation, follow
these steps:
Start Active Directory Users and Computers.
In the left pane, click Computers.
In the right pane, right-click the name of the IIS server, and then
click Properties.
Click the General tab, click to select the Trust computer for
delegation check box, and then click
OK.
Quit Active Directory Users and Computers.
If the application pool identity is
configured to use a domain user
account, the user account must be
trusted for delegation before you can
use Kerberos authentication. To
configure the domain account to be
trusted for delegation, follow these
steps:
On the domain controller, start Active Directory Users and Computers.
In the left pane, click Users.
In the right pane, right-click the name of the user account, and then
click Properties.
Click the Account tab, under Account Options, click to select the
Account is trusted for delegation
check box, and then click OK.
Quit Active Directory Users and Computers.
If the application pool identity is a
domain user account, you must
configure an SPN for that account. To
configure a SPN for the domain user
account, follow these steps:
Download and install the Setspn.exe command-line tool. To do
so, visit the following Microsoft Web
site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en
(http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&DisplayLang=en)
Use the Setspn.exe tool to add an SPN for the domain account. To do
so, type the following line at the
command prompt, and then press ENTER,
where ServerName is the fully
qualified domain name (FQDN) of the
server, Domain is the name of the
domain, and UserName is the name of
the domain user account:
Setspn -A HTTP/ServerName Domain\UserName