Posts Tagged ‘certificate’

Use this to Generate a Command for Open SSL e.g the below

openssl req -new -newkey rsa:2048 -nodes -out test_test_com.csr -keyout test_test_com.key -subj "/C=US/ST=Test/L=/O=Test/" 

Now add to the end : -config “C:\Program Files\Autonomy\WorkSite\Apache\conf\openssl.cnf”

In Comand Prompt Navigate to Openssl.exe (  C:\Program Files\Autonomy\WorkSite\Apache\bin ) 

Run the full command

openssl req -new -newkey rsa:2048 -nodes -out test_test_com.csr -keyout test_test_com.key -subj "/C=US/ST=Test/L=/O=Test/" -config "C:\Program Files\Autonomy\WorkSite\Apache\conf\openssl.cnf"

It will generate a .csr and a .key file , copy these to C:\SSL

Use the CSR with your certificate Authority to Generate a .crt file and also a chain file

Download these to C:\SSL

Open the file : C:\Program Files\Autonomy\WorkSite\Apache\conf\worksite.conf

Add or Change the Lines to the below

SSLCertificateFile “C:\SSL\certs_test_test_com.crt”
SSLCertificateKeyFile “C:\SSL\test_test_com.key”
SSLCertificateChainFile “C:\SSL\certs_DigiCertCA.crt”

Restart iManage Work Server Service



Copy “C:\SSL\test_test_com.key” to “C:\SSL\test_test_comkey.pem”

Open certs_test_test_com.crt with Notepad and copy the contents into a new file

Open certs_DigiCertCA.crt with Notepad and copy the contents to the below of the new file ( directly under the other certificate on a new Line ) 

Save this as C:\SSL\test_test_comfullchain.pem

On the Worksite Service Properties  , Configure Hosted DM

Change .PEM files to your new file



Restart iManageMicroServiceHub Service

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Find the current cert location

sudo vi /etc/nginx/nginx.conf

Look for lines

ssl_certificate /etc/pki/nginx/cert.pem;

Go to Digicert and download .pem with All certs

Use WINSCP to copy this to /etc/pki/nginx/and change the config to look at the new PEM file : 

sudo vi /etc/nginx/nginx.conf

Restart Nginx

sudo service nginx restart
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

We could not access a Gatekeeper certificate. This can occur if:
•no certificates could be found on your system;
•your certificate has expired; or
•you hit “Cancel” when asked to select a certificate.

If you know you hold a current certificate and can see it in your certificate store, contact Support to trouble-shoot. They can assist with other possible causes such as:
•A missing certificate chain (root and intermediate certificates); or
•A proxy server on your company network interferring with SSL/TLS client authentication.


In Internet Explorer go to Internet Options then Content and Certificates

Under your Personal Tab double click on the most Recent Gatekeep Cert

Go to Certification Path and make sure it does not say The issuer of this certificate could not be found.

If it does say this it means your Root Chain is broken and you need to install the Gatekeeper Root 

Navigate to

Scroll to the bottom and download all the Root CA’s

Double Click on the X509 and install these using the Automatic Wizard ( you can select Trusted Route Authority the Second one down if you want to do Manually ) 

Back where you Opened up the Certificate in Internet Explorer , if you go back to the Personal Tab and Click on Import

Choose Browse , change the Input all Files you can import the PKCS#7 Files

Now when you go to Certification Path you should see multiple files there

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

citrixiconRecently I went through this to update a Cert on a Gatewat:

However the SSL certificate was still not updated

If you route traffic over a different port you need to run through this as well : 

Start , All Programs , Citrix , Administraion Tools , Secure Gateway Configuration Wizard

Choose Next and Standard

Pick your new Cert

Leave the rest of the options as default

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The name of the security certificate is invalid or does not match the name of the siteRecently we moved exchange certificates to a certificate with no local SAN’s inside to be in compliance . This involves creating and A record for your external domain name internally , then changing all internet and external paths to the full qualified external domain name. Digicert has a great guide to do this :

After this is done, you can reissue the certificate with the local SAN’s removed using a new CSR ( .req file ) generated from Exchange and apply to all client access servers. 

This was done , however a few ( not all )  users in our organisation where getting the prompt above linking to autodiscover.domain.local . Checking on the effected users , it seems their Outlook were referencing old Exchange accounts that didn’t exist anymore in exchange. Removing these old accounts from outlook and restarting fixed this. Reprofiling will also fix this!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)