Federated Authentication Service (FAS) | Unable To Launch App “Invalid User Name Or Wrong Password”

Federated Authentication Service (FAS) | Unable to launch apps “Invalid user name or wrong password”

System logs:

Event ID 8

The domain controller rejected the client certificate of user U1@abc.com, used for smart card logon. The following error was returned from the certificate validation process: A certificate chain processed correctly, but one of the CA certificate is not trusted by the policy provider.

Related:

  • No Related Posts

Error: “Invalid Certificate” When Installing SSL Certificate on ADC Appliance

Hidden Control Characters in CertificateKey File

You can use OpenSSL implementation of BSD Unix distribution on ADC to import/export the certificate and key files. The exported files are free of the control characters that are preventing successful installation of the certificate and key files:

  1. Use a secure copy program (WinSCP ) to copy the certificate and key files to the/nsconfig/ssl directory of the ADC appliance.

    The Certificate and Key files can also be uploaded to the ADC using the Configuration Utility. Navigate to Traffic Management > SSL > Manage Certificates / Keys / CSRs > Upload as shown in the following screen shots:

    User-added image

    User-added image

  2. Open a Secure Shell (SSH) session to the appliance, and after authentication, run the shell command to switch to shell.

  3. Navigate to /nsconfig/ssl directory:

    cd /nsconfig/ssl

  4. Use OpenSSL to import and export the certificate file. The following example is for PEM or Base64 certificates:

    openssl x509 -in <certificateFileName> -out <newCertificateFileName>

  5. Use OpenSSL to import and export the key file. The following example is for PEM or Base64 key files:

    openssl rsa -in <keyFileName> -out <newKeyFileName>

You will now be able to successfully import the certificate on the ADC appliance by using the new exported version of the files.

SSL Certificate not Encoded in Base-64 Format

Open the certificate on a Windows computer and convert it to Base-64 encoded X.509 (.CER) and then install the certificate on the appliance:

  1. Go to Start > Run and type mmc on a Windows machine.

    User-added image

  2. Double-click and open the certificate file that you want to convert.

    User-added image

  3. Click Details.

    User-added image

  4. Click Copy to File.

  5. Select the Base-64 encoded X.509 (.CER) option.

  6. Click Next.

    User-added image

  7. Browse to the location you want to save the converted certificate. Name the file with a .cer extension.

    User-added image

  8. Click Next.

Install the converted certificate on the NetScaler appliance.

PKCS #7 Certificate Incorrectly Converted to PEM Format

This error occurs when the PKCS #7 (.p7b) certificate is incorrectly converted to PEM format. Refer to CTX124783 – How to Convert a PKCS #7 Certificate to PEM Format for the correct procedure.

Related:

  • No Related Posts

Error: “Invalid Certificate” When Installing SSL Certificate on NetScaler Appliance

Hidden Control Characters in CertificateKey File

You can use OpenSSL implementation of BSD Unix distribution on NetScaler to import/export the certificate and key files. The exported files are free of the control characters that are preventing successful installation of the certificate and key files:

  1. Use a secure copy program (WinSCP ) to copy the certificate and key files to the /nsconfig/ssl directory of the NetScaler appliance.

    The Certificate and Key files can also be uploaded to the NetScaler using the Configuration Utility. Navigate to Traffic Management > SSL > Manage Certificates / Keys / CSRs > Upload as shown in the following screen shots:

    User-added image

    User-added image

  2. Open a Secure Shell (SSH) session to the appliance, and after authentication, run the shell command to switch to shell.

  3. Navigate to /nsconfig/ssl directory:

    cd /nsconfig/ssl

  4. Use OpenSSL to import and export the certificate file. The following example is for PEM or Base64 certificates:

    openssl x509 -in <certificateFileName> -out <newCertificateFileName>

  5. Use OpenSSL to import and export the key file. The following example is for PEM or Base64 key files:

    openssl rsa -in <keyFileName> -out <newKeyFileName>

You will now be able to successfully import the certificate on the NetScaler appliance by using the new exported version of the files.

SSL Certificate not Encoded in Base-64 Format

Open the certificate on a Windows computer and convert it to Base-64 encoded X.509 (.CER) and then install the certificate on the appliance:

  1. Go to Start > Run and type mmc on a Windows machine.

    User-added image

  2. Double-click and open the certificate file that you want to convert.

    User-added image

  3. Click Details.

    User-added image

  4. Click Copy to File.

  5. Select the Base-64 encoded X.509 (.CER) option.

  6. Click Next.

    User-added image

  7. Browse to the location you want to save the converted certificate. Name the file with a .cer extension.

    User-added image

  8. Click Next.

Install the converted certificate on the NetScaler appliance.

PKCS #7 Certificate Incorrectly Converted to PEM Format

This error occurs when the PKCS #7 (.p7b) certificate is incorrectly converted to PEM format. Refer to CTX124783 – How to Convert a PKCS #7 Certificate to PEM Format for the correct procedure.

Related:

  • No Related Posts

Linux VDA with FAS enabled fails with “Invalid Login”

1) Copy the root Certificate and intermediate certificate to the linux VDA

2) Use openssl command to convert it to pem

openssl x509 -inform der -in root.cer -out root.pem

openssl x509 -inform der -in intercacert.cer -out inter.pem

3) Copy it to /etc/pki/CA/certs/

4) Mention root certificate and intermediate path in /etc/krb5.conf as following

pkinit_anchors = FILE:/etc/pki/CA/certs/root.pem

pkinit_pool = FILE:/etc/pki/CA/certs/inter.pem

Related:

  • No Related Posts

Secure Hub 10.5 : Enrollment fails with error : “Can't enroll device- WorxHome cannot enroll device because it failed to establish a secure connection with server”

Certificate on discovery.mdm.zenprise.com was renewed on 30th of April 2018, which is what caused the issue in the first place.

In order to be able to get past the enrollment URL screen, upgrading Secure Hub is needed.

Known to work version is 10.6.20.

Related:

  • No Related Posts

RightSignature Security

What kind of security technology do you use?

Utilizing 256-bit SSL encryption by GeoTrust and the world-class server infrastructure of Amazon Web Services (AWS), RightSignature ensures the absolute privacy of our users’ data. RightSignature incorporates the most advanced security solutions, giving you the same level of data protection and redundancy as an online bank.

How do I know the other party to the contract is who they say they are?

Verifying the identity of an individual is an important element of any signature, whether electronic or written. An electronic signature must be capable of identifying a signatory and must be uniquely linked to the signatory. RightSignature uses a multi-variate authentication process, which includes email address verification, IP address tracking, biometric signature algorithm, and other information. Authentication on RightSignature is significantly stronger than it is on paper documents, where parties often have an assistant, spouse, or other person sign on their behalf.

Furthermore, RightSignature’s optional visual identification feature provides you with further comfort that the other party to the contract is who they say they are. Visual identification allows parties to use their webcams to incorporate their photographs into the final digital document.

Can an executed document be manipulated by one of the parties after signing?

Once uploaded and sent for signatures, a document is locked and stored on a secure server with redundant copies. After execution, the final document is bound with a secure hash algorithm, ensuring that no party may make changes to an executed document. RightSignature’s neutrality provides further legal defensibility to any attempts to invalidate an executed agreement.

Are the digital signatures certified by a third-party authority?

RightSignature, as a third-party signing service coordinating workflow between document signers, provides a significant step-up in audit and verification capability over fax and email methods. A benefit of using RightSignature is that our service is a neutral third-party, much like an escrow/title agency in a real estate transaction. Once a document is executed, RightSignature bounds it with a secure hash algorithm and stores redundant copies using the Amazon Web Services infrastructure.

Should a contract signed on RightSignature be challenged in court, it would be very difficult or impossible for a party to assert that the document had been tampered with. The record of the RightSignature process and post-execution lock provides third-party verification for robust, defensible contracts.

How can I be sure that I am signing the same document as the other party?

Every document uploaded to RightSignature is bound to a unique, long-string reference number, comprised of numerals, upper and lower case letters, and characters. This reference number is included in every communication about and screen containing the document, ensuring that all parties are viewing the same document at all times.

There is no function to change the file once it is uploaded and sent out for signatures. If a document has not been signed by any recipients yet, the sending party may trash it and upload and send a new document, which will have a new reference number.

What is the difference between an original document and a signed document?

An original document is a file uploaded to RightSignature for execution.

The signed document is the original file with completed form fields and signature locations, if any, as well as an appended RightSignature signature certificate, which displays the willful mark of both parties as well as identification information such as IP addresses, time stamps, photographs, and audit log.

Will the information I provide be kept private?

Yes. The privacy and security of your information is our highest priority. Legislation mandates the privacy requirements of electronic signatures and contracts. The privacy of anyone who uses an electronic signature is strenuously protected by law. Any unique information provided by an individual or a business, such as passwords and other data, may not be disclosed to a third party. In fact, accessing and using the signature creation device of another person is a punishable offense.

Note that certain information about you, such as your name, email address, and IP address, is disclosed to signers and cc’s on documents to which you are party.

For more information on RightSignature’s advanced security systems, visit our Security page.

Related:

  • No Related Posts

Empty “Secure Viewer” appears when attempting to decrypt pgp encrypted file

I need a solution

I know this is in the wrong place, but a product search for “Encryption Desktop” returned no results, and the menus when posting a new thread aren’t terribly helpful.

Anyway, I’m troubleshooting an issue for a customer. He is not able to decrypt files encrypted via BouncyCastle. These are unsigned and contain the MDC packet.

I downloaded a trial and am able to reproduce the issue. When I open a BouncyCastle (v1.8.1) encrypted file in SED (key pair generated locally via SED), I am presented with an empty “Secure Viewer” window. However, if I uses gpg to encrypt like so:

gpg -e -r my-registered-email@domain.com .some_file.csv

It is decrypted by SED no problem. Using kleopatra I can decrupt either file without issue.

I’m wondering if anyone knows the details re what causes this “Secure Viewer” to take over and pop up. I’m less concerned that it’s empty (though I don’t know why it would be) as I’d prefer SED to just nicely decrypt the file and allow my customer to view it in excel/notepad/whatever. 

0

Related:

Enthusiasts of Bolivia to promote the use of digital signatures to improve services | Breaking News

Key facts:

The regulations of the bolivian disallow the use of criptoactivos, but not the certification in blokchain.Analysts bolivian clarify the difference between an electronic signature and a digital.Digital signatures are a technology-based solution that seeks to provide security and trust to electronic documents, and the community of enthusiastic Bolivian Mind Blockchain (BMB) sees it as the future of digital identity. This is why the promote with the aim of improving the services of public and private agencies in that country.Gabriela Melendrez Alaro, founder of the collective BMB, explained to Breaking News that the digital signature can be used to authenticate a user in the Internet systems of many public institutions. By means of this instrument the documents acquire legal value and character of evidence, to allow you to create files with more security than a handwritten signature.In the opinion of the founder of BMB, through the use of digital signatures reduces the use and transport of paper, and promotes the quantity and quality of services oriented to customers of the state and private institutions.He also explained that the network that is used for the development of this virtual instrument in Bolivia, is the platform of Hyperledger Fabric. But, why use a platform blockchain? The founder of BMB argues that it is a distributed system distinguished notably by its ability of consensus among participants.It also points out that its technology of distributed database between computers allows that, once entered in her codes, they remain there forever. With this “guarantee a transaction, an agreement or an identity, that lets you encrypt the elements that have to do with privacy”.

Blockchain and the security of the data

Around the security of the data is delivered Erick Poppe Yanez, electronic engineer, academic and specialist in hardware and software, networks and cryptography, a frequent special guest at events of Blockchain Lab promoted by BMB.Poppe believes that “the network of blockchain Hyperledger Fabric reduces scams by allowing participants to share the information consensus on the process. This avoids the single point of failure vulnerable to manipulation,” according to the opinion.It also stresses that this platform blockchain reduces the scams, by allowing participants to share the information agreed upon in the process. “So, avoids single point of failure vulnerable to manipulation,” he adds. Under its optics, this technology enhances both the security and privacy in the transmission of data, as in transactions with digital signatures via the Internet.For this reason, it seeks to take advantage of the features of this chain of blocks to reconfigure the way they are used in the rubrics of virtual identity.

One of the keys is that the book open and distributed technology blockchain would be able to detect and filter activities that potentially fraudulent or abusive on the part of some of those involved.Erick Poppe Yanez

Around the contribution of the network of Hyperledger Fabric to the verification of the identity, stressed that it contributes to the development of a system of public key infrastructure, which is included for the certification of the communication between participants at all levels.

Differentiate between digital and electronic signatures

The community BMB has been warning users about the need for you to know the difference between digital signatures and electronic. Through your account in Facebook warn that “all digital signatures are electronic but not all electronic signatures are digital”.In this sense, Melendrez Alaro and Diana Balderrama, another member of the community BMB, coincided in pointing out that despite the fact that these two terms are used commonly as synonyms, the reality is that they are different concepts.The electronic signature is only a signature equivalent to handwritten, that may well be a rubric, scanned into a data format. That is to say, is the proof that a real person has given his consent for a particular purpose. This has no legal validity.Melendrez Alaro explained that “the digital signature uses electronic signatures and the tecnifica to a level cryptographic”. But in addition to them adds a set of features that give it legal validity, and security. Therefore, they serve both to identify the person to certify the accuracy of the information. It adds a sort of lock that is given by the digital certificate, which is nothing more than an official certificate issued by an agency that validates the signature.

In sum, the main conceptual differences between an electronic signature and a digital are the uses and the nature of the same. While an electronic signature is related to the legal aspects of acceptance of certain conditions or the validation of an action (in different levels); a digital signature has the legal effects, because its function is to encrypt data to give greater security to a transaction, to authenticate and identify the person running the operation.Gabriela Melendrez, founder of the community BMB

Challenges of the blockchains private

In terms of the challenges facing the current platforms blockchains private, in order to make more effective the implementation of digital signatures, Erick Poppe noted that in Bolivia you must achieve a “normalization of entities in order to agree the standard encryption algorithms and standards of certificates X. 509″. In cryptography, X. 509 is a standard of the International Telecommunication Union (ITU-T) infrastructure of public keys.Warnings about which no one usually do about digital signatures, spoke to Judith Apaza, another participant of the events of BMB. The specialist in Political Management, Public Management and Electronic Government considers that something recurring that is not mentioned is that, beyond the technological, the digital signature is the way in which we exercise our identity in the digital world”.”It is very common for technicians to reduce their use in cryptography or mathematics, but the digital signature is also the way in which we can interact with others in the digital world,” he said.At the discretion of Apaza, a frequent occurrence is to display a scanned signature to represent the digital signature. “But currently, it is possible that a blank document is signed, and there are also ways in which we can all verify the existence of a digital signature”.

What is illegal or not?

It is known that in Bolivia the use of the cryptocurrencies is illegal. However, the same is not the case in the use of the platform blockchain of Hyperledger Fabric to certify documents, clarified Melendrez Alaro and Poppe.”Definitely not. Although the regulations of bolivia do not authorize the use of criptovalores, the use of certified documents, using chains of blocks is permitted through the supreme decree 3525, produced by the Agency of Electronic Government and Information and Communication Technologies (Agetic),” said Poppe.For Melendrez Alaro the digital signature, and open data should facilitate the transition towards an open government. In fact, the implementation of the advanced electronic signature and digital certificates play an essential role in the development of the digital administration. Are the tools for citizens to identify themselves digitally to the public entities and interact with them, with the same validity that it would have a procedure done personally in any window.However, he emphasized that for which the user is already identified to be able to access the full services of the government, it takes knowledge and information to avoid the bureaucracy that means making a procedure, for example. “The goal of open data is to improve the information published, transparentarla, so as to eliminate the barriers of consumption of the end users,” he concluded.

Related: