[THIN] Re: Opening the config.restore file from the Access Gateway

  • From: Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Mon, 3 Apr 2006 20:34:47 +0800

I'm confused by your comments Jeff as I'm not sure how that's working for
you, unless you are extracting the private key and signed certificate from
IIS and uploading them together. A csr is generated by using a private key.
Then it's signed by a Certification body. When the signed certificate is
installed, it verifies itself against the private key. This was my issue.
Because I had re-imaged the CAG, it had a different private key, and
therefore the signed certificate could not be verified, and would not
install.

Because I didn't have a copy of the private key, there was no way I was
able to fix it. So the only solution (also according to Citrix) was to
generate a new csr and send it off to be signed. I've just received it
back, and thankfully it installed correctly.

Now...I also got an answer from Citrix about the config.restore file, if
anyone is interested. It's a binary format file. They have an internal tool
to extract it, which is not publicly available at this point in time.

Cheers.

 Kind regards,

 Jeremy Saunders
 Senior Technical Specialist

 Integrated Technology Services &
 Cerulean
 IBM Australia
 Level 2, 1060 Hay Street
 West Perth  WA  6005

 Visit us at
 http://www.ibm.com/services/au/its

 P:  +61 8 9261 8412                F:  +61 8 9261 8486
 M:  TBA                            E-mail:
                                    jeremy.saunders@xxxxxxxxxxx










                                                                       
             "Jeff Pitsch"                                             
             <jepitsch@xxxxxxx                                         
             om>                                                        To
             Sent by:                  thin@xxxxxxxxxxxxx              
             thin-bounce@freel                                          cc
             ists.org                                                  
                                                                   Subject
                                       [THIN] Re: Opening the          
             31/03/2006 09:30          config.restore file from the Access
             PM                        Gateway                         
                                                                       
                                                                       
             Please respond to                                         
                   thin                                                
                                                                       
                                                                       




I've never had a problem putting a cert on a  CAG where I didn't generate
the CSR from the CAG.  for example, a CSR generated from IIS then
transferred the cert to the CAG has worked wonderfully well.  Are you sure
you have the correct root imported in correctly?

Jeff


On 3/31/06, Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx> wrote:
  Hi All,

  Does anyone know what format the config.restore file is? It's the saved
  config from the Access Gateway. eg. rar, zip, tar, etc. Tried a few
  things,
  but it doesn't seem to work.

  The reason behind my question is that I need to restore a previously
  Generated CSR so that the Signed Certificate (crt) can be successfully
  applied. I had to re-image a box that a customer didn't have a current
  backup of, and I'm getting the following error when trying to import the
  signed crt file.

  (03/31/06 16:56:29): 0:controller:socket:: Using only strong cipher
  suites:
  RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES256-SHA:AES128-SHA
  (03/31/06 16:56:29): 0:controller:socket:: cleared existing SSL contexts
  (03/31/06 16:56:29): 0:controller:socket:: initialized SSL methods and
  contexts
  (03/31/06 16:56:29): 0:controller:socket:: Using only strong cipher
  suites:
  RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES256-SHA:AES128-SHA
  (03/31/06 16:56:29): 0:controller:socket:: cleared existing SSL contexts
  (03/31/06 16:56:29): 0:controller:socket:: initialized SSL methods and
  contexts
  (03/31/06 16:56:29): 0:controller:socket:: associated server certificate
  and private key with SSL context
  (03/31/06 16:56:29): 2:controller:upgraded: : failed to upgrade
  certificate. (verification failure).
  (03/31/06 16:56:29): 2:controller:service:xfer:: unable to xfer
  certificate
  file...

  The second last line in the log confirms that it can't be verified, and
  therefore fails the import.

  All I want to do is to "shove" the originally generated certificate
  request
  back into the config, assuming that it's backed up into there in the
  first
  place.

  Cheers.

  Kind regards,

  Jeremy Saunders
  Senior Technical Specialist

  Integrated Technology Services &
  Cerulean
  IBM Australia
  Level 2, 1060 Hay Street
  West Perth WA 6005

  Visit us at
  http://www.ibm.com/services/au/its

  P: +61 8 9261 8412                F: +61 8 9261 8486
  M: TBA                            E-mail:
                                     jeremy.saunders@xxxxxxxxxxx









  ************************************************
  For Archives, RSS, to Unsubscribe, Subscribe or
  set Digest or Vacation mode use the below link:
  //www.freelists.org/list/thin
  ************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

Other related posts: