[THIN] Re: Certificates and profiles

  • From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 16 Jan 2009 15:48:42 -0000

If it's from another company, with either their self-signed cert (yes,
even if they run their own CA), you'd have to be awfully trusting, to
trust their root CA.


        From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders
        Sent: 16 January 2009 14:26
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN] Re: Certificates and profiles

        And maybe it won't be trusted because you don't have the root
cert. Vista may contain something different to your Citrix (Windows
2003?) servers.


        There are two MS tools I use for automating the certificate
import so that users never need to deal with this stuff. Certmgr.exe and



        I hope that goes someway to helping.





        From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kevin Stewart
        Sent: Friday, January 16, 2009 10:48 PM
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN] Re: Certificates and profiles


        Its likely that the certificate isn't "trusted" by the system.
Open up the certificate details when you get the prompt, go to the last
tab, I think its "Certification Path", and look at the trust chain.
You'll see the certificate that's being presented and potentially
another certificate above it that is the parent, or root of this one.
One or both of those will probably have a red X next to them. If so
download and install that/these certificates in the computers trusted or
intermediate trust stores. The prompt essentially means "Hey, the server
you're talking to is passing a server certificate that I don't trust.
Are you sure you want to start a dialog?" If you install the
certificates the computer will then implicitly trust the server.
Additionally, I believe each user has their own certificate store, so
you may need to install in the computer's store for them to be global.
Otherwise I don't believe it has anything to do with roaming profiles
and Vista probably remembers the user's first response to the prompt.
        Give that a try.

        On Fri, Jan 16, 2009 at 7:44 AM, Hamilton, Ronnie
<ronnie.hamilton@xxxxxxx> wrote:

        I think it's a cert that was set up for the applications by the
company that wrote it...but its not a veri sign or anything like that.


        I have users running Vista and they have a local profile and
when they accept the cert they only do it once.




        -----Original Message-----
        From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil
        Sent: 16 January 2009 11:41
        To: thin@xxxxxxxxxxxxx

        Subject: RE: [THIN] Certificates and profiles


        Why do they have to accept the cert?


        Is there something wrong with it?





        From: thin-bounce@xxxxxxxxxxxxx on behalf of Hamilton, Ronnie
        Sent: Fri 1/16/2009 11:24 AM
        To: thin@xxxxxxxxxxxxx
        Subject: [THIN] Certificates and profiles


        We have recently implemented a new web application which
requires you to accept a certificate when you open the web page to
access the site.

        My question is when the user has accepted this and logs out and
then back in they have to accept it again.

        We currently use roaming profiles and I was under the impression
that this setting should be held.




        Visit our website : www.ltai.ie 


        Lufthansa Technik Airmotive Ireland Limited. Registered in
Ireland. Reg. No. 45999. Registered Office: Naas Road, Rathcoole,

        Lufthansa Technik Airmotive Ireland Leasing Limited. Registered
in Ireland. Reg. No. 140891. Registered Office: Naas Road, Rathcoole,


        This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error, please advise
by return email and delete all copies of the message.

        Kevin G. Stewart


        Confidentiality and Privilege Notice 
        This document is intended solely for the named addressee.  The
information contained in the pages is confidential and contains legally
privileged information. If you are not the addressee indicated in this
message (or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone, and you should destroy
this message and kindly notify the sender by reply email.
Confidentiality and legal privilege are not waived or lost by reason of
mistaken delivery to you.


This email and its attachments are confidential to the intended recipient. If 
this has come to you in error, please notify the sender immediately and delete 
this email from your system. You must take no action based on this email, nor 
must you copy or disclose it or any part of its contents to any person or 
organisation. Please note that email communications may be monitored. The 
registered office of Shop Direct Limited is First Floor, Skyways House, Speke 
Road, Speke, Liverpool, L70 1AB, registered number 04730752.
Subsidiary companies of Shop Direct Limited include:

Shop Direct Group Financial Services Limited (SDGFS), Shop Direct Financial 
Services Limited (SDFS) and Shop Direct Finance Company Limited (SDFC). The 
registered office of SDGFS, SDFS and SDFC is Aintree Innovation Centre, Park 
Lane, Netherton, Bootle, L30 1SL, registered numbers 05200103 (SDGFS), 04730706 
(SDFS) and 04660974 (SDFC). SDFS and SDFC are authorised and regulated by the 
Financial Services Authority in respect of arranging insurance products. 

Shop Direct Contact Centres Limited (SDCC) and Shop Direct Home Shopping 
Limited (SDHS). The registered office of SDCC and SDHS is First Floor, Skyways 
House, Speke Road, Speke, Liverpool, L70 1AB, registered numbers 05330323 
(SDCC), 04663281 (SDHS). 

All companies registered in England.


Other related posts: