![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
BillLeeLee
[H]F Junkie
- Joined
- Jul 2, 2003
- Messages
- 13,486
Hey all,
So I'm working on this bug report I received for a project I work on. When a client sets up an appliance from my company, they do a quick setup and enter in the hostname, domain name, static IP, provide licenses, and the like. The appliance will then generate an SSL certificate for the machine that is provided when you access the web interface for the appliance. That's fine and good.
However, if a person decides to change the hostname of the machine for any reason, then when you try to access the web interface, you get a warning saying that the name attached to the SSL certificate does not match the name of machine.
For example, my appliance is named compy.my.home.net, and the SSL certificate generated will say it was issued to/by compy.my.home.net. When I change the name to say...dino.my.home.net, the old cert will still be used and I will get a warning when trying to access the SSL-protected web ui saying dino.my.home.net does not match the name on the cert.
So I'm investigating it, and the appliance has a utility from Microsoft called SelfSSL.exe, which is used to generated un-signed SSL certs (this is fine, the web UI is only used internally, so there's no need for a Verisign signed cert or anything).
However, when I run it to generate a new cert for the machine when I change its hostname, I get this cryptic message.
The part that gets me is the "Failed to generate the cryptographic key: 0x5" message. I have googled, searched the newsgroups, but have turned up zero leads as to how I would go about fixing it.
Thanks for any insight. This issue has been staring at me in Bugzilla for two weeks and everytime I try to go about trying to use the SelfSSL tool on the machine, it keeps bringing up that helpful message.
So I'm working on this bug report I received for a project I work on. When a client sets up an appliance from my company, they do a quick setup and enter in the hostname, domain name, static IP, provide licenses, and the like. The appliance will then generate an SSL certificate for the machine that is provided when you access the web interface for the appliance. That's fine and good.
However, if a person decides to change the hostname of the machine for any reason, then when you try to access the web interface, you get a warning saying that the name attached to the SSL certificate does not match the name of machine.
For example, my appliance is named compy.my.home.net, and the SSL certificate generated will say it was issued to/by compy.my.home.net. When I change the name to say...dino.my.home.net, the old cert will still be used and I will get a warning when trying to access the SSL-protected web ui saying dino.my.home.net does not match the name on the cert.
So I'm investigating it, and the appliance has a utility from Microsoft called SelfSSL.exe, which is used to generated un-signed SSL certs (this is fine, the web UI is only used internally, so there's no need for a Verisign signed cert or anything).
However, when I run it to generate a new cert for the machine when I change its hostname, I get this cryptic message.
Code:
C:\Documents and Settings\Administrator>selfssl /q
Microsoft (R) SelfSSL Version 1.0
Copyright (C) 2003 Microsoft Corporation. All rights reserved.
Failed to generate the cryptographic key: 0x5The part that gets me is the "Failed to generate the cryptographic key: 0x5" message. I have googled, searched the newsgroups, but have turned up zero leads as to how I would go about fixing it.
Thanks for any insight. This issue has been staring at me in Bugzilla for two weeks and everytime I try to go about trying to use the SelfSSL tool on the machine, it keeps bringing up that helpful message.