Peer sent alert: Alert Fatal: bad certificate

Dear Experts,
When we try to load an application on our MSS, we get this alert iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate. Here the full exception that we get:
com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: Failed to  UPDATEDATAINPDF
     at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:419)
     at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterApplicationModification(ClientApplication.java:1132)
     at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.afterApplicationModification(ClientComponent.java:895)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doRespond(WindowPhaseModel.java:573)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:152)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: PDFDocument Processor failed to process Render Request.
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:55)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:100)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:123)
     at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:340)
     ... 29 more
Caused by: com.sap.tc.webdynpro.pdfobject.core.PDFObjectRuntimeException: Service call exception; nested exception is:
     iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:408)
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.render(PDFObject.java:3944)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRenderHandler.handle(PDFDocumentRenderHandler.java:148)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:52)
     ... 32 more
Caused by: java.rmi.RemoteException: Service call exception; nested exception is:
     iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:85)
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:95)
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:385)
     ... 35 more
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at iaik.security.ssl.r.f(Unknown Source)
     at iaik.security.ssl.x.b(Unknown Source)
     at iaik.security.ssl.x.a(Unknown Source)
     at iaik.security.ssl.r.d(Unknown Source)
     at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
     at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
     at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:669)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:470)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:427)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:355)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:550)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1433)
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:78)
     ... 37 more
Can anyone suggest a corrective measurement for this issue?
Thank You in advance
Regards
Ramesh

Hi Ramesh,
we are facing the similar issue while consuming external webservices
Here is the error:
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://lxxxxxxx:50000/webdynpro/resources/demo.sap.com/mywebservice/Components/com.sap.demo.mywebservice.webservice.comp.WebserviceComp/VECTOR.wsdl' with operation 'VECTOR' in interface 'VECTORPortType' at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:84) at com.sap.tc.webdynpro.model.webservice.gci.WSTypedModelClassExecutable.execute(WSTypedModelClassExecutable.java:49) at com.sap.demo.mywebservice.webservice.comp.WebserviceComp.executeVECTOR(WebserviceComp.java:313) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceComp.executeVECTOR(InternalWebserviceComp.java:303) at com.sap.demo.mywebservice.webservice.comp.WebserviceCompView.onActionGetDetails(WebserviceCompView.java:195) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceCompView.wdInvokeEventHandler(InternalWebserviceCompView.java:289) at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:131) at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:72) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:156) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:91) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97) at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:514) at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1547) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1361) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:571) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:602) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:523) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:270) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:729) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:256) at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:258) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToRequestManager(ExecutionContextDispatcher.java:140) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:140) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:37) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:291) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:396) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:385) at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:48) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:76) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:240) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:78) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:43) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:425) at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250) at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45) at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109) at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314) Caused by: com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Connection IO Exception. Check nested exception for details. (Peer sent alert: Alert Fatal: bad record mac) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:399) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1083) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:779) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:746) at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceInvokerImpl.invokeOperation(DInterfaceInvokerImpl.java:76) at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:73) ... 75 more Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:636) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:499) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:450) at com.sap.engine.services.webservices.espbase.client.bindings.ClientHTTPTransport.getRequestStream(ClientHTTPTransport.java:489) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:357) ... 80 more
Please let me know how do you solved this problem....
I will be very thankful to you
please do me the needful
Thanks & regards
Swetha
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM

Similar Messages

  • SOAP receiver via HTTPS leads to Alert Fatal: bad certificate

    Hello everybody,
    I working on a scenario where i have to send a message out via https to a partner.
    The server requires a client certificate which is installed and configured.
    When I now send out some data I get the following error:
    com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: bad certificate: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
    The partner told me that I also have to install the server certificate. Is this correct? I thought it is not neccessary to install the certificate from Server, is it?
    Regards,
    Thomas

    Hi,
    You would need to load the SSL certificate of your customer if it is a self signed certificate in the TrsutedCA's view in your Visual Admin.
    The request is being rejected by XI as the https connection is bot being established as the certificate is not present in the Trusted CA's.
    Regards,
    Bhavesh

  • FTPS -Bad certificate error

    Hi
    I am sending a file from SAP PI 7.0 to file server through FTP-S.
    The SSL certificate and private key,password is installed as per sap in PI 7.0.
    I am getting below error -
    boldUnable to create new pooled resource: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate.
    Any solution ..
    Thanks in advance.

    He,
    check you installed the certificates properly or not,may be this could be the one reason i guess.
    Regards,
    Ra

  • SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

    Hello everybody,
    I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
    Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
    Below is the SSL debug log
    ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
    ssl_debug(15): Received v3 server_hello handshake message.
    ssl_debug(15): Server selected SSL version 3.1.
    ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
    ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
    ssl_debug(15): CompressionMethod selected by server: NULL
    ssl_debug(15): Server does not supports secure renegotiation.
    ssl_debug(15): Received certificate handshake message with server certificate.
    ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
    ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
    ssl_debug(15): Received certificate_request handshake message.
    ssl_debug(15): Accepted certificate types: RSA, DSA
    ssl_debug(15): Accepted certificate authorities:
    ssl_debug(15):   CN=XXXXXXXXXXXXXXXXXXXXXXXX
    ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(15): Received server_hello_done handshake message.
    ssl_debug(15): Sending certificate handshake message with RSA client certificate...
    ssl_debug(15): Sending client_key_exchange handshake...
    ssl_debug(15): Sending certificate_verify handshake message...
    ssl_debug(15): Sending change_cipher_spec message...
    ssl_debug(15): Sending finished message...
    ssl_debug(15): Received alert message: Alert Fatal: decrypt error
    ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
    ssl_debug(15): Shutting down SSL layer...
    My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
    Does somebody have an idea what could cause this SSL handshake failure?
    Best regards,
    Maxim

    The XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.

  • Mail alerts on Fatal Errors on engine logs

    Is there any way to trigger mail alerts when Fatal errors are logged in OBPM Engine/workspace logs?Let me know the implementation details if some one has done this.

    Thanks for the help.
    To which email it will send the messages?Admin email in "Network" tab? I'm planning to send the emails to the support teams email ID.

  • SSL and BEA-090482 (BAD Certificate)

    Hi All,
    I am trying to get self-signed certificates to work with the keytool and I have followed just about every instruction to get everything to work. But no matter what I try I keep getting the BAD CERTIFICATE error. My Setup is the following:
    - I have Oracle Enterprise Linux (5.8) installed
    - I have Weblogic 10.3.4.0 installed
    - I start nodemanger through wlst
    - I have 1 weblogic installation with 3 domains and each domain has it's own IP address (virtual IP adresses).
    For 1 SOA Server (soa_server1) I want to enable SSL so here's wat I did:
    1. I use the keytool to create identity.jks (keytool -genkey -alias mycert -keyalg RSA -keypass weblogic1 -keystore identity.jks -storepass weblogic1 -validity 365)
    2. I export the certificate (keytool -export -alias mycert -file root.cer -keystore identity.jks -storepass weblogic1)
    3. I import the certificate into trust.jks (keytool -import -alias mycert -trustcacerts -file root.cer -keystore trust.jks -storepass weblogic1)
    4. I setup Weblogic (tab keystores) with the appropriate setting (identity.jks and trust.jks)
    5. I setup Weblogic (tab SSL) with a private key alias and it's password
    6. I enable SSL in Weblogic
    Our servername = MYSRV005 and our domain name = yyy.lan
    When going to the AdminServer each domain can be reached by it's own name (for example test.yyy.lan etc.)
    I have configured our listen-address for our soa_server1 for test.yyy.lan
    I have set our certificate common name to test.yyy.lan
    My nodemanager runs on localhost (I can start any server from our AdminServer console)
    We disabled hostname verification in startWeblogic.sh, startNodeManager.sh and in the soa_server1 console
    I even added CertGenCa.der into our trust.jks (keytool -import -alias mycert-trustcacerts -file “<location of CertGenCA.der>” -keystore trust.jks)
    No matter what I try, I keep getting BEA-090482 (BAD Certificate .....).
    I hope someone can help me out on this issue. I've been at it for 2 days now and still can't solve the problem. Are there any other things I have to be thinking of?
    Thanks for any help. :)

    Well,
    Once again I solved my problem. Am not sure what I did, but it seems that switching to the java utils.CertGen utility did the trick. That way certificates will get signed with the CertGenCA.der certificate. However I am not entirely sure this was our problem since I have changed so many settings in the last couple of days. Noticed that the keytool doesn't change the issuer and the issuer will be the same as what you fill out. Wonder why everyt tut on the net used the keytool while that wasn't working for us. :( Guess I have to dive into that. :)

  • Army Bad Certificates

    I'm relatively new to the army and I'm still unable to log in to any of the DoD websites from my MacBook Pro (AKO, LMS, MyPay, etc.). I've purchased a CAC reader, I've downloaded the software but no matter what I do and which browser I use I just get a sea of 'bad certificate' errors. There are over 2 million AKO users, is their only option to use a PC? This seems ridiculous but I can't find any information that states otherwise. I'm at the point now where I need to complete online training to get promoted and my only options are to purchase Windows and run it in bootcamp or entirely switch to a Windows machine. I'm in the market for a second computer and right now it seems like staying on a Mac will actually hinder my career. Is there anyone out there who's had similar successes or failures? I have about a half dozen coworkers who also use Mac and their solution is, rather non-technically, stay at work and complete the required training in the office after hours.
    details:
    MacPro 13" mid 2012
    OSX Yosemite 10.10.2
    Up to date Flash and Java
    IOGEAR CAC Reader and Centrify smart card support software
    Errors:
    Chrome: 'ERR_BAD_SSL_CLIENT_AUTH_CERT'
    Firefox: 'Error code: ssl_error_bad_cert_alert'
    Safari gives me no error, the page just never loads.

    You need a client-side SSL certificate to get into those sites. Merely installing a CAC reader isn't enough.

  • How do i delete a bad certificate for google I'm using 3.5.9. Foxflags show it's from Poland

    how do I delete a bad certificate for google.I'm using 3.5.9. with fox flags. Which says it's from Poland.I get a notice when I open firefox of the bad certificate but I can't find where to delete this.
    any help would be appreciated.
    == This happened ==
    Every time Firefox opened
    == Monday

    Hi, and welcome to Apple Discussions.
    Yes, the iBook G3 has USB 1.1.
    If your DVD burner needs USB 2.0, it isn't going to find it here.
    Since I've never done it, I hope you'll find an answer from someone in the Mac OS X 10.3 forum, where I see you've posted.
    You may also find some help in the iDVD forum, so you may want to post there, also:
    http://discussions.apple.com/category.jspa?categoryID=128
    Good luck!

  • Supplicant sent malformed PEAP message - bad record MAC

     Hi all,
       A specific kind of endpont, a device called Raspberry PI, is unable to connect or keep connected to our wireless network and the message generated by ISE is : Supplicant sent malformed PEAP message - bad record MAC 
       the WLAN accepts AES end TKIP and both have been tested.
     I got some logs from WLC. Hope someone out there could help me. 
    *dot1xMsgTask: Aug 27 20:26:40.673: 00:e7:a6:56:86:8c dot1x - moving mobile 00:e7:a6:56:86:8c into Connecting state
    *dot1xMsgTask: Aug 27 20:26:40.673: 00:e7:a6:56:86:8c Sending EAP-Request/Identity to mobile 00:e7:a6:56:86:8c (EAP Id 1)
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.699: 00:e7:a6:56:86:8c Received EAPOL EAPPKT from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.699: 00:e7:a6:56:86:8c Received Identity Response (count=1) from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.699: 00:e7:a6:56:86:8c EAP State update from Connecting to Authenticating for mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.699: 00:e7:a6:56:86:8c dot1x - moving mobile 00:e7:a6:56:86:8c into Authenticating state
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.699: 00:e7:a6:56:86:8c Entering Backend Auth Response state for mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.700: 00:e7:a6:56:86:8c Received EAPOL EAPPKT from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.700: 00:e7:a6:56:86:8c Received Duplicate EAP Response Identity packet with eapid=1 from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.702: 00:e7:a6:56:86:8c Received EAPOL EAPPKT from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.702: 00:e7:a6:56:86:8c Received Duplicate EAP Response Identity packet with eapid=1 from mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.726: 00:e7:a6:56:86:8c Processing Access-Reject for mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.726: 00:e7:a6:56:86:8c Removing PMK cache due to EAP-Failure for mobile 00:e7:a6:56:86:8c (EAP Id -1)
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.726: 00:e7:a6:56:86:8c Sending EAP-Failure to mobile 00:e7:a6:56:86:8c (EAP Id -1)
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.726: 00:e7:a6:56:86:8c Entering Backend Auth Failure state (id=-1) for mobile 00:e7:a6:56:86:8c
    *Dot1x_NW_MsgTask_4: Aug 27 20:26:40.726: 00:e7:a6:56:86:8c Setting quiet timer for 5 seconds for mobile 00:e7:a6:56:86:8c

    Hi,
    Thank you for your response!
    Do you mean that there's something wrong with some version of the 'iaik_ssl.jar' ?
    How do I determine which version we're running and what version is 'the older' version of the iaik_ssl.jar ?
    Regards

  • Webcenter Spaces Events Service configuration: FATAL Alert BAD CERTIFICATE

    Hello,
    I have a simple requirement to connect the events taskflow from an exchange server that is https and has a confirmed security certificate. I use the wsdl path for the events service and add it to my webcenter spaces service configuration -> Personal Events configuration.
    Then I ran into this error.
    javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
    So, I downloaded the .crt file from Chrome (in per format) and used the keytool to upload the certificate exception into the cacerts file inside jdk and jrocket folders. I restart the managed server running WebCenter Spaces. This had no effect on the error.
    Is there anything else that I should do?
    Thanks,
    Pradyumna

    I have the same problem. Did You resolve it?

  • SCOM 2012 Web Transaction alerting after second bad poll

    I'm trying to create a synthetic web transaction that will raise an alert after the second bad occurrence.  Anybody have any idea as to how to accomplish this to filter hair trigger errors.

    More info:
    SCOM 2012 - Monitoring the System Center 2012 App Controller Website
    http://kevingreeneitblog.blogspot.com/2012/01/scom-2012-monitoring-system-center-2012.html
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • UNIFIED MANAGER ALERT : on EXPIRING SSL certificates in clustered Data ONTAP systems

    The default ssl certificates on clustered Data ONTAP systems are valid for 1 year.
    Since we have cDOT clusters monitored via Oncommand Unified Manager 6.2, we would like Unified Manager to alert on expiring Certificates.
    Is this possible in OCUM 6.2?
    Thanks

    Thanks Saravanan, Initially i had it on RHEL 6.6, and i see some of the existing packages were of a older version and created some issues while rrdtool and sql installation. but i managed to do the installation and faced the same issue. I Didnt know that this is a user account issue not a package dependency issue.and thats the reason i got my server upgraded to RHEL 7.1 and the installation went fine but the same issue. But its working for now, thanks again :-)

  • Alert popup confirmation BADI

    Hi guys I'm very new to ABAP and BADIs. We created a BPM session in SolMan and created alerts. The problem now is that we want to send sms alerts but we want a compact version of the alert where we only get the date, the time, the job name and the error.
    We also want to setup a e-mail alert the same way. Is it also possible to setup a email popup confirmation where you have to type in what you did when you click 'confirm' on the alert..
    Any help on this will be greatly appreciated.
    Regards
    Vincent

    Hi Volker
    The problem I'm having with the sms notifications is that the sms are limited to 300bytes or 160 characters. Now I need the notification to be formatted in such a way that it can fit into the sms. So i figured if i put the Alert rating and the time stamp as the sms subject, and then put the alert message as  the body of the sms it would fit.. But now I'm stuck as to how I'm gonna get that done..
    Any help would be greatly appreciated..

  • Customized alert message formed in the UDF to be sent to Alert Inbox/Email

    Hi,
    The scenario is as follows :
    1. We have an XI object without BPM.
    2. We have an UDF written inside a graphical mapping and we are raising an
        runtimeexception in that UDF. The mapping execution and further processing
        stops when this runtime exception happens. We have a customized exception
        message written for this runtime exception.
    3. When this runtime exception takes place, we can see the customized 
        exception message in the TRACE of the sxmb moni
    4. Our requirement is to have this customized message of the UDF to appear in
        the alert  inbox and alert email notification (apart from coming in the TRACE of
        sxmb  moni).
    Please let me know as to how to route the exception message present in the UDF to Alert Inbox and Alert email
    Regards
    Ganesh

    Hi,
    You had mentioned that you need to raise exception as well as provide an alert in inbox.
    Raising Exception could be done easily through your UDF.
    For raising alerts, you could use standard alert configuration (through ALRTCATDEF). However, this option is good if you are not passing any custom application specific variables.
    >><i>In this case, if message is going in to error while getting processed after raising the exception, then alert could be configured. Refer following link</i>
    By this, I meant that the message processing should go in error for alerts to fire, because they are fired for messages goin in error.
    Thus in short, for configuring alerts, make sure that:
    1. You are not using any application specific variables. However, you can use system variables like Message ID, Sender Service etc.
    2. Message is going into error state in SXMB_MONI after processing.
    Bhavish

  • I keep getting alert from server.local certificate expires soon with a long APSP number.  I am getting 4-5 of these per day.  I thought it was junk mail, but now am concerned it might be related to something else?  Any ideas?

    Please help me determine if the above multiple messages I am getting are legitimate or not.  Have you seen this before.  It says certificate will expire soon.

    I have the same version of ssh and I don't get that error when connecting to dunes.ccsf.edu.
    What additional software are you running on that machine? Do you have anything like Peerguardian or other peer-to-peer software? If so, that is likely the cause.
    Some things to try are:
    Take the MacBook Pro to another location and see if it works there.
    Create a new account and see if that account can connect.

Maybe you are looking for