802.1x secure protocol for Wifi
At my school, when users first access a webpage from the Wifi network, we are automatically redirected to a webpage where we have to enter a UserID and password. It is at the webpage where we enter the ID and password. Now, is this using the 802.1x method of network password? Thanks!
A A P L wrote:
Sounds like it.
Ugh...that's not good I was hoping that this current version of the iPod Touch would be useable with my school's wifi network. I guess not. I may just have to wait for the next versions to come out and hopefully this popular protocol would be implemented.
Similar Messages
-
Security protocol for collecting personal information through a web form
Hi,
Can someone tell me (or direct me to) what the security protocol for collecting personal information through a form is? I have a client asking, and I've tried searching for this information but can't see to find it.
Thanks,Hi Liam,
I'm looking for some specs on how a users information is encrypted when submitted through a form. My client is having a privacy policy written, and was asking. -
Why do I have to use security code for wifi router each time I turn on iPad 3?
Why do I have to enter wifi security code for my router each time I turn on ipad3? I have checked all the settings I could but is this a router problem?
If you're hiding your network SSID and/or using WEP security, I think these can cause this problem. If you're hiding your SSID, there's really no point in doing that since there are ways people can easily see it if they're looking to do harm anyway. If you're using WEP security, consider changing to WPA2 which is much more secure than WEP.
-
Use smart card for 802.1x secured WiFi authentication
Hi,
is it possible to use a certificate stored on a USB Security Token for WiFi 802.1x authentication?
I have setup a test environment with all required components (AD, Enterprise CA, NPS, WPA2-Enterprise capable WiFi Access Point, all required certificates, all Server 2012 R2 / Windows 8.1 Pro) and created a user certificate for WPA2-Enterprise secured
WiFi access (802.1x). Everthing works fine as long as the user certificate is stored in the local certificate store of the user's client computer: The user can connect to the WiFi network and the NPS logs show that the user has been authenticated correctly
and granted access.
To test this scenario with a Smart Card (Safenet USB Token), I stored that same user certificate on the token (incl. private key). The Safenet software on the client computer automatically makes the certificate stored on the token available in the local
certificate store as soon as the token has been plugged in (checked via MMC Certificates snap-in). But the certificate can't obviously be used for the desired WiFi authentication: If I try to connect the secured WiFi (the same as in scenario 1) the connection
fails.
As I'm using exactly the same certificate in both scenarios, I don't think there's anything wrong with the settings in the certificate, the NPS or any other infrastructure component. The reason for failure in scenario 2 must be lying somewhere in either
the local client computer configuration or in the Safenet software on the client computer.
I'm very familiar with all the PKI and authentication stuff, but I'm new to smart cards. Are there differences between different types of smart cards and for what purpose one can use them? (USB tokens, chip cards, virtual tokens, etc.?)
Has anybody experience in creating a 802.1x secured WiFi access with smart card based user certificates who could advise?
Thanks + Best Regards
MattHi,
I found some links form technet site which can be helpful in this case
Network access authentication and certificates
http://technet.microsoft.com/en-us/library/cc759575(v=ws.10).aspx
Enable smart card or other certificate authentication
http://technet.microsoft.com/en-us/library/cc737336(v=ws.10).aspx
Quote:
Client certificate requirements
With EAP-TLS or PEAP-EAP-TLS, the server accepts the client authentication attempt when the certificate meets the following requirements:
The client certificate is issued by an enterprise CA or mapped to a user or computer account in Active Directory.
The user or computer certificate on the client chains to a trusted root CA, includes the Client Authentication purpose in EKU extensions (the object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2), and fails neither the checks that are performed
by CryptoAPI and specified in the remote access policy nor the Certificate object identifier checks that are specified in IAS remote access policy.
The 802.1X client does not use registry-based certificates that are either smart card-logon or password-protected certificates.
For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).
For computer certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate must contain the client's fully qualified domain name (FQDN), which is also called the DNS name
Yolanda Zhu
TechNet Community Support -
Hello,
I want to create a wifi security system for a truck with cameras, but all the ones I found are IP. So I don't know if it's possible to use it only on wifi (not on 3G/LTE).
If you have an idea, it will be nice...
Thank youthat range of most wifi setup unless you want to pay alot!
would likely mean you could see about as much as the camera from where you were standing
a mifi or otherwise something which bridge a lan to the internet would work
make sure the camera have a webserver in it and then you can see it from any web browser where you put in the login and password -
I have an 2tb time capsule 802.11n Wi-Fi base station can I use this as an external hard drive and use a new airport extreme 802.11ac Wi-Fi for my wifi?
You can use the 2 TB Time Capsule as a network drive. That means that it must connect to one of the Ethernet LAN <--> ports on the new AirPort Extreme, or connect to the network using wireless.
-
Certificate Not Verified for Wifi WPA Enterprise
Hi all
I have a MDM server to deploy profile to all enrolled devices (iPhone4s, iPad...etc) for wifi setting (WPA2 PEAP SSID: M_WEP_ENT).
But I found one issue, if users have ever connected to M_WEP_ENT and accepted Certificate.
After deploying profile to the users' devices, it shows "Not Verified" in Certificate while these users try to connect the wifi with specified SSID.
And I also install this profile with iPCU, but there is no this problem, iOS just directly to ask users for input user/password again.
The following is my profile plist setting, does any idea for this issue ?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>AuthenticationMethod</key>
<string>directory</string>
<key>AutoJoin</key>
<false/>
<key>EAPClientConfiguration</key>
<dict>
<key>AcceptEAPTypes</key>
<array>
<integer>25</integer>
<integer>21</integer>
</array>
<key>EAPFASTProvisionPAC</key>
<false/>
<key>EAPFASTProvisionPACAnonymously</key>
<false/>
<key>EAPFASTUsePAC</key>
<false/>
<key>OneTimePassword</key>
<true/>
<key>OneTimeUserPassword</key>
<true/>
<key>OuterIdentity</key>
<string></string>
<key>SystemModeCredentialsSource</key>
<string>ActiveDirectory</string>
<key>TLSAllowTrustException</key>
<true/>
<key>TTLSInnerAuthentication</key>
<string>MSCHAPv2</string>
<key>UserName</key>
<string></string>
<key>UserPassword</key>
<string></string>
</dict>
<key>EncryptionType</key>
<string>WPA</string>
<key>HIDDEN_NETWORK</key>
<false/>
<key>Interface</key>
<string>BuiltInWireless</string>
<key>Password</key>
<string></string>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>WiFi (M_WPA_ENT)</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.test.wifi.config</string>
<key>PayloadOrganization</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadUUID</key>
<string>c20997cf-e696-4d48-b685-c88c3633d4a2</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>ProxyType</key>
<string>None</string>
<key>SSID_STR</key>
<string>M_WPA_ENT</string>
<key>SetupModes</key>
<array>
<string>System</string>
</array>
</dict>
</array>
</plist>
The following is the error log from iPCU console while users to click "Accept" "Not Verified" Certificate:
Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Attempting to perform MDM request: DeviceInformation
Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Command Status: Acknowledged
Jul 10 11:53:06 Miller-iPhone4s Preferences[5566] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from to (null)
Jul 10 11:53:06 Miller-iPhone4s Preferences[5566] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x160200:<VPNBundleController: 0x160200>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
Jul 10 11:53:07 Miller-iPhone4s eapolclient[5579] <Notice>: en0 START
Jul 10 11:53:07 Miller-iPhone4s wifid[547] <Error>: WiFi:[363585187.064848]: Processing link event DOWN
Jul 10 11:53:07 Miller-iPhone4s wifid[547] <Error>: WiFi:[363585187.224358]: Processing link event UP
Jul 10 11:53:07 Miller-iPhone4s configd[14] <Notice>: LINKLOCAL en0: parent has no IP
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLAN Left BSS: @ 0xc0cbc200, BSSID = 00:21:e9:b8:67:b2, rssi = -61, rate = 54 (100%), channel = 10, encryption = 0x8, ap = 1, failures = 0, age = 0, ssid[13] = "HMDM QA Apple"
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]: lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA2_8021X, key = CIPHER_NONE , 802.1X .
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: [177104.488024000]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLAN Joined BSS: @ 0xc0ff4600, BSSID = 1c:aa:07:17:d3:a0, rssi = -63, rate = 54 (100%), channel = 11, encryption = 0xc, ap = 1, failures = 0, age = 11, ssid[ 6] = "M_WPA_ENT"
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AirPort: Link Up on en0
Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: en0: BSSID changed to 1c:aa:07:17:d3:a0
Jul 10 11:53:07 Miller-iPhone4s configd[14] <Notice>: network configuration changed.
Jul 10 11:53:07 Miller-iPhone4s UserEventAgent[12] <Warning>: DEBUG: Changing WiFi state: 0
Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Network reachability has changed.
Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Network reachability has changed.
Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Scheduling poll of MDM server.
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Warning>: -[WiFiManager(Private) _enterpriseAssociationResult:withInfo:]: User Information required
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Warning>: -[<CALayer: 0xd5ecaf0> display]: Ignoring bogus layer size (320.000000, 34359738368.000000)
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetPatternPhase: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetPatternPhase: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: clip: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineWidth: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineJoin: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineCap: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetMiterLimit: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFlatness: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextDrawPath: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineWidth: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineJoin: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineCap: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetMiterLimit: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFlatness: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextDrawPath: invalid context 0x0
Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
Jul 10 11:53:08 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2949 Delaying RoamScan; because Join Mgr Busy 0 isWaitingforIP 1this TOTALLY fixed the problem for me
(which started i believe when i deleted the cache, cookies and security settings stuff in camino, sometimes apparently the certificates don't like, preserve themselves or something...):
http://support.rhombic.net/knowledge-base/articles/no-root-certificate-with-mail -app
follow the download links...
and also
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=conte nt&id=SO4785&actp=LIST
(follow the first instruction under the resolution heading)
I don't know actually if this last link above is helpful but i did it anyways. If you find out, let me know!
once these have been downloaded to your desktop, double-clicking them automatically opens keychain. Be sure to put them into your X509 Anchors...
It hasn't resolved everything, but the major websites, its made EVERYTHING a lot easier. and no, i don't want to Archive and Install. -
i have problem with my wifi in 4 S, i cant connect to any wifi itried resetting network setting and reset all setting but the result was the same, its only keeps searching for wifi and cant find any, itried to use OTHER but also didnt work.please help me???
If Join was on then your home wi-fi must be set to Non-Broadcast. If you did not set this up (maybe your provider did) then you will need to find the Network Name they used, and any password they used. The SSID is Security Set ID and to see more try http://en.wikipedia.org/wiki/SSID . Basically it is the name used to identify your router/network. A lot of times the installer will leave it set as LinkSys, or Broadcom or whatever the manufacturer set it as for default. Your best bet is to get whoever installed it to walk you through how they set it up, giving you id's and passwords so you can get in. HOWEVER, if you are not comfortable with this (if you set security wrong, etc.) you would be well ahead of the game to hire a local computer tech (networking) to get this working for you. You can also contact the vendor of your router and get help (if it is still in warranty), or at least get copies of the manuals as pdf files. Sorry I can't give you more help, I hope this gives you an idea where to go from here to find more.
-
Unable to securely request for a page
Question:
a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:
Firefox can't establish a connection to the server at localhost:8443.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
On Internet Explorer I simply get:
Internet Explorer cannot display the webpage
b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR
Details:
web.xml
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="Your_WebApp_ID"
version="2.5">
<description>The standard web descriptor for the email client</description>
<servlet>
<servlet-name>AuthenticateUser</servlet-name>
<servlet-class>MailBoxController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticateUser</servlet-name>
<url-pattern>/ControlPanel</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>401</error-code>
<location>/authenticationFailed.jsp</location>
</error-page>
<context-param>
<param-name>serverName</param-name>
<param-value>Gmail</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>993</param-value>
</context-param>
<context-param>
<param-name>ip</param-name>
<param-value>imap.gmail.com</param-value>
</context-param>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>Logger</listener-class>
</listener>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>
</web-app>
tomcat-users.xml :
<tomcat-users>
<role rolename="administrator"/>
<user username="admin" password="system123#" roles="administrator"/>
</tomcat-users>
Following tag was added in web.xml in conf of tomcat :
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Can anybody please help me with my problem. Am I going wrong with configuring SSL?
Thanks
KrutikaI did add these lines:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
to the web.xml contained in conf folder of tomcat.
But didn't fiddle with server.xml -
After un-commenting
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
in server.xml contained in conf folder I get the following exceptions
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
.6.
Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
ndom [true].
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
eSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
r-8443"]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
r[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
on failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
83)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
efined when using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
81)
... 13 more
Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2945 ms
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
\Blah.war
Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
rFile
INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
Offending class: javax/servlet/Servlet.class
Logger Contructor
Servlet Context has been initialized
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\docs
Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\examples
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\host-manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\manager
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
ps\ROOT
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2728 ms
Edited by: 948555 on Jul 25, 2012 10:42 AM -
How to Set up HTTPOnly and SECURE FLAG for session cookies
Hi All,
To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
I have found the below solutions.
For setting up the HTTPOnly for the session cookies.
1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.httponly = true;
For setting up the secure flag for the session cookies.
2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.secure = "true"
Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
<cfapplication setclientcookies="false" sessionmanagement="true" name="test">
<cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
<cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
</cfif>
But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
Your timely help is well appreciated.
Thanks in advance.BKBK wrote:
Abdul L Koyappayil wrote:
BKBK wrote:
You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
I couldnt understand this. I mean how are you relating this with my question.
When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
Name:
JSESSIONID
Content:
782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
Domain:
xyz.abc.pqr.com
Path:
Send for:
Any kind of connection
Accessible to script:
No (HttpOnly)
Created:
Wednesday, September 3, 2014 2:25:10 AM
Expires:
When the browsing session ends
BKBK wrote:
2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
BKBK wrote:
3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea?? -
When I upgraded my iMac to Lion I can no longer connect the iPad 2 to WiFi. It gives me a message unable to search for WiFi. Before the upgrade to Lion it worked fine. What gives?
Could there be a setting I need to adjust in the iPad2? When I try to turn on WiFi and enter the name of the WiFi that I have established, including the security type and the password, I get the message "Could not scan for wireless networks." Is there a setting in iCloud or other location that needs to be changed?
-
What are the ideal/optimum settings for the Airport Express for WiFi... ?
I currently have my MacPro plus my MacBook Pro running from my Airport Express and they work perfectly... but my new iPhone 4 won't see the network... does anyone know why this could be and is it something to do with security or other setting I have on my Airport Express.... I have been onto iPhone 4 support and they are all about restore and resets... it's gotta be something small I'm doing wrong.
Any suggestions or advice most welcome.
Regards,
Anthony
Irish MacAddict
Message was edited by: Anthony MacCarthyHi Bob and Sijnon...
Cheers for your replies and comments... I don't really know hat a closed network is... I do have it password protected and I'm using the WPA2 Personal security protocol... the one thing I can say is that it is broadcasting in the 5GHz band as I had it set to the 2.4GHz and I couldn't pick up the signal in my kitchen so I switched recently to the 5GHz band and my MacPro now works fine all over the house. I was told by a colleague that the iPhone 4 supported the 5GHz band..?
Is this the problem... is this reason why it won't join the network..? -
Should i use secure sockets for my whole client/server application?
Hi,
I have a client server application, and I want to ensure that the login process is secure (i.e. use secure sockets). but I dont know how to switch back to a normal socket once that is done.
So I am left thinking that i should just use SSL for my whole application, which can last pretty long. But I would rather not. Is there any other way of doing this?
or should I just encrypt the login info using MD5 or something like that, then send it over an unsecure socket?
thanks!Hey,
Are you sure you haven't confused JGSS for JSSE?
Imagine you have a client-server system and you sometimes want data sent over the wire to be encrypted... JGSS offers you this flexibility; if you a encrypted transmission, run ift through JGSS before transmitting it; if you don't want an encrypted transmission, bypass JGSS and just send the transmission.
The benefit is the security (encryption) isn't hard-wired into you communications protocol i.e. TLS. JGSS has nothing to do with connections it is just protocol for securing messages, not sending them.
You would need to establish the secure context but this could be done at startup and persist for the duration of you applicaiton invocation. You perhaps might need to implement a mechanism to identify encrypted messages on the receiving peer (so it knows to attempt decryption).
Admittedly, kerberos seems like one of those 'inside-joke' things. I've come to realise if you don't have some sort of kerberos realm/server against which to authenticate - you need to swap it out as the underlying mechanism. How this is done I'm not sure yet, but I intend to find out today....further down the rabbit hole I go!
If I discover anything helpful, I will let you know.
Warm regards,
D -
Hi, I have iPad 2, when I buy it it has old iOS. Then I update it now it has 5.1.1 iOS and modern firmware 4.12.01. After update my wifi is not working. Only searching for wifi. 3G working well. But wifi olso worked with old iOS. So what can do ? Pls
Look at iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
iPad: Issues connecting to Wi-Fi networks http://support.apple.com/kb/ts3304
iOS: Recommended settings for Wi-Fi routers and access points http://support.apple.com/kb/HT4199
Additional things to try.
Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
How to Quickly Fix iPad 3 Wi-Fi Reception Problems
http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
If none of the above suggestions work, look at this link.
iPad Wi-Fi Problems: Comprehensive List of Fixes
http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
Fix iPad Wifi Connection and Signal Issues http://www.youtube.com/watch?v=uwWtIG5jUxE
Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
Unable to Connect After iOS Update - saw this solution on another post.
https://discussions.apple.com/thread/4010130
Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
~~~~~~~~~~~~~~~
If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
Cheers, Tom -
What are the security risks for opening port 80 on workstations?
Hello all,
in our environment, there is an application which open port 80 on workstations when installed, but it is not allowed on preimeter FW
could you please advise what are the security risks for leaving port 80 opened on the workstations? or it is considered secure unless it is not allowed on the preimeter FW?
thanks alot & regardsHi R.Naguib.
The 80 port is open by default through the firewall on Windows system, it is used by a http protocol by a browser.
As for the network or hardware Firewall settings, I suggest to turn to the network administrator for details.
Regards
Wade Liu
TechNet Community Support
Maybe you are looking for
-
Hello, We were looking into setting up CUPS so that we can deploy Jabber/Presence to our users and then discovered that CUCM 9.1 has Cisco IM & Presence built in as a service. My question is, if we upgrade to 9.1, can we leave Unity Connection at 8.6
-
How to create a counter using Oracle SQL Developer?
Is there any way to create a counter using Oracle SQL Developer to create the below scenario. Meaning it will recorded down the name of user and ID and time and the date they login. Library portal home statistics shows how many users (outside and wit
-
Maverick - lost all my mailboxes (Apple Mail) with important datat. Followed advice on help menu to reindex, rebuild; called Apple Chat. No help. Losing important data is a HUGE problem. Also, Maverick no longer has the many folders I once had in my
-
Since October 23rd, after downloading the recent upgrade for Adobe Reader, I continually keep getting error code 0.104 whenever I try to open a file that is in PDF format. No matter if I'm using Internet Explorer or Chrome. Huge waste of time! I
-
I have a form on my website that use the cfmail tag to send information collected from a form via email. I am no longer getting the email submitted from the form yet I'm also not getting an error and I haven't changed anything. I suspect it's a relay