AnyConnect 3.1.05160 - no valid certificates available for authentication

Similar Messages

• [AnyConnect] No valid certificates available for authentication

  Hi,
  We are using Cisco Anyconnect 3.0.0629 with certificate authentication (stored in Aladdin eToken)
  Most of users have no problem and it works fine.
  When one user tried to connect, he got a lot of errors "No valid certificates available for authentication" during 30 seconds. (~10 errors per second)
  In a normal behaviour, we should have only one error.
  Why is AnyConnect flooding this error?
  How could I resolve it?
  Thanks for your help,
  Patrick

  I also had the problem of "no valid certificates available for authentication", although it only prompted once, rather than a flood like the OP.
  However, the cause and solution for my problem was:
  The certificate used for authentication was issued by my internal CA, to the Computer, NOT the user.
  Although the user that is logged on is a local administrator, the AnyConnect Client application does not have the permission to send the certificate from the Computer store.
  The application needs to 'run as administrator'
  Right-click the application shortcut-> Properties->Compatibility->Privilege Level.
  Tick ->Run This Program As Administrator.
  I needed to reboot the client pc before this worked.
  n.b I was using Windows 8

• Anyconnect 4 - No valid certificates available. Please insert a smart card or install a valid certificate.

  Hi.
  I'm trying to use Anyconnect 4 as a 802.1x supplicant replacement.
  I'm trying to make a profile with Anyconnect Profile Editor, where the settings are WPA2 Enterprise where both machine and user must use certificates.
  I have downloaded the CA certificate from my Certificate Server, converted it to PEM and loaded it into the Profile Editor.
  But when I try to use the generated configuration.xml, I get this error:
  No valid certificates available. Please insert a smart card or install a valid certificate.
  If I load the xml file into Notepad++ I see that the certificate path is set to the path on the hard drive where I loaded it from, ie. D:\Certificate.pem
  Shouldn't that point to the Certificate Store instead?
  But even if I correct the path to something on the local hard drive, I still get the same error.
  So, any tips on how to use the Profile Editor correctly?
  Thank you.

  Hi,
  I looked at the website and can see that the Classic TPC card is supported on Vista. It is the 'Java-card based solution'. What do you mean when you say that I 'might need to obtain the software using BaseCSP to enumerate the certificates'? Windows 7 can enumerate
  them.
  I am having the exact same problem as you however can't even login to Win7.
  Did you ever find a fix for this?

• Adobe Air Apps for OS X: Unable to build a valid certificate chain for the signer. // Code Signing on OS X 10.10 Yosemite

  Hi,
  I created several OS X Apps using Adobe Air. That worked quite well before. Now I have do update my OS X Apps - therefore I also needed update my certificates. [ I'm using Flash CC 2014 on OS X Yosemite 10.10 ]. But whatever I do it doesn’t work anymore. I always get this Message saying:
  Unable to build a valid certificate chain for the signer.
  I googled a lot and the only "guide" I found is this post (from April 2013) about code singing - http://scottgaertner.com/code_signing/
  I’m not used to deal with this kind of stuff (CA etc.) - so it's quite confusing to me.
  Would anybody please be so kind and tell me what I have to do?
  Is there any instruction from Adobe? (I didn't find one yet) 
  A step by step instruction for absolute dummies would be great!
  Best regards and thank you in advance
  Jan

  Hi Mukesh,
  I installed the Flash CC 2014 update and added some Certificates from Apple to my Keychain. Now EVERYTHING works fine again!! :-)
  Thank you very much for the Update! :-) Good job!
  Best regards
  Jan

• Error message generating Adobe Air output Unable to build a valid certificate chain for the signer

  error message generating Adobe Air Output: Unable to build a valid certificate chain for the signer.

  Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
  If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
  If you are using RoboHelp, which version?
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

  Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
  a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
  b. On the middle of the page, download -
  DigiCert Assured ID Code Signing CA-1
  Valid until: 10/Feb/2026
  Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
  Thumbprint: B170A10819BEA936905D719E643399783E1F4567
  Download
  c. Install the cert in Firefox
  d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
  e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
  Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
  Regards,
  Reigner S. Yrastorza

  Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
  If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
  If you are using RoboHelp, which version?
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Unable to build a valid certificate chain for the signer

  Updating an AIR application after a few years and needed a new signing certificate which I purchased from Comodo.  Imported it successfully into Keychain Access and exported it as a pfx file.  When I identified this certificate to Flash Builder it went all the way through the build process and then came up with the error "Unable to build a valid certificate chain for the signer".
  I can see there was a discussion on this matter in October 2011 but this did not seem to answer my question as that guy was trying to use an Apple Dev Centre key rather than paying for one like I did.
  TIA
  David

  In Keychain Access, command-click your Class 2/3 certificate, the CA's intermediate certificate, and the CA's root certificate before hitting export.
  Short guide: Code Signing Certificates for Adobe Air in OS X

• Error creating AIR file: Unable to build a valid certificate chain for the signer.

  Hi, My boss got a certificate from Thawte, and I'm getting this error message when building my AIR app.
  Error creating AIR file: Unable to build a valid certificate chain for the signer.
  I'm on windows XP.
  thanks,
  steve

  To manage your code signing certificate, please see
  http://www.adobe.com/devnet/air/articles/signing_air_applications_print.html
  The error you are seeing is typically caused by exporting a cert without the trust chain.   On Windows, in IE, you can manage your keystore by going to
  Internet Options > Content > Certificates
  When you export the certificate needed for signing your app, be sure to check “Include all certificates in the certificate path, if possible”.

• SSL: how to use Multiple Private key/Certificate pair for authentication.

  Hi all,
  i am implementing SSL in java using X509 Certificate/private key combination.
  i have two set of private key/certificate pair.
  one is factory default and another is generated at run time.
  my problem is to try ssl connection with both pairs on same tcp/ip connection.
  e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
  on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
  can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
  Thanks In Advance
  Saurabh Ahuja

  Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
  It's like this. The idea of PKI with SSL is as follows:
  - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
  - the client has a truststore that trusts the server, one way or the other, see above.
  - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
  - the server sends its cert to the client along with a digital signature signed by its private key.
  - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
  At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
  If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
  You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

• Unable to build valid certificate chain

  Hi,
  I am trying to sign my AIR application using the Code Signing Certificate I got from Apple (iPhone Dev). I have Apple's Root Certificate and my certificate. I installed both and then exported my certificate as pkcs12 (.p12 file) using many methods like Windows Certificate Manager and Firefox. I also used Keychain Access on my Mac. However, when I try to sign, I get the following error:
  Unable to build a valid certificate chain for the signer.
  Some help would be great. Thanks.

  Ok, I am making progress here.
  I signed on to a fresh mac with an empty keychain. I imported AppleWWDRCA and then developer_identity. Now it shows that the certificate is valid. Now I deleted the certificate and I imported cert.p12 file that I had made. Now the certificate re-appeared in keychain along with a private key. I had to put a password set by me earlier when I made the p12 file.
  The certificate is displayed under my private key. So it means that the p12 file has the private key and the certificate.
  Now the only thing is that AIR gives me the error stating that it cannot build a certificate chain, which means there's no Root CA in the p12 file, or WWDRCA for that matter. From what I understand, these 2 certs need to be put inside the p12 file.
  On second note, Apple also provides a distribution cert besides the developer cert. But when I try to export the distribution cert, it asks for a password that I don't know (not got one for that). But I still think that I need to use the developer cert. nd not the distribution cert. by Apple.
  The question again boils down to putting the Apple Root CA inside the p12 in order for AIR SDK to build the chain.

• Bug 2.1: Export to Excel fails: no valid colums available...

  Hello,
  I read some threads about the error
  No valid columns available for export,
  we do not currently support clob or blob columnsand none of the workarounds work for me
  [Create View|http://forums.oracle.com/forums/thread.jspa?messageID=3829495]: I only have a read only user without any permissions
  [Scroll Count Cancel|http://forums.oracle.com/forums/thread.jspa?messageID=3829495]
  [(Re)Activate Completion Insight|http://forums.oracle.com/forums/thread.jspa?messageID=3821718]
  [No dblink|http://forums.oracle.com/forums/thread.jspa?messageID=3896095]
  My query has only NUMBER and VARCHAR2 as results and 1200 rows.
  Log says WARNING     34     10656     
  oracle.dbtools.raptor.dialogs.actions.TableExportAction     oracle.dbtools.parser.plsql.TabCol.getTableNodes(TabCol.java:293)The export works in 1.2, does not work in 1.5.5 (with message "WARNING     29     17954     oracle.dbtools.raptor.dialogs.actions.TableExportAction     oracle.dbtools.parser.TabCol.getTableNodes(TabCol.java:275)"
  Add: I played around with the query: the export fails when the query is like
  SELECT col1
        ,(SELECT something
          FROM   whatever
         ) AS col2
  FROM   some_table;while the following works
  SELECT col1
        ,col2
  FROM   some_table;Regards
  Marcus
  Edited by: Marwim on 22.12.2009 15:35

  Filed
  Bug 9246364 - otn: export to xls is not working for a query
  -Raghu

• No client certificate available, sending empty certificate message

  Dear Experts,
      I am trying to establish SSL client certificate connection to external partner. What puzzles me is that the certificate is not picked up by SAP PI. The intermediate and root CA for the partner are OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network and OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US, respectively. You will be able to spot them in the Accepted Certificate Authority list, yet PI insists on sending empty certificate.
      Below is trace gathered from J2EE default trace. Please help shed some light
  Date : 11/16/2011
  Time : 8:49:11:423
  Message : additional info ssl_debug(9): Starting handshake (iSaSiLk 4.3)...
  ssl_debug(9): Sending v3 client_hello message to preprod.connect.elemica.com:443, requesting version 3.2...
  ssl_debug(9): Received v3 server_hello handshake message.
  ssl_debug(9): Server selected SSL version 3.1.
  ssl_debug(9): Server created new session 22:E7:C0:9E:C1:D2:78:83...
  ssl_debug(9): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
  ssl_debug(9): CompressionMethod selected by server: NULL
  ssl_debug(9): Received certificate handshake message with server certificate.
  ssl_debug(9): Server sent a 1024 bit RSA certificate, chain has 2 elements.
  ssl_debug(9): ChainVerifier: No trusted certificate found, OK anyway.
  ssl_debug(9): Received certificate_request handshake message.
  ssl_debug(9): Accepted certificate types: RSA, DSA
  ssl_debug(9): Accepted certificate authorities:
  ssl_debug(9):   CN=QuoVadis Global SSL ICA,OU=www.quovadisglobal.com,O=QuoVadis Limited,C=BM
  ssl_debug(9):   CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
  ssl_debug(9):   CN=CSF - Classe III - Sign et Crypt,OU=Certification Professionnelle,O=Autorite Consulaire
  ssl_debug(9):   CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions, Inc.,O=GTE Corporation,C=US
  ssl_debug(9):   CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
  ssl_debug(9):   CN=DPWN SSL CA I2 PS,OU=I2 PS,O=Deutsche Post World Net
  ssl_debug(9):   CN=CSF,O=Autorite Consulaire
  ssl_debug(9):   C=BE,O=GlobalSign nv-sa,OU=RootSign Partners CA,CN=GlobalSign RootSign Partners CA
  ssl_debug(9):   CN=Dell Inc. Enterprise Utility CA1,O=Dell Inc.
  ssl_debug(9):   EMAIL=premium-server(a)thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
  ssl_debug(9):   CN=TC TrustCenter Class 2 L1 CA XI,OU=TC TrustCenter Class 2 L1 CA,O=TC TrustCenter GmbH,C=DE
  ssl_debug(9):   CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=TC TrustCenter SSL CA I,OU=TC TrustCenter SSL CA,O=TC TrustCenter GmbH,C=DE
  ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
  ssl_debug(9):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=Meijer ipprod,OU=IT,OU=Merch,O=Meijer Stores Limited,L=Walker,ST=MI,C=US
  ssl_debug(9):   CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
  ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
  ssl_debug(9):   CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
  ssl_debug(9):   CN=Deutsche Telekom CA 5,OU=Trust Center Deutsche Telekom,O=T-Systems Enterprise Services GmbH,C=DE
  ssl_debug(9):   CN=TC TrustCenter Class 2 CA II,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter GmbH,C=DE
  ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
  ssl_debug(9):   CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA
  ssl_debug(9):   CN=Bertschi CA,O=Bertschi AG (Schweiz),L=Duerrenaesch,ST=Switzerland,C=CH
  ssl_debug(9):   CN=Cybertrust SureServer CA,O=GlobalSign Inc
  ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   EMAIL=server-certs(a)thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
  ssl_debug(9):   CN=Mark Van Hamme,O=Brain2 BVBA,L=Brussels,ST=Brabant,C=BE
  ssl_debug(9):   CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
  ssl_debug(9):   EMAIL=bis.at(a)siemens.com,CN=bis.siemens.at,OU=SBS ORS EDO,O=Siemens Business Services,L=Vienna,ST=Vienna,C=AT
  ssl_debug(9):   CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=mail2.adr-logistics.hu,O=ADR Logistics Kft.,L=Gyu00E1l,ST=Pest,C=HU
  ssl_debug(9):   EMAIL=brent.kemp(a)sscoop.com,CN=bacchusdevp.sscoop.com,OU=IS,O=Southern States Cooperative Inc,L=Richmond,ST=VA,C=US
  ssl_debug(9):   CN=Cybertrust SureServer Standard Validation CA,O=Cybertrust Inc
  ssl_debug(9):   OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group, Inc.,C=US
  ssl_debug(9):   CN=Certipost E-Trust Secondary Normalised CA for Legal Persons,O=Certipost s.a./n.v.,C=BE
  ssl_debug(9):   EMAIL=cert(a)bit-serv.de,CN=BIT-SERV GmbH Root CA,O=BIT-SERV GmbH,C=DE
  ssl_debug(9):   CN=SAP_elemica_tester
  ssl_debug(9):   CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
  ssl_debug(9):   OU=Class 1 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
  ssl_debug(9):   CN=Montova Root CA,OU=Root CA,O=Montova,C=BE
  ssl_debug(9):   CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
  ssl_debug(9):   CN=Dell Inc. Enterprise CA,O=Dell Inc.
  ssl_debug(9):   CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
  ssl_debug(9):   EMAIL=support(a)tamgroup.com,OU=Engineering,O=Tamgroup,ST=California,L=San Anselmo,C=US,CN=Tamgroup
  ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
  ssl_debug(9):   CN=Certinomis AC 1 u00E9toile,OU=0002 433998903,O=Certinomis,C=FR
  ssl_debug(9):   CN=GlobalSign ServerSign CA,OU=ServerSign CA,O=GlobalSign nv-sa,C=BE
  ssl_debug(9):   CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
  ssl_debug(9):   CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
  ssl_debug(9):   CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
  ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
  ssl_debug(9):   CN=thawte Primary Root CA,OU=(c) 2006 thawte, Inc. - For authorized use only,OU=Certification Services Division,O=thawte, Inc.,C=US
  ssl_debug(9):   CN=Certipost E-Trust Primary Normalised CA,O=Certipost s.a./n.v.,C=BE
  ssl_debug(9):   CN=Thawte DV SSL CA,OU=Domain Validated SSL,O=Thawte, Inc.,C=US
  ssl_debug(9):   OU=Equifax Secure Certificate Authority,O=Equifax,C=US
  ssl_debug(9):   CN=preprod.connect.elemica.com,OU=CONNECTED SOLUTIONS,O=Elemica,L=Wayne,ST=Pennsylvania,C=US
  ssl_debug(9):   CN=Certinomis - Autoritu00E9 Racine,OU=0002 433998903,O=Certinomis,C=FR
  ssl_debug(9):   CN=DPWN Root CA R2 PS,OU=IT Services,O=Deutsche Post World Net,DC=com
  ssl_debug(9):   CN=Thawte Test CA Root,OU=TEST TEST TEST,O=Thawte Certification,ST=FOR TESTING PURPOSES ONLY,C=ZA
  ssl_debug(9):   OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
  ssl_debug(9):   EMAIL=santiago.tolosa(a)eu.rhodia.com,CN=Rhodia Development CA,OU=ISF - WARTE,O=Rhodia,L=La Villette,ST=France,C=FR
  ssl_debug(9):   CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
  ssl_debug(9):   CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
  ssl_debug(9):   CN=Groep H. Essers TEST (99805D6DA33FCC1700010002),O=Montova,C=BE
  ssl_debug(9):   serialNumber=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com, Inc.,L=Scottsdale,ST=Arizona,C=US
  ssl_debug(9):   CN=VeriSign Class 3 Secure Server 1024-bit CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   serialNumber=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US
  ssl_debug(9):   CN=Conextrade,OU=Swisscom IT,O=Swisscom AG,L=Zurich,ST=Zurich,C=CH,EMAIL=ccc.eTrade(a)swisscom.com
  ssl_debug(9):   CN=b2bproto.basf-corp.com,OU=Corporate IS,O=BASF Corporation,L=Mount Olive,ST=New Jersey,C=US
  ssl_debug(9):   CN=GlobalSign Domain Validation CA - G2,O=GlobalSign nv-sa,C=BE
  ssl_debug(9):   CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
  ssl_debug(9):   CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
  ssl_debug(9):   EMAIL=!sysadmin(a)elemica.com,CN=www.elemica.com,OU=Connected Solutions,O=Elemica, Inc,L=Wayne,ST=Pennsylvania,C=US
  ssl_debug(9):   CN=GeoTrust SSL CA,O=GeoTrust, Inc.,C=US
  ssl_debug(9):   CN=RapidSSL CA,O=GeoTrust, Inc.,C=US
  ssl_debug(9):   CN=Entrust Certification Authority - L1E,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
  ssl_debug(9):   CN=EAS,O=COMPUDATA EDI Dienstleister,C=CH,EMAIL=helpdesk.dl(a)compudata.ch
  ssl_debug(9):   CN=GlobalSign Domain Validation CA,O=GlobalSign nv-sa,OU=Domain Validation CA,C=BE
  ssl_debug(9):   CN=GlobalSign Primary Secure Server CA,OU=Primary Secure Server CA,O=GlobalSign nv-sa,C=BE
  ssl_debug(9):   CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
  ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
  ssl_debug(9):   CN=Thawte SSL CA,O=Thawte, Inc.,C=US
  ssl_debug(9):   CN=Entrust Certification Authority - L1C,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
  ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
  ssl_debug(9):   EMAIL=vladimir.polak(a)esa.ch,CN=Vladimir Polak,O=Einkaufsorganisation des Schweizerischen Auto- und Motorfahrzeuggewerbes,C=CH
  ssl_debug(9):   CN=IT Directions and Strategies,OU=ITDS EDI,ST=WI,C=US,L=Hartland,EMAIL=aklumpp(a)itdsllc.com,O=ITDS EDI
  ssl_debug(9):   CN=Entrust Certification Authority - L1B,OU=(c) 2008 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY,OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE,O=Entrust, Inc.,C=US
  ssl_debug(9):   CN=GlobalSign Organization Validation CA - G2,O=GlobalSign nv-sa,C=BE
  ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=TeleSec ServerPass CA 1,OU=Trust Center Services,O=T-Systems International GmbH,C=DE
  ssl_debug(9):   CN=TC TrustCenter Class 3 L1 CA V,OU=TC TrustCenter Class 3 L1 CA,O=TC TrustCenter GmbH,C=DE
  ssl_debug(9):   C=NL,ST=Zuid-Holland,L=Spijkenisse,O=De Rijke Transport,OU=ICT,CN=smtphost.derijke.com
  ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9):   CN=Comodo Class 3 Security Services CA,OU=(c)2002 Comodo Limited,OU=Terms and Conditions of use: http://www.comodo.net/repository,OU=Comodo Trust Network,O=Comodo Limited,C=GB
  ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
  ssl_debug(9):   OU=Starfield Class 2 Certification Authority,O=Starfield Technologies, Inc.,C=US
  ssl_debug(9):   EMAIL=ftp(a)csx.com,C=US,O=CSX Corporation Inc,CN=CSX_CORPORATION_AS2_02062009
  ssl_debug(9):   CN=EssentialSSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
  ssl_debug(9):   CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
  ssl_debug(9):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(9): Received server_hello_done handshake message.
  ssl_debug(9): No client certificate available, sending empty certificate message...
  ssl_debug(9): Sending client_key_exchange handshake...
  ssl_debug(9): Sending change_cipher_spec message...
  ssl_debug(9): Sending finished message...
  ssl_debug(9): Received alert message: Alert Fatal: bad certificate
  ssl_debug(9): SSLException while handshaking: Peer sent alert: Alert Fatal: bad certificate
  ssl_debug(9): Shutting down SSL layer...
  Severity : Error
  Category : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
  Location : com.sap.aii.messaging.net.HTTPClientConnection.call(Object)
  Application : sap.com/com.sap.xi.rwb
  Thread : SAPEngine_Application_Thread[impl:3]_0
  Datasource : 7662250:E:\usr\sap\T37\DVEBMGS00\j2ee\cluster\server0\log\defaultTrace.trc
  Message ID : 00505688007A006A0000005100001B8C0004B1CF78E9602A
  Source Name : com.sap.aii.messaging.net.HTTPClientConnection
  Argument Objs :
  Arguments :
  Dsr Component :
  Dsr Transaction : cc6d1cee0fec11e1c90200000074eaaa
  Dsr User :
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
  Resource Bundlename :
  Session : 365
  Source : com.sap.aii.messaging.net.HTTPClientConnection
  ThreadObject : SAPEngine_Application_Thread[impl:3]_0
  Transaction :
  User : CPWONG
  Dsr Root Context ID :
  Dsr Connection :
  Dsr Counter : -1

  Hi ,
  Is the above problem solved , can you share the solution.
  Thanks

• Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                     Dear All,
  i have the folloing case :
  i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
  i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
  so what the setting of the mail and smtp server should be ,
  was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
  i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
  Best regards,

  Thanks Jennifer.
  I did manage to configure LDAP attribute map to the specific group policy.
  Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
  Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
  Example: let say my username is LLH.
  Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
  Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
  Only me know the preshared key and only me can login with my Connection Profile.
  Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
  Example:
  AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
  Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
  Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
  I hope above description can paint the scenario clearer.
  Thanks in advance for all the help and comment given.

• Valid size not available for this creation when using Greeting Card feature

  Using PSE9 with a Mac.  When attempting to create a greeting card, after selecting the photo, the Greeting Card, I receive a pop up error message as follows:
  "Valid Size Not Available For This Creation".  (All other Create functions such as Photo Book, Photo Calendar, and Photo Collage appear to be working).  I have been in contact with Adobe Support and have been instructed to do a number of things from creating a new preferences file to uninstalling and re-installing the PSE software, with no result.  Has anyone else run into this problem, and if so have found a fix?  Thanks.

  I've been tearing my hair out over this one also. I've been on hold for over 10 hrs with Adobe Support waited over almost 2 weeks and still no resolution. I'm trying to create the Save the Date cards for my wedding and I can't wait for Adobe. Removing the preferences file and uninstalling/reinstalling does not fix the problem.
  That said I did figure out a workaround for this. It's easy but it does require Windows. For me this was no big deal as I do own a Windows box.
  Get the free trial version of PE9 for Windows and install it. If you don't have a Windows computer get to a friend that has one
  Upload some of your photos to the PE9 Windows Organizer (it's identical to the mac version)
  Select Create and then Greeting card. Photoshop will launch the guided edit feature for greeting cards.
  Select the Layout feature and once you find out that you like save it as Photoshop project. Repeat this step for as many layouts as necessary.
  Copy your Photoshop project files (and any folders) to your mac.
  Open the project files as you would with any other Photoshop file.
  You can now select the Create feature. You will be able add your pictures and resize them, you will be able to add/remove text, you'll be able to change the backgound/borders, add graphics...pretty much anything...EXCEPT automatically modify the layout. If you click on Layout, PE9 returns nothing. You can however go into full edit mode and if you have decent Photoshop skills you can make any changes to the layout manually.
  If I had to put money on this I'd say that there is a problem with the PE9 Mac installation package. For some reason it is not deploying the layout data/files or it is not putting them in the right place. For this reason the program can't find the layouts when the user selects the greeting card guided edit.
  Good luck.

• Adobe Exchange download won't install in Extension Manager CC - no valid certificate.

  I've been struggling to load the Adobe Exchange download into Extension Manager CC.  It won't install due to it having 'No valid certificate'.  Is there a fix for this?

  Please click "Tools"->"Preferences" menu item in Extension Manager, uncheck "Allow Extension Manager to access Internet" option, then retry.