Apache 2.0.59 - cannot read certificate revocation list

Hello,
i've installed a thawte SSL certificate on a Netware 6.5 SP7 server with apache 2.0.59. If i want to validate the certificate with C1, i get the following error "cannot read certificate revocation list" ! I've found in a forum task, that this is not a great problem, but when i remark the command "SecureListen 443 "new-NDS-name" in http.conf from apache, then the webserver cannot start. Error in apache log is "[Wed Jan 05 15:57:42 2011] [crit] (10043)Unknown error: make_secure_socket: failed to get a socket for port 443 Configuration Failed". I've found in novell support forum the following task - Error: Invalid cannot read certificate revocation list. I contact thawte and they told me the following - All of our Thawte certificates are issued a CRL to check. We do not have any process or way to issue a certificate without the use of the CRL. Unfortunately no, as almost all CA's will use a CRL to ensure that the certificate's validity and status is always up to date.
What can i do ? Does anyone has an idea ? It was great to get it running......
Regards,
Norbert

NSuttner,
> with apache 2.0.59. If i want to validate the certificate with C1, i get
> the following error "cannot read certificate revocation list" ! I've
>
FWIW, I have always regarded that as cosmetic (TID 10094995). Ie I sometimes get errors in C1, even if the certs are fine.
Your message indicates that you did not get the complete certificate list. Ie you need to have your cert, the trusted root and all intermediaries. Sometimes you have to import them all into Ie, then export the complete list
http://www.novell.com/support/php/se...00%20195481184
THE TID to read is:
http://www.novell.com/support/php/se...00%20195481155
and:
http://www.novell.com/support/php/se...00%20195481134
Also see:
http://www.novell.com/support/php/se...00%20195481082
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms

Similar Messages

Certificate Revocation List not working on ASA 8.3(1)

I've configured my SSL VPN to certificate authentication, in wich the authentication with certificates is working fine. However the ASA is not able to store (cache) the CRL.
Based on debug bellow the asa downloads the CRL file but is not able to open it.
Does anyone know this sitation?
Here is te debug output:
fwlpasa01/pri/act# crypto ca crl request SSL-VPN
CRYPTO_PKI: CRL is being polled from CDP http://10.151.1.9/certlist/certcrl.crl.
crypto_pki_req(7ae32bf0, 24, ...)
CRYPTO_PKI: Crypto CA req queue size = 1.
Crypto CA thread wakes up!
CRYPTO_PKI: http connection opened
CRYPTO_PKI: content dump count 75----------
CRYPTO_PKI: For function crypto_http_send
GET /certlist/certcrl.crl HTTP/1.0
Host: 10.151.1.9
CRYPTO_PKI: For function crypto_http_send
CRYPTO_PKI: content dump-------------------
CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1482
Content-Type: application/pkix-crl
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDACBQATBA=IEGHHGMBOHNIGEJIEPJKCFCE; path=/
Date: Mon, 26 Nov 2012 15:47:38 GMT
Connection: close
CRYPTO_PKI: CRL data2d 2d 2d 2d 2d 42 45 47 49 4e 20 58 35 30 39 20    | -----BEGIN X509
43 52 4c 2d 2d 2d 2d 2d 0d 0a 4d 49 49 45 44 44    | CRL-----..MIIEDD
43 43 41 76 51 43 41 51 45 77 44 51 59 4a 4b 6f    | CCAvQCAQEwDQYJKo
5a 49 68 76 63 4e 41 51 45 46 42 51 41 77 57 54    | ZIhvcNAQEFBQAwWT
45 53 4d 42 41 47 43 67 6d 53 4a 6f 6d 54 38 69    | ESMBAGCgmSJomT8i
78 6b 41 52 6b 57 41 6e 70 73 0d 0a 4d 52 4d 77    | xkARkWAnps..MRMw
45 51 59 4b 43 5a 49 6d 69 5a 50 79 4c 47 51 42    | EQYKCZImiZPyLGQB
47 52 59 44 61 57 35 30 4d 52 67 77 46 67 59 4b    | GRYDaW50MRgwFgYK
43 5a 49 6d 69 5a 50 79 4c 47 51 42 47 52 59 49    | CZImiZPyLGQBGRYI
65 6d 6c 73 62 47 39 79 5a 57 34 78 0d 0a 46 44    | emlsbG9yZW4x..FD
41 53 42 67 4e 56 42 41 4d 54 43 31 70 4a 54 45    | ASBgNVBAMTC1pJTE
78 50 55 6b 56 4f 4c 55 4e 42 46 77 30 78 4d 6a    | xPUkVOLUNBFw0xMj
45 78 4d 54 6b 78 4e 6a 4d 7a 4d 44 68 61 46 77    | ExMTkxNjMzMDhaFw
30 78 4d 6a 45 78 4d 6a 63 77 4e 44 55 7a 0d 0a    | 0xMjExMjcwNDUz..
4d 44 68 61 4d 46 63 77 47 77 49 4b 52 66 65 4b    | MDhaMFcwGwIKRfeK
6b 67 41 41 41 41 41 42 67 52 63 4e 4d 54 49 78    | kgAAAAABgRcNMTIx
4d 44 49 35 4d 54 4d 79 4d 7a 41 77 57 6a 41 62    | MDI5MTMyMzAwWjAb
41 67 70 46 31 4f 55 76 41 41 41 41 41 41 47 41    | AgpF1OUvAAAAAAGA
0d 0a 46 77 30 78 4d 6a 45 77 4d 6a 6b 78 4d 7a    | ..Fw0xMjEwMjkxMz
49 7a 4d 44 42 61 4d 42 73 43 43 6a 75 71 30 79    | IzMDBaMBsCCjuq0y
41 41 41 41 41 41 41 58 6f 58 44 54 45 79 4d 54    | AAAAAAAXoXDTEyMT
41 79 4f 54 45 7a 4d 6a 49 77 4d 46 71 67 67 67    | AyOTEzMjIwMFqggg
49 4d 0d 0a 4d 49 49 43 43 44 41 66 42 67 4e 56    | IM..MIICCDAfBgNV
48 53 4d 45 47 44 41 57 67 42 52 73 73 75 79 64    | HSMEGDAWgBRssuyd
63 2b 6c 54 32 66 6a 75 62 39 66 70 7a 67 42 38    | c+lT2fjub9fpzgB8
76 45 36 59 78 54 41 51 42 67 6b 72 42 67 45 45    | vE6YxTAQBgkrBgEE
41 59 49 33 0d 0a 46 51 45 45 41 77 49 42 41 44    | AYI3..FQEEAwIBAD
41 4c 42 67 4e 56 48 52 51 45 42 41 49 43 41 31    | ALBgNVHRQEBAICA1
55 77 48 41 59 4a 4b 77 59 42 42 41 47 43 4e 78    | UwHAYJKwYBBAGCNx
55 45 42 41 38 58 44 54 45 79 4d 54 45 79 4e 6a    | UEBA8XDTEyMTEyNj
45 32 4e 44 4d 77 0d 0a 4f 46 6f 77 67 63 77 47    | E2NDMw..OFowgcwG
41 31 55 64 4c 67 53 42 78 44 43 42 77 54 43 42    | A1UdLgSBxDCBwTCB
76 71 43 42 75 36 43 42 75 49 61 42 74 57 78 6b    | vqCBu6CBuIaBtWxk
59 58 41 36 4c 79 38 76 51 30 34 39 57 6b 6c 4d    | YXA6Ly8vQ049WklM
54 45 39 53 52 55 34 74 0d 0a 51 30 45 73 51 30    | TE9SRU4t..Q0EsQ0
34 39 63 33 5a 73 63 47 46 6b 62 54 4d 78 4c 45    | 49c3ZscGFkbTMxLE
4e 4f 50 55 4e 45 55 43 78 44 54 6a 31 51 64 57    | NOPUNEUCxDTj1QdW
4a 73 61 57 4d 6c 4d 6a 42 4c 5a 58 6b 6c 4d 6a    | JsaWMlMjBLZXklMj
42 54 5a 58 4a 32 61 57 4e 6c 0d 0a 63 79 78 44    | BTZXJ2aWNl..cyxD
54 6a 31 54 5a 58 4a 32 61 57 4e 6c 63 79 78 44    | Tj1TZXJ2aWNlcyxD
54 6a 31 44 62 32 35 6d 61 57 64 31 63 6d 46 30    | Tj1Db25maWd1cmF0
61 57 39 75 4c 45 52 44 50 58 70 70 62 47 78 76    | aW9uLERDPXppbGxv
63 6d 56 75 4c 45 52 44 50 57 6c 75 0d 0a 64 43    | cmVuLERDPWlu..dC
78 45 51 7a 31 36 62 44 39 6b 5a 57 78 30 59 56    | xEQz16bD9kZWx0YV
4a 6c 64 6d 39 6a 59 58 52 70 62 32 35 4d 61 58    | Jldm9jYXRpb25MaX
4e 30 50 32 4a 68 63 32 55 2f 62 32 4a 71 5a 57    | N0P2Jhc2U/b2JqZW
4e 30 51 32 78 68 63 33 4d 39 59 31 4a 4d 0d 0a    | N0Q2xhc3M9Y1JM..
52 47 6c 7a 64 48 4a 70 59 6e 56 30 61 57 39 75    | RGlzdHJpYnV0aW9u
55 47 39 70 62 6e 51 77 67 64 67 47 43 53 73 47    | UG9pbnQwgdgGCSsG
41 51 51 42 67 6a 63 56 44 67 53 42 79 6a 43 42    | AQQBgjcVDgSByjCB
78 7a 43 42 78 4b 43 42 77 61 43 42 76 6f 61 42    | xzCBxKCBwaCBvoaB
0d 0a 75 32 78 6b 59 58 41 36 4c 79 38 76 51 30    | ..u2xkYXA6Ly8vQ0
34 39 57 6b 6c 4d 54 45 39 53 52 55 34 74 51 30    | 49WklMTE9SRU4tQ0
45 73 51 30 34 39 63 33 5a 73 63 47 46 6b 62 54    | EsQ049c3ZscGFkbT
4d 78 4c 45 4e 4f 50 55 4e 45 55 43 78 44 54 6a    | MxLENOPUNEUCxDTj
31 51 0d 0a 64 57 4a 73 61 57 4d 6c 4d 6a 42 4c    | 1Q..dWJsaWMlMjBL
5a 58 6b 6c 4d 6a 42 54 5a 58 4a 32 61 57 4e 6c    | ZXklMjBTZXJ2aWNl
63 79 78 44 54 6a 31 54 5a 58 4a 32 61 57 4e 6c    | cyxDTj1TZXJ2aWNl
63 79 78 44 54 6a 31 44 62 32 35 6d 61 57 64 31    | cyxDTj1Db25maWd1
63 6d 46 30 0d 0a 61 57 39 75 4c 45 52 44 50 58    | cmF0..aW9uLERDPX
70 70 62 47 78 76 63 6d 56 75 4c 45 52 44 50 57    | ppbGxvcmVuLERDPW
6c 75 64 43 78 45 51 7a 31 36 62 44 39 6a 5a 58    | ludCxEQz16bD9jZX
4a 30 61 57 5a 70 59 32 46 30 5a 56 4a 6c 64 6d    | J0aWZpY2F0ZVJldm
39 6a 59 58 52 70 0d 0a 62 32 35 4d 61 58 4e 30    | 9jYXRp..b25MaXN0
50 32 4a 68 63 32 55 2f 62 32 4a 71 5a 57 4e 30    | P2Jhc2U/b2JqZWN0
51 32 78 68 63 33 4d 39 59 31 4a 4d 52 47 6c 7a    | Q2xhc3M9Y1JMRGlz
64 48 4a 70 59 6e 56 30 61 57 39 75 55 47 39 70    | dHJpYnV0aW9uUG9p
62 6e 51 77 44 51 59 4a 0d 0a 4b 6f 5a 49 68 76    | bnQwDQYJ..KoZIhv
63 4e 41 51 45 46 42 51 41 44 67 67 45 42 41 4a    | cNAQEFBQADggEBAJ
51 6f 2f 78 73 4e 79 34 67 34 31 66 69 45 2b 67    | Qo/xsNy4g41fiE+g
46 4d 31 39 62 65 59 2b 52 77 36 74 4c 61 42 52    | FM19beY+Rw6tLaBR
34 33 58 64 45 7a 46 4d 63 61 0d 0a 72 55 74 2f    | 43XdEzFMca..rUt/
70 39 33 73 63 4c 38 63 45 4a 54 48 6d 42 54 33    | p93scL8cEJTHmBT3
73 33 79 30 50 42 55 59 6d 35 52 58 36 6f 4c 42    | s3y0PBUYm5RX6oLB
41 41 74 4f 42 63 5a 4b 62 33 76 77 58 47 33 2f    | AAtOBcZKb3vwXG3/
34 72 65 71 72 6a 39 47 42 61 49 42 0d 0a 30 2b    | 4reqrj9GBaIB..0+
4f 34 66 37 43 67 4f 78 42 38 47 6d 44 32 69 42    | O4f7CgOxB8GmD2iB
31 70 79 56 55 7a 76 52 72 44 37 65 30 69 6a 31    | 1pyVUzvRrD7e0ij1
35 63 76 6e 58 46 63 6f 75 31 34 50 45 53 6c 6f    | 5cvnXFcou14PESlo
30 2b 34 75 6b 4e 6d 42 4a 44 57 74 67 6c 0d 0a    | 0+4ukNmBJDWtgl..
45 47 46 65 6f 4e 30 78 37 2f 63 52 59 53 70 71    | EGFeoN0x7/cRYSpq
52 44 48 71 56 59 39 75 34 69 63 44 49 7a 31 4c    | RDHqVY9u4icDIz1L
75 78 5a 72 69 35 76 69 63 41 59 4b 62 44 69 4b    | uxZri5vicAYKbDiK
30 4b 77 69 64 39 59 71 4b 43 63 76 2f 73 4c 37    | 0Kwid9YqKCcv/sL7
0d 0a 32 77 2b 53 7a 46 46 75 72 73 54 6c 70 2f    | ..2w+SzFFursTlp/
36 74 4c 4d 41 72 6c 30 37 49 4f 65 52 63 51 38    | 6tLMArl07IOeRcQ8
4c 2b 6a 71 69 6e 44 30 6f 6f 62 53 5a 78 49 30    | L+jqinD0oobSZxI0
6b 42 64 54 47 6a 6c 38 68 44 42 77 6d 6a 74 63    | kBdTGjl8hDBwmjtc
33 63 0d 0a 6b 39 68 53 58 78 42 65 65 4d 74 74    | 3c..k9hSXxBeeMtt
53 72 33 48 6f 4c 42 63 6c 76 4d 75 78 64 77 72    | Sr3HoLBclvMuxdwr
41 6f 52 49 48 61 64 4f 4b 52 35 54 70 52 34 3d    | AoRIHadOKR5TpR4=
0d 0a 2d 2d 2d 2d 2d 45 4e 44 20 58 35 30 39 20    | ..-----END X509
43 52 4c 2d 2d 2d 2d 2d 0d 0a                      | CRL-----..
CRYPTO_PKI: transaction HTTPGetCRL completedCrypto CA thread sleeps!
CRYPTO_PKI: Failed to retrieve CRL for trustpoint: SSL-VPN.
Retrying with next CRL DP...

Hello everyone!
I've got the issue solved. The issue ware in CA CDP. I published the new http CDP, and it's working fine.
Windows CA
- At Server Manager -> Right click on Certificate Athotity object name -> click properties then extentions
- Create an extention to genearate the following URL
http://winca.pmmagalhaes.com.br/CertEnroll/WINCA.crl
- Then apply -> ok
- Under Windows PKI right click Certificate Athotity object name then Refresh
ASA
Under retrieval policy set for static a then put the url above.
It's done

Java Webstart application problem with TLS certificate revocation checks (Java 1.7.0_76)

We have a problem with our Java Web Start Application regarding the TLS certificate revocation check:
The application is running on a server within a wide area network which is separated from the internet.
The application users have access to the WAN, and also access to the internet over some corporate proxy/firewall.
The user has to enter, for example "https://my-site.de/myapp/ma.jnlp" within a webbrowser or could also call "javaws https://my-site.de/myapp/ma.jnlp" to start the application client.
The webserver has a certificate from a trusted certificate authority. This certificate seems to be ok, the browser is even configured to perform OCSP status check.
The application files are signed with a certificate from another trusted certificate authority. This certificate seems also to be ok. Regarding this certificate there
are no problems with certificate revocation checks.
The problem is, while starting the application client there is a message box which tell us something like "the connection to this website ist not trustworthy",
"Website: https://my-site.de:80", and something about an invalid certificate, meaning the webserver certificate.
Obviously the jvm runtime, which is executed on the users workstation, tries to perform a revocation check for the webservers certificate, but this fails because
it cannot fetch the certificate under https://my-site.de:80.
The application will execute without further problems after that message but the users are very concerned about the "invalid" certificate, so here are my questions:
- Why is the application trying to get the webserver certificate over Port 80. Our application developers told me, there is no corresponding statement. Calling this address
has to fail while "https://my-site.de:443" or "https://my-site.de" would not have a problem.
- Is there a way to make the application go on without performing a tls revocation check? I mean, by adjusting the application sourcecode and not by configuring the users Java Control Panel.
While disabling the TLS Certificate Revocation check in the Java Control Panel, the Webstart Application executes without a warning message, but this is not a workable solution for
our users.
It would be great if someone can help me with a hint so i can send our developers into the right direction;-)
Many thanks!
This is a part from a java console output after calling "javaws -verbose https://my-site.de/myapp/"
(sorry for this is in german... and also my english above)
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
security: OCSP Response: GOOD
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
security: UNAUTHORIZED
security: Failing over to CRLs: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
network: Cacheeintrag gefunden [URL: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl, Version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl
cache: Resource http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl has expired.
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: ResponseCode für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: 200
network: Codierung für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: null
network: Verbindung mit http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl trennen
CacheEntry[http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl]: updateAvailable=true,lastModified=Tue Mar 24 10:50:01 CET 2015,length=53241
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird
network: Verbindung von socket://ldap.serverpass.telesec.de:389 mit Proxy=DIRECT wird hergestellt
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 35 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    ... 36 more
security: Ungültiges Zertifikat vom HTTPS-Server
network: Cacheeintrag nicht gefunden [URL: https://my-site.de:80, Version: null]

Add the JSF Jars to the WEB-INF/lib directory of the application. If still getting error add to the CLASSPATH variable in the startWebLogic script in the domain/bin directory.

Certificate Revocation on SAP Web Dispatcher

We have recently set up X.509 Certificate based authentication. The SSL handshake is performed by the Web Dispatcher. Requests are forwarded to SAP Netwewaver 2004s Portal with the certificate in the header field. All of this works "as advertised". Certificates are created by an OpenSSL based CA with the proper extensions and are mapped to UME accounts.
Now we want add the ability to revoke certificates. One reason is, that even if a certificate is no longer mapped to an account, the Portal will still allow the user to log in and use the certificate. The certificate is not stored in the UME, but for the time of the session it looks as if the user did authenticate with a certificate.
We have added the CRL distribtion point extension ot a certificate. We can see that the CRL is downloaded from this site. It shows up in the certificate revocation service page. However, all revoked certificates still work.
The same CRL works correctly on an Apache test server. Here a revoked client certificate will already cause the SSL handshake to fail.
Does it help us to have the CRL installed to the Portal server? Or is it necessary to set up revocation on the Web Dispatcher? Does the Web Dispatcher support certificate revocation at all? If yes, where does it get the CRL from? Does the CRL have to meet certain requirements in addition to the ones defined in RFC 3280?

>
Niels Carstensen wrote:
> OSS ticket is pending.
>
> But if the Web Dispatcher accepted the revoked certificate for the SSL handshake, the Portal will just not authenticate the user. It will, however, allow the user to map the certificate to his account. This even seems to happen, if the CertPersisterLoginModule has been removed from the login stack. So all of a sudden the user can login with username password, and at the same time present the (invalid!) certificate to the applications...
That indeed sounds like a bug - so it was a good idea to submit a support message.
Regards, Wolfgang
PS: I still believe that certificate revocation should be customizable on a per-application level ("application" in this context refers to "usage type": the same certificate might be used for different purposes: SSO, digital signature, encryption, S/MIME, ...). Furthermore, some of the certificate revocation mechanisms have a negative performance impact so they might be used with care. Take the payment card validation as an example: depending on the purchase amount you might be prompted for an online validation (requires to enter your PIN) and sometimes you simply need to sign-off a piece of paper - the decision is up to the shop operator and depends on the related costs (for online validation) which is comparable to "performance impacts" in our case).

I cannot read S/MIME encrypted Mails on iPhone and iPad

I have a Certificate for my email address by Comodo. It is installed in Thunderbird on PC and iPhone and iPad with iOS 7.1.2.
Thunderbird on PC behaves like expected, i can send and read encrypted emails.
On iPad and iPhone i cannot read encrypted emails.
I imported my S/MIME Certificate via email attachment (p.12-File) and activated it in the mail section for my account. I also enabled signature and encryption function.
1. When i receive an email that is signed but not encrypted, the certificate of the sender is trusted & installed.
2. When i receive an email that is encrypted, the same sender is now shown in red color. I cannot read the email, because my profile allegedly does not contain my identitiy.
3. When i try to reply to the signed but not encrypted email (1.) then the message i send is signed but not encrypted, even though the address is shown in blue with a lock (which text info: encryption is possible).
4. When I send an encrypted email to my own account via ipad or iphone, i can read it on both ipad and iphone. This makes me think that the iOS Mail App uses S/MIME encryption a little bit different then Thunderbird.
All of this does not fit together. It think I correctly installed my certificate but there are problems in the Mail Program on iOS.

Solved: the problem was that the emails were encrypted with an old public key.

[warn] mod_bonjour: Cannot read template index file '/System/Library/User Template/English.lproj/Sites/index.html'.

Operating System: Lion 10.7.5
I was getting this warn in the logs
[warn] mod_bonjour: Cannot read template index file '/System/Library/User Template/English.lproj/Sites/index.html'.
and looking to the System directory on;
System/Library/User Template
User Template was locked and onwned by the System.
I went to the terminal and type;
sudo mkdir "/System/Library/User Template/English.lproj/Sites/"
sudo touch "/System/Library/User Template/English.lproj/Sites/index.html"
re-started Apache
The warn went away gracefully

I am adding here that this seems to be a permissions bug since the "User Template" is owned by the system and no one else have access to it. The warn went away temporarily because the permissions still wrong in that directory. I changed the permissions on the User Template directory to read and see what is inside and it loops to the user system structure. Most of the directories in the system structure are locked leaving only the public and sites directory with the correct permissions. Inside of the sites folder have a blank index.html file with read access.
So I am not sure if what I did until now will resolve the warn issue.
What I did was to get info on the User Template directory, authenticate as root and change the permission to the admin to read only. That is harmles since not even the admin can change its content. The warn seems to have gone away for now. However, the point here is to find out if the permissions should be read and write for the admin instead of read only or some other conf. More latter!

How to disable checks for certificate revocation on Java 7 u25

I have updated a standalone network to Java 7 update 25. With this new version is an option to "Perform certificate revocation checks on". Since this checks against sources published to the outside network, it fails to allow users on the standalone network to use some Java applications. This is remedied by checking Do not check. However, I need to be able to push this setting out to all users on the network.
Does anyone have or know a way to make this change through the registry or a config file?

For Internal webauth - HTTP & HTTPs redirection is possible on 7.0 & 7.2 code on WLC. See the difference below.
On 7.0 code both webauth redirection & wlc management were global, Disabling http management disables http webauth redirection, same for https as well. This behavior is changed in 7.2.
On 7.2 code, You can have both HTTP & HTTPs management enabled and configure either HTTP or HTTPs redirection. use the below command to control http or https redirection.
(Cisco Controller) >config network web-auth secureweb enable/disable
Enable - Enables https for web-auth redirection.
Disable - Enables http for web-auth redirection.

"Windows Backup cannot read the backup destination" when trying to backup to Backup Once to Samba share on NAS

Environment:
Windows Server 2012 R2 Essentials running in VirtualBox in a Windows 7 host. Networking is configured and works fine.
Background:
My only backup needs are to copy the contents of two folders to a NAS folder every day at 2 AM.
I configured a backup schedule in Windows Server Backup (wbadmin) to a network location which is hosted as a Samba share on a Synology NAS.
For authentication, I created a backup user which has the same username and password as a user on the Samba share, with permission to read and write the backup folder. I added this user to the Backup Operators group.
Problem:
When I try to run the Backup Once operation to test my backup, I get the following error message:
"Windows Backup cannot read the backup destination."
What I've tried:
I verified that the location is directly accessible in Windows by copying and pasting the address from the Windows Server Backup destination into explorer. Providing the backup user credentials opened the location and creating/reading files worked fine.
Adding the backup user to the Administrators group did not have an effect.
Update 2014-02-18
I checked the backup destination and was surprised to find that the scheduled backup actually completes successfully.
However, Backup Once always results in the above error message.
So the problem is confined to the "Backup Once" operation.

Vssadmin list providers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.
Provider name: 'Microsoft File Share Shadow Copy provider'
Provider type: Fileshare
Provider Id: {89300202-3cec-4981-9171-19f59559e0f2}
Version: 1.0.0.1
Provider name: 'Microsoft Software Shadow Copy provider 1.0'
Provider type: System
Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5}
Version: 1.0.0.7
Vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.
Contents of shadow copy set ID: {5636adcf-668c-4761-9f10-93475904c341}
Contained 1 shadow copies at creation time: 2/19/2014 7:00:00 AM
Shadow Copy ID: {4ca86ed5-9da5-49ca-8591-bf56ebd43486}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {aa265dab-feaa-49ed-9b0e-7ed39ab7f9d6}
Contained 1 shadow copies at creation time: 2/19/2014 2:00:00 PM
Shadow Copy ID: {653a4fa5-4d37-4ea4-9d2a-5710b48cde09}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {9180a420-a6bd-490d-85da-8b81231502b9}
Contained 1 shadow copies at creation time: 2/20/2014 7:00:00 AM
Shadow Copy ID: {871d10ee-9034-4269-b841-4aeee9570464}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {d83afc4e-317f-488c-89d5-a0e65844b93e}
Contained 1 shadow copies at creation time: 2/20/2014 2:00:00 PM
Shadow Copy ID: {f6fbb4ff-bac8-4a82-88e8-dffba8656424}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {3774a3f2-cd36-4f36-9667-4f96c0dbe0b3}
Contained 1 shadow copies at creation time: 2/21/2014 7:00:00 AM
Shadow Copy ID: {91d6c61a-8b39-48dd-811d-e0dcf593c967}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {99be106c-a96d-4488-a9ae-6e92452393ee}
Contained 1 shadow copies at creation time: 2/21/2014 2:00:00 PM
Shadow Copy ID: {5bd57dff-0591-4b0f-9ee8-1b8857f59e54}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {299f4ca8-bffa-47b7-9bb2-12358e0282ce}
Contained 1 shadow copies at creation time: 2/22/2014 7:00:00 AM
Shadow Copy ID: {90b732ae-7ea8-4457-8a6d-84983e27b120}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {97225977-6687-4538-b627-1b33985c9ac1}
Contained 1 shadow copies at creation time: 2/22/2014 2:00:00 PM
Shadow Copy ID: {128d7818-ce91-4d35-ad9e-577856d17374}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {b196f043-a073-46e4-baa4-2eb99969cc7e}
Contained 1 shadow copies at creation time: 2/23/2014 7:00:00 AM
Shadow Copy ID: {931780f6-be5e-4ad9-9f4d-151ffd6b1942}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {f24e1101-8505-450c-a802-8ba65e46d8d5}
Contained 1 shadow copies at creation time: 2/23/2014 2:00:00 PM
Shadow Copy ID: {815dff7e-92df-449e-a1ed-eb8e5fa3baeb}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {d4213f80-6b73-418c-af73-b704007511ed}
Contained 1 shadow copies at creation time: 2/24/2014 7:00:00 AM
Shadow Copy ID: {e3bd9313-e7a3-4972-a138-e298e6c12eff}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {1587431c-1ca9-4276-8d33-dd13ae58a122}
Contained 1 shadow copies at creation time: 2/24/2014 2:00:00 PM
Shadow Copy ID: {e4c3e5b4-0314-4496-9215-369b3c973b25}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {b79771fa-666c-40ff-98c2-80580c1fdf85}
Contained 1 shadow copies at creation time: 2/25/2014 2:00:01 PM
Shadow Copy ID: {9d23803a-5d4e-4222-a389-ddd1e17b0472}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {5b472176-33e7-447f-aebf-da630cebe01d}
Contained 1 shadow copies at creation time: 2/26/2014 7:00:01 AM
Shadow Copy ID: {0d5a5d90-c9e7-42c0-ab0b-accf0d7d7304}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {879a32b4-48f3-434f-8d92-7202a9a25076}
Contained 1 shadow copies at creation time: 2/26/2014 2:00:00 PM
Shadow Copy ID: {887d8ff9-db0d-4eaa-9a75-df60015c2bb7}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy15
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {fc8d7e9e-c4d4-4010-b603-d88b99435338}
Contained 1 shadow copies at creation time: 2/27/2014 7:00:00 AM
Shadow Copy ID: {69ca835d-0130-4435-8621-83a716f1b621}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy16
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {7cebbd3b-c599-4800-91f5-da94ca038a42}
Contained 1 shadow copies at creation time: 2/27/2014 2:00:00 PM
Shadow Copy ID: {57320a15-e046-4128-8305-661984910fff}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy17
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Contents of shadow copy set ID: {702d2ca4-3f60-4d64-8578-50d9dd587ba6}
Contained 1 shadow copies at creation time: 3/12/2014 6:00:01 AM
Shadow Copy ID: {41c62c15-ad88-4191-8cc8-c2814da9a2f4}
Original Volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy18
Originating Machine: seattle-vm-win.GENE.local
Service Machine: seattle-vm-win.GENE.local
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers, Differential
Vssadmin list shadowstorage
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.
Shadow Copy Storage association
For volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Shadow Copy Storage volume: (C:)\\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Used Shadow Copy Storage space: 3.47 GB (8%)
Allocated Shadow Copy Storage space: 3.73 GB (9%)
Maximum Shadow Copy Storage space: 3.96 GB (10%)
Vssadmin list volumes
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.
Volume path: \\?\Volume{ca9edd16-98f7-11e3-80b0-806e6f6e6963}\
Volume name: \\?\Volume{ca9edd16-98f7-11e3-80b0-806e6f6e6963}\
Volume path: C:\
Volume name: \\?\Volume{ca9edd17-98f7-11e3-80b0-806e6f6e6963}\
Vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.
Writer name: 'Task Scheduler Writer'
Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
State: [1] Stable
Last error: No error
Writer name: 'VSS Metadata Store Writer'
Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
State: [1] Stable
Last error: No error
Writer name: 'Performance Counters Writer'
Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
State: [1] Stable
Last error: No error
Writer name: 'SqlServerWriter'
Writer Id: {a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}
Writer Instance Id: {004b7983-7f00-4abe-81de-36729db8355f}
State: [1] Stable
Last error: No error
Writer name: 'ASR Writer'
Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Instance Id: {73682cd4-c469-4d00-b9b9-4b64f08af879}
State: [1] Stable
Last error: No error
Writer name: 'COM+ REGDB Writer'
Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Instance Id: {652f9dce-637f-447f-bbde-a16dc119e409}
State: [1] Stable
Last error: No error
Writer name: 'Shadow Copy Optimization Writer'
Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Instance Id: {cd1dab9c-a9cb-4783-aff3-32fa2f9e625f}
State: [1] Stable
Last error: No error
Writer name: 'Registry Writer'
Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Instance Id: {ba4c4bc6-9081-422a-9ed1-647c0eacfe8d}
State: [1] Stable
Last error: No error
Writer name: 'DFS Replication service writer'
Writer Id: {2707761b-2324-473d-88eb-eb007a359533}
Writer Instance Id: {4e4ca3e1-c62a-474f-a925-fadc1a534188}
State: [1] Stable
Last error: No error
Writer name: 'Windows Server Storage VSS Writer'
Writer Id: {e376ebb9-f0fe-4e1a-adaa-bfbdaf3ab488}
Writer Instance Id: {044b493b-829f-4bcd-9a8f-6d96a9d38daa}
State: [1] Stable
Last error: No error
Writer name: 'WMI Writer'
Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Instance Id: {72c13a8c-4950-4abb-961a-2e0f612ea9b6}
State: [1] Stable
Last error: No error
Writer name: 'System Writer'
Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Instance Id: {da138ec1-764b-4179-b2f4-70e94ac22276}
State: [1] Stable
Last error: No error
Writer name: 'MSSearch Service Writer'
Writer Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Instance Id: {dd729383-00a9-484c-9abc-3de903f5347c}
State: [1] Stable
Last error: No error
Writer name: 'IIS Config Writer'
Writer Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
Writer Instance Id: {a7c0287b-0e85-4d37-9649-d79928def55e}
State: [1] Stable
Last error: No error
Writer name: 'NTDS'
Writer Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}
Writer Instance Id: {aca73317-e7ce-40a0-aac2-548fd6a987c3}
State: [1] Stable
Last error: No error
Writer name: 'IIS Metabase Writer'
Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}
Writer Instance Id: {d7753d0e-6b3b-4af0-95ea-9aa6733071f4}
State: [1] Stable
Last error: No error
Writer name: 'Certificate Authority'
Writer Id: {6f5b15b5-da24-4d88-b737-63063e3a1f86}
Writer Instance Id: {5971db7f-8508-438c-8f62-736f1b07750f}
State: [1] Stable
Last error: No error

Exchange Certificate - Revocation Check Failed

Hi,
the scenario is the following:
Windows 2012 R2 domain
Exchange 2010
Windows 2012 R2 PKI (1 CA Root stand alone. 1 CA Subordinate Enterprise)
At Exchange, I get the following error:
The certificate details are:
I guess that revocation check error is due to "%20" at ldap path (second image).
The questions are:
The "%20" is a normal behavior at "CRL Distribution Points" details in the certificate?
if no
How to delete "%20" in the certificate?
Thanks in advance!

Thanks Mark.
The output from issuing CA:
Issuer:
    CN=SERVSUBUCA
    DC=servicioscorp
    DC=pbo
Name Hash(sha1): 3f202eaecb344a1d5f7cefa0ef305ccc4f11764b
Name Hash(md5): d096ae4af2bbf1f9b7246c5c51f979cb
Subject:
    CN=uiomatrv-exca01.servicioscorp.pbo
    OU=IT
    O=PRODUBANCO
    L=Quito
    S=Pichincha
    C=EC
Name Hash(sha1): dbed6b31170d7ea3c36e08e4b7012a4595108527
Name Hash(md5): bd573e0501d5e3d3a8cdcd229dd40a2e
Cert Serial Number: 620000001168945925b163ff5d000000000011
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 32 Days, 5 Minutes, 4 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 32 Days, 5 Minutes, 4 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
NotBefore: 8/4/2014 11:10 AM
NotAfter: 8/3/2016 11:10 AM
Subject: CN=uiomatrv-exca01.servicioscorp.pbo, OU=IT, O=PRODUBANCO, L=Quito, S=Pichincha, C=EC
Serial: 620000001168945925b163ff5d000000000011
SubjectAltName: DNS Name=uiomatrv-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01, DNS Name=uiomatrv-exca01
Template: WebServer
0e180ca4a6642be3709465fd1db4d9a6fa3be717
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No CRL "Certificate (0)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?cACertificate?base?objectClass=certificationAuthority
---------------- Certificate CDP ----------------
Verified "Base CRL (2b)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?certificateRevocationList?base?objectClass=cRLDistributionPoint
Verified "Delta CRL (2b)" Time: 0
    [0.0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?deltaRevocationList?base?objectClass=cRLDistributionPoint
---------------- Base CRL CDP ----------------
OK "Delta CRL (2f)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?deltaRevocationList?base?objectClass=cRLDistributionPoint
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
    CRL 2b:
    Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
    ThisUpdate: 7/30/2014 2:31 PM
    NextUpdate: 8/14/2014 2:51 AM
    507e17f28e96054ead075e0cf353ea1cefbc4d9f
    Delta CRL 2f:
    Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
    ThisUpdate: 8/3/2014 2:32 PM
    NextUpdate: 8/5/2014 2:52 AM
    52827a7c7b5f621e2db4aa6b76f9fc448a35e50b
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SERVROOTCA
NotBefore: 6/18/2014 1:53 PM
NotAfter: 6/18/2024 2:03 PM
Subject: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
Serial: 2d000000024a75bdddb4ea0374000000000002
Template: SubCA
5b61be4e5ef53895a1475a89a986302a26cc34a8
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
    CRL 03:
    Issuer: CN=SERVROOTCA
    ThisUpdate: 7/3/2014 11:59 AM
    NextUpdate: 7/4/2015 12:19 AM
    34931efb937f7495ce869f635823bbd9e3df578a
CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=SERVROOTCA
NotBefore: 6/18/2014 1:08 PM
NotAfter: 6/18/2029 1:18 PM
Subject: CN=SERVROOTCA
Serial: 63f24946f2448c9242ce44936f1f759e
1cd3339f1c7717ff77921ca53408a9d7ca58a5f7
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
  No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
Exclude leaf cert:
e594318b0d857c2fcb9d08db80637e278ad891df
Full chain:
a0215d71e05618f20649331ea9541930154344eb
Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.5.5.7.3.1 Server Authentication
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
The output from Exchange:
Issuer:
    CN=SERVSUBUCA
    DC=servicioscorp
    DC=pbo
Subject:
    CN=uiomatrv-exca01.servicioscorp.pbo
    OU=IT
    O=PRODUBANCO
    L=Quito
    S=Pichincha
    C=EC
Cert Serial Number: 620000001168945925b163ff5d000000000011
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwRevocationFreshnessTime: 21 Hours, 31 Minutes, 44 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwRevocationFreshnessTime: 21 Hours, 31 Minutes, 44 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
NotBefore: 04/08/2014 11:10
NotAfter: 03/08/2016 11:10
Subject: CN=uiomatrv-exca01.servicioscorp.pbo, OU=IT, O=PRODUBANCO, L=Quito, S=Pichincha, C=EC
Serial: 620000001168945925b163ff5d000000000011
SubjectAltName: DNS Name=uiomatrv-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01, DNS Name=uiomatrv-exca01
Template: WebServer
17 e7 3b fa a6 d9 b4 1d fd 65 94 70 e3 2b 64 a6 a4 0c 18 0e
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No CRL "Certificate (0)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?cACertificate?base?objectClass=certificationAuthority
---------------- Certificate CDP ----------------
Verified "Base CRL (2b)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?certificateRevocationList?base?objectClass=cRLDistributionPoint
Verified "Delta CRL (2b)" Time: 0
    [0.0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?deltaRevocationList?base?objectClass=cRLDistributionPoint
---------------- Base CRL CDP ----------------
OK "Delta CRL (2f)" Time: 0
    [0.0] ldap:///CN=SERVSUBUCA,CN=UIOMATRV-CERT02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=servicioscorp,DC=pbo?deltaRevocationList?base?objectClass=cRLDistributionPoint
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
    CRL 2b:
    Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
    9f 4d bc ef 1c ea 53 f3 0c 5e 07 ad 4e 05 96 8e f2 17 7e 50
    Delta CRL 2f:
    Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
    0b e5 35 8a 44 fc f9 76 6b aa b4 2d 1e 62 5f 7b 7c 7a 82 52
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=40
Issuer: CN=SERVROOTCA
NotBefore: 18/06/2014 13:53
NotAfter: 18/06/2024 14:03
Subject: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
Serial: 2d000000024a75bdddb4ea0374000000000002
Template: SubCA
a8 34 cc 26 2a 30 86 a9 89 5a 47 a1 95 38 f5 5e 4e be 61 5b
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=SERVROOTCA
NotBefore: 18/06/2014 13:08
NotAfter: 18/06/2029 13:18
Subject: CN=SERVROOTCA
Serial: 63f24946f2448c9242ce44936f1f759e
f7 a5 58 ca d7 a9 08 34 a5 1c 92 77 ff 17 77 1c 9f 33 d3 1c
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
Exclude leaf cert:
24 b9 1e b2 79 76 b0 16 2d 6d ae e2 cd 6b 98 aa 5f 27 38 20
Full chain:
7b 8c 64 0e 02 42 5a 7e 2d 1a 8b d4 db 3a c2 9c 10 a9 13 56
Issuer: CN=SERVSUBUCA, DC=servicioscorp, DC=pbo
NotBefore: 04/08/2014 11:10
NotAfter: 03/08/2016 11:10
Subject: CN=uiomatrv-exca01.servicioscorp.pbo, OU=IT, O=PRODUBANCO, L=Quito, S=Pichincha, C=EC
Serial: 620000001168945925b163ff5d000000000011
SubjectAltName: DNS Name=uiomatrv-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01.servicioscorp.pbo, DNS Name=gyesitev-exca01, DNS Name=uiomatrv-exca01
Template: WebServer
17 e7 3b fa a6 d9 b4 1d fd 65 94 70 e3 2b 64 a6 a4 0c 18 0e
The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614)
Revocation check skipped -- no revocation information available
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
Thanks in advance!

How can you set Firefox to, or tell if FF is always checking for certificate revocation?

I am anticipating a number of certificate revocations related to the heartbleed voulnerability, and would like to be able to check whether Firefox is checking for revocation, and tell it to if not.

For this heartbleed issue you can also temporarily disable OCSP Stapling by setting the security.ssl.enable_ocsp_stapling pref to false on the about:config page. 
Make sure to check in a few days if you still need this workaround and if necessary reset the pref to true.

Cannot install certificate, Cannot install certificate

Hello
I have a 13 inch Macbook Pro with Mac OSX 10.8.1 ML.
My problem is about installing custom certificates.
I was trying to install custom certificates (the type where you download and double click to install) and nothing responded. I tried another certificate and that worked, but only this one refused to work.
Can anyone help?
thanks

(off topic) please stop posting new threads with the title given twice - as in "Cannot install certificate, Cannot install certificate"
Once will do.
TIA.

Adobe code signing certificate revocation and SCCM

We have many install packages for different Adobe products in SCCM 2007 but nothing that would have been obtained or downloaded from Adobe since July 10, 2012. Does that mean we don’t have to do anything? Is that a correct interpretation of your statements about the Adobe code signing certificate revocation issue?

Yes. That's correct.

Wireless WRT160N Connection Error "Windows cannot validate certificate"

I installed and configured the WRT160N v.2 wireless router. My notebook running windows xp sees the network and has a good signal. When I try to connect, I get an error that "windows cannot validate certificate" or "validating identify". Does anyone know what the problem is and how to fix it?
Thanks...Rich

You need to change the Wireless Settings on your router...
Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1...Leave username blank & in password use admin in lower case...
For Wireless Settings, please do the following : -
Click on the Wireless tab
-Here select manual configuration...Wireless Network mode should be mixed...
-Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
- Set the Radio Band to Standard-20MHz and change the Standard channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
For Wireless Security : -
Click on the Sub tab under Wireless > Wireless Security...
Change the Wireless security mode to WPA, For Encryption, select AES...For Passphrase input your desired WPA Key. For example , MySecretKey , This will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.
Click on Advanced Wireless Settings
Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
Now see if you can locate your new Wireless Network and attempt to connect...
If the above fails :
Please go to the Control Panel and double click on Network Connections, right click on Wireless Network Connection and click on Properties.Choose the Wireless Networks-tab and remove all the preferred networks from the list and click Add...Click the tab Authentication, in this window you have to choose Enable IEEE 802.1x authentication for this network and EAP type set to Protected EAP (PEAP?, now click O.k...
Try to re-connect to your wireless network, it should connect...

The "Roman" font is not being recognized in Firefox 4.0. As such, I cannot read any previously posted topics or post any new topics on websites using this font.

The "Roman" font is not being recognized in Firefox 4.0. As such, I cannot read any previously posted topics or post any new topics on websites using this font.

I have had a similar problem with my system. I just recently (within a week of this post) built a brand new desktop. I installed Windows 7 64-bit Home and had a clean install, no problems. Using IE downloaded an anti-virus program, and then, because it was the latest version, downloaded and installed Firefox 4.0. As I began to search the internet for other programs to install after about maybe 10-15 minutes my computer crashes. Blank screen (yet monitor was still receiving a signal from computer) and completely frozen (couldn't even change the caps and num lock on keyboard). I thought I perhaps forgot to reboot after an update so I did a manual reboot and it started up fine.
When ever I got on the internet (still using firefox) it would crash after anywhere between 5-15 minutes. Since I've had good experience with FF in the past I thought it must be either the drivers or a hardware problem. So in-between crashes I updated all the drivers. Still had the same problem. Took the computer to a friend who knows more about computers than I do, made sure all the drivers were updated, same problem. We thought that it might be a hardware problem (bad video card, chipset, overheating issues, etc.), but after my friend played around with my computer for a day he found that when he didn't start FF at all it worked fine, even after watching a movie, or going through a playlist on Youtube.
At the time of this posting I'm going to try to uninstall FF 4.0 and download and install FF 3.6.16 which is currently on my laptop and works like a dream. Hopefully that will do the trick, because I love using FF and would hate to have to switch to another browser. Hopefully Mozilla will work out the kinks with FF 4 so I can continue to use it.
I apologize for the lengthy post. Any feedback would be appreciated, but is not necessary. I will try and post back after I try FF 3.16.6.

UPDATE : Toshiba Recovery Wizard 'cannot read from source file or disk' error (satellite L500)

UPDATE 2: Phoned Toshiba tech support again, guided by techie to begin the recovery again. Just before phoning I was able to go into recovery options and view the drive setup and all the files that couldn't be read are on the CD so I've no idea why the error kept occuring, and neither did the techie. Fingers crossed it works this time but I'm not overly hopefully given that we've just done exactly the same as I did before. UPDATE 1: I got into the BIOS and reset everything back to defaults and yay, my toshiba recovery wizard now starts! :-D On the down side, when trying to do a factory default software / out of the box recovery I continually get error messages with regards to copying the files, for example
cannot read from source file or disk
7z.dll
Type application extension
size 585kb
date modified 7/14/2009 10.26pm
other read / copy errors include PREINST6.SWM, BOOT_32, BOOTPRIORITY, CHECKMAXPTSIZE, CHGBOOT, CPU, CPUCHECK, CREATEPARTITION, CTRLDRVINFO, DISKWIPE, DMI, DPINST32, EBLIB.DLL, ERRORDIALOG, EW3BOOTSEQ, FWLINK, FWLINK.SYS, GETHDDINFO, GETKEYSTATE, IMAGEX, INFILED, INITRECAREA, KRAIADAPI.DLL ..... at which point I decided to 'skip all' :-/
Any explanations as to what's going on and how I might be able to fix it would be very much appreciated! :-) Thank you!
I have a two and half year old satellite L500 with an Intel i-3 and 4 gigs of RAM, on which I was running Windows 7.
Admittedly it’s had rather a hard life (I ran some very demanding CAD / graphics software on it) but it had always performed well until just recently, when after suffering several BSOD (which had never happened before), the hard drive failed.
I partitioned and formatted a brand new hard drive (which is perfectly fine and functions normally when hooked up to another laptop with a SATA to USB cable) and obtained system recovery discs from Toshiba. Unfortunately, when I try and run the first disc, windows starts to load files but then generates an error screen with the message Error F3-F100-0003 and a request to turn the computer off.
When I use the windows Memory Diagnostic to get into the Windows Boot Manager Screen I get the following;
Windows failed to start. A recent hardware / software change might be the case.
To fix the problem
Insert your windows installation disc and restart your computer
Choose your language settings and click ‘next’
Click ‘repair your computer’
File: \boot\memtest.exe
Status: 0xc000000f
Info: the selected entry could not be loaded because the application is missing or corrupt.
I can also use F8 on startup to get into the advanced boot options but selecting any of them simply results in the F3-F100-0003 error message. I’ve run a memory test using the UBCD, which tells me the memory is fine, and tried another hard drive (which also works perfectly well in another laptop) but no joy. On phoning Toshiba support the techie said my hard drive had failed, but as I say, both hard drives are perfectly fine / usable when hooked up to another laptop. I’m now completely stuck as to what the problem is and how I might resolve it – any advice / suggestions would be most gratefully received! Thank you in advance :-)

Satellite L655-S5096
Downloads here.
the second disc gives me the the "cannot read from source file or disk PREINST8.SWM"
My best guess is that the disc is not readable. Try copying it to another. Sometimes that works.
Otherwise, order new discs from Toshiba.
-Jerry

Apache 2.0.59 - cannot read certificate revocation list

Similar Messages

Maybe you are looking for