Applet security connecting to hosts

Similar Messages

• Does anyone know how to set policy file, so applet can connect other host?

  I have an signed applet, it may connect to other host.
  The applet should display a HTML pages, which may contains image tag points to a picture stored anywhere. I use a JTextPane to display this HTML page, but when it is loaded. a error occurs.
  java.lang.SecurityException
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkConnect(Unknown Source)
  at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
  at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
  at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
  at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
  at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
  at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
  at sun.awt.image.ImageFetcher.run(Unknown Source)
  I have those kind of error (connection refused) before I signed my applet and write policy file to granr socketpermission to the codebase of my class files. But this error still occurs. I suppose it is because the sun.awt.image.* is Java standard class, so my policy file has no effect on them. But how can I make it works?

  you need to install the jre, and place the win32.dll at JavaSoft\JRE\1.3.1_06\bin, that properties file place at JavaSoft\JRE\1.3.1_06\lib, comm.jar at JavaSoft\JRE\1.3.1_06\lib\ext\
  and in ur code try to use it to open ur com port
  public String test() {
  String drivername = "com.sun.comm.Win32Driver";
  try
  CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
  catch (Throwable th)
  {* Discard it */}
  drivername = "javax.comm.*";
  try
  CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
  catch (Throwable th)
  {* Discard it */}
  portList = CommPortIdentifier.getPortIdentifiers();
  while (portList.hasMoreElements()) {
  portId = (CommPortIdentifier) portList.nextElement();
  if (portId.getPortType() == CommPortIdentifier.PORT_SERIAL) {
  if (portId.getName().equals("COM2")) {
  //if (portId.getName().equals("/dev/term/a")) {
  try {
  serialPort = (SerialPort)
  portId.open("SimpleWriteApp", 2000);
  } catch (PortInUseException e) {}
  try {
  outputStream = serialPort.getOutputStream();
  } catch (IOException e) {}
  try {
  serialPort.setSerialPortParams(9600,
  SerialPort.DATABITS_8,
  SerialPort.STOPBITS_1,
  SerialPort.PARITY_NONE);
  } catch (UnsupportedCommOperationException e) {}
  int i=0;
  while(true)
  try {
  messageString="hi";
  System.out.println(i++);
  outputStream.write(messageString.getBytes());
  } catch (IOException e)
  System.out.println(e);
  messageString=String.valueOf(e);
  return messageString;
  and yet u need to signed the applet
  1. Compile the applet
  2. Create a JAR file
  3. Generate Keys
  4. Sign the JAR file
  5. Export the Public Key Certificate
  6. Import the Certificate as a Trusted Certificate
  7. Create the policy file
  8. Run the applet
  Susan
  Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
  1. Compile the Applet
  In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
  javac SignedAppletDemo.java
  2. Make a JAR File
  Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
  jar cvf SignedApplet.jar SignedAppletDemo.class
  3. Generate Keys
  Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
  In her working directory, Susan creates a keystore database and generates the keys:
  keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
  This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
  The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
  The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
  You can view all keytool options and parameters by typing:
  keytool -help
  4. Sign the JAR File
  JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
  jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
  The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
  5. Export the Public Key Certificate
  The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
  The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
  5: Export the Public Key Certificate
  The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
  In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
  keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
  Ray
  Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
  6. Import Certificate as a Trusted Certificate
  Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
  keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
  7. Create the Policy File
  The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
  Ray creates the policy file in his home directory using either policytool or an ASCII editor.
  keystore "/home/ray/raystore";
  // A sample policy file that lets a JavaTM program
  // create newfile in user's home directory
  // Satya N Dodda
  grant SignedBy "susan"
  permission java.security.AllPermission;
  8. Run the Applet in Applet Viewer
  Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
  Html code :
  </body>
  </html>
  <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  width="600" height="400" align="middle"
  codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
  <PARAM NAME="code" VALUE="SignedAppletDemo.class">
  <PARAM NAME="archive" VALUE="SSignedApplet.jar">
  <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
  </OBJECT>
  </body>
  </html>
  appletviewer -J-Djava.security.policy=Write.jp
  http://aURL.com/SignedApplet.html
  Note: Type everything on one line and put a space after Write.jp
  The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
  Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
  9. Run the Applet in Browser
  Download JRE 1.3 from Javasoft
  good luck! [email protected]
  i already give u many tips, i use 2 weeks to try this to success, hopw that u understand that, a result of success is not important, the process of how to get things done is most usefull!

• Secure connection to iTunes store failed and could not update to ios 6

  I tried in 4 different pcs with windows 7 installed to update my iphone 4 to latest version of ios (ios6) my current version is 5.1.1. I never had this issue ever before.. My iphone is jailbroken and so i couldnt update with OTA. I also tried to install a fresh copy of ios 5.1.1 to update my phone via OTA.. But the same problem now in itunes 10.5 and 10.7 too.. "iTunes could not connect to iphone software update server or is temporarily unavailable". I checked iTunes itunes diagnostics and the secure connection to itunes storo fail is the only thing which doesnt work.. I tried almost everything from here.. Starting from "internet option", changing the hosts file and the firewall thing.. But couldnt get it better.. What shoud i do?
  Here is my iTunes diagnostics report:
  Microsoft Windows 7 Ultimate Edition (Build 7600)
  eMachines ET1861
  iTunes 10.7.0.21
  QuickTime 7.6.9
  FairPlay 2.2.19
  Apple Application Support 2.2.2
  iPod Updater Library 10.0d2
  CD Driver 2.2.3.0
  CD Driver DLL 2.1.3.1
  Apple Mobile Device 6.0.0.59
  Apple Mobile Device Driver 1.62.0.0
  Bonjour 3.0.0.10 (333.10)
  Gracenote SDK 1.9.6.502
  Gracenote MusicID 1.9.6.115
  Gracenote Submit 1.9.6.143
  Gracenote DSP 1.9.6.45
  iTunes Serial Number 0023AEC4028E1440
  Current user is an administrator.
  The current local date and time is 2012-09-23 09:00:21.
  iTunes is not running in safe mode.
  WebKit accelerated compositing is enabled.
  HDCP is not supported.
  Core Media is supported.
  Video Display Information
  Intel Corporation, Intel(R) HD Graphics
  **** External Plug-ins Information ****
  No external plug-ins installed.
  iPodService 10.7.0.21 is currently running.
  iTunesHelper 10.7.0.21 is currently running.
  Apple Mobile Device service 3.3.0.0 is currently running.
  **** Network Connectivity Tests ****
  Network Adapter Information
  Adapter Name:    {A11C5D80-134D-4FA9-BF81-1C4A418C0F4A}
  Description:    Dhiraagu
  IP Address:    10.151.15.47
  Subnet Mask:    255.255.255.255
  Default Gateway:    0.0.0.0
  DHCP Enabled:    No
  DHCP Server:   
  Lease Obtained:    Thu Jan 01 05:00:00 1970
  Lease Expires:    Thu Jan 01 05:00:00 1970
  DNS Servers:    27.114.138.4
          27.114.140.62
  Adapter Name:    {1EAA0EEE-E778-4884-B030-1AFF603AEC57}
  Description:    Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  IP Address:    0.0.0.0
  Subnet Mask:    0.0.0.0
  Default Gateway:    0.0.0.0
  DHCP Enabled:    Yes
  DHCP Server:   
  Lease Obtained:    Thu Jan 01 05:00:00 1970
  Lease Expires:    Thu Jan 01 05:00:00 1970
  DNS Servers:   
  Active Connection:    Dhiraagu
  Connected:    Yes
  Online:        Yes
  Using Modem:    Yes
  Using LAN:    No
  Using Proxy:    No
  Firewall Information
  Windows Firewall is off.
  Connection attempt to Apple web site was successful.
  Connection attempt to browsing iTunes Store was successful.
  Connection attempt to purchasing from iTunes Store was successful.
  Connection attempt to iPhone activation server was successful.
  Connection attempt to firmware update server was unsuccessful.
  The network connection timed out.
  Connection attempt to Gracenote server was successful.
  The network connection timed out.
  Last successful iTunes Store access was 2012-09-23 08:57:21.
  PLEASE HELP ME...!!!

  Hi msahed,
  Welcome to Apple Support Communities.
  It sounds like there is an issue with your PC establishing a secure connection to the iTunes Store and the firmware update server. Try following along with the articles below, as they should resolve the issues that you described.
  iTunes: About the "A secure network connection could not be established" alert
  http://support.apple.com/kb/ts1470
  iTunes for Windows: iTunes can't contact the iPhone, iPad, or iPod software update server
  http://support.apple.com/kb/TS1814
  I hope this helps.
  -Jason

• Connection to host (ip adress), service timed out

  Hi ,
  I am getting the below error in dev_server0 while deploying the SAPJTECHS.SCA file in SDM.
  [Thr 267] *  ERROR       connection to host 192.168.1.15, service sapgw11 timed out
  [Thr 267] *
  TIME        Mon Jan 24 10:51:24 2011
  [Thr 267] *  RELEASE     640
  [Thr 267] *  COMPONENT   NI (network interface)
  [Thr 267] *  VERSION     37
  [Thr 267] *  RC          -12
  [Thr 267] *  MODULE      nixxi_r_mt.cpp
  [Thr 267] *  LINE        1109
  [Thr 267] *  DETAIL      NiPConnect
  [Thr 267] *  COUNTER     11
  [Thr 267] *
  [Thr 267] *****************************************************************************
  Kindly suggest.
  regards,
  Mahesh.N.R

  And below is the error in SDM log.
  Jan 24, 2011 10:40:10... Info: End of log messages of the target system.
  Jan 24, 2011 10:40:10... Info: ***** End of SAP J2EE Engine Deployment (J2EE Application) *****
  Jan 24, 2011 10:40:10... Error: Aborted: development component 'com.sap.engine.docs.examples'/'sap.com'/'SAP AG'/'6.4025.00.0000.20091105122001.0000'/'27', grouped by software component 'SAP_JTECHS'/'sap.com'/'SAP AG'/'1000.6.40.25.0.20091119165445''/'27':
  Caught exception during application deployment from SAP J2EE Engine's deploy service:
  java.rmi.RemoteException: Cannot deploy application sap.com/com.sap.engine.docs.examples..
  Reason: Cannot extract WAR file [temp_default.war] of application [sap.com/com.sap.engine.docs.examples].; nested exception is:
       com.sap.engine.services.deploy.container.DeploymentException: <--Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='com.sap.engine.services.servlets_jsp.server.exceptions.WebDeploymentException: Cannot extract WAR file [temp_default.war] of application [sap.com/com.sap.engine.docs.examples].
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractWar(ActionBase.java:120)
       at com.sap.engine.services.servlets_jsp.server.container.DeployAction.deploy(DeployAction.java:124)
       at com.sap.engine.services.servlets_jsp.server.container.WebContainer.deploy(WebContainer.java:153)
       at com.sap.engine.services.deploy.server.application.DeploymentTransaction.makeComponents(DeploymentTransaction.java:606)
       at com.sap.engine.services.deploy.server.application.DeployUtilTransaction.commonBegin(DeployUtilTransaction.java:321)
       at com.sap.engine.services.deploy.server.application.DeploymentTransaction.begin(DeploymentTransaction.java:307)
       at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:292)
       at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhases(ApplicationTransaction.java:326)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.makeGlobalTransaction(DeployServiceImpl.java:3187)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:554)
       at com.sap.engine.services.deploy.server.DeployServiceImplp4_Skel.dispatch(DeployServiceImplp4_Skel.java:1555)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:330)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sap.engine.services.servlets_jsp.server.exceptions.WebFileNotFoundException: Possible reason: file name is too long.
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractClasses(ActionBase.java:795)
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractWar(ActionBase.java:113)
       ... 19 more
  Caused by: java.io.FileNotFoundException: /usr/sap/PQA/JC50/j2ee/cluster/server1/apps/sap.com/com.sap.engine.docs.examples/servlet_jsp/_default/root/apidocs/allclasses-frame.html (Permission denied)
       at java.io.FileOutputStream.open(Native Method)
       at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
       at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
       at com.sap.engine.lib.io.FileUtils.writeToFile(FileUtils.java:159)
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractClasses(ActionBase.java:784)
       ... 20 more
  ', Arguments: []--> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.engine.services.servlets_jsp.server.exceptions.WebDeploymentException: Cannot extract WAR file [temp_default.war] of application [sap.com/com.sap.engine.docs.examples].
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractWar(ActionBase.java:120)
       at com.sap.engine.services.servlets_jsp.server.container.DeployAction.deploy(DeployAction.java:124)
       at com.sap.engine.services.servlets_jsp.server.container.WebContainer.deploy(WebContainer.java:153)
       at com.sap.engine.services.deploy.server.application.DeploymentTransaction.makeComponents(DeploymentTransaction.java:606)
       at com.sap.engine.services.deploy.server.application.DeployUtilTransaction.commonBegin(DeployUtilTransaction.java:321)
       at com.sap.engine.services.deploy.server.application.DeploymentTransaction.begin(DeploymentTransaction.java:307)
       at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:292)
       at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhases(ApplicationTransaction.java:326)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.makeGlobalTransaction(DeployServiceImpl.java:3187)
       at com.sap.engine.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:554)
       at com.sap.engine.services.deploy.server.DeployServiceImplp4_Skel.dispatch(DeployServiceImplp4_Skel.java:1555)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:330)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sap.engine.services.servlets_jsp.server.exceptions.WebFileNotFoundException: Possible reason: file name is too long.
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractClasses(ActionBase.java:795)
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractWar(ActionBase.java:113)
       ... 19 more
  Caused by: java.io.FileNotFoundException: /usr/sap/PQA/JC50/j2ee/cluster/server1/apps/sap.com/com.sap.engine.docs.examples/servlet_jsp/_default/root/apidocs/allclasses-frame.html (Permission denied)
       at java.io.FileOutputStream.open(Native Method)
       at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
       at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
       at com.sap.engine.lib.io.FileUtils.writeToFile(FileUtils.java:159)
       at com.sap.engine.services.servlets_jsp.server.container.ActionBase.extractClasses(ActionBase.java:784)
       ... 20 more

• Clean Access Server could not establish a secure connection

  I have a OOB Real IP GW setup on v4.1.2
  I seem to have a problem with the CAS connecting to the CAM although I have added the CAS to the CAM and can manage the CAS from the CAM.
  I noticed while troubleshooting client authentication that the client was not being redirected to the logon web page and it had full access to the trusted network from the untrusted authentication vlan. I eventually figured out that if I change the CAS Filter Fallback method from Allow to ignore then it tries to authenticate the client. However the fact that the fallback is activated tells you that something is not right.
  I have 2 problems:
  A) The clients web page is redirected for authentication but it only lists the domain name in the URL and not the hostname or host IP. In the lab I do not have a DNS server and it would not help as it does not include the hostname in the URL anyway. How do I fix this or perhaps it's related to the 2nd problem.
  B) When I manually change the URL by replacing the domain name with the IP of the CAS (untrusted OOB Real IP GW) then I get the following error message when logging on:
  Network Error:
  Clean Access Server could not establish a secure connection to Clean Access Manager at mydomain.com.
  This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
  Please report this to your network administrator.
  I would guess the culprit is No 2 but surely the system can run on self signed certificates? I have an NTP server so time is in sync. I have even tried regenerating the cetificates on the CAM
  & CAS.
  Any ideas?

  To overcome problem B, I regenerated the SSL Certificates using the host IP address instead of the name for all the CAM & CAS appliances. This seems to have resolved this problem.
  I also SSH'd from each of the CAS's to each of the CAM's from the CLI and it then prompts to permanently store the certificates. I'm not sure it this was necessary though.

• SSL/TLS - secure connection could not be established but passes diagnostics

  Any other ideas for the ever popular inability to create a secure connection issue?
  I've tried just about everything I could find in all the posts on this issue and continue to get the inability to create a secure connection messag4e when logging in.
  We tried the various Apple non-support channels: e-mail, chat, phone, and Genius Bar with no success.
  Here's what I've tried (attempting to log in after each change):
  SSL3.0 and TLS 1.0 are enabled (and always have been)
  iTunes and iTunes Helper are in the Windows Firewall Exception list
  reinstalled itunes 9.02 several times.
  UNINSTALLED Norton Internet Security
  Turned off Windows firewall.
  deleted contents of /etc/hosts
  Cleared SSL state
  Unchecked “Check for server certificate revocation, restarted IE
  --After this change I got an "network connection timed out." message
  Cleared SSL state
  --Back to "secure network connection could not be established"
  This happens on my daughter's college network and on our home family area network. And other PCs have no trouble accessing this iTunes account on both of these networks.

  Hi there,
  I would recommend taking a look at the troubleshooting steps found in the article below.
  Can't connect to the iTunes Store
  http://support.apple.com/kb/TS1368
  -Griff W.

• Oracle8i JDBC Guide Example Not Working-applet security

  I was having problems with a JDK1.1.7 applet that I want to get
  working with Netscape 4.07 and my Oracle 8.0.5 installation. I
  am using Netscape's Signtool, the Capabilities classes, and I
  have packaged the Oracle classes111.zip contents into my Signed
  JAR file. I got a copy of the Oracle 8i JDBC Developer's Guide
  and Reference which has an example of what I'm trying to do.
  However, I get the same error running the example. Can anyone
  tell me what I'm doing wrong?
  Please help...
  stephen
  The Java console output is as follows:
  # Applet debug level set to 9
  netscape.security.AppletSecurityException: security.Couldn't
  connect to '47.129.164.42' with origin from ''.
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :914)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :926)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :795)
  at
  java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
  at java.net.Socket.<init>(Socket.java:245)
  at java.net.Socket.<init>(Socket.java:123)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:176)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:146)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:120)
  at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:983)
  at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:158)
  at
  oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:
  93)
  at
  oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:146)
  at java.sql.DriverManager.getConnection(DriverManager.java:90)
  * at java.sql.DriverManager.getConnection(DriverManager.java:132)
  at MainApplet.button2_actionPerformed(MainApplet.java:196)
  at
  MainApplet$MainApplet_button2_actionAdapter.actionPerformed(MainA
  pplet.java:255)
  at java.awt.Button.processActionEvent(Button.java:267)
  at java.awt.Button.processEvent(Button.java:240)
  at java.awt.Component.dispatchEventImpl(Component.java:1789)
  at java.awt.Component.dispatchEvent(Component.java:1715)
  at
  java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispat
  chThread.java:83)
  at
  java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
  at
  netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(
  DerivedAppletFrame.java:911)
  null

  No, it is not, but this is the reason for using Netscape's
  Capabilities API. It contains a PrivilegeManager that works with
  Java's Applet Security Manager to grant permissions for the
  applet.
  Stephen Brewell (guest) wrote:
  : Is the database server on the same machine as your web server?
  : I don't think applets can connect to a machine other than that
  : from which it was served.
  null

• Safari cannot create secure connection with certain websites

  I have OS X 10.10 with every available updates, and Safari's currently unable to 'establish secure connection' with some site I'm trying to connect, most disturbing being the whole Steam network (store/support.steampowered.com, steamcommunity.com, etc). IE (via Bootcamp), Chrome (both standalone and integrated into Steam client) and Firefox have no problem doing so.
  Considering sometime before the in Steam browser indicated the site as insecure (a red lock icon with a cross, typically used to indicate bad cert) for a short time, and hearing of certs issued to gov agencies for man in the middle, I compared the cert for store.steampowered.com/login (which, in contrary to most content on that domain, forces a secure connection) and this discussions.apple.com. Well Firefox and IE do show a normal grey lock icon without organization name, and Chrome admits the website's ownership is unverified (in details, it says ownership is verified by the CA but there's no public verification record; the secure setting of that site has outdated, too) despite having Valve's name and green lock icon. So the cert could be a fake since it's an ordinary (I guess?) cert from a EV authority (DigiCert High Assurance EV CA-1 in this case). The certificate shown from Chrome is totally fine (not a single red cross in the chain), though.
  Well there're other https resources Safari fails to create a secure connection with every now and then. I just forgot/ am unable to test them with other browsers (Sometimes it's not the page itself that can't be retrieved via https, but some resource it loads. Sadly I only know how to use Inspector in Safari, though I'm sure other browsers have similar functions, too). I suspect Safari just refuses such certificates (or the AES_128_CBC method maybe) while other browsers accept it. Is there an override for this?
  Weird enough, https://ev-root.digicert.com/ has grey lock on Firefox and Safari. Seems overriding is the only workaround.
  As a side note, my Safari freezes upon loading PayPal, being ir-responsive for tens of seconds on every activity such as clicking a link. For most of duration of the freeze no high CPU usage is monitored, though ocspd does sometimes take 50% or so, and the web process bursts into 100% immediately before unfreezing. Guess Yosemite has some issues with TLS on the system level.

  This could be a complicated problem to solve, as there are several possible causes for it.
  Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
  Step 1
  From the menu bar, select
             ▹ System Preferences... ▹ Date & Time
  Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
  Check the box marked 
            Set date and time automatically
  if it's not already checked, and select one of the Apple time servers from the menu next to it.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /System/Library/Keychains/SystemCACertificates.keychain
  Right-click or control-click the highlighted line and select
            Services ▹ Show Info
  from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
  Repeat with this line:
  /System/Library/Keychains/SystemRootCertificates.keychain
  If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
  Step 3
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
  In the Keychains list, there should be items named System and System Roots. If not, select
            File ▹ Add Keychain
  from the menu bar and add the following items:
  /Library/Keychains/System.keychain
  /System/Library/Keychains/SystemRootCertificates.keychain
  Open the View menu in the menu bar. If one of the items in the menu is
            Show Expired Certificates
  select it. Otherwise it will show
            Hide Expired Certificates
  which is what you want.
  From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
            Secure Sockets Layer (SSL)
  select
            no value specified
  Close the inspection window. You'll be prompted for your administrator password to update the settings.
  Now open the same inspection window again, and select
            When using this certificate: Use System Defaults
  Save the change in the same way as before.
  Revert all the certificates with non-default trust settings. Never again change any of those settings.
  Step 4
  Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
  Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
            Help ▹ Keychain Access Help
  from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
  Step 5
  From the menu bar, select
            Keychain Access ▹ Preferences... ▹ Certificates
  There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
  Step 6
  Triple-click anywhere in the line of text below on this page to select it:
  /var/db/crls
  Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
  Restart the computer, empty the Trash, and test.
  Step 7
  Triple-click anywhere in the line below on this page to select it:
  open -e /etc/hosts
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
  # Host Database
  # localhost is used to configure the loopback interface
  # when the system is booting.  Do not change this entry.
  127.0.0.1                              localhost
  255.255.255.255          broadcasthost
  ::1                                        localhost
  fe80::1%lo0                    localhost
  If that's not what you see, post the contents of the window.

• The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.

   try
                  MailMessage mail = new MailMessage();
                  SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
                  mail.From = new MailAddress("[email protected]");
                  mail.To.Add("[email protected]");
                  mail.Subject = "Test Mail..!!!!";
                  mail.Body = "mail with attachment";
                  System.Net.Mail.Attachment attachment;
                  attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
                  mail.Attachments.Add(attachment);
                  SmtpServer.Port = 587;
                  SmtpServer.UseDefaultCredentials = true;
                  SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
                  SmtpServer.EnableSsl = true;
                  SmtpServer.Send(mail);
  Catch(Exception exception)
  When i m run this part of code it throw an Ecxeption                                                          
          Given Below is the Error.. 
      The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
  Bikky Kumar

   try
                  MailMessage mail = new MailMessage();
                  SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
                  mail.From = new MailAddress("[email protected]");
                  mail.To.Add("[email protected]");
                  mail.Subject = "Test Mail..!!!!";
                  mail.Body = "mail with attachment";
                  System.Net.Mail.Attachment attachment;
                  attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
                  mail.Attachments.Add(attachment);
                  SmtpServer.Port = 587;
  SmtpServer.UseDefaultCredentials = true;    ///Set it to false, or remove this line
                  SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
                  SmtpServer.EnableSsl = true;
                  SmtpServer.Send(mail);
  Catch(Exception exception)
  Given Below is the Error..      The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
  Solution:
  The error might occur due to following cases.
  case 1: when the password is wrong
  case 2: when you try to login from some App
  case 3: when you try to login from the domain other than your time zone/domain/computer (This
  is the case in most of scenarios when sending mail from code)
  There is a solution for each
  solution for case 1: Enter the correct password.
  Recomended: solution for case 2: go to
  security settings at the following link https://www.google.com/settings/security/lesssecureapps and
  enable less secure apps . So that you will be able to login from all apps.
  solution 1 for case 3: (This might be helpful) you need to review the activity. but reviewing the activity will not be helpful due to latest security
  standards the link will not be useful. So try the below case.
  solution 2 for case 3: If you have hosted your code somewhere on production server and if you have access to the production server, than take remote
  desktop connection to the production server and try to login once from the browser of the production server. This will add exception for login to google and you will be allowed to login from code.
  But what if you don't have access to the production server. try
  the solution 3
  solution 3 for case 3: You have to enable
  login from other timezone / ip for your google account.
  to do this follow the link https://g.co/allowaccess and
  allow access by clicking the continue button.
  And that's it. Here you go. Now you will be able to login from any of the computer and by any means of app to your google account.
  Regards,
  Nabeel Arif

• Applet socket connection

  Hi,
  I have an applet that connects to a server java console program through a socket connection which works fine from the command line using appletviewer but doesn't work when running in a html page. The applet is not signed however because the applet and server are running on the same machine it shouldn't need to be. I have used socket connections in applets before and have managed to make the connection to server without having it signed but this one is not working for some reason. I have checked the port is opened and again its the same one I have used before so I know its open.
  I am getting the message java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:5000 connect,resolve) when calling:
    Socket s = new Socket(ip,port);I also have a java.policy.applet file in the project root directory which has the following in:
  grant {
    permission java.security.AllPermission;
  };Does anyone know a reason why access could be restricted?

  Night.Monkey wrote:
  Hi,
  I have an applet that connects to a server java console program through a socket connection which works fine from the command line using appletviewer but doesn't work when running in a html page. The applet is not signed however because the applet and server are running on the same machine it shouldn't need to be.Wrong. An unsigned applet can only connect back to the server from where it was downloaded. Your applet comes from www.javawebgames.co.uk and tries to connect to 127.0.0.1.
  Would your server be at www.javawebgames.co.uk there should be no problem.
  I also have a java.policy.applet file in the project root directory which has the following in:
  grant {
  permission java.security.AllPermission;
  };I think this should have zero effect when you are running in the actual browser.

• Re: Getting around Applet security

  I don't think this is an Applet Security problem associated with accessing the xml files on the server using URL connection. This will not in itself produce the exception unless the files are on a different server to the one the Applet was loaded from.

  According to http://java.sun.com/sfaq/, There is
  no explicit support in the JDK applet API for
  persistent state on the client side. However, an
  applet can maintain its own persistent state on the
  server side. That is, it can create files on the
  server side and read files from the server
  side.
  I believe that if you use Applet.getCodeBase() you
  can get the directory containing the applet, and
  using that, you can specify exactly which files you
  want.Accessing the XML file isn't my problem it is accessing the parser. I can't access the parser on the server and it is not an option to change the policy file on all clients to allow to use their JRE's parser.

• Auto image load failure, ssl failure, secure connection failure

  First their is a problem with some ssl web sites, now I have read the article and if it had worked I would not be posting this here. so for the last time, I go to a bank web site it has the page that tells me to add a exception. then when i get to the page for the exception it says their is no problem and no exception will be added. period. it is a loop, it will not not not let me add the web site to the exception list and sits their and fights with me. when i go to add it to the list it says no their is no problem with the cert so it will NOT be added, but when i try to go their it pops up the page again saying i cant go their because their is a problem. so this is a loop which means it does the same thing over and over and over again. so trying to add it to the exception list can not happen because firefox will NOT let me add it and will NOT let me go their any longer.
  Problem 2. I was not able to post a question in this forum until i told it to search for bearded dragon as the problem with firefox THEN and ONLY THEN would it let me open this question.
  problem 3 : in ebay in my own listings i am having a auto load image failure, yes yes yes I did add the web addresses under auto load images , exceptions and allow for both hosting web sites and even though they are in their it will still NOT NOT NOT load the images. it will make me, by forcing me, to go to view 1 image on the page then it says WARNING YOUR ABOUT TO GO FROM A SECURE CONNECTION TO A UN SECURE CONNECTION. then AFTER I say yes and go to view that 1 image it unlocks all of the other images on the web page.
  and why is that happening because the firefox is not programmed correctly as in the base coding i can not change, I would need to tell it to STOP STOP STOP blocking the images and stop warning me when i am going from a secure connection to a unsecure connection.
  and it will not not not for the love of god not load images on ebay in secure when the images are hosted from a unsecure web site.
  their is really no discussion, I am simply telling you all what it is doing, period.
  I have a iq of 165 and I am not stupid so what I am saying it is doing is what it is doing.
  so telling me to read crusty old articles will just make me madder as I have all ready read them front, back, up side down and sideways and if they really worked like it says they do you would not be reading this.

  so far under 9.0it is accepting the security certs, so I do not know if that happened again if it would have the same error or not.
  but ty 4 trying to help.

• How to secure connection in sql server 2008? my main problem is which certificate should i add in mmc

  i'm recently working on hardening of sql server 2008. now i face with a problem. my problem is  how to secure connection in sql server 2008?  my main problem is which certificate should i add in mmc? what are these certificates about?and guide
  me in choosing the appropriate certificate.
  and how should i know that the connection in sql server is secured?
  plz guide me from the beginning cause i'm rookie in this subject.
  thanks in advance.

  Hi sqlfan,
  Question 1: my problem is how to secure connection in sql server 2008?
  Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. For more information about Encrypting Connections to SQL Server, please refer to the following
  article:
  http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  Question 2: my main problem is which certificate should i add in mmc? what are these certificates about?and guide me in choosing the appropriate certificate.
  To install a certificate in the Windows certificate store of the server computer, you will need to purchase/provision a certificate from a certificate authority first. So please go to a certificate authority to choose the appropriate certificate.
  For SQL Server to load a SSL certificate, the certificate must meet the following conditions:
  The certificate must be in either the local computer certificate store or the current user certificate store.
  The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
  The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
  The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
  The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host
  name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
  Question 3: how should i know that the connection in sql server is secured?
  If the certificate is configured to be used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the certificate. For more detail about this,
  please refer to Configuring SSL for SQL Server in the following article:
  http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  If you have any question, please feel free to let me know.
  Regards,
  Donghui Li

• SQLJ in Applet: Open connection to 3rd machine?

  If a client machine download applet with sqlj from web server, is possible to open connection directly to database on 3rd machine? Or is prevented by java applet security?
  Rathu

  Yes it is prevented by Java security. Look to using the Oracle Net 8 COnnection manager to help work around this.

• Open Directory is not providing a secure connection

  I've been setting up Yosemite Server, but I haven't been able to get a second Mac to join onto the Open Directory service. When clicking Join… in Accounts Preferences on the client machine, and entering the address, it asks me whether I want to trust the server's certificates, which I do; and then, in a second dialog, it says "This server does not provide a secure (SSL) connection. Do you want to continue?"
  My question, simply, is how do I confirm that my server is providing a secure Open Directory connection? If it's not, how do I enable it, and if it is, how do I convince my client to use it?
  Background:
  After doing the initial setup, I turned on Open Directory before noticing that the host name was not correct—I had not changed it from "Xxx.local". So I changed it to the correct domain as pointed to by an external DNS server. It mentioned that I'd have to reconfigure a number of services, Open Directory among them. I turned Open Directory off, then on, and confirmed in the Certificates section that all services were using the newly-generated certificate with the correct domain name. I turned on Profile Manager, and added a test network user, and an encrypted-only (SMB3) share for its home folder. For good measure, I turned on the Websites service.
  At several points along this process, I tried to get the client to join the server's Open Directory, each and every time with the same message that the server does not provide a secure connection. I removed the applicable certificates on the client and tried again, just to be sure it wasn't using an outdated version of them—to no avail. The error is exactly the same whether I use the global .com hostname, the .local hostname, the global IP, or the local 10.0.1.x IP.
  The server is running Mac OS X 10.10.1, and the client MBP is on 10.10.
  The client is currently on the local network, but I aim to use Portable Home Directories and sync from other locations, so an unsecured OD connection is obviously unacceptable.
  Any advice would be dearly appreciated!

  First, follow the instructions in this support article to configure the clients to use the server's certificate to bind via LDAPS. The common name in the certificate must match both the server's hostname and its domain name, as resolved by the clients. You will get nowhere if those conditions aren't met.