Apply SSL in JSP with internal CA signed by Active Directory

Hi geniuses, who has any idea how to apply SSL into JSP pages.
I am try add SSL to my authentication JSP pages. My company has exist internal CA signed by Microsoft Server 2003 Active Directory.
Who's have any idea or tutorial, can you please share to me?

webster wrote:
Hi geniuses, who has any idea how to apply SSL into JSP pages.
I am try add SSL to my authentication JSP pages. My company has exist internal CA signed by Microsoft Server 2003 Active Directory.
Who's have any idea or tutorial, can you please share to me?This really has nothing to do with JSP or this forum. It's a matter of setting up your Servlet/JSP container properly. Consult the docs for your servlet/jsp container for how to enable SSL.

Similar Messages

  • Certificate Authority not working when signing documents (Active Directory)

    We recently went to an Active Directory structure at my job, and we do a lot of signatures. Part of the Active Directory setup was an auto-certificate authority setup. I went to sign a document  recently and the signature will not apply. I went into trust tab and clicked to trust the certificate, and then backed out, but it still will not sign. When I click to sign the document nothing happens. There are red Xs next to everything in the trust tab.
    Any ideas? I am wondering if there is something I can do in Adobe to let it know that certificate is trusted?
    Any help would be appreciated.

    When Acrobat builds the signature object (which is created when you sign), it tries to populate the object with as much data as possible in order to facilitate long term validation. This means that it is trying to add all of the certificates in the signature chain to the PDF along with all of the corresponding revocation information (which is either an OCSP response of a CRL). This way, after the signer's digital ID expires all of the validation collateral will still be available, otherwise you would get an Unknown signature after the signer's cert expired.
    In order for Acrobat to get the revocation information trust has to be established. When you create the signature Acrobat tries to gather all of the certificates in the signing chain. After it has finished building the chain it walks the chain from the bottom up (the bottom being the signer's certificate) and checks to see if the cert is a designated trust anchor. Once it finds trust anchor it will try to procure revocation info for each cert below the trust anchor, but not the trust anchor itself. After it has gathered up all of the rev info it writes it into the PDF file along with the certificates. So, when it comes to signature creation, it's good to add the certificate that is at the root (top) of the signing chain to the Manage Trusted Identities list and trust it for signing and certifying. That way when you do sign all of the rev info will be written into the file.
    The next thing to realize is Acrobat can only retrieve the revocation info if it knows where to get it from. Each certificate in the signing chain except for the root cert should have an extension that tells Acrobat where it can download the information. For an OCSP response the URI is in the Authority Information Access (AIA) extension and for a CRL the URI is in the CRL Distribution Point (CRLdP) extension. If there is an entry in either of these two extensions that are not valid (that is either they don't exist or, the exist but don't really provide the expected data) then Acrobat will try to download the data, but the download will fail. Thus, you end up with a signature in an Unknown state because revocation checking must succeed if the is an AIA or CRLdP extension. Wheat you need to check is, does the certificate have one or both of these two extensions and if so, does it lead to a successful download.
    Steve

  • Issue with Exchange 2003 after upgrading Active Directory

    I upgraded AD from 2003 to 2008 R2. Before I could go into AD to create users, click on the email check box and the user would have an account on Exchange. Now this feature is not available. How do I create mailboxes on my Exchange 2003 Server for users
    now?

    You can't, You have to administer Exchange 2003 functionality from Active Directory Users and Computers on the Exchange 2003 server.
    FYI: Companies running Exchange 2003 after April 8, 2014 will be responsible for their own for support. More importantly, because Microsoft will no longer provide security updates, companies that choose to continue running Exchange 2003 accept the risk associated
    with that.
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Issues logging in with 10.8 (Mountain Lion) Active Directory

    Having an issue when when "some" users try to login to ML the desktop never comes up. There is just a spnning wheel next to the password and the only way to cancel it is to do a hard reboot. These same user have no issues loggin to 10.7 (Lion) or 10.6 (Snow Leopard). When I login as the local admin I can see the home folder for the user that tried to login.

    Active Directory - WIndows Server 2008 R2
    Orginzation is just one of the 7 domains in a forest. The users that are able to login are generic ones that are created in our domain. The ones that can not login are ones with that have information in 2 domains. 1 in our domain (AD) and 1 in another domain (Exhange) not sure if that is the reason or not. Tired putting only our domain in authentication search policy and unchecking "Allow authentiation from any domain in the forest". Also tried "perfer this domain server" with no luck.

  • How to read with a script in LDAP Active Directory

    I there anyone have a perl/XML script for free download whitch used to search and read contact in LDAP directory.
    Our company not chose the operation witch consit to point CM on Active Directory ,they prefers to write or find script perl/XML to do that.
    Is it possible??
    thanck you for your help

    I am interested in the script that you created too. I have some LDAP books on the way and will try to learn scripting but I have no experience in it and any little push in the right direction would be much appreciated. We are trying to integrate AD with CCM which we did with CCM 4.0.2 but now the Directories button does not work, which we new it wasn't going to, but they want me to create several menu listings say
    1.
    2.Standard Cisco Missed, Placed and Received Calls
    3.
    4. Corporate that will automatically search the entire AD.
    5. This will search only in OU X
    6. This will search in only OU y
    7.
    8. This will search only in UN to the Nth
    If this is possible I would be in your debt if I could just get a sample to give me a push in the right direction.
    Thanks
    My e-mail address is [email protected]

  • Best way to manage digital signing on Active Directory environment?

    Hi,
    I have created a couple of interactive documents and they have signature fields for the staff. Some documents have multiple signature fields. At the moment staff signing the document and emailing his/her supervisor and supervisor saving as this document and signing and forwarding to the principal. This is so messy and I was wondering whats the best way to create a usefull environment for it. Other very importing thing is how can make signatures centralized to prevent many signature creation on different computers?
    regards

    Hi,
    I am not sure if this helps for the second question, but...
    I use a single digital signature from GlobalSign and they do offer a centralised certificate management system from 5 digital signatures up. See here: http://www.globalsign.com/ssl/managed-ssl/.
    I haven't used it as I only have a single signature, but it may help.
    Niall

  • VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory

    OK,I follow the official documents step by step,I installed the vdi 3.4 in Oracle Linux 5.7(oraclevdi.jiayutester.com),then installed a window server 2008 r2 64bit(jiayudc.jiayutester.com) that made it to be the Domain Controller(jiayutester.com) and DNS,at the end,I edit the /etc/krb5.conf.I execute the following commands:
    1.getent hosts jiayudc.jiayutester.com
    --------------------My Note:Normal-----------
    2.kinit -V [email protected]
    Authenticated to Kerberos v5
    This is my krb5.conf------------------------------------
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
    [libdefaults]
    default_realm = JIAYUTESTER.COM
    default_checksum = rsa-md5
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    forwardable = yes
    [realms]
    JIAYUTESTER.COM = {
    kdc = space-21pel8ghu.jiayutester.com
    admin_server = space-21pel8ghu.jiayu.com:749
    default_domain = jiayutester.com
    [domain_realm]
    .jiayutester.com = JIAYUTESTER.COM
    jiayutester.com = JIAYUTESTER.COM
    [appdefaults]
    pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
    Then,I login to the web console to set company, I select Active Directory to use as User Directory,then I fill up all the needed information(I am sure that all the information I fill in the form is correct),when I click the next,error occured....it's the context:
    Unable to Connect to User Directory
    Failed to connect, no servers available
    Now,I searched everywhere for information,but I can't resolve the problem...Please help me,smart guys

    Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmac
    And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
    Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
    For example:
    $ *nslookup -querytype=any gc.tcp.vdi.com.*
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.
    $ nslookup win2008.vdi.com.
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    Name:     win2008.vdi.com
    Address: _192.168.1.100_
    r$ nslookup 192.168.1.100
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    100.1.168.192.in-addr.arpa     name = win2008.vdi.com.*
    You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
    Beyond that, you need to look in the cacao.log file for errors that you can find and post.
    Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM

  • Oim 9.1.0.1 to active directory using ssl

    Hi,
    I am working on OIM 9.1.0.1 and AD IS on WIN2K3 R2.
    I successfully installed CA certificate in AD Server as given in AD Connector Document 9.1.0.1 given below.
    Configuring SSL for Microsoft Active Directory
    To configure SSL communication between Oracle Identity Manager and Microsoft Active Directory, you must perform the following tasks:
    a) Installing Certificate Services
    b) Enabling LDAPS
    c) Setting Up the Target System Certificate As a Trusted Certificate
    a) Installing Certificate Services
    To install Certificate Services on the target system host computer:
    Before you begin installing Certificate Services, you must ensure that Internet Information Services (IIS) is installed on the target system host computer.
    Note:
    1. Insert the operating system installation media into the CD-ROM or DVD drive.
    2. Click Start, Settings, and Control Panel.
    3. Double-click Add/Remove Programs.
    4. Click Add/Remove Windows Components.
    5. Select Certificate Services.
    6. In the Windows Components Wizard, follow the instructions to start Certificate Services.
    I selected Enterprise root CA as the CA type as said in AD connector Doc.
    b) Enabling LDAPS
    The target system host computer must have LDAP over SSL (LDAPS) enabled. To enable LDAPS:
    1. On the Active Directory Users and Computers console, right-click the domain node, and select Properties.
    2. Click the Group Policy tab.
    3. Select Default Domain Policy.
    4. Click Edit.
    5. Click Computer Configuration, Windows Settings, Security Settings, and Public Key Policies.
    6. Right-click Automatic Certificate Request Settings, and then select New and Automatic Certificate Request. A wizard is started.
    7. Use the wizard to add a policy with the Domain Controller template.
    At the end of this procedure, the certificate is created and LDAPS is enabled on port 636. You can use an LDAP browser utility to verify that LDAPS is working.
    But my problem is i am not able to connect to AD over SSL through JExplorer LDAP Browser in AD Server itself.
    its saying Socket closed and some times binding failed.
    And Firewall is on and Telnet is happening to both 389 and 636 ports from outside AD Server and in AD Server
    Please give the solution to overcome this issue.
    regards
    Ramu

    Hi
    From Apache Directory Studio i am able to connect over SSL (port 636) to AD and also imported certificate in oim.
    In Diagnostic Dashboard Test Connectivy of AD i found the below error.
    ITResource information values are not correct. Enter the correct values.
    The root cause is . . .
    java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.thortech.xl.systemverification.tests.TestConnector.runInterfaceMethods(Unknown Source)
         at com.thortech.xl.systemverification.tests.TestConnector.execute(Unknown Source)
         at com.thortech.xl.systemverification.webapp.SystemVerificationServlet.doPost(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:176)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: javax.naming.CommunicationException: simple bind failed: adr.oimad.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
         at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
         at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
         at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:287)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
         at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
         at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.InitialContext.(InitialContext.java:197)
         at javax.naming.directory.InitialDirContext.(InitialDirContext.java:82)
         at com.thortech.xl.integration.ActiveDirectory.test.ADServerConnectorTest.getLDAPConnection(Unknown Source)
         at com.thortech.xl.integration.ActiveDirectory.test.ADServerConnectorTest.testBasicConnectivity(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.thortech.xl.systemverification.tests.TestConnector.runInterfaceMethods(Unknown Source)
         at com.thortech.xl.systemverification.tests.TestConnector.execute(Unknown Source)
         at com.thortech.xl.systemverification.webapp.SystemVerificationServlet.doPost(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         ... 8 more
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
         at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
         at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
         at java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
         at java.io.BufferedInputStream.read(BufferedInputStream.java:317)
         at com.sun.jndi.ldap.Connection.run(Connection.java:805)
         at java.lang.Thread.run(Thread.java:619)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
         at sun.security.validator.Validator.validate(Validator.java:218)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
         ... 12 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
         ... 18 more
    regards
    Ramu

  • Sync external database with Active Directory

    Hi,
    We are in the process of consolitating all user information in our systems in Active Directory.
    We have a system that can only authenicate users from information stored in a relational database. We are investigating options that would allow us to sync the password in this relational database with the password stored in Active Directory. Whenever the user changes their domain password, we would like for an JNDI application to update the relational database with their new password.
    I'm fairly new to JNDI/Active Directory. My research does not look too positive. Does anybody know of any way that we can perform this password synchronization? Any advice would be greatly appreciated!
    Thanks!
    Dave

    There are several mechanisms available that enable AD to authenticate users for your web application.
    1. Perform a simple LDAP bind using the user's credentials submitted from a form. If the bind is successful, then you can infer that the credentials are correct.
    2. If the users have already performed an interactive logon to Active Directory, provide a Single Sign-On experience by utilizing their existing Kerberos ticket. Refer to JNDI, Active Directory and Authentication (Part 1) (Kerberos)
    http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
    for an explanation of using Kerberos & GSS-API.
    3. If the users are not performing an interactive logon to your Active Directory, but you want to provide a federated single sign-on experience, then you may be interested in Active Directory Federation Services which uses SAML 1.0 tokens & WS-* to assert claims. Information on ADFS can be found at http://www.microsoft.com/windowsserver2003/techinfo/overview/adfsoverview.mspx
    Two third party ISV's; Vintela and Centrify both provide solutions for non-Windows Web Servers to enable the second & third scenarios.

  • Does WLS 6.1 LDAP work with Active Directory?

    I see in the security docs that Microsoft Site Server LDAP is supported. Anyone
    know if it will work with Active Directory which is supposed to be LDAP v3 compatible?
    TIA

    I've done it with :
    <CustomRealm
    ConfigurationData="server.host=myLDAP.mydomain.org;membership.filter=(&
    (member=%M)(objectclass=group));server.port=389;group.dn=ou=groupes,dc=myDomain.org;group.filter=(&(cn=%g)(objectclass=group));server.principal=cn=Administrator,cn=Users,dc=myDomain.org;user.dn=ou=Utilisateurs,dc=myDomain.org;user.filter=(&(cn=%u)(objectclass=person));server.ssl=false"
    Name="MyLDAPv2" Notes="Test ldap V2 active Directory"
    Password="myPassword" RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
    Will Spies <[email protected]> wrote:
    Can you put up what a sample <CustomRealm/> tag for AD looks like? I'm
    trying to get this to work with no success. Thanks for any help.

  • Organization chart with Active directory AD in Sharepoint 2013

    Dear All, 
    I need to create organizational chart with sharepoint 2013 through the Active directory. Is there any opensource webpart for 2013 please confirm me 
    Regards 
    RB

    Any one know about it? 
    RB

  • Issue in applying SSL selectively to Login JSP Page--Session getting lost.

    Hi,
    I am facing some issues with SSL configuration on my web site running on tomcat 5.5. I am using jdk 1.5 and form based authentication with JAAS framework.
    The SSL configuration is working perfectly when applied to complete web site, but starts giving problem when applied selectively to some JSP pages. At present I am trying to apply SSL just on the login page.
    When the login screen loads up, the URL in the browser has a protocol "*https*", as expected, but it doesn't gets changed to "*http*" once the user has successfully logged in. Why is the automatic change from https to http not ocurring?
    Also I want to know which is the default page, tomcat will direct the logged in user to, once successfully authenticated using form based login; Is there any way to change this default page to some other page. It looks like that tomcat automatically directs to index.html , once the user has been successfully authenticated, but I am not so sure. My index.html page is having 4 frames; the source of these frames are different JSP pages, which are not under SSL.
    My aim is to apply SSL just on login.jsp so that password doesn't travel in clear text. Once the user is authenticated he should see index.html and the address bar's URL should change it's protocol from https to http.
    Please, find below the code in my web.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>CWA Application</web-resource-name>
    <url-pattern>/about.jsp</url-pattern>
    <url-pattern>/admin_listds.jsp</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <url-pattern>/*login.jsp*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>CWA Application</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login.jsp?error=true</form-error-page>
    </form-login-config>
    </login-config>
    <welcome-file-list>
    <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>
    My login. jsp has below code:
    <form name="login" method="POST" action='<%= response.encodeURL(*"j_security_check*") %>' >
    <tr>
    <td width="100%">
    <table width="260" border="0" cellspacing="0" cellpadding="1">
    <tr>
    <td align="left" valign="top" rowspan="4"><img src="images/space.gif" width="15" height="5"></td>
    <td align="right" class="login-user" nowrap ><p>User name: </p></td>
    <td align="left" valign="top"><input maxLength="64" name="j_username" size="20"></td>
    </tr>
    <tr>
    <td align="right" nowrap class="login-user"><p>Password: </p>
    </td>
    <td align="left" valign="top">
    <input maxLength=\"64\" tabindex="2" type="password" name="j_password" size="20">
    </td>
    </tr>
    </form>
    The entries in my server.xml are following:
    <Connector port="8080" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="8443" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true" />
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    keystoreFile="${java.home}\lib\security\cacerts" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS" />
    I have gone through the http://forums.sun.com/thread.jspa?threadID=197150 and tried implementing it; The filter as explained in the thread does gets called but the session values are still lost.
    Please note I am using javascript to go from secure "https" to "http" once the user has successfully logged in The javascript code is as below:
    top.location.href="http://localhost:8080/qtv/index.html." ;
    If I use response.sendRedirect("http://localhost:8080/qtv/index.html") for going to non-secure mode, the index.html page does not gets loaded properly. (Please note that my index.html is made of *4 frames*, as explained earlier. This is a legacy code and frames can't be removed).
    The reason for index.html not getting loaded properly is that the Address bar URL does NOT change its URL and protocol from https (https://localhost:8443/qtv/index.html ) to "*http*" (http://localhost:8080/qtv/index.html) when esponse.sendRedirect() is used ;this is the default behaviour of response.sendRedirect(). And because the protocol in address bar is https, index.html is not able to load the other JSP's in it's frames because of cross-frame-scripting security issues (The other JSP's to be loaded in frames are are NOT secure as discussed earlier).
    Please let know if any way out.
    Thanks,
    Masaai

    Hi
    try to set the maximum interval between requests
    eg:
    session.setMaxInactiveInterval(6000);
    vis

  • IMac with Lion. I have an icon on the dock for Fluenz software but it has a white circle around it with a white slash through it (like the international "no" sign).  What does the circle mean?

    I have an iMac using Lion. I have an icon on the dock for Fluenz software but it has a white circle around it with a white slash through it (like the international "no" sign).  What does the circle mean?  The Fluenz software seems to work ok.

    Checkout the software vendor's website for updates:
    http://fluenz.com/commons/beta-forum/posts/free-lion-upgrade-fluenz-updates-page
    Your only other option is to boot from an OS X 10.6 system.
    Hope the link helps.

  • Ssl-handshake fails with scandinavian chars in client certificate

    Hello,
    We've run into a problem with 2-way-ssl and certificates that have scandinavian
    characters in the subject. The problem cert is used as client-certificate for
    authentication and it goes like this:
    1. Client surfs with http in our site, until clicks https-link that will immediately
    start the ssl-handshake
    2. Server presents it's trusted cert-list fine
    3. PIN is being asked fine
    4. Next the request processing stops on the exception below and nothing will happen
    on the client side.
    Certs without these äöå -chars work fine, so our guess is that they cause it,
    but the certs ought to be according to specs: name-fields encoding is UTF-8 according
    to RFC 2459 from year 1999. A failing example-cert is also below.
    Would this be a problem with the certificate rather than BEA-implementation?
    Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
    sp2 + CASE_ID_NUM: 501454 hotfix).
    Best Regards,
    Igor Styrman
    <avalable(): 20303264 : 0 + 0 = 0>
    <write ALERT offset = 0 length = 2>
    <SSLIOContextTable.removeContext(ctx): 1765100>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
    SSLSocket>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
    6487148>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
    be Muxing>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
    11153746>
    <SSLFilter.isActivated: false>
    <isMuxerActivated: false>
    <SSLFilter.isActivated: false>
    <21647856 readRecord()>
    <21647856 SSL Version 2 with no padding>
    <21647856 SSL3/TLS MAC>
    <21647856 received SSL_20_RECORD>
    <HANDSHAKEMESSAGE: ClientHelloV2>
    <write HANDSHAKE offset = 0 length = 58>
    <write HANDSHAKE offset = 0 length = 1789>
    <Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
    Inc.", C=US>
    <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
    <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
    <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
    Inc.", O=GTE Corporation, C=US>
    <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
    <Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
    Inc.", C=US>
    <Converting principal: [email protected], CN=Thawte Personal
    Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Western Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte Personal
    Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Western Cape, C=ZA>
    <Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
    Inc.", C=US>
    <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
    <Converting principal: [email protected], CN=Thawte Server
    CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
    Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte Personal
    Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Western Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte Premium
    Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
    Town, ST=Western Cape, C=ZA>
    <Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
    Inc.", C=US>
    <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
    C=IE>
    <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
    <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
    Inc.", O=GTE Corporation, C=US>
    <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
    <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    O=Baltimore, C=IE>
    <Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
    Inc.", C=US>
    <write HANDSHAKE offset = 0 length = 2409>
    <write HANDSHAKE offset = 0 length = 4>
    <SSLFilter.isActivated: false>
    <isMuxerActivated: false>
    <SSLFilter.isActivated: false>
    <21647856 readRecord()>
    <21647856 SSL3/TLS MAC>
    <21647856 received HANDSHAKE>
    <HANDSHAKEMESSAGE: Certificate>
    PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
    'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
    java.lang.NullPointerException: Could not set value for ASN.1 string object..
    java.lang.NullPointerException: Could not set value for ASN.1 string object.
         at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
         at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
         at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
         at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
         at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
         at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
         at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
         at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
    Source)
         at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
         at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
    Source)
         at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    -----BEGIN CERTIFICATE-----
    MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
    MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
    IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
    VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
    ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
    ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
    Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
    C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
    YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
    HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
    IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
    A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
    bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
    MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
    cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
    VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
    KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
    3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
    JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
    0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
    SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
    tvrGCMOrvrb5QTxVtLNr
    -----END CERTIFICATE-----

    BMPString is another asn1 type that can be used for certificate attributes with
    non-ascii characters. The workaround is simply to use the BMPString instead of
    UTF8String for that subject name attribute in the certificate request. This off-course
    assumes that you can replace the certificate, and have control over what asn1
    type is used for the subject name attributes in the certificate request (via a
    tool options, or by generating the request yourself), so it is probably not applicable.
    Pavel.
    "Ari Räisänen" <[email protected]> wrote:
    >
    Thanks again, Pavel!
    I'm filing a support case about this. You talked about a workaround (BMPString).
    Could you be more spesific? I haven't talked about this issue with Igor
    yet.
    Regards,
    Ari
    "Pavel" <[email protected]> wrote:
    Sounds like a bug in certicom code. It should support UTF8String.
    I'd file a support case.
    You might be able to use BMPString instead as a workaround.
    Pavel.
    "Igor Styrman" <[email protected]> wrote:
    Hello,
    We've run into a problem with 2-way-ssl and certificates that have
    scandinavian
    characters in the subject. The problem cert is used as client-certificate
    for
    authentication and it goes like this:
    1. Client surfs with http in our site, until clicks https-link thatwill
    immediately
    start the ssl-handshake
    2. Server presents it's trusted cert-list fine
    3. PIN is being asked fine
    4. Next the request processing stops on the exception below and nothing
    will happen
    on the client side.
    Certs without these äöå -chars work fine, so our guess is that they
    cause it,
    but the certs ought to be according to specs: name-fields encoding
    is
    UTF-8 according
    to RFC 2459 from year 1999. A failing example-cert is also below.
    Would this be a problem with the certificate rather than BEA-implementation?
    Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
    (and with
    sp2 + CASE_ID_NUM: 501454 hotfix).
    Best Regards,
    Igor Styrman
    <avalable(): 20303264 : 0 + 0 = 0>
    <write ALERT offset = 0 length = 2>
    <SSLIOContextTable.removeContext(ctx): 1765100>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
    JSSE
    SSLSocket>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
    6487148>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
    will
    be Muxing>
    PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
    11153746>
    <SSLFilter.isActivated: false>
    <isMuxerActivated: false>
    <SSLFilter.isActivated: false>
    <21647856 readRecord()>
    <21647856 SSL Version 2 with no padding>
    <21647856 SSL3/TLS MAC>
    <21647856 received SSL_20_RECORD>
    <HANDSHAKEMESSAGE: ClientHelloV2>
    <write HANDSHAKE offset = 0 length = 58>
    <write HANDSHAKE offset = 0 length = 1789>
    <Converting principal: OU=Class 4 Public Primary Certification Authority,
    O="VeriSign,
    Inc.", C=US>
    <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
    <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
    <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
    Solutions,
    Inc.", O=GTE Corporation, C=US>
    <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
    C=FI>
    <Converting principal: OU=Class 1 Public Primary Certification Authority,
    O="VeriSign,
    Inc.", C=US>
    <Converting principal: [email protected], CN=Thawte
    Personal
    Basic CA, OU=Certification Services Division, O=Thawte Consulting,
    L=Cape
    Town,
    ST=Western Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte
    Personal
    Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
    L=Cape Town,
    ST=Western Cape, C=ZA>
    <Converting principal: OU=Class 3 Public Primary Certification Authority,
    O="VeriSign,
    Inc.", C=US>
    <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
    <Converting principal: [email protected], CN=Thawte
    Server
    CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
    Town, ST=Western
    Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte
    Personal
    Premium CA, OU=Certification Services Division, O=Thawte Consulting,
    L=Cape Town,
    ST=Western Cape, C=ZA>
    <Converting principal: [email protected], CN=Thawte
    Premium
    Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
    L=Cape
    Town, ST=Western Cape, C=ZA>
    <Converting principal: OU=Secure Server Certification Authority, O="RSA
    Data Security,
    Inc.", C=US>
    <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
    C=IE>
    <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
    <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
    Inc.", O=GTE Corporation, C=US>
    <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
    C=FI>
    <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    O=Baltimore, C=IE>
    <Converting principal: OU=Class 2 Public Primary Certification Authority,
    O="VeriSign,
    Inc.", C=US>
    <write HANDSHAKE offset = 0 length = 2409>
    <write HANDSHAKE offset = 0 length = 4>
    <SSLFilter.isActivated: false>
    <isMuxerActivated: false>
    <SSLFilter.isActivated: false>
    <21647856 readRecord()>
    <21647856 SSL3/TLS MAC>
    <21647856 received HANDSHAKE>
    <HANDSHAKEMESSAGE: Certificate>
    PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
    for queue:
    'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
    failed
    java.lang.NullPointerException: Could not set value for ASN.1 string
    object..
    java.lang.NullPointerException: Could not set value for ASN.1 string
    object.
         at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
         at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
         at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
         at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
    Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
         at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
    Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
         at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
         at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
    Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
         at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
    Source)
         at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
    Source)
         at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
         at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
         at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
    Source)
         at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
    Source)
         at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
    Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
    Source)
         at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
         at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
    Source)
         at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    -----BEGIN CERTIFICATE-----
    MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
    MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
    IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
    VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
    ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
    ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
    Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
    C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
    YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
    HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
    IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
    A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
    bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
    MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
    cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
    VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
    KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
    3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
    JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
    0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
    SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
    tvrGCMOrvrb5QTxVtLNr
    -----END CERTIFICATE-----

  • Problem with placing self-signed certificate in trust store on WLS 10.3

    I have had some problems setting up two-way SSL on WLS 10.3.2.
    1. I have not been able to use the java properties listed on
    http://weblogic-wonders.com/weblogic/2010/11/09/enforce-weblogic-to-use-sun-ssl-implementation-rather-than-certicom/
    to use the native Java SSL implementation rather than the certicom. Has anyone else had success using these?
    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
    -Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl
    -DUseSunHttpHandler=true
    -Dweblogic.wsee.client.ssl.usejdk=true (for webservice clients)
    2. When I use the ValidateCertChain to validate my keystore with the self-signed certificate I get the message
    CA cert not marked with critical BasicConstraint indicating it is a CA
    Certificate chain is invalid
    which I read was a problem with certificates generated by keytool, yet I find I was not able to circumvent this
    by setting the property weblogic.security.SSL.enforceConstraints to off in the WLS server environment.
    Has anyone else noticed this?
    3. The error I get is
    ####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1297793541204> <BEA-000000> <Exception during hands
    hake, stack trace follows
    java.lang.NullPointerException
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
    at com.certicom.tls.interfaceimpl.CertificateSupport.findInTrusted_Validity(Unknown Source)
    ####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tunin
    g)'> <<WLS Kernel>> <> <> <1297793541207> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    Are there other conditions besides the issue about the missing Basic Constraint field that can raise an
    alert with type 40?
    4. Steps I used to generate jks keystore for inclusion in trust keystore (actual values substituted):
    ** keytool -genkey -alias mykey -keystore mykeystore -validity 35600 \
    -dname "cn=Common Name, ou=Common Name, o=Org, l=location, s=state, c=US" \
    -storepass mypass -keypass mypass
    ** exported a DER format head certificate of mykey into mykey.cer.der
    ** keytool -import -trustcacerts -keystore DemoTrust.jks -alias mykey -file mykey.cer.der
    Any comments appreciated and thanks for this forum.

    Faisal,
    Certicom has an internal restriction that a Date must be notBefore 1970 and notAfter 2105 inclusive.The Java-generated key is valid until Wed Mar 14 11:03:59 EDT 2108. Your knowledge of this area is
    quite impressive, thank you so much for this!

Maybe you are looking for

  • Dreamweaver 8 and Microsoft Office 2008 for mac

    Hi everyone Not sure if this is a Word or Dreamweaver problem. I am running Dreamweaver 8 on a G-5 OSX-Tiger. I just installed Microsoft Office Home and Student 2008 edition on my machine. It install just fine, however when I need to paste a word doc

  • Mybt history disappeared, duplicate profiles and a...

    Anyone else having problems with their account holder status. got in touch with online chat more than 2 weeks ago, no longer the primary account after hours trying to fix another problem with my account. Pin doesn't work, spent another hour trying to

  • Flash Video on IE, Safari, etc...

    I've worked with Flash/Dreamweaver for a while now, but I can't seem to figure out what I'm doing wrong now... I had flash videos playing on my site before, but I completely changed the look of the website... and added new .flv files. When I test it

  • Upgrading from Elements 2 to 4

    First, I'm computer challenged. I'm running XP Home and have Elements 2 and Album 2 installed. I also have about 2000 photos organized in Album using "Tags". I understand that 4 has an updated version of Album included. To add a small complication, f

  • Unable to provide custom security impelmentation (BPELProcessValidator)

    Hey Gurus, I got a question regarding custom implementation of BPELProcessValidator class. My project requires me to secure each Business Process hosted in Ora BPEL PM. I have implemented my custom class MyValidator that extends BPELProcessValidator.