AS2 With certs

When using certs and AS2 which certificate file needs to be imported @ the Host level ? Is it the entire .p12 that is uploaded to the Oracle wallet ?
I am thinking it must be one of the .cer files.

At the host level the decryption is happening right ? Our customer is encrypting with our server level cert.
Which of the many certs should be uploaded via the User Interface ?
Server , Root Certs , Private Key , entire wallet ?
I currently have the Server cert defined and when our customer is sending it gives
"General failure decrypting S/MIME message " Nothing more.

Similar Messages

  • X12 over AS2 with Certs

    Is there any white paper/tutorials for setting up X12 over AS2 with a certificate and private key.
    I am not familiar with the oracle wallet etc... So any help would be appreciated.

    Hello,
    Please import the X12 tutorial which is shipped with the product in respective buyer and seller machine . Follow the write up on security.
    http://rameshnittursblog.blogspot.com/2007/08/oracle-as-b2b-security-how-to.html
    Please let us know if you have specific questions.
    Rgds,Ramesh

  • SSL LLE together with Cert-C PKI Encryption

    I could successfully set up LLE encrytion for WSL without Cert-C or message encrpytion with Cert-C plugin. But could not mange to get them both working in the same application.
    I am using Tuxedo10.3 + OpenLDAP on RH5.
    Native client tpinit gives me tpinit failure and in ULOG I see LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
    Encrpyted PKCS8 private key dont work for me with Cert-C. SEC_PRINCIPAL_PASSVER and decPassword attribute for cert-c/key_manager didnt change anything and finaly i used unencrypted PK.
    ULOG ---------------------------------8<----------------------------------------------------------------
    173342.730.borjomi!WSH.14905.3086448320.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
    173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
    173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
    173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=native/security/authentication)
    173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/native/atn)
    173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
    173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: destroy(priv=0x8199ee0)
    173342.732.borjomi!WSH.14905.3086448320.0: WSNAT_CAT:1030: INFO: Work Station Handler joining application
    173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=native/security/map_proof)
    173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=native/security/pk_initialization)
    173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=bea/native/pkifile)
    173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
    173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
    173342.739.borjomi!?proc.14904.3086374592.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
    173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
    173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
    173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
    173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
    173342.744.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/key_management, alias=native/security/key_management)
    173342.751.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG:{ _ep_dl_certc_key_management()
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: privateKeyDir=file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: decPassword=password
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/)
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
    173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: Using Private keys in directory /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
    173342.751.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_lookup, alias=native/security/certificate_lookup)
    173342.760.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_parsing, alias=native/security/certificate_parsing)
    173342.760.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
    173342.760.borjomi!WSH.14905.3086448320.0: CCDBG: { _e_dl_certc_certificate_parsing()
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } edl_certc_certificate_parsing(30), returns 0
    173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=native/security/certificate_validation)
    173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=bea/cert-c/certificate_validation)
    173342.761.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { _ep_dl_certc_validate_certificate()
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: Trusted CA file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: CRL file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der)
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { validate_init()
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { addCertFromFileToList(fname /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
    173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der, read 537 of bytes
    173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } addCertFromFileToList(50) return 0
    173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der, read 279 of bytes
    173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } validate_init(140) return SUCCESS
    173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } epdl_certc_validate_certificate(80) return SUCCESS
    173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal myapp)
    173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(50) return SUCCESS
    173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_get_issuer_name()
    173342.797.borjomi!WSH.14905.3086448320.0: issuer dn (81 bytes):
    173342.797.borjomi!WSH.14905.3086448320.0: 30 4f 31 10 30 0e 06 03 55 04 03 13 07 63 61 6d 0O1.0...U....cam
    173342.797.borjomi!WSH.14905.3086448320.0: 79 61 70 70 31 0e 30 0c 06 03 55 04 0b 13 05 54 yapp1.0...U....T
    173342.797.borjomi!WSH.14905.3086448320.0: 69 65 74 6f 31 0d 30 0b 06 03 55 04 07 13 04 52 ieto1.0...U....R
    173342.797.borjomi!WSH.14905.3086448320.0: 69 67 61 31 0f 30 0d 06 03 55 04 08 13 06 4c 61 iga1.0...U....La
    173342.797.borjomi!WSH.14905.3086448320.0: 74 76 69 61 31 0b 30 09 06 03 55 04 06 13 02 4c tvia1.0...U....L
    173342.797.borjomi!WSH.14905.3086448320.0: 56 V
    173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { getNameFromNameObject()
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: avaCount 5
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: valueTag PRINTABLE STRING
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: type = 55, 4, 55
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: name camyapp, 0x81ccb40
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } getNameFromNameObject(40) return SUCCESS
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: issuer name is camyapp
    173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_get_issuer_name(60) return 0
    173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal camyapp)
    173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(40) return TRUSTED
    173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_private(cd 0x81cd260, principal myapp, location /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der)
    173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: req_usage 0x2, cd->cds_usage 0x2
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der, read 634 of bytes
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: got the key info for type 0
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: private key 0x81cbdf0, *keyp 0x81cbdf0
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_private(70) return SUCCESS
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_public(cd 0x81cd260, principal myapp, req_usage 0x2)
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key match type 0
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key 0x81d19c8, *keyp 0x81d19c8
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_public(70) return SUCCESS
    173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_validate(principal myapp)
    173342.840.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_validate(100) return SUCCESS
    173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
    173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6741: ERROR: SSL error -1
    173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6633: ERROR: Could not create SSL context on accept
    173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:1032: ERROR: Failed to receive expected reply
    173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:2003: ERROR: Unable to get reply to gssapi token message
    ---------------------------------8<----------------------------------------------------------------
    Test setup script:
    ---------------------------------8<----------------------------------------------------------------
    LDAP_HOST=10.57.5.167
    LDAP_PORT=8080
    LDAP_ROOTDN="dc=com"
    LDAP_BASEDN="cn=Manager,$LDAP_ROOTDN"
    LDAP_PASSWORD="password"
    ## Create openssl config
    cat <<EOF >openssl.cfg
    [ ca ]
    default_ca = CA_default # The default ca section
    [ CA_default ]
    dir = . # top dir
    database= index.txt
    default_days = 365 # how long to certify for
    default_crl_days= 30 # how long before next CRL
    default_md = md5 # md to use
    [ req ]
    default_bits = 1024
    distinguished_name = req_distinguished_name
    encrypt_rsa_key = no
    default_md = md5
    default_days = 365 # how long to certify for
    default_crl_days= 30 # how long before next CRL
    [ req_distinguished_name ]
    EOF
    ## Generate self-signed CA
    openssl req -x509 -newkey rsa:1024 -keyform PEM -keyout camyapp_key.pem -out camyapp_crt.pem -days 365 -subj '/CN=camyapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
    openssl x509 -in camyapp_crt.pem -out camyapp_crt.der -outform DER
    cat camyapp_crt.pem >> $TUXDIR/udataobj/security/certs/trust_ca.cer
    ## Generate user certificate for PRINCIPAL myapp
    openssl req -newkey rsa:1024 -keyform PEM -keyout myapp_key.pem -outform PEM -out myapp_csr.pem -days 365 -subj '/CN=myapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
    # myapp.pem works fine for LLE when using libplugin.so
    #openssl pkcs8 -topk8 -in myapp_key.pem -passout pass:password -outform PEM -out myapp.pem
    # It look like libcertctux.so accepts only unencrypted keys. Is it true?
    openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.der
    openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.pvt
    openssl x509 -req -in myapp_csr.pem -CA camyapp_crt.pem -CAkey camyapp_key.pem -CAcreateserial -outform DER -out myapp_crt.der -days 356
    #Reload LDAP
    ldapdelete -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -w $LDAP_PASSWORD -r "$LDAP_ROOTDN"
    cat <<EOF > myapp.ldif
    dn: $LDAP_ROOTDN
    dc: ${LDAP_ROOTDN/*=}
    objectClass: dcObject
    objectClass: organization
    o: something
    dn: o=TUX,$LDAP_ROOTDN
    o: TUX
    objectClass: organization
    dn: cn=myapp,o=TUX,$LDAP_ROOTDN
    userPassword: password
    objectClass: inetOrgPerson
    objectClass: person
    objectClass: pkiUser
    objectClass: strongAuthenticationUser
    sn: myapp
    cn: myapp
    # For SSL search:SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
    mail: myapp
    userCertificate;binary:<file://`pwd`/myapp_crt.der
    EOF
    ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f myapp.ldif -w $LDAP_PASSWORD -c
    ## Generate empty CRL. The same CRL is used for ARL
    echo > index.txt
    openssl ca -gencrl -keyfile camyapp_key.pem -cert camyapp_crt.pem -out my_crl.pem -config openssl.cfg
    openssl crl -in my_crl.pem -out my_crl.der -outform DER
    cat <<EOF > ca.ldif
    dn: cn=camyapp,o=TUX,$LDAP_ROOTDN
    userPassword: password
    objectClass: inetOrgPerson
    objectClass: person
    objectClass: certificationAuthority
    sn: camyapp
    mail: camyapp
    cACertificate;binary:<file://`pwd`/camyapp_crt.der
    certificateRevocationList;binary:<file://`pwd`//my_crl.der
    authorityRevocationList;binary:<file://`pwd`//my_crl.der
    EOF
    ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f ca.ldif -w $LDAP_PASSWORD -c
    ## Installation values
    epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://10.57.5.167:8080/ -a Params=ldapBaseObject=o=TUX,dc=com -a Params=binaryCertificate=YES
    epifregedt -s -k SYSTEM/impl/security/BEA/certificate_validation -a Params=caCertificateFile=file://$TUXDIR/udataobj/security/certs/trust_ca.cer -a Params=peerValidationRuleFile=file://$TUXDIR/udataobj/security/certs/peer_val.rul
    epifregedt -s -k SYSTEM/impl/security/BEA/key_management -a Params=privateKeyDir=file://$TUXDIR/udataobj/security/keys
    # ** Modify Validation Interface **
    epifreg -r -p bea/cert-c/certificate_validation -i engine/security/certificate_validation -v 1.0 -f libcertctux.so -e epdl_certc_validate_certificate -u caCertificateFile=file://`pwd`/camyapp_crt.der -u crlFile=file://`pwd`/my_crl.der
    epifregedt -s -k SYSTEM/impl/bea/valfile -a InterceptionSeq=bea/cert-c/certificate_validation
    epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_validation -a DefaultImpl=bea/valfile
    # ** Modify Lookup Interface ** Use OpenLDAP
    # Not using cert-c certificate lookup. Lookup from libplugin is compatible with OpenLDAP
    #epifreg -r -p bea/cert-c/certificate_lookup -i engine/security/certificate_lookup -v 1.0 -f libcertctux.so -e epdl_certc_certificate_lookup -u ldapUserCertificate=ldap://10.57.5.167:8080 -u ldapBaseObject="o=TUX,dc=com" -u ldapFilterAttribute="cn" -u ldapBaseDNAttribute="dc,o,cn,c,ou"
    epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://$LDAP_HOST:$LDAP_PORT/ -a Params=ldapBaseObject=o=TUX,$LDAP_ROOTDN -a Params=binaryCertificate=YES -a Params=filterFileLocation="file://$TUXDIR/udataobj/security/bea_ldap_filter.dat"
    epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_lookup -a DefaultImpl=security/BEA/certificate_lookup
    # ** Modify Key Management Interface **
    epifreg -r -p bea/cert-c/key_management -i engine/security/key_management -v 1.0 -f libcertctux.so -e epdl_certc_key_management -u privateKeyDir=file://`pwd`/ -u decPassword="password"
    epifregedt -s -k SYSTEM/interfaces/engine/security/key_management -a DefaultImpl=bea/cert-c/key_management
    # ** Modify Certificate Parsing Interfaces **
    epifreg -r -p bea/cert-c/certificate_parsing -i engine/security/certificate_parsing -v 1.0 -f libcertctux.so -e epdl_certc_certificate_parsing
    epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_parsing -a DefaultImpl=bea/cert-c/certificate_parsing
    ----------------------------8<------------------------------------------------
    Ldap log:
    ----------------------------8<------------------------------------------------
    conn=0 fd=12 ACCEPT from IP=10.57.5.167:34885 (IP=10.57.5.167:8080)
    conn=0 op=0 BIND dn="" method=128
    conn=0 op=0 RESULT tag=97 err=0 text=
    conn=0 op=1 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
    <= bdb_equality_candidates: (mail) not indexed
    conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
    conn=0 op=2 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=certificationAuthority)(cn=camyapp)(sn=camyapp))"
    <= bdb_equality_candidates: (cn) not indexed
    <= bdb_equality_candidates: (sn) not indexed
    conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
    ----------------------------8<------------------------------------------------
    Message signing works fine
    Note.
    OpenLDAP must allow bind_v2
    ULOGDEBUG, PIFDBG and CERTCDBG environment variables are set.
    Any ideas?

    I got workaround by putting WSL parameters in a separate registry file.
    System.rdp is registry with cert-c PKI plugin setup.
    System_wsl.rdp is registry with key_management from libplugin.so (default installation values).
    WSL is configured to read parameters from System_wsl.rdp.
    ubbt SERVER section:
    WSL         SRVGRP=NOTMS_GROUP SRVID=200      CLOPT="-A -- -d /dev/tcp -n //10.57.5.167:12500 -S 12501 -z 40 -Z 128" ENVFILE="<absolute path>/WSL.env"<absolutel path>/WSL.env:
    REG_KEY_SYSTEM=<absolute path>/System_wsl.rdpStill I am curious about Cert-C + SSL.

  • 802.1X, you deployed with Certs, or used individual user accounts?

    I'm looking at 802.1X to improve our internal network's security posture to prevent unauthorized access by non-authorized users. The solution I am looking at is 802.1X only, not any vender's NAC solution which rides upon 802.1X, but 802.1X solely. We currently have no plans nor budget for Cisco's NAC appliance, Clean Access, CSA, or any other type of similar program. Out systems are XP or Vista, our JetDirect's purchased over the years have 802.1X capability per HP's specs. I have about 3,500 desktops.
    I had initially considered having the switches query a radius server (like ACS for example)which would in turn query the Windows AD for account authentication. This would prevent those without an account access to the network via a switchport.
    I've been looking at some of the ways to perform this and it looks like some people say the best way (for security's sake) to actually utilize a certificate authority (internal CA) to authenticate user access in lieu of the username and password. Keep in mind, our current AD password policy requires a username's password change every 60 days, 8 chars or more, requiring uppercase, lowercase, and a number in that password. This is much stronger than it used to be.
    So, I'm on the fence here and I am in the early stages of exploration. Can some of you tell me what you chose to do and why?
    Much thanks.

    I'm in the middle of a deployment of .1X authentication for the exact same reasons you are.
    I'm assuming you are using Catalyst switches, just make sure you're using a good version of the IOS, I have 4507's in my IDF's and use 12.2(37)SG. Prior to this I had some very weird problems, inconsistent authentication.
    I didn't use certs, I use the XP supplicant and use the hardware machine name to authenticate with AD + MAC address authentication. I had to go this route because my user base would just allow a guest machine to log in with their AD creditials.
    Unfortunately it's a head-ache to trouble shoot. My desktop team uses a handheld tester from Fluke and I have to reset the MAC table everytime they need to test.

  • Iphone 5 Email client fails when connecting to server with certs signed by personal CA

    My mail resides on my own server with its own private CA that was used to sign the email server cert.
    I used sendmail and CA and certs were created with below commands:
    CA -newca
    openssl req -newkey rsa:1024 -nodes -keyout sendmail_req.pem -out sendmail_req.pem
    openssl ca -out sendmail_cert.pem -infiles sendmail_req.pem
    Before I switched to iphone 5 I had Iphone 3s and all worked fine.
    I would get a notification: cannot verify server identity, but after clicking continue all would work fine.
    The client would connect on port 993 to receive email and on port 587 to send.
    Now on iphone 5 I get error: Cannot verify Server Identity with no prompt to accept the cert.
    Is there any work around for it?
    I tried to export the cert from I mac and import to iphone but still no luck.
    It looks like since iphone 4 the certs not issues by legal CA's don't work?
    thx

    I fixed that by getting certs from: https://www.startssl.com/?app=1.
    The certs are free and work fine.
    Since Iphone 4 apple does not accept unknown CA Authorities.

  • Do a basic call in as2 with scorm 2004 using flash template

    I can;t seem to get any calls working within flash. This is in as2 but needs to work with scrom2004. I have published using the scorm 2004 template, and all the needed files (including the manifest) are there
    The init command works
    fscommand("SCOInitialize", "");
    but any get or set commands do not I have tried tons, including
    fscommand("SCOGetValue", "cmi._version,ver");
    fscommand("SCOGetValue", "cmi._version:ver2");
    ExternalInterface.call("SCOGetValue", "cmi._version"))
    I am just trying a simple example, getting the version variable. both are null when outputted
    Any ideas how to get a simple value
    Thanks

    HI,
       use the following
    create object wordobj 'WORD.APPLICATION' .
      if sy-subrc ne 0 .
        message s000(su) with 'Error while creating OLE object!'.
        leave program .
      endif .
      set property of gs_word 'Visible' = '1' .
    SET PROPERTY OF gs_word 'Save' = '1' .
      get property of gs_word 'documents' = gs_documents.
      call method of gs_documents 'Add' = newdoc.
    Thanks & Regards,
    Vallamuthu. M

  • Mail - Problem with Certs

    Hi@all, i am new here an hopefully somoene is able to help me.
    I have following Problem with Apple Mail:
    I did a Upgrade from Mac OS X 10.4 to 10.5.
    After that, i can't sign and encrypt my Mails with Apple Mail.
    The Certs are installed and trusted in keychain. But Mail doesn't show me anymore the Functions at creating a new mail to encrypt or sign the content.
    Has anyone an idea?

    ok, i suggest you try two things.
    first, try to drag one the "sul mio mac" that is above ".mac", below it, so that all four headers of "sul mio mac" are next to one another, and see if that clears the issue up.
    if not, then i would locate the file com.apple.mail.plist in homefolder/library/preferences and trash it. do note that once you launch mail again you will have to recreate your account settings again.
    hope this helps

  • Profile manager sign with cert not working with signed cert

    Hello all,
    I purchased a Code Signed Certificate from DigiCert (Who I have many other certs with)
    I downloaded it and imported it into profile manager, it origionally told me that "This certificate could not be used to sign a profile" but after a restart that error went away, but now when I click the checkbox to enable signing it tries for 5-7 seconds and then just unchecks the box, but does not show an error.
    If I change back to the self signed it works fine.
    Has anyone had success with DigiCert Code Signed cert? or with this issue with another cert company?
    Thank you,
    -Patch
    Patch Charron
    Kensington Church

    Solved.
    Got it working by calling DigiCert support.
    They had me get the cert from Firefox in Windows and transfer it and apply their own intermediate certificate.
    Thanks for Digicert support for such a responsive support team.
    -Patch

  • AS2 with basic authentification in base 64

    Hi,
    My customer would like to use the basic authentification with AS2.
    By default it seems that username & password is not encoded in base64 ? It is possible to do it ?
    Seb

    Basic authentication alone will not be a very secure communication framework. Better have basic authentication + SSL to achieve better security. Message and headers will be encrypted over SSL channel.
    Regards,
    Anuj

  • Jabber and Messages: error with cert

    Hi all,
    Since upgrading to Mavericks, I'm not able to connect to my company's Jabber server. I get a cert error, even after I've trusted the cert. All Mavericks users at our company are having the same problem, so the problem isn't just on my computer. I've enclosed a screen shot of the error.
    Is anyone else having the same problem? The same setup - Jabber and Messages - works fine in Mountain Lion and previous OS versions.
    Thanks!

    Hi,
    Look at item 4 in this article
    http://support.apple.com/kb/TS3970
    Some people deliberately alter this file to prevent some apps from "phoning home"
    If I am reading this Cert info correctly you are one of the companies that someone might block.
    9:58 pm      Monday; November 4, 2013
      iMac 2.5Ghz 5i 2011 (Mavericks 10.9)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad

  • Outbound AS2 with Seeburger Adapter

    I am attempting to send a flat file using Seeburger's AS2 adapter. 
    1.  I created a new scenario. 
    2.  In the identifier section of the partner, I added a line for Seeburger | AS2ID | theID. 
    3.  I created a communication channel of type AS2.  It's setup for Transport Protocol HTTP.  I gave a server ip address, port, url, timeout, and no MDN.
    4.  The Receiver Agreement contains the signing key, encryption certificate, and authentication certificate.
    In my scenario, I have a sender agreement and communication channel that is monitoring a directory for the file to be sent.  Then the document is supposed to be sent to our partner.  When I attempt a transmission, I get the following error when I look at communication channel monitoring.
    Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing.., SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing..
    Sending failed. [2/19/09 6:14 PM]
    Error type: COMPONENT_ERROR,NOT_TRANSMITTED >> Error date: 2/19/09 6:14 PM >> Description: AS2 Adapter failure Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing.. com.seeburger.as2.AS2Plugin.execute(AS2Plugin.java:321) [2/19/09 6:14 PM]
    AS2 Adapter failure [2/19/09 6:14 PM]
    I am not sure where my problem exists, and hope someone can assist me.  I don't quite understand the error because I have the AS2ID entered in the Party (where I am sending to).
    Larry

    Hi
    Check this link, this may help fixing your problem
    Re: SEEBURGER AS2: 403 Forbidden #
    also
    Re: Seeburger AS2 comm channel problem (B2B) - "perhaps AS2ID missing"
    Regards
    Vishnu

  • [AS2 CS3/4] Embed external FLV into an MC using AS2 with timeline control

    Hi, Is there anyway to skip the process of manually embedding
    FLVs into SWF files? I want to load FLVs just as I would an
    external SWF.
    I've searched all over and all i can find is how to load FLVs
    into a FLVPlayer component with stop, play and controls to skip in
    time intervals.
    What I need is the ability to load an external FLV and be
    able to control it as if it were in a MC on the timeline, not as a
    streaming video.
    There are SO many questions out there about the FLVPlayer its
    really polluted any and all search results i've tried.
    Shedding some light on this for me would be greately
    appreciated!!!

    For anyone looking for an actual solution to this issue. If
    you're exporting movies out of After Effects, you can export as a
    SWF.
    The only reason I didn't know about this solution is that its
    not included in the render que options, so just select your comp,
    go to File > Export and select the setting for exporting as a
    SWF.
    Thank you kglad for the info

  • AS2 with AIR 1.5, code to open a local PDF view

    Does anyone know how to do this. I want to make a simple button that will open a PDF for users to print a file. A button to directly print would be even better.
    Kyle

    Hakan KIRIK wrote: "Have you tried Windows Projector (from publish settings) ?"
    Sweeeeet! That works great Hakan, we can certainly use the Flash Projector.
    One more solution I just came up with through googler(in case anyone is interested)
    -  Create a .bat file and call it from  fscommand:
    In Flash:
    function openPdf(event:MouseEvent):void{
    fscommand("exec", "openPdf.bat");
    In your fscommand folder:
    Create a .bat file called openPdf.bat with the following contents:
    @echo off
    file.pdf
    exit
    For this solution to work, name your pdf 'file.pdf', or change the name in the bat file and place the pdf in your fscommand folder as well.
    However, it's alot more work than just calling the navigateToURL funtion, but if you don't want to use a web browser to display your pdf, then the bat file method will work.
    Thanks for the solution Hakan, much appreciation,
    ~Chipleh

  • SAP most unproffessional with certs --plz beware before taking exams

    SAP is the most unprofessional when it comes to certifications...One of my friends had to resit the ABAP exam after scoring 82%..reason being the system didnt store his exam results after the exam was over due to some technical problem , he says the  exam invigilator was present in the room  only at the start of the exam,at the end of the 3 hrs exam my friend was the only guy in the entire SAP office(exam centre)... of course  if some one was still there in the exam centre to at least show them the results may be he would have passed....
    I dont really think its my friends responsibility to  save the results or show someone the results at the end of the exam, i think taking a picture would be against copyrights..
    And then SAP emails him saying , he has to retake the exam for their mistake..I think professional orgs would have accepted their mistake and ethically award the certification to him
    A professional ERP leader should have used competitive exam systems and processes which wouldnt  cause such stupid problems to the exam taker isnt it?
    Who would like to travel interstate and bear the expenses to write the SAP exams with no professional use, except for a label on the resume...No organization thinks that an SAP certified professional is good to directly work practically on the SAP system in real time..
    And also remember that you will only get your certification only when SAP pleases to release certifications from Germany, so you dont really have a certificate to say you have passed the exam...
    Tips: dont take the exam, if you do -beware of all tech probs you could be faced with during the exam and after the exam.... And you dont have a say-its all what they say is right..

    xyz said:
    "No organization thinks that an SAP certified professional is good to directly work practically on the SAP system in real time.."
    I'm not entirely sure what you mean here ... but I am pretty sure that you're wrong anyway!
    "I still cant figure out why the rant is coming from you and not your friend.
    pk"
    ..... because his friend tried to post it on here but it wouldn't save! 

  • AS2 with AS3 integration

    Hi.
    I have loads of games in AS2 but a freelancer is developping games in AS3. Can I use a container movie in AS3 and load both AS2 and AS3 games in. Otherwise I would have to update all games into AS3. Would all games have to be published to the same flashplayer? ie: FS7 etc...

    you can use an as3 swf to load as2 swfs.  if you need to communicate between the two swfs, use the localconnection class.

Maybe you are looking for