AS2 With certs
When using certs and AS2 which certificate file needs to be imported @ the Host level ? Is it the entire .p12 that is uploaded to the Oracle wallet ?
I am thinking it must be one of the .cer files.
At the host level the decryption is happening right ? Our customer is encrypting with our server level cert.
Which of the many certs should be uploaded via the User Interface ?
Server , Root Certs , Private Key , entire wallet ?
I currently have the Server cert defined and when our customer is sending it gives
"General failure decrypting S/MIME message " Nothing more.
Similar Messages
-
Is there any white paper/tutorials for setting up X12 over AS2 with a certificate and private key.
I am not familiar with the oracle wallet etc... So any help would be appreciated.Hello,
Please import the X12 tutorial which is shipped with the product in respective buyer and seller machine . Follow the write up on security.
http://rameshnittursblog.blogspot.com/2007/08/oracle-as-b2b-security-how-to.html
Please let us know if you have specific questions.
Rgds,Ramesh -
SSL LLE together with Cert-C PKI Encryption
I could successfully set up LLE encrytion for WSL without Cert-C or message encrpytion with Cert-C plugin. But could not mange to get them both working in the same application.
I am using Tuxedo10.3 + OpenLDAP on RH5.
Native client tpinit gives me tpinit failure and in ULOG I see LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
Encrpyted PKCS8 private key dont work for me with Cert-C. SEC_PRINCIPAL_PASSVER and decPassword attribute for cert-c/key_manager didnt change anything and finaly i used unencrypted PK.
ULOG ---------------------------------8<----------------------------------------------------------------
173342.730.borjomi!WSH.14905.3086448320.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=native/security/authentication)
173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/native/atn)
173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: destroy(priv=0x8199ee0)
173342.732.borjomi!WSH.14905.3086448320.0: WSNAT_CAT:1030: INFO: Work Station Handler joining application
173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=native/security/map_proof)
173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=native/security/pk_initialization)
173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=bea/native/pkifile)
173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
173342.739.borjomi!?proc.14904.3086374592.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
173342.744.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/key_management, alias=native/security/key_management)
173342.751.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG:{ _ep_dl_certc_key_management()
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: privateKeyDir=file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: decPassword=password
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/)
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: Using Private keys in directory /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
173342.751.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_lookup, alias=native/security/certificate_lookup)
173342.760.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_parsing, alias=native/security/certificate_parsing)
173342.760.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
173342.760.borjomi!WSH.14905.3086448320.0: CCDBG: { _e_dl_certc_certificate_parsing()
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } edl_certc_certificate_parsing(30), returns 0
173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=native/security/certificate_validation)
173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=bea/cert-c/certificate_validation)
173342.761.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { _ep_dl_certc_validate_certificate()
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: Trusted CA file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: CRL file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der)
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { validate_init()
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { addCertFromFileToList(fname /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der, read 537 of bytes
173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } addCertFromFileToList(50) return 0
173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der, read 279 of bytes
173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } validate_init(140) return SUCCESS
173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } epdl_certc_validate_certificate(80) return SUCCESS
173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal myapp)
173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(50) return SUCCESS
173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_get_issuer_name()
173342.797.borjomi!WSH.14905.3086448320.0: issuer dn (81 bytes):
173342.797.borjomi!WSH.14905.3086448320.0: 30 4f 31 10 30 0e 06 03 55 04 03 13 07 63 61 6d 0O1.0...U....cam
173342.797.borjomi!WSH.14905.3086448320.0: 79 61 70 70 31 0e 30 0c 06 03 55 04 0b 13 05 54 yapp1.0...U....T
173342.797.borjomi!WSH.14905.3086448320.0: 69 65 74 6f 31 0d 30 0b 06 03 55 04 07 13 04 52 ieto1.0...U....R
173342.797.borjomi!WSH.14905.3086448320.0: 69 67 61 31 0f 30 0d 06 03 55 04 08 13 06 4c 61 iga1.0...U....La
173342.797.borjomi!WSH.14905.3086448320.0: 74 76 69 61 31 0b 30 09 06 03 55 04 06 13 02 4c tvia1.0...U....L
173342.797.borjomi!WSH.14905.3086448320.0: 56 V
173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { getNameFromNameObject()
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: avaCount 5
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: valueTag PRINTABLE STRING
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: type = 55, 4, 55
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: name camyapp, 0x81ccb40
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } getNameFromNameObject(40) return SUCCESS
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: issuer name is camyapp
173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_get_issuer_name(60) return 0
173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal camyapp)
173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(40) return TRUSTED
173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_private(cd 0x81cd260, principal myapp, location /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der)
173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: req_usage 0x2, cd->cds_usage 0x2
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der, read 634 of bytes
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: got the key info for type 0
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: private key 0x81cbdf0, *keyp 0x81cbdf0
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_private(70) return SUCCESS
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_public(cd 0x81cd260, principal myapp, req_usage 0x2)
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key match type 0
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key 0x81d19c8, *keyp 0x81d19c8
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_public(70) return SUCCESS
173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_validate(principal myapp)
173342.840.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_validate(100) return SUCCESS
173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6741: ERROR: SSL error -1
173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6633: ERROR: Could not create SSL context on accept
173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:1032: ERROR: Failed to receive expected reply
173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:2003: ERROR: Unable to get reply to gssapi token message
---------------------------------8<----------------------------------------------------------------
Test setup script:
---------------------------------8<----------------------------------------------------------------
LDAP_HOST=10.57.5.167
LDAP_PORT=8080
LDAP_ROOTDN="dc=com"
LDAP_BASEDN="cn=Manager,$LDAP_ROOTDN"
LDAP_PASSWORD="password"
## Create openssl config
cat <<EOF >openssl.cfg
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # top dir
database= index.txt
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_md = md5
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
[ req_distinguished_name ]
EOF
## Generate self-signed CA
openssl req -x509 -newkey rsa:1024 -keyform PEM -keyout camyapp_key.pem -out camyapp_crt.pem -days 365 -subj '/CN=camyapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
openssl x509 -in camyapp_crt.pem -out camyapp_crt.der -outform DER
cat camyapp_crt.pem >> $TUXDIR/udataobj/security/certs/trust_ca.cer
## Generate user certificate for PRINCIPAL myapp
openssl req -newkey rsa:1024 -keyform PEM -keyout myapp_key.pem -outform PEM -out myapp_csr.pem -days 365 -subj '/CN=myapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
# myapp.pem works fine for LLE when using libplugin.so
#openssl pkcs8 -topk8 -in myapp_key.pem -passout pass:password -outform PEM -out myapp.pem
# It look like libcertctux.so accepts only unencrypted keys. Is it true?
openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.der
openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.pvt
openssl x509 -req -in myapp_csr.pem -CA camyapp_crt.pem -CAkey camyapp_key.pem -CAcreateserial -outform DER -out myapp_crt.der -days 356
#Reload LDAP
ldapdelete -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -w $LDAP_PASSWORD -r "$LDAP_ROOTDN"
cat <<EOF > myapp.ldif
dn: $LDAP_ROOTDN
dc: ${LDAP_ROOTDN/*=}
objectClass: dcObject
objectClass: organization
o: something
dn: o=TUX,$LDAP_ROOTDN
o: TUX
objectClass: organization
dn: cn=myapp,o=TUX,$LDAP_ROOTDN
userPassword: password
objectClass: inetOrgPerson
objectClass: person
objectClass: pkiUser
objectClass: strongAuthenticationUser
sn: myapp
cn: myapp
# For SSL search:SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
mail: myapp
userCertificate;binary:<file://`pwd`/myapp_crt.der
EOF
ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f myapp.ldif -w $LDAP_PASSWORD -c
## Generate empty CRL. The same CRL is used for ARL
echo > index.txt
openssl ca -gencrl -keyfile camyapp_key.pem -cert camyapp_crt.pem -out my_crl.pem -config openssl.cfg
openssl crl -in my_crl.pem -out my_crl.der -outform DER
cat <<EOF > ca.ldif
dn: cn=camyapp,o=TUX,$LDAP_ROOTDN
userPassword: password
objectClass: inetOrgPerson
objectClass: person
objectClass: certificationAuthority
sn: camyapp
mail: camyapp
cACertificate;binary:<file://`pwd`/camyapp_crt.der
certificateRevocationList;binary:<file://`pwd`//my_crl.der
authorityRevocationList;binary:<file://`pwd`//my_crl.der
EOF
ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f ca.ldif -w $LDAP_PASSWORD -c
## Installation values
epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://10.57.5.167:8080/ -a Params=ldapBaseObject=o=TUX,dc=com -a Params=binaryCertificate=YES
epifregedt -s -k SYSTEM/impl/security/BEA/certificate_validation -a Params=caCertificateFile=file://$TUXDIR/udataobj/security/certs/trust_ca.cer -a Params=peerValidationRuleFile=file://$TUXDIR/udataobj/security/certs/peer_val.rul
epifregedt -s -k SYSTEM/impl/security/BEA/key_management -a Params=privateKeyDir=file://$TUXDIR/udataobj/security/keys
# ** Modify Validation Interface **
epifreg -r -p bea/cert-c/certificate_validation -i engine/security/certificate_validation -v 1.0 -f libcertctux.so -e epdl_certc_validate_certificate -u caCertificateFile=file://`pwd`/camyapp_crt.der -u crlFile=file://`pwd`/my_crl.der
epifregedt -s -k SYSTEM/impl/bea/valfile -a InterceptionSeq=bea/cert-c/certificate_validation
epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_validation -a DefaultImpl=bea/valfile
# ** Modify Lookup Interface ** Use OpenLDAP
# Not using cert-c certificate lookup. Lookup from libplugin is compatible with OpenLDAP
#epifreg -r -p bea/cert-c/certificate_lookup -i engine/security/certificate_lookup -v 1.0 -f libcertctux.so -e epdl_certc_certificate_lookup -u ldapUserCertificate=ldap://10.57.5.167:8080 -u ldapBaseObject="o=TUX,dc=com" -u ldapFilterAttribute="cn" -u ldapBaseDNAttribute="dc,o,cn,c,ou"
epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://$LDAP_HOST:$LDAP_PORT/ -a Params=ldapBaseObject=o=TUX,$LDAP_ROOTDN -a Params=binaryCertificate=YES -a Params=filterFileLocation="file://$TUXDIR/udataobj/security/bea_ldap_filter.dat"
epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_lookup -a DefaultImpl=security/BEA/certificate_lookup
# ** Modify Key Management Interface **
epifreg -r -p bea/cert-c/key_management -i engine/security/key_management -v 1.0 -f libcertctux.so -e epdl_certc_key_management -u privateKeyDir=file://`pwd`/ -u decPassword="password"
epifregedt -s -k SYSTEM/interfaces/engine/security/key_management -a DefaultImpl=bea/cert-c/key_management
# ** Modify Certificate Parsing Interfaces **
epifreg -r -p bea/cert-c/certificate_parsing -i engine/security/certificate_parsing -v 1.0 -f libcertctux.so -e epdl_certc_certificate_parsing
epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_parsing -a DefaultImpl=bea/cert-c/certificate_parsing
----------------------------8<------------------------------------------------
Ldap log:
----------------------------8<------------------------------------------------
conn=0 fd=12 ACCEPT from IP=10.57.5.167:34885 (IP=10.57.5.167:8080)
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
<= bdb_equality_candidates: (mail) not indexed
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=certificationAuthority)(cn=camyapp)(sn=camyapp))"
<= bdb_equality_candidates: (cn) not indexed
<= bdb_equality_candidates: (sn) not indexed
conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
----------------------------8<------------------------------------------------
Message signing works fine
Note.
OpenLDAP must allow bind_v2
ULOGDEBUG, PIFDBG and CERTCDBG environment variables are set.
Any ideas?I got workaround by putting WSL parameters in a separate registry file.
System.rdp is registry with cert-c PKI plugin setup.
System_wsl.rdp is registry with key_management from libplugin.so (default installation values).
WSL is configured to read parameters from System_wsl.rdp.
ubbt SERVER section:
WSL SRVGRP=NOTMS_GROUP SRVID=200 CLOPT="-A -- -d /dev/tcp -n //10.57.5.167:12500 -S 12501 -z 40 -Z 128" ENVFILE="<absolute path>/WSL.env"<absolutel path>/WSL.env:
REG_KEY_SYSTEM=<absolute path>/System_wsl.rdpStill I am curious about Cert-C + SSL. -
802.1X, you deployed with Certs, or used individual user accounts?
I'm looking at 802.1X to improve our internal network's security posture to prevent unauthorized access by non-authorized users. The solution I am looking at is 802.1X only, not any vender's NAC solution which rides upon 802.1X, but 802.1X solely. We currently have no plans nor budget for Cisco's NAC appliance, Clean Access, CSA, or any other type of similar program. Out systems are XP or Vista, our JetDirect's purchased over the years have 802.1X capability per HP's specs. I have about 3,500 desktops.
I had initially considered having the switches query a radius server (like ACS for example)which would in turn query the Windows AD for account authentication. This would prevent those without an account access to the network via a switchport.
I've been looking at some of the ways to perform this and it looks like some people say the best way (for security's sake) to actually utilize a certificate authority (internal CA) to authenticate user access in lieu of the username and password. Keep in mind, our current AD password policy requires a username's password change every 60 days, 8 chars or more, requiring uppercase, lowercase, and a number in that password. This is much stronger than it used to be.
So, I'm on the fence here and I am in the early stages of exploration. Can some of you tell me what you chose to do and why?
Much thanks.I'm in the middle of a deployment of .1X authentication for the exact same reasons you are.
I'm assuming you are using Catalyst switches, just make sure you're using a good version of the IOS, I have 4507's in my IDF's and use 12.2(37)SG. Prior to this I had some very weird problems, inconsistent authentication.
I didn't use certs, I use the XP supplicant and use the hardware machine name to authenticate with AD + MAC address authentication. I had to go this route because my user base would just allow a guest machine to log in with their AD creditials.
Unfortunately it's a head-ache to trouble shoot. My desktop team uses a handheld tester from Fluke and I have to reset the MAC table everytime they need to test. -
Iphone 5 Email client fails when connecting to server with certs signed by personal CA
My mail resides on my own server with its own private CA that was used to sign the email server cert.
I used sendmail and CA and certs were created with below commands:
CA -newca
openssl req -newkey rsa:1024 -nodes -keyout sendmail_req.pem -out sendmail_req.pem
openssl ca -out sendmail_cert.pem -infiles sendmail_req.pem
Before I switched to iphone 5 I had Iphone 3s and all worked fine.
I would get a notification: cannot verify server identity, but after clicking continue all would work fine.
The client would connect on port 993 to receive email and on port 587 to send.
Now on iphone 5 I get error: Cannot verify Server Identity with no prompt to accept the cert.
Is there any work around for it?
I tried to export the cert from I mac and import to iphone but still no luck.
It looks like since iphone 4 the certs not issues by legal CA's don't work?
thxI fixed that by getting certs from: https://www.startssl.com/?app=1.
The certs are free and work fine.
Since Iphone 4 apple does not accept unknown CA Authorities. -
Do a basic call in as2 with scorm 2004 using flash template
I can;t seem to get any calls working within flash. This is in as2 but needs to work with scrom2004. I have published using the scorm 2004 template, and all the needed files (including the manifest) are there
The init command works
fscommand("SCOInitialize", "");
but any get or set commands do not I have tried tons, including
fscommand("SCOGetValue", "cmi._version,ver");
fscommand("SCOGetValue", "cmi._version:ver2");
ExternalInterface.call("SCOGetValue", "cmi._version"))
I am just trying a simple example, getting the version variable. both are null when outputted
Any ideas how to get a simple value
ThanksHI,
use the following
create object wordobj 'WORD.APPLICATION' .
if sy-subrc ne 0 .
message s000(su) with 'Error while creating OLE object!'.
leave program .
endif .
set property of gs_word 'Visible' = '1' .
SET PROPERTY OF gs_word 'Save' = '1' .
get property of gs_word 'documents' = gs_documents.
call method of gs_documents 'Add' = newdoc.
Thanks & Regards,
Vallamuthu. M -
Hi@all, i am new here an hopefully somoene is able to help me.
I have following Problem with Apple Mail:
I did a Upgrade from Mac OS X 10.4 to 10.5.
After that, i can't sign and encrypt my Mails with Apple Mail.
The Certs are installed and trusted in keychain. But Mail doesn't show me anymore the Functions at creating a new mail to encrypt or sign the content.
Has anyone an idea?ok, i suggest you try two things.
first, try to drag one the "sul mio mac" that is above ".mac", below it, so that all four headers of "sul mio mac" are next to one another, and see if that clears the issue up.
if not, then i would locate the file com.apple.mail.plist in homefolder/library/preferences and trash it. do note that once you launch mail again you will have to recreate your account settings again.
hope this helps -
Profile manager sign with cert not working with signed cert
Hello all,
I purchased a Code Signed Certificate from DigiCert (Who I have many other certs with)
I downloaded it and imported it into profile manager, it origionally told me that "This certificate could not be used to sign a profile" but after a restart that error went away, but now when I click the checkbox to enable signing it tries for 5-7 seconds and then just unchecks the box, but does not show an error.
If I change back to the self signed it works fine.
Has anyone had success with DigiCert Code Signed cert? or with this issue with another cert company?
Thank you,
-Patch
Patch Charron
Kensington ChurchSolved.
Got it working by calling DigiCert support.
They had me get the cert from Firefox in Windows and transfer it and apply their own intermediate certificate.
Thanks for Digicert support for such a responsive support team.
-Patch -
AS2 with basic authentification in base 64
Hi,
My customer would like to use the basic authentification with AS2.
By default it seems that username & password is not encoded in base64 ? It is possible to do it ?
SebBasic authentication alone will not be a very secure communication framework. Better have basic authentication + SSL to achieve better security. Message and headers will be encrypted over SSL channel.
Regards,
Anuj -
Jabber and Messages: error with cert
Hi all,
Since upgrading to Mavericks, I'm not able to connect to my company's Jabber server. I get a cert error, even after I've trusted the cert. All Mavericks users at our company are having the same problem, so the problem isn't just on my computer. I've enclosed a screen shot of the error.
Is anyone else having the same problem? The same setup - Jabber and Messages - works fine in Mountain Lion and previous OS versions.
Thanks!Hi,
Look at item 4 in this article
http://support.apple.com/kb/TS3970
Some people deliberately alter this file to prevent some apps from "phoning home"
If I am reading this Cert info correctly you are one of the companies that someone might block.
9:58 pm Monday; November 4, 2013
iMac 2.5Ghz 5i 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad -
Outbound AS2 with Seeburger Adapter
I am attempting to send a flat file using Seeburger's AS2 adapter.
1. I created a new scenario.
2. In the identifier section of the partner, I added a line for Seeburger | AS2ID | theID.
3. I created a communication channel of type AS2. It's setup for Transport Protocol HTTP. I gave a server ip address, port, url, timeout, and no MDN.
4. The Receiver Agreement contains the signing key, encryption certificate, and authentication certificate.
In my scenario, I have a sender agreement and communication channel that is monitoring a directory for the file to be sent. Then the document is supposed to be sent to our partner. When I attempt a transmission, I get the following error when I look at communication channel monitoring.
Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing.., SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing..
Sending failed. [2/19/09 6:14 PM]
Error type: COMPONENT_ERROR,NOT_TRANSMITTED >> Error date: 2/19/09 6:14 PM >> Description: AS2 Adapter failure Outbound configuration error: Sender configuration incomplete - perhaps AS2ID missing.. com.seeburger.as2.AS2Plugin.execute(AS2Plugin.java:321) [2/19/09 6:14 PM]
AS2 Adapter failure [2/19/09 6:14 PM]
I am not sure where my problem exists, and hope someone can assist me. I don't quite understand the error because I have the AS2ID entered in the Party (where I am sending to).
LarryHi
Check this link, this may help fixing your problem
Re: SEEBURGER AS2: 403 Forbidden #
also
Re: Seeburger AS2 comm channel problem (B2B) - "perhaps AS2ID missing"
Regards
Vishnu -
[AS2 CS3/4] Embed external FLV into an MC using AS2 with timeline control
Hi, Is there anyway to skip the process of manually embedding
FLVs into SWF files? I want to load FLVs just as I would an
external SWF.
I've searched all over and all i can find is how to load FLVs
into a FLVPlayer component with stop, play and controls to skip in
time intervals.
What I need is the ability to load an external FLV and be
able to control it as if it were in a MC on the timeline, not as a
streaming video.
There are SO many questions out there about the FLVPlayer its
really polluted any and all search results i've tried.
Shedding some light on this for me would be greately
appreciated!!!For anyone looking for an actual solution to this issue. If
you're exporting movies out of After Effects, you can export as a
SWF.
The only reason I didn't know about this solution is that its
not included in the render que options, so just select your comp,
go to File > Export and select the setting for exporting as a
SWF.
Thank you kglad for the info -
AS2 with AIR 1.5, code to open a local PDF view
Does anyone know how to do this. I want to make a simple button that will open a PDF for users to print a file. A button to directly print would be even better.
KyleHakan KIRIK wrote: "Have you tried Windows Projector (from publish settings) ?"
Sweeeeet! That works great Hakan, we can certainly use the Flash Projector.
One more solution I just came up with through googler(in case anyone is interested)
- Create a .bat file and call it from fscommand:
In Flash:
function openPdf(event:MouseEvent):void{
fscommand("exec", "openPdf.bat");
In your fscommand folder:
Create a .bat file called openPdf.bat with the following contents:
@echo off
file.pdf
exit
For this solution to work, name your pdf 'file.pdf', or change the name in the bat file and place the pdf in your fscommand folder as well.
However, it's alot more work than just calling the navigateToURL funtion, but if you don't want to use a web browser to display your pdf, then the bat file method will work.
Thanks for the solution Hakan, much appreciation,
~Chipleh -
SAP most unproffessional with certs --plz beware before taking exams
SAP is the most unprofessional when it comes to certifications...One of my friends had to resit the ABAP exam after scoring 82%..reason being the system didnt store his exam results after the exam was over due to some technical problem , he says the exam invigilator was present in the room only at the start of the exam,at the end of the 3 hrs exam my friend was the only guy in the entire SAP office(exam centre)... of course if some one was still there in the exam centre to at least show them the results may be he would have passed....
I dont really think its my friends responsibility to save the results or show someone the results at the end of the exam, i think taking a picture would be against copyrights..
And then SAP emails him saying , he has to retake the exam for their mistake..I think professional orgs would have accepted their mistake and ethically award the certification to him
A professional ERP leader should have used competitive exam systems and processes which wouldnt cause such stupid problems to the exam taker isnt it?
Who would like to travel interstate and bear the expenses to write the SAP exams with no professional use, except for a label on the resume...No organization thinks that an SAP certified professional is good to directly work practically on the SAP system in real time..
And also remember that you will only get your certification only when SAP pleases to release certifications from Germany, so you dont really have a certificate to say you have passed the exam...
Tips: dont take the exam, if you do -beware of all tech probs you could be faced with during the exam and after the exam.... And you dont have a say-its all what they say is right..xyz said:
"No organization thinks that an SAP certified professional is good to directly work practically on the SAP system in real time.."
I'm not entirely sure what you mean here ... but I am pretty sure that you're wrong anyway!
"I still cant figure out why the rant is coming from you and not your friend.
pk"
..... because his friend tried to post it on here but it wouldn't save! -
Hi.
I have loads of games in AS2 but a freelancer is developping games in AS3. Can I use a container movie in AS3 and load both AS2 and AS3 games in. Otherwise I would have to update all games into AS3. Would all games have to be published to the same flashplayer? ie: FS7 etc...you can use an as3 swf to load as2 swfs. if you need to communicate between the two swfs, use the localconnection class.
Maybe you are looking for
-
My iPad is somehow stuck on the US App Store and won't allow me to download any apps. How do I get it to go to the Canadian store like it asks me to?
-
Getting "No Object type found error" in BPM sceanrio.
Hi Friends, I am doing File to RFC with response sceanrio using BPM. For this i configured one receiver step, one send synchronous step to send input message to RFC and one asynchronous send step to send the response to a file. I have configured 3 re
-
IMac G5 - Pixelated Finder screen
Hi guys, Wondered if anyone can shed any light on this. I keep getting a pixelated finder screen - not all over but as if the screen hasn't rendered properly. It happens infrequently when I boot up in the morning & it also occured when the computer w
-
How to keep date format as dd/mm/yyyy in Agentry independent of backend value format?
I am using Agentry 6.0.38.1 android client and 6.0.32 plugin. I want to keep date format as dd/mm/yyyy in Agentry independent of backend value date format. How can I do it? Regards -Prit
-
Not getting connection with Oracle 10g
Dear All, I have installed oracle 10 g on linux , but when I want to connect it gives error msg like this "Firefox can't establish a connection to the server at 127.0.0.1." Please give me reply