Avca secure_agent fails with 'No trusted certificate found'

Similar Messages

• Seeburger AS2 error: No Trusted Certificate found

  Dear SAP experts,
  Good day!
  Need your expert advice regarding the error that I am getting in Seeburger AS2.
  Here's the scenario:
  SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
  I've trigerred already messages but they are getting this kind of error:
  Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
  Kindly advice if there are missing or invalid certificates on both sides?
  What would be the cause of the issue?
  Many Thanks!
  Godo

  Godo,
  I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
  Also one more important thing,
  Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
  Check detail error messsage at:
  http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
  Hope this will help.
  Nilesh

• Sun.security.validator.ValidatorException: No trusted certificate found

  Hello,
  I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
  I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
  -Djavax.net.ssl.trustStore=/Path-to-file  -Djavax.net.ssl.trustStorePassword=password     On my development environment I can call the Web Service correctly.
  Although, on the production environment, I am getting the following exception:
  javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy171.send(Unknown Source)
       at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
       at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
       at java.lang.Thread.run(Thread.java:619)
  Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
       ... 6 more
  Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  333)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
       ... 9 more
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
  d certificate found
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
  nnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
  0)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  275)
       ... 14 more
  Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  09)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  49)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more     Both systems are configured with the same JBoss, JVM, ...
  The certificate details are:
  Owner=
    CN=*...., OU=..., O=..., L=..., ST=..., C=PT
  Issuer=
    CN=..., O=..., C=PT
  Version=3
  Serial Number=BC81A81843E26C2597CD10354588F61E
  Valid From=Monday, 3 March 2008 18:50
  Valid Until=Tuesday, 3 March 2009 18:50
  Signature Algorithm=SHA1withRSA
  Fingerprints=
      MD5:     0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
      SHA1:    35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
  Key Usage= critical
      List:
      . digitalSignature
      . keyEncipherment
      . dataEncipherment
      . keyAgreement
  Extended Key Usage= none
       On production I have also tried adding the following properties:
  -Djavax.net.ssl.keyStore=/Path-to-file  -Djavax.net.ssl.keyStorePassword=password     But I still get the error.
  Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
  Any help would really be welcome.
  Thanks in advance.
  Best regards,
  Victor Batista

  Hi,
  Thanks for your prompt reply.
  I have also tried to add all the chain of certificates on my truststore, although I get the exception:
  Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 moreAnd all the certificates are valid.
  I really don't understand what is going on.
  Can I Ignore expired certificates? Any property?
  When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
  Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
  The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
  Thanks in advance,
  Victor

• No trusted certificate found (91);Cannot connect to the LDAP server

  HI All,
  I am trying to connect to LDAP server with the following code.
  JSSESocketFactory fact = null;
  private LDAPConnection conn = null;
  String keystore = "C:\\j2sdk1.4.2_15\\jre\\lib\\security\\cacerts";
  System.setProperty("javax.net.ssl.trustStore",keystore);
  fact = new JSSESocketFactory(null);
  conn = new LDAPConnection(fact);
  int ldapVersion = 3;//LDAPConnection.LDAP_V3; //defualt values of LDAP settings
  private int ldapPort = 636;
  LDAPAttributeSet ldapAtrbSet;
  String ldapHost;
  String loginDN;
  String loginDN_Password;
  And it is gicving me error :
  Error: netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
  netscape.ldap.LDAPException: SSL connection to 192.168.10.8:636, sun.security.validator.ValidatorException: No trusted certificate found (91); Cannot connect to the LDAP server
       at netscape.ldap.factory.JSSESocketFactory.makeSocket(JSSESocketFactory.java:105)
       at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:418)
       at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:350)
       at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:244)
       at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:170)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1042)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:924)
       at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:768)
       at com.reflexis.LDAP.LdapTestSSL.createConnection(LdapTestSSL.java:522)
       at com.reflexis.LDAP.LdapTestSSL.checkLdap(LdapTestSSL.java:118)
       at com.reflexis.LDAP.LdapTestSSL.main(LdapTestSSL.java:52)
  Unable to connect to LDAP server
  I have imported atr certificate also by using command:
  "keytool -import -alias jag -file c:\x225.cer -keystore c:\j
  2sdk1.4.2_15\jre\lib\security\cacerts"
  I am running my java code from eclipse. And do i have to set any thing in eclipse for certificate. I Have imported certificate from command prompt.
  Can any one please help me.It is very important for me.
  Please its very urgent.
  THanks,
  Ankush Patni

  As previously said network is a possible cause.Other things could be time on filer is too far off time on DC.AD object for filer has been deleted or change by a Windows admin.If all users are experiencing a problem, you may need to rebind it to AD - run CIFS setup at command prompt

• Can write, can't read from SSLSocket. No trusted certificate found

  Hello!
  We have to use an ssl connection to talk to another application. The exception is generated when trying to read from the socket. Creation and writing don't generate any errors and I can't verify if the other server actually gets what I'm writing.
  I used these commands to create the private key and the certificate
  openssl genrsa -des3 -out priv.pem -passout pass:myPassword 1024
  openssl req -x509 -new -key priv.pem -passin pass:myPassword -days 3650 -out cert.cerI have imported the cert.cer into the java/jre/lib/security/cacerts keystore. The CN value in the cert.cer is the one I got from the hostname command.
  I still get the error:
  javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundJust before reading from the socket I print in the log file the sockets properties:
  is input shut down? false
  is output shut down? false
  is bound? true
  is closed? false
  is connected? trueAm I suppose to do somethin with the priv.pem? Where does that one go? Isn't the cert.cer enough?
  I don't know what else to do and how to check anything else. Any ideas would be greatly appreciated.
  Thank you very much,
  Iulia S.

  Hi again,
  I am at wits' end in here and I hate it when I move in the unstable grounds of not knowing stuff. I am still getting the error.
  I managed to get the certificate from the other application, it's not self-signed it's issued by Thawte. Apparently you can also get it with FF3 from the cute little lock next to the address bar. Am I talking about the same certificate? Then I did this to import it:
  ./keytool -import -alias bristow -file /location/to/THEcertificate -keystore /location/to/java/jre/lib/security/cacertsAnd I did restart the server. Several times. Several several times.
  Some details about the application: it's a servlet running on a websphere 6.1 server. I noticed that this error is from sun.security.validator.ValidatorException while mine is from:
  javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundI can understand they are different packages but shouldn't they implement the same standard protocol? btw there are no com.sun.* classes imported.
  Am I not creating the SSLSocket right?
  SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket s = (SSLSocket) sslsocketfactory.createSocket("secureSite.com", portNo);The string that defines the hostname, it's just the name, no protocol or anything else, right? I just need someone to confirm it. I've already tried all the other posibilities and they don't work.
  It all crashes at the readLine:
  BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
  String input = "";
  while((input = in.readLine()) != null)I ran the php script they gave us as an example, on a different server, and it worked just fine. No certificates needed.
  I've tried reading characters instead of line, just in case this error would be absurdly linked with the no-end-of-line. Same error.
  I'm trying to poke the server with a stick see if I can get a response. I run this from my local machine:
  import java.io.InputStreamReader;
  import java.io.BufferedReader;
  import java.io.PrintWriter;
  import java.net.URLEncoder;
  import java.util.Date;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  public class EchoClient
       public static void main(String[] arstring)
            try
                 SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
                 SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("hostname", 99999);
                 sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
                 StringBuffer data = new StringBuffer();
                 dataDeTrimis.append("DATA1=").append(URLEncoder.encode("DATA1","UTF-8"))
                 .append("&DATA2=").append(URLEncoder.encode("DATA2", "UTF-8"));
                 String includeHeader = "POST /script/location/script.php HTTP/1.1\r\n" + "Content-Length: " +        data.length() + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "\r\n" + data;
                 BufferedReader in = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
                 PrintWriter outs = new PrintWriter(sslsocket.getOutputStream(), true);
                 outs.print(includeHeader);
                 String input = "";
                 System.out.println("is input shut down: "+sslsocket.isInputShutdown()+" is output shut down? "+sslsocket.isOutputShutdown()+" is bound? "+sslsocket.isBound()+" is closed? "+sslsocket.isClosed()+" is connected? "+sslsocket.isConnected());
                 System.out.println("server: "+in.read());
                 while((input=in.readLine())!=null)
                      System.out.println("SERVER REPLIED : " + input + "\n");
                 sslsocket.close();
            catch(Exception exception)
                 exception.printStackTrace();
  }The answer is:
  is input shut down: false is output shut down? false is bound? true is closed? false is connected? true
  server: -1Shouldn't I get something even a little bit more significant then just NO answer? sigh
  If I were to explicitly load the keystore will that get me anywhere? I am out of ideas. Anything to point somewhere would be great.
  Thank you very much,
  Iulia S.

• Getting "No trusted certificate found" when attempting to connect to 10g DB

  Greetings,
  I have an Oracle 10g DB configured to listen via TCPS. I am able to tnsping and sql+ into the DB just fine. However, when attempting to connect via SQL Developer, I get the following error:
  *"Status: Failure -lo exception: sun.security.validator. ValidatorException: No trusted certificate found"*
  Here is my tnsnames.ora entry:
  EMCECCH01.CORPORATE.MY.COM =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = emcecch01.corporate.my.com)(PORT = 1575))
  (CONNECT_DATA =
  (SERVICE_NAME = rambdb)
       (SECURITY = (MY_WALLET_DIRECTORY = C:\DBSafes\Cincinnati\dbSafe))
  Obviously when I create my connection, I am using 'TNS'. I've also attempted to connect via the JDBC thin driver, but when testing the connection, it just sits and spins without ever returning a result. Here is the URL I'm using:
  jdbc:oracle:thin:@emcecch01.corporate.my.com:1575:rambdb
  I've verified that the appropriate JAR files are in place in the jlib directory.
  Any advice in this matter would be greatly appreciated.
  Regards

  Hi,
  If your connection entry is unusual you could try these simple things that may cause variation/different code paths:
  1/ORACLE_HOME being set /unset by for example a bat script before launching sqldeveloper [see in sqldeveloper help/about/properties/ oracle.home and jdbc.library to see what oracle is using]
  (you could be using sqldeveloper or other oracle install jdbc)
  2/Tools/preferences/database/Advanced Parameters/Use oci thick driver set/unset
  (you could be using 'pure' jdbc thin or 'mixture of c & java' ie. thick oci driver using another Oracle Home or instant client)
  3/use Connection type=advanced then you can enter a fancy description (these descriptions are simple but you could have load balancing for example):
  thin is pure java
  jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
  oci8 is thick/c/oci-java
  jdbc:oracle:oci8:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MACHINE_NAME_OR_IP)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=dev11gr1)))
  (or get SQLDev to look up tnsnames.ora, connection type = tns might work)
  Please post your findings and put in an enhancement request for particular connection feature support, documented with a test case.
  -Turloch

• How to import Root CA "No trusted certificate found" exception.

  I have an application that connects https to a server and POSTs some data. That application works fine with one server but not with another. I get javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
  Both servers have certificates signed by 2 different CAs. 1 is I think Thawte or Verisign (need confirmation with my admin) and the other I know for sure is Equifax. Of course Equifax is the least popular of the 2 and is not found in the cacerts keystore...
  Now I downloaded the Equifax root certificate and installed in the default keystore by typing keytool -import -alias blabla -file c:\bla.cer and it imported correctly. I reran my app and I still got the same exception...
  So I figure that the root cert for Equifax must be imported within the cacerts file in jre/lib/cacerts am I correct? Whats the default password for that keystore?
  Thanks

  Have you tried to import the certificate in the cacerts keystore file?
  This file can be found in the <jdkDirectory>/jre/lib/security/ directory. It is the default trustStore used by Java.
  I remember that trusted certificate keystore location can be set using the javax.net.ssl.trustStore property. Have you set it to point to your keystore file?
  You can found explanations there:
  http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html#certificates
  Hope this helps.

• No trusted certificate found error while running a webservice

  Hi,
  I created a stub to a webservice and then tried to invoke the webservice using a simple java class
  in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
  SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
       at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
  Kindly have a solution for what to be done on this.
  Thanks,
  Ramesh.R
  Edited by: Ramesh_R on Jan 20, 2010 10:28 AM

  have to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
  Edited by: Ramesh_R on 16-Jan-2011 02:40

• ISE upgrade failing with "% Manifest file not found in the bundle"

  Hello
  I am trying to upgrade a brand new ISE 3395 from 1.0.3.337 to 1.0.4 (latest).  It keeps failing with
  % Manifest file not found in the bundle
  Here is the output:
  company-ise-01/admin# application upgrade ise-appbundle-1.0.4.573.i386.tar.gpg ftp
  Save the current ADE-OS running configuration? (yes/no) [yes] ?
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Upgrade...
  % Manifest file not found in the bundle
  fusd-ise-01/admin# sh application version ise
  Cisco Identity Services Engine
  Version      : 1.0.3.377
  Build Date   : Fri May  6 19:30:37 2011
  Install Date : Wed Oct 12 22:18:26 2011
  I can't find anything about this for ISE, although there are a lot of topics for the same error for ACS.  Thanks in advance.
  Saro

  Same problem with 1.1.2 and 1.1.1 patch 5:
  ISEcdemo/admin# sh ver
  Cisco Application Deployment Engine OS Release: 2.0
  ADE-OS Build Version: 2.0.4.018
  ADE-OS System Architecture: i386
  Copyright (c) 2005-2011 by Cisco Systems, Inc.
  All rights reserved.
  Hostname: ISEcdemo
  Version information of installed applications
  Cisco Identity Services Engine
  Version      : 1.1.1.268
  Build Date   : Mon Jun 25 05:49:23 2012
  Install Date : Wed Sep 12 09:12:53 2012
  Cisco Identity Services Engine Patch
  Version      : 1
  Install Date : Wed Sep 12 10:01:22 2012
  Cisco Identity Services Engine Patch
  Version      : 2
  Install Date : Wed Sep 12 13:10:36 2012
  Cisco Identity Services Engine Patch
  Version      : 3
  Install Date : Tue Nov 27 12:33:19 2012
  Cisco Identity Services Engine Patch
  Version      : 4
  Install Date : Tue Nov 27 12:52:50 2012
  ISEcdemo/admin# patch install ise-patchbundle-1.1.1.268-5-68046.i386.tar.gz my2
  Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Patch installation...
  % Manifest file not found in the bundle
  ISEcdemo/admin#
  ISEcdemo/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz my2
  Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Upgrade...
  % Manifest file not found in the bundle
  Can someone verify the downloaded file details? They are different from cisco.com values:
  -bash-4.1$ /usr/bin/md5sum.exe /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
  2aa9b75ef5d7c1662a1a51844f178b77 */cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
  -bash-4.1$ /usr/bin/ls -lAp /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
  -rwx------+ 1 Administrators Domain Users 1583851520 Nov 29 00:14 /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz

• Weblogic Start script fails while Loading trusted certificates from jks

  Hi,
  I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
  When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
  I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
  http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
  Please let me know if you have any suggestions.
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
  So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
  Please let me know if you need any further details.

  Firstly,
  938767 wrote:
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
  But the following looks suspicious, I guess 7022 is your SSL port...
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
  Cheers,
  Vlad
  Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points.

• Stand alone APEX listener install fails with timezone region  not found

  Hi,
  I have searched the forum but found only a thread for the installation with Goldfish.
  I am very new to all this so I apologise if my problem is too simple, but please help as I am very frustrated with it.
  I have a 10.2.0.4 database on Windows XP for testing with.
  I installed APEX into it successfully, then down loaded the listener.
  I have to Java installations, one under my Oracle Home, the other under Middleware where I have JDeveloper installed.
  If I try $ORACLE_HOME/jdk/bin/java -jar apex.war it throws a Unsupported class version so I tried with the Middleware jdk and it appeared to install.
  I then went to http://localhost:8080/apex/listenerConfigure and entered the password for APEX_PUBLIC_USER and the info for a basic connection, it fails with the following message
  Request could not be processed due to error:
  Sat Apr 30 00:06:30 CAT 2011
  ORA-00604: error occurred at recursive SQL level 1
  ORA-01882: timezone region not found
  Please if anyone can help me through asap this I would be most grateful

  Yay, I found the solution:
  I started by running:
  begin
  for v_rec in (select tzname,tz_offset(tzname) v_offset from v$timezone_names
  where tzabbrev='CAT') loop
  dbms_output.put_line('tzname '||v_rec.tzname||', offset '|| v_rec.v_offset);
  end loop;
  end;
  SQL> /
  tzname Africa/Khartoum, offset +03:00
  tzname Africa/Windhoek, offset +01:00
  tzname America/Anchorage, offset -08:00
  tzname US/Alaska, offset -08:00
  PL/SQL procedure successfully completed.
  I then added -Duser.timezone="+01:00" before the apex.war ie
  java –jar -Duser.timezone="+01:00" apex.war

• Content Browser (0BCT_CB_1) load fails with conversation id not found error

  Hi,
  I am suddenly experiencing a problem with loading data to the content browser cube using infosource 0BCT_CB_1. The load fails with an error saying: "Conversation 76635612 not found / CPIC-CALL: 'ThSA". Does anybody know how to solve this?

  Hi,
  Were you able to get this fixed?
  I am getting same issue while loading to BI 7.0  technical content.
  Thanks
  SA

• Request failed with SID value not found

  Hi Gurus, I have this error message "No SID found for value '15.00' of charateristic 0CURKEY_TC" and similar message with "10.00" and "*0.0" value, when trying to activate data in standard DSO in BI7.0.
  This is a Dev system just setup for traning purposes so I do not have any Master data to load. I am only loading transactional data from DataSource 0PU_IS_PS_32
  I tried searching for the answer and did the following
  1) Transfer Global Settings from the source system (which solved other problems but not this one)
  2) In RSRV, I do not see any errors for this InfoObject
  3) I am not sure how I can update table T006 and or TCURC with these values?
  I also tried following the Note: 619987 and does not know how I can implement this function module "If you nevertheless receive this error message for the initial value, this means that there is an inconsistency in the SID table for the 0UNIT or 0CURRENCY characteristic. You can eliminate this inconsistency by calling the RSDMD_INITIAL_LINE_INSERT function module with I_CHABASNM = 0UNIT or 0CURRENCY"
  Is there any help that anybody can extend, it will be greatly appreciated.

  Dear,
  SID error comes during activation of ODS because the related MD is not available for assigning SIDs.
  So as a first step ensure that the related master data is loaded and Attribute change run has been triggered.
  Or Load the MD and Activate the MD (Modeling > InfoObject > Search the Infoobject > Right click > Activate Master Data)
  Once you perform this you can retrigger the activation. It should work fine.
  Else as a workaround you can blank out these particular values and activate.
  There is also one more workaround wherein you can create the Master data entries directly in BW itself. But both the above step should be done after consulting Business and considering data volume that needs to be edited/created.
  In most case once you perform the loading and activation of MD your activation should work fine when repeated.
  There are cases where it failed again with the same error. In that case try this also (ensure that PSA is there).
  Delete the request in red.
  Go to monitor
  Edit > Setting for further update > Packet should be processed in the background.
  Edit > Update Reversal > Read everything manually > Yes
  Background processing successfully scheduled
  Then you can see the Load running again.
  Once this is done perform activation again
  Hope it helps
  Regards
  Bala

• Not retrieving home made trusted certificates

  Hi,
  The aim is to use a server ( Tomcat ) to authenticate web users thanks to their certificate.
  I've imported with keytool trusted certificates made by OpenSsl when Iuse -list option I have for each certificate a 'trustedCertEntry' indication ( the CA certificate have been imported with -trustcacerts option ). It seems Ok.
  So I run Tomcat with -Djavax.net.debug=all option. No certificate is
  prompted. I tried the -genkey method, the key is seen at jvm starting but at handshake with the client I have a 'Could not find trusted certificate' fatal, description = certificate_unknown ( I understand that because client certificate and generated key don't match ).
  I don't know where I'm wrong, maybe it's in Tomcat's configuration. I'd like to know what's prompted where everythiing runs well.
  Thanks in advance,
  Christophe

  To add the home-made CaCertificate I used keytool without specifying the cacerts file from %JRE%\lid\security directory so keytool added it to %USER_PROFILE%\.keystore and Tomcat use this file to retrieve keys and not cacerts.
  Adding explicitly the filename to cacerts it works !!!!
  Christophe

• Problem import trusted certificate with oracle wallet manager

  hi people
  db version 10.2.0.4
  owm version 10.2.0.4
  os version windows server 2003
  the first thing i've tried
  is to import a certificate which was created with selfssl (contained in the mircosoft iss resource kit)
  but its not working
  i get the following failure "Some trusted certificates could not be installed"
  i've checked the metalink and found this
  [WALLET MANAGER FAILS TO IMPORT MS IIS GENERATED CERT|https://metalink2.oracle.com/metalink/plsql/f?p=130:15:3132180381448029652::::p15_database_id,p15_docid,p15_show_header,p15_show_help,p15_black_frame,p15_font:BUG,6815320,1,1,1,helvetica]
  i've tried it with an openssl generated certificate
  no problems with importing this as trusted certificate
  so my question
  exists a general problem with certificates which were created with iis services?

  Hi, I am having the same issue with the certificate. Can anyone tell me how to fix this?
  Thank You!
  Kathie