BingMaps not showing with SSL certificate

Similar Messages

• Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

  I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
  Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
  So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
  When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
  I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
  A) We're at version 11 ---- these kinds of issues should have been fixed years ago
  B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

  Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
  My tests seem to show that
  (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
  (b) if a dialog is at a higher level, this is a global setting.
  So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• REDUNDANT ACE 20 WITH SSL CERTIFICATE

  Hi
  I have an ACE 20 redundant infrastructure (Active-Standby),and  it´s needed to implement a secure aplication with SSL certificate.
  The question I have is, for this solution is neccesary to generate a digital certificate and key  for each ACE module? and, It´s is possible to use the same certificate and key in both ACE modules?
  Thanks for your help.
  Regards

  Ricardo,
  You can just the same certificates for both devices.
  Jorge

• Finish good material not showed with 131 movement type in mfbf code in REM

  Hi experts,
  I am working in Repetitive manufacturing process, I have 6 operations in rate routing from which 6th operation is mile stone.
  When i confirm last operation through MFBF, system shows components list with movement type 261 but finish material is not showing with movement type 131. The document no. is generated at the time of saving but in displayed document FG shows with 131mov. type and component list with 261.
  Setting for REM are as follows
  1. control key- pp03
  2. production versions- maintained with standard REM profile
  So my question is how can i see FG material in MFBF screen along with componets list ? What is the settings for this or any development is there ?
  Regards,
  Nitin Nerkar

  Nitin,
  System behavior is not wrong. What i understand from  Backflush is, Back flushing is nothing but automatic goods issue. System will automatically posts the goods issue when you confirm the operations.You have no need to make manual issue. It will reduce the effort.
  Backflushing is automatic accounting (Goods issues - 261 mvt) of material consumed for production, at the time of confirmation.
  When you use auto goods receipt indicator then at the time of confirmation system will do auto GR. In normal discrete mfg scenario, when you are doing confirmation when you click on GOOD MOVEMENT tab you will get GI as well as GR with movement type.
  But in REM scenario you doing MFBF (REM Backflush) means This activity executes multiple activities in a single step, such as: finished product goods receipt, backflush of component materials, posting of costs to cost collector and creation of material and accounting documents. When you are doing MFBF and clicking on post with correction tab it will show you what are the components going to backflush, and that is ok. Here you are not going GOODS MOVEMENT tab to display GR.
  I think this SAP system std behavior.
  Tara

• Superdrive does not show with the other devices on Macbook Air

  My superdrive does not show with the other devices in Finder any longer.
  Mid 2011 11" model
  OS 10.7.5

  So the applications is causing failures and ejects.   Contact the software mfg. about resolution of this.
  Have you tried the app TOAST?  Very reliable and highly popular.
  You can drag any disk to the trash to cause ejection

• ICal server won't work with SSL certificate

  I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
  In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
  However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
  Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
  "Unexpected secure name resolution error (code -9844). The server name may be incorrect."
  When I set everything back to the way it was before I started, all works fine.
  Anyone have any suggestions?

  Your problem seems similar to this thread:
  http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
  There is some contradictory anecdotal information there, however. Tis reply in another thread:
  http://discussions.apple.com/message.jspa?messageID=6288712#6288712
  may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
  http://www.afp548.com/article.php?story=20080624005724638
  http://www.afp548.com/article.php?story=20071203011158936
  That might also be of assistance. Then there's this little tidbit:
  http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
  These may-or-may-not solve theproblem but may provide insight as to why it's happening.

• Enterprise subordinate CA does not show up in certificate authorities list

  After much discussion I decided the best approach was to clean eveything up and start over. I went through the KB on decommissioning an enterprise CA and Subordinate CA, install a new standalone root, and a new enterprise subordinate CA. Everything appeared
  to be working with one exception. The new Enterprise Subordinate does not show up in the Certificate Authorities section of Public key services in AD Sites&Services. It does show up in AIA, CDP and Enrollment services. The standalone root is trusted and
  I set up group policy with the certificate of the Enterprise Subordinate as a trusted intermediate. The templates were configured also as well as autoenrollment for computers but so far only the DCs and my workstation has received certificates. I am sure I
  am missing something but after 100s of pages and artcle after article I don't see it. I ran the certutil -viewstore query and it doesn't see it either and it doesn't tell me how to fix it. Also, what is the deal with case; it seems no matter how careful I
  was with upper and lower case letter AD did what it wanted and my published CA name looks like I can't figure out hows caps lock works.
  Thanks in advance
  [email protected]

  yes, it is possible. However, you will need to make some modifications on root CA:
  certutil -setreg ca\dsconfig "AD Configuration naming context"
  certutil -setreg ca\dsconfigdn "AD Configuration naming context"
  certutil -setreg ca\dsdomaindn "AD Forest root domain DN"
  AD configuration naming context is (usually) CN=Configuration, DC=rootdomainname, DC=domainsuffix.
  To extend Root CA CRL validity, in the Certification Authority MMC, select properties of Revoked Certificates folder and specify validity period (something about 6-12 months). Make sure that Delta CRLs are NOT enabled. Save settings and restart certificate
  services.
  Then you should republish all CRLs and publish CRL to Active Directory:
  certutil -dspublish -f path\RootCAcrl.crl
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Windows PKI reference:
  on TechNet wiki

• ACS Not installing renewed SSL Certificate for PEAP/EAP-TLS?

  We recently renewed our SSL certificate through RapidSSL. While attempting to install the new certificate into ACS, I was given the prompt to showing the updated dates, confirmed and installed the new certificate, deleting the old. I restarted ACS, as required, but when trying to enable PEAP or EAP-TLS, I am getting the error "Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed."
  The worst part, is that I when I tried to reinstall the old certificate, I am now getting the same problem.
  Any suggestions?

  Matt,
  How did you perform the CSR.... did you use ACS or OpenSSL? Also, did you verify that the certificate is in the trusted personal folder on the server?
  Scott

• Webservice with SSL Certificate givivg error

  Hi all,
  I am configuring an abap webservice with client certificate
  I had
  1) installed the sap cryptographic library.
  2) created SSL Server PSE in transaction STRUST
  3)imported the certificate response by CA.
  4)Exported the certificate to local computer.
  5)Added the certificate in mmc under trusted certificate authority.
  but when i am running the endpoint url, i am getting folllowing error
  Error Code: ICF-LE-https-c:800-l:E-T:-C:5-U:4-P:4-L:7
  HTTP 401 - Unauthorized
  Your SAP Internet Communication Framework Team
  Please help me on what step i am missing.
  Thanks,
  Anshul

  You can add FOR TEST your pi userid & passw into enpoint url, like follow:
  &sap-user=<userid>&sap-password=<passw>
  Example:
  http://sapi.sap.com:50xxx/sap/xi/.....&sap-user=donald&sap-password=duck
  ps. Create a Service User into PI System for this. Regarding Role, i'm not a security guru, but i think that SAP_BC_WEBSERVICE_PI_CFG_SRV or SAP_BC_WEBSERVICE_ADMIN roles can be enough for this purpose.

• Securing RDS with SSL certificate

  Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

  Hi,
  I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

• Transactional Iviews are not showing ( with out super admin role assigned )

  Please any solutions for the fallowing.
  First Problem
  I am not able to create the user from portal directly. Its showing the fallowing error.
  An error occurred in the persistence; contact your system administrator.
  so i had created the users in WAS by SU01.
  Second
  We have some users at production server ( Assume 5 users ). and those users need to be mapped at portal. So that those users can directly enter into portal and operate on SAP system .
  If u dont mine Please provide with me the steps to fallow
  Third
  i had created some transactional Iviews that are working fine when i am log in with Administrator( super administrator role). The problem is that the reports are not showing when i am log in with general user ( with out super administrator role ) .
  Its showing the error
  Could not able to look up the system.
  And the problem with user mapping also .
  For aministrator its working fine .and for a general end user ( created on WAS )
  i am not able to provide user mapping. Its showing
  There are no systems available for user mapping for the selected principal
  wat could be the problem ?
  Your solutions will be appreciated .please urgent

  Hi Pratap,
  Second Problem
  If the Portal user name and R/3 user are the same then no problem other wise you have to do user mapping
  Third Problem
  Check the permissions. Right click the system object and give permissions for all
  Create an alias for the system object for doing user mapping
  First Problem
  Try creating user from http://<portalserver>:50000/useradmin
  Regards
  Arun

• Accents not showing with attachement ?

  Hi, I posted a couple of months earlier about accents in my email not showing properly when I add an atachement like a PDF file, JPG, or even a GIF. I was wondering if it was Mail 2 that is having a problem or is it some software I installed. The only software I can think of that could have done this is Antidote, a french spelling app. It added it's own script in the services menu that I can use when selecting text to start the app and see if I miss spelled words or grammar errors.
  I dont' know if anyone is experiencing the same thing. I was actually so fed up with it, that I actually re-installed Mac OS 10.4 from scratch to see if I could have played around with my characters palet or something, but the problem is still there..... lingering somewhere within mail 2, haunting my whole entire work days to come.
  Please help out !
  Ed

  has anyone had this probleme other than me ?

• Jars not signed with same certificat

  Hi,
  I have signed my jars with jarsigner and same certificat. I have verify with jarsigner -verify -cert -verbose.
  But JWS says than my jars are not signed with the same certificat. I don't undestand why.
  Here is the stack :
       at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1023)
       at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:925)
       at com.sun.javaws.Launcher.continueLaunch(Launcher.java:814)
       at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:515)
       at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:218)
       at com.sun.javaws.Launcher.run(Launcher.java:165)
       at java.lang.Thread.run(Thread.java:595)
  How can I know what is the jar with bad certificat ?

  if you set deployment.property file entry:
  deployment.trace.level=all
  you should see some debug output in the console and trace file that might help determine what jar it is (I am assuming you are using javaws 5.0)
  The problem is probably that although you use the same root certificate chan you purchased for each jar file, the entire certificate chain is not the same.
  pleas post the full set of steps you used to sign each jar.
  /Andy

• What's the difference with SSL Certificates?

  Hi,
  I need to get an SSL Certificate for my client's online
  store. There are so
  many choices out there ranging from stupidly expensive, down
  to suspiciously
  cheap.
  Can anyone help me sort through the mob and recommend
  something that is
  trustworthy, secure and cheap.
  I'm happy to buy globally, but I'd prefer either a true
  multi-national, or
  an Australian company.
  Thanks,
  B

  Which certificate you choose depends on your intended use for
  the cert. The cheap ones (US $20/year and up) simply assure that
  you control the domain in question. The certificate agency sends an
  email to the administrative contact specified in the domain's Whois
  listing. If they get the appropriate response, the certificate is
  issued. If all you are out to do is establish SSL connections to a
  web site to prevent eavesdropping, this type of certificate is
  fine. There is no difference in the level of security between these
  certificates and fancier offerings as long as both the cert and
  your web server support 256 bit encryption. You can also get a
  certificate that is valid for up to 10 years, so you won't have to
  worry about SSL for a long time. The cheap certificates are not
  recommended for online commerce, as there is no assurance you are
  an actual company. If you go this route, getting a certificate from
  an outfit that supports single root verification greatly eases
  installation on your server. (Translation from geek: A single root
  certificate is inherently trusted by all major browsers. Companies
  such as RapidSSL (cheap), Geotrust and Thawte (not so cheap), and
  Verisign (expensive) all own their root certificates. Many other
  certificate agencies require installing a chain of certificates on
  your server that point back to the trusted root certificate. Use
  Firefox to test your SSL site, as it has the most comprehensive
  certificate validation routines.)
  The next step up are the high assurance certificates. These
  require you to prove that you own or represent the company whose
  domain you are getting a certificate for. The price for these
  certificates ranges from US$100/year to ~$400. The certificate
  company will perform a search on your business or organization, and
  you may be required to submit supporting documentation to prove you
  are who you claim to be. The more expensive flavors of these certs
  usually offer larger guarantees against credit card fraud resulting
  from certificate misuse. These certificates are valid for up to 3
  years.
  Finally, there are the new extended validation certificates.
  These require an in-depth evaluation of your business, including an
  investigation into the overall legitimacy of your corporation.
  Government agencies also qualify. Sole proprietorships and and
  general partnerships are not eligible, although the CA/B says they
  may be in the future. Get one of these and IE users can see the
  navigation bar turn a trustworthy green color. There is also a
  large amount of green involved in purchasing one of these
  certificates, ranging from US$500/year from the cheapie outfits to
  $900/year from Thawte to $1500 per year from Verisign.
  No matter which option you pursue, there are a couple of
  points to be aware of. First, choose a vendor that offers free
  certificate replacement. This protects you in case a change in
  hosting provider or web server invalidates your existing
  certificate. Also, a normal certificate is very specific in terms
  of which domain it supports. For example, a certificate for
  www.domain.com does not work for mail.domain.com, ftp.domain.com,
  or even domain.com. If this is important to you, you can either
  purchase multiple certificates or a wildcard certificate that
  supports any number of subdomains. Wildcard cert prices are
  typically 4-5x higher than for a single cert. Finally, many cert
  companies offer verification seals that you can add to your SSL web
  pages. These allow your clients to click or hover over the seal to
  get a quick verification that your site certificate comes from a
  recognizable brand. Useful, perhaps, if you want to brag that "I
  care enough to purchase certs from Thawte, Network Solutions,
  Geotrust, et. al." or "I'm a penny-pincher and use GoDaddy!"