CA / SSL Problem

Similar Messages

• HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad.  I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion?  Thanks!  A.A.

  I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6).  When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem.  Any suggestions ??  Thank you! 

  Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
  https://appleid.apple.com
  if you can sign in there, try to sign in to itunes on your computer.

• HT1338 iMac and SSL problem

  I have an iMac operating under OS X.  Where can I find a patch for the SSL problem that reently occurred?

  There is none required for 10.3 or earlier. For Mountain Lion look here: Apple Security Update 2014-001. For Mavericks use App Store for the software update.

• SSL-Problems when setting up a test environment with Exchange

  Hello everyone,
  I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
  RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
  for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
  If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
  goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
  Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
  "mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
  Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
  Thanks!
  Regards
  Christian

  Hi,
  For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
  Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
  Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
  side.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• Single Sign-on and SSL problems

  We are using WebLogic Portal and Server (version 8.1 SP3). We want to have a single sign-on when entering the portal, so that users do not need to reauthenticate each time they access an application via an applet in the portal. We also want to protect the username/password authentication and all other connection information using SSL. We have applications in multiple domains.
  When not using SSL, SSO works okay. We are challenged for username/password exactly once, whether we access the Portal, or an application directly. As soon as we enable SSL, we are challenged repeatedly, and in some cases cannot access the applications at all, as the challenge always fails.
  We suspect that there is a Session cookie problem and that something is clobering the cookie and thus breaking the session. Does anyone have any idea on what might be causing the problem?

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Design Console SSL problems for OIM 9.1.0.2

  Hi there,
  I have installed the design client for OIM 9.1.0.2, patched it and activated SSL using the instructions in:
  http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14062.pdf
  However, when I attempt to log in, I get the following error at the UI:
  Error Keyword: DAE.UNKNOWN_CODE
  Description: An unknown error code was passed.
  Remedy: Contact your system adminstrator.
  Action: E
  Severity: C
  Help URL:
  Detail:
  com.thortech.xl.security.tcLoginException: javax.naming.CommunicationException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791 [Root exception is java.io.IOException: Server protocol was not ORMI, if uncertain about the port your server uses for ORMI then use the default, 23791]
  This seems to indicate that the server protocol is not ORMI, which is correct, it is ORMIS (as per the SSL instructions).
  I've checked through the logs for this error, and am unable to find it, so it looks like it is only visiible client side. This suggests that the connection is not reaching OIM.
  Does anyone have any ideas about how to make sure ORMIS is in use and trouble shooting my SSL connection?
  Any advice gratefully received,
  Hugh

  While seting rmis port in opmn.xml file one should ensure that these ports must be unique as per the DC install guide. Please note there are three instances of <port id="rmis" range="1270x"/> in the opmn.xml file. The first one is generic, the second one is for oc4j_home oc4j container and the last for the oim oc4j container. The rmis port for the oim container must be 12701 for the other instructions to work, the others can be 12702 and 12703 so set the first one to 12702, the second one to 12703 and the third one to 12701 respectively.
  xlConfig_dc_side I had the following:
  <java.naming.provider.url>ormi://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  where it should have been:
  <java.naming.provider.url>ormis://172.20.16.139:12701/Xellerate</java.naming.provider.url>
  This fixed my problem.
  2Hugh

• SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed

  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

  I think you need to setup your proxy server to allow 7002 port,
  or use port 443 for SSL ( it is the default proxy secured port)
  Hope this will help
  Mohds
  "Paul Patrick" <[email protected]> wrote:
  If this is a production problem, you should file a problem report with BEA
  Support.
  But I didn't see any certificates for the server registered. Without
  certificates and a private
  key the SSL protocol will not work.
  Paul Patrick
  "Antimo" <[email protected]> wrote in message
  news:3a12cc80$[email protected]..
  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

• SSL Problem in Flex

  I am using Flex with PHP via AMF PHP. Building application
  was fine. But it gave me problem when I deployed it to server which
  sits behind SSL layer. The problem is not associate with data
  accessing I can access data very well but I when I go to any other
  page after visiting flex part it just kicks user out to login page
  again. If I simply use HTTP protocol it does not happen but if I
  use HTTPS protocol it does. I did intense research in this problem.
  I tried following solutions.
  USE crossdomain file name crossdomain.xml
  loadpolicy file
  class="mx.messaging.channels.SecureAMFChannel" in
  service-config.xml
  class="flex.messaging.endpoints.SecureAMFEndpoint" in
  service-config.xml
  lastly here is my crossdomain.xml
  <?xml version="1.0" ?>
  <!-- https://imtecintranet/shopping -->
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*" secure="false"
  to-ports="443"/>
  </cross-domain-policy>
  All this solution mentioned in different websites including
  flex documentation didn't worked. It's not the problem from PHP
  side since it works perfectly with Flex if I use HTTP protocol so I
  think problem is in Flex side. I read in this website
  http://www.onflex.org/ted/2005/11/using-flash-player-under-https-with.php
  that flash player have bugs and so, I tried to solve this
  problem by using cross-domain.xml file but unfortunately this
  didn't solve the problem. Any help will be greatly appreciated.

  with some additional attributes added on to server.xml <Connector /> tag application is loading fine in local environment.
  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" bufferSize="64000" maxHttpHeaderSize="64000"  socket.appWriteBufSize="64000" socket.appReadBufSize="64000" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\user_name\.keystore" keystorePass="*****" allowTrace="false"/>
  But the same changes are not working in UAT environment, any clue on it will help me.
  thanks in advance.

• SOAP RECEIVER SSL Problems

  Dear Community,
     I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with  o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.
  Regards,
  S.Socratous

  Hello,
  Generally it's a connectivity behaviour. Check if you have setup the connection to
  the receiver and also check the explanation regarding 500 Internal Server Errors:
  *Description: The server encountered an unexpected condition which prevented it from fulfilling the request.
  Possible Tips: Have a look into SAP Notes u2013 804124, 807000*
  It may be also a problem with the SSL certificate. So, check if it's not expired;
  The correct server certificate may be not present in the TrustedCA keystore view of NWA .
  Please ensure you have done all the steps described in these url (this is for 7.11):
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000
  00a42189b/frameset.htm
  You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);
  Last, if the end point of the SOAP Call(Server) is configured to accept
  a client certificate(mandatory), then make sure that it is configured
  correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client
  authentication)
  Hope that helps.
  With regards,
  Caio Cagnani

• RMI SSL problem

  Hi, I am learning RMI whit SSL and I have a problem, I cant run the example form the RMI SSL tutorials.
  I can run the server, and bind the object but the client throw this exception:
  HelloClient exception: error during JRMP connection establishment; nested exception is:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
  at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:306)
  at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
  at HelloClient.main(HelloClient.java:60)...
  can you help me???

  Hi,
  Dis you solved the probelm ? I am facing the similar exception. I am using jre1.5.0_11.
  Regards,
  Titas Mutsuddy

• RMI with SSL problem (cross post under RMI too)

  Hi,
  I'm having problems using RMI with SSL. I posted in the RMI forum originally but now realise the problems are with the SSL really.
  Perhaps someone who follows this forum could help.
  See post:
  http://forum.java.sun.com/thread.jsp?forum=58&thread=409347
  Thanks.

  There's more dukes in the other thread too.

• SSL problems with "non-secure elements"

  hello all
  We have made a WEB application based on Tomcat and Apache Struts. We have setup with SSL.
  SSL goes to Apache HTTP server, which speaks with Tomcat via apj13.
  The problem is that IE sometimes shows error message "This page contains both secure and non-secure elements. Do you want to
  display non-sescure elements ?". I think it has to something with javascript, because after that error massage
  javascript doesnt work anymore. If I click javascript error icon, it says "access is denied".
  That erorr happens randomly, I cant repeat it at the same place.
  Can anyone help me somehow ?
  At what circumstances IE displays that error ? We use version 6.0
  Maris Orbidans

  It turned out to be a Micro$oft bug
  http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b269682
  It seems that IE 6.0 has the same bug as 5.5.
  SYMPTOMS
  When you are using Secure Sockets Layer (SSL) and you click a link, you may receive the following warning message:
  This page contains both secure and non secure items. Do you want to display the non secure items?

• SOAP and SSL problem

  I am using JDeveloper 9.0.3 and the Oracle SOAP library which is shipped with Oracle JDeveloper.
  My application connects to a SSL enabled webservice.
  The first problem I encountered was a 'no njssl9 in java.library.path' error.
  I used the tips from Lehmann's BLogger site (http://radio.weblogs.com/0132036/2004/02/13.html).
  I could not get this working in JDeveloper 9.0.3 because JDev 9.0.3 is using java jdk 1.3 which has not JSSE built in.
  So I decided to use JDeveloper 9.0.5.2. which uses the java jdk 1.4.
  It works, however now I am stuck with an error that the certificate chain is incomplete.
  The webservice to which I connect sends only the 'last' certificate, so not the entire chain. Can this be the problem?
  I have a couple of questions:
  1) what do I have to do to ensure that my application trusts the webservice SSL certificates. I know I have to install
  the certificate somewhere in the cacerts file. But which certificate en how do I store it?
  2) Is it true that the Oracle SOAP library only works with the Oracle Wallet? Does that mean I cannot get Oracle SOAP
  to work on an Oracle Application Server with my application?
  3) Is there any way to solve the 'no njssl9 in java.library.path' error using the Oracle SOAP library in JDeveloper 9.0.3?

  2) For non-oracle wallets, you need to set the following
  # private key
  # certificate chain
  # trusted certificates
  OracleSSLCredential sslCredObj = new OracleSSLCredential();
  // Set trusted certificates
  sslCredObj.addTrustedCert(easQACA);
  // Construct certificate chain. Place CA at the top
  // and user certificate at the bottom. The order of
  // set certificates in the chain is important. You must set
  // root certificate first, then signer certificates, and finally user
  // certificate.
  sslCredObj.addCertChain(rootCA); (set root CA certificate)
  sslCredObj.addCertChain(signer CA);(set signer certificate)
  sslCredObj.addCertChain(userCert); (set user certificate)
  * Set private key
  sslCredObj.setPrivateKey(userKey, password);
  3) If you have Oracle IAS or database installation, the njssl libraries are under ORACLE_HOME\lib. Include ORACLE_HOME/lib in LD_LIBRARY_PATH or starting the javavm using
  -Djava.library.path=ORACLE_HOME/lib
  should solve the njssl error.

• APACHE SSL: Problem in converting from HTTP to HTTPS

  Hi,
  I have installed apache on my system with openSA flavour with SSL.I need to host my site with https instead of http.While starting apache i get the following error:
  [warn] pid file c:/opensa/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
  OpenSA/1.0.4 /Apache/1.3.27 (Win32) PHP/4.2.2 mod_gzip/1.3.19.1a DAV/1.0.3 running...
  OS is windows vista.
  Please revert back for solution to the problem.
  Best Regards,
  Anjan

  What has this to do with JSP/JSTL?
  Apache has it's own website and mailinglist.

• Should I see this on startup? re: Two-SSL problems.

  We're having some trouble getting two way ssl to work and I was wondering if when using democert.pem and ca.pem whether we should still see this message upon startup?
  I have created a trusted keystore which basically is a copy of the cacerts file and contains the ca certificate from the client certificate.
  <Mar 9, 2005 6:00:57 PM GMT> <Info> <Security> <090515> <The certificate chain could not be completely checked for issues which could cause it to be rejected by
  a peer during SSL handshaking, no action is required unless peers are rejecting the certificate chain.>
  We are using Axis as a client (JDK 1.4 with no weblogic jars) to a WL7sp4 homed webservice and I have one certificate in the client keystore and I can see that chooseClientAlias gets called on the client.
  On the server we see the following SSL debug information
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <validationCallback: validat
  eErr = 16>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Required peer certificates
  not supplied by peer>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Validation error = 20>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is incomp
  lete>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is untrus
  ted>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <User defined JSSE trustmana
  gers not allowed to override>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <SSLTrustValidator returns:
  84>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Trust failure (84): CERT_
  CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
  .record.alert.Alert@754e13 Severity: 2 Type: 40
  Resulting in a hand shake failure on the client.
  I'm confused by the message
  "Required peer certificates
  not supplied by peer"
  because if we use a web browser it explicitly will say NO_CERTIFICATE but when we use the Axis client that doesn't appear in the log so I don't know if this is a problem with the client not sending the client certificate or not. I do see that chooseClientAlias is called during the startHandshake of the SSLSocket.
  Does CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED appear even if the client didn't provide a client certificate in the first place is are the errors above indicative of a problem with the certificate chain of the client certificate itself?
  For completeness.
  client keystore has
  Your keystore contains 1 entry
  client_cert, Mar 8, 2005, keyEntry,
  Certificate fingerprint (MD5): BE:79:37:4B:9C:F7:E3:7A:2B:FA:32:06:79:9D:E2:76
  client truststore has
  Your keystore contains 20 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  server_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  server_cert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A4:82:64:01:1B:8F:3A:EB:13:F6:41:47:82:1D:C9:41
  client_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  server trust store has
  Your keystore contains 18 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  cacert3, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  Here is the sequence of command used to setup the client/server trust/keystores
  rem @echo off
  set JAVA_HOME=C:\jdk1.3.1_09
  rem set JAVA_HOME=C:\j2sdk1.4.2_04
  set WL_HOME=C:\bea\wls7.0sp4
  rem step 1 java -cp %WL_HOME%\lib\weblogic.jar utils.CertGen changeit localhost_client_cert localhost-key export localhost
  rem step 2 keytool -storepasswd -new
  rem secret_trust_password -keystore server_trust_keystore.jks -storepass changeit
  rem step 3 keytool -import -v -noprompt
  rem -trustcacerts -alias cacert3 -file CertGenCA.der -keystore server_trust_keystore.jks
  rem -storepass secret_trust_password
  rem step 4 keytool -storepasswd -new
  rem changeit -keystore server_trust_keystore.jks -storepass secret_trust_password
  rem step 5 java -cp %WL_HOME%\lib\weblogic.jar;C:\bea utils.ImportPrivateKey client_keystore.jks client_store_password client_cert changeit localhost_client-cert.pem localhost-key.pem
  rem step 6 %JAVA_HOME%\bin\keytool -storepasswd -new changeit -keystore client_keystore.jks -storepass client_store_password
  rem step 7 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias client_cacert -file %WL_HOME%\lib\CertGenCA.der -keystore trust_store_keystore.jks -storepass changeit
  rem step 8 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cacert -file ca.pem -keystore trust_store_keystore.jks -storepass changeit
  rem %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cert -file democert.pem -keystore trust_store_keystore.jks -storepass changeit

  Now you know why it was $525.  Also realize you are getting a computer that isn't a warranty computer.  How much did you save?
  Read the fine print on the Squaretrade warranty.  Make sure they won't turn it away for the same reason Apple does.
  Can you live without the light?  Even if it got wet in the past it boots now.  If I buy a used car and the radio doesn't work but I get it for a really good price then I figure that's part of it if I can live with it and it doesn't interfer with day to day use.
  It would be nice to know why the hard drive failed their test. Obviously if the computer boots it isn't total toast.  Clearly somebody has been inside the computer to add RAM and maybe change the drive?  That doesn't freak me in a used computer.
  Maybe somebody can comment on non idential RAM but with some computers with RAM from a reputable upgrade source it doesn't matter.  Post the exact specs of the second chip.
  My only question is, how up-front was the person from whom you bought the computer?  Did they tell you about the light?  It isn't a critical part but it is something you can assume to be working unless they tell you it isn't.  If they didn't, what else didn't they tell you?
  Screws will freak Apple Service because they only look at stuff where they know 100% what's been done to it and nobody not-certified has messed with it.  I have done all kinds of things to my computer that would have voided the original warranty 20x over but it long ago went out of warranty.  It purrs.

• SSL Problem again!!!

  A month or so ago I finally got ssl to work on our first master. I had to use a Entrust certificate because our verisighn one was not working. Now I'm going through the same stuff w/ the second master. Has anyone had these kind of problems. The wierd thing is that a verisign cert works w/ the admin server but not the directory. When it shows up in the directory it says isdued by NULL and that what I think is the problem. I think I just got lucky the first time now I have to do it all over again. I read that maybe the cert7.db is corrupt. Any help is apprecciated.

  HI,
  I have enabled SSl on Sun ONE Directory Server 5.2. We found that the response time has decreased considerably. Does any have some statistics comparing ssl response times and non-ssl response times.
  Are there any server settings which can improve the response times when ssl is enabled?
  Also, noticed that the response is even slower when there is an authentication error or any other error.
  We have just a week away from going to production. Please help.
  Thanks.