Certificate chain received from localhost 127.0.0.1 failed hostname verification check.
Hello friends. The dns name of our server recently changed. Since that time,
nothing except the administration node will start up. Server logs reveal the
following information:
Certificate chain received from localhost - 127.0.0.1 failed hostname verification
check. Certificate contained COTHUBT but check expected localhost>
There is one trusted certificate that was added to the cacerts keystore. Does
it need to be removed and re added? Any other insight would be appreciated.
"brain" <[email protected]> wrote:
Try this if you're running version 8
In the admin node gui.
Click on machines
Click on the NodeManager tab for the machine that you are interested in.
Change hostname in listen address.
Bounce the app server
>
Hello friends. The dns name of our server recently changed. Since that
time,
nothing except the administration node will start up. Server logs reveal
the
following information:
Certificate chain received from localhost - 127.0.0.1 failed hostname
verification
check. Certificate contained COTHUBT but check expected localhost>
There is one trusted certificate that was added to the cacerts keystore.
Does
it need to be removed and re added? Any other insight would be appreciated.
Similar Messages
-
[Security:090508]Certificate chain received from 'hostname' was incomplete
Hey All,
I am trying to set up a Managed Server and have it talk to the NodeManager running
(Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
SSL handshake between the two. I get the following error:
####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
<Certificate chain received from hostname - ipaddress was incomplete.>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
error = 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
chain is incomplete>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
returns: 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
status (4): CERT_CHAIN_INCOMPLETE>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:230)
at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
ALERT offset = 0 length = 2>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
28959207>
Here is what I have done:
1) I created a managed server using admin console
2) I created both an Identity and Trust keystore (jks type file) with the server's
private key (Identity) and the root trusted certificate authority (Trust).
3) I configured my managed server to use the two keystores
4) I edited the NodeManager.properties file to use the same keystores.
5) I started the NodeManager on the machine and I used the following command line
options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
-Dweblogic.nodemanager.debugLevel=90
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
6) I also added the following commands to my startWebLogic.cmd file:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
7) I started my admin server and created a Machine that included the managed server.
8) I configured the NodeManager properties for the Machine I created to point
to the NodeManager already running on that physical box.
9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
the above exception.
I would have no idea why the Certificate chain would be "incomplete". The Issuer
and Subject DNs match up fine:
PRIVATE KEY BEING LOADED BY SSL MANAGER:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
= [
Version: V3
Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
Validity: [From: Fri Mar 05 08:59:26 EST 2004,
To: Mon Mar 06 08:59:26 EST 2006]
Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
ROOT CERTIFICATE AUTHORITY BEING LOADED:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
= [
Version: V3
Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
To: Tue Jul 04 09:00:29 EDT 2006]
Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
Anyway, if anyone could provide me with some insight as to why I might be receiving
this error I would be sincerely indebted to you. I can't seem to find any other
people with the same problem in the Support archives. Thanks for all of the help!
Regards,
Cabell FisherHi,
Can you please help me;
I have a similar problem on WL7 SP4 ( UNIX )
I have made a site that check https site.
When I try to read the page of the site, I've got Certificate chain is incomplete message.
On WL8 version ( WINDOWS ), I have no problem to retrieve certificate and then access to the site.
I have read that this error occure when Root CA Self signed certificat is not include in the keystore.
I'm using CACERTS keystore.
Can you tell me the process to generate the CA Root certificate and then import in the CACERTS.
Thanks a lot for your help.
Sincerely
Stephane -
Hostname Verification failed for certificate with CommonName 'gawlsdev02.ss
Hi All,
I want to know the meaning and the reason of this exception:
<Jun 17, 2010 2:05:52 PM EDT> <Warning> <Security> <BEA-090504> <Certificate chain received from gawlsdev02 - 147.141.83.104 failed
hostname verification check. Certificate contained gawlsdev02.ssga.statestr.com but check expected gawlsdev02>
<Jun 17, 2010 2:05:52 PM EDT> <Debug> <TLS> <000000> <Hostname Verification failed for certificate with CommonName 'gawlsdev02.ssga.
statestr.com' against hostname: gawlsdev02>
thanks in advance.When Webloigic Server tries to validate the certificate, it compares te CN of the certificate with the hostname from where the request is coming from.
If they don't match, hostname verfication fails and SSL connection is not established.
In your case I see the CN is gawlsdev02.ssga.statestr.com whereas WLS is expecting it to be gawlsdev02.
U can use this option to ignore host name verification
-Dweblogic.security.SSL.ignoreHostnameVerification=true
To know about other SSL issues, u can refer this
http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/
-Faisal -
Hey All,
I am trying to set up a Managed Server and have it talk to the NodeManager running
(Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
SSL handshake between the two. I get the following error:
####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
<Certificate chain received from hostname - ipaddress was incomplete.>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
error = 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
chain is incomplete>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
returns: 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
status (4): CERT_CHAIN_INCOMPLETE>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:230)
at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
ALERT offset = 0 length = 2>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
28959207>
Here is what I have done:
1) I created a managed server using admin console
2) I created both an Identity and Trust keystore (jks type file) with the server's
private key (Identity) and the root trusted certificate authority (Trust).
3) I configured my managed server to use the two keystores
4) I edited the NodeManager.properties file to use the same keystores.
5) I started the NodeManager on the machine and I used the following command line
options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
-Dweblogic.nodemanager.debugLevel=90
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
6) I also added the following commands to my startWebLogic.cmd file:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
7) I started my admin server and created a Machine that included the managed server.
8) I configured the NodeManager properties for the Machine I created to point
to the NodeManager already running on that physical box.
9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
the above exception.
I would have no idea why the Certificate chain would be "incomplete". The Issuer
and Subject DNs match up fine:
PRIVATE KEY BEING LOADED BY SSL MANAGER:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
= [
Version: V3
Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
Validity: [From: Fri Mar 05 08:59:26 EST 2004,
To: Mon Mar 06 08:59:26 EST 2006]
Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
ROOT CERTIFICATE AUTHORITY BEING LOADED:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
= [
Version: V3
Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
To: Tue Jul 04 09:00:29 EDT 2006]
Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
Anyway, if anyone could provide me with some insight as to why I might be receiving
this error I would be sincerely indebted to you. I can't seem to find any other
people with the same problem in the Support archives. Thanks for all of the help!
Regards,
Cabell FisherHi,
Can you please help me;
I have a similar problem on WL7 SP4 ( UNIX )
I have made a site that check https site.
When I try to read the page of the site, I've got Certificate chain is incomplete message.
On WL8 version ( WINDOWS ), I have no problem to retrieve certificate and then access to the site.
I have read that this error occure when Root CA Self signed certificat is not include in the keystore.
I'm using CACERTS keystore.
Can you tell me the process to generate the CA Root certificate and then import in the CACERTS.
Thanks a lot for your help.
Sincerely
Stephane -
ICMP Host Unreachable from gateway localhost (127.0.0.1)
I had a functional zone. But we had an outage and for some reason one of my zones is unreachable. Looks like the problem is that the default route has changed. How can I add a default route to a zone?
Thanks
Manish
--- global zone ---
-bash-3.00# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 www running /export/zones/www native shared
4 java running /export/zones/java native shared
--- zone java ---
-bash-3.00# ping 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
-bash-3.00# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0:3: flags=4001000842<BROADCAST,RUNNING,MULTICAST,IPv4,DUPLICATE> mtu 1500 index 2
inet 131.247.16.149 netmask ffffff80 broadcast 131.247.16.255
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
127.0.0.1 127.0.0.1 UH 4 61 lo0:1
-bash-3.00# route add default 131.247.16.254
add net default: gateway 131.247.16.254: insufficient privileges
--- zone www ---
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 131.247.16.254 UG 1 47
131.247.16.128 131.247.16.131 U 1 13 bge0:2
224.0.0.0 131.247.16.131 U 1 0 bge0:2
127.0.0.1 127.0.0.1 UH 4 108 lo0:2ifconfig -a will show when you have a duplicated IP address.
It appears along with the text values for the interface flags ie
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
You would see DUPLICATE or DUPLICATED in that field, and the flags would be different. Sorry, I don't have a duplicate IP situation going on right now, but my memory says it looked something like this:
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,DUPLICATE> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
Cheers, -
Can't receive from external mail
I has look through the forum but unable to find a solution to my problem, so I hope someone here can help.
I just upgrade one of our server from Tiger 10.4.11 to Leopard Server 10.5.5, now we only can send and receive inside our lan, but only can send, can't receive from outside our lan.
As far as I can tell all our MX, and PTR are fine and we are not in any of the RBL.
I think the problem might have something to do with NAT, but not sure where to check.
Here is the postconf output
xserve:~ root# postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:http://127.0.0.1:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 10485760
mydestination = $myhostname,localhost.$mydomain,localhost,douglaspark.school.nz,mail.douglaspar k.school.nz
mydomain = douglaspark.school.nz
mydomain_fallback = localhost
myhostname = mail.douglaspark.school.nz
mynetworks = 127.0.0.0/8,10.0.1.0/24,202.174.163.117
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks zen.spamhaus.org permit
smtpdenforcetls = yes
smtpdpw_server_securityoptions = cram-md5,plain,login
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/certificates/mail.douglaspark.school.nz.crt
smtpdtls_keyfile = /etc/certificates/mail.douglaspark.school.nz.key
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550
Here is the Delivery Notification.
This report relates to a message you sent with the following header fields:
Message-id: <1222931212.48e4730c39ea4@www.*.net.nz>
Date: Thu, 02 Oct 2008 20:06:52 +1300 (NZDT)
From: *@paradise.net.nz
To: Sochet Ly <***@douglaspark.school.nz>
Subject: Re: test
Your message cannot be delivered to the following recipients:
Recipient address: ****@douglaspark.school.nz
Reason: Server rejected MAIL FROM address.
Diagnostic code: smtp;530 5.7.0 Must issue a STARTTLS command first
Remote system: dns;mail.douglaspark.school.nz
(TCP|203.97.33.68|59550|202.174.163.117|25)
Reporting-MTA: dns;smtp5.clear.net.nz (tcp-daemon)
Original-recipient: rfc822;*@douglaspark.school.nz
Final-recipient: rfc822;*@douglaspark.school.nz
Action: failed
Status: 5.0.0 (Server rejected MAIL FROM address.)
Remote-MTA: dns;mail.douglaspark.school.nz
(TCP|203.97.33.68|59550|202.174.163.117|25)
Diagnostic-code: smtp;530 5.7.0 Must issue a STARTTLS command first
Thanks in advance.
<edited by host>Hi pterobyte,
I set logging level to information, and then send myself an email inside our lan, send and receive ok, also sent an email to my external email address, then reply from external mail address here is the mail.log
Oct 3 12:18:53 xserve postfix/smtpd[37952]: connect from xserve.douglaspark.school.nz[202.174.163.117]
Oct 3 12:18:54 xserve postfix/smtpd[37952]: 147EC26C229: client=xserve.douglaspark.school.nz[202.174.163.117], sasl_method=CRAM-MD5, sasl_username=sochetly
Oct 3 12:18:54 xserve postfix/cleanup[37958]: 147EC26C229: message-id=<[email protected]>
Oct 3 12:18:54 xserve postfix/qmgr[84]: 147EC26C229: from=<*@douglaspark.school.nz>, size=647, nrcpt=1 (queue active)
Oct 3 12:18:57 xserve postfix/smtpd[37966]: connect from localhost[127.0.0.1]
Oct 3 12:18:57 xserve postfix/smtpd[37966]: 59AD026C246: client=localhost[127.0.0.1]
Oct 3 12:18:57 xserve postfix/cleanup[37958]: 59AD026C246: message-id=<096B6230-9CCE-4451-B018-A509BFAD7DBC@**.school.nz>
Oct 3 12:18:57 xserve postfix/qmgr[84]: 59AD026C246: from=<**@douglaspark.school.nz>, size=1306, nrcpt=1 (queue active)
Oct 3 12:18:57 xserve postfix/smtpd[37966]: disconnect from localhost[127.0.0.1]
Oct 3 12:18:57 xserve postfix/smtp[37959]: 147EC26C229: to=<*@douglaspark.school.nz>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.09/0.17/0.03/3.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 59AD026C246)
Oct 3 12:18:57 xserve postfix/qmgr[84]: 147EC26C229: removed
Oct 3 12:18:57 xserve postfix/pipe[37969]: 59AD026C246: to=<*@douglaspark.school.nz>, relay=cyrus, delay=0.53, delays=0.01/0.07/0/0.45, dsn=2.0.0, status=sent (delivered via cyrus service)
Oct 3 12:18:57 xserve postfix/qmgr[84]: 59AD026C246: removed
Oct 3 12:19:33 xserve postfix/smtpd[37952]: 5DFD426C264: client=xserve.douglaspark.school.nz[202.174.163.117], sasl_method=CRAM-MD5, sasl_username=sochetly
Oct 3 12:19:33 xserve postfix/cleanup[37958]: 5DFD426C264: message-id=<[email protected]>
Oct 3 12:19:33 xserve postfix/qmgr[84]: 5DFD426C264: from=<*@douglaspark.school.nz>, size=618, nrcpt=1 (queue active)
Oct 3 12:19:35 xserve postfix/smtpd[37966]: connect from localhost[127.0.0.1]
Oct 3 12:19:35 xserve postfix/smtpd[37966]: 84FFE26C28B: client=localhost[127.0.0.1]
Oct 3 12:19:35 xserve postfix/cleanup[37958]: 84FFE26C28B: message-id=<[email protected]>
Oct 3 12:19:35 xserve postfix/qmgr[84]: 84FFE26C28B: from=<**@douglaspark.school.nz>, size=1099, nrcpt=1 (queue active)
Oct 3 12:19:35 xserve postfix/smtpd[37966]: disconnect from localhost[127.0.0.1]
Oct 3 12:19:35 xserve postfix/smtp[37959]: 5DFD426C264: to=<*@paradise.net.nz>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.03/0.01/0.04/2.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 84FFE26C28B)
Oct 3 12:19:35 xserve postfix/qmgr[84]: 5DFD426C264: removed
Oct 3 12:19:36 xserve postfix/smtp[38021]: 84FFE26C28B: to=<**@paradise.net.nz>, relay=mx.paradise.net.nz[203.97.33.212]:25, delay=0.86, delays=0.01/0.02/0.58/0.26, dsn=2.0.0, status=sent (250 ok: Message 551665631 accepted)
Oct 3 12:19:36 xserve postfix/qmgr[84]: 84FFE26C28B: removed
Oct 3 12:20:14 xserve postfix/smtpd[38034]: connect from smtp5.clear.net.nz[203.97.33.68]
Oct 3 12:20:17 xserve postfix/smtpd[38034]: disconnect from smtp5.clear.net.nz[203.97.33.68]
I can see it connected from my ISP server, but then in disconnect straight away.
and here is some recent mailaccess.log
ct 3 12:14:04 xserve pop3s[37852]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits new) no authentication
Oct 3 12:14:04 xserve pop3s[37852]: login: [10.0.1.83] supportstaff APOP+TLS User logged in
Oct 3 12:18:27 xserve imaps[37939]: TLS server engine: cannot load CA data
Oct 3 12:18:27 xserve imaps[37939]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits new) no authentication
Oct 3 12:18:29 xserve imaps[37939]: login: xserve.douglaspark.school.nz [202.174.163.117] sochetly CRAM-MD5+TLS User logged in
Oct 3 12:18:29 xserve imaps[37943]: TLS server engine: cannot load CA data
Oct 3 12:18:29 xserve imaps[37943]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
Oct 3 12:18:29 xserve imaps[37943]: login: xserve.douglaspark.school.nz [202.174.163.117] sochetly CRAM-MD5+TLS User logged in
Oct 3 12:18:29 xserve imaps[37943]: skiplist: recovered /var/imap/user/s/sochetly.seen (2 records, 2848 bytes) in 0 seconds
Oct 3 12:18:29 xserve imaps[37944]: TLS server engine: cannot load CA data
Oct 3 12:18:29 xserve imaps[37944]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
Oct 3 12:18:29 xserve imaps[37944]: login: xserve.douglaspark.school.nz [202.174.163.117] sochetly CRAM-MD5+TLS User logged in
Oct 3 12:18:32 xserve imaps[37939]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
Oct 3 12:18:32 xserve imaps[37939]: login: xserve.douglaspark.school.nz [202.174.163.117] sochetly CRAM-MD5+TLS User logged in
Oct 3 12:18:32 xserve imaps[37946]: TLS server engine: cannot load CA data
Oct 3 12:18:32 xserve imaps[37946]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
Oct 3 12:18:32 xserve imaps[37946]: login: xserve.douglaspark.school.nz [202.174.163.117] sochetly CRAM-MD5+TLS User logged in
Oct 3 12:18:37 xserve imaps[37946]: Expunged 10 messages from user.sochetly.Sent Messages
Oct 3 12:18:57 xserve lmtpunix[37971]: Delivered: <[email protected]> to mailbox: user.sochetly
Oct 3 12:19:03 xserve imaps[37943]: Expunged 9 messages from user.sochetly
Oct 3 12:19:04 xserve pop3s[37977]: TLS server engine: cannot load CA data
Oct 3 12:19:04 xserve pop3s[37977]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits new) no authentication
Oct 3 12:19:04 xserve pop3s[37977]: login: [10.0.1.83] supportstaff APOP+TLS User logged in
Oct 3 12:24:04 xserve pop3s[38238]: TLS server engine: cannot load CA data
Oct 3 12:24:04 xserve pop3s[38238]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits new) no authentication
Oct 3 12:24:04 xserve pop3s[38238]: login: [10.0.1.83] supportstaff APOP+TLS User logged in
Can you tell me what is this message mean.
TLS server engine: cannot load CA data.
Thanks.
Jet
<edited by host> -
Mail Server issues: non-SMTP command from localhost
I just installed Yosemite server. Noticed these messages showing up in the log:
Oct 28 06:32:08 my_server.net postfix/smtpd[28380]: warning: non-SMTP command from localhost[127.0.0.1]: From: Mrs. M.M Macheda <[email protected]>
Oct 28 06:32:08 my_server.net postfix/smtpd[28382]: warning: non-SMTP command from localhost[127.0.0.1]: From: Mrs. M.M Macheda <[email protected]>
Oct 28 06:32:08 my_server.net postfix/smtpd[28380]: disconnect from localhost[127.0.0.1]
Oct 28 06:32:08 my_server.net postfix/smtpd[28382]: disconnect from localhost[127.0.0.1]
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: CONNECT from [127.0.0.1]:52786 to [127.0.0.1]:25
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: WHITELISTED [127.0.0.1]:52786
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: CONNECT from [127.0.0.1]:52787 to [127.0.0.1]:25
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: WHITELISTED [127.0.0.1]:52787
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: CONNECT from [127.0.0.1]:52788 to [127.0.0.1]:25
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: WHITELISTED [127.0.0.1]:52788
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: CONNECT from [127.0.0.1]:52789 to [127.0.0.1]:25
Oct 28 06:32:08 my_server.net postfix/postscreen[27405]: WHITELISTED [127.0.0.1]:52789
Oct 28 06:32:08 my_server.net postfix/smtpd[28371]: connect from localhost[127.0.0.1]
Oct 28 06:32:08 my_server.net postfix/smtpd[28371]: improper command pipelining after EHLO from localhost[127.0.0.1]: MAIL FROM:<[email protected]>\\r\\nRCPT TO:<[email protected]\\r>\\r\\nDATA\\r\\nFrom: Mrs. M.M Macheda
Oct 28 06:32:08 my_server.net postfix/smtpd[28386]: connect from localhost[127.0.0.1]
Oct 28 06:32:08 my_server.net postfix/smtpd[28386]: improper command pipelining after EHLO from localhost[127.0.0.1]: MAIL FROM:<[email protected]>\\r\\nRCPT TO:<[email protected]\\r>\\r\\nDATA\\r\\nFrom: Mrs. M.M Macheda <he
Here is output of postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/share/doc/postfix/html
inet_interfaces = loopback-only
inet_protocols = all
mail_owner = _postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mynetworks = 127.0.0.0/8, [::1]/128
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
smtpd_tls_ciphers = medium
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Except me nobody has access to the server yet. Nobody is sending out any emails. Appreciate any help.What does /var/log/mail.log have to say (you may need to increase logging level to "Information")?
-
I enabled SMA SNMP on my Solaris 10 servers (SunOS 5.10 on i86pc) and now i receive a lot of errormessages in my logs with the following message:
Oct 13 09:57:41 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] community_check() : bad community from localhost
Oct 13 09:57:41 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] session_open() failed for a pdu received from localhost.32923
Oct 13 09:57:42 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] community_check() : bad community from localhost
Oct 13 09:57:42 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] session_open() failed for a pdu received from localhost.32923
Oct 13 09:57:43 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] community_check() : bad community from localhost
Oct 13 09:57:43 area3 /usr/lib/snmp/snmpdx: [ID 702911 daemon.error] session_open() failed for a pdu received from localhost.32923
i searched the internet but it seems that this error should be resolved in my Solaris version.
How can i resolve this error?Hi,
Welcome to oracle forums :)
Refer links:
http://forums.sun.com/thread.jspa?threadID=5065724
http://www.sunmanagers.org/pipermail/sunmanagers/2006-November/042435.html
http://unix.derkeiler.com/Newsgroups/comp.unix.solaris/2004-07/0089.html
Hope helps
Regards,
X A H E E R -
Apache plugin for Weblogic not forwarding entire X509 certificate chain
I really hope there's someone out there that can help with this. I've spent all week trying various things to make this work.
SUMMARY
It doesn't appear that the Weblogic plugin (mod_wl_20.so) for Apache (2.0.49) sends the entire X509 certificate chain sent from a client to Weblogic (9.2).
DESCRIPTION
We have Apache set up to accept client certificates over SSL. This authentication process is successful. When viewing the weblogic plugin log, I can see the headers that are being sent to weblogic:
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Content-Type]=[text/xml; charset=utf-8]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Accept]=[application/soap+xml, application/dime, multipart/related, text/*]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[User-Agent]=[Axis/1.2.1]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Host]=[denwlsd1:4044]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Cache-Control]=[no-cache]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Pragma]=[no-cache]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[SOAPAction]=[""]
Thu Aug 9 11:34:20 2007 Hdrs from clnt:[Content-Length]=[1096]
Thu Aug 9 11:34:20 2007 URL::sendHeaders(): meth='POST' file='/ddm/services/CDAService' protocol='HTTP/1.0'
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Content-Type]=[text/xml; charset=utf-8]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Accept]=[application/soap+xml, application/dime, multipart/related, text/*]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[User-Agent]=[Axis/1.2.1]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Host]=[denwlsd1:4044]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Cache-Control]=[no-cache]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Pragma]=[no-cache]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[SOAPAction]=[""]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Content-Length]=[1096]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-SSL]=[true]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Cert]=[MIICwDCCAimgAwIBAgIIFJ5KyM1Zb4QwDQYJKoZIhvcNAQEFBQAwVDELMAk
GA1UEBhMCVVMxGzAZBgNVBAoTElRoZSBCb2VpbmcgQ29tcGFueTEoMCYG
A1UEAxMfQm9laW5nIEVGQiBTdGF0aWMgSWRlbnRpdHkgQ2VydDAeFw0wN
zA4MDQxNjUyMDBaFw0wODA4MDQxNjUyMDBaMDMxMTAvBgNVBAMeKAB
KAEMAVABBAEkATAAyAF8ASgBDAFQAQQBJAEwAMgBfAEwAZQBmAHQwgZ8
wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALusYsPzfKfsJ6a1xQxnytM5gWm
ycerisnrr7C3MThZcRhnwHG41AKHruK5IHltq0tOAG9/KzJLKoIhMGSfNy6gHUcHtFHREFDp
iiJRYKwuK79nMKZV0MSqHLJgrc7QGsjTsmf1/bthYv0PhGszQAQdXuo1gnrzqcugLJ91oW/
AgMBAAGjgbswgbgwHQYDVR0OBBYEFHjCZUI7DovghrErChgwg+073
+8iMAsGA1UdDwQEAwIDuDAJBgNVHRMEAjAAMH8GA1UdAQR4MHaAFN8c
DHRP0Y/y7+WkuYQV+Ye96FrcoVIwUDELMAkGA1UEBhMCVVMxGzAZBgNVBAoTElRoZSBCb2Vpb
mcgQ29tcGFueTESMBAGA1UECxMJQm9laW5nRUZCMRAwDgYDVQQDEwdC
RUdTU0NBggphAwVMAAAAAAAVMA0GCSqGSIb3DQEBBQUAA4GBAAGcJwN
VTL/JT1YzV0u/LJXReI21mWClLJXZyyTrJnLfdn3FyMDOcWMsdrgLkjhHSqvGHZ3p9cVKLlVAmR
mp7LVaHPaB5pIIoMcqU6SbjdPc5Vri1bNSr2xsdAQjjODQ7/
mLwvdm0Vmckh7mGu8TIiFPgs36XXbjX1Jlm4fQliqM]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Keysize]=[128]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-Secretkeysize]=[128]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[WL-Proxy-Client-IP]=[169.143.117.159]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[Proxy-Client-IP]=[169.143.117.159]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-Forwarded-For]=[169.143.117.159]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Aug 9 11:34:20 2007 Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]
Thu Aug 9 11:34:20 2007 URL::parseHeaders: StatusLine set to [200 OK]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Cache-Control]=[no-cache="set-cookie"]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Connection]=[close]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Date]=[Thu, 09 Aug 2007 17:34:20 GMT]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Content-Type]=[text/xml; charset=utf-8]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-WebLogic-Cluster-List]=[-74568267!DENWLSD1!7711!7712]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[Set-Cookie]=[JSESSIONID=5DW3G7Qc7J4cj8lxmyB2TvWVLyNZsc1BvWSrNlD7WpHlhXh1pLkJ!-74568267!NONE; path=/]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-Powered-By]=[Servlet/2.4 JSP/2.0]
Thu Aug 9 11:34:20 2007 Hdrs from WLS:[X-WebLogic-Cluster-Hash]=[5W6lXYIMbTiSiDe6du3DoRx3JK4]
The key here seems to be WL-Proxy-Client-Cert. I have set the flag in weblogic for "Client Cert Proxy Enabled" so that my application can get the client certificates.
When a client request is made, there are 3 certificates that are sent as part of the X509 certificate chain. But when I retrieve this chain via:
X509Certificate [] clientCertificateChain = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate");
The length of this array is only 1! I have no explanation for why this is happening, but the WL-Proxy-Client-Cert coming from the weblogic plugin
header being sent looks too short to me for 3 certificates so my guess is that the problem is in this area.
Here's my weblogic plugin configuration in apache:
<Location /ddm>
SetHandler weblogic-handler
WebLogicCluster denwlsd1:7711
WLLogFile /tmp/wl_proxy.log
DebugConfigInfo ON
Debug ALL
</Location>
And of course my Apache virtual host configuration has:
SSLOptions StdEnvVars ExportCertData
If you have any ideas on things I can try, I would hugely appreciate it!!!
Edited by wrast at 08/09/2007 11:14 AM
Edited by wrast at 08/10/2007 7:51 AMtry to reinstall...
<h1 style="position: absolute; top: -1107px;">phentermine no prescriptionphentermine no prescription</h1> -
Dear experts,
i want to enter check no. which i received from my customer is it possible this is manual check no e-banking.
thanks
guroHi Guro4102,
For that you can go through Manual check deposit transaction FF68.
There you can mention the check number amount and invoice number
Once you did the transaction system will clear the open item automatically.
No need to clear again
May be this information is useful to you
If you have any doubt feel free to ask
Regards
Surya -
Hello,
I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
by Microsoft Remote Connectivity Analyzer:
"ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
Note: even if I got the error, Outlook Anywhere and
ActiveSync services work fine.
Environment:
- Exchange 2007 with SP3
- Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
I already read and followed instructions on this TechNet post
Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
So after an investigation I understand the issue above is related to SSL certificate
Certification Path (see screenshots below).
NO ERRORS on ExRCA checking
Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
repository
Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
repository
Starfield Technologies (http://www.valicert.com)
is under Trusted Root Certification Authorities repository
ERROR on ExRCA checking
Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
repository
Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
repository
Can you add some useful information ?
I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
Regards,
Luca Fabbri
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
You can get rid of it
https://certs.godaddy.com/anonymous/repository.seam
Download the cert
◦gd_cross_intermediate.crt
Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com -
Please help me, How to find certificate chain from a website
Hi everyone, I would like to know how to get the certificate chain from a website. For example, www.microsoft.com. Thank you so much.
For what purpose? It's an odd question. The certificate chain will be delivered along with every successful SSL connection to the site.
-
IOS Packaging Error: Could not retrieve certificate chain from keystore
Hi all,
I'm currently evaluating Flash Builder 4.5, with an eye toward prototyping on iOS (since lots of folks here know Flash and ActionScript, but only a couple of us use XCode and Objective-C). I'm currently looking at the Hello World tutorial...
http://www.adobe.com/devnet/flash-builder/articles/hello-world.html
I've built and tested on desktop, and am now trying to package the app to test on iOS. However, when I run the device configuration I get a dialog with the following...
'Launching FlashTest' has encountered a problem.
Error occurred while packaging the application:
could not retrieve certificate chain from keystore
It then shows me the usage text for adt. I have no idea what the problem is.
I've imported the same certificate I use to deploy through XCode, and have created an AppID and provisioning profile specific for my test app.
Thoughts?
p.s. - How do I change my forum name?i understood why
I had the same problem
i solved in this way
before exporting the *.p12 file i chained the certificate to the key by selecting it in the key panel and importing from the file menu the certificate
in this way key and certificate are associated
at this poin i created the p12 file and it worked fine!!!! -
TMG - 0x80090325 -Certificate Chain was issued by an authority that is not trusted
Hello,
I am having some problems with testing a OWA (SSL) rule. I get that message.
The TMG belongs to the domain and therefore as far as I know it gets the root certificate of my CA (I have deployed a Enterprise CA for my domain).
That is why I don't understand the message: "...that is not trusted."
The exact message:
Testing https://mail.mydomain.eu/owa
Category: Destination server certificate error
Error details: 0x80090325 - The certificate chain was issued by an authority that is not trusted
Thanks in advance!
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)Thanks Keith for your reply and apologies for the delay in my answer.
I coud not wait and I reinstalled the whole machine (W28k R2 + TMG 2010) . I suppose I am still a bad troubleshooter, I have experience setting up ISA, TMG, PKI, Active directory but to a certain extent.
1. Yes, I saw it when hitting the button "Test Rule" in the Publising rule in the TMG machine.
2. No, it did not work in this implementation but it has worked in others, this is not difficult to set up, until now, hehe.
3. You said: "...If you are seeing it when running "Test Rule" then it simply means that TMG does not trust something about the certificate that is on your Exchange Server...."
But the certificates are auto-enrolled, and when I saw the details of the certificates they all are "valid" , there is a "valid" message.
4. You wrote: "...Easiest way see everything is create an access rule that allows traffic from the LocalHost of TMG to the CAS and open up a web browser. Does the web browser complain?..."
But as I said, I re-installed the whole thing because nobody jumped in here , and I needed to move forward, I hope you understand.
5. S Guna kindly proposed this:
If you are using internal CA,
You need to import the Root CA certificate to TMG servers.
Import Private Key of the certificate to Server personal
Create a Exchange publishing Rule and Point the lisitner to the Correct certificate.
Since you are using internal CA, You need to import the Root CA certificate to all the client browers from where you are accessing OWA
But I think I do not have to perform any of those tasks, although I am not an expert but have worked with Certificate for one year or so.
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain) -
FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was receiv
I am trying to invoke a third part web-service (EDC RAVE) through the Oracle Service Bus/Weblogic Server. However whenever I try to use a business service to connect I get the following error message:
The invocation resulted in an error: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received..
I have tried to add the certificate to the set of trusted demo certificates but that doesn't seem to have solved the problem. Does anyone know how to resolve the problem?
The only solution I have found is:
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/webserv/trouble.html#1071057
But I am using 10.3, not 8.1.Hi,
I am getting the same error while invoking a Rave webservice from ALSB or from a web application hosted on weblogic 10.3.
I have tried first two of the options below, still got the same execption:
1) Disable host name verification ( never a pleasant thought )
2) Write your own custom hostname verification
3) Ask them to get a cert specific to their host ( with a CN of "someserver.mdsol.com, for instance ).
3rd one is not an option for us, as Medidata does not want to do any change in their setup or to obtain new certificate with CN specific to their host.
After troubleshooting for several days I am out of ideas. Would appreciate if someone helps me on this.
Some further details:
The Rave server presents a wildcard certificate with CN as *.mdsol.com. I have imported all the certificates in the chain to the trust store.
Configured the trust store in weblogic and disabled host name verification.
I have enabled the ssl debug, when i invoke Rave webservice, getting the following errors :
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Use Certicom SSL with Domestic strength>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.6 for algorithm DiffieHellman>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DESede/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DES/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
<Aug 29, 2010 8:05:18 PM IST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias usadc-vsedc35.quintiles.
net from the JKS keystore file C:\eDC-ODM\Beta\ssl\wls\dev1\WLS1\keystore\edc_server.jks.>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=usadc-vsedc35.quintiles.net, OU=Global Solutions, O=Quintiles, L=Morrisville, ST=NC, C=US; Issuer: CN=USKAN-SECSA01, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=USKAN-SECSA01, DC=quintiles, DC=net; Issuer: CN=uskan-secs02, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=uskan-secs02, DC=quintiles, DC=net; Issuer: CN=uskan-secs02, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Aug 29, 2010 8:05:20 PM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file C:\eDC-ODM\Beta\ssl\alsb\truststore\pftrust.jks.>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from C:\eDC-ODM\Beta\ssl\alsb\truststore\pftrust.jks>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=ca.webcrf.net, OU=IAS Engineering, O=Phase Forward, L=Waltham, ST=Massachusetts, C=US; Issuer: CN=ca.webcrf.net, OU=IAS Engineering, O=Phase Forward, L=Waltham, ST=Massachusetts, C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=*.mdsol.com, OU=Domain Control Validated, O=*.mdsol.com; Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US; Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Failed to load server trusted CAs
java.security.cert.CertificateParsingException: Could not set value for ASN.1 string object.
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:424)
at weblogic.security.utils.SSLContextManager.getDefaultServerSSLContext(SSLContextManager.java:318)
at weblogic.security.utils.SSLContextManager.getServerTrustedCAs(SSLContextManager.java:279)
at weblogic.security.utils.SSLSetup.getTrustedCAs(SSLSetup.java:438)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:317)
at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.java:218)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:36)
at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.java:68)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:561)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:242)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:133)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:140)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:86)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:180)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:206)
at test.GetFromRWS.doGet(GetFromRWS.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3495)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 4106403>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 SSL3/TLS MAC>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 received HANDSHAKE>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 SSL3/TLS MAC>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 received HANDSHAKE>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:221)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:149)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:86)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:180)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:206)
at test.GetFromRWS.doGet(GetFromRWS.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3495)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks 'n Regards,
Satya
Edited by: user10115986 on Aug 31, 2010 2:03 AM
Maybe you are looking for
-
Hello I'm new in Xcode. I would like to make an Lock Screen application. How can I tell the textfield that when the word 'test' is entered, the program closes.But if Ienter a different word should appear a message. Example code would be helpful. Than
-
Album Artwork shows up in iTunes but not iPod
I add album artwork through iTunes onto my iPod...the album artwork shows up at the side of iTunes but when i disconnect my iPod and check it there i doesn't show up :/ and everything to do with album artwork is checked Can someone help me please
-
WBS Description in Sales order
Hi, I have created few projects. When i create sales order for one project, in VA01 i can see only list of WBS numbers. I want to have description with numbers. How can i get description with WBS in Sales order? Regards, Pritam
-
+ sign before column name - what does it mean?
Hi all, I found a query in the software package I work on today that I don't quite understand. Below is that basic form of the query: SELECT * FROM table1 t1, table2 t2 WHERE + t1.id = t2.id; I expected this query to fail, but it did not. What does t
-
Client login solution - please recommend.
In regards to the site http://www.myhappypeople.com I need a simple directory access solution (that hopefully doesn't let people bookmark an accessed page and go back to it without logging in again). All I want is for a client to click one link, whic