Certificate Exception - applet client to java server with SSL

Similar Messages

• Sending a certificate form the client to the server... how to ?

  how can I send a certificate from the client to the server trough a Java code ??

  Short answer: You specify a keyStore.
  Either via command line using the -Djavax.net.ssl.keyStore=keystorefile property,
  or in Java code:
  char[] passphrase = "password".toCharArray();
  SSLContext ctx = SSLContext.getInstance("TLS", "SunJSSE");
  // KeyStore for the SSL client certificate
  KeyStore keyStore = KeyStore.getInstance("PKCS12");
  keyStore.load(new FileInputStream("client-cert.p12"), passphrase);
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
  keyManagerFactory.init(keyStore, passphrase);
  // keyStore for trusted server certs or CAs
  KeyStore trustedKeyStore = KeyStore.getInstance("JKS");
  trustedKeyStore.load(new FileInputStream("verisign-test-cert"), passphrase);
  TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
  trustManagerFactory.init(trustedKeyStore);
  ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
  SSLSocketFactory sslSocketFactory = ctx.getSocketFactory();
  HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
  // open the http connection to the party
  myConn = (HttpsURLConnection)myURL.openConnection();

• Http client------ XI  (via HTTP with SSL),

  hi forum,
  we have a http client that sends a http erquest to XI, by using sap/xi/adapter_plain
  service,  i mean plain http adapter
  but for scurity reasons i need HTTPS communication,
  can u tell me how to enable HTTPS (HTTP with SSL) communiaction in the same scenario,
  http client------>XI  (via HTTP with SSL)

  hi sudeep,
  u need to create a comm ch of adapter type http n set the security level there.
  refer this for help:
  http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm
  [reward if helpful]
  regards,
  latika.

• Help: question on send XML file from java client to java server

  Hi, I am now to Java, and now I am going to set up a simple network in the lab.
  I have created a random array of data and transferred to XML file on my client. Now, I would like to send it to the server. I am wondering how I can put the XML file into my client, and do I need any parser to let the server show what random date it has received?
  Anybody can give me any idea or some basic code? Thank you.
  Now, I am referring the KnockKnock example in Java online tutorial. But, not clear how to deal with the XML File.
  Fengyuan

  There are several ways you can achieve this: one could be that you transfer data over HTTP, using Servlets for instance. Have a Servlet listening on the Server with content type 'text/xml', POST the XML data to the server and have the Servlet to receive the data and re-compose the XML file. This can be achieved with different libraries:
  1) JAXB --> this is good because is the JDK standard, also for web services
  2) Castor (http://www.castor.org/)

• Data transfer between C client and Java server

  Hello there
  I am working on a project where I have to develop a Client based on C and Server based on Java. The client can connect to Java server and it then sends a integer/string to Java server. But.. Java server unable to receive that and throws an IOException.
  I use write method to send the integer buffer to the socket.
  int out_buffer = 0;
  int *pbuf;
  pbuf = &out_buffer;
       if (write(acskfd, pbuf, 4)< 0){
                 syslog(LOG_ERR,"Write failed. %s(%d)", strerror(errno), errno);
                 printf("\tCLIENT:\tWrite failed\n");
                 exit(1);
  In Java, i use DatainputStream and readnInt method to read the integer from the stream.
  cl_sock = socket_out.accept();
  DataInputStream sInput =new DataInputStream(cl_sock.getInputStream()) ;
  int cmd = sInput.readInt();
  Am I missing someting.. Any suggestions would be really really helpful.
  Thanks
  Ithaca
  PS: I running both programs in the same machine.
  In C part, I also use host to network byte order conversion (serv_addr.sin_port = htons(portno).

  I would suggest writing a Java client to perform the same tasks as the C client.
  Then if the Java client does, or does not work this can help dteremine which end is at fault.
  Are you flushing your data from the client?

• UDP DatagramPacket sent between C (client) and Java (server)

  Hi,
  I have a problem sending a struct from C to Java UDP server.
  In the C (client) program, the struct is defined as
  typedef strurct dataType_s {
  char name[52];
  char add[52];
  long x;
  long y;
  } dataType;
  dataType data;
  strcpy(data.name, "sun");
  strcpy(data.add, "com");
  data.x = 100;
  data.y = 50;
  sendto(sock, (struct dataType*)&dataType, sizeof(dataType), (struct sockaddr*)&dest, sizeof(dest))
  In the Java server side, I have the following code.
  byte[] buffer = new Byte[1024];
  DatagramPacket packet = new DatagramPacket(buffer, 1024);
  udpSock.receive(buffer);
  byte[] data = buffer.getData();
  String name = new String(data, 0, 52);
  String add = new String(data, 52, 52);
  String _xx = new String(data, 104, 4);
  String _yy = new String(data, 108, 4);
  Byte x = new Byte(xx.getBytes());
  long x = _x.longValue();
  Byte y = new Byte(yy.getBytes());
  long y = _y.longValue();
  I am having problem to read the contents of x and y above. The string name and add received by the server
  are correct. However, I receive garbage value
  for x (long) and y (long). In fact, I get expection
  that I cannot create Byte x and Byte y as shown
  above. Any idea of how to send a mixture of types
  from C/C++ to Java server?
  Thanks a lot.
  Kelvin ([email protected])

  sendto(sock, (struct dataType*)&dataType,
  sizeof(dataType), (struct sockaddr*)&dest,
  sizeof(dest))You have to check the alignment of your structs. You can't be sure that a long takes up four bytes. It can very well be 8 bytes or something else depending on your settings at compilation.
  udpSock.receive(buffer);
  byte[] data = buffer.getData();I suppose this is a typo, but of course you should use packet not buffer here.
  >
  Byte x = new Byte(xx.getBytes());
  long x = _x.longValue();
  Byte y = new Byte(yy.getBytes());
  long y = _y.longValue();
  in my opinion its easier to use a DataInputStream instead:
  DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
  int y = in.readInt();
  Notice that a long in Java is 8 bytes. A C long corresponds to a Java int.
  /Per-Arne

• Starting Server with SSL Enabled

  I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
  I write slapd-test-pin.txt file as following :
  slapd-test-pin.txt
  -------begin-----------
  Token:test123456
  -------end ------------
  I put the slapd-test-pin.txt into /usr/iplanet/server/alias
  then, I restart directory server from command line.
  /usr/iplanet/servers/slapd-test/stop-slapd
  /usr/iplanet/servers/slapd-test/start-slapd
  What's wrong ?
  Thank you !!!!

  I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
  [26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
  [26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
  I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
  Any ideas?
  Thanks in advance!

• Access Manager Client SDK Java Usage with multiple OpenSSO instances

  I am having some problems using the SDK / API for connecting to OpenSSO in a Java multi-threaded environment, while connecting to multiple instances of OpenSSO.
  Is there a way to setup a new AuthContext that does not include 1) Use of global configuration AMConfig.properties or 2) Stick stuff in SystemProperties?
  I see a constructor that takes an OpenSSO url, but the 2nd parameter seems to be ignored. .I.e. com.sun.identity.authentication.AuthContext.AuthContext(String orgName, URL url). I can login if I use the naming service url using "com.iplanet.am.naming.url" with the following code, but for this to work while connecting to multiple OpenSSO servers, I have to synchronized the calls and create the context each time I want to perform an API call.
  THIS WORKS:
            String realm = "/";
            String strUrl = url.toExternalForm();
            // from AM server's AMConfig.properties
            Properties amEnv = new Properties();
            amEnv.setProperty("com.iplanet.am.naming.url", strUrl);
            amEnv.setProperty("com.iplanet.am.naming.failover.url", "");
            amEnv.setProperty("com.iplanet.services.debug.level", "message");
            amEnv.setProperty("com.iplanet.services.debug.directory", "/tmp/debug");
            amEnv.setProperty("com.iplanet.security.encryptor",     "com.iplanet.services.util.JSSEncryption");
            amEnv.setProperty("am.encryption.pwd", "BXo8vzOHob8FTpR6da+cSAi0TPLTH2Q/");
            SystemProperties.initializeProperties(amEnv);          
            lc = new AuthContext(realm);
  THIS DOESN'T:
            amEnv.setProperty("com.iplanet.am.naming.url", "");
            lc = new AuthContext(realm, strUrl);
  In my ideal scenario, I'd like to cache a number of different AuthContext instances which connect to a number of different OpenSSO servers. When trying the second scenario, I get the following error message:
  "Failed to create new Authentication Context: {0}"
  Ideas?

  Yep, that was me struggling with 2005Q4 before they released a patch (120954-03 if I am not mistaken).
  1. Have you configured your AM installation as a site?
  2. Have you added a secondary configuration in the session tab?
  A restart will be required after that. Try setting log levels to debug. When AM webserver comes up and brings the application live, you'll see information regarding the secondary configuration, and whether things are actually in place or not.
  Hope this helps.
  Ankush
  http://www.iamcg.net

• How do I bind to directory server with SSL and authentication?

  I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
  Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
  Here are the problems:
  1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
  2) I was never prompted to authenticate for the directory binding.
  So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
  What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
  Thank you.

  You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
  Cheers,
  Vikas

• Setting up Mail Server with SSL

  Hey guys,
  Unless I'm missing some fundamental stuff, I'm having some nasty problems getting SSL to work with OS X Server 10.4 Mail. As of right now, I have it working with Apache without a problem using a nopass key and the other required files.. I have:
  domain.crt
  domain.csr
  domain.key
  domain.nopass.key
  gd_intermediate.chcrt
  Now when I try going into server admin and simply using the crt, key and chcrt and enabling IMAP/POP and/or SMTP:
  SMTP just stops working and hangs all together.
  IMAP and POP via SSL I've gotten working but i get the "not signed certificate" window that pops up.
  Also, when this started, I noticed that upon changing the settings, mail would stop working all together, but I did read a bit about a line that shows up in /etc/imapd.conf:
  tlscommonname:
  which causes mail to hang, and I've learned to delete that/comment it out.
  Is there a way to easily set this up/can i do it via command line via imapd.conf and main.cf?

  Hello,
  I have an IMAP email address with lots of folders in it and filters on the server that route the emails to a specific folder by different rules.
  Does anybody have any idea about how could I make the email application show all the folders in my inbox? By default I can only see the emails in my inbox and that is useless because most of the important emails go into folders and this application doesn't synchronize the folders. I have to go into each folder by selecting the more folders option and only then it searches for new email, but when you have around 30 folders it's kind of time consuming to select "more folders", navigate to a folder go into that specific folder and see if you've got any mail. Not to mention the stupid sorting options at the right which can't be removed and every time you open the email it goes to the default date setting and it's showing the email divided into days. Who thought that would be useful?
  I've also had an e66 and the mail application worked flawlessly ( you could see all the folders, how many unread messages you had in each folder, the emails sorted by date with the unread messages first).
  Does anybody know a good email application that can be installed on this phone, or how could I install the old email application (e66, e71), which for me worked perfectly.
  Thank you.

• Setup automated Powershell to upload files to a remote ftp server with ssl

  Thanks in advance for the advice!
  I need to create a script to upload a file to a remote server to transfer some large files, and I've been reviewing some methods needed, and have a few questions.
  Is there a best practice for sending large files? 
  Is the webrequest or put commands better to use?
  This will be the first time we use Powershell on this server.   Should I change the executive policy on the server or should I change it in the script when running for security purposes?   This is a data warehouse therefore our strategic
  data is else where but want to make sure everything is secure as possible.
  I am able to run something similar on my laptop which works but when I try it on the server it is blocked.   I'm assuming I'll have to open up port 22 for this application to work.   How can I confirm that this is the port Powershell
  needs open for these transfers. 
  Any references to learning links appreciated since I'm new to Powershell.
  Thanks!

  Sorry but we cannot help you with this.  We suggest you contact a support tech or consultant to help you set up your system.
  Start by learning how PowerShell works and how to set it up. As fro the SSL you will need to postyourscript with any issues and errors.
  Start here:
  http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
  ¯\_(ツ)_/¯

• Starting Admin Server with SSL as Windows service

  Using Admin Server 5.2, SP3:
  How (or can) I start the admin server as windows service after enabling SSL? When I try to start it as a service, I get prompted with a dialog box for the cert/key database password, but I want this start seemlessly. I tried creating a text file containing the password (as advised for normal directory server) - of the form: admin-serv-<inst>-pin.txt in the /alias subdirectory, containing the line "internal (software) Token:<password>", but this did not work - I still get the dialog box prompt.
  Do I need to put this password file somewhere else? Do I need tweak something to make this work? Or is it impossible to start the admin server seemlessly as a service after enabling SSL?
  Thx.
  R

  Hi Gary-
  Thanks for responding. I tried making the file read-only in Windows, but it yielded the same result. I also tried different combinations of removing spaces and new-line inside the file, all to no avail.
  I think this is a different beast than the slapd server - the admin server is actually an 'ns-httpd' process; Since I saw that this was the case, I also tried updating the <server-root>\admin-serv\config\magnus.conf by adding an SSLPassPhraseDialog directive to a command that echo'ed back the password, but I just got a warning that this directive was ignored.
  Any other thoughts? Does anyone else even try securing the admin server?

• Soap : java server / Vb client ?

  what kind of problems can occur if i develop an application based on soap protocol with a VB client and java server ( apache server web) ?

  Hi,
  Have u found any solution..???
  if yes please help me ..
  am trying for an application which can communicate over net between
  Solaris and Win NT. I am thinking of using SOAP for this communication.
  Solaris is going to post SOAP envelops using Java and WinNT is going to
  read these envelops using VB.
  but i want this communication to be secure.
  so, i would like to know
  1. Is SOAP the right technology for this
  2. Can SOAP envelops be made secure
  3. Do u have any other solution for this
  4. Can i send a entire file as an attachment/text with xml
  5. PLEASE : Can u provide me with sample code
  Kind regards
  Sachin

• ICal managed client with SSL

  Hi folks,
  I already crawled the forum, inet and other sources but I still got no solution nor feasible workaround for a managed client to use iCal with SSL.
  My mac mini is on SL server 10.6.7 and I configure iCal in server admin to use SSL on port 8443 with a self-signed certificate.
  For address book this approach is working fine unfortunately it doesn't help with iCal.
  My managed client is setup after binding to the server with address book on SSL and iCal without SSL on port 8008.
  What the heck do I need to configure in order to get my managed clients setup automatically to iCal SSL?
  Please help me. I'm really desperate.
  Thanks,
  Manolo

  Can someone provide me with a hint?
  Always if I connect my network account to the SL server iCal is setup to use http on port 8008.
  thanks

• Configuring BI Publisher with BI Server on SSL

  I am trying to configure BI Publisher 10.1.3.4 with a BI Server that is configured in SSL.
  The options we have for appending the connection string are:
  <Property Name>:= <Catalog>|<User>|<Password>|<SSL>|<SSLKeyStoreFileName> |<SSLKeyStorePassword>|<TrustAnyServer>|<TrustStoreFileName >|<TrustStorePassword>|<LogLevel>|<LogFilePath>|<PrimaryCCS>|<PrimaryCCSPort>| <SecondaryCCS>|<SecondaryCCSPort>
  eg:ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;
  How should we configure this if we do not have a keystore on BI Server with SSL.
  We only have a cacert.pem,server-req.pem,server-cert.pem,server-key.pem,serverpwd.txt and cacert.pem..

  We have got the solution for this issue.
  We need to generate a certificate thro a keytool with a Distinguished Name associated with it.
  Certifying it with self cert of keytool and import the certified certificate into the jave a keystore cacerts and modifying the web site that directs the url to the Publisher Application.
  Steps below:
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -genkey -keyalg RSA -keystore sslfile -storepass obiee123 -alias testalias5
  What is your first and last name?
  [Unknown]: shravan
  What is the name of your organizational unit?
  [Unknown]: unit
  What is the name of your organization?
  [Unknown]: Org
  What is the name of your City or Locality?
  [Unknown]: BU
  What is the name of your State or Province?
  [Unknown]: MA
  What is the two-letter country code for this unit?
  [Unknown]: US
  Is CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US correct?
  [no]: yes
  Enter key password for <testalias>
  (RETURN if same as keystore password):
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -selfcert -keystore sslfile -storepass obiee123 -alias testalias
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -list -keystore sslfile -rfc
  Enter keystore password: obiee123
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 1 entry
  Alias name: testalias
  Creation date: Dec 31, 2008
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  -----BEGIN CERTIFICATE-----
  MIICMDCCAZkCBElbp/wwDQYJKoZIhvcNAQEEBQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1B
  MQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNVBAsTB1N1cHBvcnQxDjAM
  BgNVBAMTBUJpbmR1MB4XDTA4MTIzMTE3MTIyOFoXDTA5MDMzMTE3MTIyOFowXzELMAkGA1UEBhMC
  VVMxCzAJBgNVBAgTAk1BMQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNV
  BAsTB1N1cHBvcnQxDjAMBgNVBAMTBUJpbmR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL
  yBssKV4mneXMpvIJbAdlVUe2PkWTKYNjs52mEa6a05kbgUstvtL1OAMErycLZUwe4I0q/PKEKZ6K
  4e3AITnUugeHBIxki62DIZcMpHq5NgbqKuEFboBZJeRZgTy61aBfEWIclWpUi0BblXpUZCv0KYAV
  QgSVh71QDJJGyUjTgwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAHNnUcwia4abj5pJ97uPtbtiKB4b
  6Yx6G/RDf67jwThvvOHgYBo9ue+4s+VXAoNXp7NwFlLTvv0OopSq8IQvQyFy/cTpqYMT4In0t+u+
  0VaKXeL+sMwi3wRYI0RYbMy6NwxGLekjEHLaZa4IXoR8koD69TJLwXk92h48vnLI3YnB
  -----END CERTIFICATE-----
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -export -alias testalias -keystore sslfile -file myfile.crt
  Enter keystore password: obiee123
  Certificate stored in file <myfile6.crt>
  C:\OracleBI\oc4j_bi\j2ee\home\config>
  C:\Program Files\Java\jdk1.5.0_14\jre\lib\security>keytool -import -trustcacerts -alias testalias6 -file myfile6.crt -keystore cacerts -storetype JKS
  Enter keystore password: changeit
  Owner: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Issuer: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Serial number: 495ba7fc
  Valid from: Wed Dec 31 10:12:28 MST 2008 until: Tue Mar 31 11:12:28 MDT 2009
  Certificate fingerprints:
  MD5: 14:B5:82:73:8B:9F:DF:D5:8D:BF:69:A8:DC:AA:E1:43
  SHA1: 4E:8B:34:8D:76:BE:83:81:CF:3E:9F:5D:6C:C0:44:55:6B:58:71:81
  Trust this certificate? [no]: yes
  Certificate was added to keystore
  Also modify the web-site on j2ee/home/config and server.xml appropritately to access the site on https.
  secure-web-site shld be appended with : port=4443, protocol=http, secure="true"
  server.xml shld be added with this secure-web-site to make the app work on SSL...