Expired certificate unexpectedly works under JRE 1.4.2_06+

Hi,
I have a client trust store for server authentication containing an expired certificate.
Under JRE 1.4.2_06 (and 1.5) the expiry is ignored (unexpected), however under 1.3 and 1.2 using the same code it is considered invalid (as expected).
Why has the behaviour changed?
Thanks,
Martin.

After looking at the fixes applied between these two versions of the JRE I've found the following against 1.4.2_04...
4945571 consider removing validity check on trusted cert anchor selection
But no information exists in the bug database regarding this change! :(
Does anyone know what was done as part of this fix?

Similar Messages

Eclipse running under JRE

Hello gurus...
I have seen eclipse working under JRE only. But how it can compile java files to class files if there is no javac.
any clues???

phoenix-supratim wrote:
But could you be more specific. Exactly which compiler you are talking about.The eclipse compiler. I don't know how to be more specific than that. They have created their own compiler so you don't need a JDK to use it (and possibly for other reasons).
Is there any other compiler available to compile java files to class files.Well, I guess OpenJDK have their own compiler too.
If that is the case then for running jar files it needs a JVM. And if a JVM is already there in eclipse it should'nt have asked for a JRE in the first place.[Eclipse atleast need a jre to run]I didn't say Eclipse has its own JVM. I said it has its own compiler. It requires a JRE because JRE contains the JVM that is used to run any Java programs.
Another thing I would like to know. I have added MAVEN plugin in my eclipse. I noticed that when eclipse working under JRE only, MAVEN gives warning that a jdk JVM should be there to successfully run MAVEN. Beacause it needs some jar files from JDK. Exactly which jar files does MAVEN need from JDK and which way those jar files are different from JRE jar files.JDK has additional libraries that the JRE doesn't have.
Because all the jar files JDK have to initialize and run a JVM are all there in JRE.JDK includes the JRE, which includes the JVM. And the JDK does have things that the JRE doesn't (like the compiler).

Problems with signed Applet for File Download under JRE 1.4 (works with 1.3

Dear all,
i encountered a very strange behaviour with JRE 1.4x. A signed applet used for file download worked on all platforms (Windows NT, 2000 and XP wth/wthout SP...) until I installed JRE 1.4.x (1.4.1 or 1.4.2)
I get an EOFException when downloading binary files (for ASCII it works fine) when trying to readByte() from a DataInputStream. But not immideately, but after x bytes in the while-loop. Security is fine (I know there have been changes to that in jre 1.4, the applet itself can be started an runs with ASCII files for transfer)
Does anyone know, what has changed in jre1.4.
As I said, it works fine under jre 1.3.x
The relevant code is below: byte bt = dis.readByte(); causes the error
try{
// Get URL from Server
URL uFile = new URL(sFilename);
sThisURLFile = uFile.getFile();
Integer inte = new Integer(i);
//open input stream for the file on server
DataInputStream dis = new DataInputStream(new BufferedInputStream
(uFile.openConnection().getInputStream()));
//open output stream for the file on local drive
String sFilenameOnly = sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1);
int iDotPos = sFilenameOnly.lastIndexOf(".");
String sExt;
if (iDotPos > 0) {
sExt= sFilenameOnly.substring(iDotPos);
} else {
sExt = "";
File fileOut = new File(sDownloadDir + sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1) );
DataOutputStream dos = new DataOutputStream(new
BufferedOutputStream(new FileOutputStream(fileOut)));
//read one byte from input stream, and write that byte to output stream
long nByte = 0;
int iCnt = 0;
iFilesizeDone ++;
while (nByte < iFilesize){
String sErrPs = new String();
try{
sErrPs = "00";
byte bt = dis.readByte();
sErrPs = "01";
dos.writeByte(bt);
} catch (EOFException ee)
System.err.println("internal EOFException: " + ee.getMessage());
System.out.println("Error Filesize is " nByte " of " iFilesize "---" + sErrPs);
break;
nByte++;
iFilesizeDone ++;
iCnt ++;
if(iCnt >= 10240) {
ShowProgress(nByte, iFilesize, iFilesizeDone, iFilesizeTotal); // repaint does not work during init-procedure
iCnt = 0;
line = "Progress: Total: " + ((iFilesizeDone*100)/iFilesizeTotal) + " perc, " + iFilesizeTotal/1024 +" kbytes" ;
labLine.setText(line);
//dos.flush(); // improves Client performance (Agent-Call!)
dis.close();
dos.close();
}// End try
catch (EOFException ee)
System.err.println("EOFException: " + ee.getMessage()e);
catch (SecurityException se)
System.err.println("SecurityException: " + se.getMessage());
catch (IOException ioe)
System.err.println("IOException: " + ioe.getMessage());

perhaps they've changed something with the file blocking.
btw, you should try to use something like this
DataInputStream dis = new DataInputStream(is);
byte[] buffer=new byte[8192];
int numBytesRead;
while ( dis.available()>0 ) {
numBytesRead = dis.read(buffer);
}

ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at. Customer is using EAP-TLS with and everything appears to setup properly. Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:
12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain
OpenSSL messages are:
SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509
certificate ex pi red"'
4 727850450.3616:error.140890B2: SS L
rOYbne s: SSL 3_ G ET _CL IE NT _CE RT IF ICAT E:no ce rtific ate
relurned: s3_ srvr.c: 272 0
I'm not sure if this is cosmetic or if this is something that I should be tracking down. System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain. Any ideas what to check?

Hello Dino,
thanks very much for your reply.
The client uses a machine-certificate, the PKI is not a microsoft one, but a third party PKI. The certificate is fresh and valid, the root-cert is installed and checked to be validated against it for the login.
Clock is correct too. The same setup works flawlessly in Windows 7 and XP.
EKU is set on the certificate (1.3.6.1.5.5.7.3.2)
I suspect the cert-setup itself, but don't get a clue where this might stuck...
Björn

Expired certificate and opera mini not working

i had a problem while i was installing my whatsap,it always says "expired certificate" and my opera mini is not working,says check date settings.please help

As this is your first post upon the forum an indication as to what device this appertains would be helpful.
Happy to have helped forum in a small way with a Support Ratio = 37.0

How to remove Expired Certificate in Certification Authority

So the base certificate at a client site running Server Standard 2012 R2 expired.
I went in and did a renewal, which created a new certificate, but the old expired cert still shows in the list and is still being handed out by the CA.
Certificates #1 & #2 are the renewed cert's, Cert #0 is expired, why did it not get replaced during the renewal process?
How do I remove the expired Certificate? The CA is still using it and handing out expired cert's, this is preventing people from connecting to the secure Corporate WiFi environment because the NAP server is now rejecting access due to an expired certificate.
Before I renewed and changed the certificates in the NAP server to point to the new reviewed cert, I was getting this event log entry when a user tried to connect to the Secure Corporate WiFi:
Event ID 6273, Reason Code 262, The supplied message is incomplete. The signature was not verified.
After I changed to the Certificates in the NAP server to point to the renewed cert's, I get this error, still not able to connect to WiFi:
Event ID 6273, Reason Code 265, The certificate chain was issued by an authority that is not trusted.
How do I go about cleaning out that Expired Certificate in the CA, I removed it from the computer cert list using the Certificates snap in and connecting to the local computer. I then stopped and restarted both the CA and NAP services. Still
no change. I need to get the CA cleaned up and trusted again.
Any help would be greatly appreciated.
Curt Winter
Microsoft Certified Professional

Ok the NAP server is now working properly, the Expired Certificates are clean up and we are back in working order.
Here is a review of what I did to get the issue resolved:
1) First thing was to remove the old SBS server entries that where causing the workstation to try and renew their certs with the old server. To do this I ran ADSIEdit expanded the
CN=Configuration | CN=Services | CN=Public Key Services. I then went through every folder and every entry under Public Key Services looking for and removing or updating entries pointing to the old SBS. I then made sure authenticated
users had read permissions on CN=Enrollment Services.
2) Ensure the CA is an Enterprise CA, I ran certutil -cainfo
to ensure it showed as Enterprise Root CA.
3) I then went back into ADSIEdit expanded
CN=Configuration | CN=Services | Public Key Services | CN=Enrollment Services. Right click the CA in the right pane and ensure
flags is set to 10.
4) Ensure the CA is trusted, launch PKIView, right click on
Enterprise PKI and select Manage AD Containers click on the Enrollment Services Tab, the status should show as OK.
5) I then copied that Certificate to a file and ran certutil -verify on the file to check for any additional errors.
6) I then opened CertSrv.msc on the CA, right click on the name of the CA and select properties, click on the Security tab and ensure Authenticated Users have the
Request Certificates permission.
7) I then ran certutil -deleterow 3/11/2015 Cert to remove all the certs that had expired before 3/11/2015.
At this point the workstations started to get new cert's all the cert renewal errors in the client event logs stopped
8) I then went back into the NAP server and select the correct certificate fin the EAP Properties and Smart Card properties.
9) I then updated the domain 802.11X policy ensuring all the EAP properties had the correct certificate listed.
At this point computers where again connecting to the Secure WiFi through the NAP server. I hope this may help someone in the future.
Curt Winter
Certified Microsoft Professional
Curt Winter

Java with Business Objects not Working under Lion 10.7.5

I had been successfully running Business Objects under Lion 10.7.5 and Safari 6 until this week. The recent changes in Java under Apple have bitten me. I installed Java SE7 Update 9 today, but it doesn't fix the problem. I receive the error report that follows (in blue)   I've tried to get this to work under Safari and Firefox, but receive the same error in both environments. Any suggestions?
Error Report....
Java Plug-in 10.9.2.05
Using JRE version 1.7.0_09-b05 Java HotSpot(TM) 64-Bit Server VM
User home directory = /Users/TennisonBay
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "disableUnsupportedFeatureException" "write")
          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:36 6)
          at java.security.AccessController.checkPermission(AccessController.java:560)
          at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
          at java.lang.System.setProperty(System.java:781)
          at com.businessobjects.wp.tc.TCMain.<clinit>(Unknown Source)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:57)
          at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:45)
          at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
          at java.lang.Class.newInstance0(Class.java:372)
          at java.lang.Class.newInstance(Class.java:325)
          at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter$1.run(Unknown Source)
          at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:241)
          at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:721)
          at java.awt.EventQueue.access$200(EventQueue.java:103)
          at java.awt.EventQueue$3.run(EventQueue.java:682)
          at java.awt.EventQueue$3.run(EventQueue.java:680)
          at java.security.AccessController.doPrivileged(Native Method)
          at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java: 76)
          at java.awt.EventQueue.dispatchEvent(EventQueue.java:691)
          at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:24 4)
          at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:163)
          at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:15 1)
          at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:147)
          at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:139)
          at java.awt.EventDispatchThread.run(EventDispatchThread.java:97)
java.lang.ExceptionInInitializerError
          at com.jidesoft.plaf.vsnet.VsnetMetalUtils.initComponentDefaults(Unknown Source)
          at com.jidesoft.plaf.LookAndFeelFactory.a(Unknown Source)
          at com.jidesoft.plaf.LookAndFeelFactory.installJideExtension(Unknown Source)
          at com.jidesoft.plaf.LookAndFeelFactory.installJideExtension(Unknown Source)
          at com.businessobjects.wp.designer.DockManager.init(Unknown Source)
          at com.businessobjects.wp.tc.TCMain.setLookAndFeel(Unknown Source)
          at com.businessobjects.wp.tc.TCMain.globalInit(Unknown Source)
          at com.businessobjects.wp.tc.TCMain.init(Unknown Source)
          at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
          at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
          at java.lang.Thread.run(Thread.java:722)
Caused by: java.lang.ClassCastException: java.util.HashMap cannot be cast to java.awt.RenderingHints
          at com.jidesoft.swing.JideSwingUtilities.<clinit>(Unknown Source)
          ... 11 more

I have found my own solution, if only temporary, until another Java update clobbers me…
I followed the Java instructions to delete Java 7 at http://java.com/en/download/help/mac_uninstall_java.xml
Then I followed the Apple instructions to get back to Java 6 at http://support.apple.com/kb/HT5559, which involves using the Terminal application.
Then I closed Safari, and relaunched. It is now back to where it has been for the past year, working!

5800 XM "Expired Certificate" error message

For people who own a Nokia 5800 XM, the error message of "Expired Certificate" when downloading applications onto the device will be mean you cannot load on new apps, which can be frustrating.
Firstly you should try to update the firmware on your phone by 1 of 3 ways.
Using FOTA (Firmware Over The Air). Another thread of mine will explain this in detail. You can find it here.
Downloading Nokia Software Updater(NSU) and connecting your 5800 to the computer using a data cable.
Taking the handset to a Nokia Care point if you do not want to try the above 2 options.
**NOTE: Always be sure to make a back up of your personal details that are held on the phone as updating firmware will most likely delete any data left on the phone.
If you have used FOTA or NSU to update your firmware, or there is no new update available then doing the following will work and will allow you to install new applications without the expired certificate error message.
With the phone switched on, press the power button key once.
Scroll down to and select "Remove E: Memory Card".
Select Yes to remove the memory card.
Press OK and remove memory card from phone.
Press the Dialler on the main screen.
Type *#7370#
Enter security code. Default is 12345 unless it has been changed.
The phone will reset, wait for this to complete and power back on.
Select your country and type in the correct time and date.
Wait for the phone to complete its configurations, you may receive "My Nokia" or tutorial messages.
Power off phone.
Insert the memory card.
Power on the phone.
Wait for the phone to install any pre-loaded content from the memory card
Phone is ready to install applications, without "Expired Certificate" error message.
I have done the above myself and downloaded the PDF reader from the "Download" application from within the handset and it installed with no error after these steps.
I hope this helps.
My posts are my opinion and in no way the direct views of Nokia.
If my posts are helpful, please give me some KUDOS using the green star on the left.

try to sign your app(s) through Opda site.
If you want to thank someone, just click on the blue star at the bottom of their post

E61i - Expired Certificate

I bought my device 1 year ago, and installed on it several applications, like Splash ID, Profimail and other ones. Two days ago I updated the device, with update I lost everything but phone is working normally.
The problem is with all programs that I had license and now I cannot install them, always appear the message: Expired Certificate.
Yesterday I wanted to install FontMagnifier (recommended by Nokia), I donwnloaded the last version of application and I have the last firmware from Nokia, but not possible to install it.
How Can I solve the problem with certificates? It will be a problem for every software?
The applications are not so old, some of them with a few months of life.
Help, please. Thanks in advance.

Hi alesailor
Try changing date on your device back a year and see if will now install, then change date back afterwards. It is irritating when software developers don't renew the Symbian license.
Happy to have helped forum in a small way with a Support Ratio = 37.0

Applet work with JRE 7_51 but NOT with JRE 7_45

Hello,
My major problem is, that my Applet signed with COMODO certificate DOES NOT WORK with JRE 7_45.
The SAME applet works fine with JRE 7_45, if I sign this applet WITH A SELFMADE UNTRUSTED certificate.
WHY the comodo signed applet doesn't run in JRE 7_45 ???
If i launch the comodo signed applet with JRE 7_51 it works perfect !!!
But in our company we got JRE 7_45 and I have to deal with JRE 7_45. That’s my problem.
Could you please tell me a solution what I have to do that the comodo signed applet works also in JRE 7_45.
Thank you!
Philipp

Thanks gimbal2.
I agree the problem may be in the proxy or in the firewall but I don' to know how to prove it as if i call the servlet url from browser I dont have problems .
The version im using is 6.45 but im sure the same problem occurs also with other versions of JRE6 .
... and the problem disappear with JRE7 ...
trouble is my company want people to use JRE6
any idea ?
Gio

KeyStore/ Certificates stored by the JRE Runtime

Hi!
I use this code
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream("test.p12", "password".toCharArray());
to load a certificate for signing a PDF with the help of iText. The code works fine.
The same certificate was imported via Java Control Panel (Tab Certificates) into the JRE/System.
Can I access the certificates stored in the JRE/System for signing, instead of loading the certificate directly?
The Java API for Keystore says:
Before a keystore can be accessed, it must be LOADED.
and LOADED ist linked to the method ks.load()
There is not hint for accessing the JRE certificates.
Peter

if you have a support or CSI then you can log a bug against them for oracle to support you..
Or you can wait for some product manager here to respond to this and they will take it forward from there to resolve the issue by creating internal SR or bug for you.

I have made the ssl certificates not work

I was notified by my customer that the certificate was due to expire, and at that I started windows SBS console (advanced Mode), and under Network -> connectivity, I selected manage certificates. I tried to renew, but since they had expired, I
was unable to renew. I then tried to request new certificate with the same key. Now I am unable to access RWW since "There is a problem with this website's security certificate", and the selection of continue to this website only allows
you to close this web page.
I have been able to look at the certificate using firefox, and it shows that it was issued to the correct CN but it says that it doesn't recognize the issuer (self issued).   Is it possible that the key has changed, and the public key installer
may not have been updated? If so, how do I update that?
Thank you
Pat

This is a self signed certificate. It does not appear that it is expired
Certificates (Local Computer) ->personal ->certificates
mail.sbm-law.com
Tosalawyers-SBMKSERVER-CA    4/28/2016
Server Authentication
Web Server
remote.sbm-law.com
Tosalawyers-SBMKSERVER-CA    4/29/2016
Server Authentication
Web Server
remote.sbm-law.com
Tosalawyers-SBMKSERVER-CA    4/29/2016
Server Authentication
Web Server
SBMKSERVER.tosalawyers.local Tosalawyers-SBMKSERVER-CA
4/28/2015
Client Authentication
Domain Controller
SBMKSERVER.tosalawyers.local Tosalawyers-SBMKSERVER-CA
4/28/2015
Client Authentication
Domain Controller
SBMKSERVER.tosalawyers.local Tosalawyers-SBMKSERVER-CA
4/28/2015
Client Authentication
Domain Controller
Sbm-law.com/remote
Tosalawyers-SBMKSERVER-CA    4/28/2015
Server Authentication
Web Server
Sites
Tosalawyers-SBMKSERVER-CA    11/25/2012 Server Authentication
Web Server
Sites
Tosalawyers-SBMKSERVER-CA    4/29/2016
Server Authentication
Web Server
Tosalawyers-SBMKSERVER-CA
Tosalawyers-SBMKSERVER-CA    11/26/2015
<All>
Tosalawyers-SBMKSERVER-CA
Tosalawyers-SBMKSERVER-CA    4/28/2019
<All>
WMSvc-WIN-FLBUWELKL17
WMSvc-WIN-FLBUWELKL17      11/19/2020
Server Authentication
The above was taken from the manage certificates and showed friendly name containing blank or none, and with nothing in status.
Thank you
Pat

How do I get certificate authentication working across multiple domains?

Hi,
I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
To test, I've set up two domains, with the admin users in one and the normal users in the other.
I've set up two certificate mapping rules (both for the same CA), one for each domain.
However LC will only authenticate users who are matched using the first certificate mapping rule.
Has anyone else seen/tried this? Have I missed something obvious?
For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
Thanks
Craig
Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
2010-05-11 11:23:41,331 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,835 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
SEVERE: Unexpected exception in Rest Call
com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
at $Proxy179.doRequiresNew(Unknown Source)
at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
a
2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)

Craig,
The certificate mapping works in the following manner,
First the User's certificate is validated.
If the certificate is valid, the related Certificate mapping information is fetched.
From the Certificate Mapping information, the domain is determined.
Following this, the user is searched in the domain and checked for it's current/deleted status.
If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
1. Please check if the concerned user exists in the domain registered in the second cert mapping.
2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

Another Expired Certificate Error Thread

I've searched all over, and apologize in advance if there is already an answer for this.
I'm using the Symbian Belle OS and am running into the old problem of expired certificate errors when trying to install certain apps. The solution to this was to change the date on the phone so it coincides with that of the application you're trying to install. But that solution is no longer working.
Does anyone know of a workaround?

I did every year all the way back to 2000 but no luck
I also tried sites that will convert the .sis file into one with a valid certificate, but that fails as well. When going down that road it just tells me the certificate is not valid or that the author cannot be verified (instead of expired).

Datecombo won't work under JRE1.5.0_06

Hi,
I am working on converting Java code from JRE 1.4.2 to 1.5.0_06.
Our application works fine under JRE1.4.2, but not JRE1.5.0_06.
I am having a problem to load an applet with DateComboBox widget. It is working under eclipse with JRE1.5.0_05. Once it is loaded to IE 6.0 Browser, the Mouse events are disable inside browser.
I have checked setups for Java security and setups for Java under Browser. It looks fine. Also, the same code works fine for JRE1.4.2.
Thanks for your help,
Shaw

Hi,
I am working on converting Java code from JRE 1.4.2 to 1.5.0_06.
Our application works fine under JRE1.4.2, but not JRE1.5.0_06.
I am having a problem to load an applet with DateComboBox widget. It is working under eclipse with JRE1.5.0_05. Once it is loaded to IE 6.0 Browser, the Mouse events are disable inside browser.
I have checked setups for Java security and setups for Java under Browser. It looks fine. Also, the same code works fine for JRE1.4.2.
Thanks for your help,
Shaw

Expired certificate unexpectedly works under JRE 1.4.2_06+

Similar Messages

Maybe you are looking for