Expired encryption and Trust certificates

Similar Messages

• File to SOAP (Synchronous) with certificates Encryption and Descryption

  Hi,
  Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
  Thanks,
  Naidu.

  For file to soap sync scenario without using BPM, you need to use the following adapter modules.
  http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
  For applying certificates, you need to configure SSL on java stack.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
  Regards,
  Prateek

• Import and trust a self-signed CA certificate from the Terminal

  Hello there,
  i have a problem: I would like to import and trust a self-signed CA(root) certificate from the Terminal to the System.keychain.
  My request is to create a installation script to install the Cisco AnyConnect VPN Client and the needed certificates.
  For the import i have used the following command:
      sudo security import certificate.cer -k "/Library/Keychain/System.keychain" -A
      The Option "-A" says:
  Allow any application to access the imported key without warning (insecure, not recommended!) <- From the Mac Developer Library
  The command reportet: 1 certificate is importet ... but ... the certificate is not trusted.
  What do i need to do to set this certificate as trustworthy at the terminal?
  Thanks for your help and best regards
  Benjamin
  P.S. The command: sudo security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” “/private/tmp/certs/certname.cer” doen't run, i get an error message. Found on http://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates -to-system-keychain/

  Hello Linc Davis,
  thanks for your answer and sorry for my mistake, because i had already changed the last argument but for this discussion i had only copy this example.
  But your answer show me the right way, big thanks.
  I had entred the following command (see the last argument):
       sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "~/Downloads/mycert.cer"
  ... and i get the following message:
      ***Error reading file ~/Downloads/mycert.cer
       Error reading file ~/Downloads/mycert.cer
  Today i changed the last argument to:
       /Users/User/Downloads/mycert.cer
  and its run.
  Many thanks!
  Benjamin

• GPO For Outlook Certificates Used For Encryption and Digital Signatures?

  How can we configure a group policy to distribute certificates to Outlook 2010 users so they can digitally sign and encrypt messages without requiring much effort on their end?
  The users will become confused and make mistakes if we ask them to follow instructions on how to download and import certificates into Outlook 2010 manually.  Can we automate this with Group Policy?

  Would a certificate "autoenrollment" GPO work for these types of certificates?
  Yes. Here's a good guide. The user will still need to choose to sign, or encrypt, unless you want to enforce that in some way. If you are sending signed or encrypted email outside of your AD, you will need to solve how the recipients will get your root cert,
  etc.
  http://davidmtechblog.blogspot.com.au/2013/06/exchange-2010-security-smime-part-1.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-2.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-3.html
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Trusted certificate expired when starting cluster domain

            I follow the instructions in doc to create one cluster domain with 2 managed servers,
            one proxyServer, then I found out the trusted certificate error, is that I must
            get the trusted certificate from BEA? I use the weblogic server 8.1 downloadable
            from bea site.
            

  Hi,
  Verify that the correct trusted CA certificate and keystore are being used.
  http://e-docs.bea.com/wls/docs81/messages/Security.html#BEA-090088
  Regards,
  Prasanna Yalam

• PDF Certificates and Trust Levels

  Using Adobe Pro 9 9.2.0.  As a developer, this is my first experience with PDF.  The requirement is to harvest data from fillable PDF in XFDF format for parsing and input to a database, and save the filled PDF to a server.  I am aware of the JavaScript API to export data in various formats.  I am also aware of the app.trustedFunction and its use to perform non-privileged functions, like exporting and saveas functions.  When I run the export/save script using the trustedFunction wrapper I still get a NotAllowedError.  I rem'ed out the body of the function and found the error is occurring with the trustedFunction itself.  Checking the security settings under the Advanced menu, Certificate Details, under my user ID (corporate environment), and Trust tab, I find the Trust Settings entries are red X'd out and that the certificate is not trusted..  The fillable forms we use are obtained from a government agency (FAA).  My questions:  Can the trust level of a document be altered once created?  How are certificates involved in the process and/or can new ones be created or attached to a document? 

  I'd want a correct, current and valid certificate chain (and would likely set up a private CA, as is my wont), as bad certs can block some sorts of secure network access until either corrected or overridden, and as training the end-users to always "yeah, whatever" with certificate security can potentially lead to... well, other issues.
  The software update server will certainly download new and updated changes, but shouldn't need to re-download everything.  Disk images will need to be updated.
  I'd verify proper local DNS services and correct certs as part of the initial validation of the configuration, yes.
  That's entirely your call.  Won't really help with the disk images, and will require a re-download of updates.

• HT5012 Update correct trust certificates. How? iPhone iPad and MacBook Pro?

  All three of my devices have certificates that are self signed and listed as untrusted. How can I see if I am using the proper trust certificates? Can I erase them and download apple trusted certificates?
  Thanks for any help
  Scott

  All three of my devices have certificates that are self signed and listed as untrusted. How can I see if I am using the proper trust certificates? Can I erase them and download apple trusted certificates?
  Thanks for any help
  Scott

• Trust Certificate expiration Notification from RTMT

  Hello,
  I am getting Certificate expiration Notification from RTMT (Trust Certificates)
  Below are the Notification:
  Certificate name:CAPF-4a2e3437 Unit:CallManager-trust Type:trust-cert Expiration:Mon Jul 5 01:02:20:000 IST 2010
  Certificate name:CAPF-4a2e3437 Unit:CAPF-trust Type:trust-cert Expiration:Mon Jul 5 01:02:20:000 IST 2010
  Let me know how to regeneate Trust Certificate or do i need to conatct cisco for this.
  Attched the alert .
  Thanks,
  Shaijal Allipra

  Hello,
  Can any one help me on this ?Attched few more details.
  Thanks,
  Shaijal Allipra

• Sun.security.validator.ValidatorException: No trusted certificate found

  Hello,
  I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
  I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
  -Djavax.net.ssl.trustStore=/Path-to-file  -Djavax.net.ssl.trustStorePassword=password     On my development environment I can call the Web Service correctly.
  Although, on the production environment, I am getting the following exception:
  javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy171.send(Unknown Source)
       at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
       at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
       at java.lang.Thread.run(Thread.java:619)
  Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
       ... 6 more
  Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  333)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
       ... 9 more
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
  d certificate found
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
  nnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
  0)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  275)
       ... 14 more
  Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  09)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  49)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more     Both systems are configured with the same JBoss, JVM, ...
  The certificate details are:
  Owner=
    CN=*...., OU=..., O=..., L=..., ST=..., C=PT
  Issuer=
    CN=..., O=..., C=PT
  Version=3
  Serial Number=BC81A81843E26C2597CD10354588F61E
  Valid From=Monday, 3 March 2008 18:50
  Valid Until=Tuesday, 3 March 2009 18:50
  Signature Algorithm=SHA1withRSA
  Fingerprints=
      MD5:     0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
      SHA1:    35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
  Key Usage= critical
      List:
      . digitalSignature
      . keyEncipherment
      . dataEncipherment
      . keyAgreement
  Extended Key Usage= none
       On production I have also tried adding the following properties:
  -Djavax.net.ssl.keyStore=/Path-to-file  -Djavax.net.ssl.keyStorePassword=password     But I still get the error.
  Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
  Any help would really be welcome.
  Thanks in advance.
  Best regards,
  Victor Batista

  Hi,
  Thanks for your prompt reply.
  I have also tried to add all the chain of certificates on my truststore, although I get the exception:
  Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 moreAnd all the certificates are valid.
  I really don't understand what is going on.
  Can I Ignore expired certificates? Any property?
  When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
  Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
  The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
  Thanks in advance,
  Victor

• Files encrypted and digital signed with cFolders

  Dear all,
  Currently I'm involved on a PPS project with cFolders. This project has legal requirements that consist in implementing encryption and digital signature in files which will be uploaded to cFolders. I've been searching on SAP Help, SDN and Service Marketplace about APIs to work with cFolders with encryption and digital signatures, but I didn't find related documents. It seems there is no documentation regarding such scenarios...
  Anyone has experience in cFolders with files encrypted and digital signed?
  Thanks in advance & regards,
  Ricardo.

  Hi Federico
  If I understood your solution you are signing your documents in a Webservice provided from a CA. For that youu2019ve created an RFC dest type G over ssl (https) and used the class CL_HTTP_CLIENT. So your requirement is only to sign documents, right?
  Well my scenario seems a little bit different as Iu2019ve to encrypt the file and also sign it. The signature is done on useru2019s laptop trough a smartcard (hardware device connected via USB that reads the chip the certificate assigned to our identity card) and cannot be signed from other entity than the user itself.
  Did you explore the PGP alternative? cFolders supports this kind of files (*.pgp). The PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt files, e-mails, etc.
  Today I installed a trial version of a PGP tool. I tested the encryption/signature with files on my desktop and it works fine. I tested a Public Key scenario where the owner publishes his PK in cFolders and the requester gets this PK in cFolders as well. The requester now can encrypt documents and upload them to cFolders with the public key provided by the owner; the owner itself has the private key to open the encrypted file (extension .pgp) after upload. But over the encrypted file the requester must sign it with his private key (another certificate) provided by a CA and here starts the second challenge...
  In cFolders after the file upload the system should gets the requester digital signature and sends it to CA for validation, only after that we know if the requester is a trusted partner or not. To do this we are thinking to use a Webservice provided by the CA, however I don't know how to extract/get the signature in the file encrypted/signed from PGP and uploaded to cFolders.
  Do you have any idea?
  Thanks & regards,
  Ricardo.

• No trusted certificate found error while running a webservice

  Hi,
  I created a stub to a webservice and then tried to invoke the webservice using a simple java class
  in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
  SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
       at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
  Kindly have a solution for what to be done on this.
  Thanks,
  Ramesh.R
  Edited by: Ramesh_R on Jan 20, 2010 10:28 AM

  have to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
  Edited by: Ramesh_R on 16-Jan-2011 02:40

• Howto use SSL-2 (https) and .pfx certificate in SOAP cc - padding error!

  I'm working on a rfc to soap scenario in PI 7.1, and I must connect PI to some external web services through https.
  We must use a two-sided SSL connection (SSL-2), we received a .pfx certificate to achieve this.
  SAP Basis installed the certificate in the (java)nwa. In the SOAP communication channel i can choose the installed ceritifcate when i set the 'Configure Certificate Authentication'. Tried this, got the "error: iaik.security.ssl.SSLException: Padding length error: 106"
  Other option tried is to set the 'Select security profile'and choose Web Services Security. Then in the receiver agreement i can set the certificate for the encryption and/or decryption. Various scenario's tried, not succesful. We've seen that the pfx certificate contains two certificates (private and public one). But in the receiver agreement there is no choice between those two, we can only select the .pfx
  We also added a user with transaction EXTID_DN. Still got the same error.
  Does somebody have a suggestion what to do?  Must we split the .pfx certificate in two separate files/certificates?  Do we use the incorrect DN/CN in the EXTID_DN?

  Hi,
  What is your requirement ? The "2-sides" concept of SSL, what is it exactly ? Or does it simply mean that you're going to connect to a SSL target providing a SSL client certificate ?
  Usually, you import the SSL target's CA chain (ie Verisign CAs, etc) into the NWA key store, provide the CA chain for your own SSL client cerificate to the target and configure channels accordingly
  Rgds
  Chris

• Weblogic Start script fails while Loading trusted certificates from jks

  Hi,
  I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
  When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
  I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
  http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
  Please let me know if you have any suggestions.
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
  So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
  Please let me know if you need any further details.

  Firstly,
  938767 wrote:
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
  But the following looks suspicious, I guess 7022 is your SSL port...
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
  Cheers,
  Vlad
  Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points.

• How can I check the expiration date of a Certificate Keychain from terminal?

  Hello, I am writing a bash script to alert me when my corporate certificates are about to expire. How can I check the expiration date of a certificate in keychain? I'm running Mac OS 10.6.8 on a newer MacBook pro with full admin rights.
  Specifically I will be checking three certs: a Root Authority, Issuing Authority, and a user cert (Identity).
  I was exploring the Security and Openssl command line tools. But I can't seem to get the info I need.
  Any recommendations would be appreciated.
  Thank you!

  Anyone?

• Trusted certificates from your previous version of Adobe Reader were found.

  After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found.  Would you like to import them."  I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default"  I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences.  This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.

  I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
  However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
  Better to just turn off the feature with the supported preference.
  Ben