FTPS error: Peer Certificate Rejected by Chain Verifier
Hi,
This scenario is a File to File - Outbound Async Interface. Receiver is configured FTPS with mostly the default parameters.
However FTPS again haunted us with "Peer Certificate Rejected by Chain Verifier " error. We have configured one communication channel with FTPS and tested in DEV, QA clients and moved to production. The weird behavior is it works only certain time. Overall it works 50% of time ok and 50% of time failed with the above error.
We kept opened all ports on the firewall for outgoing messages.
We cannot understand the dual behavior. Appreciate any help to resolve this issue.
Dharmasiri Amith
Hi Amith,
The main reasons for this error follows:
1. The correct server certificate could not be present in the TrustedCA
keystore view of NWA. Please ensure you have done all the steps
described in these two URLs:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for
it (that was the cause for other customers as well) and if it's the case
renew it or extend the validation.
3. Some other customers have reported similar problem and mainly the
problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate
is A which is issued by an intermediate CA B and then B's certificate is
issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to
have the right order of certificate in the chain. If the order is B
first followed by A followed by C, then the IAIK library used by PI
cannot verify the server as trusted. Please generate the certificate in
the right order and then import this certificate in the TrustedCA
keystore view and try again. Please take this third steps as the
principal one.
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has
to have certificate with CN equal to the requested site. I mean if I
request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in
the ftp request. This can be the IP address or the full name of the
host.
Request the url with the IP of the SSL Server and the certificate to be
with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio Cagnani
Similar Messages
-
Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected
Hi,
I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
When i test for digital signing and encryption using soap receiver CC
we passed all the values for soap CC
Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
When i test i get the error message
I check certificates validity dates
I restarted java engine and ICM
I added the public key in trusted CA in NWA
I re created the view and added the certifcates
still the same error
how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
any suggestions?Hi,
The main causes for this kind of problem are:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio Cagnani -
SAP PI 7.3 Peer certificate rejected by ChainVerifier
Hi
We upgraded the PI systems(Dev and Quality) from 7.0 to v7.3 Before the upgrade https scenario was working fine. Important thing is we were not using any certificates to transfer files to our vendor. All the SOAP receiver adapter with HTTPS url is working fine in production. The production is still with PI 7.0
After basis upgrade the PI system to v7.3 when I send a messaage to the below url with SOAP receiver adapter i see the below error. This is not a webservice interface.
https://staging.napa-ibiz.com/..........
The error is:
SOAP: error occured: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Delivering the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.
The strange part is, after the upgrade it is working fine with one vendor. The SOAP receiver adapter configuration is no different from other scenerios.
We even restarted the JAVA engine still no luck.
I didn't get answer for my below questions:
1. When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
2. If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration.
3. Why only after the upgrade i see this error?
Can you please throw some lights on this?
Thanks,>When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
The URL shows that you are using https transport communication. So you might be sharing the certificate or anonymous ssl with different vendors. PLease go to STRUST and see whether you have certificates in the keystore for the different vendors. As you production environment behaves different from pre production in terms of security.
>If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration
You might share certificate correctly for one vendor and keystore might not have for the other vendors. This is nothing related to soap receiver channel configuration. Certificates can be maintained either java stack level or abap stack.
>Why only after the upgrade i see this error?
PI 7.1 and above are 64 bit OS products. There are plenty of changes in the installation and security standards. Talk to BASIS, -
FTP error: Receiver Communication Channel
Hello Experts,
I am getting the following FTP error in my Receiver Communication Channel.
Error occurred while connecting to FTP server: Peer certificate rejected by ChainVerifier
Please suggest.
Thanks,
AnupHi Anup,
Problem is with FTPS and not FTP.The SSL handshake needs to confirm that the FTPS client is using the FTPS server's DNS name to access the FTP service since only the DNS name of the FTPS server is stored in the certificate signed by the trusted CA (e.g. VeriSign). it's the way the Certification Authorities works.
If you are using any IP address then try with your host name.
Regards,
Madan -
** SOAP - Receiver CC - Sync - Error - certificate rejected by ChainVerifie
Hi Friends,
In our interface BPM - SOAP call (Sync), in the receiver SOAP CC, we are getting the below error.
SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
In the SOAP CC, we use HTTP protocol. In the target URL, it starts with https://...... and soapAction is mentioned.
Previously, this channel was working fine. No issues.
For testing, I copied and pasted the target URL in Internet Explorere, it did not ask any certificate, I am able to execute the wsdl. i.e call the soapAction - sent the request and got the response.
Friends, could you tell me why the above error is coming now ?
Kind regards,
Jegathees P.Hi,
https service is running?
Check: SMICM -> Services
Also check with the named SAP note inside.
Cheers,
André
Edited by: André Schillack on Apr 28, 2010 5:37 PM -
Error PI 7.31 RFC-SOAP Certificate Rejected
Hi Experts,
I'm facing an error last days.
The scenario is, an interface was working fine in DEV, but in QAS stopped.
DEV and QAS has the same configuration, same endpoint, user, etc....
In QAS the error in PI 7.31 was:
com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
So, I saw the certificate and it was expired. The server updated the certified.
And now DEV and QAS stopped working, and both return the message above in PI.
The certificate is a auto-signed, and according to the documentation there was no certificate installation in development.
The communication is an RFC to SOAP synchronous.
Using Proxy, and authentication.
The communication channel was not changed, and they don't have certificate authentication.
I requested de basis team to install the certificate in NWA, but the view does not appeard in the configuration in PI.
So... any idea what's my problem?
Thanks.Hi,
Thanks all for the answers.
I already requested the installation of certificate, but they don't appear in configuration of channel communication on PI:
the certificate installed:
Any Ideia? -
File Adapter FTP SSL SSL Certificate Exception
After reviewing the results of searching on this error, I do not find anything that fits my situation:
SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
I am not using X.509 certificate for client authentication.
My connection is using a non-public certificate.
I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
I am getting the following error:
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
Any recommendations?Hi,
The main reasons for this error are:
1. The correct server certificate could not be present in the TrustedCA
keystore view of NWA. Please ensure you have done all the steps
described in these two URLs:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for
it (that was the cause for other customers as well) and if it's the case
renew it or extend the validation.
3. Some other people have reported similar problem and mainly the
problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate
is A which is issued by an intermediate CA B and then B's certificate is
issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to
have the right order of certificate in the chain. If the order is B
first followed by A followed by C, then the IAIK library used by PI
cannot verify the server as trusted. Please generate the certificate in
the right order and then import this certificate in the TrustedCA
keystore view and try again. Please take this third steps as the
principal one.
Hope it solves your querie.
Regards,
Caio Cagnani -
ELM send SOAP distributor - SSLCertificateException: certificate rejected
Hi,
I try to configure the Swiss income tax scenario ELM via our PI 7.11. The sending step produces the failure: SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVeri-fier
Usually I have to install the certificates from the https page, but I have already installed the them (from the https side of the distributor: https://distributor.swissdec.ch/services/elm-pucs-puns/SalaryDeclaration/20051002 ). I still get this error.
Is anybody else using transferring the ELM via PI and facing the same problem?
Thanks a lot,
ThomasHello,
The main reasons for why you are receiving this error can be checked below:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in these two URLs:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bb487e28674be10000000a421937/frameset.htm
2. The server certificate chain contains expired certificate. Check for it (that was the cause for other customers as well) and if it's the case renew it or extend the validation.
3. Some other customers have reported similar problem and mainly the problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Please generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again. Please take this third steps as the principal one.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period. (This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Hope that is useful for your case too!
Regards,
Caio Cagnani -
Client Certificate Rejected, repeatedly +with great vigor
Hi all --
Perhaps you can give me a hand. I recently got a new Macbook Pro -- my first new CPU since the ole' clamshell back in 2001. Very happy with it as a whole but also finding that I am a bit behind the times in terms of my understanding of the software. Here is the problem: Yesterday I tried to access a page using Safari (2.0.3) from my history. I do not believe that it was a secure page as it was part of the dartmouth.edu website but it may have been. Anyway, a dialouge box popped up asking for my to use FileVaultMaster keychain. I did not know that I had such a thing but I typed in my master password. The page still did not open, but Safari displayed a text box saying that there was an error -- this particular error, in fact:
<begin quote>
The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message
<end of quote>
Now, when I try to access the basic Dartmouth homepage of http://www.dartmouth.edu, Safari converts it automatically to https://www.dartmouth.edu and asks for the keychain and then displays the error. I tried emptying the cache and resetting Safari (and even restarting the computer, although I understand that that is no longer necessairy with OS X) but to no avail. Can anyone clue me as to what is happening, and why?
Thanks much in advance,
-Sparco03
MacBook Pro Mac OS X (10.4.5)I emailed [email protected] about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.
"You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."
"Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."
"The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server." -
2-way SSL when WL7 is client; get "Required peer certificates not supplied by peer"
Background: WL7 is properly configured to use 2-way SSL, and works fine whenever
its acting as the Server; i.e., I have 2-way SSL working between a Web Browser
and WL7, or between Tomcat and WL7. However, when trying to get 2-way SSL (mutual
authentication) working between a WL7 server acting as a client and another server
such as Tomcat, acting as the server, I get a "Required peer certificates not
supplied by peer" error. The initial ServerHello handshake is fine; the problem
arises when the Tomcat server, for example, then requests WL7 to serve up its
client certificate. It's as if WL7 does not know where to locate its "client"
certificate.
I had the same problem with Tomcat initially, where it would also not know how
to locate its "client" certificte. I resolved the problem by setting the following
system properties:
javax.net.ssl.keyStore=...
javax.net.ssl.keyStorePassword=...
javax.net.ssl.trustStore=...
javax.net.ssl.trustStorePassword=...
Are their analogous system properties I need to set on the WL7 side of things,
as I noticed that WL7 seems to use its own proprietary version of JSSE API's?
How do I configure WL7 to locate its "client" certificate?
Thanks! Your help is greatly appreciated.
-DanWeblogic uses Certicom SSL implementation which has classes that conflict with
JSSE classes. As a result opening SSL connection from WLS over JSSE or API like
SOAPConnection that uses JSSE does not work as expected. The javax.net.ssl properties
are not supported and there is no replacement for the default identity keystore
property.
The best workaround I can think of in this case is to pass as the second parameter
to SOAPConnection.call() method a URL instance created with a custom URLStreamHandler
extending the weblogic.net.http.Handler. This handler can override the Handler.openConnection(URL)
method and use the HttpsURLConnection.loadLocalIdentity method to initialize identity
of the returned connection. For example:
public class MyHandler extends weblogic.net.http.Handler {
protected URLConnection openConnection(URL u) throws IOException {
URLConnection c = super.openConnection();
if (c instanceof weblogic.net.http.HttpsURLConnection) {
// initialize ssl identity
((weblogic.net.http.HttpsURLConnection) c).loadLocalIdentity(certChain,
privateKey);
return c;
URL someHTTPSUrlEndpoint = new URL("https", "localhost", 7002, "myfile", new MyHandler());
replyMessage = con.call(someSOAPMessageInstance, someHTTPSUrlEndpoint);
Pavel.
"ddumitru" <[email protected]> wrote:
>
Thanks, Pavel, for replying,
I've been reading and re-reading that page for quite a while now. Unfortunately,
the examples given are for when WL7 is acting as the "server" and not
the "client";
i.e., when some other server, such as Tomcat, WebSphere, or Oracle 9IAS,
reaches
out to the WL7 instance first, or when one WL7 instance talks to another
WL7 instance
via JNDI.
In my case, my WL7 instance needs to initiate a Web Service call; i.e.,
needs
to reach out to another server via a SAAJ (SOAP with Attachments) API
call. My
sending servlet uses the SAAJ (SOAP with attachments) API to make a Web
Service
call to another server, as follows:
SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance();
SOAPConnection con = scf.createConnection();
SOAPMessage replyMessage = con.call( someSOAPMessageInstance, someHTTPSUrlEndpoint
With the SAAJ API, as illustrated above, I don't see a direct way of
configuring
(using URLConnection, SSLContext, SSLSocketFactory, etc.) the SSL connection
prior
to making a call, as suggested in the link you mentioned. Also, the
receiving
server may implement its Web Services using a non-BEA application server
that
may not even use the J2EE platorm. As such, I don't believe I can use
the JNDI
solution provided in that same link.
Again, I was able to make 2-way SSL (Mutual Authentication) connections
between
Tomcat and WL7 instances using the SAAJ API's when Tomcat was the client
initiating
the SAAJ call. In this scenario, Tomcat requested WL7 for its certificate,
WL7
served it up, and Tomcat then verified it. Then, in turn, WL7 asked
Tomcat for
its certificate, Tomcat presented it, and WL7 was able to verify Tomcat's
certificate.
I suppose I was able to make it all work under this scenario because
I was able
to configure Tomcat, which is using native JSSE API's, to locate its
"client"
certificate by setting the following system properties, as mentioned
previously:
javax.net.ssl.keyStore=...
javax.net.ssl.keyStorePassword=...
javax.net.ssl.trustStore=...
javax.net.ssl.trustStorePassword=...
Based upon your feedback, I now understand that WL7 cannot be configured
in a
similar manner because WL7 uses its own version of the JSSE API's. Any
ideas
on what I might try next?
Thanks!
-Dan
"Pavel" <[email protected]> wrote:
WLS SSL API does not support any system properties for SSL identity.
The client's
identity has to be configured via methods of SSL API. The trust configuration
of SSL client running on WL server and using WLS SSL API will be the
same as of
the WL server.
See http://e-docs.bea.com/wls/docs70/security/SSL_client.html#1019570
for more information on this. "Writing Applications that Use SSL" contains
code
examples that use different SSL APIs to connect over two-way SSL.
Pavel.
"ddumitru" <[email protected]> wrote:
Background: WL7 is properly configured to use 2-way SSL, and worksfine
whenever
its acting as the Server; i.e., I have 2-way SSL working between a
Web
Browser
and WL7, or between Tomcat and WL7. However, when trying to get 2-way
SSL (mutual
authentication) working between a WL7 server acting as a client andanother
server
such as Tomcat, acting as the server, I get a "Required peer certificates
not
supplied by peer" error. The initial ServerHello handshake is fine;
the problem
arises when the Tomcat server, for example, then requests WL7 to serve
up its
client certificate. It's as if WL7 does not know where to locate its
"client"
certificate.
I had the same problem with Tomcat initially, where it would also not
know how
to locate its "client" certificte. I resolved the problem by setting
the following
system properties:
javax.net.ssl.keyStore=...
javax.net.ssl.keyStorePassword=...
javax.net.ssl.trustStore=...
javax.net.ssl.trustStorePassword=...
Are their analogous system properties I need to set on the WL7 sideof
things,
as I noticed that WL7 seems to use its own proprietary version of JSSE
API's?
How do I configure WL7 to locate its "client" certificate?
Thanks! Your help is greatly appreciated.
-Dan -
Error: Helo command rejected: need fully-qualified hostname
Im trying to setup a SL Server as mail server for internal and external use (company.lan and company.net).
When I try to send to the internal (company.lan) I get the following error:
Helo command rejected: need fully-qualified hostname.
Here is my postconf -n output
I guess the error is in the line with the bold letters. How can I change it and should I?
Thanks
Kostas
Last login: Mon Nov 16 23:42:18 on console
server:~ admin$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
header_checks = pcre:/etc/postfix/customheaderchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 10485760
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = COMPANY.lan
mydomain_fallback = localhost
myhostname = server.COMPANY.lan
mynetworks = 127.0.0.0/8,192.168.16.0
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
smtpdenforcetls = no
smtpdhelorequired = yes
*smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname*
smtpdpw_server_securityoptions = cram-md5
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
smtpdtlsCAfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c hain.pem
smtpdtls_certfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c ert.pem
smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpdtls_keyfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.k ey.pem
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550
virtualaliasdomains = $virtualaliasmaps hash:/etc/postfix/virtual_domains
virtualaliasmaps = hash:/etc/postfix/virtual_users
server:~ admin$Παρακαλώ (you are welcome) Kostas,
If mail is for internal use only, you can keep the .lan address as long as you authenticate to send.
If you need to send to external addresses, then make sure you use a valid e-mail address or your mails will be rejected by other mail servers.
HTH,
Alex -
When I saw this, I clicked on “Check Browser Capability” and I got this result, showing several identical red flags: “• 47 Extra Whitespace in List Links Bug (If a link with display: block and no explicit dimensions is inside a list item, any spaces or linebreaks that follow the list item in the code will cause extra whitespace to appear in the browser. Affects: Internet Explorer 6.0. Likelihood: Very Likely.”
I should add that no adjustments were made to the site before it stopped working. Is there a bad code that might have gone in during an automatic update?It's pretty unlikely that a code issue (what that check compatibility is looking at) would cause your FTP to stop functioning. That compatibility tester is essentially outdated junk anyway. The 6 people left on the planet that still use IE6 won't mind if your site doesn't look right, nothing does to them.
It's not unusual for certain hosting companies, GoDaddy is a good example, to simply lose your FTP credentials after a server update, which would cause the FTP error you are seeing.
Check with your hosting company and verify your FTP settings are correct. -
FTP Error when trying to "put" a file to my web site
When I try to put some files to my web site, I get an error message:"FTP Error occurred - cannot put <filename>. Access denied. The file may not exist, or there could be a permission problem."
Other files I can upload without a problem. All are .htm files.
I have also found that I can "put" a file if I have not edited it. After I edit and save it and try to put it, I get the FTP error.
Some files I can upload even if I have just edited them.
I have found a "work around". If I edit and then "save as" with a new name, I can put the new file to the web, rename it and it works fine.
The work around is a hassle but it works.It most definitely sounds like a server permissions issue.
If you want to verify before rattling the code mokey cages at your hosting company, download another FTP application, like the Filezilla client (not from the Sourceforge link), and test it.
If you have to do the same thing in FZ, or any other client, your hosting company will need to give you the correct permissions so you have the proper access to develop your site.
I'm 99% sure this has nothing to do with DW in and of itself. -
Why do I get FTP error messages uploading pages made with DW templates?
In selecting FTP access to my host, I've encountered FTP error messages on a Web site uploads that I have used templates to build pages while uploading another Web site not made with templates I have no problem uploading elements using FTP access. Can anyone help me figure out why. I'm on a MacBook Pro using DW CS4 with OS Mavericks. Thanks for your help.
Templates shouldn't make any difference what-so-ever, the output file is still just html whether you use templates or not.
Are both sites with the same hosting company? On the exact same server?
It's much more likely that you have some setting goofed than anything to do with the actual pages.
Check things like Use Passive FTP and Use FTP Performance Optimization (toggle the check boxes) under the More Options section of the Basic tab in your Site Settings.
Also verify all of your site credentials are correct. A missing or incomplete server Root Directory would be a good reason uploading fails. -
Dreamweaver CS on Vista Pro, everything has worked fine for
the last 5 months I have been able to ftp to all my sites. Then
last week I started getting the following when I tried to connect
to my sites:
quote:
Operation timed out...canceled...An FTP error occurred -
cannot make connection to host. No response from the server. This
may be due to one or more of the following reasons:
- Accessing the server requires firewall settings that aren't
properly set. Please verify that the firewall settings in the Site
category of the Preferences dialog box are properly set, and that
the Use Firewall option in the Site definition dialog box is
selected.
- The server may be accepting only passive mode or only
active mode. Toggling the "Use Passive FTP" checkbox may help you
establish a connection.
I'VE TRIED
THIS A FEW TIMES
- If you are connecting to an IPv6 enabled server, please
select "Use IPv6 transfer mode" checkbox in the Advanced site
definition dialog. THIS IS NOT THE CASE AS CONFIRMED BY THE HOST.
- Your local firewall may be blocking the incoming FTP data.
Please disable it to see if it makes a difference. THIS HAS BEEN
TESTED A FEW TIME WITH NO LUCK.
- It is possible your FTP may be using a non-standard FTP
port (21). If you need to specify a non-standard port, enter the
port number after host name separated by a colon":". THIS IS NOT
THE CASE AS CONFIRMED BY THE HOST.
I have no problem connecting using CuteFTP and using the
exact same settings as used in Dreamweaver. Also weird is the fact
I would connect to a site, and then come back latter that day and
could no longer reconnect. It was like I was able to only connect
one time with site after this started happening. Now No sites are
able to be accessed through Dreamweaver FTP.
Anyone else experiencing this and/or have a solution?http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14834&sliceId=2
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"Pala32" <[email protected]> wrote in
message
news:frpevj$j33$[email protected]..
> I'd also really like to find a solution to this. I've
been connecting, no
> problem, to several servers, for many months. Now I get
this Message and
> can't
> connect to anything with C3. DW MX works as do other
apps.
>
Maybe you are looking for
-
PSE 12 Automatically shutting down after "sign in"
Hi, I just bought PSE 12 and installed the disk, everything seemed fine with the install. When I open PSE 12 it says "Sign In Reqired" then I press sign in, and put in my Adobe ID, and it says "please wait for a moment" and then the entire program
-
Payment details changed without permission - cluel...
As a nightshift worker I find it hard to believe that there is no option whatsoever to talk with a human being about billing problems outside of the office hours... having spoken to a callcenter somewhere that's certainly what I've been told and that
-
Changing message server port for ABAP+Java Instance
Hi, We had change our message server port for the Java instance from 3607 to 3667. We did this using the j2ee config tool. We also verified this information through the console config. But when we look into system info URL using the URL as shown belo
-
HT4910 i had pdf files in my ibook icon, ipluged in ipad and lost all the files?
I had pdf files in ibooks, i pluged my ipad2 into my pc. got into itunes and i think i lost them. can i retreave it ??
-
HT2736 How can I check the amount of a gift card
I purchased several gift cards , now I don't know what the amounts are. How can I get a card balance amount.