Getting SSL Certificates to JDBC Pool
Is it possible to make container managed JDBC-pool with proxy authentication to Oracle Database using certificate obtained from request object?
I mean, define a connection factory for oracle database and supply at configuration time that certificate proxy property should be taken from request object?
Is it possible or it is theoritically wrong to use that scheme?
Is it possible to make container managed JDBC-pool with proxy authentication to Oracle Database using certificate obtained from request object?
I mean, define a connection factory for oracle database and supply at configuration time that certificate proxy property should be taken from request object?
Is it possible or it is theoritically wrong to use that scheme?
Similar Messages
-
How we can get SSL certificate for any site?
i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.
Hi,
Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
Based on your description, I’m a little confused with your question. Did you mean that want to know why need
SSL certificate for website?
Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
and your server.
An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
Managing Certificates
SSL and Certificates
Understanding Self-Issued
Certificates in SBS 2003 & SBS 2008
Installing a GoDaddy Standard
SSL Certificate on SBS 2008
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If anything I misunderstand or any update, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu -
How to get SSL certificates in JRun
I have some problems in using JRun 3.1 with apache 2.0 in
microsoft Windows XP professional.
I want to get SSL peer certificates in a jsp file. But it was
always failed.
Could you tell me how to get the remote user's certificate.
content of JSP file:
boolean isSecure = request.isSecure();
if(isSecure)
X509Certificate[] certChain =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
if(certChain!=null)
else
out.println("<br>User certificate is
null.<br>");
...Configuring Commercial certificates on weblogic server
http://weblogictips.wordpress.com/2008/07/27/configuring-commercial-certificates-on-weblogic-server/
How to debug SSL issues with weblogic server
http://weblogictips.wordpress.com/2010/05/11/how-to-debug-ssl-issues-with-weblogic-server/
Steps to create self sign certificates for weblogic server
http://weblogictips.wordpress.com/2008/07/27/steps-to-create-self-sign-certificates-for-weblogic-server/
thanks,
sandeep -
Getting SSL certificate via LDAP connection
Hello...
I'm trying to get the SSL Certificate from a Novell eDir directly by connecting through ldap. The object dn is:
cn=SSLSERVICES1024 - SERVICES, ou=gip, o=testorg
and when I list all the attributes are:
===========
nDSPKICertificateChain: 0
hostServer: cn=SERVICES,ou=GIP,o=testorg
nDSPKIPublicKey: 0
nDSPKIKeyFile: @P
objectClass: nDSPKIKeyMaterial, top
nDSPKIPrivateKey: 0
nDSPKIPublicKeyCertificate: 0
cn: SSLSERVICES1024 - SERVICES
nDSPKISubjectName: O=testorg.OU=GIP.CN=SERVICES
nDSPKIGivenName: SSLSERVICES1024 - SERVICES.GIP.testorg
ACL: 2#entry#[Public]#hostServer, 2#subtree#cn=SAS Service - SERVICES,ou=GIP,o=testorg#[All Attributes Rights]
==============
Which attribute do I take to instanciate a X509Certificate class?
Any ideas?
Thank you!I am not exactly sure what you are trying to do, but I was using e-directory and trying to get SSL working. Here is the URL for what I did to get SSL working.
http://forum.java.sun.com/thread.jsp?forum=51&thread=322566
hopefully it helps
-Allison -
ClassNotFoundException: weblogic/jdbc/pool/Driver
Hi,
I was able to run the sql example in the jsp\tagext directory.
The ConnectionTag tag contains basically code like:
Class.forName("weblogic.jdbc.pool.Driver").newInstance();
which works fine.
Next, I moved the code into a utility package, which I
compiled into the public_html\WEB-INF\classes directory. This
code is called from within a servlet.
Strangely enough, when I run the servlet, I get the
ClassNotFoundException: weblogic/jdbc/pool/Driver error.
It is as if the servlet does not have access to the
weblogic.jdbc.pool.Driver class while the tag library does.
What am I doing wrong?
Thanks,
Vladimir
You must include the path to jdbc driver in the script wich you start the
server.
WEBLOGIC_CLASSPATH
vladimir <[email protected]> escribió en el mensaje de noticias
39bcdf0c$[email protected]..
>
> Hi,
>
> I was able to run the sql example in the jsp\tagext directory.
> The ConnectionTag tag contains basically code like:
>
> Class.forName("weblogic.jdbc.pool.Driver").newInstance();
>
> which works fine.
>
> Next, I moved the code into a utility package, which I
> compiled into the public_html\WEB-INF\classes directory. This
> code is called from within a servlet.
>
> Strangely enough, when I run the servlet, I get the
> ClassNotFoundException: weblogic/jdbc/pool/Driver error.
> It is as if the servlet does not have access to the
> weblogic.jdbc.pool.Driver class while the tag library does.
>
> What am I doing wrong?
>
> Thanks,
> Vladimir
>
-
Hi all,
I want to know whether I need separate SSL certificate for each database on that server or can I take for the server and use it?
And also how to get SSL certificate for database form Godaddy?
Any help would be great.
Thanks
Rajitha
--------------------------------------------------------------------------------Pl refer to Oracle® Database Advanced Security Administrator's Guide
10g Release 2 (10.2) from Oracle documentation.
You will find useful information on that related to this.
Dilipkumar Patel. -
Repost: ClassNotFoundException: weblogic/jdbc/pool/Driver
Hi,
I was able to run the sql example in the jsp\tagext directory. The ConnectionTag tag contains basically code like:
Class.forName("weblogic.jdbc.pool.Driver").newInstance();
which works fine.
Next, I moved the code into a utility package, which I compiled into the public_html\WEB-INF\classes directory. This code is called from within a servlet.
Strangely enough, when I run the servlet, I get the ClassNotFoundException: weblogic/jdbc/pool/Driver error. It is as if the servlet does not have access to the weblogic.jdbc.pool.Driver class while the tag library does.
What am I doing wrong?
Thanks, Vladimir
Hi,
I was able to run the sql example in the jsp\tagext directory. The ConnectionTag tag contains basically code like:
Class.forName("weblogic.jdbc.pool.Driver").newInstance();
which works fine.
Next, I moved the code into a utility package, which I compiled into the public_html\WEB-INF\classes directory. This code is called from within a servlet.
Strangely enough, when I run the servlet, I get the ClassNotFoundException: weblogic/jdbc/pool/Driver error. It is as if the servlet does not have access to the weblogic.jdbc.pool.Driver class while the tag library does.
What am I doing wrong?
Thanks, Vladimir
-
How to get the Users Name from the SSL certificate?
Trying to achieve the following:
Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
Does SSO do this or something else?Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
File scriptFile = File.createTempFile("script", ".js");
FileWriter fw = new FileWriter(scriptFile);
fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
fw.flush();
fw.close();
BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
String uName = br.readLine();
br.close();
scriptFile.delete();
if (scriptFile.exists()) scriptFile.deleteOnExit();
return uName;
} -
How to get the ssl-certificate trusted on lion-server
I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
So I want to use the server to exchange data, use a common calendar, address-book etc.
To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
So I selected the server in server.app (Hardware) and selected SSL certificate edit
created a certificate signing request that I exported and saved on my computer
I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
and also imported the certificate in to the keychain
All following the steps described in:
Managing iOS deviceswith OS X Lion Server by Arek Dryer
the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
So I somehow did something wrong.
Any suggestions what I should do?ok let me add some info in the hope I will get some guidance:
using the site http://www.sslshopper.com/ssl-checker.html
I was able to check on the status of the certificate:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
I guess I would be helped if there is a step by step manual how to install a root certificate -
Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL
I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
A) We're at version 11 ---- these kinds of issues should have been fixed years ago
B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
My tests seem to show that
(a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
(b) if a dialog is at a higher level, this is a global setting.
So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back. So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window). -
Has anyone found a way to overcome the SSL certificate error via UCCX editor? See attached screenshots. Thanks!
Hi, not easily, no.
But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
G. -
Cisco ASA 5505 and comodo SSL certificate
Hey All,
I am having an issue with setting up the SSL certificate piece of the Cisco AnyConnect VPN. I purchased the certificate and installed it via the ASDM under Configuration > Remote Access VPN > Certificate Management > Identity Certificates. I also placed the CA 2 piece under the CA Certificates. I have http redirect to https and under my browser it is green.
Once the AnyConnect client installs and automatically connects i get no errors or anything. The minute I disconnect and try to reconnect again, I get the "Untrusted VPN Server Certificate!" which isn't true because the connection information is https://vpn.mydomain.com and the SSL Cert is setup as vpn.mydomain.com.
On that note it lists the IP address instead of the vpn.mydomain.com as the untrusted piece of this. Now obviously I don't have the IP address as part of the SSL cert, just the web address. On the web side I have an A record setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
What am I missing here? I can post config if anyone needs it.
(My Version of ASA Software is 9.0 (2) and ASDM Version 7.1 (2))It's AnyConnect version 3.0. I don't know about the EKU piece. I didn't know that was required. I will attach my config.
ASA Version 9.0(2)
hostname MyDomain-firewall-1
domain-name MyDomain.com
enable password omitted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd omitted
names
name 10.0.0.13.1 MyDomain-Inside description MyDomain Inside
name 10.200.0.0 MyDomain_New_IP description MyDomain_New
name 10.100.0.0 MyDomain-Old description Inside_Old
name XXX.XXX.XX.XX Provider description Provider_Wireless
name 10.0.13.2 Cisco_ASA_5505 description Cisco ASA 5505
name 192.168.204.0 Outside_Wireless description Outside Wireless for Guests
ip local pool MyDomain-Employee-Pool 192.168.208.1-192.168.208.254 mask 255.255.255.0
ip local pool MyDomain-Vendor-Pool 192.168.209.1-192.168.209.254 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address Cisco_ASA_5505 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address Provider 255.255.255.252
boot system disk0:/asa902-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.3.21
domain-name MyDomain.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network MyDomain-Employee
subnet 192.168.208.0 255.255.255.0
description MyDomain-Employee
object-group network Inside-all
description All Networks
network-object MyDomain-Old 255.255.254.0
network-object MyDomain_New_IP 255.255.192.0
network-object host MyDomain-Inside
access-list inside_access_in extended permit ip any4 any4
access-list split-tunnel standard permit host 10.0.13.1
pager lines 24
logging enable
logging buffered errors
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static Inside-all Inside-all destination static RVP-Employee RVP-Employee no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.XX 1
route inside MyDomain-Old 255.255.254.0 MyDomain-Inside 1
route inside MyDomain_New_IP 255.255.192.0 MyDomain-Inside 1
route inside Outside_Wireless 255.255.255.0 MyDomain-Inside 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record "Network Access Policy Allow VPN"
description "Must have the Network Access Policy Enabled to get VPN access"
aaa-server LDAP_Group protocol ldap
aaa-server LDAP_Group (inside) host 10.0.3.21
ldap-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-group-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Cisco VPN,ou=Special User Accounts,ou=MyDomain,dc=MyDomainNET,dc=local
server-type microsoft
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http MyDomain_New_IP 255.255.192.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
no validation-usage
no accept-subordinates
no id-cert-issuer
crl configure
crypto ca trustpoint VPN
enrollment terminal
fqdn vpn.mydomain.com
subject-name CN=vpn.mydomain.com,OU=IT
keypair vpn.mydomain.com
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpool policy
crypto ca server
shutdown
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
omitted
quit
crypto ca certificate chain VPN
certificate
omitted
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate ca
omitted
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint VPN
telnet timeout 5
ssh MyDomain_New_IP 255.255.192.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 rc4-md5 des-sha1
ssl trust-point VPN outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 3
anyconnect image disk0:/anyconnect-linux-2.4.1012-k9.pkg 4
anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 5
anyconnect profiles MyDomain-employee disk0:/MyDomain-employee.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 10.0.3.21
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value MyDomain.com
group-policy MyDomain-Employee internal
group-policy MyDomain-Employee attributes
wins-server none
dns-server value 10.0.3.21
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value MyDomain.com
webvpn
anyconnect profiles value MyDomain-employee type user
username MyDomainadmin password omitted encrypted privilege 15
tunnel-group MyDomain-Employee type remote-access
tunnel-group MyDomain-Employee general-attributes
address-pool MyDomain-Employee-Pool
authentication-server-group LDAP_Group LOCAL
default-group-policy MyDomain-Employee
tunnel-group MyDomain-Employee webvpn-attributes
group-alias MyDomain-Employee enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1c7e3d7ff324e4fd7567aa21a96a8b22
: end
asdm image disk0:/asdm-712.bin
asdm location MyDomain_New_IP 255.255.192.0 inside
asdm location MyDomain-Inside 255.255.255.255 inside
asdm location MyDomain-Old 255.255.254.0 inside
no asdm history enable -
File Adapter FTP SSL SSL Certificate Exception
After reviewing the results of searching on this error, I do not find anything that fits my situation:
SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
I am not using X.509 certificate for client authentication.
My connection is using a non-public certificate.
I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
I am getting the following error:
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
Any recommendations?Hi,
The main reasons for this error are:
1. The correct server certificate could not be present in the TrustedCA
keystore view of NWA. Please ensure you have done all the steps
described in these two URLs:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for
it (that was the cause for other customers as well) and if it's the case
renew it or extend the validation.
3. Some other people have reported similar problem and mainly the
problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate
is A which is issued by an intermediate CA B and then B's certificate is
issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to
have the right order of certificate in the chain. If the order is B
first followed by A followed by C, then the IAIK library used by PI
cannot verify the server as trusted. Please generate the certificate in
the right order and then import this certificate in the TrustedCA
keystore view and try again. Please take this third steps as the
principal one.
Hope it solves your querie.
Regards,
Caio Cagnani -
SSL Certificate Error in AIX server~~~SCOM 2012 R2
Hi Everyone,
While installing SCOM client i am getting below error. Plz suggest.
Agent verification failed. Error detail: The server certificate on the destination computer (FQDN(Server Name):1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
The server certificate on the destination computer (FQDN(Server Name:1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate is signed by an unknown certificate authority.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: FQDN serve.
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.Hi Pawan
Have you exported/imported scx certificates?
Check out Kevin Holmans blog on installation of UNIX/Linux agents:
http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
www.coretech.dk - blog.coretech.dk -
Thunderbird trying to override ssl certificate
When I try to send a email I get a error message, "Sending of message failed.
The message could not be sent using SMTP server smtpout.secureserver.net for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator." Then another window pops asking to override my SSL certificate. I am using Godaddy for email hosting and they are saying it might be a security flaw within Thunderbird. It is trying to override my godaddy SSL cert with a cert with the following info.
Issued To
Common Name (CN): Server
Organization (O):Sample, Inc.
Organization Unit (OU):IT Team
Serial Number:02
Issued By
Common Name (CN):CA
Organization (O):Sample, Inc.
Organization Unit (OU):IT Team
Validity
Issued on:11/18/2010
Expires On:11/15/2020
Fingerprints
SHA1 Fingerprint:12:52:B4:38:8C:74:A2:F1:13:1F:F3:46:EF:75:CE:9A:02:E9:28:91
MD5 Fingerprint:FA:A3:01:DD:E5:5D:20:60:F7:6C:24:DA:93:14:7F:30
I don't want to override my SSL cert and every email I try to send it wants me to. Is there a virus on my computer or am I being hacked or am I over reacting and should just accept it?I've been having the same problem intermittently, for maybe a few weeks. The certificate is clearly self-signed, probably being served by just one of the SMTP pool servers behind the smtpout.secureserver.net VIP (or possibly on the load-balancer itself, if it's terminating the SSL). I've uploaded a screenshot, which appears to be identical to the one described above, as well as another screenshot of a valid GoDaddy SMTP certificate.
Unfortunately, I can't get GoDaddy support to consider this possibility, as they've responded that their servers aren't misconfigured, and that it's "being caused locally by the time and date on [my] computer." Apparently my time/date configuration, which is synchronized via NTP, is somehow causing a certificate to appear from the "IT Team" at "Sample, Inc." Right.
The other possibility I might be willing to consider is a man-in-the-middle attack from malware or a malicious actor at the ISP. The fact that the OP on this thread is having the same problem, and is getting the exact same certificate, makes the ISP theory pretty unlikely. I'm also experiencing this problem from both a Mac and a Windows box, so the malware option is unlikely as well.
I will post an update if I get a resolution through GoDaddy or other means.
Maybe you are looking for
-
New to solaris what should I be downloading solaris 10 or opensolaris?
well I have some experience with redhat but want to learn solaris as, well I really will never be able to get a linux/unix position if I only know one. hmm so I started looking around and got confused by the many versions now available of solaris. so
-
InDesign CS5.5 crashes when deleting empty pages. Help!
Hello all, I'm having an issue with InDesign CS5.5 running on 10.7.5. I have two empty spreads that I need to delete but everytime I try to, it prompts: "The affected pages contain objects. Delete the pages anyway?" I click Okay and InDesign crashes
-
Camera Raw 4.5 final release?
Now it's been four weeks since Camera Raw 4.5 Release Candidate (ACR 4.5.0.161) was brought to us via Adobe Labs. Does anyone have any issues with it? I don't. Does anyone have an idea when the final release is supposed to arrive? I feel a four-week
-
Dropping a photo from iPhoto an Apple Mail stationary pane placeholder
With regard to Apple Mail and the stationary pane templates, why is that sometimes I can drop a picture in from iPhoto in the placeholder, and other times I cannot? Sometimes some photos will work and others won't. Other times no photos will work. An
-
Using Labview with Java Applets
I want to use LabView instruments in my Java Applets. Is it possible to call virtual instruments from applets?