Help using Custom ssl cert in Aironet https web Interface
I spent a few hours learning how to import certificates, and I think I did ok with that part. If I use the selfsigned cert when HTTPS is enabled through the web interface, HTTPS works just fine, but the second I
ip http secure-trustpoint test
I get a connection reset error in my test browsers.
ip http secure-trustpoint TP-self-signed-3349201592
doesn't fix it, it just gives me an "invalid certificate" error. I'm going to include what I did to get to where I am now, and hopefully you can see where I'm going wrong.
In Linux:
openssl genrsa -out test.key 2048
openssl req -new -nodes -key test.key -out test.csr
got csr cert and root ca from CACert
openssl rsa -in test.key -des3 -passin pass: -out keyout.pem
password:12345678
scp root.ca [email protected]:flash:/root.ca
scp keyout.pem [email protected]:flash:/test.key
scp test.crt [email protected]:flash:/test.crt
In Aironet IOS
crypto ca trustpoint test
crypto ca import test pem url flash:/test 12345678
% Importing CA certificate...
Source filename [test.ca]? root.crt
Reading file from flash:root.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key
% Importing certificate PEM file...
Source filename [test.crt]?
Reading file from flash:/test% PEM files import failed.
ok so that didn't work, but I can see that the root.crt imported at least
show crypto ca trustpoints
Trustpoint TP-self-signed-3349201592:
Subject Name:
cn=IOS-Self-Signed-Certificate-3349201592
Serial Number: 01
Persistent self-signed certificate trust point
Trustpoint test:
Subject Name:
[email protected]
cn=CA Cert Signing Authority
ou=http://www.cacert.org
o=Root CA
Serial Number: 00
Persistent self-signed certificate trust point
I then tried to import just the keypair
crypto key import rsa test pem url flash:/test 12345678
% Importing public key or certificate PEM file...
Source filename [test.pub]? test.crt
Reading file from flash:test.crt
% Importing private key PEM file...
Source filename [test.prv]? test.key
Reading file from flash:test.key% Key pair import succeeded.
Strangely, that worked, and now I have my keypair.
show crypto key mypubkey rsa
% Key pair was generated at: 03:39:07 GMT Jul 29 2009
Key name: BenCloud
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00CAC0D9 4C79D716 140D38BF C97C1120 8A0FDCED DDDF5438 8A4BDC5C 00629676 .......
Now to apply it to the trust point, I also tried to mimick the selfsigned TP's settings, and this is what I ended up with
show
enrollment selfsigned
subject-name cn=CA Cert Signing Authority
revocation-check none
rsakeypair test
end
vs
show
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3349201592
revocation-check none
rsakeypair TP-self-signed-3349201592
end
Then I tried applying this new TP to the HTTPS server
ip http secure-trustpoint test
Which caused the error I discribed earlier
That isn't the problem, it says "The connection was interrupted" when I use my own Trust Point.
As I said, if I disable HTTPS, then reenable it, through the WebUI, it regenerates the self signed keys and works just fine. I think I'm assigning the keys incorrectly, but I don't know where I'm going wrong.
Similar Messages
-
Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)
Hi,
I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
For reskilling, I will assume I will have to do some command line stuff here ...
eg: keytool -genkey -keyalg RSA -keystore hostname.key
to create the key,
keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
to create the csr, and
keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
to import the new cert
Suggestions or comments for anyone who has tried this before would be appreciated.
Regards,
BrianI've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
david -
Use Wildcard SSL Cert to Monitor Non-Domain COmputers
Hello,
I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
TIA,
JimHi,
The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Configuring SSL to make a HTTPS web Service call from XI
Hi All,
We are making a <b>https web service call</b> using soap adapter from XI. Looking at the various posts and SAP help links, we are configuring SSL for the same.
The procedure given in SAP help has been followed to configure SSL but with no luck. If someone had done this could you please give a <b>step by step procedure</b> to configure SSL, we might have missed out on something.
Also are there are <b>any other settings apart from SSL</b> to be done to make a https web service call using soap adapter from XI.
Cheers,
Chandrauser13046122 wrote:
I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
I now need to make SOAP Web Service calls - from an 8.1.7.4 database
But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess. -
Not able to use Aironet 3500 web interface
Hi, I can ping my aironet 3500 AP but when I put the ip on the address bar of web browser it wont give the interface.
I can not set it up, how can i enable the web interface?
i really appreciate your help,
ThanksIs there a way I can upgrade the software so its autonomus?
Yes and no.
Yes, you can upgrade to autonomous ... IF you can find the software.
No, if you run into configuration issues, TAC will not help you and you're on your own.
Thanks for your help Im really troubled with this...
Talk to the vendor who sold you the item and tell them to replace it with the ones I've mentioned previously. -
I have been looking into changing ssl certificates, currently we use thawte. I have had some trouble with the godaddy ssl certificates but I think it is probably that it is just slightly different then what I was used to. My question is is anyone else out their using godaddy for your ssl certificates and have you had any issues or do you have any concerns with using them?
Yes, I havnt seen any issues with it.
If u need any help installing it in ur keystore let me knw.
-Faisal
http://weblogic-wonders.com -
When I add multiple media players to my web page and upload them online, all four mp3 files begin to play at one time. I need someone to take me through the steps to create playback controls in the HTML code so that the media players DO NOT play until the viewer clicks the "play button."
By default, HTML5 videos do not autoplay on page load.
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>HTML5 with Video</title>
<!--help for older IE browsers-->
<!--[if lt IE 9]>
<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<style>
video {
max-width:100%;
display:block;
margin:0 auto;
</style>
<body>
<h2>Use 3 File Types to support all browsers & mobile devices: MP4, WEBM and OGV.</h2>
<h3>If needed, use this Online Video Converter
http://video.online-convert.com/</h3>
<!--begin video-->
<video controls poster="Your_poster_image.jpg">
<!--these are 6 sec sample videos for testing purposes. Replace sample-videos with your own files-->
<source src="http://techslides.com/demos/sample-videos/small.webm" type="video/webm">
<source src="http://techslides.com/demos/sample-videos/small.ogv" type="video/ogg">
<source src="http://techslides.com/demos/sample-videos/small.mp4" type="video/mp4">
If you're seeing this, you're using an
outdated browser that doesn't support
the video tag. </video>
<!--end video-->
</body>
</html> -
Help - using custom login module with embedded jdev oc4j to access ejb 3
Hi All (Frank ??),
I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
have to deploy to oc4j standalone instead.
I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
setting in orion-application.xml for details.
Using the various guides available, I had no problem getting the custom login module working
with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
respectively in various config files.
I'm using EJB 3 annotations for protecting methods .. for example
@RolesAllowed("sr_Member")
Steps that I had to do so far :-
In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
<application>
<name>current-workspace-app</name>
<login-modules>
<login-module>
<class>kr.security.KnowRushLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>dataSource</name>
<value>jdbc/DB_XE_KNOWRUSHDS</value>
</option>
<option>
<name>user.table</name>
<value>users</value>
</option>
<option>
<name>user.pk.column</name>
<value>id</value>
</option>
<option>
<name>user.name.column</name>
<value>email_address</value>
</option>
<option>
<name>user.password.column</name>
<value>password</value>
</option>
<option>
<name>role.table</name>
<value>roles</value>
</option>
<option>
<name>role.to.user.fk.column</name>
<value>user_id</value>
</option>
<option>
<name>role.name.column</name>
<value>name</value>
</option>
</options>
</login-module>
</login-modules>
</application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Member</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
My ejb-jar.xml contains :-
<?xml version="1.0" encoding="utf-8"?>
<ejb-jar xmlns ....
<assembly-descriptor>
<security-role>
<role-name>sr_Admin</role-name>
</security-role>
<security-role>
<role-name>sr_Member</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
My orion-ejb-jar.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar ...
<assembly-descriptor>
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<default-method-access>
<security-role-mapping name="sr_Member" impliesAll="true">
</security-role-mapping>
</default-method-access>
</assembly-descriptor>My orion-application.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-application xmlns ...
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<jazn provider="XML">
<property name="role.mapping.dynamic" value="true"></property>
<property name="custom.loginmodule.provider" value="true"></property>
</jazn>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>My essentially auto-generated EJB 3 client does the following :-
Hashtable env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
final Context context = new InitialContext(env);
KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
...And throws the error
20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
javax.naming.NoPermissionException: Not allowed to look
up KRFacade, check the namespace-access tag setting in
orion-application.xml for details
at
com.evermind.server.rmi.RMIClientConnection.handleLookupRe
sponse(RMIClientConnection.java:819)
at
com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
andResponse(RMIClientConnection.java:283)
....I can see from the console that the user was successfully authenticated :-
20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
WARNING: [KnowRushLoginModule] User matt.shannon authenticated
And that user is granted both the Admin, and Member roles.
The test servlet using basic authentication correctly detects the user and roles perfectly...
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>ExampleServlet</title></head>");
out.println("<body>");
out.println("<p>The servlet has received a GET. This is the reply.</p>");
out.println("<br> getRemoteUser = " + request.getRemoteUser());
out.println("<br> getUserPrincipal = " + request.getUserPrincipal());
out.println("<br> isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
out.println("<br> isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
cheers
Matt.
Message was edited by:
mshannonThanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
Did you ever get the code working directly from JDeveloper?
Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>JAAS_Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>If I add the following to orion-application.xml
<!-- Granting login permission to users accessing this EJB. -->
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="JAAS_Admin"></group>
</security-role-mapping>
</namespace-resource>
</read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
From custom login module :-
private static KRSecurityHelper singleton = new KRSecurityHelper();
protected Principal[] m_Principals;
Vector v = new Vector();
v.add(singleton.getCustomRmiConnectRole());
// set principals in LoginModule
m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
Singleton class :-
package kr.security;
import com.evermind.server.rmi.RMIPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmManager;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RoleManager;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.JAZNException;
public class KRSecurityHelper
private static final Logger LOGGER = Logger.getLogger("kr.security");
private static final String LOGPREFIX = "[KRSecurityHelper] ";
public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
private RealmRole m_Role = null;
public KRSecurityHelper()
LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
JAZNConfig jc = JAZNConfig.getJAZNConfig();
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
RealmManager realmMgr = jc.getRealmManager();
try
// Get the default realm .. e.g. jazn.com
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
Realm r = realmMgr.getRealm(jc.getDefaultRealm());
LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
// Access the role manager for the remote connection role
LOGGER.log(Level.FINEST,
LOGPREFIX +"calling default_realm.getRoleManager");
RoleManager roleMgr = r.getRoleManager();
LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
CUSTOM_RMI_CONNECT_ROLE "'");
RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
if (rmiConnectRole == null)
LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
Grantee gtee = new Grantee(rmiConnectRole);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
RMIPermission login = new RMIPermission("login");
LOGGER.log(Level.FINEST,
LOGPREFIX +"constructing subject.propagation rmi permission");
RMIPermission subjectprop = new RMIPermission("subject.propagation");
// make policy changes
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
JAZNPolicy policy = jc.getPolicy();
if (policy != null)
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'login' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, login);
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'subject.propagation' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, subjectprop);
// m_Role = rmiConnectRole;
m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.INFO, LOGPREFIX
+ m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
else
LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
else
LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
m_Role = rmiConnectRole;
catch (JAZNException e)
LOGGER.log(Level.WARNING,
LOGPREFIX +"Cannot configure JAZN for remote connections");
public RealmRole getCustomRmiConnectRole()
return m_Role;
}Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
INFO: Login permission not granted for current-workspace-app (test.user)
Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
Matt. -
Help using JMX to Get Context of Deployed Web Apps
I think this question is more of a JMX question that anything else (like a JNDI question), so I am posting here. If anyone feels this should be posted elsewhere, please let me know.
I want to be able to get a handle to each deployed web app's context, so that I may get a BasicDataSource from it, then look at the connection attributes inside of that BasicDataSource, i.e., Number of active connections, number of idle connections, etc. for each deployed web app.
This is the path I am heading down (if there is another way, please let me know). The code below is inside of a JSP running inside of a web app within my Tomcat 5.0.16 server, running JDK 1.4.2.
Here is the entire JSP...
<%@ page import="org.apache.commons.dbcp.BasicDataSource,
javax.naming.InitialContext,
javax.naming.Context,
javax.management.ObjectName,
javax.management.MBeanServer,
java.util.Set,
org.apache.catalina.mbeans.MBeanUtils,
java.util.Iterator,
javax.management.ObjectInstance,
org.apache.catalina.core.StandardContext"%>
<html>
<head>
<meta http-equiv="refresh" content="3"> <!-- refresh every 3 seconds -->
</head>
<body>
<%
//InitialContext ctx = new InitialContext();
//Context envCtx = (Context) ctx.lookup("java:comp/env");
String dsName = "";//"jdbc/raptor";
String appName = "";//(String) envCtx.lookup("appName");
BasicDataSource ds = null;//(BasicDataSource) envCtx.lookup(dsName);
MBeanServer mBeanServer = MBeanUtils.createServer();
ObjectName oname = new ObjectName("*:j2eeType=WebModule,*");
Set contexts = mBeanServer.queryMBeans(oname, null);
Iterator it = contexts.iterator();
while(it.hasNext()) {
ObjectInstance oi = (ObjectInstance)it.next();
ObjectName cname = oi.getObjectName();
System.out.println(">>> cname = " + cname.toString()); // this prints something like this: Catalina:j2eeType=WebModule,name=//localhost/accesstracker,J2EEApplication=none,J2EEServer=none
Is this the right way to do this??? I seem to be getting the web app, I just want to be able to
get a handle to that web app's context, get a BasicDataSource from it, then look at the connection
attributes inside of that BasicDataSource, i.e., Number of active connections, number of idle
connections, etc. for each deployed web app
//javax.naming.Context iCtx = (javax.naming.Context) mBeanServer.invoke(cname, "findStaticResources", null, null); // will this do it???
Object obj = new InitialContext().lookup("java:comp/env"); // this only gets the current context (the web app I'm currently in)
if(obj != null){
Context envCtx = (Context) obj;
appName = (String) envCtx.lookup("appName");
ds = (BasicDataSource) envCtx.lookup("jdbc/raptor");
}else{
System.out.println("obj is null");
%> <%=cname.toString()%><br/>
Application name: <%=appName%><br/>
Number of Active Connections = <%=ds.getNumActive()%>
<br/>
Number of Idle Connections = <%=ds.getNumIdle()%>
<br/>
Initial Size of Pool = <%=ds.getInitialSize()%>
<br/>
Maximum Number of Active Connections = <%=ds.getMaxActive()%>
<br/>
<%
%>
</body>
</html>The above JSP will output all of the info for each deployed web app, however, when it gets to getting the Context of the web app, it simply outputs information repeatedly for the web app this JSP is in (which makes sense since I'm using InitialContext).
I appreciate any help anyone could provide.
Thank youIf you want your application to work only with specific JRE version, you should use static versioning. I installed JRE 1.3.1_15 and JRE 5.0U5 , both of them works successfully. I used the below syntax to load applets:
for 1.3.1_15:
<object
classid = "clsid:CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA"
codebase = "http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab#Version=1,3,1,15"
WIDTH = 150 HEIGHT = 25 >
<PARAM NAME = CODE VALUE = "HelloWorld.class" >
<param name = "type" value = "application/x-java-applet;jpi-version=1.3.1_15">
<param name = "scriptable" value = "false">
<comment>
<embed
type = "application/x-java-applet;jpi-version=1.3.1_15" \
CODE = "HelloWorld.class" \
WIDTH = 150 \
HEIGHT = 25
scriptable = false
pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<noembed>
</noembed>
</embed>
</comment>
</object>for 5.0U5
<object
classid = "clsid:CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA"
codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab#Version=1,5,0,5"
WIDTH = 150 HEIGHT = 25 >
<PARAM NAME = CODE VALUE = "HelloWorld.class" >
<param name = "type" value = "application/x-java-applet;jpi-version=1.5.0_05">
<param name = "scriptable" value = "false">
<comment>
<embed
type = "application/x-java-applet;jpi-version=1.5.0_05" \
CODE = "HelloWorld.class" \
WIDTH = 150 \
HEIGHT = 25
scriptable = false
pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<noembed>
</noembed>
</embed>
</comment>
</object>- Mike -
Lost The Cisco Aironet 1310 Web Interface????
I've been having connection issues with my (2) Aironet 1310, which are setup in a bridge p2p mode. A few weeks ago we had a power outage due to a lighting storm. Well, it knocked out my non-root bridge (not connecting to the root). So I brought it back to check the configurations, but when I try to use the web console all I get is the following page:
When I click the "Web Console" link it takes me to the following page:
Is there a way to get the original web console page back?here is the command..
archive download-sw / force-reload /overwrite tftp:///
Example..
archive download-sw / force-reload /overwrite tftp:///c1310-k9w7-tar.124-21a.JA1.TAR
to get the .TAR, go to the folder where the image is saved and then Tools >> folder options >> view >> check >> show hidden files and folders.
Now click on the image and then copy the image name and then paste the same on the CLI... then this come as IMAGE.TAR that is.. c1310-k9w7-tar.124-21a.JA1.TAR instead of c1310-k9w7-tar.124-21a.JA1
it should be c1310-k9w7-tar.124-21a.JA1.TAR
lemme know how this works out for you!! if you face any difficulties while upgrading please open up a TAC case.. we wil solve this in less than 5 minutes... and the network wil be back up!!
Regards
Surendra -
Is it possible to access the http web interface over the fa1 management interface?
Hello All,
I am remotely connected into a Cat 4500 + Supervisor V module via console cable and point to point connection from laptop to fa1 management interface on SupV. SupV module is running IOS 15.0(2)SG8.
I am not able to physically change the patch cable from fa1 management interface to gi2/3 or any other switch port for a couple days and would like to see if it is possible to access the http server through this fa1 port since I am working remotely. I can ping the laptop from fa1 and tftp ok but cannot access the http/https server. Is this even possible without connecting the laptop into a regular switch port like gi 2/3 gi 2/4 etc..? The reason I ask is I would like to use Cisco Networking Assistant gui for some things but need access to https server first over the fa1 link.
Any suggestions would be much appreciated.
Thanks!
-SHere is the ACL list. I have not made any entries into this list and all of these are default at this time. Do I need to make an explicit allow ACL for http?
Thanks!
-S
#show access-list
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-energywise-disc
10 permit udp any eq any eq 0
Extended IP access list system-cpp-hsrpv2
10 permit udp any host 224.0.0.102
Extended IP access list system-cpp-igmp
10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-pim
10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 224.0.0.9
Extended MAC access list system-cpp-bpdu-range
permit any 0180.c200.0000 0000.0000.000c
Extended MAC access list system-cpp-cdp
permit any host 0100.0ccc.cccc
Extended MAC access list system-cpp-cgmp
permit any host 0100.0cdd.dddd
Extended MAC access list system-cpp-dot1x
permit any host 0180.c200.0003
Extended MAC access list system-cpp-lldp
permit any host 0180.c200.000e
Extended MAC access list system-cpp-mcast-cfm
permit any 0180.c200.0030 0000.0000.000f
Extended MAC access list system-cpp-pppoe-disc
permit any any protocol-family pppoe-disc
Extended MAC access list system-cpp-sstp
permit any host 0100.0ccc.cccd
Extended MAC access list system-cpp-ucast-cfm
permit any host 000d.6558.d5fd -
SSL Cert Setup on the Palm Pre
I am having issues setting up my companies email on the Palm Pre. We use an SSL cert and for some reason I get Certificate Error. Is the time and date wrong. I looked at many blogs with other people having this issue and they say a root cert needs to be put on the phone. The only way it says to do this is to install the Microsoft Certificate Authority and then generate the cert that way.
Well, the issues that I am having is I have been generating my cert using the new-exchangecertificate -domainnames mydomain.domain.com, and I do multiples dns names. This cert works fine on all my computers and all other cell phones. When I put it on the pre I get the error above. I read that this is an IIS root cert and the palm does not allow this. I then installed the Certificate Authority and generated a cert and the pre worked fine, the only issue is the cert broke the rest of my external users connections. I need the cert to have dns resolution addresses in it. I found out how to get the Certificate Authority to have san:dns= domain.domain.com names. But when I generate this cert and put it as my primary cert it then brakes the palm and my other systems.
How can I get the Certificate Authority to give me a cert with all the DNS names I need and work on the palm and all my other systems.
Any help is great and thanks in advance.
Post relates to: Pre p100eww (Sprint)We keep any type of updates very close to us. So close in fact that I do not know and only the developers know about this. But if you feel that this should be included there is a feedback link at the bottom of my post click on that and leave the feedback
-
Expired internal SSL cert on SGD 4.5?
Upgraded Solaris SGD from 4.41.to 4.5. I use a SSL cert for our site, which is working fine. SGD login prompt appears and cert can be viewed and verified.
However after logging in, I get a security warning on tcchelper saying that Sun's own Verisign certificate expired on 8/29/2010. Is a current cert available?yes, please open a case with Oracle Support and we will provide you an update on SGD 4.50.933.
-
Hello,
Am I able to use an SSL cert in the proxy list for the same VIP but on a different port?
Basically, can I use the same cert twice?
Thanks,
DaveHi Dave,
It should be possible to create multiple SSL Servers for a single VIP under a
single SSL-Proxy-List by specifying different ports.
Siva -
FTP with SSL cert on ACNS via WCCP
I have a client using an SSL cert to connect to an ftp server. The user is being redirected to a CE-511 via WCCP v2 but the FTP connection does not work. If I bypass the user (in my wccp acl) it works fine - following a default route to my PIX.
Any info, good or bad will be greatly appreciated.
- MattWhat is the software version running on the CE-511. Did you try upgrading to the latest version of the firmware. This should solve the issue.
Maybe you are looking for
-
I am using the Windows XP operating system with IE6 and SP2 installed. I have created a site by using Macromedia Dreamweaver and Flash. When I open the site I am seeing the outline around the flash files. This also happens incase of mouse over event.
-
19" lcd dynex tv/dvd combo problem
I am wondering if anyone can help me with this. I have 2 19" lcd tv/dvd combo... one in each kids room. I mounted em up on the wall so the kids couldn't mess with them. So now heres my problem, both of the tvs when turned on turn off then back on the
-
Which licenses do I need for the Enterprise Portal from Dynamics AX R2 2012
Dear Community, some time ago i heard about the Enterprise Portal, which requires a SharePoint 2013 and a Dynamics AX R2 2012 Server. My company has a fully licensed SharePoint 2013 Enterprise Server and enough CALs. We also have a Dynamics AX 2009 S
-
I just spent twenty minutes writing an app review on my iPad. When I started, the App Store asked for my ID and password before it allowed me to start writing - fair enough, it needs to verify who I am for several reasons. When I finished my review a
-
Light Room Windows contral bar
I have my Lightroom installed under Windows XP. I cannot minimize the view it always takes up the full screen or I have to shut it down. So I cannot go to other views i.e. do a search in my data library etc. when working while working with Lightroom