Help with getting Web Start working with two-way SSL

Similar Messages

• Two way ssl with self signed certificate?

  How can I use a self signed certificate with two-way SSL with weblogic 7sp4?
  Specfically, I don't want to use any CA authority.
  Is it possible to simply have the clients certificate in the servers truststore or not?
  I pull out the certificate via
  javax.servlet.request.X509Certificate
  but when I use a self signed certificate it's never there.
  If I instead use a certificate that was created with CertGen it works. But CertGen uses the GenCertCA to create the certificate chain.

  How can I use a self signed certificate with two-way SSL with weblogic 7sp4?
  Specfically, I don't want to use any CA authority.
  Is it possible to simply have the clients certificate in the servers truststore or not?
  I pull out the certificate via
  javax.servlet.request.X509Certificate
  but when I use a self signed certificate it's never there.
  If I instead use a certificate that was created with CertGen it works. But CertGen uses the GenCertCA to create the certificate chain.

• How do you get FaceTime to work between two Mac's with the same email address? Thanks, Mike

  How do you get FaceTime to work between two Mac's with the same email address?

  I would like to know the same thing.  How does facetime work between a MacBook Pro and an I Pad that run off the same email address/mac id

• Help with two scripts - Mounting remote DMG and Checking which network I'm connected to

  Hey guys, I need some help with two separate scripts:
  1. The first script I'm trying to create to mount a DMG stored remotely on another Mac using an AppleScript or shell script. Using the following:
  set cmd to "hdiutil mount 'afp://username:[email protected]/Lion/Users/username/Desktop/Test.sparseim age'"
  do shell script cmd
  results in the following error:
  error "hdiutil: mount failed - not recognized" number 1
  I'm not very experienced regarding AppleScript or using hdiutil, could somebody point out what's wrong with my script?
  2. The second script I'm working on to try and essentially prevent the 'Could Not Find Server' Finder dialog when a network mount is unavailable. I guess what I'd like it to do is detect which network I'm connected to, and if I'm connected to the correct network, then mount the shares, otherwise just fail silently without any errors. From the searching I've done, using try statements should do this, but they do not, and I'm still presented with an error dialog after the server cannot be found.
  Does anybody have any suggestions on this script? Also, I've seen some tips regarding detecting which wireless network the Mac is connected to, which could work, but what about when connected via Ethernet?
  Thanks!

  Edit: I need to clarify on my first script request:
  I need to mount the DMG on the remote Mac, not on the Mac I'm running the script from.

• Two way SSL with jax-ws on weblogic 10.3.1.1

  I'm desperately trying to create a webservice client using jax-ws for two way ssl (mutual authentication). The client shoud be a web service (war) not a normal fat java client (jar).Could someone please give me any help? I've tried with the ssl context but it dosn't work :(
  BlokIzmenjava service= new BlokIzmenjava(new URL("https://wwwt.ajpes.si/wsBlokIzmenjava/BlokIzmenjava.asmx?WSDL"), new QName("http://www.ajpes.si/blok_izmenjava", "BlokIzmenjava"));
  BlokIzmenjavaSoap port=service.getBlokIzmenjavaSoap();
  KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(new FileInputStream("D:/Podatki/Workspace1031/TestWorkSpace/TestWS/src/nkbm/ws/Ajpes.jks"), "trustpass".toCharArray());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
  kmf.init(ks, "trustpass".toCharArray());
  javax.net.ssl.SSLContext sslCtx = SSLContext.getInstance("SSL");
  TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  tmf.init(ks);
  TrustManager tms[] = tmf.getTrustManagers();
  sslCtx.init(kmf.getKeyManagers(), tms, null);
  javax.net.ssl.SSLSocketFactory ssl = (javax.net.ssl.SSLSocketFactory) sslCtx.getSocketFactory();
  Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();
  requestContext.put(com.sun.xml.internal.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY, ssl);
  port.test("aaaaa");
  The thing is that this solution works on a fat client(as a jar) but it dosn't work as a client (webservice) deployed on weblogic server. I've also set the everything in the weblogic console (SSL,keystores) and it still dosn't work :(
  any help would b appretiated!
  thank you!
  Edited by: user10677650 on 30.6.2010 6:37

  Isn't the SSL adapter meant to be used for jax-rpc webservices?
  "JAX-RPC clients can use the SSLAdapter mechanism described in Using a Custom SSL Adapter with Reliable Messaging to persist the state of a request over an SSL connection"
  I have already tried with weblogic.wsee.jaxws.sslclient.SSLClientUtil...still I always get the error (this error is with ssl debug mode on)....
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 31921099>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 994001646
  Issuer:C=si, O=state-institutions, OU=sigen-ca
  Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
  Not Valid Before:Fri Nov 17 14:26:17 CET 2006
  Not Valid After:Thu Nov 17 14:56:17 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 994001646
  Issuer:C=si, O=state-institutions, OU=sigen-ca
  Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
  Not Valid Before:Fri Nov 17 14:26:17 CET 2006
  Not Valid After:Thu Nov 17 14:56:17 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: wwwt.ajpes.si>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(sock): 12457751>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <close(): 27314217>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 31288249>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 262>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received CHANGE_CIPHER_SPEC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 342>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 493>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read(offset=0, length=8192)>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: HelloRequest>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 147>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 994001646
  Issuer:C=si, O=state-institutions, OU=sigen-ca
  Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
  Not Valid Before:Fri Nov 17 14:26:17 CET 2006
  Not Valid After:Thu Nov 17 14:56:17 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 994001646
  Issuer:C=si, O=state-institutions, OU=sigen-ca
  Subject:C=si, O=state-institutions, OU=sigen-ca, OU=org-web, OU=AJPES - 14717468, CN=WWWT.AJPES.SI + ?=2345775710058
  Not Valid Before:Fri Nov 17 14:26:17 CET 2006
  Not Valid After:Thu Nov 17 14:56:17 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: wwwt.ajpes.si>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 262>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received CHANGE_CIPHER_SPEC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received HANDSHAKE>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 SSL3/TLS MAC>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <32946105 received APPLICATION_DATA: databufferLen 0, contentLength 2073>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read databufferLen 2073>
  <1.7.2010 8:38:39 CEST> <Debug> <SecuritySSL> <BEA-000000> <5095980 read A returns 2073>
  1.7.2010 8:38:39 com.sun.xml.ws.server.sei.EndpointMethodHandler invoke
  SEVERE: The server sent HTTP status code 403: Forbidden
  com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 403: Forbidden
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:225)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:191)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:101)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
       at com.sun.xml.ws.client.Stub.process(Stub.java:246)
       at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
       at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
       at $Proxy166.blokVrni(Unknown Source)
       at nkbm.ws.TestAjpes1.hello(TestAjpes1.java:59)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:101)
       at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:83)
       at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:152)
       at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:264)
       at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:93)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:249)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:453)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
       at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:298)
       at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:211)
       at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:297)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:87)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  <1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
       at weblogic.net.http.HttpClient.closeServer(HttpClient.java:528)
       at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:111)
       at java.util.TimerThread.mainLoop(Timer.java:512)
       at java.util.TimerThread.run(Timer.java:462)
  >
  <1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <close(): 5095980>
  <1.7.2010 8:39:01 CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 31921099>
  any ideas?
  thank you again!
  Edited by: user10677650 on 30.6.2010 23:42

• MBAM 2.5 in Multi-Forest with two way trust

  Hi All,
  If we have two forests with two way trust, say A and B. If MABM 2.5 is setup in domain A and the urls used in the GPO of domain B to make the clients report to MABM. What additional steps do we need to take to ensure all functionality work fine namely
  - Users from domain B logging in to the self service of MBAM. How will the authentication work? Do we need to add All users from Domain B to any group?
  - Also I read that the Self Service website should not be hosted over the internet as per Microsoft. Why is it?
  Thanks in Advance,
  Regards,
  Vijay

  You have to define the group policies in all of the domains where the client resides and place the MBAM Web server in the root domain. Make sure the client can access the MBAM service endpoints. If clients can access the endpoints, you only need to define
  the MBAM GPO's to the domain where client resides.
  Check out this link :
  MBAM 2.5 installation - Multi Domain
  Cheers,
  Gaurav Ranjan / Sr. Analyst-Professional Services
  MICROLAND Limited -India leading Infrastructure Management Services Company
  NOTE:Mark as Answer and Vote as Helpful if it helps

• Managed Server will not start with 2-way SSL enabled

  When attempting to start a managed server, using the nodemanager (all of the servers have two-way ssl configured...using the same keystores) the start-up fails, giving the following error:
  <Warning> <Security> <BEA-090497> <HANDSHAKE_FAILURE alert received from hostname - ip address. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.>
  Hostname verification is off for all of the servers and the trust store should trust the certificate in the identity store.
  Is this an issue with the managed server not being able to pass the identity certificate during the handshake?
  Thanks in advance for any help!

  hi
  the following link may hekpful to you
  http://webservices.bea.com:8080/Clarify/getCaseDetails.do?caseID=537204
  open a support case with bea
  Regards
  Prasanna Yalam

• SCOM Agent in Pending Management with two way trusted domain

  Hello Guys,
  I have two trusted domain abc.com & xyz.com with two-way trust forest-wise authentication enabled and my SCOM 2012 R2 Management server is part of abc.com. And there are multiple host which are part of domain xyz.com.When I am pushing agent from SCOm console
  to server then agents are getting installed with success message in task pane, but my agents are now at in pending Management.
  for this I am getting Event ID 20002 opsmgr connector with following message "A device at IP 10.1.1.6:54277 attempted to connect but could not be authenticated, and was rejected." on SCOM Server.
  And below message on the server where I am installing the agent.
  Event 20071 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check the event log
  on the server and on the agent for events which indicate a failure to authenticate.
  Event 21016 OpsMgr Connector
  OpsMgr was unable to set up a communications channel to SCOM.abc.com and there are no failover hosts.  Communication will resume when fabSCOM2.nmfab.loc is available and communication from this computer is allowed.
  Event 20070 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received
  configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
  Need help to resolve this can any one help me.
  Thanks in Advance.
  NM-BG
  NM-BG

  Hi,
  Here i  suspect Authentication issue. 
  1.Could you please if 88, 389 & 3268 ports are opened between client domain controller and management server.
  2. if ports are already open collect netmon traces on both client and management server simultaneousely and check if there are any kerborose errors
  Kind Regards,
  Naveen Kumar B
  ~Bommi

• Debug Weblogic 10.0 with 2-Way SSL: Error 401--Unauthorized

  Hi,
  I am working on Weblogic 10.0 with 2-Way SSL configuration. User uses X.509 certificate to login into the system. I have a default UserNameMapper which maps the CN to the a user name in the LDAP user store. User can login without problem. But after user login, when he tries to hit a new page before the original page fully loaded, he will get a "Error 401--Unauthorized".
  I turned on the Weblogic security debug and got the following warning with stack trace. Can anybody help me to figure out what's wrong? How do I troubleshoot this issue? Any help is really appreciated.
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecurityAtz> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned PERMIT>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecurityAtz> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: true>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 167>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 6, length = 1518>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
       at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:449)
       at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:795)
       at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:759)
       at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:700)
       at weblogic.servlet.internal.VirtualConnection.close(VirtualConnection.java:327)
       at weblogic.servlet.internal.ServletResponseImpl.send(ServletResponseImpl.java:1431)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1375)
       at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
  >
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 14324285>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 7034906>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 19096081>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <18691735 SSL3/TLS MAC>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <18691735 received HANDSHAKE>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ClientHello>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.5 for algorithm RC4>
  <Oct 31, 2008 7:34:27 PM GMT> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacMD5>
  Thanks,
  Wayne

  I decided to use pki with jaas/custom authentication provider to solve this problem. It works. If you want more details, please let me know.

• Two-Way SSL does not work until "Use Server Certs" is selected on client

  We have a web service application and a client application. Both applications are deployed in WebLogic 10.3. The web service application is secured by Two-Way SSL. When the client attempts to access the service, we got the following error logs on the server side:
  <Dec 8, 2009 3:25:42 PM EST> <Warning> <Security> <BEA-090508> <Certificate chain received from ... was incomplete.>
  CertPathTrustManagerUtils.certificateCallback: certPathValStype = 0
  CertPathTrustManagerUtils.certificateCallback: validateErr = 4
  CertPathTrustManagerUtils.certificateCallback: returning false because of built-in SSL validation errors
  We got the same error even if the WebLogic 10.3 domain on the client side uses the same identity and trust keystores as the server side.
  The problem was solved when we selected Environment -> Servers -> <server> -> SSL, expanded "Advanced" and selected "Use Server Certs". Could anyone tell me what "Use Server Certs" does to make the difference?
  Another question is how we can invoke this web service in a Java application since "Use Server Certs" solution only works for web application deployed in weblogic.

  "Use Server Certs" means that a client application running within Weblogic will use the WL managed server's identity certificate as its client certificate. Otherwise, the client application is responsible for selecting the keystore, and presenting the certificate as part of the handshake.
  This is a great feature in 9 & 10; client SSL was much more difficult in WL 8.
  If you are using a standalone client application to invoke anything over 2-way SSL, you are responsible for presenting the certificate. For instance, if you invoke the page from your browser, your browser can maintain client certificates and you'll get a popup to select which cert to use.

• How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

  Hi,
  I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
  Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
  Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
  Please suggest how to pass both the certs from client Application..

  Hi,
  This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
  And for more information, you could refer to:
  http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
  Regards

• Two-way SSL: Private key is incorrectly read if the charset is set to UTF8

  Looks like PEMInputStream and other related classes assumes the application charset
  "iso81", but if the charset is something else, then "java.security.KeyManagementException"
  is thrown.
  We have everything setup and two-way ssl works when the encoding is not set. but
  brakes if the encoding is UTF8.
  WLS 7.0
  OS - HP-UX
  Is there any other workaround (not setting UTF8 is not a solution, ours is a WW
  app).
  Thanks

  I would suggest posting this to the security newsgroup.
  -- Rob
  Govinda Raj wrote:
  Looks like PEMInputStream and other related classes assumes the application charset
  "iso81", but if the charset is something else, then "java.security.KeyManagementException"
  is thrown.
  We have everything setup and two-way ssl works when the encoding is not set. but
  brakes if the encoding is UTF8.
  WLS 7.0
  OS - HP-UX
  Is there any other workaround (not setting UTF8 is not a solution, ours is a WW
  app).
  Thanks

• Difference Between One-way SSL and Two Way SSL

  Hi ,
  Can any tell difference between one way and two ssl. apache to weblogic server which type of ssl we can configure. Please provide information on this.
  thanks

  In short below is the difference:
  One Way SSL - Only the client authenticates the server
  - This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
  Two Way SSL - The client authenticates the server & the server also authenticates the client.
  - This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
  - Also the public cert of the client needs to be configured on the server's trust store
  Please refer to http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10660_.htm. In case of Two way SSL the step numbers 5 & 6 also occur.
  You can implement either of them between apache and weblogic.
  Hope this helps.
  Thanks,
  Patrick

• Help with two DIVs as columns at 100% page height

  I've got two DIVs side by side on my page and I want both columns to fill the page from top to bottom.
  The left DIV stops about half way down the page.
  There are DIVs inside of each column.
  My test link is: http://faceworks.webtestingsite.net/pages/facials.html
  Here's the CSS I used for the columns,
  #leftSideBkgd {
            position:absolute;
            min-height:100%;
            background-color: #f0f0f0;
            width: 25%;
            left: 0px;
            top: 0px;
            z-index: 0;
            background-image: url(../img/bkgd/leftMenu.jpg);
            background-repeat: repeat-y;
            background-position: 100% 0px;
  #rightSideBkgd {
            position: absolute;
            background-color: #FFFFFF;
            width: 75%;
            left: 25%;
            top: 0px;
            z-index: 0;
            min-height:100%;
            background-image: url(../img/bkgd/pageBkgd.jpg);
            background-repeat: repeat-x;
            background-position: 0px 0px;
  html {
            height:100%;
  body {
            height:100%;
            background-image: url(../img/bkgd/pageBkgd.jpg);
            background-repeat: repeat-x;
            margin-left: 0px;
            margin-top: 0px;
            margin-right: 0px;
            margin-bottom: 0px;
            background-color: #FFF;
            font-family: Tahoma, Geneva, sans-serif;
            font-size: 14px;
            font-style: normal;
            line-height: 1.75em;
            font-weight: normal;
            color: #000;
  Thanks for your help with this

  You cannot safely force the height on those divs, without also getting ugly vertical scrollbars.
  Your choices are three -
  1.  Use Faux columns (Google it) to make it *look* like the divs are the same height.
  2.  Use javascript to actually dynamically determine what height to use for the columns.
  3.  Use CSS3 to make the adjacent columns behave as if they were two adjacent cells in a table, resulting in them being the same height.
  My preference is #1 - it's easy and VERY effective.  I don't like #2 as a solution, and #3 works beautifully if you are not worried about supporting IE6 or 7.

• Could someone please help with two differences between CS and CS4?

  Hello, I just moved from Photoshop CS to CS4 and have a couple of questions regarding some differences I'm seeing in the two versions.
  (1) When opening files, I'm used to them opening in a smaller view as individual windows.  CS4 opens all images in the expanded view.  Is there a way to prevent this from happening?  I create massive sports photo galleries (often more than 100 images) and usually open 25-30 images at a time, then minimize all images and work on them one at a time in chronological order.  The was CS4 opens these images in full screen mode, it prevents me from doing this in a timely manner - PS never opens a group of photos up in a true chrono order.  It misplaces the first image to the end.
  (2) In CS, I used to be able to Right-Mouse-Click on the image's title bar to change Image and Canvas sizes.  Any way to get this to work in CS4?  CTL+ALT and either I or C is a three-key process and takes considerably longer than right clicking my mouse and choosing the correct option.
  Thanks for any help you can provide.  And apologies for being such a newbie to the latest and greatest Photoshop version.  I've been living in CS for years
  Mike

  You are a life saver. Thanks!  I looked in the INTERFACE area about three times and never understood that TABBED meant that it was opening them full screen.
  Any idea how to deal with question #2?  Cannot set up an ACTION for this as the action makes me have to choose an image size.  I just want to have the Image or Canvas size windows open with one click, rather than holding down three keys.
  Thanks again.  You have been rewarded with a CORRECT ANSWER click
  Mike