Help with wildcard cert
I have been using a self signed cert with 100% success but we are going to start support outside devices. I am looking for a guide or something to help me. I have the PEM format keys from the Certificate Authority but not sure what to do now. RDS appears
to be looking for pfx keys.
Can someone point me in the right direction?
So what i did was complete the certificate request. then exported that key which provided me with the pfx file. I imported that into my RDS under RD Web Access. It says trusted and i get a little green lock.
We do not have a gateway or plan on using it... All goes through the VPN so this setup should work.
Similar Messages
-
Find/Change help with wildcard numbers...
hello... i'm looking for help with wildcards...
i have a specific task to complete.. i need to add dash & space into a space in a string of letters and characters...
here
221kbps - 00:28:34space dash space here47Mb - 44.1 kHz
198kbps - 01:27:43 41Mb - 44.1 kHz
215kbps - 00:34:52 156Mb - 44.1 kHz
225kbps - 00:32:14 54Mb - 48 kHz
so my finished text will look like this
221kbps - 00:28:34 - 47Mb - 44.1 kHz
198kbps - 01:27:43 - 41Mb - 44.1 kHz
215kbps - 00:34:52 - 156Mb - 44.1 kHz
225kbps - 00:32:14 - 54Mb - 48 kHz
there are many variables to the text - but i thought perhaps i could create a wildcard digit find/change based on the Mb bit, replacing the single space with space dash space
BUT
i need to retain the numbers before the Mb
so my question - is it possible to RETAIN WILDCARD NUMBERS?
merci beaucoup!omg... just fell of my chair
tried it in text - no joy...
tried it as a grep.
YES YES YES
thankyou so much - i have about 18,000 to format for a music website...
www.littledogdiscs.co.uk
if you ever find your way to our neck of the woods in the South of France - please do visit my b&b
www.maisonverdigris.com
i have a bottle of vintage champagne with your name on it...
thanks
teresa -
Hi,
We have multiple SIP domains, and I am trying to reduce the number of certificates needed.
I use a wildcard cert for one of the domains for the Edge and reverse proxy.
It works fine to connect from outside etc. But federation is not working.
In the DNS SRV record _sipfederationtls._tcp.domain2.com I have put the address sip.domain2.com as hostname, but it's actually pointing to a address that have the wildcard cert for *.mydomain1.com
Is there some way to make this work without buying many certs?Hi,
It is not supported to use wildcard certificate for Edge Server external interface. You need a public SAN certificate to support federation. You can use wildcard certificate for Reverse Proxy.
For more Server Roles which wildcard certificate can be used in Lync Server environment, you can refer to the link below:
https://technet.microsoft.com/en-us/library/hh202161.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Exchange 2010 - Virtual Directory Internal & External URL's with Wildcard Cert
Hi Guys
I am trying to determine if my Exchange 2010 server Virtual Directory URL's are setup according to best practice. I'm sure anyone with good Exchange experience will instantly be able to tell me if my Virtual Directory DNS is correct or could cause issues.
Scenario:
Hosted Exchange 2010 SP1. Multiple client mail domains hosted
2x CA, 2x HT, 2x MB, 2x DC
Wildcard *.example.co.za certificate being used on CA servers
AD domain is he.example.za.net
CA Server naming example: ca1.he.example.za.net, ca2.he.example.za.net
he.example.net DNS is done by DC servers
External name used by clients: outlook.example.co.za (For Outlook setup and OWA access)
outlook.example.co.za has two A records pointing to the CA IP's
PROBLEM/CONCERN:
We have a random OWA log out issue that we believe might be due to ambiguous DNS names being used.
If I change the Virtual Directories External URL to be the FQDN of the server, we get a Certificate Error in clients (due to the .co.za Wildcard). The external URL clients use
must be on .co.za.
So are the Virtual Directory URL's causing the CA servers to loose track of who is authenticated in where (leading to OWA disconnection)? Is it fine to load balance the CA servers with the DNS the way we are doing currently? Any other issues you see?
Current Virtual Directory settings:
Note that they are identical on CA1 and CA2
[PS] C:>Get-OabVirtualDirectory -server ca2 |fl *url
InternalUrl : https://outlook.example.co.za/OAB
ExternalUrl : https://outlook.example.co.za/OAB
[PS] C:>Get-WebServicesVirtualDirectory -Server ca2 |fl *url
InternalNLBBypassUrl : https://ca2.he.example.za.net/ews/exchange.asmx
InternalUrl : https://outlook.example.co.za/ews/Exchange.asmx
ExternalUrl : https://outlook.example.co.za/ews/Exchange.asmx
[PS] C:>Get-ActiveSyncVirtualDirectory -Server ca2 |fl *url
MobileClientCertificateAuthorityURL :
InternalUrl : https://outlook.example.co.za/Microsoft-Server-ActiveSync
ExternalUrl : https://outlook.example.co.za/Microsoft-Server-ActiveSync
[PS] C:>Get-EcpVirtualDirectory -Server ca2 |fl *url
InternalUrl : https://ca2.he.example.za.net/ecp
ExternalUrl : https://outlook.example.co.za/ecp
[PS] C:>Get-OwaVirtualDirectory -Server ca2 |fl *url
Url : {}
Exchange2003Url :
FailbackUrl :
InternalUrl : https://ca2.he.example.za.net/owa
ExternalUrl : https://outlook.example.co.za/owa
[PS] C:>Get-AutodiscoverVirtualDirectory |fl *url, server
InternalUrl :
ExternalUrl :
Server : CA1
InternalUrl : https://outlook.example.co.za/
ExternalUrl : https://outlook.example.co.za/
Server : CA2
REALLY APPRECIATE SOME EXPERT ADVISE. Thanks.Hi Kane,
Why did not you use cas array to load balance client connectivity?
If you create a CAS array, you can assign an virtual IP (VIP) for the CAS array FQDN (e.g CASarray.example.za.net), and then point all the Virtual Directories internal URL to CAS array fqdn;
For external, you can point outlook.example.co.za to VIP which had been assigned to CAS array.
I recommend you refer to the following article to understand CAS array:
http://technet.microsoft.com/en-us/library/ee332317(v=exchg.141).aspx#CASarray
http://blogs.technet.com/b/ucedsg/archive/2009/12/06/how-to-setup-an-exchange-2010-cas-array-to-load-balance-mapi.aspx
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
Best regards,
Niko Cheng
TechNet Community Support -
My organization has finally purchased a wildcard cert from GoDaddy to use on our servers across the board due to how newer browsers are being more vocal about using self signed certs.
In going through the process of getting the cert issued I keep getting my CSR rejected by GoDaddy by following the instructions from what GoDaddy wants and how to create the CSR. Since I've only really used self signed certs to this point I'm not 100% sure if I am doing things correctly especially given that I'm kind of making some assumptions as my CSR export instructions are a little dated. Are there updated instructions for creating the CSR to a format that GoDaddy will like?
Thanks!For creation these are helpful:
http://www.digicert.com/csr-creation...consoleone.htm
http://nl.globalsign.com/en/support/.../generate+csr/
Example of a "subject name": .CN=*.domain.com.OU=IT.O=Name of your
Organization.L=City.S=State.C=US
You did NOT follow the proper steps to import the certificate (I know it
from experience)
Your only option now is to restore the certificate object that was used for
CSR from good backup into eDirectory (I hope you have it...) and then do the
following (exactly):
http://www.digicert.com/ssl-certific...consoleone.htm
Once done you can create new certificate for each NW server & replace public
& private key with the Godaddy & your wildcard & point each instance of
Apache to such certificate.
The setup work beautifully, I have been using it for over 5 years now)
As you can export .pfx from the certificate object with use of openssl you
can use it just about anywhere else (but not in APC UPS devices!)
Seb
"marklar23" <[email protected]> wrote in message
news:[email protected]...
>
> I made the CSR from NetWare. It looks like the last time that I tried
> yesterday did take, I had to change the order of the CN and O in the
> cert string. Now after I imported the certificate and try to validate
> it, I get Invalid with Certificate Revocation List Invalid. Any
> suggestions?
>
> AndersG;2014252 Wrote:
>> Marklar23,
>> > In going through the process of getting the cert issued I keep
>> getting
>> > my CSR rejected by GoDaddy by following the instructions from what
>> > GoDaddy wants and how to create the CSR.
>> >
>> And do they say what is wrong wth it? Also: Is this NetWare or Linux?
>>
>> - Anders Gustafsson (Sysop)
>> The Aaland Islands (N60 E20)
>>
>>
>> Novell has a new enhancement request system,
>> or what is now known as the requirement portal.
>> If customers would like to give input in the upcoming
>> releases of Novell products then they should go to
>> http://www.novell.com/rms
>
>
> --
> marklar23
> ------------------------------------------------------------------------
> marklar23's Profile: http://forums.novell.com/member.php?userid=5123
> View this thread: http://forums.novell.com/showthread.php?t=419035
> -
New iMac extremely slow following migration (Help with Etre Check diagnosis)
Hi gurus,
New iMac - scheduled for genius bar on Friday but trying to avoid the trip. Migrated everything over from 2009 macbook pro to 2011 macbook and now 2013 iMac. I imagine there is a lot of cruft from the repeated migrations and am close to just wiping and migrating from scratch. I don't know, however, how to get my old mail and other critical settings over.
Problem is clearly in the user account. I created a separate admin account and that runs relatively fine. Is the below user account salvageable? Should I delete all my old permissions? Any tips would be appreciated. Thanks for the Etrecheck program,
Problem description:
Application hangs and system unresponsive in migrated user account
EtreCheck version: 2.1.8 (121)
Report generated February 16, 2015 at 4:48:06 PM PST
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
iMac (21.5-inch, Late 2013) (Technical Specifications)
iMac - model: iMac14,1
1 2.7 GHz Intel Core i5 CPU: 4-core
8 GB RAM Upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n/ac
Video Information: ℹ️
Intel Iris Pro
iMac 1920 x 1080
System Software: ℹ️
OS X 10.10.2 (14C109) - Time since boot: 4:51:57
Disk Information: ℹ️
APPLE HDD HTS541010A9E662 disk0 : (1 TB)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 999.35 GB (585.74 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
USB Information: ℹ️
TOSHIBA External USB 3.0 2 TB
EFI (disk3s1) <not mounted> : 210 MB
Time Capsule (disk3s2) <not mounted> : 2.00 TB
Western Digital My Book 1130 2 TB
EFI (disk1s1) <not mounted> : 210 MB
ACbook (disk1s2) <not mounted> : 2.00 TB
Centon DataStick 30.93 GB
EFI (disk2s1) <not mounted> : 210 MB
Install OS X Yosemite (disk2s2) /Volumes/Install OS X Yosemite : 30.59 GB (25.27 GB free)
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/System/Library/Extensions
[not loaded] com.Cycling74.driver.Soundflower (1.4.2) [Click for support]
[not loaded] com.eltima.ElmediaPlayer.kext (1.58 - SDK 10.4) [Click for support]
[not loaded] com.logmein.hamachi (1.0) [Click for support]
[not loaded] com.seagate.driver.PowSecDriverCore (5.1.1) [Click for support]
[not loaded] com.wdc.driver.1394HP (1.0.7) [Click for support]
[not loaded] com.wdc.driver.USBHP (1.0.7) [Click for support]
[loaded] net.telestream.driver.TelestreamAudio (1.1.0 - SDK 10.8) [Click for support]
/System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns
[not loaded] com.seagate.driver.PowSecLeafDriver_10_4 (5.1.1) [Click for support]
[not loaded] com.seagate.driver.PowSecLeafDriver_10_5 (5.1.1) [Click for support]
[not loaded] com.seagate.driver.SeagateDriveIcons (5.1.1) [Click for support]
Problem System Launch Agents: ℹ️
[killed] com.apple.accountsd.plist
[killed] com.apple.AirPlayUIAgent.plist
[killed] com.apple.bird.plist
[killed] com.apple.CallHistoryPluginHelper.plist
[killed] com.apple.CallHistorySyncHelper.plist
[killed] com.apple.cloudd.plist
[killed] com.apple.cmfsyncagent.plist
[killed] com.apple.coreservices.appleid.authentication.plist
[killed] com.apple.coreservices.uiagent.plist
[killed] com.apple.iconservices.iconservicesagent.plist
[killed] com.apple.Maps.pushdaemon.plist
[killed] com.apple.nsurlsessiond.plist
[killed] com.apple.pluginkit.pkd.plist
[killed] com.apple.recentsd.plist
[killed] com.apple.SafariNotificationAgent.plist
[killed] com.apple.sbd.plist
[killed] com.apple.scopedbookmarkagent.xpc.plist
[killed] com.apple.secd.plist
[killed] com.apple.secinitd.plist
[killed] com.apple.security.cloudkeychainproxy.plist
[killed] com.apple.spindump_agent.plist
[killed] com.apple.tccd.plist
[killed] com.apple.telephonyutilities.callservicesd.plist
23 processes killed due to memory pressure
Problem System Launch Daemons: ℹ️
[killed] com.apple.AssetCacheLocatorService.plist
[killed] com.apple.awdd.plist
[killed] com.apple.coresymbolicationd.plist
[killed] com.apple.ctkd.plist
[killed] com.apple.diagnosticd.plist
[killed] com.apple.GSSCred.plist
[killed] com.apple.iconservices.iconservicesagent.plist
[killed] com.apple.iconservices.iconservicesd.plist
[killed] com.apple.ifdreader.plist
[killed] com.apple.MobileFileIntegrity.plist
[killed] com.apple.nehelper.plist
[killed] com.apple.nsurlsessiond.plist
[killed] com.apple.periodic-daily.plist
[killed] com.apple.sandboxd.plist
[killed] com.apple.secinitd.plist
[killed] com.apple.softwareupdate_download_service.plist
[killed] com.apple.spindump.plist
[killed] com.apple.sysmond.plist
[killed] com.apple.systemstatsd.plist
[killed] com.apple.tccd.system.plist
[killed] com.apple.wdhelper.plist
[killed] org.cups.cupsd.plist
22 processes killed due to memory pressure
Launch Agents: ℹ️
[loaded] com.google.keystone.agent.plist [Click for support]
[not loaded] com.maintain.LogOut.plist [Click for support]
[not loaded] com.maintain.Restart.plist [Click for support]
[not loaded] com.maintain.ShutDown.plist [Click for support]
[not loaded] com.maintain.Sleep.plist [Click for support]
[running] com.maintain.SystemEvents.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
[running] com.seagate.SeagateStorageGauge.plist [Click for support]
[loaded] org.macosforge.xquartz.startx.plist [Click for support]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[running] com.bombich.ccchelper.plist [Click for support]
[running] com.crashplan.engine.plist [Click for support]
[running] com.eltima.ElmediaPlayer.daemon.plist [Click for support]
[failed] com.google.GoogleML.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.rogueamoeba.hermes.plist [Click for support]
[failed] com.vmware.launchd.vmware.plist [Click for support]
[running] com.zqueue.servetome-server.plist [Click for support]
[loaded] jp.co.canon.MasterInstaller.plist [Click for support]
[loaded] net.sourceforge.MonolingualHelper.plist [Click for support]
[loaded] org.macosforge.xquartz.privileged_startx.plist [Click for support]
User Launch Agents: ℹ️
[running] .dat0598.40e (hidden) [Click for support]
/usr/bin/osascript /usr/bin/osascript osascript -e tell application "Folder Actions Dispatcher" to tick
[unknown] .datdf56.40b (hidden) [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[failed] com.amazon.cloud-player.plist [Click for support]
[running] com.amazon.music.plist [Click for support]
[running] com.microsoft.LaunchAgent.SyncServicesAgent.plist [Click for support]
[running] com.mlbam.nexdef.plist [Click for support]
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Canon IJ Network Scanner Selector2 UNKNOWN (missing value)
Dropbox Application (/Applications/Dropbox.app)
ACbook UNKNOWN (missing value)
CrashPlan menu bar UNKNOWN (missing value)
CrashPlan menu bar Application (/Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app)
Canon IJ Network Scanner Selector EX Application (/Applications/Canon Utilities/IJ Network Scanner Selector EX/Canon IJ Network Scanner Selector EX.app)
Caffeine UNKNOWN (missing value)
Internet Plug-ins: ℹ️
EPPEX Plugin: Version: 10.0 [Click for support]
Flash Player: Version: 16.0.0.305 - SDK 10.6 [Click for support]
SlingPlayer: Version: Unknown - SDK 10.8 [Click for support]
AdobePDFViewer: Version: 9.5.5 [Click for support]
Leap Web Player: Version: LeapPlayer version 2.0.2f2 [Click for support]
Unity Web Player: Version: UnityPlayer version 3.5.5f4 - SDK 10.6 [Click for support]
nppanda3d: Version: Unknown [Click for support]
googletalkbrowserplugin: Version: 5.40.2.0 - SDK 10.8 [Click for support]
iPhotoPhotocast: Version: 7.0 - SDK 10.8
RealPlayer Plugin: Version: Unknown [Click for support]
QuickTime Plugin: Version: 7.7.3
FlashPlayer-10.6: Version: 16.0.0.305 - SDK 10.6 [Click for support]
DivXBrowserPlugin: Version: 1.4 [Click for support]
Silverlight: Version: 4.0.60129.0 [Click for support]
CoolirisWebKitPlugin: Version: Unknown [Click for support]
Google Earth Web Plug-in: Version: 6.0 [Click for support]
Default Browser: Version: 600 - SDK 10.10
Easy-WebPrint EX: Version: 1.0.0 [Click for support]
o1dbrowserplugin: Version: 5.40.2.0 - SDK 10.8 [Click for support]
Flip4Mac WMV Plugin: Version: 2.3.8.1 [Click for support]
SharePointBrowserPlugin: Version: 14.4.3 - SDK 10.6 [Click for support]
ContentUploaderPlugin: Version: 1.2 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 31 Check version
User internet Plug-ins: ℹ️
Picasa: Version: 1.0 [Click for support]
3rd Party Preference Panes: ℹ️
RCDefaultApp
Flash Player [Click for support]
Flip4Mac WMV [Click for support]
Java [Click for support]
Perian [Click for support]
Time Machine: ℹ️
Skip System Files: NO
Mobile backups: OFF
Auto backup: NO - Auto backup turned off
Volumes being backed up:
Macintosh HD: Disk size: 999.35 GB Disk used: 413.60 GB
Destinations:
Untitled [Local]
Total size: 0 B
Total number of backups: 0
Oldest backup: -
Last backup: -
Size of backup disk: Too small
Backup size 0 B < (Disk used 413.60 GB X 3)
Top Processes by CPU: ℹ️
11% BitdefenderVirusScanner
7% WindowServer
1% loginwindow
0% SystemUIServer
0% dpd
Top Processes by Memory: ℹ️
94 MB BitdefenderVirusScanner
60 MB Finder
34 MB mds_stores
26 MB CrashPlanService
26 MB WindowServer
Virtual Memory Information: ℹ️
34 MB Free RAM
1.24 GB Active RAM
1.23 GB Inactive RAM
1.81 GB Wired RAM
37.21 GB Page-ins
1.05 GB Page-outs
Diagnostics Information: ℹ️
Feb 16, 2015, 04:30:47 PM /Users/[redacted]/Library/Logs/DiagnosticReports/BitdefenderVirusScanner_2015-0 2-16-163047_[redacted].crash
Feb 16, 2015, 02:41:32 PM /Library/Logs/DiagnosticReports/firefox_2015-02-16-144132_[redacted].hang
Feb 16, 2015, 02:40:05 PM /Users/[redacted]/Library/Logs/DiagnosticReports/garcon_2015-02-16-144005_[reda cted].crash
Feb 16, 2015, 01:21:20 PM /Users/[redacted]/Library/Logs/DiagnosticReports/BitdefenderVirusScanner_2015-0 2-16-132120_[redacted].crash
Feb 16, 2015, 11:56:57 AM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-16-115657_[redacted].cpu_resource.diag [Click for details]
Feb 16, 2015, 11:50:54 AM /Library/Logs/DiagnosticReports/com.zqueue.servetome-server_2015-02-16-115054_[ redacted].crash
Feb 16, 2015, 11:49:07 AM Self test - passed
Feb 16, 2015, 09:55:04 AM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-16-095504_[redacted].cpu_resource.diag [Click for details]
Feb 16, 2015, 09:44:52 AM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-16-094452_[redacted].cpu_resource.diag [Click for details]
Feb 15, 2015, 03:02:01 PM /Library/Logs/DiagnosticReports/ClamXav_2015-02-15-150201_[redacted].hang
Feb 15, 2015, 02:58:45 PM /Users/[redacted]/Library/Logs/DiagnosticReports/garcon_2015-02-15-145845_[reda cted].crash
Feb 15, 2015, 12:35:39 AM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-15-003539_[redacted].cpu_resource.diag [Click for details]
Feb 15, 2015, 12:19:21 AM /Library/Logs/DiagnosticReports/CrashPlanService_2015-02-15-001921_[redacted].c pu_resource.diag [Click for details]
Feb 14, 2015, 11:45:36 PM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-14-234536_[redacted].cpu_resource.diag [Click for details]
Feb 14, 2015, 07:00:58 PM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-14-190058_[redacted].cpu_resource.diag [Click for details]
Feb 14, 2015, 03:54:47 PM /Users/[redacted]/Library/Logs/DiagnosticReports/ClamXav_2015-02-14-155447_[red acted].crash
Feb 14, 2015, 03:18:24 PM /Library/Logs/DiagnosticReports/Folder Actions Dispatcher_2015-02-14-151824_[redacted].cpu_resource.diag [Click for details]Everything is included below. Shortly before I ran the script I disabled folder actions which appeared to have a bunch of redundant and scripts that were taking close to 6-7 gigs of ram, It'll be interesting to review the below. Thanks Mr. Davis, you are a major resource,
Start time: 09:12:51 02/17/15
Revision: 1241
Model Identifier: iMac14,1
System Version: OS X 10.10.2 (14C109)
Kernel Version: Darwin 14.1.0
Time since boot: 7:55
UID: 501
USB
My Book 1130 (Western Digital Technologies, Inc.)
External USB 3.0 (Toshiba America Info. Systems, Inc.)
DataStick (Alcor Micro, Corp.)
Bluetooth
Apple Magic Mouse
Apple Wireless Keyboard
Activity
CPU: user 18%, system 19%
CPU usage (%)
mds (UID 0): 19.5
I/O wait time (ms/s)
mds (UID 0): 1156
mdworker (UID 89): 186
I/O requests (KiB/s)
mds (UID 0): 4892
System errors (per sec)
mdworker (UID 89, error 2): 158
mds (UID 0, error 2): 149
mds (UID 0, error 20): 116
Trusted certs (user)
63.197.157.203
Firewall: On
Listeners
kdc: kerberos
launchd: afpovertcp
launchd: microsoft-ds
launchd: printer
launchd: ssh
System caches/logs
1166 MB: /Library/Caches/CrashPlan/42/cpfmf
Diagnostic reports
2015-02-14 ClamXav crash
2015-02-15 ClamXav hang
2015-02-15 garcon crash
2015-02-16 BitdefenderVirusScanner crash x2
2015-02-16 Kernel gpuRestart
2015-02-16 com.zqueue.servetome-server crash
2015-02-16 firefox hang
2015-02-16 garcon crash
I/O errors
disk3s2: data underrun 1
disk1s2: do_jnl_io: strategy err 0x6 2
Volumes
disk0s2: /
disk1s2: /Volumes/Install
disk3s2: /Volumes/ACbook
disk2s2: /Volumes/Time
Kernel log
Feb 15 09:48:38 warning: loginwindow(73) performed out-of-band resume on ClamXav(2059)
Feb 15 09:48:38 warning: loginwindow(73) performed out-of-band resume on Console(2347)
Feb 15 09:48:38 warning: loginwindow(73) performed out-of-band resume on iTunes(2727)
Feb 15 09:48:43 IOAudioStream[0xffffff802f3abc00]::clipIfNecessary() - Error: counted 1 clip more than one buffer ahead errors.
Feb 15 14:53:10 warning: loginwindow(73) performed out-of-band resume on ClamXav(2059)
Feb 15 14:56:36 warning: loginwindow(73) performed out-of-band resume on ClamXav(2059)
Feb 16 09:39:13 utun_start: ifnet_disable_output returned error 12
Feb 16 10:07:25 Trying restart GPU ...
Feb 16 11:43:50 jnl: disk1s2: write_journal_header: error writing the journal header!
Feb 16 11:43:51 jnl: disk1s2: close: journal 0xffffff802b4daa80, is invalid. aborting outstanding transactions
Feb 16 11:51:14 utun_start: ifnet_disable_output returned error 12
Feb 16 11:57:11 jnl: disk1s2: write_journal_header: error writing the journal header!
Feb 16 11:57:11 jnl: disk1s2: close: journal 0xffffff8025c1cc20, is invalid. aborting outstanding transactions
Feb 16 14:22:43 Limiting closed port RST response from 423 to 250 packets per second
Feb 16 14:24:06 Limiting closed port RST response from 264 to 250 packets per second
Feb 16 14:24:28 Limiting closed port RST response from 324 to 250 packets per second
Feb 16 14:24:42 Limiting closed port RST response from 251 to 250 packets per second
Feb 17 01:18:41 Sleep failure code 0x00000088 0x14006700
Feb 17 01:18:41 System was rebooted due to Sleep/Wake failure
Feb 17 01:18:41 Failed to open swap file 30
Feb 17 01:18:41 vm_swap_create_file failed @ 19 secs
Feb 17 01:18:41 USBF: 20.861 AppleUSBHubPort::FatalError - Port 1 of Hub at 0x14800000 reported error 0xe00002ed while doing getting port status (4)
Feb 17 01:18:41 USBF: 20.861 AppleUSBHubPort::FatalError - Port 1 of Hub at 0x14800000 reported error 0xe00002c0 while doing clearing port feature (2)
Feb 17 01:19:29 utun_start: ifnet_disable_output returned error 12
Feb 17 08:10:16 [IOBluetoothHCIController][handleACLPacketTimeout] -- Disconnecting due to device not responding (ACL Packet timed out) for connection handle 0x40
System log
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:08:56 Finder assertion failed: 14C109: libxpc.dylib + 40320 [UUID]: 0x13
Feb 17 09:09:31 WindowServer disable_update_timeout: UI updates were forcibly disabled by application "Safari" for over 1.00 seconds. Server has re-enabled them.
Feb 17 09:09:31 WindowServer WSGetSurfaceInWindow : Invalid surface 687364876 for window 227
Feb 17 09:09:37 WindowServer disable_update_timeout: UI updates were forcibly disabled by application "Safari" for over 1.00 seconds. Server has re-enabled them.
Feb 17 09:09:38 WindowServer WSGetSurfaceInWindow : Invalid surface 1046946449 for window 227
Console log
Feb 17 07:47:09 nsurlstoraged The read-connection to the DB=/Users/USER/Library/Caches/com.apple.icloud.fmfd/Cache.db is NOT valid. Unable to determine schema version.
Feb 17 07:47:09 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd
Feb 17 07:47:09 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd
Feb 17 07:47:53 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd
Feb 17 07:47:53 nsurlstoraged The read-connection to the DB=/Users/USER/Library/Caches/com.apple.icloud.fmfd/Cache.db is NOT valid. Unable to determine schema version.
Feb 17 07:47:53 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd
Feb 17 07:47:53 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd
Feb 17 07:54:18 ReportCrash Invoking spindump for pid=9255 wakeups_rate=757 duration=60 because of excessive wakeups
Feb 17 07:54:59 ReportCrash Invoking spindump for pid=9269 wakeups_rate=1144 duration=40 because of excessive wakeups
Feb 17 08:09:53 ReportCrash Invoking spindump for pid=417 wakeups_rate=252 duration=179 because of excessive wakeups
Feb 17 08:15:34 ReportCrash Invoking spindump for pid=9290 wakeups_rate=203 duration=222 because of excessive wakeups
Feb 17 08:18:12 ReportCrash Invoking spindump for pid=6328 wakeups_rate=185 duration=244 because of excessive wakeups
Feb 17 08:28:18 ReportCrash Invoking spindump for pid=9314 wakeups_rate=3955 duration=12 because of excessive wakeups
Feb 17 08:32:28 ReportCrash Invoking spindump for pid=9321 wakeups_rate=609 duration=74 because of excessive wakeups
Feb 17 08:36:08 ReportCrash Invoking spindump for pid=9331 wakeups_rate=573 duration=79 because of excessive wakeups
Feb 17 08:38:36 ReportCrash Invoking spindump for pid=9348 wakeups_rate=1503 duration=30 because of excessive wakeups
Feb 17 08:41:49 ReportCrash Invoking spindump for pid=9378 wakeups_rate=725 duration=63 because of excessive wakeups
Feb 17 08:45:39 ReportCrash Invoking spindump for pid=9390 wakeups_rate=398 duration=114 because of excessive wakeups
Feb 17 08:49:04 ReportCrash Invoking spindump for pid=9420 thread=174222 percent_cpu=63 duration=143 because of excessive cpu utilization
Feb 17 08:50:57 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active
Feb 17 08:51:18 mdworker Error loading /Applications/GarageBand.app/Contents/Library/Spotlight/GarageBandSpotlightImpo rter.mdimporter/Contents/MacOS/GarageBandSpotlightImporter: dlopen(/Applications/GarageBand.app/Contents/Library/Spotlight/GarageBandSpotli ghtImporter.mdimporter/Contents/MacOS/GarageBandSpotlightImporter, 262): Library not loaded: @rpath/MAFiles.framework/Versions/A/MAFiles
Referenced from: /Applications/GarageBand.app/Contents/Library/Spotlight/GarageBandSpotlightImpo rter.mdimporter/Contents/MacOS/GarageBandSpotlightImporter
Reason: image not found
Feb 17 08:51:18 mdworker Cannot find function pointer MetadataImporterPluginFactory for factory UUID in CFBundle/CFPlugIn 0x7f8b9870c650 </Applications/GarageBand.app/Contents/Library/Spotlight/GarageBandSpotlightImp orter.mdimporter> (bundle, not loaded)
Feb 17 09:10:19 nsurlstoraged ERROR: unable to get the receiver data from the DB!
Loaded kernel extensions
net.telestream.driver.TelestreamAudio (1.1.0)
Daemons
com.adobe.fpsaud
com.apple.AccountPolicyHelper
com.apple.CodeSigningHelper
com.apple.Kerberos.kdc
- status: 1
com.apple.MobileFileIntegrity
com.apple.aelwriter
com.apple.awdd
com.apple.cache_delete
com.apple.cfprefsd.xpc.daemon
com.apple.coreduetd
com.apple.coresymbolicationd
com.apple.ctkd
com.apple.diagnosticd
com.apple.dpd
- status: 75
com.apple.icloud.findmydeviced
com.apple.iconservices.iconservicesagent
com.apple.iconservices.iconservicesd
com.apple.ifdreader
com.apple.nehelper
com.apple.networkd_privileged
com.apple.nsurlsessiond_privileged
com.apple.nsurlstoraged
com.apple.periodic-daily
com.apple.periodic-weekly
com.apple.sandboxd
com.apple.secinitd
com.apple.softwareupdate_download_service
com.apple.softwareupdated
com.apple.spindump
com.apple.sysmond
com.apple.systemstatsd
com.apple.tccd.system
com.apple.watchdogd
com.apple.wdhelper
com.bombich.ccchelper
com.eltima.ElmediaPlayer.daemon
com.google.GoogleML
- status: 1
com.google.keystone.daemon
com.microsoft.office.licensing.helper
com.oracle.java.Helper-Tool
com.rogueamoeba.hermes
com.vmware.launchd.vmware
- status: 78
com.zqueue.servetome-server
jp.co.canon.MasterInstaller
net.sourceforge.MonolingualHelper
org.cups.cupsd
org.macosforge.xquartz.privileged_startx
Agents
com.adobe.ARM.UUID
com.amazon.cloud-player
- status: 78
com.amazon.music
com.apple.Safari
com.apple.photostream-agent
com.google.keystone.system.agent
com.maintain.SystemEvents
com.microsoft.SyncServicesAgent
com.mlbam.nexdef
com.oracle.java.Java-Updater
com.seagate.SeagateStorageGauge.plist
org.macosforge.xquartz.startx
User overrides
com.apple.imagent.monaco
com.apple.FTMonitor
com.apple.apsd-ft
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Canon IJ Network Scanner Selector2
- missing value
Dropbox
- /Applications/Dropbox.app
ACbook
- /Volumes/ACbook
CrashPlan menu bar
- missing value
CrashPlan menu bar
- /Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app
Canon IJ Network Scanner Selector EX
- /Applications/Canon Utilities/IJ Network Scanner Selector EX/Canon IJ Network Scanner Selector EX.app
Caffeine
- missing value
Firefox extensions
Mozilla Firefox hotfix
Hide My ***! Web Proxy
FoxyProxy Standard
Jesper Staun Hansen
Torrent Tornado
Torrent Finder Toolbar
Widgets
iStat nano
iCloud errors
bird 405
cloudd 68
CallHistorySyncHelper 6
Safari 4
accountsd 2
Continuity errors
lsuseractivityd 8
Safari 2
Restricted files: 43
Lockfiles: 22
Accessibility
Keyboard Zoom: On
Scroll Zoom: On
Contents of /Library/LaunchAgents/com.maintain.LogOut.plist
- mod date: Feb 9 20:01:50 2015
- checksum: 2486542021
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.maintain.LogOut</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/osascript</string>
<string>-e</string>
<string>delay 3</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>do shell script "killall Cocktail"</string>
<string>-e</string>
<string>end try</string>
<string>-e</string>
<string>ignoring application responses</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>tell application "System Events" to log out</string>
...and 7 more line(s)
Contents of /Library/LaunchAgents/com.maintain.Restart.plist
- mod date: Feb 9 19:55:16 2015
- checksum: 1856196442
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.maintain.Restart</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/osascript</string>
<string>-e</string>
<string>delay 3</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>do shell script "killall Cocktail"</string>
<string>-e</string>
<string>end try</string>
<string>-e</string>
<string>ignoring application responses</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>tell application "System Events" to restart</string>
...and 7 more line(s)
Contents of /Library/LaunchAgents/com.maintain.ShutDown.plist
- mod date: Feb 9 19:55:17 2015
- checksum: 2131448796
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.maintain.ShutDown</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/osascript</string>
<string>-e</string>
<string>delay 3</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>do shell script "killall Cocktail"</string>
<string>-e</string>
<string>end try</string>
<string>-e</string>
<string>ignoring application responses</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>tell application "System Events" to shut down</string>
...and 7 more line(s)
Contents of /Library/LaunchAgents/com.maintain.Sleep.plist
- mod date: Feb 9 20:01:53 2015
- checksum: 2684026111
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.maintain.Sleep</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/osascript</string>
<string>-e</string>
<string>delay 3</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>do shell script "killall Cocktail"</string>
<string>-e</string>
<string>end try</string>
<string>-e</string>
<string>ignoring application responses</string>
<string>-e</string>
<string>try</string>
<string>-e</string>
<string>tell application "System Events" to sleep</string>
...and 7 more line(s)
Contents of /Library/LaunchAgents/com.maintain.SystemEvents.plist
- mod date: Feb 9 19:55:17 2015
- checksum: 1297325733
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.maintain.SystemEvents</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- mod date: Feb 6 15:45:52 2015
- checksum: 655956191
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>17</integer>
<key>Minute</key>
<integer>49</integer>
<key>Weekday</key>
<integer>1</integer>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchAgents/com.seagate.SeagateStorageGauge.plist
- mod date: Mar 10 08:38:47 2010
- checksum: 3262128215
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
com.seagate.SeagateStorageGauge.plist
SeagateDiagnostics
Created by John Brisbin on 3/10/10.
Copyright 2010 Seagate Technologies LLC.. All rights reserved.
-->
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.seagate.SeagateStorageGauge.plist</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Seagate/Seagate Storage Gauge.app/Contents/MacOS/Seagate Storage Gauge</string>
<string>-doautolnch</string>
<string>/Library/Application Support/Seagate/Seagate Storage Gauge.app</string>
</array>
<key>RunAtLoad</key>
...and 3 more line(s)
Contents of /Library/LaunchDaemons/com.bombich.ccchelper.plist
- mod date: Feb 6 13:35:20 2015
- checksum: 495358405
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.bombich.ccchelper</string>
<key>MachServices</key>
<dict>
<key>com.bombich.ccchelper</key>
<true/>
</dict>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/com.bombich.ccchelper</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.bombich.ccchelper</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.crashplan.engine.plist
- mod date: Jan 10 11:46:36 2015
- checksum: 757054163
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.crashplan.engine</string>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>Nice</key>
<integer>20</integer>
<key>KeepAlive</key>
<true/>
<key>OnDemand</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
<key>WorkingDirectory</key>
<string>/Applications/CrashPlan.app/Contents/Resources/Java</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/CrashPlan.app/Contents/MacOS/CrashPlanService</string>
...and 26 more line(s)
Contents of /Library/LaunchDaemons/com.eltima.ElmediaPlayer.daemon.plist
- mod date: Oct 9 06:40:45 2012
- checksum: 1274124936
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.eltima.ElmediaPlayer.daemon</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/ElmediaPlayer/empdaemon</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.google.GoogleML.plist
- mod date: Mar 10 10:19:30 2008
- checksum: 315725308
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.GoogleML</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Google/GoogleML/GoogleML.bundle/Contents/MacOS/googleml-modwat ch</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>UserName</key>
<string>root</string>
<key>WatchPaths</key>
<array>
<string>/Library/Google/GoogleML/Modules</string>
<string>/Library/Google/GoogleML</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.rogueamoeba.hermes.plist
- mod date: Jul 15 21:05:58 2008
- checksum: 1539233627
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.rogueamoeba.hermes</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/hermes/bin/hermesctl</string>
<string>update</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>ServiceIPC</key>
<true/>
<key>UserName</key>
<string>root</string>
<key>WatchPaths</key>
<array>
<string>/usr/local/hermes/modules</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.vmware.launchd.vmware.plist
- mod date: Nov 2 16:11:08 2007
- checksum: 1467462916
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.vmware.launchd.vmware</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/VMware Fusion/boot.sh</string>
<string>--start</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.zqueue.servetome-server.plist
- mod date: Sep 22 07:54:14 2014
- checksum: 1392131937
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/Library/Application Support/ServeToMe/incoming/settings.xml</key>
<true/>
</dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>com.zqueue.servetome-server</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.zqueue.servetome-server</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>5</integer>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist
- mod date: Nov 11 12:21:11 2014
- checksum: 4111951265
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>jp.co.canon.MasterInstaller</string>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/jp.co.canon.MasterInstaller.socket</string>
<key>SockType</key>
...and 5 more line(s)
Contents of /Library/LaunchDaemons/net.sourceforge.MonolingualHelper.plist
- mod date: Sep 16 12:53:32 2012
- checksum: 4229206510
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>net.sourceforge.MonolingualHelper</string>
<key>MachServices</key>
<dict>
<key>net.sourceforge.MonolingualHelper</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/net.sourceforge.MonolingualHelper</strin g>
</array>
</dict>
</plist>
Contents of /System/Library/Security/authorization.plist
- mod date: Jan 7 19:31:13 2015
- checksum: 2720110640
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>comment</key>
<string>The name of the requested right is matched against the keys. An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.
allow rule: this is always allowed
<key>com.apple.TestApp.benign</key>
<string>allow</string>
deny rule: this is always denied
<key>com.apple.TestApp.dangerous</key>
<string>deny</string>
user rule: successful authentication as a user in the specified group(5) allows the associated right.
The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.
The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.
The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0. This defaults to false if not specified.
See remaining rules for examples.
</string>
<key>rights</key>
<dict>
<key></key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
...and 1850 more line(s)
Contents of /private/etc/authorization.deprecated
- mod date: Sep 30 13:39:21 2013
- checksum: 2773682028
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>comment</key>
<string>The name of the requested right is matched against the keys. An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.
allow rule: this is always allowed
<key>com.apple.TestApp.benign</key>
<string>allow</string>
deny rule: this is always denied
<key>com.apple.TestApp.dangerous</key>
<string>deny</string>
user rule: successful authentication as a user in the specified group(5) allows the associated right.
The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.
The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.
The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0. This defaults to false if not specified.
See remaining rules for examples.
</string>
<key>rights</key>
<dict>
<key></key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
...and 9729 more line(s)
Contents of /private/etc/ssh_config
- mod date: Oct 1 12:06:10 2012
- checksum: 1281775184
Host *
SendEnv LANG LC_*
Host *
XAuthLocation /opt/X11/bin/xauth
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Aug 21 15:00:01 2010
- checksum: 2170691092
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.cloud-player.plist
- mod date: Feb 22 10:43:22 2014
- checksum: 2707474481
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.cloud-player</string>
<key>Program</key>
<string>/Applications/Amazon Cloud Player.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.music.plist
- mod date: Jan 12 15:51:16 2015
- checksum: 3668832669
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.music</string>
<key>Program</key>
<string>/Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.FolderActions.folders.plist
- mod date: Feb 17 09:08:58 2015
- checksum: 1189540302
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.FolderActions.folders</string>
<key>Program</key>
<string>/usr/bin/osascript</string>
<key>ProgramArguments</key>
<array>
<string>osascript</string>
<string>-e</string>
<string>tell application "Folder Actions Dispatcher" to tick</string>
</array>
<key>WatchPaths</key>
<array/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist
- mod date: Jul 31 12:13:01 2010
- checksum: 2859079559
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.Safari</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/S afariSyncClient</string>
<string>--sync</string>
<string>com.apple.Safari</string>
<string>--entitynames</string>
<string>com.apple.bookmarks.Bookmark,com.apple.bookmarks.Folder</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Library/Safari/Bookmarks.plist</string>
</array>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.microsoft.LaunchAgent.SyncServicesAgent.plist
- mod date: Feb 17 01:22:03 2015 -
Coldfusion 11 java/jre ssl mutual auth api calls. Help with coldfusion/java logs.
Hello,
I am here because I have exhausted my Coldfusion/Java ssl keystore certs trouble shooting abilities. Here is the issue. I am developing a Coldfusion 11 application that must make api calls to Chase payconnexion SOAP services. I am using the coldfusion cfhttp tags to do this, which is using the java jre 1.7.x to accomplish this. The problem, I am getting generic 500 internal server errors from Chase. They claim that I am not sending a cert during the ssl exchange. What I have done is:
- put our wildcard cert/key pair in the coldfusion keystore
- put our root and chain in the keystore
- put the chase server cert in the keystore
- converted the key/crt files to .pfx and make the calls
to chase with those, something like:
<cfset objSecurity = createObject("java", "java.security.Security") />
<cfset storeProvider = objSecurity.getProvider("JsafeJCE")/>
<cfset Application.sslfix = true />
<cfhttp url="#chase_api_server#/"
result="http_response"
method="post"
port="1401" charset="utf-8"
clientCert = "#cert_path#/#cert_file1#"
clientCertPassword = "#cert_password#">
<cfhttpparam type="header" name="SOAPAction" value="updateUserProfileRequest"/>
<cfhttpparam type="header" name="Host" value="ws.payconnexion.com" />
<cfhttpparam type="xml" value="#trim(my_xml)#"/>
</cfhttp>
Here is what I see in the Cf logs, can anyone help me interpret what
is happening ??
Thanks,
Bob
=============================================================
found key for : 1
chain [0] = [
Version: V3
Subject: CN=*.payments.austintexas.gov, O=City of Austin, L=Austin, ST=Texas, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
Validity: [From: Mon Aug 11 12:39:37 CDT 2014,
To: Thu Sep 01 18:34:24 CDT 2016]
Issuer: CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
SerialNumber: [<snip>7]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.entrust.net
accessMethod: caIssuers
accessLocation: URIName: http://aia.entrust.net/2048-l1c.cer
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.entrust.net/level1c.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.840.113533.7.75.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
[CertificatePolicyId: [2.23.140.1.2.2]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.payments.austintexas.gov
DNSName: payments.austintexas.gov
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [1] = [
Version: V3
Subject: CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Nov 11 09:40:40 CST 2011,
To: Thu Nov 11 20:51:17 CST 2021]
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [ <snip>]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.entrust.net
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.entrust.net/2048ca.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [2] = [
Version: V3
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>public exponent: 65537
Validity: [From: Fri Dec 24 11:50:51 CST 1999,
To: Tue Jul 24 09:15:12 CDT 2029]
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [<snip>]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
trustStore is: /opt/coldfusion11/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
<snip 85 certs>
trigger seeding of SecureRandom
done seeding SecureRandom
Jan 23, 2015 13:15:37 PM Information [ajp-bio-8014-exec-7] - Starting HTTP request {URL='https://ws.payconnexion.com:1401/pconWS/9_5/', method='post'}
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1405197529 bytes = { 191, 115, 95, 85, 79, 234, 145, 176, 62, 70, 36, 102, 168, 15, 127, 174, 88, 118, 4, 177, 226, 5, 254, 55, 108, 203, 80, 80 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: ws.payconnexion.com]
ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 191
ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: <snip>
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
%% Initialized: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 4183
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=ws.payconnexion.com, OU=PayConnexion, O=JPMorgan Chase, L=New York, ST=New York, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Sun Apr 20 19:00:00 CDT 2014,
To: Tue Jun 02 18:59:59 CDT 2015]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ <snip>]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://se.symcd.com
accessMethod: caIssuers
accessLocation: URIName: http://se.symcb.com/se.crt
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://se.symcb.com/se.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: <snip>
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ws.payconnexion.com
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [1] = [
Version: V3
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Sun Feb 07 18:00:00 CST 2010,
To: Fri Feb 07 17:59:59 CST 2020]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ <snip>]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
<snip>
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3-g5.crl]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: <snip>
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
2.16.840.1.113733.1.8.1
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-7
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [2] = [
Version: V3
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Tue Nov 07 18:00:00 CST 2006,
To: Sun Nov 07 17:59:59 CST 2021]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [<snip>]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
<snip>
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
codeSigning
2.16.840.1.113730.4.1
2.16.840.1.113733.1.8.1
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
Found trusted certificate:
Version: V3
Subject: CN=ws.payconnexion.com, OU=PayConnexion, O=JPMorgan Chase, L=New York, ST=New York, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: public exponent: 65537
Validity: [From: Sun Apr 20 19:00:00 CDT 2014,
To: Tue Jun 02 18:59:59 CDT 2015]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ <snip>]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://se.symcd.com
accessMethod: caIssuers
accessLocation: URIName: http://se.symcb.com/se.crt
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://se.symcb.com/se.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: <snip>
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ws.payconnexion.com
Algorithm: [SHA1withRSA]
Signature:
<snip>
ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<Empty>
*** ServerHelloDone
matching alias: 1
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=*.payments.austintexas.gov, O=City of Austin, L=Austin, ST=Texas, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
<snip>public exponent: 65537
Validity: [From: Mon Aug 11 12:39:37 CDT 2014,
To: Thu Sep 01 18:34:24 CDT 2016]
Issuer: CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
SerialNumber: [<snip>]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.entrust.net
accessMethod: caIssuers
accessLocation: URIName: http://aia.entrust.net/2048-l1c.cer
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.entrust.net/level1c.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.840.113533.7.75.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
[CertificatePolicyId: [2.23.140.1.2.2]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.payments.austintexas.gov
DNSName: payments.austintexas.gov
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [1] = [
Version: V3
Subject: CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Nov 11 09:40:40 CST 2011,
To: Thu Nov 11 20:51:17 CST 2021]
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [<snip>]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: ocsp
accessLocation: URIName: http://ocsp.entrust.net
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<snip>]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.entrust.net/2048ca.crl]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: <snip>
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
chain [2] = [
Version: V3
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: <snip>public exponent: 65537
Validity: [From: Fri Dec 24 11:50:51 CST 1999,
To: Tue Jul 24 09:15:12 CDT 2029]
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [<snip>]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<snip>]
Algorithm: [SHA1withRSA]
Signature:
<snip>
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 3970
SESSION KEYGEN:
PreMaster Secret:
<snip>
CONNECTION KEYGEN:
Client Nonce:
<snip>
Server Nonce:
<snip>
Master Secret:
<snip>
Client MAC write Secret:
<snip>
Server MAC write Secret:
<snip>
Client write key:
<snip>
Server write key:
<snip>
Client write IV:
<snip>
Server write IV:
<snip>
*** CertificateVerify
ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 262
ajp-bio-8014-exec-7, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 51, 254, 40, 56, 247, 218, 130, 183, 112, 239, 95, 4 }
ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 48
ajp-bio-8014-exec-7, READ: TLSv1 Change Cipher Spec, length = 1
ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 89, 182, 137, 178, 177, 31, 27, 115, 151, 90, 169, 49 }
%% Cached client session: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]
ajp-bio-8014-exec-7, setSoTimeout(60000) called
ajp-bio-8014-exec-7, WRITE: TLSv1 Application Data, length = 1520
ajp-bio-8014-exec-7, READ: TLSv1 Application Data, length = 128
Jan 23, 2015 13:15:38 PM Information [ajp-bio-8014-exec-7] - HTTP request completed {Status Code=500 ,Time taken=1302 ms}
ajp-bio-8014-exec-7, READ: TLSv1 Application Data, length = 256
ajp-bio-8014-exec-7, READ: TLSv1 Alert, length = 32
ajp-bio-8014-exec-7, RECV TLSv1 ALERT: warning, close_notify
ajp-bio-8014-exec-7, called closeInternal(false)
ajp-bio-8014-exec-7, SEND TLSv1 ALERT: warning, description = close_notify
ajp-bio-8014-exec-7, WRITE: TLSv1 Alert, length = 32
ajp-bio-8014-exec-7, called closeSocket(selfInitiated)
ajp-bio-8014-exec-7, called close()
ajp-bio-8014-exec-7, called closeInternal(true)Ok, apparently Chase person who said we were not sending the certs and achieving mutual auth
was incorrect. The https calls were connecting, and mutual auth was taking place. The 500
error was about a soap envelope being delivered, and NOT SSL as I directed to. Everything
is working fine now.
Thanks,
Bob -
hello,
i"ve found a great post from Aaron Woland about how to make/install/use Wildcard certificate.
http://www.networkworld.com/community/blog/what-are-wildcard-certificates-and-how-do-i-use-them-ciscos-ise
but there is something that was not answered by his post.
Can i use WildCard cert to register node to an ISE deployement? Aka adding a Monitor only node to a admin only node
create CSR, receiving Cert from CA, adding CA root, binding cert to CA root then exporting key, then importin on Mon node then try to register mon node? my first test didnt go well.
Any input would be appreciatedBasant,
I agree with what you are saying but it seems that your statement contradicts the write up on the Cisco user guide for 1.2, there are no limitations and one of the benefits stated by the doc is that you can use wildcard certs as a cost saving measure which will allow you to install the cert on all ISE nodes.
I do have a corporate wildcard certificate and I will attempt to register two nodes together and see what the result is.
Also the true benefit of a wildcard cert is where the CN is *.domain.com, you should not have to generate a CSR where the CN=iseblah.domain.com with a SAN of *.domain.com, I do not think that is a cost effective wildcard cert since the CN has the fqdn of the ISE node.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html
Tarik Admani
*Please rate helpful posts* -
Is it a good idea and common practice to just use public CA for wildcard certificate on each ISE node to avoid any certificate warnings on non-corporate devices?
is it ok then to use it also for EAP-TLS authentication? Clients will still have internal CA certs.
Or should we have a separate internal wildcard cert just for EAP-TLS. In this case, will ISE 1.3 allow me to have to wildcard certs with the same SAN (*.domain.com), one is public, the other is internal. The public one would apply to Web portals, and internal one would apply to EAP-TLS/Hi Trevor-
The use of Wildcard cert is perfectly acceptable for the guest portals. As you said, this will ensure that guest users don't get the certificate trust error.
However, for the EAP side of the house, you will need to get a non-wildcard certificate. Many supplicants (including Windows) will NOT accept a wildcard certificate when building an EAP tunnel.
I hope this helps!
Thank you for rating helpful posts! -
Wildcard cert on WLC 4404 running 5.2
Hi all
I have a WLC with a cert on at the moment, it runs out in a few weeks.
I want to replace the current cert with a wildcard cert.
Will this be OK ?
is it a casHi,
As per my exp.: yes it is supported.
However, it seems there is still a problem with wildcards certificates if they are chained :
Check this links:
http://netboyers.wordpress.com/2012/03/06/wildcard-certs-for-wlc/
Third part cert:
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
Regards
Dont forget to rate helpful posts -
We have a need to terminate multiple SSL websites on our CSS. So name1.test.com
name2.test.com, name3.test.com etc. The problem I have found is that I need to burn 1 public VIP per SSL connection b/c they all need to use tcp 443 inbound and point to their respective cert on the CSS. Is there anyway to possibly generate a wildcard cert that matched only the last part of our domain name ( events.test.com = *.test.com ) and then get away with using only 1 VIP for the multiple sub domains ??
Thanks for your help.
Cheers
DaveCSS can use wildcard certificate just as it uses typical server certificates.
If you are using the CSS to create the CSR, you would use a wildcard common name
- A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would
match a.example.com, foo.example.com, etc. but would not match
example.com.
Syed -
Installing wildcard cert on ISE for HTTP/EAP
I need to install a wildcard cert on ISE, but have no experience with wildcards. I have the *.domain certificate, but i am not sure of the process, and the Cisco docs add to the confusion. Am i supposed to generate a new CSR to give to the CA, do i simply install the *.domain cert? I have read the install guide and it of course makes the assumption that you know what you're talking about, and when it comes to installing wildcards, i don't know...
Any assistance would be greatly appreciatedIf you are already in the possession of the wildcard cert and the private key, then you don't need CSR. You can simply import the certificate in ISE:
1. Go to Administration > Certificates > Local Certificates > Add > Import Server Certificate
2. Use the "browse" buttons to point to the certificate file and private key
3. Check "Allow Wildcard Certificates"
4. Select the protocol that you want to use it for (EAP or HTTPS or both)
5. Hit submit
6. Go to Certificates Store
7. Import the root CA certificate and Intermediate CA certificate(s) (If any)
Thank you for rating helpful posts! -
7925g plus EAP-TLS plus wildcard cert
Hi folks,
Has anyone managed to put a wildcard cert on a 7925G (or 9971) to use for client authentication with EAP-TLS? It seems like one is forced to use the MIC or a cert from a csr generated by the phone... but I'd really rather not keep track of a zillion certs.
Thanks for any help.Hi,
have you read the infos from the deployment guide (page 72 - install certificates) already
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf -
Front End Services won't start with new cert, SChannel error about hostname
We have an existing Lync 2013 Enterprise system set up, and many of the servers are using certs issues by our local CA. I want to move several of the certs to third-party certificates so that non-domain machines can connect. The first change I'm making is
on our Edge pool. However, I'm having an issue. Here are the details:
Our internal domain space is int.domain.com. Our external domain space is domain.com. Our Lync FE server is LS01.int.pool.com and our FE pool is pool01.int.domain.com. I have generated a CSR and requested a certificate from Globalsign with the following
characteristics:
SN: pool01.int.domain.com
SAN: pool01.int.domain.com
SAN: domain.com (wildcard)
SAN: int.domain.com (wildcard)
After applying the new cert using the topology builder, I've rebooted and the Lync Front-End Server service will no longer start. The following SChannel error is in the event logs:
The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ls01.int.domain.com. The SSL connection request
has failed. The attached data contains the server certificate.
After reverting back to the original local CA cert, the services start. The local cert has a ton of individual SANs set up but I was under the impression that the wildcard SANs were supported and would be ok for the hostnames.
Why is it looking for my FE server name and not the pool? Is this an issue with my deployment, or is it with the cert? I'm not sure where to go from here.Hey Matt,
As mentioned above wildcards are only supported for Lync web services such as lyncdiscover, dialin and meeting URL's. It is OK to have wildcards in the certificates SAN, but you must also specifically include the following:
SN: pool01.int.domain.com (SN must be pool)
SAN: pool01.int.domain.com (pool must also be included in SAN)
SAN: lync-fe-001.int.domain.com (the machine name of your front end server)
This should solve the issue for you.
Andrew Morpeth
Lync Server Specialist - Auckland, NZ
Check out my blog -
Windows client intermittent connection to PEAP WIFI backed off to ISE 1.2 wildcard cert
I am setting up a topology whwere for the first time I am deplying ISE with a wildcard certificate. This is on ISE 1.2 patch 6, WLC's running 7.6 and Windows 7 clients in AD. The ISE policy is just to match on machine auth.
The setting up of the wildcard cert went ok as guided by the CCO ISE 1.2 deployment/cfg guide.
When it came to testing the client auth as always I start off with the PEAP settings of Validate server certificate off, just to confirm the WLC and ISE are playing ball. They were, the auth passed.
I then tick the Validate server certificate, make sure the CA (Windows AD) is in the Trusted Root Certification Authorities. Retest and the client passes.
If I then disconnect the wifi and reconnect, either manually or by doing a reboot, the next authenticaiton fails, but nothing has changed. ISE reports that my Windows client rejected the server certificate. Which is odd as it just accepted it.
If I untick the validate the client passes, if i tick it again it will authenticate fine, once. The next connection it will fail again with the client rejecting ISE.
Anyone got any ideas?I have had a similar issue consistently with 1.2 on both pathc 5 and 6 (not sure about earlier one). Basically what I am seeing is the client rejecting the Server cert when validate is unticked. Most of the time the client connects just fine a few seconds later but some clients need a reboot to fix it. As a rule I put this down to client issue but not 100% sure some times.
Maybe you are looking for
-
I have an IPad 2 and can't get it to sync with ICloud. Help!
When I try to get mail on my IPad2 I get a message "ICloud. User name or password is incorrect. Ignore. Edit" I go to edit, but I don't know what user name and password is being used. (I must have a zillion by now). Where can I find this info? I don
-
CS4: 32 or 64 Bit? How do I know?
I've been testing CS4 on Win7 Ultimate 64 bit. I open files from Bridge, and I expect that they are opening in 64 bit. But I have come to realize that I cannot be sure. AFAIK, they do. Today, I went exploring: How to use the 32 bit version. As expect
-
Zip files in AdobePatchFiles folder
I have 2 GB of zip files in Applications/Adobe/AdobePatchFiles generated by Creative Cloud (Mac OSX 10.9.2). Can I delete them?
-
MAC OSX 10.6.8 photoshop editor wont work
newly purchased photoshop elements cd, MAC 10.6.8, installed ok, editor will work, but organizer wont, its like iphoto wont "release the photos" in a format that photoshop can understand?
-
How can i unlock iphone 4G from japan to use jn nepal
How can i unlock iphone 4G from japan to use jn nepal??