Https communication and authentication

Hi all,
I'm using JSSE and performing mutual authentication between client and server.
In that scenario, I have 2 https communication being established between the same client and server. Please let me know if these two different https connections to the server can use the same session established after the initial mutual authentication based on the SSL certificates and other stuffs.
To put in other words, I'm looking forward to do one time authentication and use this session by the two https connections.
I'm not using any browser. I have written a simple java client program to communicate with the server.
Thank you for any help.
Vinay.

Vinay,
I think {forum:id=926} (or one of the similar forums in the Java section) may be a better place for your question.
John

Similar Messages

HTTP Communication and View activation error

hi all,
We are using CRM WebUI. We have Product Master screens. In developement environment everything works fine. whee we migrated it to consolidation env i am getting following error.
Not able to understand this error. I get the HTTP Communication error ot the product search page and the Target view activation error when in product creation screen.
Please help!!
Cannot display view MainWindow
An exception occurred during the internal HTTP communication Exception Class CX_BSP_WD_HTTP_RESPONSE_ERROR
Text: HTTP answer has status 404
Additional Info: Business Server Page (BSP) Error
Program: CL_BSP_WD_STREAM_LOADER=======CP
Include: CL_BSP_WD_STREAM_LOADER=======CM002
Source Text Row: 113
An exception occurred during the activation of target view OverviewMaterial.MainWindow for the navigation
An exception has occurred Exception Class CX_BSP_WD_RUNTIME_ERROR - View OverviewMaterial.MainWindow could not be bound
Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
Source Text Row: 162

Hello,
a HTTP error of 404 means NOT FOUND.
Maybe you can have a look in the TX SICF if the BSP component is activated. Just search for the service = BSP application name.
cheers Carsten

HTTPS communication

Hi,
I got a requirement where in I need to have HTTPS communication with one of my client. Basically I have to send files and receive files from their server.
Can anybody guide me what are the requirements my client should work for to support HTTPS communication and what type of adapter I should use to send and pick these files?
Regards,
Vijay.

HI Vijay
refer the below links
You can use the HTTP adapter. Refer to following SDN TV demo of the HHTP adapter for details steps involved into it.
https://media.sdn.sap.com/SDNTV/main.asp?mediaId=107
HTTPS using XMLSPY
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
The HTTPS configuration data of the Adapter Engines has to be configured in the SLD.
More Information in the "SAP Security Guide XI"
http://help.sap.com/saphelp_nw04/helpdata/de/f7/c2953fc405330ee10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
Under Security Check for Inbound Messages, you can specify which HTTP Security Level is to be assumed for incoming messages. You can choose from the following security levels:
○ HTTP (default value)
○ HTTPS without client authentication
○ HTTPS with client authentication
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/d23cbe11-0d01-0010-5287-873a22024f79
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
Hope this will help you .....
pls reward if useful.....

Why do you need to enable http communication with Basic authentication with Exchange Admin IP?

The pre-reqs for the Exchange Admin IP say you have to make a few changes on your Exchange server (2010 on prem in my case). I have a few questions about those pre-reqs and I'm not able to find documentation online to help:
Why does http communication with basic authentication for the powershell virtual directory in IIS need to be enabled? In the IP you still specify to connect over an SSL connection. The concern is what is being sent over unencrypted and what impacts are
there to the security of the Exchange server.
What role does the IP connect to (MBX/CAS/HT)? I'm not an Exchange guy so I don't know which roles install the PowerShell virtual directory.
Are there any technet pages or white papers that talk about the MS developed IPs in any more detail than basic config?
I appreciate any help anyone can offer. Thanks!
-Raj

Yeah I find this perplexing as well. I'm guessing it has something to do with Opalis origins perhaps.
Would be good to understand why.

PI 7.1 HTTPS Communication

Hi PI Experts,
We are enabling HTTPS communication in PI 7.1 EHP1 using CIDX adapter. We have nearly completed settings after going through several threads and sap help documentation.
1. Defined SSL parameters in RZ10 (ssl/pse_provider = Java and other parameters)
2. Created entry for private key (2048 key length) in ICM_SSL_<instance id> view of key storage in nwa. Generated CSR response, imported CSR response with CA containing private key, intermediate key.
3. Installed Public key of Partner certificate into ICM_SSL_<instance id> and Trusted CAs
4. Exported key to PSE
5. Restarted ICM
Inspite of completing the above configuration and installation of the certificates, still we are not able to complete HTTPS communication. We are facing two issues
(1) For outbound: HTTPException:Padding length error
(2) For inbound: Client is facing issue "HTTP/401 Unauthorized".
What is the service user that is utilized in HTTP communication with certificate logon in PI 7.1? Where do we see this service user? We expect that through nwa>>configuration management>> Identity Management>> for this service user need to apply PI private key and Client public key.
Please provide your inputs for resolution.

Hi Baskar,
Thanks for the reply.
Inbound communication:
We did see this documentation earlier. As per the link, it says "In the Adapter Engine and PCK, only the security role xi_af_receiver of the J2EE component sap.com/com.sap.aii.af.ms.app*MessagingSystem allows the execution of incoming messages.
we strongly recommend that you create separate messaging users with the corresponding role representing individual business systems in a productive environment."
So we created a new user id for the purpose, through NWA Configuration Management>>Authentication, we could able find the policy configuration sap.com/com.sap.aii.af.ms.app*MessagingSystem. For this policy, we need add authentication log in as 'ClientCertLoginModule'. But we do not know how to add/specify this user id against this policy. Though we have added security role xi_af_receive for this user.
In brief we need to specify the server for this policy through certification logon use this new service user id? We want to know where it can be done.
Thanks,
Suraj Pabbathi

Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

Hello All,
We are currently building up a HTTPS message exchange with an external client.
Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
Now we have to configure the addtional Client Authentication.
At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
But what are the next steps to get this scenario successfully in place?
Many thanks in advance!
Jochen

Hi Colleagues,
following Steps still have to be done:
- Mapping public key to technical user at Java Stack
As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
- Be sure CA root certivicate at Database under STRUSTSSO2
- Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
- use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
Many thanks to all for support!
Regards,
Jochen

HTTPS with Client Authentication in SOAP sender Adapter

Hi All,
In SOAP Sender communication channel. When I generate WSDL with HTTP Security Level = HTTP: it works when third party tries to send data to XIwebservice.
But when I tried with HTTPS with Client Authentication option its giving error
InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.
Please guide how to use HTTPS with Client Authentication option, and what all configuration need to apply in XI & in third party to use this.
Regards

Rohan,
With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
Regards
Ravi Raman

HTTPS With Client Authentication

Hi,
I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
java.security.AccessControlException: client certificate required
In the the transaction scim the following can be seen:
[Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
[Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
[Thr 5061]     out: sssl_hdl = 1117534b0
[Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
[Thr 5061]      in: sssl_hdl = 1117534b0
[Thr 5061]      in: cred_hdl = 116cfc110
[Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
[Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001 peer=XX.XX.XX.XX:2310
[Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
[Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
[Thr 5061]          status = "resumed SSL session, NO client cert"
The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
Sender Communication Channel,
Transport Protocol: HTTP,
Message Protocol: Soap 1.1,
Adapter Engine: Central Adepter Engine,
HTTPS with Client Authentication,
Keep Headers
Any ideas?
Kind regards,
John

Hi Peter,
If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
All the best,
John

HTTPS communication using HTTP receiver adapter URL address as Address Type

Hi All,
If some one who has tried HTTPS communication using HTTP receiver adapter using URL address as Address type can you please guide me what are the steps need to be done.
Note : Address type is a parameter in HTTP adapter setup .
Regards,
Reddy

Hi,
Check this,
Configurations in Integration Directory
The plain HTTP adapter gives the receiver system the following specifications:
 Specifications for addressing using a URL address:
Target host, service number, and path prefix including query string:
http://<hostname:port>/<path>?<query-string>
You can identify the target host (HTTP port) of a SAP Web Application Server using
the
ICM monitor
Host and port of the HTTP proxy (optional if there is a firewall between the plain
HTTP adapter and the receiver system)
Authentication data for the receiver system.
See also: transaction Display and Maintain RFC Destinations (SM59).
 Specifications for addressing using an HTTP destination:
HTTP destination
 Parameters from the communication channel for technical routing
Content type (the entry text/XML is expected as default)
Specifies the format that the message contents (the payload) should have.
Optional header fields for the receiver-specific protocol
Attributes for the query string
1. Sender party
2. Sender service
3. Receiver Interface
4. Message ID
5. Quality of service
6. Queue ID
All attributes are selected except for the queue ID. If you do not want a value to be
transferred to the receiver, deselect it. The queue ID is only required if the quality of
service is EOIO.
Specifications for payload manipulation
XML code (default UFT-8)
Specifies the character set.
URL escaping
Presents the XML in a URL-enabled format. Special characters that could be
interpreted as control characters are replaced with escape characters (masked).
Prolog
Enhances the payload for particular servers (optional, see below).
Epilog
Enhances the payload for particular servers (optional, see below).
Enhancing the Payload
Regards
Seshagiri

HTTPS Without client authentication shows error of Certificate

Hi Experts,
I am trying to develop a SOAP to RFC scenario where in SOAP sender HTTP security level - HTTPS Without Client Authentication is selected.
I have downloaded WSDL from Sender agreement and trying to test web service from SOAPUI. Now as per my understanding simply placing request to HTTPS:<host>:<port>:XISOAPAdapter/....   with correct user should work and this scenario shouldn't need any certificates.
However in SOAPUI and even in RWB SOAP Sender, I am receiving error that - Client Certificate required.
Any comments on why would it be happening ?    In fact whatever option in HTTP Security level I select, error remains same. In NWA is there any other configuration to be done to make this work ?
Is below understanding right ?
-- >> HTTPS Without client authentication will not need certificate exchange and simply user authentication will do
Thanks..
regards,
Omkar.

Hello Omkar,
What you are trying to do is Consume a SOAP->RFC scenario (synchronous) from SOAP UI and you want that to be secure. With this requirement, just having the certificates alone is not sufficient (sorry for late response..i just came across this post when i was searching something else )
1)How did you generate the certificate and the private key? Because Key Generation plays a Big Part in it. The Key should have been signed by a CA. Though its not signed by a CA, a trick which would work is, at the time of Key generation, provide the Organization Name as SAP Trust Community and Country as DE.
2) At the time of Key Generation definitely it shall ask for a password. You remember that.
3) Export the Private Key as PCKS12 format and the certificate as Base64 format and have it in your local system, (shall be used later in SOAP UI and NWA)
Here follows the major part
4) Open NWA and go to Configuration Management->Authentication
5) Go to Properties Taband click Modify
6) Under Logon Application select the check box "Enable Showing Certificate Logon URL Link on Logon Page" and save it.
7) Now go to the Components Tab.
8) Search for client_cert Policy Configuration name and Edit it it. Make sure the following Login Modules are maintained in the same Order
==> Name: com.sap.engine.services.security.server.jaas.ClientCertLoginModule
       Flag : Sufficient
==> Name: BasicPasswordLoginModule
       Flag: Optional
9) Now Select the name com.sap.engine.services.security.server.jaas.ClientCertLoginModule and you can see lots of entries under the Login Module Options. Remove them all and add anew entry (case sensitive). Save it.
==>Name: Rule1.getUserFrom
       value : wholeCert
10) Now search for the Policy Configuration name sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter
and edit it.
11) Under the Authentication stack select the template client_cert against the used template label. and save it
12)If you are using AXIS Adapter, do the steps 11 for the Policy Configuration name sap.com/com.sap.aii.axis.app*XIAxisAdapter.
13) Now in NWA navigate to Operation management->Identity Management
14) Search for the user PIISUSER (or any user id which you thing has good amount of authorizations to access the service)
15)Click Modify and go to the TAB Certificates and upload the certificate (not the private key) which you downloaded in step 3.
16) With this setup what you have done is you have created proper certificate, enabled certificate based logon for SOAP and AXIS adapter and associated the certificate with a user id.
17) usually in Dual stack PI, we will have the same certificate added to the server pse in strustsso2 tcode. But since its single stack, just make sure in the cert and keys you add this certificate to teh Trusted CAs and also to the Server Keystore.
18) Now in SOAP UI Right Click on the Project Name->Select Show Project View->Under the WS Security Configurations->Go to Keystore and certificates and add the Private Key
19) In SOAP UI under the operation name, in the Request, in stead of providing user credentials, choose the private key name against the SSL Keystore entry.
20) Before you execute the scenario make sure you have chosen the HTTPS url and https port is proper. Usually its 443, but some customers configure their own port.
Scenario should work now. Else if you track it using XPI Inspector, you can find out easily at which step it has gone wrong.
Good Luck!!
Best Regards,
Sundar

SOAP Adapter - HTTPS w/ client authentication -SSL termination @ dispatcher

Hi,
We have a SOAP client sending SOAP message over SSL to PI. We are using client cert for authentication, but terminating SSL at web dispatcher. In this scenario, i) do we need to configure security for XISOAPADAPTER in Visual admin on PI and ii) do we need to set HTTPS with client authentication security option in SOAp Sender communication channel?
My understanding is that since we are terminatinating SSL at web dispatcher (Server authentication happens between third-party gateway and our gateway and when web dispatcher terminates SSL, client cert for auth is passed via httpheader to PI where it is mapped to UME user with sufficient authorizations) we don't need to set the XISOAPADAPTER security (if it is end-to-end ssl we would i guess set up in V. Admin>Security provider service>clientcertloginmodule for XISOAPADAPTER) and we don't need to set the sender channel as https with client authentication ( it should just be http in SOAP sender channel).
Is my understanding correct? I will really appreciate any clues?
Thanks,
Saurabh

Hi saurabh
follow these links to SAP note
these will be helpful for you
Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
regards
Sandeep
If helpful kindly reward points

HTTPS communication for Adobe Offline form with SAP ABAP WAS

Hi Experts,
Can we use HTTPS communication method to call a SAP ABAP Web Service from an Adobe offline form?
Example : I have a SUBMIT button in my Adobe offline form and when clicked, it populates a sales order number in the form.
Here my SAP ABAP server from where it reads the info is using HTTPS communication method. Now if i use the same service with HTTP it works fine but if i switch the service to use HTTPS it shows me an error "Error attempting to read from file. <https://FQDN/<service name> .
I am using self-signed SSL server certificate from SAP ABAP server. But here i also see a certificate error in my browser (IE 7.0) saying "Untrusted Certificate". Is this the reason for my above issue?
I could not find any post in SDN giving me the answer.
Regards,
Hobin

Hi,
The Certificates are already imported into the Trusted Certificates Section. But the real Issue is regading the Adobe Offline forms. If I open the Adobe Offline forms in the Adobe reader 9.0 and the Web Service call is made based on the Https:// . It saying "Error attempting to Read the file". The Fully qualified domain name is also provided VA. I have tried to import the certificates to Adobe Reader's - Trust Identities but still it is not working . If I switch the webservice authentication method to Http:// then it would work. ADS is already configured with SSL. And the HTTPS:// based WebService embedded in the Adobe Interactive Form is working ,if the form is Online in the Browser (integrated in the Webdynpro Abap UI element).
Is there any other way to Add SSL Certificates to Adobe Reader , so that Https:/ based webservice will work if the Form is opened in Adobe Reader 9.0.
Regards,
Hobs

Applet hangs during https communication

I have an application using applet to servlet communication,the https communication is established by URLConnection.However after certain time of communication the applet just hangs at getOutputStream .without any error or exception.
The environment is JRE 1.4.2_07 and Tomcat with SSL enabled.I spent lot of time tracking this bug but could not find any answer.
I want to bring to your notice that getOutputStream() hangs or blocks only for https but works fine with http,also not during start of applet but after changing the applet state.I assume it may not be the problem from URLConnection may be the applet looses the https authentication during state change and hangs in connect or getOutputStream().we are considering to move to HttpClient but not sure if its going to resolve this problem.Any ideas ar appreciated.
many thanks.

As requested here is the full trace , marked in bold where the communication is hanging.The applet has loaded twice in this case. Any comments will be helpful as its very urgent.
Java(TM) Plug-in: Version 1.4.2_07
Using JRE version 1.4.2_07 Java HotSpot(TM) Client VM
User home directory = C:\Dokumente und Einstellungen\jmohammad.SSOL
Loading user-defined proxy configuration ...
Done.
Loading proxy configuration from Internet Explorer ...
Done.
Loading direct proxy configuration ...
Done.
Proxy Configuration: No proxy
Cache is disabled by user
Dump system properties ...
acl.read = +
acl.read.default =
acl.write = +
acl.write.default =
application.home = C:\PROGRA~1\Java\J2RE14~1.2_0
awt.toolkit = sun.awt.windows.WToolkit
browser = sun.plugin
browser.vendor = Sun Microsystems, Inc.
browser.version = 1.1
deployment.browser.path = C:\Programme\Internet Explorer\iexplore.exe
deployment.browser.vm.iexplorer = true
deployment.browser.vm.mozilla = true
deployment.cache.max.size = 0
deployment.console.startup.mode = SHOW
deployment.javapi.cache.enabled = false
deployment.javapi.jre.1.5.0_05.args =
deployment.javapi.jre.1.5.0_05.osarch = x86
deployment.javapi.jre.1.5.0_05.osname = Windows
deployment.javapi.jre.1.5.0_05.path = C:\Programme\Java\jre1.5.0_05
deployment.javapi.lifecycle.exception = true
deployment.javaws.jre.0.enabled = true
deployment.javaws.jre.0.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.osarch = x86
deployment.javaws.jre.0.osname = Windows
deployment.javaws.jre.0.path = C:\Programme\Java\j2re1.4.2_07\bin\javaw.exe
deployment.javaws.jre.0.platform = 1.4
deployment.javaws.jre.0.product = 1.4.2_07
deployment.javaws.jre.0.registered = true
deployment.javaws.jre.1.enabled = true
deployment.javaws.jre.1.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.osarch = x86
deployment.javaws.jre.1.osname = Windows
deployment.javaws.jre.1.path = C:\IDE\jdk1.3.1\jre\bin\javaw.exe
deployment.javaws.jre.1.platform = 1.3
deployment.javaws.jre.1.product = 1.3.1
deployment.javaws.jre.1.registered = true
deployment.javaws.jre.2.enabled = true
deployment.javaws.jre.2.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.2.osarch = x86
deployment.javaws.jre.2.osname = Windows
deployment.javaws.jre.2.path = C:\Programme\Java\jre1.5.0_05\bin\javaw.exe
deployment.javaws.jre.2.platform = 1.5
deployment.javaws.jre.2.product = 1.5.0_05
deployment.javaws.jre.2.registered = true
deployment.javaws.splash.cache = C:\Dokumente und Einstellungen\jmohammad\Anwendungsdaten\Sun\Java\Deployment\javaws\cache\splashes\splash.xml
deployment.javaws.splash.index = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache\javaws\splash\splash.xml
deployment.javaws.version = javaws-1.4.2_07
deployment.javaws.viewer.bounds = 0,0,687,497
deployment.system.cacerts = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
deployment.system.home = C:\WINDOWS\Sun\Java\Deployment
deployment.system.jssecacerts = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
deployment.system.profile = C:\WINDOWS
deployment.system.security.policy = file:/C:/WINDOWS/Sun/Java/Deployment/security/java.policy
deployment.system.tray.icon = true
deployment.user.cachedir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache
deployment.user.certs = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.certs
deployment.user.extdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\ext
deployment.user.home = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment
deployment.user.jssecerts = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
deployment.user.logdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\log
deployment.user.profile = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten
deployment.user.security.policy = file:/C:/Dokumente%20und%20Einstellungen/jmohammad.SSOL/Anwendungsdaten/Sun/Java/Deployment/security/java.policy
deployment.user.tmpdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache\tmp
deployment.version = 1.5.0
file.encoding = Cp1252
file.encoding.pkg = sun.io
file.separator = \
file.separator.applet = true
http.agent = Mozilla/4.0 (Windows XP 5.1)
http.auth.serializeRequests = true
https.protocols = SSLv3,SSLv2Hello
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.awt.printerjob = sun.awt.windows.WPrinterJob
java.class.path = C:\PROGRA~1\Java\J2RE14~1.2_0\classes
java.class.version = 48.0
java.class.version.applet = true
java.endorsed.dirs = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\endorsed
java.ext.dirs = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\ext
java.home = C:\PROGRA~1\Java\J2RE14~1.2_0
java.io.tmpdir = C:\DOKUME~1\JMOHAM~1.SSO\LOKALE~1\Temp\
java.library.path = C:\Programme\Internet Explorer;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Programme\Internet Explorer;;C:\j2sdk1.4.2\bin;C:\apache-ant-1.5.3\bin;C:\oracle\ora92\bin;C:\Programme\Oracle\jre\1.3.1\bin;C:\Programme\Oracle\jre\1.1.8\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\ULTRAE~1;C:\tools
java.protocol.handler.pkgs = sun.plugin.net.protocol|sun.plugin.net.protocol
java.runtime.name = Java(TM) 2 Runtime Environment, Standard Edition
java.runtime.version = 1.4.2_07-b05
java.specification.name = Java Platform API Specification
java.specification.vendor = Sun Microsystems Inc.
java.specification.version = 1.4
java.util.prefs.PreferencesFactory = java.util.prefs.WindowsPreferencesFactory
java.vendor = Sun Microsystems Inc.
java.vendor.applet = true
java.vendor.url = http://java.sun.com/
java.vendor.url.applet = true
java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi
java.version = 1.4.2_07
java.version.applet = true
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) Client VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Sun Microsystems Inc.
java.vm.version = 1.4.2_07-b05
javaplugin.cache.disabled = true
javaplugin.cache.size = 0
javaplugin.console = show
javaplugin.exception = true
javaplugin.jre.params = -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
javaplugin.jre.path = Default
javaplugin.jre.type = Default
javaplugin.maxHeapSize = 96m
javaplugin.nodotversion = 142_07
javaplugin.proxy.config.type = direct
javaplugin.proxy.usebrowsersettings = true
javaplugin.trace = true
javaplugin.trace.option = basic|net|security|ext|liveconnect
javaplugin.version = 1.4.2_07
javaplugin.vm.options = -Djava.class.path=C:\PROGRA~1\Java\J2RE14~1.2_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\J2RE14~1.2_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.4.2_07 -Djavaplugin.nodotversion=142_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\J2RE14~1.2_0 -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect -Djava.protocol.handler.pkgs=sun.plugin.net.protocol
line.separator = \r\n
line.separator.applet = true
os.arch = x86
os.arch.applet = true
os.name = Windows XP
os.name.applet = true
os.version = 5.1
os.version.applet = true
package.restrict.access.netscape = false
package.restrict.access.sun = true
package.restrict.definition.java = true
package.restrict.definition.netscape = true
package.restrict.definition.sun = true
path.separator = ;
path.separator.applet = true
sun.arch.data.model = 32
sun.boot.class.path = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\rt.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\i18n.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\sunrsasign.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\jsse.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\jce.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\charsets.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\classes;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\plugin.jar
sun.boot.library.path = C:\PROGRA~1\Java\J2RE14~1.2_0\bin
sun.cpu.endian = little
sun.cpu.isalist = pentium i486 i386
sun.io.unicode.encoding = UnicodeLittle
sun.java2d.fontpath =
sun.net.client.defaultConnectTimeout = 120000
sun.os.patch.level = Service Pack 2
trustProxy = true
user.country = US
user.dir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Desktop
user.home = C:\Dokumente und Einstellungen\jmohammad.SSOL
user.language = en
user.name = jmohammad
user.timezone =
user.variant =
Done.
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
Registered modality listener
Invoking JS method: document
Invoking JS method: URL
Referencing classloader: sun.plugin.ClassLoaderInfo@14acfcd, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
Connecting https://10.96.8.57:8443/SIThreePViewer/applets/PassThru_1_01.jar with no proxy
Connecting https://10.96.8.57:8443/SIThreePViewer/applets/PassThru_1_01.jar with cookie "JSESSIONID=243FF5B4D70B9F9F97DE12DEC05FF456"
Loading Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loaded Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loading Https Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loaded Https Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loading JPI Https certificates from C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
Loaded JPI Https certificates from C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
Loading certificates from JPI session certificate store
Loaded certificates from JPI session certificate store
Checking if certificate is in JPI session certificate store
Checking if Https certificate is in JPI permanent certificate store
Check if certificate can be verified using certificates in Root CA certificate store
Certificate to be verified:
Version: V1
Subject: CN=Boris Pradl, OU=WEB, O=Dr. Ing. h.c. F. Porsche AG, L=Stuttgart, ST=Baden-Wuerttemberg, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c35e99d0 2f5798b0 30592005 1e84fb5f a57c2db9 a970b747 a8766e74 eafe7624
2232e7f1 2896022a 49596866 b1ac4ebd f7a3f884 16025e27 d080c50b 86402262
3c354699 4ca6542d d36c9155 31dd8d53 01539ff8 04ebbd40 5c243a33 4fb3d907
e4b454e9 038cff6b 6ce3166a 9652d24a 9ce66fee c8bbf6f5 63bf7e4a 27ba744d
Validity: [From: Thu Dec 02 09:03:44 CET 2004,
               To: Wed Mar 02 09:03:44 CET 2005]
Issuer: CN=Boris Pradl, OU=WEB, O=Dr. Ing. h.c. F. Porsche AG, L=Stuttgart, ST=Baden-Wuerttemberg, C=DE
SerialNumber: [    41aecc60]
Algorithm: [MD5withRSA]
Signature:
0000: 42 D6 0E 25 E3 18 C3 F4 FF 93 CC CA 08 44 F8 8E B..%.........D..
0010: 03 BD 37 4E 73 01 ED 1F 8A 18 71 55 41 EE 7E B1 ..7Ns.....qUA...
0020: 33 22 CD 7E E4 81 DC 06 9C F6 A3 32 90 79 82 23 3".........2.y.#
0030: E1 69 2C 8B A0 11 4E 2A 06 AE 8E 5C AC 54 F6 2D .i,...N*...\.T.-
0040: 9F 64 AA 33 51 EB 4C 65 00 4C CC 5E B7 5B 58 5D .d.3Q.Le.L.^.[X]
0050: 12 C7 B5 7F A9 28 18 E2 35 51 07 D7 A1 11 A6 01 .....(..5Q......
0060: DD 88 38 05 AD B4 5E EC 88 E0 7C 66 5C 5E B5 82 ..8...^....f\^..
0070: EA B8 CF 5A 6A 9E 1B F6 9A CF E0 63 40 0C 3F CA ...Zj......c@.?.
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
ce2f19bc 17b777de 93a95f5a 0d174f34 1a0c98f4 22d959d4 c46846f0 b435c585
0320c6af 45a52151 4541eb16 5836326f e2506264 f9fd519c aa24d9f4 9d832a87
0a21d312 38346c8d 006e5aa0 d942ee1a 2195f952 4c555ac5 0f384f46 fa6df82e
35d61d7c ebe2f0b0 7580c8a9 13acbe88 ef3a6eab 5f2a3862 02b0127b fe8fa603
Validity: [From: Mon Jun 21 06:00:00 CEST 1999,
               To: Sun Jun 21 06:00:00 CEST 2020]
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
SerialNumber: [    04]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4A 78 32 52 11 DB 59 16 36 5E DF C1 14 36 40 6A Jx2R..Y.6^...6@j
0010: 47 7C 4C A1 G.L.
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A 78 32 52 11 DB 59 16 36 5E DF C1 14 36 40 6A Jx2R..Y.6^...6@j
0010: 47 7C 4C A1 G.L.
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 75 5B A8 9B 03 11 E6 E9 56 4C CD F9 A9 4C C0 0D u[......VL...L..
0010: 9A F3 CC 65 69 E6 25 76 CC 59 B7 D6 54 C3 1D CD ...ei.%v.Y..T...
0020: 99 AC 19 DD B4 85 D5 E0 3D FC 62 20 A7 84 4B 58 ........=.b ..KX
0030: 65 F1 E2 F9 95 21 3F F5 D4 7E 58 1E 47 87 54 3E e....!?...X.G.T>
0040: 58 A1 B5 B5 F8 2A EF 71 E7 BC C3 F6 B1 49 46 E2 X....*.q.....IF.
0050: D7 A0 6B E5 56 7A 9A 27 98 7C 46 62 14 E7 C9 FC ..k.Vz.'..Fb....
0060: 6E 03 12 79 80 38 1D 48 82 8D FC 17 FE 2A 96 2B n..y.8.H.....*.+
0070: B5 62 A6 A6 3D BD 7F 92 59 CD 5A 2A 82 B2 37 79 .b..=...Y.Z*..7y
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
dd84d4b9 b4f9a7d8 f304789c de3ddc6c 1316d97a dd245166 c0c72659 0dac0608
c294d133 1ff08335 1f6e1bc8 deaa6e15 4e5427ef c46d1aec 0be30ef0 44a557c7
40581ea3 471f71ec 60f66d94 c81839ed fe421856 dfe44c49 10784e01 76356312
36dd66bc 010436a3 5568d5a2 3609acab 21265406 ad3fca14 e0accaad 061d95e2
f89df1e0 60ffc27f 752b4ccc dafe8799 21eabafe 3e54d7d2 5978db3c 6ecfa013
001ab827 a1e4be67 96caa0c5 b39cddc9 759eeb30 9a5fa3cd d9ae7819 3f23e95c
db29bdad 55c81b54 8c63f6e8 a6eac737 125ca329 1e02d9db 1f3bb4d7 0f564781
15044aaf 8327d1c5 5888c1dd f6aaa7a3 18da68aa 6d1151e1 bf656b9f 9676d13d
Validity: [From: Fri Oct 01 02:00:00 CEST 1999,
               To: Thu Jul 17 01:59:59 CEST 2036]
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [    8b5b7556 8454850b 00cfaf38 48ceb1a4]
Algorithm: [SHA1withRSA]
Signature:
0000: AB 66 8D D7 B3 BA C7 9A B6 E6 55 D0 05 F1 9F 31 .f........U....1
0010: 8D 5A AA D9 AA 46 26 0F 71 ED A5 AD 53 56 62 01 .Z...F&.q...SVb.
0020: 47 2A 44 E9 FE 3F 74 0B 13 9B B9 F4 4D 1B B2 D1 G*D..?t.....M...
0030: 5F B2 B6 D2 88 5C B3 9F CD CB D4 A7 D9 60 95 84 _....\.......`..
0040: 3A F8 C1 37 1D 61 CA E7 B0 C5 E5 91 DA 54 A6 AC :..7.a.......T..
0050: 31 81 AE 97 DE CD 08 AC B8 C0 97 80 7F 6E 72 A4 1............nr.
0060: E7 69 13 95 65 1F C4 93 3C FD 79 8F 04 D4 3E 4F .i..e...<.y...>O
0070: EA F7 9E CE CD 67 7C 4F 65 02 FF 91 85 54 73 C7 .....g.Oe....Ts.
0080: FF 36 F7 86 2D EC D0 5E 4F FF 11 9F 72 06 D6 B8 .6..-..^O...r...
0090: 1A F1 4C 0D 26 65 E2 44 80 1E C7 9F E3 DD E8 0A ..L.&e.D........
00A0: DA EC A5 20 80 69 68 A1 4F 7E E1 6B CF 07 41 FA ... .ih.O..k..A.
00B0: 83 8E BC 38 DD B0 2E 11 B1 6B B2 42 CC 9A BC F9 ...8.....k.B....
00C0: 48 22 79 4A 19 0F B2 1C 3E 20 74 D9 6A C3 BE F2 H"yJ....> t.j...
00D0: 28 78 13 56 79 4F 6D 50 EA 1B B0 B5 57 B1 37 66 (x.VyOmP....W.7f
00E0: 58 23 F3 DC 0F DF 0A 87 C4 EF 86 05 D5 38 14 60 X#...........8.`
00F0: 99 A3 4B DE 06 96 71 2C F2 DB B6 1F A4 EF 3F EE ..K...q,......?.
Comparing certificate against Root CA certificate:
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
a7880121 742ce71a 03f098e1 973c0f21 08f19cdb 97e99afc c2040613 be5f52c8
cc1e2c12 562cb801 692ccc99 1fadb096 ae7904f2 1339c17b 98ba082c e8c28413
2caa69e9 09f4c7a9 02a442c2 234f4ad8 f00ea2fb 316cc9e6 6f992707 f5e6f44c
789e6deb 4686fab9 86c954f2 b2c4afd4 461c5ac9 1530ff0d 6cf52d0e 6dce7f77
Validity: [From: Mon May 18 02:00:00 CEST 1998,
               To: Wed Aug 02 01:59:59 CEST 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [    b92f60cc 889fa17a 4609b85b 706c8aaf]
Algorithm: [SHA1withRSA]
Signature:
0000: 72 2E F9 7F D1 F1 71 FB C4 9E F6 C5 5E 51 8A 40 r.....q.....^Q.@
0010: 98 B8 68 F8 9B 1C 83 D8 E2 9D BD FF ED A1 E6 66 ..h............f
0020: EA 2F 09 F4 CA D7 EA A5 2B 95 F6 24 60 86 4D 44 ./......+..$`.MD
0030: 2E 83 A5 C4 2D A0 D3 AE 78 69 6F 72 DA 6C AE 08 ....-...xior.l..
0040: F0 63 92 37 E6 BB C4 30 17 AD 77 CC 49 35 AA CF .c.7...0..w.I5..
0050: D8 8F D1 BE B7 18 96 47 73 6A 54 22 34 64 2D B6 .......GsjT"4d-.
0060: 16 9B 59 5B B4 51 59 3A B3 0B 14 F4 12 DF 67 A0 ..Y[.QY:......g.
0070: F4 AD 32 64 5E B1 46 72 27 8C 12 7B C5 44 B4 AE ..2d^.Fr'....D..
Comparing certificate against Root CA certificate:
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
d0b275f6 78d0ae5a 50f4e950 a99f8cd7 ef919470 e8d22490 768985d6 dface601
173280f0 9d9347bc 9a659d1f 97aebfe9 86756320 89bd8058 9d040c9d a8c124e9
0be53178 bdfc2d0c 376a9e78 80e94675 f9eda3fb 137bc8c1 4cd2a3ef f53cb062
8f4a5d3b dd95678f 13b9c13c d6a7269b ecc33b7a d94dbc6d 9be81501 e3f047a9
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
               To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [    02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1   2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B   97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54   0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61   C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
cbba9c52 fc781f1a 1e6f1b37 73bdf8c9 6b941230 4ff03647 f5d0910a f517c8a5
61c11640 4dfb8a61 90e57620 c111067d ab2c6ea6 f511418e fa2dad2a 6159a467
264cd0e8 bc525b70 200458d1 7ac9a469 bc831764 ad058bbc d058ce8d 8cf5ebf0
42490b9d 97276732 6ee1ae93 151c70bc 204d2f18 de9288e8 6c855711 1ae97ee3
261154a2 45965583 ca3089e8 dcd8a3ed 2a803f7f 7965573e 15206608 2f9593bf
aa472fa8 4697f012 e2fec20a 2b51e676 e6b746b7 e20da6cc a8c34c59 5589e6e8
535c1cea 9df06216 0ba7c95f 0cf0dec2 76ceaff7 6af2fa41 a6a23314 c9e57a63
d39e6237 d585659e 0ee65324 741b5e1d 12535bc7 2ce78349 3b15ae8a 68b95797
Validity: [From: Fri Oct 01 02:00:00 CEST 1999,
               To: Thu Jul 17 01:59:59 CEST 2036]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [    9b7e0649 a33e62b9 d5ee9048 7129ef57]
Algorithm: [SHA1withRSA]
Signature:
0000: 11 14 96 C1 AB 92 08 F7 3F 2F C9 B2 FE E4 5A 9F ........?/....Z.
0010: 64 DE DB 21 4F 86 99 34 76 36 57 DD D0 15 2F C5 d..!O..4v6W.../.
0020: AD 7F 15 1F 37 62 73 3E D4 E7 5F CE 17 03 DB 35 ....7bs>.._....5
0030: FA 2B DB AE 60 09 5F 1E 5F 8F 6E BB 0B 3D EA 5A .+..`._._.n..=.Z
0040: 13 1E 0C 60 6F B5 C0 B5 23 22 2E 07 0B CB A9 74 ...`o...#".....t
0050: CB 47 BB 1D C1 D7 A5 6B CC 2F D2 42 FD 49 DD A7 .G.....k./.B.I..
0060: 89 CF 53 BA DA 00 5A 28 BF 82 DF F8 BA 13 1D 50 ..S...Z(.......P
0070: 86 82 FD 8E 30 8F 29 46 B0 1E 3D 35 DA 38 62 16 ....0.)F..=5.8b.
0080: 18 4A AD E6 B6 51 6C DE AF 62 EB 01 D0 1E 24 FE .J...Ql..b....$.
0090: 7A 8F 12 1A 12 68 B8 FB 66 99 14 14 45 5C AE E7 z....h..f...E\..
00A0: AE 69 17 81 2B 5A 37 C9 5E 2A F4 C6 E2 A1 5C 54 .i..+Z7.^*....\T
00B0: 9B A6 54 00 CF F0 F1 C1 C7 98 30 1A 3B 36 16 DB ..T.......0.;6..
00C0: A3 6E EA FD AD B2 C2 DA EF 02 47 13 8A C0 F1 B3 .n........G.....
00D0: 31 AD 4F 1C E1 4F 9C AF 0F 0C 9D F7 78 0D D8 F4 1.O..O......x...
00E0: 35 56 80 DA B7 6D 17 8F 9D 1E 81 64 E1 FE C5 45 5V...m.....d...E
00F0: BA AD 6B B9 0A 7A 4E 4F 4B 84 EE 4B F1 7D DD 11 ..k..zNOK..K....
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
9374b4b6 e4c54bd6 a1687f62 d5ecf751 57b3724a 98f5d089 c9ad63cd 4d35516a
84d4adc9 68796fb8 eb11db87 ae5c2451 13f15425 84af292b 9fe380e2 d9cbddc6
45493488 905e0197 efea53a6 ddfcc1de 4b2a25e4 e935fa55 0506e589 7aeaa411
573bfc7c 3d36cd67 356da4a9 2559bd66 f5f927e4 9567d63f 92805ef2 347d2b85
Validity: [From: Mon Feb 07 17:16:40 CET 2000,
               To: Fri Feb 07 17:46:40 CET 2020]
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [    389ef6e4]
Certificate Extensions: 8
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 30 0E 1B 08 56 35 2E 30 3A 34 2E 30 03 02 ..0...V5.0:4.0..
0010: 04 90 ..
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 84 8B 74 FD C5 8D C0 FF 27 6D 20 37 45 7C FE 2D ..t.....'m 7E..-
0010: CE BA D3 7D ....
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 84 8B 74 FD C5 8D C0 FF 27 6D 20 37 45 7C FE 2D ..t.....'m 7E..-
0010: CE BA D3 7D ....
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Mon Feb 07 17:16:40 CET 2000, To: Fri Feb 07 17:46:40 CET 2020]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 4E 6F 35 80 3B D1 8A F5 0E A7 20 CB 2D 65 55 D0 No5.;..... .-eU.
0010: 92 F4 E7 84 B5 06 26 83 12 84 0B AC 3B B2 44 EE ......&.....;.D.
0020: BD CF 40 DB 20 0E BA 6E 14 EA 30 E0 3B 62 7C 7F ..@. ..n..0.;b..
0030: 8B 6B 7C 4A A7 D5 35 3C BE A8 5C EA 4B BB 93 8E .k.J..5<..\.K...
0040: 80 66 AB 0F 29 FD 4D 2D BF 1A 9B 0A 90 C5 AB DA .f..).M-........
0050: D1 B3 86 D4 2F 24 52 5C 7A 6D C6 F2 FE E5 4D 1A ..../$R\zm....M.
0060: 30 8C 90 F2 BA D7 4A 3E 43 7E D4 C8 50 1A 87 F8 0.....J>C...P...
0070: 4F 81 C7 76 0B 84 3A 72 9D CE 65 66 97 AE 26 5E O..v..:r..ef..&^
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
950fa0b6 f0509ce8 7ac788cd dd170e2e b094d01b 3d0ef694 c08a94c7 06c89097
c8b8641a 7a7e6c3c 53e13728 73607fb2 9753079f 53f96d58 94d2af8d 6d886780
e6edb295 cf7231ca a51c72ba 5c02e764 42e7f9a9 2cd63a0d ac8d42aa 240139e6
9c3f0185 570d5887 45f8d385 aa936926 85704880 3f1215c7 79b41f05 2f3b6299
Validity: [From: Thu Aug 13 02:29:00 CEST 1998,
               To: Tue Aug 14 01:59:00 CEST 2018]
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
SerialNumber: [    01a5]
Algorithm: [MD5withRSA]
Signature:
0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.*<H
0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 [email protected].
0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....\
0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ...........\.m..
0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c7c15f4e 71f1cef0 60860fd2 587fd333 972d17a2 7530b596 64262f68 c344aba8
75e60067 34579e65 c7229b73 e6d3dd08 0e3755aa 2546816c bdfea8f6 7557578c
906c4ac3 3e8b4b43 0ac91156 9a9a2722 99cf559e 61d902e2 7cb67c38 07dce37f
4f9ab903 4180b675 67130b9f e85736c8 5d0036de 6614da6e 761f4f37 8c821389
Validity: [From: Fri Feb 04 18:20:00 CET 2000,
               To: Tue Feb 04 18:50:00 CET 2020]
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [    389b113c]
Certificate Extensions: 8
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 30 0E 1B 08 56 35 2E 30 3A 34 2E 30 03 02 ..0...V5.0:4.0..
0010: 04 90 ..
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CB 6C C0 6B E3 BB 3E CB FC 22 9C FE FB 8B 92 9C .l.k..>.."......
0010: B0 F2 6E 22 ..n"
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CB 6C C0 6B E3 BB 3E CB FC 22 9C FE FB 8B 92 9C .l.k..>.."......
0010: B0 F2 6E 22 ..n"
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri Feb 04 18:20:00 CET 2000, To: Tue Feb 04 18:50:00 CET 2020]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 62 DB 81 91 CE C8 9A 77 42 2F EC BD 27 A3 53 0F b......wB/..'.S.
0010: 50 1B EA 4E 92 F0 A9 AF A9 A0 BA 48 61 CB EF C9 P..N.......Ha...
0020: 06 EF 1F D5 F4 EE DF 56 2D E6 CA 6A 19 73 AA 53 .......V-..j.s.S
0030: BE 92 B3 50 02 B6 85 26 72 63 D8 75 50 62 75 14 ...P...&rc.uPbu.
0040: B7 B3 50 1A 3F CA 11 00 0B 85 45 69 6D B6 A5 AE ..P.?.....Eim...
0050: 51 E1 4A DC 82 3F 6C 8C 34 B2 77 6B D9 02 F6 7F Q.J..?l.4.wk....
0060: 0E EA 65 04 F1 CD 54 CA BA C9 CC E0 84 F7 C8 3

How do I bind to directory server with SSL and authentication?

I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
Here are the problems:
1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
2) I was never prompted to authenticate for the directory binding.
So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
Thank you.

You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
Cheers,
Vikas

Hi to everybody, I'm new of the community and I'd like to know if anybody could help me with this issue. I have differente itunes libraries stored in differente hard disks, and I' d like to merge them all in one unique library

Hi, I' m new of the community and I hope I'm not asking something that has been already discussed. I have different iTunes libraries on different hard disks and I would like to merge them in an unique library - mantaining all the metadata - so that I can use this new one with iTunes Match. Could anybody help me?

PowerTunes - http://www.fatcatsoftware.com/powertunes/ (commercial software)
syncOtunes - http://homepage.mac.com/oligrob/syncOtunes/syncOtunes.html
Alison 1231, your question is not identical to the original poster's so perhaps you could start a new topic with the question since the answers will be different and not apply to the OP's post.

Https communication and authentication

Similar Messages

Maybe you are looking for