My program turn on with a Certificate expirated.

Similar Messages

• Problems with auto-enroll with the certificate expiration

  Hello,
  we have routers that work with certificates. We have problems with the auto-enroll when the certificates go to expire.
  ?Can somebody help?
  I can send mor debug o configurations.
  We attach a debug.
  Very thanks

  Hello,
  I attach the debug.
  Very thanks

• ASA-SSM-10 with IME: certificate expiration

  ASDM and IDM work fine with my SSM. I'm attempting to add my SSM as a new device into (just installed) IME 7.0.1. Dialog box says:
  IOException when try to get certificate: java.security.cert.CertificateExpired Exception: NotAfter: Tue Jul 28 04:44:51 EDT 2009
  What is the issue here, and how do I fix it?
  Thanks in advance,
  -- Bill

  Found answer to this, via Cisco Service Request. Used CLI on AIP-SSM:
  sensor# tls generate-key
  Then I refreshed sensor details in IME, tried adding a new device and all worked fine. IME has the AIP-SSM reporting I was after, so - good deal.

• Computer certificates expiring within 6 weeks disappearing from machines when computer certificates from two certificate authorities are present

  2008 R2 single tier enterprise certificate authority with root certificate expiring within 6 weeks, also domain controller
  2012 R2 single tier enterprise certificate authority with root certificate valid for more than the next year, also domain controller
  Both servers are approved as certificate authorities for the domain and can issue computer certificates using the computer certificate template. There is a group policy object applied to all workstations that contains an automatic computer certificate request,
  but the actual "certificate services client auto-enrollment" element is "not configured". This process seems to work like a round robin in that computers with no certificate can wind up with a certificate from either certificate
  authority. I need all PCs to have both certs for a DirectAccess migration. I have successfully used SCCM to ensure all PCs have both certificates using compliance rules and a script using certreq.exe.
  A machine will keep both certs until the older computer certificate moves into the 6 week window of expiration, then it gets purged. I have observed this behavior for over a month, even when the CA root certificate wasn't so close to expiring. I
  can't figure out what setting is triggering the purge, but need to stop it. Maybe it's coming from default settings in local machine policy for an element that should be disabled in the group policy object supplying the automatic certificate request?
  The worst part of this issue is that I can't recreate the purging behavior with gpupdates or restarts on my test machines.

  You should not be using Automatic Certificate Request Service (ACRS) for this - it was designed for Windows 2000 and is generally deprecated. Secondly, the reason it is acting like a round-robin as you describe it, is that templates are generally configured
  to attempt to renew within 6 weeks of their expiration. Since the 2008 R2 CA is expiring within 6 weeks, it cant issue anything longer than its own remaining lifetime. It is a well known issue that issuing a certificate within the renewal period will cause
  problems.
  What you should do it use AutoEnrollment and issue a certificate with a very small renewal period (1 week perhaps) by creating a custom V2 template and issuing that from your 2008 R2 CA. Then on the 2012 R2 CA you will need ANOTHER template, as the computer
  will only enroll for a certificate from each template. This one can be configured with a normal lifetime and renewal period.
  Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

• Asa ssh/vnc plugins digital certificates expired

  Hi,
  we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
  We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
  (ssh-plugin.08030, vnc-plugin.080130).
  Are newer ones available?
  Thanks
  Dorothea

  BTW this could be of help:
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
  You probably want to install a code signer certificate.
  While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

• FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired

  FNPLicensingService.exe associated with Acrobat 9 Standard - unverified ... certificate expired
  Why is this?

  Thanks.  That worked!   Back in the sunshine again
  The message is as seen below : "signature is timestamped but TS has expired"
  I am assuming this is the right message.  If not, do respond.

• Portal Certificate Expired with NO VA running!!!

  Hi All,
  I got one issue about Portal certificate expiration, for which SSO is not working b/w Portal and R3.
  As working on Solaris, required to re-generate the Keystore Certificate via Visual Admin, but WHAT!!!
  I am not able to run it, it says that JAVA_HOME needs to be set.
  Done (Set) but still am not able to see that VA screen. Tried thru root and SIDADM (recommended) also, but couldnt... which is turning my head 360 degrees.
  Well request you all to share your good experiences thru which i may be able to resolve the issue which is pending past 2 days and no proceedings since...
  And i guess there is no way out to increase the validity of certificate without VA. OR is there any????
  Thanks
  Piyush

  hi Anil,
  i got,
  /usr/java
  we ran the command "./go" to start visual admin, which inturn shows the error as below
  4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : console output st
  ream will not be logged into a file; there was an error opening the log file
  java.io.FileNotFoundException: /usr/sap/EPD/JC01/j2ee/admin/log/console_logs/out
  put.log (Permission denied)
          at java.io.FileOutputStream.open(Native Method)
          at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
          at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
          at com.sap.engine.tools.launcher.Launcher.initLogs(Launcher.java:636)
          at com.sap.engine.tools.launcher.Launcher.init(Launcher.java:198)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:113)
  4/7/10 12:09 PM com.sap.engine.tools.launcher.Launcher Error : unable to invoke
  main class  com.sap.engine.services.adminadapter.gui.AdminFrameView
  Exception in thread "main" com.sap.engine.tools.launcher.LauncherException
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:340)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  caused by -
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
  .0' as the value of the DISPLAY variable.
          at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
          at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
  34)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:141)
          at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
  ronment.java:62)
          at java.awt.Window.init(Window.java:231)
          at java.awt.Window.<init>(Window.java:275)
          at java.awt.Frame.<init>(Frame.java:401)
          at java.awt.Frame.<init>(Frame.java:366)
          at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
          at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
  37)
          at javax.swing.JWindow.<init>(JWindow.java:160)
          at javax.swing.JWindow.<init>(JWindow.java:112)
          at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
  ow.java:12)
          at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
  meView.java:234)
          ... 6 more
  caused by -
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at com.sap.engine.tools.launcher.Launcher.launch(Launcher.java:336)
          at com.sap.engine.tools.launcher.Launcher.main(Launcher.java:114)
  Caused by: java.lang.InternalError: Can't connect to X11 window server using ':0
  .0' as the value of the DISPLAY variable.
          at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
          at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:1
  34)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:141)
          at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvi
  ronment.java:62)
          at java.awt.Window.init(Window.java:231)
          at java.awt.Window.<init>(Window.java:275)
          at java.awt.Frame.<init>(Frame.java:401)
          at java.awt.Frame.<init>(Frame.java:366)
          at javax.swing.SwingUtilities$1.<init>(SwingUtilities.java:1641)
          at javax.swing.SwingUtilities.getSharedOwnerFrame(SwingUtilities.java:16
  37)
          at javax.swing.JWindow.<init>(JWindow.java:160)
          at javax.swing.JWindow.<init>(JWindow.java:112)
          at com.sap.engine.services.adminadapter.gui.AboutWindow.<init>(AboutWind
  ow.java:12)
          at com.sap.engine.services.adminadapter.gui.AdminFrameView.main(AdminFra
  meView.java:234)
          ... 6 more
  Regards
  Piyush

• SSL Re-encryption with Portal and Web Dispatcher: certificate expired

  Hello,
  I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
  - is it correct that it uses localhost or am I missing anything?
  - How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
  Thanks,
  Ingrid

  Hi,
  Go thru the contents of SAP Note,
  685306 -Enabling SSL and renewing the J2EE certificate
  And also the help contents in,
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  These might of some help to you !
  Regards
  Srinivasan T

• Preorderin​g game with reward certificat​e set to expire

  Hello,
  Thanks for all the help with the other questions so far. I have a reward certificate that is set to expire. Am I allowed to apply that certificate to a pre-order even though the game releases after the certificate expires?
  Thank you

  Hey again Kyle5575,
  Good question! When placing an order on BestBuy.com, funds aren't normally collected until the requested items have been shipped or picked up at one of our U.S. retail stores. Any portion of the order total paid for using gift cards or reward certificates, however, is collected when the order is submitted. These payment types do not follow the same authorization process as traditional debit or credit cards and are instantly redeemed when used.
  In other words: no need to worry! Your certificate will be automatically applied to your order as soon as it's been placed.
  Let me know if you have any other questions.
  Aaron|Social Media Specialist | Best Buy® Corporate
   Private Message

• Enterprise Distribution Certificate Expires

  Hi!
  We are developing an Enterprise applications.
  Our Distribution Certificate should expire at 30/12/2011.
  In "Distributing Enterprise Apps for iOS 4 Devices" I've found this sentence:
  "An app will not run if the distribution certificate has expired. Currently, distribution certificates are valid for one year. A few weeks before your certificate expires, request a new distribution certificate from the iOS Dev Center, use it to create new distribution provisioning profiles, and then recompile and distribute the updated apps to your users."
  So, the question is: Is this still true and didn't changed with iOS5 and/or other causes?
  I mean there still no way to RENEW(or prolong) the Distribution certificate, so we will not need to rebuild and redeploy already finished applications?
  Thanks beforehand,
  Mad Max

  No change.
  Apps go dark along with program enrollment.

• Java Webstart application problem with TLS certificate revocation checks (Java 1.7.0_76)

  We have a problem with our Java Web Start Application regarding the TLS certificate revocation check:
  The application is running on a server within a wide area network which is separated from the internet.
  The application users have access to the WAN, and also access to the internet over some corporate proxy/firewall.
  The user has to enter, for example "https://my-site.de/myapp/ma.jnlp" within a webbrowser or could also call  "javaws https://my-site.de/myapp/ma.jnlp" to start the application client.
  The webserver has a certificate from a trusted certificate authority. This certificate seems to be ok, the browser is even configured to perform OCSP status check.
  The application files are signed with a certificate from another trusted certificate authority. This certificate seems also to be ok. Regarding this certificate there
  are no problems with certificate revocation checks.
  The problem is, while starting the application client there is a message box which tell us something like "the connection to this website ist not trustworthy",
  "Website: https://my-site.de:80", and something about an invalid certificate, meaning the webserver certificate.
  Obviously the jvm runtime, which is executed on the users workstation, tries to perform a revocation check for the webservers certificate, but this fails because
  it cannot fetch the certificate under https://my-site.de:80.
  The application will execute without further problems after that message but the users are very concerned about the "invalid" certificate, so here are my questions:
  - Why is the application trying to get the webserver certificate over Port 80. Our application developers told me, there is no corresponding statement. Calling this address
    has to fail while "https://my-site.de:443" or "https://my-site.de" would not have a problem.
  - Is there a way to make the application go on without performing a tls revocation check? I mean, by adjusting the application sourcecode and not by configuring the users Java Control Panel.
    While disabling the TLS Certificate Revocation check in the Java Control Panel, the Webstart Application executes without a warning message, but this is not a workable solution for
    our users.
  It would be great if someone can help me with a hint so i can send our developers into the right direction;-)
  Many thanks!
  This is a part from a java console output after calling "javaws -verbose https://my-site.de/myapp/"
  (sorry for this is in german... and also my english above)
  network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
  network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
  security: OCSP Response: GOOD
  network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
  security: UNAUTHORIZED
  security: Failing over to CRLs: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
  network: Cacheeintrag gefunden [URL: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl, Version: null] prevalidated=false/0
  cache: Adding MemoryCache entry: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl
  cache: Resource http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl has expired.
  network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
  network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
  network: ResponseCode für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: 200
  network: Codierung für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: null
  network: Verbindung mit http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl trennen
  CacheEntry[http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl]: updateAvailable=true,lastModified=Tue Mar 24 10:50:01 CET 2015,length=53241
  network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird
  network: Verbindung von socket://ldap.serverpass.telesec.de:389 mit Proxy=DIRECT wird hergestellt
  security: Revocation Status Unknown
  com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
      at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
      at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
      at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
      at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
      at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
      at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
      at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
      at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
      at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
      at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
      at sun.security.ssl.Handshaker.processLoop(Unknown Source)
      at sun.security.ssl.Handshaker.process_record(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
      at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
      at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
      at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
      at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
      at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
      at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
      at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
      at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
      at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
      at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
      at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
      at com.sun.javaws.Main.launchApp(Unknown Source)
      at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
      at com.sun.javaws.Main.access$000(Unknown Source)
      at com.sun.javaws.Main$1.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
          at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
          ... 35 more
  Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
      at sun.security.provider.certpath.OCSP.check(Unknown Source)
      at sun.security.provider.certpath.OCSP.check(Unknown Source)
      at sun.security.provider.certpath.OCSP.check(Unknown Source)
      ... 36 more
  security: Ungültiges Zertifikat vom HTTPS-Server
  network: Cacheeintrag nicht gefunden [URL: https://my-site.de:80, Version: null]

  Add the JSF Jars to the WEB-INF/lib directory of the application. If still getting error add to the CLASSPATH variable in the startWebLogic script in the domain/bin directory.

• ISE - What happens when the on-boarded certificate expires?

  I'm trying to design a good BYOD deployment model but have a few questions that need direct answers.  I have down how to go about on-boarding and getting a certificate on a device, the ISE provides great flow for this to happen in many ways.  My questions come from a design perspective before and after the BYOD deployment is completed.
  1. Figuring out a method to validate the device is a Corporate asset or a BYOD asset.
       (I don't want to install a certificate on just any device, or perhaps I do but I need to give permissions to all resources if its a Corporate Device, and more resitrictions if it's BYOD, so how do I figure this out during the provisioning phase?)
       a. Use MDM (May not have one, or if you do we are still waiting on ISE 1.2 for that integration)
       b. Build a Group for provisioning admins, if user PEAP-MSCHAPv2 account is from this group install a certificate. (issue here is that the end user looses administration of the device in the my device portal as the device is now registered to the provisioning admin)
       c. Pre-populate MAC into ISE as all Corporate devices should be provisioned by I.T. before they go to the end user (I think this is good but can see push back from customers as they don't want to add more time to the process)
       d. Certs on any IOS or Android device, provide access based on user group and do not worry if device is Company asset or not (I believe that this is the easiest solution and seems to be what I find in the guides)
       e. Other options I have not thought about, would love input from the crowd
  2. What happens to the device once the Certificate expires?
       (I don't know the answer to this, my thought would be the user or device will fail during the authentication policy and this creates a mess)
       a. Tell the user to delete the profile so they can start all over again (creates help desk calls and frustrated users)
       b. Use MDM for Cert management (may not have one)
       c. Perhaps the client uses SCEP to renew based on the cert template renew policy and there are no issues (this is me wishing)
  Would appreciate some feed back and would like to know if anyone has run into these issues.                   

  Neno,
  Sorry but I don't have any other info on using a public CA, Cisco says to use internal CA's for PKI.  I think the best practice in 1.2 comes out will be to use one interface for Web Management and a different interface for Radius, profiling, posture, and on boarding.  This way you can use your private CA for EAP and a public CA for web traffic.  Have you tried a public CA bound to management and a private CA for EAP yet?
  I did do a session on EAP-TEAP, they explained how it will work and also discussed EAP-FASTv2.  EAP-FASTv2 is available now but you must use anyconnect as your supplicant.  Microsoft and all other vendors will have EAP-TEAP native once it is fully released and comissioned as it will be the new gold standard for EAP.  It will support TLS, MD5, and CHAPv2.  If you are interested I have the PDF of the presentation I attended that shows the flow of how EAP-TEAP will work.  This is much better than wasMachineAuthenticated and machine auth caching, which has many down falls.
  I currently do machine and user auth I just don't require them.  If Machine auth then allow machine on vlan-x with access to AD, DNS, and blah blah.  Then a seperate rule to say user auth gets more access, although I require EAP-TLS for both and if you think about it you are accomplishing the same thing if your PKI is setup correctly.  Make it so users and machines can only auto enroll, that way you know the only way they got their cert was from GPO policy.  I won't go into anymore detail, but there is lots you can do.

• HT201336 Hi I have a certificate expired and was wondering how can I update it ?

  I have an apple Iphone certificate expired and I was wondering how do you renew it?

  No answers, just some questions...  (I'm not sure what you're asking.)
  Where did the certificate originate?  An Apple iPhone certificate?  For what?  For iOS development?  For VPN?  For accessing remote web services, on a server?    This is the OS X Server 10.6 forum; are you working with certificates with that operating system, or with certificates on an iPhone?
  If your OS X Server system has an expired certificate, you'll need to either purchase a new certificate, or generate a new self-signed certificate and load that via the Certificate Assistant and Server Admin tools.

• Invoking secure services inside bpel with x509 certificate and weblogic

  Hi, everyone. Here we have a problem with invoking secure webservices (*client authentication*) from a bpel deployed in weblogic that is consuming so much time (more than a week) and don't know what else to try.
  The scenario: we have a bpel process which invokes a series of web services without any security mechanisms. Now, we have to change it to invoke a series of webservices that do exactly the same, but using ssl and client authentication with x509 certificates. The first part of it, the ssl one, is done without any problems. But the second part is not working at all, and we (I) are running out of ideas how to configure it in weblogic.
  The situation: I want to invoke a webservice, say, Service1. It requires client authentication, so I should pass a certificate (*which I already have*). I put that certificate inside a keystore (with keytool -importkeystore, from p12 to jks). With SoapUI I have no problem now to invoke the service now. But, I'm not sure what should I do to make it work in weblogic; after all, the provider keeps answering with a HTTP 403 Forbidden error.
  The actions: inside the weblogic's enterprise manager, in SOA deployments (SOA / soa-infra / default ) I selected my composite, and in the Dashboard (down at Services and references), clicked the particular service (Service1). Then, it took me to another page where I can see statistics about that service, and a tab named Policies. There (in Policies) I have the chance to attach a policy, but I don't know which one is the approppriate; I guest it should be WSS11_x509_token_with_message_protection_service_policy, which in turn asks me to provide a value for keystore.recipient.alias, keystore.sig.csf.key and keystore.enc.csf.key. For this keys, I provide values that I configured in Credentials (Weblogic Domain / Security / Credentials, subtree oracle.wsm.security). My own logic tells me that what I have done is what I should have done, but still no luck :(
  I am sure the keystore is ok (if I rename the keystore file it tells me that the keystore file cannot be found, and if I specify an alias which is not inside the keystore it tells me that the alias is not found and list me valid aliases). I guess I am missing something, somewhere, but after many hours (days, almost 2 weeks) googling, still cannot make it work.
  Any ideas would be apreciated. If anyone knows about a post or article about this, it would be apreciated too, but I can tell is not that I just googled for 25 minutes, but I have spent more than a week googling, trying, analyzing and reading formal documentation, with no results.
  Thanks in advance!

  Try to enable SSL and WS debugging on your WLS. Add the following to your startup script:
  -Dweblogic.webservice.verbose=true
  -Dssl.debug=true
  ..then you might be able to spot if the rejection is based on some handshake problem.

• What is an easy web-page creation program for use with MacBook Pro?

  Can anyone suggest an easy web-page creation program for use with MacBook Pro?  I have used FrontPage with my PC, but am changing to a MacBook Pro.

  It largely depends on your skill level. Do you want to write web page code, or do you want to just design something and have it turn into a web page automatically?
  If you are more of a designer, try these:
  RapidWeaver
  Freeway Pro
  Muse
  If you want to write web page code, try these:
  Coda
  BBEdit
  Dreamweaver
  If you really don't want to write the code and want the best experience for your viewers, and you want to spend the least amount of time on it, my recommendation is:
  No program at all.
  Instead, sign up with a web site company like:
  WordPress.com (hosted by them) or WordPress.org (hosted on your server)
  Squarespace
  Wix
  The reason is that these companies have fully operational, nicely designed web site templates that you just fill in with your words and pictures, and they are ready to go. They also give you these benefits:
  Already designed to the latest web standards
  Already designed to resist hackers
  Already designed to work on all browsers
  Already designed to automatically adjust the page for readability on desktop, laptop, tablet, and smartphone screen sizes
  Already designed for accessibility
  Already designed for Search Engine Optimization so that your page will be found on Google
  Already designed with social media links built in if you want
  It is not like the old days where you build a site in Front Page and you assume it will only be seen on a desktop computer. If you build it yourself with a web page program, do you have the knowledge to make a site that works on all of the different web browsers and mobile devices, and is friendly to search engines and social media? If you don't have those skills, working with a website company can be a lot better, faster, and more reliable than trying to hammer all of that out yourself using code in some app.