NLB Unicast and certificate for the machine
Hello,
I have set up a two node nlb cluster, in unicast.
On the other hand, I have a GPO with which every computer in the network gets a
certificate from the CA, through auto enrollment.
I am new to NLB , but from what I gather, the CA machine won't be able to issue any certificate to any of the two NLB nodes, because the virtual ip replaces to the actual ips's of the two machines ?. I am a bit confused.
Thanks in advance !!
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)
It's the Mac addresses that are (sort of) replaced, not the IP addresses. The two nodes of an NLB cluster can make outbound connections to a CA and other machines, and using the nodes' individual IP addresses each of them can still be contacted from other
machine (in addition to using the cluster IP address).
The only thing that does not work is: With unicast the nodes cannot communicate with each other over the network that has the shared IP address but you could use an additional NIC if you need inter-node communication.
With multicast on the other hand there is a chance you run into
this issue described here for CISCO routers (just have observed this myself); this article also gives an overview on how NLB works at the Mac address level.
Re CA and certificates: Note that autoenrolled certificates will contain the nodes' individual names retrieved from AD. If you need a certificate that includes the cluster name you have to issue this certificate manually.
Elke
Similar Messages
-
EAP-TLS, Certificates for the machine...prompt for the user?
I've got a wireless network made up of AP1200s and I'm testing EAP-TLS. I have the cert piece working but I would also like the users to be prompted for a user/pass upon association. Is that going to far?
If not; how do I set it up? I also want to make sure that they are not prompted each time they roam to a new AP if they were previously authenticated.I think if you leave the username/password fields blank, the system will prompt you for them.
There might even be a checkbox for "Prompt for User Name" (gonna depend on the client software & nic).
Good Luck
Scott -
My iPod won't let me on to the App Store, and whenever I go on to ITunes, an alert pops up that the certificate for the server is invalid, and that I may be connecting to a server that is only pretending to be iTunes.apple.com and my personal info may be at risk. I downloaded an emulator yesterday from coolroms.com but deleted the app this afternoon. I cleared my safari search data, my cookies and data, and web inspector, which still didn't work. I then proceeded to reset my iPod and then download the newest version of IOS 6.1.5 but yet still am having problems. Also to the App Store and iTunes, several other apps aren't working. Any help here?
Also, when I go on to safari, another alert pops up that safari cannot verify the identity of the website, anything that I type in to as common as google.com. It gives me 3 options to either cancel, look at details, and continue. I've looked at the details of the website of Google and it is legitimate the site. Any help?
-
Question
Went to Crossings Book Club website while there something popped up about the certificate for the website, i was going to copy it and send an email to the website to ask about the certificate. I got my cursor just inside the pop up and the whole computer shut down.If you think getting your web pages to appear OK in all the major browsers is tricky then dealing with email clients is way worse. There are so many of them.
If you want to bulk email yourself, there are apps for it and their templates will work in most cases...
http://www.iwebformusicians.com/Website-Email-Marketing/EBlast.html
This one will create the form, database and send out the emails...
http://www.iwebformusicians.com/Website-Email-Marketing/MailShoot.html
The alternative is to use a marketing service if your business can justify the cost. Their templates are tested in all the common email clients...
http://www.iwebformusicians.com/Website-Email-Marketing/Email-Marketing-Service. html
"I may receive some form of compensation, financial or otherwise, from my recommendation or link." -
Multiple Certificates for the same WLS
Hi,
IHAC who asks the following:
Background
Bigshop Limited carried out a soft launch of our e-tailing website under
the
url fonzie.bigshop.com.au
We have a verisign certificate setup up for 128 bit ssl under the
knownname
fonzie.bigshop.com.au
All ssl connections that connect to the site with this url are able to
establish an SSL session.
Current Issue
Bigshop is now in the process of carrying out the public launch of the
website. The public url for the website will be www.bigshop.com.au
We have generated new public/private key pair and a Certificate Signing
Request (CSR) and have ordered a new certificate from verisign
Could you please advise if it is possible to operate two certificates
for
the one server. This will allow our www.bigshop.com.au and
fonzie.bigshop.com.au url's to operate concurrently and enable both to
establish SSL session with valid certificates.
Is what they want to do possible ?? any suggestions
appreciated,
regards,
Patrick.Did you ever figure out how to use multiple certificates to the sameserver? I have a need to do this also. Thanks a lot.
In current versions of weblogic (5.1,6.x,7.0,8.1), you can configure only
one certificate per server.
-utpal -
I have just upgraded to Mountain Lion and my signatures for my Mail are not showing up. I have the signatures inthe preference panes and selected for the email address, but when I make a new message, the signature shows as none and doesn't give me a choice. Yesterday, the signatures were stacking instead of switching to the one I wanted to choose.
I had this and fixed it.
I had upgraded to Mountain Lion and my signatures in Mail were fine. But then about a week later, I got a new computer and used Migration Assistant to copy my stuff to the new machine. Upon opening Mail, I had all the correct Signature information in the Preferences>Signatures window, but nothing worked.
After lots of hunting, I found the Signature Folder. It's in:
Yourusername>Library>Mail>V2>MailData>Signatures
Looking at my previous setup (which works) I saw in that folder two types of files: .webarchive and .siganture
Looking in my new machine's Signature folder, I saw only the .webarchive folders, not the .signature folders
Since this was literally a clone of my previous setup to a new machine, here's what I did:
1. Quit Mail
2. In Problem machine, go to
Yourusername>Library>Mail>V2>MailData>Signatures
3. Move the Signatures folder someplace safe, but out of the MailData folder
4. Get the Signatures Folder from the working install (like a backup) and copy it to the MailData folder on the problematic machine
5. Start Mail on the problem machine
This worked for me. I don't know why Migration Assistant didn't copy the full signature folder, but this fixed it. It worked perfectly partly because I had just backed up with Carbon Copy Cloner and the very next day set up the new machine. I don't know where Lion or earlier versions of mail stored signatures, but the absence of the .signature filetype seems to be the problem.
Hope this helps -
I have a software license certificate for the upgrade from CS5.5 to CS6, but I have lost the upgrade file due to a disk crash in my computer.
where can I get the upgrade file from ?
thanks,
OferDownloads available:
Suites and Programs: CC 2014 | CC | CS6 | CS5.5 | CS5 | CS4 | CS3
Acrobat: XI, X | 9,8 | 9 standard
Premiere Elements: 12 | 11, 10 | 9, 8, 7
Photoshop Elements: 12 | 11, 10 | 9,8,7
Lightroom: 5.6| 5 | 4 | 3
Captivate: 8 | 7 | 6 | 5
Contribute: CS5 | CS4, CS3
Download and installation help for Adobe links
Download and installation help for Prodesigntools links are listed on most linked pages. They are critical; especially steps 1, 2 and 3. If you click a link that does not have those steps listed, open a second window using the Lightroom 3 link to see those 'Important Instructions'. -
An error occurred searching the certificates for the server. ...
Hi,
I am using DSEE 6.2 in Fedora 7
Each time I access the "Security" tab of my server in DSCC. I get the following error:
"*An error occurred searching the certificates for the server. An authentication error occurred connecting to xxxxx. Check that the User ID and password are correct*"
I need to click the "Click here to update authentication" link in the same tab and enter the User ID and password for the user that create the server. The error will gone for this session but reappear as I start a new session in DSCCThis looks like a known bug. Please log a support case so this can be investigated further
http://sunsolve.sun.com/search/document.do?assetkey=1-1-6537622-1 -
Every time I try to open a new web page a window pops up saying the certificate for the page is invalid?? It won't let me on my emails or Facebook
This could be a complicated problem to solve, as there are several possible causes for it.
Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
Step 1
From the menu bar, select
▹ System Preferences... ▹ Date & Time
Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
Check the box marked
Set date and time automatically
if it's not already checked, and select one of the Apple time servers from the menu next to it.
Step 2
Start up in safe mode and log in to the account with the problem.
Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.
Step 3
Triple-click anywhere in the line below on this page to select it:
/System/Library/Keychains/SystemCACertificates.keychain
Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
Repeat with this line:
/System/Library/Keychains/SystemRootCertificates.keychain
If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
Step 4
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
In the Keychains list, there should be items named System and System Roots. If not, select
File ▹ Add Keychain
from the menu bar and add the following items:
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
Open the View menu in the menu bar. If one of the items in the menu is
Show Expired Certificates
select it. Otherwise it will show
Hide Expired Certificates
which is what you want.
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
Secure Sockets Layer (SSL)
select
no value specified
Close the inspection window. You'll be prompted for your administrator password to update the settings.
Now open the same inspection window again, and select
When using this certificate: Use System Defaults
Save the change in the same way as before.
Revert all the certificates with non-default trust settings. Never again change any of those settings.
Step 5
Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
Step 6
From the menu bar, select
Keychain Access ▹ Preferences... ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Step 7
Triple-click anywhere in the line of text below on this page to select it:
/var/db/crls
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
Restart the computer, empty the Trash, and test.
Step 8
Triple-click anywhere in the line below on this page to select it:
open -e /etc/hosts
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the built-in Terminal application in the same way you launched Keychain Access.
Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
If that's not what you see, post the contents of the window. -
How to download certificate for the first time programmatically?
Hi, I'm accessing a https server which has a self signed certificate for the first time. I was trying to download the certificate using like
cert = sslsession.getPeerCertificates()[0]
However I got the following exception: SSLPeerUnverifiedException
If I have the certificate on disk and I installed it using keytool to the keystore, I could see the keychain using this method. But is there a way in java to download the certificate for the first time?
Many thanks.
minjihi ejp, thanks a lot for the link, it really helps a lot.
Now I'm having another problem. I could now download the certificate and store in my keystore. but if I immediately reconnect to the https web page, I still got the exception telling me the certificate was not found:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This should not happen as I have already had this certificate in my keystore. If I rerun the program, there's no problem, indicating the certificate was really there. I first guessed I might have to again call System.setProperty("javax.net.ssl.trustStore", "mycacerts") but that does not help.
anybody with an idea? -
Want to create new certificate for the SYSTEM PSE
when i got o tcode 'STRUSTSSO2" In my system i am seeing a wrong certificate for the system PSE.
i want to delete and and create a new certificate.
Can some one tell me detail steps how i can remove the existing certificate and create a new one.
I am going to use the new certificate for SSO from portal to this server.
Thanks
AndyHi Andy,
To remove the System PSE, follow the procedure described in [SAP Help|http://help.sap.com/saphelp_nw70/helpdata/EN/b6/23273aafa35d46e10000000a11402f/frameset.htm].
To create a new one, see the procedure [here|http://help.sap.com/saphelp_nw70/helpdata/EN/07/03473cbff75b01e10000000a114084/frameset.htm].
Regards,
Henk. -
I have a $100 gift certificate for the app store. Can I use this credit to buy an apple TV?
No...
"You can use your Back to School Gift Card to download apps, music, books, and more from the Mac App Store, the iTunes Store, the iBookstore, and the App Store."
From here > http://store.apple.com/us/browse/campaigns/back_to_school
Not the Apple online store for products such as an Apple TV. -
Certificate for the Diffie-Hellman Public Key
Hi all
Hey guys I have run out of ideas.I 'm trying to generate a self signed certificate for the Diffie-Hellman public key.Can anyone tell me how to do this plz.
Thanks inadvance
LundiEDoes this even make sense? What would you sign it
with? The choices provided by Sun are RSA and DSA.So you trying to tell me that its not possible to generate a self-signed certificate for the Diffie-Hellman.Becoz the way I think a certificate incorporates a public key and the certificate is signed using another keys.
Thanx once for your input
Cracker -
Certificate for the ObUserSession constructor in Java
I have a custom access Gate and need to use a certificate for the ObUserSession to authenticate with my Access Server. How do I obtain and pass the certificate to OBUserSession constructor to instantiate the ObUserSession I need to procede with authorization attempts? I'm using Java.
Can yoiu tell me what are you trying to do with Custom Access Gate and the need for user cert?
Thanks
Ram -
Can i use time capsule for external h drive and also for time machine?
Can i use time capsule for external h drive and also for time machine?
Hello, vascocaco.
If I understand correctly, you're wondering if you can use your Time Capsule's internal hard disk both for Time Machine backups and as an ordinary drive. Is this your question?
You can, but Time Machine backups may take longer.
To do it, you should partition your Time Capsule's hard disk to create one volume for the backups and one for other files.
Maybe you are looking for
-
Droplets and unmanaged services
Is it possible to have a droplet start a job on Compressor 3 and use "unmanaged services on this machine"? The only way I have found to use the unmanaged services to use all the processors is to manually start the job. Thanks, Scott
-
Hi there, I am changing over the ownership and usage from my girlfriend to me on an iPad, we have changed name and apple id to mine but when I connect it to iTunes to 'Restore from iTunes back up' I keep getting the message ' Itunes could not back u
-
Problem downloading songs with itunes +?
I have purchased 2 songs with new itunes + but they won't download. Anyone else have this problem? And what can I do? Toshiba Windows XP
-
Hello Experts, Im trying to save my FX transaction when I encountered the below error. Limit management was not updated Message no. K-788 Then when I checked the limit utlization details, i encountered below errors: Transaction is not valued for the
-
Hello i have made an Application for calulating tax in BRF Plus WorkBench ,and simulate the function as well, can anybody tell me how to integrate it with other Applications.