% No CA root cert exists. Use "ca authenticate"

Similar Messages

• 802.1X, you deployed with Certs, or used individual user accounts?

  I'm looking at 802.1X to improve our internal network's security posture to prevent unauthorized access by non-authorized users. The solution I am looking at is 802.1X only, not any vender's NAC solution which rides upon 802.1X, but 802.1X solely. We currently have no plans nor budget for Cisco's NAC appliance, Clean Access, CSA, or any other type of similar program. Out systems are XP or Vista, our JetDirect's purchased over the years have 802.1X capability per HP's specs. I have about 3,500 desktops.
  I had initially considered having the switches query a radius server (like ACS for example)which would in turn query the Windows AD for account authentication. This would prevent those without an account access to the network via a switchport.
  I've been looking at some of the ways to perform this and it looks like some people say the best way (for security's sake) to actually utilize a certificate authority (internal CA) to authenticate user access in lieu of the username and password. Keep in mind, our current AD password policy requires a username's password change every 60 days, 8 chars or more, requiring uppercase, lowercase, and a number in that password. This is much stronger than it used to be.
  So, I'm on the fence here and I am in the early stages of exploration. Can some of you tell me what you chose to do and why?
  Much thanks.

  I'm in the middle of a deployment of .1X authentication for the exact same reasons you are.
  I'm assuming you are using Catalyst switches, just make sure you're using a good version of the IOS, I have 4507's in my IDF's and use 12.2(37)SG. Prior to this I had some very weird problems, inconsistent authentication.
  I didn't use certs, I use the XP supplicant and use the hardware machine name to authenticate with AD + MAC address authentication. I had to go this route because my user base would just allow a guest machine to log in with their AD creditials.
  Unfortunately it's a head-ache to trouble shoot. My desktop team uses a handheld tester from Fluke and I have to reset the MAC table everytime they need to test.

• Context-Root already exists in a deployed object

  I have deployed an EAR project which includes a web module and an EJB module. Now when I right click on any jsp/html file inside my web module (in studio enterprise) to run the file, I get an error stating "Deploying application in domain failed; Context-Root already exists in a deployed object". It appears to be trying to deploy the web module as a stand alone module, but cant because the context root already exists in the EAR deployment. If I run the page from the broswer by typing in the proper URL, it works fine since it is not trying to redeploy.
  If my assumption is true, why is it trying to re deploy as a stand alone module? What can I do to prevent this from happening?
  Thanks!

  - The ide, by default, performs the compile-deploy-run cycle when 'run' is selected. If you move to the 'Files' tab in the project window and expand nbproject|build-impl.xml file, you will see the ant targets used by the build system. Select 'run', right-click and select open; you will see 'run' target depends on run-deploy.
  There are targets available that act on single files, namely compile-single and debug-single that you can try on single files.
  You can also try copying the 'run' target to something like 'my-run' and remove the dependency on run-deploy. The you could select 'my-run' and select 'run-target' right-click menu item.
  In general though, such workarounds are tricky. It is likely i am not understanding the issue here or perhaps it is a bug in the ide or even that ide cannot allow running without redeploy for valid reasons...
  - JSE8.1 is based on NetBeans 5.0.
  Ref: http://forum.java.sun.com/thread.jspa?threadID=5113472
  For J2EE programming, www.netbeans.org site provides a lot of info that are also applicable for jse.
  Docs: http://www.netbeans.org/kb/index.html
  There are several mailing lists, http://www.netbeans.org/community/lists/top.html#top, and some of them dedicated to j2ee. You may want to subscribe to some of these; several j2ee experts are on these mailing lists.

• Why are some CA's now issuing SHA2 root certs?

  If the signatures in root certs are not used for anything and have no security value since it requires no verification since it already lives in the trust store then why are some CA's now giving the option to sign a root with SHA2?

  On 9/27/2014 3:33 AM, "Paul Adare [MVP]" wrote:
  On Fri, 26 Sep 2014 23:27:26 +0000, user5309 wrote:
  I figured it had something to do with the SHA1 deprecation policy but I was under the impression that root certs were exempt from the policy. See the link below :
  http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
  See Amerks response to Ramo's question:
  "The SHA1 deprecation policy does not impact SHA1 root certificates, because Windows relies on other means to validate root certificates besides the signature.  But all root CAs are expected to switch to use SHA2 to sign any subordinate CA certificates,
  CRLs, etc"
  While root certs themselves are exempt from this policy, that doesn't mean
  that it isn't a good practice from a security perspective to start using
  SHA2 for root certs. Since there is a valid reason that SHA1 is being
  deprecated it simply makes sense, where possible, to move to SHA2, even if
  there is no technological requirement to do so.
  Another example of this is that currently, the SHA1 deprecation policy only
  applies to certs that chain to a root that participates in Microsoft's
  Trusted Root program, however, a lot of my customers are being proactive
  and switching their internal PKIs over to SHA2 as well.
  Thanks Paul - I suppose I'm just looking for a reason from a vulnerability perspective on why roots need to be signed with SHA2. If they already live in the trusted root store they are trusted by their identity not by the hash function making it irrelevant.
  From an attackers perspective, if they had access to the host systems trust store, there's no need to try to forge a root cert in the store they could just replace it with one of their own for the same effect. Although I'm still unclear on what they
  could accomplish by doing this.

• Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

  Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
  a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
  b. On the middle of the page, download -
  DigiCert Assured ID Code Signing CA-1
  Valid until: 10/Feb/2026
  Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
  Thumbprint: B170A10819BEA936905D719E643399783E1F4567
  Download
  c. Install the cert in Firefox
  d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
  e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
  Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
  Regards,
  Reigner S. Yrastorza

  Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
  If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
  If you are using RoboHelp, which version?
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Strange root certs in device manager

  When I opened the device manager (preferences -> advanced -> certificates -> security devices) I was surprised to find the following entry under "Root Certs":
  path /home/<user name>/.mozilla/firefox/<profile name>/libnssckbi.so
  The corresponding file does not exist at this location (the correct location is /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so).
  I'm wondering how this entry originated, and whether it should be deleted? It is dated Nov 2012. A fresh profile does not have any root certs in the device manager.

  ''cor-el [[#answer-693597|said]]''
  <blockquote>
  The correct location of the libnssckbi.so file would be the Firefox installation directory and not the Firefox profile folder (~/.mozilla/firefox/).
  </blockquote>
  Indeed. I have never set this preference manually, so I'm wondering what the preferences->advanced->certificates->security_devices->Root_Certs preference does, and whether setting it to a strange value could compromise security?

• 10.8: Setting cert server uses for remote Server.app

  Setting up a 10.8 server from scratch.
  I have a properly-obtained trusted cert, valid for more than one year, which is successfully installed on the server and appears in the cert pane in Server.app.  In the pane in Server.app the server is set to use it for everything.
  I am trying to connect to Server.app on my server from a 10.8 client.  When I connect to it I'm told the server is untrustworthy and shown a self-signed root cert valid for one year.  I don't want the server to use this self-signed cert for that, I want it to use my trustworthy cert.  But I can't see where to change this setting.

  Should anyone care, apparently if files like 0000_any_443_.conf are manually edited in any way Server.app punts the football & gives up with the above error. Seems like a hyper-sensitive hard-coded parser.
  FWIW, I had only added 1 line defining the param ServerName since I was seeing errors like this in the log:
  [warn] RSA server certificate CommonName (CN) `secure.mycompany.com' does NOT match server name!?
  Defining ServerName squelched this warning but causes Server.app to pout.

• Self-signed root cert - is it from Lenovo?

  I heard about a small program rcc.exe that will check your Windows SSL cert root store for funny certificates. Out of 350 root certs, there was one flagged. it is marked as permitted for ALL purposes (email, SSL, software signing, etc.). It has NO information whatsoever. Its validity starts sometime in 2009 and runs out to 2060. The identity is a long string of characters, I think it starts with letter M (can't confirm now). Is it possible this cert is used by Lenovo software? it would be just like them to do something sloppy like that. I don't want to remove it and find all sorts of Lenovo tools disabled.

  Sorry for delay - didn't see notification of any reply. I am using Windows. Exact item in question is a self-signed cert that is found in my trusted root store. The only infomration is the long ID, merely a lengthy random character string, so no point in posting it here. There are absolutely no certificate fields with any data in them. The cert claims to be designated for ALL purposes - that would include code-signing I presume! In other words, the Issued-To and Issued-By fields are the same long character string; the expiration date is way out there (did I say 2060?). I was using the most current version of rcc.exe when I posted. However, I can look at my certificate store and see the cert there with absolutely no additional info. I am not able to access that computer right now, but I wouldn't have any more info! I am on another computer now (non-Lenovo) and just scanned the trusted root store and everything in it is identified. 

• How to identify which root certificate is used?

  How to identify which root certificate(on terminal) is used when a terminal is connecting to a https website?
  SecurityInfo.getServerCertificate() only returns the certificate send from the https server.
  But how could know the which local root certificate is used to verify the certificate send from the https server?
  Is there a method or class in MIDP 2.1?
  Thanks

  UP�Cthis question is urgent. Hope anyone can answer me!

• Context-Root already exists

  Hi everyone,
  I am deploying two bussines process, which has user activities.
  My first bussines process is deployed succesfull, but second project show next error:
  java.lang.Exception: isProduction:
  Deployment failed on target localhost:18000_server : Context-Root already exists in a dep....
  What is the cuase for this error?
  Thanks a lot.

  I'd say that one of your BP's is exposed as a webservice server and you're reusing an SOAP External Server configuration in your connectivity map which leads to trying to deploy a second webservice under the same context-root of the servlet container.
  If so, create a new SOAP External Server for one of your business processes.

• Logging in as root in Linux using UnixLoginModule

  I am running an app on a Linux box where I am already logged in. I want to spawn a process that needs to run as root. I have tried to use UnixLoginModule to login as root :
          Subject subject = new Subject();
          subject.getPrincipals().add(new UnixPrincipal("root"));
          LoginContext loginContext = new LoginContext("Login", subject, new MyHandler());
          loginContext.login();but my callback handler that would supply the password is never called and I don't appear to be logged in as root. It looks like UnixLoginModule simply returns data about the current user which is a fat lot of good. Does anyone know what I can do to make this thing do what it is supposed to do and allow me to perform a login? If JAAS is inadequate is there another way to acheive this?
  Regards,
  Matthew

  Hi,
  I am trying to setup the UnixLoginModule. I set almost everything but when I am trying to login, I got a NullPointerException (here is the stack trace)
  WARNING: Login exception authenticating username user1
  javax.security.auth.login.LoginException: java.lang.NullPointerException
  at com.sun.security.auth.module.UnixLoginModule.login(UnixLoginModule.java:118)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:281)
  at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:229)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
  at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
  at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
  at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
  at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
  at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
  at java.lang.Thread.run(Thread.java:534)
  The line 118 seems to indicate by the UnixSystem returns a NULL array of long that corresponds to "unixGroups".
  Good documentation is hard to get... can you help me fixing this problem?
  Thanks

• Why are there still preinstalled MD2 Root Certs from verisign with FF3,4,5 ?

  Hi,
  i added a verisign root certificate in the troubleshooting section.
  This cert is signed with an md2 hashing algorithm, as mentioned on the 26c3 in berlin 2009.
  It's still enabled by default for WEB, Email and other.
  I strongly suggest to remove it, like anyone else did.
  Interesstingly, the cryto shell extention from windows says sha1 , but openssl does not mention sha1 at all. I think openssl is right :)

  Do those certificates have a SHA1 fingerprint?
  I do not think that Firefox will use the MD5 (MD2?) fingerprint if that is the case.

• Error adding other root certs to Weblogic

  I am using the trial 30-day version. I wonder whether it has any restrictions which
  prevent from adding new root certificates to the ca.pem file. If this is not the
  case, I will expose my problem.
  I have added a new self-signed root certificate after the one that was contained
  in the ca.pem, so there are now two root certificates:
  ********************** begin of the ca.pem file
  -----BEGIN CERTIFICATE-----
  MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
  EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
  BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
  GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
  b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
  MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
  cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
  dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
  hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
  3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
  GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
  5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
  qN5p4APL4w==
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
  MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
  CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
  dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
  fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
  ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
  hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
  A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
  ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
  E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
  u8J28DSM62Me7W5zsPV2
  -----END CERTIFICATE-----
  ********************** end of the ca.pem file
  I did not modify the democert.pem or the demokey.pem files, as I want my weblogic
  server to continue using the same SSLserver certificate than it was using before.
  Then when I try to start the Weblogic server, I got the following error on the
  console:
  Starting WebLogic Server ....
  <24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration file .\co
  nfig\examples\config.xml ...>
  log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
  <24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity "Error
  " or worse will be displayed in this window. This can be changed at Admin Consol
  e> examples> Servers> examplesServer> Logging> General> Stdout severity threshol
  d>
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security config
  uration, weblogic.security.AuthenticationException: Incorrect encrypted block
  po
  ssibly incorrect SSLServerCertificateChainFileName set for this server certifica
  te>
  weblogic.security.AuthenticationException: Incorrect encrypted block possibly
  in
  correct SSLServerCertificateChainFileName set for this server certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server started>
  <24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening on
  p
  ort 7001>
  I would appreciate any help on this issue. I want to add the new root certificate
  because I own a SSLclient certificate in my browser which I want the Weblogic
  server to authenticate.
  Thank you very much, David.

  OK, I finally was able to understand what the error was. The new root certificate
  cannot be added to the ca.pem file. You'd better create a new file called ca2.pem
  with the new root certificate. Then you have go to SSL configuration section and
  edit the 'Trusted CAFile Name' field to point to the ca2.pem file.
  Easy but I had trouble to understand it from the documentation.
  "David Ruana" <[email protected]> wrote:
  >
  I am using the trial 30-day version. I wonder whether it has any restrictions
  which
  prevent from adding new root certificates to the ca.pem file. If this
  is not the
  case, I will expose my problem.
  I have added a new self-signed root certificate after the one that was
  contained
  in the ca.pem, so there are now two root certificates:
  ********************** begin of the ca.pem file
  -----BEGIN CERTIFICATE-----
  MIICQzCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
  EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFTAT
  BgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJpdHkxIzAhBgNVBAMT
  GkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9zdXBw
  b3J0QGJlYS5jb20wHhcNMDAwNTMwMjEzNzQ0WhcNMDQwNTE0MjEzNzQ0WjCBqTEL
  MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
  cmFuY2lzY28xFTATBgNVBAoTDEJFQSBXZWJMb2dpYzERMA8GA1UECxMIU2VjdXJp
  dHkxIzAhBgNVBAMTGkRlbW8gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYJKoZI
  hvcNAQkBFg9zdXBwb3J0QGJlYS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
  3VEoD2Q2ln4PyilUNUyPa9yQxS6YqJk7xwWlAHZ5AAhq7dkosZDCNZYYYTZihpOx
  GcgLwqY6gYZCN7pwlk+h/QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAAFsKZZ9dc1na
  5lHpO8EL85EPDPRyCJ9lTRw3bPMEqItyBuEAXh8woRgGN5j9KinDoWsmFCBO5MFy
  qN5p4APL4w==
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIB6zCCAZWgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJlczES
  MBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlTYWZlbGF5ZXIxEjAQBgNVBAsT
  CURldmVsb3BlcjENMAsGA1UEAxMEcm9vdDEkMCIGCSqGSIb3DQEJARYVc3VwcG9y
  dEBzYWZlbGF5ZXIuY29tMB4XDTk5MTIzMTIzMDAwMFoXDTE5MTIzMTIzMDAwMFow
  fjELMAkGA1UEBhMCZXMxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJU2Fm
  ZWxheWVyMRIwEAYDVQQLEwlEZXZlbG9wZXIxDTALBgNVBAMTBHJvb3QxJDAiBgkq
  hkiG9w0BCQEWFXN1cHBvcnRAc2FmZWxheWVyLmNvbTBcMA0GCSqGSIb3DQEBAQUA
  A0sAMEgCQQCg+E0qVGLgZWSjcae1FHMap/8SBlbhQc3GbaL3NxbBDZGeaKZqzlTv
  ZhGeWf3zEB17tbHE18hAxro6TA2i8MhVAgMBAAEwDQYJKoZIhvcNAQEEBQADQQAS
  E2U64E9eu0dgJYktTK37YcTpyspwSabyeaziAktu99cCOQbCTYXGojouRekbkKAv
  u8J28DSM62Me7W5zsPV2
  -----END CERTIFICATE-----
  ********************** end of the ca.pem file
  I did not modify the democert.pem or the demokey.pem files, as I want
  my weblogic
  server to continue using the same SSLserver certificate than it was using
  before.
  Then when I try to start the Weblogic server, I got the following error
  on the
  console:
  Starting WebLogic Server ....
  <24-abr-01 16:21:33 CEST> <Notice> <Management> <Loading configuration
  file .\co
  nfig\examples\config.xml ...>
  log file: C:\bea\wlserver6.0sp1\.\config\examples\logs\weblogic.log
  <24-abr-01 16:21:37 CEST> <Info> <Logging> <Only log messages of severity
  "Error
  " or worse will be displayed in this window. This can be changed at Admin
  Consol
  e> examples> Servers> examplesServer> Logging> General> Stdout severity
  threshol
  d>
  weblogic.security.CipherException: Incorrect encrypted block
  at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
  at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
  at weblogic.security.X509.verifySignature(X509.java:243)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <24-abr-01 16:21:41 CEST> <Alert> <WebLogicServer> <Inconsistent security
  config
  uration, weblogic.security.AuthenticationException: Incorrect encrypted
  block
  po
  ssibly incorrect SSLServerCertificateChainFileName set for this server
  certifica
  te>
  weblogic.security.AuthenticationException: Incorrect encrypted block
  possibly
  in
  correct SSLServerCertificateChainFileName set for this server certificate
  at weblogic.security.X509.verifySignature(X509.java:251)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <WebLogic Server
  started>
  <24-abr-01 16:21:59 CEST> <Notice> <WebLogicServer> <ListenThread listening
  on
  p
  ort 7001>
  I would appreciate any help on this issue. I want to add the new root
  certificate
  because I own a SSLclient certificate in my browser which I want the
  Weblogic
  server to authenticate.
  Thank you very much, David.

• How to check if an email account exists using JAVA??

  Dear friends, I need to check the existence of email accounts before sending them mails to avoid going to a blacklist for sending to non real accounts.
  I was thinking on (SSL)Sockets and smtp commands but I cant get it to work properly I am shooting in the dark here... Is there any easier way to do this or does anyone have any experience on this??
  I have a JAVA application that sends mail to the people that buy certain things but the information quality is bad, so I must check if the mail exists before sending the mail....
  Thanks in advance.

  depending on the scope of the possible target email addresses your requirement may not be possible.
  The SMTP standard has no protocol to verify an email address.
  The reason is that only the target Mail Transfer Agent (MTA) knows if an email adress exists. But your application (representing a Mail User Agent (MUA) aka MailProgramm) only talkes to "its" MTA. The mails may be routed over multiple other MTAs before they finally reach the target MTA which checks if the mail address is known.
  So if the mail addresses to check belong to your own company you may use "whois" service to verify the mail adress. But as soon as the mails leave your company there is no other way of verifying the existence of a mail address than processing the "unreachable" replies.
  bye
  TPD

• Check if files exist using ABAP

  Hi All,
  I'm currently using FM: FILE_GET_NAME_USING_PATH, and I'd like to do a check to see if the filepath with file (i.e. /com/tmp/file.txt) I am getting back exists or not.
  Very simple question, just not sure what to do.
  Thanks,
  John

  There is a class that provides methods to check, if a file exist or if a certain directory does exist
    CALL METHOD cl_gui_frontend_services=>directory_exist
      EXPORTING
        directory            = lv_path
      RECEIVING
        result               = lv_valid
      EXCEPTIONS
        cntl_error           = 1
        error_no_gui         = 2
        wrong_parameter      = 3
        not_supported_by_gui = 4
        OTHERS               = 5.
        CALL METHOD cl_gui_frontend_services=>file_exist
          EXPORTING
            file                 = x_file_with_path
          RECEIVING
            result               = y_file_exists
          EXCEPTIONS
            cntl_error           = 1
            error_no_gui         = 2
            wrong_parameter      = 3
            not_supported_by_gui = 4
            OTHERS               = 5.
  Hope that helps,
  Michael