No encryption No security
I would like to config an AP to broadcast a particular SSID with the only security being PSK with no encryption.
My goal is to have users login to our 'Guest' network with login credentials, and since they are only going to use VPN anyway, that has its own encrypted security. Am I correct in this thinking or am I not understanding this fully?
I tried this on a Cisco 1242 and 1131 and both require the use of TKIP and WPA to use PSK.
If you're relying on VPN connectivity anyway, you could simply do without any security on the Wireless side. Wouldn't your VPN client handle the authentication credentials? I guess I'm also not sure why you want a PSK without encryption - if you want a PSK you could simply use WPA/TKIP, there's no harm in adding another layer of security.
Maybe I'm misunderstanding the situation. If you're looking for a splash page, the other guys are spot-on, so follow their advice :)
Similar Messages
-
Opening Encrypted/Certificate Secured PDF.
Hello,
I have a pdf encrypted using certificate. I want to open this pdf using Acrobat sdk APIs. I have read the documentation of "Opening secured Pdf". I learnt that AVDocOpen() function calls Acrobat built in authorization procedure and using PD layer to open a encrypted pdf we need to write our own authorozation procedure. I want some example which demostrates how encrypted pdf are opened. Also, when opening certificate secured pdf, where does Acrobat installs the certificate?
Please can someone guide me!!
Thanks in advance.Yes, you can read XMP w/o opening the PDF – of course, that assumes that the XMP is not encrypted (it's a choice of the PDF authoring/encrypting tool).
From: Adobe Forums <[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>
Date: Mon, 16 Jan 2012 21:10:56 -0800
To: Leonard Rosenthol <[email protected]<mailto:[email protected]>>
Subject: Opening Encrypted/Certificate Secured PDF.
Re: Opening Encrypted/Certificate Secured PDF.
created by poortip87<http://forums.adobe.com/people/poortip87> in Acrobat SDK - View the full discussion<http://forums.adobe.com/message/4145422#4145422 -
Filevault encryption: no security questions, no recovery code; how to revert?
Running the latest Yosemite (10.10.2) on an iMac (upgraded from Mavericks) ...
I decided I wanted to encrypt the boot drive on our iMac, so I clicked to turn on Filevault. Here's what happened:
I was NOT offered a recovery key. (As this point, I didn't know when the key is normally offered.)
I DID get a window that asked if I wanted Apple to save my key, and I clicked on the radio button to do so. Then I clicked on CONTINUE.
I did NOT get any security questions to answer, just a RESTART button. I thought, maybe the security questions come after the restart.
I clicked on RESTART and the iMac restarted and encrypted the drive (17 hours).
Concerned that I didn't have a recovery key, I read up on the forums. Sounded like if I simply used my user password, I could turn off Filevault to decrypt the drive, and I'd be back to where I started. I did so, and watched as it decrypted the drive (6 hours). Filevault indicates that is is "now off."
I thought I'd try again, so I clicked to turn on Filevault. This time, I did NOT get a recovery key (same as before) and I did NOT get the window asking if I wanted Apple to save my key — only an immediate RESTART button. I canceled.
I restarted the iMac, noting that the startup graphics were different — the iMac now starts immediately with an all-white screen, something that one forum participant said is evidence that your boot drive IS encrypted regardless of what Filevault says.
This concerned me because it now seemed like the drive might be encrypted and I had no recovery key and hadn't been asked any security questions.
I thought if I turned on Filevault I could generate a fresh recovery key that would supplant anything Apple was storing for me — and give me a chance to answer security questions.
I turned on Filevault and was, for the third time, NOT offered a recovery key but this time I DID get the window that asked if I wanted Apple to save my key. Apparently the restart at least added this screen. I cancelled.
So while Filevault says it is off, the immediate white start-up screen suggests the drive may be encrypted. Regardless, Filevault is not offering a recovery key or security questions.
I have sketchy ideas about how to rectify things:
I could start up from an external backup (unencrypted) of the boot drive, erase the boot drive, and clone the backup to the boot drive. Will that create a bootable (non-encrypted) startup drive? I don't think so ...
I could start up from the external backup (unencrypted) of the boot drive, erase the boot drive, then do a clean install of Yosemite on the boot drive. Would that clear any existing encryption? I don't know ...
Or I read about using Terminal to un-encrypt a drive?
Any advice would be much appreciated.
Thanks,
BradleyClick here for information. If you can't get the answers emailed to you for some reason, contact the iTunes Store staff via the link in that article.
(80111) -
Will this encrypt data securely?
Hey I'm using bouncy castle AES password based encryption. I was just wondering if anyone would take a quick look at my code below to see if it will encrypt a string securely, or if I've missed anything out?
Thanks in advance
import java.io.File;
import java.security.Security;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.swing.JOptionPane;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.encoders.Base64;
public class encryptor {
private final byte[] salt = { (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
(byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99,
(byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
(byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 };
public static void main(String[] args)
new encryptor();
public encryptor()
char[] password = "aRandomPassword".toCharArray();
SecretKeySpec key = generateKey(password, salt);
encrypt(salt, key, "A secret message");
public SecretKeySpec generateKey(char[] charPassword, byte[] salt)
byte[] bytePassword;
PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
int count = 16;
try
bytePassword = new String(charPassword).getBytes("ASCII");
generator.init(bytePassword, salt, count);
ParametersWithIV params = (ParametersWithIV) generator.generateDerivedParameters(128, 128);
KeyParameter keyParam = (KeyParameter) params.getParameters();
return new SecretKeySpec(keyParam.getKey(), "AES");
catch(Exception e)
System.out.println(e);
System.exit(1);
//This will never occur
return null;
public void encrypt(byte[] salt, SecretKeySpec key, String text)
IvParameterSpec iv = new IvParameterSpec(salt);
Cipher cipher;
byte[] temp;
try
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
temp = cipher.doFinal(text.getBytes("ASCII"));
System.out.println(new String(Base64.encode(temp), "ASCII"));
catch(Exception e)
System.out.println(e);
}I'm no expert in cryptology but you are using the salt byte array in two places, as salt and as the initialization vector. This strikes me as a big "no-no"; I suspect it could weaken your cipher. Even if I had no evidence of such weakening, I'd avoid that if at all possible.
You should generate separate salt and initialization vectors; in fact, you should generate them randomly each time you encrypt something. Naturally, you'll have to carry them along with the encrypted data so that you can pass them back in to the decryption process, but that's a small part to pay for not opening yourself up to dictionary attacks.
Also, you might want to apply the salt more than just 16 times; try something much larger, such as 1024. -
RIM BBM security encryption still secure?
Can somebody provide me with an e-mail address or answer the following question:
Hello,
As a long time Blackberry RIM customer i have an inquiry regarding RIMs security concession to countries in the Middle East and Asia. Countries like Saudi Arabia had originally planned to ban BBM services due to its encryption. Thereafter RIM decided to "install three blackberry servers" in Saudi Arabia to avoid the ban. As a long time customer of RIM i believe it is our right as customers to know if countries in the Middle East and Asia such as Saudi Arabia, Bahrain, the UAE and India are able to monitor our conversations.
Thank You.No, they are not.
I don't know of any email address, but at the bottom of this page is a CONTACT link, at which you 'll find phone numbers with which you can RIM directly ask yourself.
Good luck.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Internal SD Encryption & Enterprise Security
Does Sony has any plans for the above?
Internal SD encryption is something that a lot of users have been seeking. And the fact that Android doesn't have this feature built in or there's no such app in the Play store makes it more appealing to have it built in on Xperia phones. The current Android encryption only effect the 'data' partition and not the internal sd card. Which becomes an issue when an Xperia phone is lost or stolen. All one need to do is flash a new os, erasing all user data, but the content in the internal sd is still intact.
As for Enterprise Security, it's something that Xperia phones need to have if it wants to penetrate the Enterprise Market that are still being dominated by Blackberrys. Samsung has Knox, and it's about time Xperia has one of it's own.I continue to refer Sony's whitepapers. ;-) This time the section about memory in Android devices from http://www-support-downloads.sonymobile.com/c6602/whitepaper_EN_c6602_xperia_z.pdf
"In Sony Mobile 2013 products, “Internal Storage” is now the union of what was previously known as “Phone Memory” (for applications and their data. “/data”) and “Internal Storage” (for user’s content, “/sdcard”). The reason for this change is to make the use of available memory more flexible, and also to enable the optional encryption of user’s content."
This basically means that there are no such things as "data partition" or " internal sd-card" anymore, only one big "internal storage" that holds everything. When it is encrypted, everything stored on the phone is encrypted. -
Thoughts regarding encryption & non-securely deleted files
Let's say you have a USB drive, non encrypted, from which you over the years have deleted a bunch of files - non-securely. Since you realize that the files are sensitive, you now choose to encrypt the drive with the right-click -> Encrypt function. Furthermore, you also set the trash can to always securely delete files from now on.
What worries me about this scenario are the old files that were deleted non-securely, before encryption: If someone would steal the drive and attempt to restore data that hasn't yet been overwritten, would those deleted files be accessible to that person? Or have the encryption effectively scrambled those old files as well?
I know that the best option is to do a 7-pass format and encrypt the drive and then move your files to it, but that isn't always an option (you might not have space to store files temporarily somewhere else, for example).
An other thing about "secure delete" which isn't really clear: Does the secure delete also overwrite previously deleted files or just the ones from the point in time when you turned on the setting?If someone would steal the drive and attempt to restore data that hasn't yet been overwritten, would those deleted files be accessible to that person?
No. Every block on the drive will be encrypted, including free blocks. -
Encryption Vulnerability Security SCAN DS
I created DS instances. While running security scan for Encryption Vulnerability I found out that following ports are supporting weak SSL.
port 636/tcp over SSL
port 11163/tcp over SSL
port 32772/tcp over SSL
port 3999/tcp over SSL
port 1636/tcp over SSL
How to Disable ciphers which support cleartext communication. Or what is fix for this.
Thanks
PramodThanks Fede.
I looked my dse.ldif file.
It lloks like this ....
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSLServerAuth: cert
nsSSL2: off
nsSSL3: on
nsSSL3Ciphers: all
nsKeyfile: alias/slapd-key3.db
nsCertfile: alias/slapd-cert8.db
numSubordinates: 1
nsSSL2 is already off.
Thanks
Pramod -
IS Transperent Data Encryption is secure from DBA?
Hi all,
I want to encrypt some of data, for that i learn about Transperent Data Encryption, But i have doubt that TDE cant able to provide security against DBA.
I want your valluable comment on this. and I want to know, is there any other way to secure my data From DBA except Database Vault?
Thanks
Message was edited by:
Pratik BrahmbhattHi Sam,
We use Oracle Applications 11.5.5 and 11.5.7 and DB 8.1.7.4.0 so TDE is not applicable for us.. but I think I got my objective (to encrypt and decrypt an attribute column) using the dbms_obfuscation_toolkit through the custom.pll
There's only one thing to do, and its being a bit difficult for me to do it: how to capture the event KEY-EXIT (there/then is when I've planned to call the encrypt procedure)? That even is not in the "captured events list" for the custom.pll.
Any ideas? How do you do when you want to make some operation in custom.pll corresponding with a KEY-EXIT event of a form?
Thanks,
Jose. -
I am unable to received encrypted emails from my work as when I log into my gmail account once I have clicked onto the email message I keep getting
an error that says I must log out of my hotmail and into my gmail to receive this message. I do this and still the same message. I have actually gone onto Hotmail and signed out, gone then back to the link to sign into my gmail link for the encrypted
message to log in with my gmail and password which I have also changed and still same, I am logged into Hotmail and I must log out and sign in with gmail address to access the encrypted message. I have tried to use IE, Google Chrome and Firefox all with
the same issues. It appears our IT person is having the same issue. We really need to get this going and is there a contact person who can help us?This is not an Office 365 support forum. This is a Windows 7 support forum.
The Microsoft Office support forums are found @
https://social.technet.microsoft.com/Forums/office/en-us/home?category=officeitpro%2Cvisio2010%2Cgrooveserveritpro and that is where you need to post for assistance with Office 365.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
Is the "Pages" encryption option secure enough?
Hi everybody!
I am starting to write something quite personal and confidential on Pages (which is truly awesome for a new mac owner!) and I found that like Word I can protect my files with a password. I wanted to know if that method is safe enough or if I need to find something else to hide my secrets?
Thanks a lotVery.
We regularly have users come in here weaping and wailing, asking for a secret way back in, because they can't get in.
Happily we can tell them no. Security is security, is it not?
Peter -
How to regenerate security certificates? CUCM 6.1.3
Hi,
Company has a call manager with 3 nodes on version 6.1.3:
- NODO1: 10.102.224.254
- NODO2: 10.102.224.253
- NODO3: 10.102.239.20
From S.O. web can be seen that some certs are going to expire. We have received a warning via e-mail. And we have checked opening certifications that expiration date is about to happen.
This is the security mode configuration:
Service parameters --> Publisher --> Call Manager-->Security Parameters
Cluster Security Mode: 1
CAPF Phone port:3804
CAPF Operation expires in (days):10
Enable caching: false
Certificates that are going to expire are the following:
CallManager_pem
CallManager_der
CAPF_pem
CAPF_der
CAPF-e09c40eb_pem
CAPF-e09c40eb_der
ipsec_cert_der
ipsec_cert_pem
NODO1_der
NODO1_pem
tomcat_cert_der
tomcat_cert_pem
At publisher, it can be seen no CTI file,
show itl
Executed command unsuccessfully
No valid command entered
There is only a CTL file, and it´s the following:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.19 17:47:46 =~=~=~=~=~=~=~=~=~=~=~=
show ctl //Note: at the following file, some digits of the "SIGNATURE" have been changed with "*". And some name. Nothing else.
Length of CTL file: 5946
Parse CTL File
Version: 1.2
HeaderLength: 304 (BYTES)
BYTEPOS TAG LENGTH VALUE
3 SIGNERID 2 117
4 SIGNERNAME 56
5 SERIALNUMBER 10
6 CANAME 42
7 SIGNATUREINFO 2 15
8 DIGESTALGORTITHM 1
9 SIGNATUREALGOINFO 2 8
10 SIGNATUREALGORTITHM 1
11 SIGNATUREMODULUS 1
12 SIGNATURE 128
8d e3 61 8a d9 8 e a3
8d 5b 82 6f 51 81 a3 1b
e2 fe e5 57 66 f7 ab 54
f 69 fb ** 72 bf 3f a1
ee ea a3 fb b5 80 0 af
74 20 ac b 92 b0 c5 fd
fa f6 6e 52 c3 90 25 e1
2a ** 83 f0 ee 4f d3 9b
2e 6b c4 4d 45 79 40 41
f2 b7 3 7e 7f 7a ** b4
76 cc 45 e2 52 b1 4e 63
74 b1 a7 d8 36 97 22 47
8a 80 63 88 67 7e 7a 8d
2d ** eb 24 57 7b c2 74
cf 4 bb 9d dd b1 a a
e7 a9 5a 58 88 0 3f 67
14 FILENAME 12
15 TIMESTAMP 4
CTL Record #:1
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 1186
2 DNSNAME 1
3 SUBJECTNAME 56 cn="SAST-ADN597e8314 ";ou=IPCBU;o="Cisco Systems
4 FUNCTION 2 System Administrator Security Token
5 ISSUERNAME 42 cn=Cisco Manufacturing CA;o=Cisco Systems
6 ISSUERNAME 10
7 PUBLICKEY 140
9 CERTIFICATE 902
10 IPADDRESS 4
This etoken was not used to sign the CTL file.
CTL Record #:2
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 1180
2 DNSNAME 1
3 SUBJECTNAME 56 cn="SAST-ADN592dfe14 ";ou=IPCBU;o="Cisco Systems
4 FUNCTION 2 System Administrator Security Token
5 ISSUERNAME 42 cn=Cisco Manufacturing CA;o=Cisco Systems
6 ISSUERNAME 10
7 PUBLICKEY 141
9 CERTIFICATE 895
10 IPADDRESS 4
This etoken was used to sign the CTL file.
CTL Record #:3
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 765
2 DNSNAME 15 10.102.224.253
3 SUBJECTNAME 13 cn=NODO2
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO2
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
CTL Record #:4
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 765
2 DNSNAME 15 10.102.224.254
3 SUBJECTNAME 13 cn=NODO1
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO1
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
CTL Record #:5
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 982
2 DNSNAME 15 10.102.224.254
3 SUBJECTNAME 43 cn=CAPF-e09c40eb;ou=AREA TIC;o=NOMBREX
4 FUNCTION 2 CAPF
5 ISSUERNAME 43 cn=CAPF-e09c40eb;ou=AREA TIC;o=NOMBREX
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 698
10 IPADDRESS 4
CTL Record #:6
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 764
2 DNSNAME 14 10.102.239.20
3 SUBJECTNAME 13 cn=NODO3
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO3
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
The CTL file was verified successfully.
Certificates at publisher are the following:
admin:show cert list own
tomcat
ipsec
CallManager
CAPF
admin:show cert list
ipsec-trust/NODO1.pem
ipsec-trust/NODO1.der
ipsec-trust/c92d8a04.0
CallManager-trust/CAP-RTP-001.pem
CallManager-trust/CAP-RTP-002.pem
CallManager-trust/Cisco_Manufacturing_CA.pem
CallManager-trust/Cisco_Root_CA_2048.pem
CallManager-trust/a0440f4c.0
CallManager-trust/a69d2e04.0
CallManager-trust/f7a74b2c.0
CallManager-trust/dcc12642.0
CallManager-trust/0d40b14e.0
CallManager-trust/CAPF-7EC94D72.pem
CallManager-trust/CAPF-97FA3FDE.pem
CallManager-trust/CAPF-e09c40eb.pem
CallManager-trust/3e92ebd9.0
CallManager-trust/8eb380b0.0
CAPF-trust/CAP-RTP-001.pem
CAPF-trust/CAP-RTP-002.pem
CAPF-trust/Cisco_Manufacturing_CA.pem
CAPF-trust/Cisco_Root_CA_2048.pem
CAPF-trust/a0440f4c.0
CAPF-trust/a69d2e04.0
[1mPress <enter> for 1 line, <space> for one page, or <q> to quit [0m
[KCAPF-trust/f7a74b2c.0
CAPF-trust/CAPF.der
CAPF-trust/CAPF.pem
CAPF-trust/dcc12642.0
CAPF-trust/8eb380b0.0
admin:utils service list
Requesting service status, please wait...
System SSH [STARTED]
Cluster Manager [STARTED]
Service Manager is running
Getting list of all services
>> Return code = 0
A Cisco DB[STARTED]
A Cisco DB Replicator[STARTED]
Cisco AMC Service[STARTED]
Cisco AXL Web Service[STARTED]
Cisco Bulk Provisioning Service[STARTED]
Cisco CAR Scheduler[STARTED]
Cisco CAR Web Service[STARTED]
Cisco CDP[STARTED]
Cisco CDP Agent[STARTED]
Cisco CDR Agent[STARTED]
Cisco CDR Repository Manager[STARTED]
Cisco CTIManager[STARTED]
Cisco CTL Provider[STARTED]
Cisco CallManager[STARTED]
Cisco CallManager Admin[STARTED]
Cisco CallManager Attendant Console Server[STARTED]
Cisco CallManager Cisco IP Phone Services[STARTED]
Cisco CallManager Personal Directory[STARTED]
Cisco CallManager SNMP Service[STARTED]
Cisco CallManager Serviceability[STARTED]
Cisco CallManager Serviceability RTMT[STARTED]
Cisco Certificate Authority Proxy Function[STARTED]
Cisco Certificate Expiry Monitor[STARTED]
Cisco DRF Local[STARTED]
Cisco DRF Master[STARTED]
Cisco Database Layer Monitor[STARTED]
Cisco Dialed Number Analyzer[STARTED]
Cisco DirSync[STARTED]
Cisco Extended Functions[STARTED]
Cisco Extension Mobility Application[STARTED]
Cisco IP Manager Assistant[STARTED]
Cisco IP Voice Media Streaming App[STARTED]
Cisco License Manager[STARTED]
Cisco Log Partition Monitoring Tool[STARTED]
Cisco RIS Data Collector[STARTED]
Cisco RTMT Reporter Servlet[STARTED]
Cisco SOAP - CDRonDemand Service[STARTED]
Cisco Serviceability Reporter[STARTED]
Cisco Syslog Agent[STARTED]
Cisco Tftp[STARTED]
Cisco Tomcat[STARTED]
Cisco Tomcat Stats Servlet[STARTED]
Cisco Trace Collection Service[STARTED]
Cisco Trace Collection Servlet[STARTED]
Cisco UXL Web Service[STARTED]
Cisco WebDialer Web Service[STARTED]
Host Resources Agent[STARTED]
MIB2 Agent[STARTED]
Native Agent Adapter[STARTED]
SNMP Master Agent[STARTED]
SOAP -Log Collection APIs[STARTED]
SOAP -Performance Monitoring APIs[STARTED]
SOAP -Real-Time Service APIs[STARTED]
System Application Agent[STARTED]
Cisco DHCP Monitor Service[STOPPED] Service Not Activated
Cisco Extension Mobility[STOPPED] Service Not Activated
Cisco Messaging Interface[STOPPED] Service Not Activated
Cisco TAPS Service[STOPPED] Service Not Activated
Cisco Unified Mobile Voice Access Service[STOPPED] Service Not Activated
Primary Node =true
admin:
Perfil de seguridad Ej:para un CP-7960
-Phone Security Profile Info
Device Protocol: SCCP
Name: SP_7960_Encriptado
Description: Migrated Profile: Sec_mode 3 Auth_mode 2
Device Security Mode: Encrypted
-Phone Security profile CAPF Info
Authentication mode: By null string
Key Size: 1024
At this forum, it says for version 5x to /7x I have simply to regenerate certificates:
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-50/99815-ccm-sec-cert.html
These are the doubts I have:
- Is it necessary to regenerate any certificate in first plase?, if so ¿what is the place I should follow for each certificate?
- Is it necessary to restart any service before regenerating the certificates? for version 8.0 and higher, I saw that it´s necessary to restart TFTP and Call Manager services.
- After regenerating certificates, is it necessary to create a new CTL file? If so, Do I need the two tokens we used to create CTL file at the begining?
- Regarding CAPF certificate. Do i need to push the LSC certificates to the phones? Or I just need to reset phones to do so?
Thank you in advance!Found the answer - Need to "Enable Advance Ad-Hoc Conference" under service parameters.
-
Sending Acrobat 9.0 Pro Forms through Secure E-mail Method
I have build a number of forms in Adobe Acrobat 9.0. I've read all there is about Adobe Security. But after trying many, many methods, I can't seem to find a way to 1) make it work, or 2) test the method to ensure it works.
The cernerio is this....
The Acrobat .pdf forms on are a web host server. The form has an Adobe object "Email Submit" button. The button includes the email address that the form is to be sent to by email, and the subject. It also has the "Sign Submission" checked, with the personal certificate made of the author.
A visitor to the website clicks on a hyperlink and views the Adobe .pdf form within the browser (Chrome, Firefox, MS I.E.).
The visitor fills out the form. The visitor clicks on the "Email Submit" button. A dialog displays indicating if the visitor wants to send the email by his client email program, or by a web email client program. The visitor choses and the email goes off to the recipient, which is the email address given in the "Email Submit" button.
The email is received by the author. The author clicks on the .pdf attachment and gets a dialog box to choose a "response.pdf" file, or Cancel. The author Cancels the response dialog box and is able to view the .pdf.
What my request is:
1) I doubt I have this form setup right so that when the visitor sends the email, the email .pdf attachment is encrypted and secured (i.e. secured email).
2) Can someone provide just a simple checklist of actions to do to ensure this email .pdf attachment is encyrpted and secured so that the email is secured? (There are personal confidential items involved within the form.)
3) Can someone tell me how I can test to know when the visitor sends the email attachment, it is not secured, and vice-versa, it is secured? I need to have this confidence level.
Thanks!
Jim MorrisseyI'm very unfamiliar with the solution you propose, but I've researched it some now.
So I built a very simple form (Name, Address, Phone Number) within Lifecycle Designer. I placed a Button on the form. I choose the Control Type as "Submit". On the Button object's Submit tab, I enter the URL I wish to use for this test (http://www.innovationdesignco.com/innovationdesigncocom/Temp/). I set the "Submit As" to PDF, so that the entire PDF is Posted to the server.
I save the form. I open up Adobe Acrobat 9.0 Pro and fill out the form. I press the submit button. I get an error: "General Error" - http://www.innovationdesignco.com/innovationdesigncocom/Temp/.
This error makes no sense to me. Can you explain what I'm doing wrong?
I've attached the simple test form.
Thank you very much!
Jim -
Tech Note : Oracle AS B2B - Security configuration
Security Setup:
Step1 : Create a self signed certificate for the host using the Oracle Certificate Authority, the tutorial for the same is as below.
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/devapp06.htm
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/ basics06.htm
Alternatively it is possible to obtain a certificate from the CA(certificate Authority like Verisign or Thwarte) . Certificate extension should not matter, as long as you use x.509 compliant certificate.
Step2: Import the host certificate into the Oracle Wallet along with the Root certificate.
Step 3: Make sure you have specify the wallet location properly (folder name) in the file <Oraclehome>/ip/configuration/tip.properties.
E.g. oracle.tip.adapter.b2b.WalletLocation = c:/tmp/soa/b2b
Step 3: Using Oracle Integration B2b, The following are the steps to configure for secured way of transferring messages between trading partners.
à Select Partners
à Select Trading Partner
à Select Acme<Host>
à Click on “Update”
Enter the following information
General Page: Enter the following information
Field Value
New Wallet Password <Password>
Confirm New Password <Password>
à Click Apply
step 4: Setting up the Host Delivery Channel:
For providing the Security Information for Host Trading Partner (Acme)
Create Communication Capability
à Select Trading Partners
àSelect Acme
à Select Capabilities
à Select <Business protocol>
àSelect Create Communication Capability
Delivery Channel Page
Prompts to define the following delivery channel details for the secure exchange of messages between trading partners:
· Delivery channel name
· Acknowledgment mode
· Global usage code
· If nonrepudiation of receipt and nonrepudiation of origin are
Required
· If encryption, transport security, and compression are enabled
· Time to acknowledgment value
· Retry count value
Note: The selections you make on this page for nonrepudiation of receipt, nonrepudiation of origin, encryption, and transport security determine the fields that display and the transport protocols that are selectable on subsequent pages of this wizard.
Document Exchange Page
Prompts to define the following document exchange characteristics for exchanging messages between trading partners
· Document exchange name
· Exchange protocol revision (for example, RosettaNet V02.00 or
01.10) and parameter values that can be overridden, if necessary
· Document exchange protocol parameters
· Digital signature, signing credential, and certificate file if you
Selected “Yes” for nonrepudiation of receipt and nonrepudiation
of origin on the Delivery Channel page.
· Digital envelope, encryption credential, and certificate file if
you selected “Yes” to enable encryption on the Delivery Channel
page.
In the Document Exchange window, enter the following information,
Encryption:
There is a need to select Digital Envelope algorithm depending on whether encryption is enabled.
New encryption credential can be created using create new or use the existing Encryption credentials. For new credentials use Browse button to locate Host certificate as it is used to decrypt the message. Make sure this certificate should be available in the e-wallet.
Non-Repudiation: If Non-Repudiation is enabled then select the Digital Signature and Signing credentials. Use Browse button to locate Host certificate for Digitally Signing the outbound Message. Make sure this certificate should be available in the e-wallet.
B2B engine uses the certificate from the repository for both signing and encryption and also a lookup to the wallet for Private key, hence there is a need to import the host certificate into the wallet as well.
Note: There is another way to specify the Certificates,
à Select Partners
à Select Trading Partner
à Select Acme<Host>
à Click on “Create” under Certificate
Enter the following information
Field Value
Name <Any valid Name>
Certificate File <Using browse to locate the certificate >
à Click Apply
Use this certificate while creating the Delivery Channel by selecting “Use Existing”.
Step 5: Setting up the Trading Partner Delivery Channel:
Providing the Security Information for Remote Trading Partner (GlobalChips)
Create Communication Capabilities
à Select Trading Partners
àSelect GlobalChips
à Select Capabilities
à Select <Business protocol>
àSelect Create Communication Capability
Delivery Channel Page
Prompts to define the following delivery channel details for the secure exchange of messages between trading partners:
· Delivery channel name
· Acknowledgment mode
· Global usage code
· If nonrepudiation of receipt and nonrepudiation of origin are
Required
· If encryption, transport security, and compression are enabled
· Time to acknowledgment value
· Retry count value
Note: The selections you make on this page for nonrepudiation of receipt, nonrepudiation of origin, encryption, and transport security determine the fields that display and the transport protocols that are selectable on subsequent pages of this wizard.
Document Exchange Page
Prompts to define the following document exchange characteristics for exchanging messages between trading partners
· Document exchange name
· Exchange protocol revision (for example, RosettaNet V02.00 or
01.10) and parameter values that can be overridden, if necessary
· Document exchange protocol parameters
· Digital signature, signing credential, and certificate file if you
Selected “Yes” for nonrepudiation of receipt and nonrepudiation
of origin on the Delivery Channel page
· Digital envelope, encryption credential, and certificate file if
You selected “Yes” to enable encryption on the Delivery Channel
Page
In the Document Exchange window, enter the following information,
Encryption:
There is a need to select Digital Envelope algorithm depending on whether encryption is enabled.
New encryption credential can be created using create new or use the existing Encryption credentials. For new credentials use Browse button to locate Trading Partner certificate as it is used to encrypt the outbound message.
Non-Repudiation: If Non-Repudiation is enabled then select the Digital Signature and Signing credentials. Use Browse button to locate Trading Partner certificate for Digital signature verification for the inbound message.Hello Shailesh, Answers are in line.
1. Is a dedicated server required to host OHS or can it safely co-exist with a windows server running IIS?
It can co-exist
2. Can the transportServlet point to more than one OHS?
not sure about question. OHS is for reverse proxy configuration and DMZ setup.
3. What protocols, if any (UDP/ TCP) need to be permitted through the firewall to facilitate communication between OHS and Oracle AS Integration server?
AJP Protocol. Please refer to Oracle APPLication server Admin guide.
4. How is OHS secured in terms of accepting only valid incoming HTTP/S requests?
Please refer
http://download.oracle.com/docs/cd/B31017_01/core.1013/b28940/sslmid.htm
Rgds,Ramesh -
Web Service Security username token...
Hi All,
I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
My WS_stub.xml on the proxy side looks like the following:-
other tokens
<security>
<inbound/>
<outbound>
<username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
</outbound>
</security>
other tokens
and my oracle-webservices.xml on hte web service side looks like the following:-
other tokens
<security>
<inbound>
<verify-username-token name="NAME" password="PASS" password-type="DIGEST"
require-nonce="true"
require-created="true"/>
</inbound>
<outbound/>
</security>
other tokens
I have set the javacache.xml for the embedded OC4J location as follows:-
</persistence>
<max-objects>1000</max-objects>
<max-size>48</max-size>
<clean-interval>60</clean-interval>
</cache-configuration>
When I run the web service followed by the proxy I get the following error at the proxy side.
javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
Regards,
Lester.Hi All,
Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
Process exited with exit code 0.
My WS_Stub.xml file under runtime of the proxy project looks as follows:-
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
<port-info>
<wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="dave"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name='addtrailerinfo'>
<runtime>
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="test"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
My oracle-webservices.xml file looks like the following:-
<oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
<webservice-description name="TrailerWS">
<port-component name="TrailerWSSoapHttpPort">
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore"
path="META-INF/mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-username-token password-type="PLAINTEXT"
require-nonce="false"
require-created="true"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key key-pass="" alias="dave"/>
<encryption-method>3DES</encryption-method>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name="addtrailerinfo"
input="{http://trailerinfo/}addtrailerinfoElement">
<runtime>
<security>
<inbound>
<verify-username-token require-nonce="false"
require-created="true"
password-type="PLAINTEXT"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"
mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound/>
</security>
</runtime>
</operation>
</operations>
</port-component>
</webservice-description>
</oracle-webservices>
I checked this exception out at hte following link
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
Regards,
Lester.
Maybe you are looking for
-
Can't figure out how to send photos to outside lab
Hello, I am new to Apple products and have had my iMac desktop for one week. I am not very computer savy to start with and it is so different from my old pc. I also have a new camera - Nikon D7100 - so I am attempting to learn TWO new things. At
-
Does hp 3056A printer work with windows 8
does an hp 3056A all-in-one printer work with a windows 8 computer
-
Laser jet pro won't scan to network folder
I have just setup a Laserjet Pro 200 (MFP M276nw) and have it successfully printing from an iMac running Mavericks OS. I am also able to scan using the HP scanning utility. All of this is connected via my wireless network. However, no matter what I t
-
Problem of encoding for mail sender adapter
Hello, everyone. I have faced the problem of mail sender adapter. When someone send message with any content encoding (even UTF-8) and 8bit content type encoding the XI mail adapter corrupt special and foreign symbols. I checked the message for corre
-
Is Blocked stock valuated in FS10N??
Experts, I am wondering if Blocked stock is valuated in our G/L Accounts inventory values for transaction FS10N. If I do a transfer from available to blocked, movement types 343/344....Does it post an accounting document? If so, what are the acc