Nodemanager configuration with SSL and Subject Alternative Names.

We want to configure serveral nodemanagers in serveral machines using SSL. Is possible to use only one certificate with one CN and several subject alternative names (one per machine)?
We cannot configure the nodemanager, we always get an SSLHandShake exception.
Thanks.

Hi,
Hope you found out resolution to your issue. 
incase you havent , presuming the CN used in your certificate is not the host name and all the host servers can resolved/ identify that CN. Dont see major problem in the way you explained.
However handshake exception only points at certain specific case
- where the certs are not imported into keystores ( client or server side) or
- certs mismatching at clent & server
- too many certs with the same CN in the same keystore or CN resolving to more than 1 cert ( if its possible).
Let me know if you need help in reolving this and also paste the error trace of 'handshake' exception you see.
Sri

Similar Messages

  • CF10, CFHTTP and SSL subject alternative names

    I have an SSL certificate where the Common Name doesn't match the url, but the Subject Alternative Name does.  The Common Name is the actualMachineName.subnet.subnet.mynetwork.com and the SAN is www.prettyurl.com.  I understand older versions of CF don't support this, but the comments regarding Bug #3566218 say that CF10 does.  However, I am still getting connection failures telling me the name doesn't match.
    Can anyone confirm this should/shouldn't work in CF10?  I have imported all of the certs via the keytool and explored all of those issues.  The only remaining issue is that the url doesn't match the CN.
    TIA,
    Eric

    I received the message,"this site has sent an untrusted certificate", on my N95.  It would prompt me to continue or view certificate.   If I select Continue, everything worked fine.  It got annoying after a awhile.  I went thru 2 pages of google results and could not find the answer to fix my issue.  I gave up and then somehow figured it out on my own at the bar the next day.  
    The issue was that I had the incorrect date.  This was actually one of the first things I checked.  However I overlooked that the date format was ddmmyyyy.  I simply updated to mmddyyyy and fixed the date and the issue was resolved.
    Hope this helps.

  • Certificate signing request with subject alternative names?

    Has anyone been successful at generating a certificate signing request for a certificate that uses subject alternative names via the Server Manager GUI? It seems to skip the entire X509 section of the CSR for me.
    Command line via openssl works but I'd like to stick with the GUI for the encryption on the certificates.

    I just checked the documentation and found that your code is incorrect. IAlternativeName::StrValue contains value for an email address, a Domain Name System (DNS) name, a URL, a registered object identifier (OID), or a user principal name (UPN). It doesn't
    contain string value for directory name (and other non-mentioned types). Instead, you need to instantiate an IX500DistinguishedName interface and initialize it from an alternative name value:
    class Program {
    static void Main(string[] args) {
    String RequestString = "Base64-encoded request");
    CX509CertificateRequestPkcs10 request = new CX509CertificateRequestPkcs10();
    request.InitializeDecode(RequestString, EncodingType.XCN_CRYPT_STRING_BASE64_ANY);
    Console.WriteLine("Subject: {0}", request.Subject.Name);
    foreach (IX509Extension ext in request.X509Extensions) {
    if (ext.ObjectId.Name == CERTENROLL_OBJECTID.XCN_OID_SUBJECT_ALT_NAME2) {
    CX509ExtensionAlternativeNames extensionAlternativeNames = new CX509ExtensionAlternativeNames();
    string rawData = ext.RawData[EncodingType.XCN_CRYPT_STRING_BASE64];
    extensionAlternativeNames.InitializeDecode(EncodingType.XCN_CRYPT_STRING_BASE64, rawData);
    foreach (CAlternativeName alternativeName in extensionAlternativeNames.AlternativeNames) {
    switch (alternativeName.Type) {
    case AlternativeNameType.XCN_CERT_ALT_NAME_DIRECTORY_NAME:
    IX500DistinguishedName DN = new CX500DistinguishedName();
    DN.Decode(alternativeName.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]);
    Console.WriteLine("SAN: {0}", DN.Name);
    break;
    default:
    Console.WriteLine("SAN: {0}", alternativeName.strValue);
    break;
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • CSS 11501 - wildcard certificate with subject alternative names

    Hi,
    I generated a wildcard certificate for my company type *. mycompany.com in a CSS 11501.
    For the site sub-domain1.mycompany.com worked fine, for the site sub-domain2.sub-domain1.mycompany.com didn't worked.
    I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
    Thank you very much,
    Cláudio Soares

    Hi,
    The CSS is indifferent to the Common Name in an SSL certificate used for SSL termination,
    so using a wildcard certificate would be no different than using a standard certificate.
    If using the CSS to generate the Certificate Signing Request, just enter the Common
    Name with the leading asterisk for the subdomain portion of the hostname. Example:
    Common Name (your domain name) [www.mycompany.com]*.domain.com
    The only difference in configuring SSL termination would be that you could
    reuse the SSL certificate (in the ssl-proxy-list) for all the different vips that the
    subdomains resolve to without having to worry about pop-up warnings on client's browsers
    (example attached). Or, if your subdomains resolve to the same vip, the CSS configuration
    wouldn't be any different.
    Regards,
    Siva

  • ACE and SSLM support Subject Alternative Name (SAN)

    Hi
    I want to  migrate Exchange server to Exchange 2010, I would like to know if ACE and SSLM support Subject Alternative Name (SAN).
    1.   Can the current CSM (WS-SVC-SSL-1-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it.
    a.       exchange.ww.edu
    b.       legexchange.ww.edu.
    2)      Can the new ACE( ACE20-MOD-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it:
    a.       exchange.ww.edu
    b.       legexchange.ww.edu
    Thanks
    Nomi

    I dont see anything in the config guide where the ACE can generate certs with SANs. However, if you are going to generate the cert and keys offline, then it might work. Can you supply a sample pkcs12 file in PEM format that I can test in the lab ? Which s/w version ?
    Matthew

  • Used a Subject Alternative Names certificate with an ESA IronPort C170

    Hi all,
    Is  someone know if it is possible to use a "Subject Alternative Names" Certificate (SAN / UCC SSL) for an Email Security Appliance C170.
    Is it possible to do this, with an IronPort ?
    Thank you very much, for your reply.
    Regards,
    David

    Hello RYAN,
    Thank you for your reply, It is a very good new for us.
    Have a nice day!
    David

  • Error: Subject alternative name did not match site name (JavaME)

    When I try and connect to my RESTFul Web Service using SSL I get this exception:
    "Subject alternative name did not match site name".
    I did Google searches and as far as I can tell my 'Subject' matches my 'site name'. I know this because when I connect using my Browser (IE or Firefox) they say our SSL certificate is a-ok (no mismatches). Also, my Windows Mobile 5/6 REST application works fine under SSL. So, I am doubting it's a server side setting?
    Godaddy's root certificate is installed on the Java Emulator. If I disable the root cert I get a different error.
    I am using the QwertyDevice Emulator with 'identified_third_party' security. Wireless Toolkit 2.5.2 and NetBeans Mobility 6.0.1.
    My Web Server is IIS 6.0 that is hosting a WCF .NET 3.5 WebService using the webHttp binding (for those who don't know that's makes it a RESTFul Web Service).
    IIS 6.0 Settings:
    -Web Service is under Default Web Site and in Default Application Pool.
    -'Require secure channel (SSL)' is selected as well as 'Require 128-bit encryption'.
    Here is my client Code:
    InputStream is = null;
    HttpConnection conn = null;
    try
    conn = (HttpConnection)Connector.open("https://ourwebserver.ourdomain.com/RESTServer/Service.svc/REST/getmyopentasks/", Connector.READ_WRITE);
    conn.setRequestProperty("Authorization", "Basic " +
    BasicAuth.encode(userName, password));
    conn.setRequestMethod(HttpConnection.GET.toString());
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    is = conn.openInputStream();
    catch (IOException ex)
    ex.printStackTrace();
    A few notes: We are using Basic HTTP Authentication, and "BasicAuth.encode" method is, a helper method, that I found code for out on the Internet. It works fine though.
    Because when I run this above code with SSL turned off, on the server, it works fine (authenticating and getting RESTFul XML back). I did try HttpsConnection as well. Did not work. Same SSL error.
    When this line is executed: "is = conn.openInputStream();" I get this exception: "Subject alternative name did not match site name". I have searched this forum and Google and can't figure this one out! Thanks!

    When I try and connect to my RESTFul Web Service using SSL I get this exception:
    "Subject alternative name did not match site name".
    I did Google searches and as far as I can tell my 'Subject' matches my 'site name'. I know this because when I connect using my Browser (IE or Firefox) they say our SSL certificate is a-ok (no mismatches). Also, my Windows Mobile 5/6 REST application works fine under SSL. So, I am doubting it's a server side setting?
    Godaddy's root certificate is installed on the Java Emulator. If I disable the root cert I get a different error.
    I am using the QwertyDevice Emulator with 'identified_third_party' security. Wireless Toolkit 2.5.2 and NetBeans Mobility 6.0.1.
    My Web Server is IIS 6.0 that is hosting a WCF .NET 3.5 WebService using the webHttp binding (for those who don't know that's makes it a RESTFul Web Service).
    IIS 6.0 Settings:
    -Web Service is under Default Web Site and in Default Application Pool.
    -'Require secure channel (SSL)' is selected as well as 'Require 128-bit encryption'.
    Here is my client Code:
    InputStream is = null;
    HttpConnection conn = null;
    try
    conn = (HttpConnection)Connector.open("https://ourwebserver.ourdomain.com/RESTServer/Service.svc/REST/getmyopentasks/", Connector.READ_WRITE);
    conn.setRequestProperty("Authorization", "Basic " +
    BasicAuth.encode(userName, password));
    conn.setRequestMethod(HttpConnection.GET.toString());
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    is = conn.openInputStream();
    catch (IOException ex)
    ex.printStackTrace();
    A few notes: We are using Basic HTTP Authentication, and "BasicAuth.encode" method is, a helper method, that I found code for out on the Internet. It works fine though.
    Because when I run this above code with SSL turned off, on the server, it works fine (authenticating and getting RESTFul XML back). I did try HttpsConnection as well. Did not work. Same SSL error.
    When this line is executed: "is = conn.openInputStream();" I get this exception: "Subject alternative name did not match site name". I have searched this forum and Google and can't figure this one out! Thanks!

  • What versions of Weblogic currently have Subject Alternative Name support?

    I would like to visit a comment I saw in an old forum thread from 2010
    Certificate hostname verification error with 10.3
    that "WebLogic currently does not support the Subject Alternative Name field." Can someone please let me know what versions of Weblogic currently have Subject Alternative Name support? We are currently on 10.3. Is there anything near that version that has support, or a patch available for it?
    Regards,
    John

    The KM number is the article number on the support site. Logon to Oracle support and paste the number into the knowledge search and you will get your answer. The article is called "How to Develop Custom Hostname Verifier for Subject Alternative Name (SAN) Certificates" and applies to WLS 10.3.3 and later.

  • JDBC Thin Connections with SSL and client certificates

    Hi ,
    we are going have a look at JDBC Thin Connections with SSL and client certificates.
    I have two questions:
    1. Is it possible to use SSL connections from JDBC Thin Driver and which release of the driver introduced it
    2. Is it possible to use client certificates with JDBC Thin Driver and which release of the driver introduced it
    Thanks for your help
    regards
    Markus Reichert

    I could not reproduce the error after appending the SSL certificate to the certdb.txt file available under $Jinitiator_Home/lib/security folder.
    Steps to add the SSL Certificate:
    1. Run the form with the https mode in the IE Browser.
    2. Security Alert is raised.
    3. Click on the View Certificate button.
    4. In the Certificate Window, click on the Details tab.
    5. Click on the Copy to File button to copy the certificate.
    6. Copy the certificate and append to the certdb.txt file.

  • I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

    I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

    Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.

  • [solved]partially working network, problems with ssl and irc

    Hi,
    for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
    My rc.conf looks like this:
    # /etc/rc.conf - Main Configuration for Arch Linux
    # LOCALIZATION
    # LOCALE: available languages can be listed with the 'locale -a' command
    # HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
    # in the hardware clock being left untouched (useful for virtualization)
    # TIMEZONE: timezones are found in /usr/share/zoneinfo
    # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
    # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
    # CONSOLEMAP: found in /usr/share/kbd/consoletrans
    # USECOLOR: use ANSI color sequences in startup messages
    LOCALE="de_DE.utf8"
    HARDWARECLOCK="localtime"
    TIMEZONE="Europe/Berlin"
    KEYMAP="de"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    # HARDWARE
    # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
    # MOD_BLACKLIST: Prevent udev from loading these modules
    # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
    # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
    MOD_AUTOLOAD="yes"
    #MOD_BLACKLIST=() #deprecated
    MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
    # Scan for LVM volume groups at startup, required if you use LVM
    USELVM="no"
    # NETWORKING
    # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
    HOSTNAME="horst-lp"
    # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
    # Interfaces to start at boot-up (in this order)
    # Declare each interface then list in INTERFACES
    # - prefix an entry in INTERFACES with a ! to disable it
    # - no hyphens in your interface names - Bash doesn't like it
    eth0="dhcp"
    # Wireless: See network profiles below
    #Static IP example
    #eth0="dhcp"
    eth0="dhcp"
    INTERFACES=(!eth0 !eth1 !wlan0)
    # Routes to start at boot-up (in this order)
    # Declare each route then list in ROUTES
    # - prefix an entry in ROUTES with a ! to disable it
    gateway="default gw 192.168.0.1"
    ROUTES=(!gateway)
    # Enable these network profiles at boot-up. These are only useful
    # if you happen to need multiple network configurations (ie, laptop users)
    # - set to 'menu' to present a menu during boot-up (dialog package required)
    # - prefix an entry with a ! to disable it
    # Network profiles are found in /etc/network.d
    # This now requires the netcfg package
    #NETWORKS=(main)
    # DAEMONS
    # Daemons to start at boot-up (in this order)
    # - prefix a daemon with a ! to disable it
    # - prefix a daemon with a @ to start it up in the background
    DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
    Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
    Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
    thx for reading
    e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
    Last edited by dt (2009-11-07 09:02:46)

    Hi,
    for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
    My rc.conf looks like this:
    # /etc/rc.conf - Main Configuration for Arch Linux
    # LOCALIZATION
    # LOCALE: available languages can be listed with the 'locale -a' command
    # HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
    # in the hardware clock being left untouched (useful for virtualization)
    # TIMEZONE: timezones are found in /usr/share/zoneinfo
    # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
    # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
    # CONSOLEMAP: found in /usr/share/kbd/consoletrans
    # USECOLOR: use ANSI color sequences in startup messages
    LOCALE="de_DE.utf8"
    HARDWARECLOCK="localtime"
    TIMEZONE="Europe/Berlin"
    KEYMAP="de"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    # HARDWARE
    # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
    # MOD_BLACKLIST: Prevent udev from loading these modules
    # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
    # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
    MOD_AUTOLOAD="yes"
    #MOD_BLACKLIST=() #deprecated
    MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
    # Scan for LVM volume groups at startup, required if you use LVM
    USELVM="no"
    # NETWORKING
    # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
    HOSTNAME="horst-lp"
    # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
    # Interfaces to start at boot-up (in this order)
    # Declare each interface then list in INTERFACES
    # - prefix an entry in INTERFACES with a ! to disable it
    # - no hyphens in your interface names - Bash doesn't like it
    eth0="dhcp"
    # Wireless: See network profiles below
    #Static IP example
    #eth0="dhcp"
    eth0="dhcp"
    INTERFACES=(!eth0 !eth1 !wlan0)
    # Routes to start at boot-up (in this order)
    # Declare each route then list in ROUTES
    # - prefix an entry in ROUTES with a ! to disable it
    gateway="default gw 192.168.0.1"
    ROUTES=(!gateway)
    # Enable these network profiles at boot-up. These are only useful
    # if you happen to need multiple network configurations (ie, laptop users)
    # - set to 'menu' to present a menu during boot-up (dialog package required)
    # - prefix an entry with a ! to disable it
    # Network profiles are found in /etc/network.d
    # This now requires the netcfg package
    #NETWORKS=(main)
    # DAEMONS
    # Daemons to start at boot-up (in this order)
    # - prefix a daemon with a ! to disable it
    # - prefix a daemon with a @ to start it up in the background
    DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
    Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
    Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
    thx for reading
    e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
    Last edited by dt (2009-11-07 09:02:46)

  • Solaris 10 zone configuration with sysidcfg and dhcp and hostname

    Hi
    Excuse me if I look like a n00b... it's probably because I'm a n00b.
    I've been struggling in the dark for more than 2 days now and I'm wondering if I'm thinking about this all wrong...
    I have stand-alone server where I need to run zones. I want to create zones and automagically configure them at boot (read: by running a script). So here's what I need...
    A zone
    starting from unconfigured state
    whose hostname is not the same as the zone name
    using corporate DHCP to get its IP address
    with DNS config coming from the DHCP server
    registering its address the DNS
    with a preconfigured root password
    (I don't own the corporate DHCP or DNS servers, I can't put my own DHCP or DNS servers on the network.)
    I would lke to create the zone, throw some config at it, then boot the zone and walk away. I am using zones with exclusive-IP. I can construct the zones and manually configure them once they're started to have DHCP, my own name, registered IP address with DNS and everything else I have specified above. But I don't want to do it manually...
    Sysidcfg seems to do some of what I want but not entirely.
    In sysidcfg I can set the root_password, the primary interface using DHCP, DNS server. I can't set a hostname in sysidcfg AND use configure it for DHCP. So the hostname is not what I want it to be after the zone is started and ready to go. The DHCP server is providing the DNS configuration, Solaris does not seem to honour it, but i'll ignore that for the moment.
    I have tried various combinations of using sysidcfg, /etc/nodename, /etc/hostname.+interface+ and /etc/dhcp.+interface+ but I can't find any combination that actually works.
    I can write to the zonestorage/etc/nodename to set the nodename, that works. But it does not match the DHCP address, so I get prompted for a new name service because it can't find a DNS entry for the name.
    I can write to the zonestorage/etc/hostname.+interface+ and /etc/dhcp.+interface+ (to get the system to register its name with the DNS server after getting its DHCP address) but then I get a system with no root password and no DNS configuration, even though they are set in the sysidcfg file.
    I can write a script that gets part of the way using sysidcfg and /etc/... files, then boots the zone and then runs a bunch of voodoo via zlogin commands to fix all the stuff that couldn't be done 'properly', but that's not a 'boot and walk away' environment. I can write a script that uses sysidcfg and hacks around with other files in /etc (like nsswitch.conf, resolv.conf), but that just feels likes a dirty hack to fix something that wasn't done properly in the first place.
    So where am I going wrong and how do I do it right (within the constraints defined)? Why can't I configure, boot and walk away?
    Thanks

    Thanks abrante
    Thanks for your response!
    I don't think the config is messed up after the installation. I think the installation is fine, it's just not what I want :-)
    I'm trying to decouple the zonename from the system name and get DNS registrations working. After installation, a DHCP client can get its hostname from DNS but I'm trying to do it the other way around. I want the DHCP client specify its own hostname, get an address from the DHCP server and then register its hostname with DNS. If the system gets its name from DNS/DHCP then I have to configure those to provide the system name and I don't own the DHCP/DNS infrastructure. These zones are for a development/QA environment, so we create and reconfigure these frequently. Hence the need to specify the system name within the zone and register that name in the DNS.
    I have tried fiddling with the PARAM_REQUEST_LIST but it does not seem to be working as I expect. :-$ Removing 12 did not help with setting the hostname from the system. DNS does not have a registered name for this system anyway, so even if it tried to get a name for this system, it would get nothing.
    I also do want the DHCP to change the DNS server and domain name, but this does not happen even though my dhcpagent includes 6 and 15 in the PARAM_REQUEST_LIST. I still have to set them in the sysidcfg file because it is always ignored in Solaris (S10u8 with 10_Recommended 30-Jul-2010)
    As stated, I know I can hack around with the system after it has booted. But I'm trying to configure the system before it starts and let it take care of itself and not have to touch it. Frankly I'm surprised that the sysidcfg does not allow you to set a hostname name when you are using DHCP, that the default DHCP configuration does not register the system name with the DNS server, and the DNS config from the DHCP response is ignored. Even a sys-unconfiged system requires DNS configuration during initial boot, when I know that the DHCP response contains DNS information.
    FYI: Windows systems using DHCP work as expected in this respect by default, i.e. set system name, use DHCP --> system gets address from corporate DHCP, DNS settings are set from DHCP information, DNS registration is made for system name.
    I'm working around this at the moment... I call my zone by the system name I want, I hardcode the DNS settings in the sysidcfg file and I create the hostname.+nic+ and dhcp.+nic+ files in the zone storage to get the system to register its name with DNS, them boot.
    Edited by: cydonian on Aug 19, 2010 7:45 PM

  • How do I bind to directory server with SSL and authentication?

    I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
    Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
    Here are the problems:
    1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
    2) I was never prompted to authenticate for the directory binding.
    So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
    What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
    Thank you.

    You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
    Cheers,
    Vikas

  • Business Connector problem with SSL and Web Services

    Hi,
    I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
    All is fine.
    I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
    java.io.IOException:java.lang.NumberFormatException: null
    The error occurs in pub.client:http
    I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
    Does anyone have any idea what the cause is? I cannot determine what value is null.
    Thanks
    Brian

    Hi,
    I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
    All is fine.
    I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
    java.io.IOException:java.lang.NumberFormatException: null
    The error occurs in pub.client:http
    I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
    Does anyone have any idea what the cause is? I cannot determine what value is null.
    Thanks
    Brian

  • How to email purchase order along with body and subject line

    hi experts,
           i have to email the purchase order along with the body and subject line. I am able to send the purchase order as a pdf attachment, but i have still not got a solution how to add body and subject line to this mail.
    plz help me out.

    Hi Santosh,
    if you investigate a little bit the PO output, you can find following information in SRM output customizing:
    POs are edited by methode PROCESS_BBP_PO_MAI from class CL_PD_PO_PROCESSING_BBP.
    Subject, body and attachments are handled here.
    So create your own class and method, and assign them in this customizing point (SRM Server --> Cross-Application Basic Settings --> Set Output Actions and Output Format --> Define Actions for Purchase Order Output).
    Rgds
    Christophe
    PS: please reward points for helpfull answers

Maybe you are looking for

  • Opening a node in editor

    Hi, I am relatively new to JDeveloper extension development. I am currently working with my ESB team to develop an extension to do certain things with the diagram. We are stuck when we are trying to get the oracle.tip.tools.ide.esb.addin.DiagramEdito

  • Screen flicker on external monitor

    Has anyone had any experience with screen flicker on an external monitor?  I connected my laptop to an external monitor and I get consistent flicker on the whole screen.  If anyone can help, or could help pointing me to website etc. I'd appreciate it

  • Issue with Swedish Characters in mail body

    Hi, We are sending mails to some other system from SharePoint. All the swedish characters like ä,Ä,ö become ???. When we are sending mails from outlook to that system , we are getting proper mail. so the issue is from sharepoint side. we are sending

  • Access to SQL Server

    I want to upsize an Access DB to SQL Server. But I still want to be able to write to the Access DB. Will the data written to the Access DB dynamically push to the SQL Server DB?

  • Custom reports

    How can i create a custom reports that runs on target databases? I want to have info from dba_jobs from my databases. Custom report seems to be only for the repository database.