Nodemanager fails hostname verification check

Similar Messages

• Certificate chain received from localhost 127.0.0.1 failed hostname verification check.

  Hello friends. The dns name of our server recently changed. Since that time,
  nothing except the administration node will start up. Server logs reveal the
  following information:
  Certificate chain received from localhost - 127.0.0.1 failed hostname verification
  check. Certificate contained COTHUBT but check expected localhost>
  There is one trusted certificate that was added to the cacerts keystore. Does
  it need to be removed and re added? Any other insight would be appreciated.

  "brain" <[email protected]> wrote:
  Try this if you're running version 8
  In the admin node gui.
  Click on machines
  Click on the NodeManager tab for the machine that you are interested in.
  Change hostname in listen address.
  Bounce the app server
  >
  Hello friends. The dns name of our server recently changed. Since that
  time,
  nothing except the administration node will start up. Server logs reveal
  the
  following information:
  Certificate chain received from localhost - 127.0.0.1 failed hostname
  verification
  check. Certificate contained COTHUBT but check expected localhost>
  There is one trusted certificate that was added to the cacerts keystore.
  Does
  it need to be removed and re added? Any other insight would be appreciated.

• Failed hostname verification check - even when disabled

  Hello Experts,
  I'm using WLS 923 configured as Admin Server that controls two Managed Servers.
  When i go to "Environment ---> Machines ---> Managed Machine ---> Monitoring ---> Node Manager Status
  It says:
  Status - Inactive
  failed hostname verification check. Certificate contained +v-ebpqadmz1+ but check expected +v-ebpqadmz1.dmzntqa.corp.adija.co.il+
  I've disabled verification check in:
  Servers ---> Managed Server -->SSL ---> Advanced ---> Hostname Verification = NONE
  How come hostname verification check is still being performed ?
  Does anyone knows how can i fix this ?
  Meanwhile i had to edit my hostsfile in order to work around it...
  Regards
  Adi J

  Please add the following parameter in your startup argument.
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  Thanks
  Togotutor
  <b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
  Edited by: togotutor on Aug 12, 2010 3:38 PM

• Nodemanager hostname verification failure

  Hi, on some of my machines I installed WL 9.1 on, registry.xml had the fully qualified hostname (this is good), others did not (this is bad). When the admin server tries to connect to the node manager on these machines, I get hostname verification failure because the certificate has the non qual hostname but is expecting fully qual. Simply editing registry.xml to the good value did not fix the issue.
  How does weblogic determine the value that goes in the certificate and in registry.xml?
  Can I force it somehow?
  Can I have it just regenerate the certificate?
  Any help would be appreciated.
  Thanks

  Matthew Sacks <> wrote:
  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager.
  [[Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker:
  [[Failed to send command: 'ping to server 'null' to NodeManager at host:
  [['10.32.33.2:5555' with exception [Security:090504]Certificate chain
  [[received from 10.32.33.2 - 10.32.33.2 failed hostname verification
  [[check. Certificate contained qa153 but check expected 10.32.33.2.
  [[Please ensure that the NodeManager is active on the target machine].]Hi,
  - If you are using scripts:
  you can use the following options in your
  scripts: -Dweblogic.security.SSL.ignoreHostnameVerification=true
  - If you want to use it from the adminserver:
  Go to the adminserver in the console
  Go to 'SSL'
  Select 'Advanced'
  Set 'Hostname Verification' to 'none'
  And restart the adminserver.
  cheers,
  Bart
  Schelstraete Bart
  [email protected]
  http://www.schelstraete.org

• Hostname Verification failed for certificate with CommonName 'gawlsdev02.ss

  Hi All,
  I want to know the meaning and the reason of this exception:
  <Jun 17, 2010 2:05:52 PM EDT> <Warning> <Security> <BEA-090504> <Certificate chain received from gawlsdev02 - 147.141.83.104 failed
  hostname verification check. Certificate contained gawlsdev02.ssga.statestr.com but check expected gawlsdev02>
  <Jun 17, 2010 2:05:52 PM EDT> <Debug> <TLS> <000000> <Hostname Verification failed for certificate with CommonName 'gawlsdev02.ssga.
  statestr.com' against hostname: gawlsdev02>
  thanks in advance.

  When Webloigic Server tries to validate the certificate, it compares te CN of the certificate with the hostname from where the request is coming from.
  If they don't match, hostname verfication fails and SSL connection is not established.
  In your case I see the CN is gawlsdev02.ssga.statestr.com whereas WLS is expecting it to be gawlsdev02.
  U can use this option to ignore host name verification
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  To know about other SSL issues, u can refer this
  http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/
  -Faisal

• ORA-01122: database file 58 failed verification check

  Hi All,
  I have lost one of my datafile while moving them from 1 drive to another. I am getting the following error while trying to start the database:
  ORA-01122: database file 58 failed verification check
  ORA-01110: data file 58: 'G:\ORACLE\R3E\SAPDATA7\R3E700_25\R3E700.DATA25'
  ORA-01251: Unknown File Header Version read for file number 58
  Please suggest what can be done to correct the error. Also I don't have a backup.
  Suman

  - open http://service.sap.com/notes
  - enter "ORA-01251"
  - you will find Note 696141 - Composite SAP Note: ORA-01122
  and that section:
        10. ORA-01251: Unknown File Header Version read for file number <file_id>
  Reason: The file header cannot be correctly read.
  Solution: If you use Oracle 9.2 on WINDOWS and if you already installed the database with Oracle 7.2 or lower, see Note 636466.
             Otherwise: Restore/recovery
  Markus

• ORA-01122: database file 30 failed verification check

  SQL*Plus: Release 10.1.0.4.2 - Production on Wed Feb 13 20:33:13 2008
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  when starting the DB for 10gAS get following error, db is started but cannot sign in
  SQL> SQL> Connected.
  SQL> ALTER DATABASE open
  ERROR at line 1:
  ORA-01122: database file 30 failed verification check
  ORA-01110: data file 30: 'D:\ORACLE\ORADATA\PRT\APPS003_A.DBF'
  ORA-01203: wrong incarnation of this file - wrong creation SCN
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.1.0.4.2 - Production
  With the Partitioning, OLAP and Data Mining options

  You have a mismatch in the control file and data file scn numbers. What was done before the database was getting started? I once saw this error when some one moved one file from another munt point to another and there was no rename give to the control file and the control file got no idea which is this new file and where it had come from?
  Try finding the control file which is of the same backup as of this datafile.
  Aman....

• Database file 1 failed verification check on standby

  Hi ,
  i m getting a trouble on my physical standby database(Oracle 10g Enterprise edition).
  I have taken standby controlfile backup from production . And Restored it on Standby database then i m getting following errors :
  ORA-01122: database file 1 failed verification check
  ORA-01110: data file 1: 'E:\ORACLE\PRODUCT\ORADATA\TESTDR\SYSTEM01.DBF'
  ORA-01206: file is not part of this database - wrong database id
  My production aND standby database ID are same :
  Edited by: user12045405 on Nov 6, 2012 11:16 AM

  Check this
  http://oracleinstance.blogspot.in/2010/08/ora-01122-ora-01110-ora-01206-after.html

• Database file 4 failed verification check

  Hello,
  When I start database, message displayed as
  follows:
  ORA-01122: database file 4 failed verification check
  ORA-01110: data file 4: '/usr/nas/databases/D1/DADM/oracle/datafiles/DADM_rollback1.dbf'
  ORA-01251: Unknown File Header Version read for file number 4
  Database is not started up.
  I need help how to fix it.
  Thanks in advance
  null

  Dear,
  This error says that urs current datafile is corrupted their are two to three solution on which we can work out.......
  1.if urs database is in Archive log then do the following
  a) shutdown the database
  b) start mount
  c) make sure that u have all the archive log file in the directory where they should be
  d) recover database, then it will ask all archive log file just press enter or write Auto their,
  2) If urs database is not in Archive log then u have restore from urs lsat backuup.
  3) If this datafile if not very much in use u can make it offline and start urs database.
  null

• Custom SSL Hostname Verifier - SSL Hostname Verification Failed

  Background:
  I am using a java client deployed in weblogic which connects to a 3rd party url over HTTPS.
  version: WebLogic server 10.3.0
  Issue:
  I am connecting to say www.abc.com and the site is presenting its certificate as **.ABC.com*. and I am getting Hostname verification failed.
  I am using weblogic's default hotname verifier.
  Setting hostname verification to false resolving this error, but I want to keep it for security.
  Can anybody please share some best practices to write a custom HostnameVerifier to overcome this kind of problems?
  Thanks in advance!

  An example - this validates that a cert sent to a cluster member ( such as by OSB's internals ) will be validated when the cluster uses a a load balancer address ( defined in the cluster's http tab )
  private final String QA_LB_NAME = "my_loadbalancer.net";
  private final String QA_HOST1 = "my_serverhost1.net";
  private final String QA_HOST2 = "my_serverhost2.net";
  public boolean verify(String hostname, SSLSession session) {
  try {
  Certificate cert = session.getPeerCertificates()[0];
  byte[] encoded = cert.getEncoded();
  CertificateFactory cf = CertificateFactory.getInstance("X.509");
  ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
  X509Certificate xcert = (X509Certificate)cf.generateCertificate(bais);
  String cn = getCanonicalName(xcert.getSubjectDN().getName());
  if (cn.equals(hostname))
  return true;
  // Allow a match if the load balancer cert is presented from one of its
  // servers
  if (cn.equals(QA_LB_NAME) &&
  ((hostname.equals(QA_HOST1)) || (hostname.equals(QA_HOST2))))
  return true;
  // all other certs fail
  return false ;
  You can do something similar with your wildcard example - allow the validation if the cn is "*.abc.com" and the hostname is "www.abc.com"
  As far as best practices, I would suggest only have specific hard-coded validation entries for known certificates such as your wild card example. You want the default behavior ( of the hostname matching the CN name ) plus your particular case - and nothing else

• Background job failing with license check error

  Hi Experts
  In our ERP 6.0 system ,all the background jobs are failing with license check error.
  Have checked the license in SLICENSE and the license is fine.
  There is no warning while users are loggign in ,but when any background job is runing its failing with error
  Job started
  Logon not possible (error in license check)
  Job cancelled after system exception ERROR_MESSAGE
  Also performed the license test which is failing
  F:\usr\sap\XX1\SYS\exe\uc\NTAMD64>saplicense -test pf=F:\usr\sap\XX1\SYS\profile
  \XX1_DVEBMGS00_host_xx
  Protocol saplicense test:
  Read sapsytem name
         ok, sapsytem name = XX1
  Read message server host
         ok, host = hostname
  Read message server service port
         ok, service port = sapmsXX1
  Connect to message server
         ok, connect done
  Read hardware key from message server
         ok, got hardware key
  Detach from message server
         ok, detached
  Check hardware key
         ok, hardware key = T0343073854
  Connect to database
         ok, connected
  Check license
         ok, check done
  Disconnect database
         ok, database disconnected
  test result: license test failed
  LICENSE system: XX1 hardware key: T0343073854 expiration_date:
          installation no:  key:
          userlimit: 0 productid: R3_BASIS
          system-nr:
  license expired ***
  Please suggest how to troubleshoot.
  Regards
  Ajay

  @Michael
  In SLICENSe the Hardware key field is not BLUE or BLACK and its showing the exact hardware key which i can see at OS level with saplicense -get command.
  @Jagadish
  Note is good refrence, i reiinstalled the Digitally signed license with saplikey command and it was successful.
  But still the license test is failing at OS Level..below is the command prompt output.
  ===================================================================
  F:\usr\sap\XX1\SYS\exe\uc\NTAMD64>saplikey -install C:\license_script_XX.txt pf
  =F:\usr\sap\XX\SYS\profile\XX_DVEBMGS00_mngsez148079
  SAP License Key Administration  -  Copyright (C) 2003 SAP AG
  2 SAP license key(s) successfully installed.
  F:\usr\sap\XX\SYS\exe\uc\NTAMD64>saplicense -test pf=F:\usr\sap\XX1\SYS\profile
  \MD1_DVEBMGS00_mngsez148079
  Protocol saplicense test:
  Read sapsytem name
         ok, sapsytem name = XX1
  Read message server host
         ok, host = host
  Read message server service port
         ok, service port = sapmsXX1
  Connect to message server
         ok, connect done
  Read hardware key from message server
         ok, got hardware key
  Detach from message server
         ok, detached
  Check hardware key
         ok, hardware key = T0343073854
  Connect to database
         ok, connected
  Check license
         ok, check done
  Disconnect database
         ok, database disconnected
  test result: license test failed
  LICENSE system: XX1 hardware key: T0343073854 expiration_date:
          installation no:  key:
          userlimit: 0 productid: R3_BASIS
          system-nr:
  license expired ***
  ============================================================
  @Juan
  The hardware key was changed and we requested a new license with new hardware key,system was runing fine for couple of weeks with all background jiobs for SPAM./SAINT Ok .We performed EHP4 on this system.
  But now this issue is here,so i guess we should troubleshoot.
  Please let me know any other pointers.
  Regards
  Ajay
  PS In SLICENSE new installed license is fine and all users can login.

• Site2Site Tunnel issue PSEC(epa_des_crypt): decrypted packet failed SA identity check

  Hi,
  I have a slight issue I'm having some problems resolving..
  The scenario is as follows;
  I have an external provider which connects to me via VPN to a Juniper SSG firewall, that works fine.
  I then have an external site, which does NOT reside in my MPLS cloud, so I have to deploy IPSec via Internet to reach it.
  That also works fine and I have multiple SA's running on that site with no issues or problems.
  The external provider has a small network device deployed on the external site which monitor cooling values in one of our warehouses.
  The external site which is connect via IPSEC has a Cisco 1921 and a numerous Cisco 3550 deployed.
  The VLAN for the cooling provider is vlan 150 and is setup with 10.150.4.0/24 where .1 is the def gw and .10 is the cooling monitor device.
  The external provider's servers are located within 192.168.220.0/24 subnet.
  As of right now, we can reach the Cisco 1921 through the whole IPsec tunnel from 192.168.220.182 with all services, ping, telnet whatnot, but we are unable to ping the cooling device from 192.168.220.0/24.
  However from the Cisco 1921, we can ping both 192.168.220.0/24 and the locally connected 10.150.4.10
  So basicly it seems to be the last bit when the traffic goes through the 1921 and to the switch where it fails and I can't for the life of me figure out why.
  Network diagram attached.. any ideas?
  This is the 1921 config:
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime
  service timestamps log datetime msec localtime
  service password-encryption
  hostname bergen-vpn-gw
  boot-start-marker
  boot system flash flash:c1841-adventerprisek9-mz.124-25d.bin
  boot-end-marker
  logging buffered 50000
  aaa new-model
  aaa authentication login default local
  aaa authentication enable default enable
  aaa session-id common
  clock timezone CET 1
  clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
  no ipv6 cef
  no ip source-route
  ip cef
  no ip bootp server
  no ip domain lookup
  ip domain name xxxxx
  multilink bundle-name authenticated
  license udi pid CISCO1921/K9 sn FCZ1508C1P4
  license boot module c1900 technology-package securityk9
  license boot module c1900 technology-package datak9
  vtp mode client
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key harakiri address 1.2.3.4
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto map VPN 10 ipsec-isakmp
  set peer 1.2.3.4
  set transform-set 3DES-SHA
  match address VPN
  interface GigabitEthernet0/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  no ip route-cache cef
  no ip route-cache
  duplex auto
  speed auto
  interface GigabitEthernet0/0.99
  description *** Test VLAN To be removed ***
  encapsulation dot1Q 99
  ip address 10.90.90.1 255.255.255.0
  no ip route-cache
  interface GigabitEthernet0/0.112
  encapsulation dot1Q 112
  ip address 192.168.112.1 255.255.255.0
  ip helper-address 172.30.1.223
  no ip route-cache
  interface GigabitEthernet0/0.150
  encapsulation dot1Q 150
  ip address 10.150.4.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  no ip route-cache
  interface GigabitEthernet0/0.178
  encapsulation dot1Q 178
  ip address 192.168.178.1 255.255.255.0
  ip helper-address 172.30.1.223
  no ip redirects
  no ip proxy-arp
  no ip route-cache
  interface GigabitEthernet0/0.999
  encapsulation dot1Q 999
  no ip route-cache
  interface GigabitEthernet0/1
  ip address 1.2.3.4 255.255.255.252
  no ip redirects
  no ip proxy-arp
  no ip route-cache cef
  no ip route-cache
  duplex auto
  speed auto
  crypto map VPN
  interface FastEthernet0/0/0
  switchport access vlan 99
  interface FastEthernet0/0/1
  interface FastEthernet0/0/2
  interface FastEthernet0/0/3
  interface Vlan1
  no ip address
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip route 0.0.0.0 0.0.0.0 85.200.203.29
  ip access-list extended VPN
  permit ip 10.90.90.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 10.90.90.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 10.90.90.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 10.90.90.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.178.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 192.168.178.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.30.240.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 172.30.240.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 10.70.0.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 10.70.0.0 0.0.0.255
  permit ip 10.150.4.0 0.0.0.255 192.168.220.0 0.0.0.255 log
  ip sla 1
  icmp-echo 172.30.1.223 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 1 start-time now
  ip sla 2
  icmp-echo 10.50.1.200 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 2 start-time now
  ip sla 3
  icmp-echo 172.18.5.121 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 3 start-time now
  ip sla 4
  icmp-echo 172.22.0.140 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 4 start-time now
  ip sla 5
  icmp-echo 172.30.240.40 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 5 start-time now
  ip sla 6
  icmp-echo 10.70.0.200 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 6 start-time now
  cdp source-interface GigabitEthernet0/0.112
  snmp-server community bamacomro RO
  cdp source-interface GigabitEthernet0/0.112
  snmp-server community bamacomro RO
  snmp-server community bamacomrw RW
  control-plane
  banner motd ^CCC-----------------------------------------------------------------------------
  This system is solely for the use of authorised users for official purposes.
  You have no expectation of privacy in its use and to ensure that the system
  is functioning properly, individuals using this computer system are subject
  to having all their activities monitored and recorded by system personell.
  Use of this system evidence an express consent to such monitoring and
  agreement that if such monitoring reveals evidence of possible abuse or
  criminal activity, system personell may provide the result of such
  monitoring to appropiate officials.
  -----------------------------------------------------------------------------^C
  line con 0
  exec-timeout 5 0
  logging synchronous
  line aux 0
  line vty 0 4
  access-class telnet in
  exec-timeout 180 0
  logging synchronous
  transport input telnet ssh
  line vty 5 15
  access-class telnet in
  exec-timeout 180 0
  password 7 094F471A1A0A
  logging synchronous
  transport input telnet ssh
  scheduler allocate 20000 1000
  end

  I had that issue 1 year go
  "decrypted packet failed SA identity check" means that we have decrypted a traffic that does not match the proxy ID negotiated
  Juniper is violating RFC4301. there is nothing we can do against RFC violation
  As mentioned in Section 4.4.1, "The Security Policy Database (SPD)",
  the SPD (or associated caches) MUST be consulted during the
  processing of all traffic that crosses the IPsec protection boundary,
  including IPsec management traffic.  If no policy is found in the SPD
  that matches a packet (for either inbound or outbound traffic), the
  packet MUST be discarded.
  I know JNPR can do 2 vpn modes. There is one where we could use a VTI instead of a crypto map on the Cisco side. That was the solution to the problem we had.
  Cheers,

• Some one please answer this, every time i go into application loader it says, application failed codesign verification go into application loader and try to publish a app it says, please go into depth im a beginner, and use gamesalad

  some one please answer this, every time i go into application loader it says, application failed codesign verification , please go into depth im a beginner, and only use gamesalad please respond as soon as possible!   

  yes i did sorry for the late response LOL plus it was just a minor error! Just check to make sure u have all of ur correct distribution/developer/and creator certificates in your keychain access installed and up-to-date! Plus i have had over 900 downloads on that game!! ^^
  -CHEERS /RYAN

• HELP - Application failed codesign verification - iPhone

  When I use APplication Loader, or through ITunes COnnect, I get these two errors
  1- Noob Alert.app/noob60x60.png: icon dimensions (60 x 60) don't meet the size requirements
  2- Application failed codesign verification. Please see the console log for additional details
  More INformation
  1- If I understand correctly, the icon (png) for the info.plist must be (60x60 pixels), which I did in CS4, and exported as a png, but still get this error ? however the icon loads fine on the 'Sandbox" and on my iPhone
  2- I see many people have got this issue before, seems to me I am all confused about security, for a second, so I ran to the CONSOLE and am going to copy and paste the log, I am confused as to why this is happening, as I seem to think I have it set correctly....
  - Console LOG -
  10-01-25 8:21:10 PM ApplicationLoader[46887] * Codesign error (please ignore invalid option comments): got requirements(0x800000, 541)
  Executable=/var/folders/Da/Da31BpsfFq0LB1yT9tv6o++TM/-Tmp-/Archive2.zip/Noob Alert.app/Noob Alert
  Identifier=com.Back2Front.
  Format=bundle with Mach-O thin (armv6)
  CodeDirectory v=20100 size=264 flags=0x0(none) hashes=5+5 location=embedded
  Signature size=4288
  Authority=iPhone Developer: Katherine Uysal (QCE6HYL37H)
  Authority=Apple Worldwide Developer Relations Certification Authority
  Authority=Apple Root CA
  Signed Time=2010-01-25 8:19:44 PM
  Info.plist entries=18
  Sealed Resources rules=3 files=8
  Internal requirements count=1 size=144
  Executable=/var/folders/Da/Da31BpsfFq0LB1yT9tv6o++TM/-Tmp-/Archive2.zip/Noob Alert.app/Noob Alert
  got entitlements(0x800400, 312)
  codesign_wrapper-0.7.3: using Apple CA for profile evaluation
  codesign_wrapper-0.7.3: Caling codesign with the following args:
  codesign_wrapper-0.7.3: /usr/bin/codesign
  codesign_wrapper-0.7.3: --verify
  codesign_wrapper-0.7.3: -vvvv
  codesign_wrapper-0.7.3: -R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and certificate leaf[field.1.2.840.113635.100.6.1.4] exists
  codesign_wrapper-0.7.3: --entitlements
  codesign_wrapper-0.7.3: /var/tmp/signingbox/codesignwrapperentitlements.plist
  codesign_wrapper-0.7.3: /var/folders/Da/Da31BpsfFq0LB1yT9tv6o++TM/-Tmp-/Archive2.zip/Noob Alert.app
  /var/folders/Da/Da31BpsfFq0LB1yT9tv6o++TM/-Tmp-/Archive2.zip/Noob Alert.app: valid on disk
  /var/folders/Da/Da31BpsfFq0LB1yT9tv6o++TM/-Tmp-/Archive2.zip/Noob Alert.app: satisfies its Designated Requirement
  test-requirement: failed to satisfy code requirement(s)
  10-01-25 8:21:10 PM ApplicationLoader[46887] * Error: /Users/chance/Desktop/NoobAlert/build/Release-iphoneos/Archive2.zip: validation failures: (
  "Noob Alert.app/noob60x60.png: icon dimensions (60 x 60) don't meet the size requirements",
  "Application failed codesign verification. Please see the console log for additional details"
  as a troubleshooting step, I did check and make sure my iPhone could run that app, and it runs it fine externally no problem

  1.) 57 X 57 pixels.
  Spelled out in the 'Program Portal User Guide' (step 12, pg. 58*) and when the error is reported during an upload via ITC, at least in my experience.
  +*"Click ‘Build’. (Note: Your binary must contain a flattened, square-image icon that is 57x57 pixels. This icon is displayed on the iPhone or iPod touch home screen.)"+

• How to disable hostname verification on iplanet reverse proxy

  I am looking for a way to disable hostname verification of the application server url specified in teh reverse proxy setup.
  I am using the following setting in my Object definitions. It is failing due to the certificate CN is not matching the url I specified
  The error is :
  for host xx.yy.zz.ww trying to GET /uri/loginAction.do, service-http reports: HTTP7758: error sending request (SSL_ERROR_BAD_CERT_DOMAIN: Requested domain name does not match the server's certificate.)
  Route fn="set-origin-server" server="https://bbb.com:7002/" poll-timeout="20000" retries="2"
  My tomcat certificate CN has  aaa.com
  While I am using the tomcat on bbb.com.
  Is there any way to disable hostname verification on a reverproxy setup. I am unable to find any relevant documentation on this.
  The closest discussion I found was https://forums.oracle.com/thread/1943116 but it did not conclude anything.

  Found a solution from Oracle Knowledge base:
  This fixed our issue
  <Object name="reverse-proxy-/abc">
  ObjectType fn="ssl-client-config" validate-server-cert="false"
  Route fn="set-origin-server" server="https://server1.test.com:11011" server="https://server2.test.com:11011"
  </Object>