Openldap, jndi, ssl openssl keystore problem

Similar Messages

• Permission denied: fopen('/usr/local/ssl/openssl.cnf'

  When installing phone software (CounterPath-Bria3) i get an error message in the system: Permission denied: fopen('/usr/local/ssl/openssl.cnf'..) CounterPath is arguing, they use their own SSL library. Does anybody have an idea, how to fix this?

  I don't see what you're seeing in my logs. I did recreate the authorized_keys, and reattempted to connect. As before, this is what I'm getting:
  debug1: Next authentication method: publickey
  debug1: Offering public key: /Users/zbeckman/.ssh/id_dsa
  debug3: sendpubkeytest
  debug2: we sent a publickey packet, wait for reply
  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
  debug1: Trying private key: /Users/zbeckman/.ssh/identity
  debug3: no such identity: /Users/zbeckman/.ssh/identity
  debug1: Trying private key: /Users/zbeckman/.ssh/id_rsa
  debug3: no such identity: /Users/zbeckman/.ssh/id_rsa
  debug2: we did not send a packet, disable method
  It seems to me that on my end, we send the public key... and then it just quietly moves on to the next protocol. There is no error message or any indication that something went wrong, or why it would move on to the next protocol.
  I've done a cksum on my id_dsa.pub and the remote authorized_keys. They are identical. Both files are owned by me, and readable / writable only by me.

• JNDI NIS object access problem

  JNDI NIS object access problem:
  Hi all,
  After long fight, i'm now able to connect to my NIS server on my network. the initial context factory is 'com.sun.jndi.nis.NISCtxFactory' and provider url are given and i obtain namingennumeration of items in the NIS directory.
  purpose of my project:
  using ypcat command we can view the services,passwd,host... objects in unix.
  my project requirement is that i shd open this 'services' object in java (using JNDI probably) and shd access its content.
  i'm able to obtain the object and the type of this object is 'NISCtxServices' defined in 'com.sun.jndi.nis.NISCtxFactory' package, but all the classes and methods except some are not public and so im not able to use almost all the methods in this class 'NISCtxServices' .
  Can any one help me in accessing the information inside this object.
  Thanks in advance! and i'm waiting!

  It's because JFrame does not have a public progessbar variable, only your subclass has that.
  //change this
  JFrame frame = new ProgressBarDemo();
  //to this
  ProgressBarDemo frame = new ProgressBarDemo();

• Can the ACE bind (probe) to a Openldap with ssl?

                     We current have a unencrypted LDAP and I use the LDAP script probe  from cisco for the probe.
  We are moving to OPENLDAP with SSL, is there a way of binding with a probe SSL OpenLdap configured.

  Hi Cecil,
  It does not have a probe like that but you can create a custom TCL to accomplish this behavior.  I'll recommend you to contact your Cisco Account Manager or Cisco System Engineer, they can help you with this
  Cesar R
  ANS Team

• SSL Connection Keystore(multiple entries)

  Hello
  i have folllowing situation:
  i made a keystore file with 2 entries
  keytool -genkey -alias nr1 -keystore keystore
  keytool -genkey -alias nr2 -keystore keystore
  After that i made two different truststores (for each nr?):
  keytool -export -keystore keystore -alias nr1 -file nr1.cer
  keytool -export -keystore keystore -alias nr2 -file nr2.cer
  keytool -import -keystore nr1 -alias nr1 -file nr1.cer
  keytool -import -keystore nr2 -alias nr2 -file nr2.cer
  So in the end i hava one keystore (keystore) and 2 truststores (nr1 and nr2)
  Now if i try to connect with the nr1 certificate all works fine.
  If i try it with nr2 it doesnt work. I get following exception
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.secur
  y.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) ................
  Anyone can help me out?
  thanks for any help
  Michael

  Hi,
  have you found the solution? I have the same problem...

• WBL 7.0 and SSL private key problem

  Having generated certificate request, and associated private key, I obtained
  the corresponding server level certificate. I am having problems starting the
  server with the cert. I have configured my server appropriately, here is the SSL
  configuration from the domain config.xml
  <SSL Enabled="true" HostnameVerificationIgnored="true"
  ListenPort="8090" Name="SampleServer"
  ServerCertificateChainFileName="nasaca.pem"
  ServerCertificateFileName="mydomain-cert.pem"
  ServerKeyFileName="mydomain-key.pem"/>
  and I am using -Dweblogic.management.pkpassword=mypassword
  in the startup script, however I get :
  java.lang.Exception: Cannot read private key from file /usr/user_projects/Sample/mydomain-key.pem.
  Make sure password specified in environment property weblogic.management.pkpassword
  is valid.
  I have given the right password. So the question is why am I seeing the error
  I am running this server on Sun Solaris. The password contains the usual ascii
  characters, including shell special characters.
  Any way checking the private key file ?
  Also as we have seen problems with the particular certificate we get from the
  CA, I wanted to use "utils.ValidateCertChain", alas this documented utility is
  conveniently missing from weblogic.jar. Oh big blue, why didn't we go with you
  Seriously, please help
  Tarang

  Darkit,
  I have the same problem. Let me know if you find a solution to this problem.
  Thanks,
  Bharathi

• Lync front end connectivity test fails (SSL certificate / URL problem)

  We have a weird problem in our installation where Lync keeps complaining about connectivity issues to external reach proxy on our front end server.
  The event log error codes are 41024 and 41026.
  Here's the error from the snooper utility: 
  TL_ERROR(TF_COMPONENT) [0]1A14.0EE4::12/12/2014-10:31:30.901.0000000d (DataMCURunTime,DataProxies.ProcessResponse:1197.idx(601))
  (0000000001595A27)Failed poking Proxy error=[The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.], type=[ExternalReachProxy], url=[https://dunords36.du.local:4443/Reach/DataCollaborationRelayWebService.svc]
  The problem is that it makes the test with the INTERNAL FQDN (dunords36.du.local) and thus the SSL trust fails as the certificate is for our EXTERNAL FQDN on the front end server! I have verified this by testing the above URL with the external address and
  the internal one. With the external one the certificate is OK.
  If you're wondering; we do not use a reverse proxy. Instead we just have the firewall change the port and forward the traffic to our front end server. Our lync setup is a NAT'ed setup.
  I know about the security risks so this is not what the discussion is about.
  I can't find anywhere where i can change the above behaviour and tell lync to make the test on the correct, external FQDN. The settings in the topology builder all seems to be OK. And as you can see it does make the test on port 4443 which in our topology
  builder is configured for our external FQDN.

  Hi,
  Would you please elaborate your Lync Server environment (Standard Edition or Enterprise Edition)?
  Please double check if you enter the correct external base URL on Lync Topology.
  Please also check if the SAN of FE Server certificate correctly.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• SSL Certificate Install Problem

  To all Sun App Server Gurus,
  I face a major challenge trying to install an SSL certificate on our Application Server.
  The Manage Database was successful.
  I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
  The certificate is issued and validated by our CA.
  I follow the steps according the documentation to import the certificate.
  I specify the following to import the certificate
  1) Certificate for : o This Server
  2) Cryptographic Module: internal
  3) Key Pair File Password: **************
  4) Message Text (with headers):
  -----BEGIN CERTIFICATE-----
  U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
  -----END CERTIFICATE-----
  5) Click OK
  The next screen shows the certificate information which are correct as well.
  After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
  After I click OK the Admin GUI displays the following error in the browser: "Not Found
  The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
  Security > General
  Log Level: finest
  Audit Logging Enabled: unchecked
  Default Realm: file
  Anonymous Roule: ANYONE
  In the admin server log I get the following entry:
  WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
  I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
  I also reinstalled the App Server twice so far and used the default options.
  If anyone could please help me with this that would be extremly helpful.
  Thank you.
  Regards,
  Martin

  try converting your key from der2pem using
  java utils.der2pem {keyfile  in der} {keyfile out in pem}
  thanks
  kiran
  "eraldo" <[email protected]> wrote in message
  news:[email protected]..
  hi,
  I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
  Solaris 8). Following the post 5457 (found in your newsgroup) I made
  this steps:
  - I generated CSR using web application /certificate
  - I sent CSR to Entrust.com obtaining a certicate and a chain
  certificate
  - I configured the server under "Configuration - SSL" with following
  parameters:
  - Enabled = true
  - Listen port = 8002
  - Server Key File Name = <path to private key ".der" file>
  - Server Certificate File Name = <path to Entrust CRT ".pem" file>
  - Server Certificate Chain File Name = <path to Entrust CA ".pem"
  file>
  - Key Encrypted = true
  - I changed startWebLogic.sh:
  - added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
  line
  Launchin' the script I got the following exception:
  <Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
  configuration problem with ce
  rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
  java.io.IOException: weblogic.security.Ciph
  erException: Invalid padding length 48>
  java.io.IOException: weblogic.security.CipherException: Invalid
  padding length 48
  atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
  atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
  at weblogic.Server.main(Server.java:35)
  Any idea?
  Thanks in advance,
  Eraldo

• SSL and J2EE - Problems with the tutorial

  I'm trying to make a small amendment to the bank application ('Duke's Bank') which is the main example in the J2EE tutorial. Nothing complicated: just add a simple 'enrollment' page which will be secured through SSL.
  The aim is to demonstrate that J2EE makes it very easy to put a session over a secure SSL channel.
  As I read the documentation, this should be a fairly simple thing to configure. Add a 'CONFIDENTIAL' network security requirement to the WAR component through the deploytool and import a server certificate using keytool. I've done all that and the thing won't work.
  After adding the 'CONFIDENTIAL' requirement I find that using the 'http' protocol serves up a server certificate which I can choose to trust through by IE6.0 browser. But then the application freezes. If I use the 'https' protocol the application freezes without even bothering about the certificate.
  I wonder if the J2EE tutorial setup is so tightly packaged that configuring it for SSL involves a number of undocumented steps related to ports, keystores and security providers. Explaining it all within the context of the tutorial would throw it out of scope so we're not really meant to do things like adding SSL.
  This is a big deal for us -- we're trying to decide if J2EE will be our application platform over the next five years or so. Any assistance here will be gratefully received.
  WR

  The Duke's Bank tutorial can be found at:
  http://java.sun.com/j2ee/tutorial/1_3-fcs/
  It is the last chapter of the tutorial, under the "Putting it All Together" section.
  Andy

• Keystore problem

  Hi,
  I have the following error when my portal is starting. I am on ep6 sp2 patch5. Could anyone help me resolve the problem
  Loading service: com.sap.portal.license.runtime|license
  Jun 29, 2006 6:15:47 PM # System_Thread_48     Fatal           Fatal error, keystore stuff couldn't be handled (2)
  java.io.IOException: File not found: javax.naming.NameNotFoundException: [Xfs] Object not found [Root exception is javax.naming.NamingException: [Xfs] Object not found]
  Thanks a lot
  Renaud

  Was the keystore created with the same JVM version as with which you try to fetch the key?
  Cheers,
  --Arnout                                                                                                                                                                                                                               

• JNDI LDAP Response Parsing Problems

  Help!
  I am having problems dealing with LDAP responses using JNDI 1.2.2 with the
  LDAP SPI.
  It seems that the detinguished name is unparsable but as far as I can see
  the server output is fine. Any clues how to get around this? Have I done
  something wrong or is the LDAP spi unusably buggy?
  Please could you also reply in mail as this is an urgent matter for the
  project I am working on. If the LDAP spi is unusable I will have to change
  direction completely...
  Thanks in advance,
  John
  The experimental code causing problems is this (except I have substituted
  hard coded values that were bombing into the code):
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://directory.verisign.com");
  InitialLdapContext context_ldap = new InitialLdapContext(env, null);
  Attributes match = new BasicAttributes(true);
  match.put(new BasicAttribute("cn", "microsoft"));
  NamingEnumeration enum = context_ldap.search("", match);
  NameParser parser = context_ldap.getNameParser("");
  while (enum.hasMore())
  SearchResult result = (SearchResult)enum.next();
  System.out.println("Parsing " + (result.isRelative() ? "[relative]: " :
  "[non-relative]: ") + result.getName());
  Name name = parser.parse(result.getName());
  The output is this:
  Parsing [relative]: "ou=MS INTERNAL TESTING
  ONLY,cn=Microsoft,l=redmond,st=wa,c=US,ou=Digital ID Class 3 - Microsoft
  Software Validation v2,ou=\"www.verisign.com/repository/CPS Incorp. by
  Ref.,LIAB.LTD(c)96\",ou=VeriSign Commercial Software Publishers
  CA,o=\"VeriSign, Inc.\",l=Internet"
  javax.naming.InvalidNameException: Invalid name: "ou=MS INTERNAL TESTING
  ONLY,cn=Microsoft,l=redmond,st=wa,c=US,ou=Digital ID Class 3 - Microsoft
  Software Validation v2,ou=\"www.verisign.com/repository/CPS Incorp. by
  Ref.,LIAB.LTD(c)96\",ou=VeriSign Commercial Software Publishers
  CA,o=\"VeriSign, Inc.\",l=Internet"
  at com.sun.jndi.ldap.LdapName$DnParser.parseAttrType(LdapName.java:478)
  at com.sun.jndi.ldap.LdapName$DnParser.parseRdn(LdapName.java:432)
  at com.sun.jndi.ldap.LdapName$DnParser.getDn(LdapName.java:400)
  at com.sun.jndi.ldap.LdapName.parse(LdapName.java:303)
  at com.sun.jndi.ldap.LdapName.<init>(LdapName.java:76)
  at com.sun.jndi.ldap.LdapNameParser.parse(LdapNameParser.java:23)
  at
  com.softcomms.trackomatic.ext.ldap.gui.LDAPViewer$ResultsTableModel.parseRes
  ult(LDAPViewer.java:304)
  at
  com.softcomms.trackomatic.ext.ldap.gui.LDAPViewer$1.run(LDAPViewer.java:240)
  at com.softcomms.trackomatic.util.RunQueue.run(RunQueue.java:109)

  at least you need cn= in front of the name.
  Here some more questions you may ask yourself:
  How do you know, that the requested object is in the database?
  What is its DN?
  Can you retrieve it using the ldap command line utilities like ldapsearch?
  What does context.list("") return?

• Soa-infra not start - keystore problem

  I am trying to upload soa-infra and I am getting an error because the keystore path is bad.
  How can I change the keystore path value or start the soa-infra ignoring this error.
  Kind regards,

  OK.
  Could u pls take a look to the output when u start the servers??
  For example:
  java -jrockit -Xms10240m -Xmx10240m -Dweblogic.Name=soa_server1 -Djava.security.policy=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/cacerts -da -Dplatform.home=/tcgeoo/fmw/product/111/wlserver_10.3 -Dwls.home=/tcgeoo/fmw/product/111/wlserver_10.3/server -Dweblogic.home=/tcgeoo/fmw/product/111/wlserver_10.3/server -Dcommon.components.home=/tcgeoo/fmw/product/111/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/tcgeoo/admin/soa_domain/aserver/soa_domain -Djrockit.optfile=/tcgeoo/fmw/product/111/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/servers/soa_server1 -Doracle.domain.config.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/carml -Digf.arisidstack.home=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/servers/soa_server1/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/tcgeoo/fmw/product/111/oracle_common/modules/oracle.ossoiap_11.1.1,/tcgeoo/fmw/product/111/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol|oracle.fabric.common.classloaderurl.handler|oracle.fabric.common.uddiurl.handler|oracle.bpm.io.fs.protocol -Dweblogic.jdbc.remoteEnabled=false -Doracle.security.jps.policy.migration.validate.principal=false -da:org.apache.xmlbeans... -Dbpm.enabled=true -Dsoa.archives.dir=/tcgeoo/fmw/product/111/soa_111/soa -Dsoa.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dsoa.instance.home=/tcgeoo/admin/soa_domain/aserver/soa_domain -Dtangosol.coherence.clusteraddress=227.7.7.9 -Dtangosol.coherence.clusterport=9778 -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Djavax.net.ssl.trustStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/DemoTrust.jks -Dem.oracle.home=/tcgeoo/fmw/product/111/oracle_common -Djava.awt.headless=true -Dbam.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dums.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dweblogic.management.discover=false -Dweblogic.management.server=http://140.85.99.187:40501 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/tcgeoo/fmw/product/111/patch_wls1035/profiles/default/sysext_manifest_classpath:/tcgeoo/fmw/product/111/patch_ocp360/profiles/default/sysext_manifest_classpath -Dweblogic.management.username=ohsadmin -Dweblogic.management.password=simple4u weblogic.Server
  Pls check this: -Dweblogic.security.SSL.trustedCAKeyStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/cacerts
  I think, that is coming from the Scripts that starts Weblogic.
  best

• SSL Plug In Problem

  Hi,
  I've downloaded several Solid State Logic plug ins, but I'm having HUGE problems getting them to load each time I open Logic.  I get a message saying that the licence cannot be found for any plug in inserted across a bus, but those inserted on individual channel strips still work ok.  I've been in touch with SSL, who are trying to resolve the issue, but I was just curious if any other SSL users are experiencing similar problems?  SSL believe it to be a conflict between plug ins, but I only use Logic's own and SSL's.
  Thanks
  Phil

  Yes, the Duende Native plugins.  They're authorised via a physical dongle.  The problem only affected the Bus Compressor originally, and only when I tried to run Logic in 64 Bit mode.  In 32 Bit mode I never had any issues. However, since upgrading to Version 4.0.6 of the plugins, I have the same problem in both 32 & 64 Bit mode.  It only seems to affect those plugins inserted across a Bus.  Any plugin inserted acfoss a channel strip functions ok.  Even SSL claim never to have come across this before!!  It's pretty random too, one minute they load ok, but open another project and they don't work at all! I've checked my hard drive for errors, checked and repaired permissions, but my Mac never reports any problems, which is why SSL believe it's a plugin conflict.
  I guess I'll just have to wait and see what they come up with.

• Ssl desactivée probleme comment faire

  == Issue
  ==
  I have another kind of problem with Firefox
  == Description
  ==
  code d'erreur ssl désactivée dans profil.voici la copie des infos.
  == Troubleshooting information
  ==
  Paramètres de base de l'application
  Nom
  Firefox
  Version
  3.6.6
  Répertoire de profil
  Ouvrir le dossier correspondant
  Plugins installés
  about:plugins
  Configuration de compilation
  about:buildconfig
  Extensions
  Nom
  Version
  Activée
  ID
  Cooliris
  1.12.0.36949
  true
  [email protected]
  CoolPreviews
  3.1.0625
  true
  Dictionnaire français «Réforme 1990»
  3.5
  false
  [email protected]
  Download Statusbar
  0.9.6.8
  false
  eBay Sidebar pour Firefox
  2.0.5
  false
  {62760FD6-B943-48C9-AB09-F99C6FE96088}
  FoxLingo
  2.6.3
  false
  Google Toolbar for Firefox
  7.1.20100701W
  false
  {3112ca9c-de6d-4884-a869-9855de68056c}
  Java Quick Starter
  1.0
  false
  [email protected]
  Microsoft .NET Framework Assistant
  1.2.1
  true
  {20a82645-c095-46ed-80e3-08825760534b}
  Personas
  1.5.3
  false
  [email protected]
  Plugin CanalPlay
  1.0.0.1
  false
  {9CCE52B0-5079-4177-9586-1BF6575E62DE}
  ShareThis
  3.4.2
  false
  {1b8cc170-8c85-11db-b606-0800200c9a66}
  Préférences modifiées
  Nom
  Valeur
  accessibility.blockautorefresh
  true
  accessibility.typeaheadfind.flashBar
  0
  browser.history_expire_days
  0
  browser.history_expire_days.mirror
  180
  browser.places.importBookmarksHTML
  false
  browser.places.importDefaults
  false
  browser.places.leftPaneFolderId
  -1
  browser.places.migratePostDataAnnotations
  false
  browser.places.smartBookmarksVersion
  2
  browser.places.updateRecentTagsUri
  false
  browser.startup.homepage
  http://www.google.fr/webhp?sourceid=navclient-ff
  browser.startup.homepage_override.mstone
  rv:1.9.2.6
  dom.max_script_run_time
  1800
  extensions.lastAppVersion
  3.6.6
  general.useragent.extra.microsoftdotnet
  ( .NET CLR 3.5.30729)
  javascript.enabled
  false
  keyword.URL
  http://flvdirect.iamwired.net/websearch.php?src=tops&search=
  network.cookie.prefsMigrated
  true
  network.http.proxy.version
  1.0
  network.protocol-handler.warn-external.myim
  false
  places.last_vacuum
  1275660901
  print.print_printer
  hp psc 2170 series
  print.printer_Microsoft_XPS_Document_Writer.print_bgcolor
  false
  print.printer_Microsoft_XPS_Document_Writer.print_bgimages
  false
  print.printer_Microsoft_XPS_Document_Writer.print_command
  print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts
  true
  print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom
  0
  print.printer_Microsoft_XPS_Document_Writer.print_edge_left
  0
  print.printer_Microsoft_XPS_Document_Writer.print_edge_right
  0
  print.printer_Microsoft_XPS_Document_Writer.print_edge_top
  0
  print.printer_Microsoft_XPS_Document_Writer.print_evenpages
  true
  print.printer_Microsoft_XPS_Document_Writer.print_footercenter
  print.printer_Microsoft_XPS_Document_Writer.print_footerleft
  &PT
  print.printer_Microsoft_XPS_Document_Writer.print_footerright
  &D
  print.printer_Microsoft_XPS_Document_Writer.print_headercenter
  print.printer_Microsoft_XPS_Document_Writer.print_headerleft
  &T
  print.printer_Microsoft_XPS_Document_Writer.print_headerright
  &U
  print.printer_Microsoft_XPS_Document_Writer.print_in_color
  true
  print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom
  0.5
  print.printer_Microsoft_XPS_Document_Writer.print_margin_left
  0.5
  print.printer_Microsoft_XPS_Document_Writer.print_margin_right
  0.5
  print.printer_Microsoft_XPS_Document_Writer.print_margin_top
  0.5
  print.printer_Microsoft_XPS_Document_Writer.print_oddpages
  true
  print.printer_Microsoft_XPS_Document_Writer.print_orientation
  0
  print.printer_Microsoft_XPS_Document_Writer.print_pagedelay
  500
  print.printer_Microsoft_XPS_Document_Writer.print_paper_data
  9
  print.printer_Microsoft_XPS_Document_Writer.print_paper_height
  11,00
  print.printer_Microsoft_XPS_Document_Writer.print_paper_size
  0
  print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type
  0
  print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit
  1
  print.printer_Microsoft_XPS_Document_Writer.print_paper_width
  8,50
  print.printer_Microsoft_XPS_Document_Writer.print_reversed
  false
  print.printer_Microsoft_XPS_Document_Writer.print_scaling
  1,00
  print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit
  false
  print.printer_Microsoft_XPS_Document_Writer.print_to_file
  false
  print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom
  0
  print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left
  0
  print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right
  0
  print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top
  0
  print.printer_hp_psc_2170_series.print_bgcolor
  false
  print.printer_hp_psc_2170_series.print_bgimages
  false
  print.printer_hp_psc_2170_series.print_command
  print.printer_hp_psc_2170_series.print_downloadfonts
  true
  print.printer_hp_psc_2170_series.print_edge_bottom
  0
  print.printer_hp_psc_2170_series.print_edge_left
  0
  print.printer_hp_psc_2170_series.print_edge_right
  0
  print.printer_hp_psc_2170_series.print_edge_top
  0
  print.printer_hp_psc_2170_series.print_evenpages
  true
  print.printer_hp_psc_2170_series.print_footercenter
  print.printer_hp_psc_2170_series.print_footerleft
  &PT
  print.printer_hp_psc_2170_series.print_footerright
  &D
  print.printer_hp_psc_2170_series.print_headercenter
  print.printer_hp_psc_2170_series.print_headerleft
  &T
  print.printer_hp_psc_2170_series.print_headerright
  &U
  print.printer_hp_psc_2170_series.print_in_color
  true
  print.printer_hp_psc_2170_series.print_margin_bottom
  0.5
  print.printer_hp_psc_2170_series.print_margin_left
  0.5
  print.printer_hp_psc_2170_series.print_margin_right
  0.5
  print.printer_hp_psc_2170_series.print_margin_top
  0.5
  print.printer_hp_psc_2170_series.print_oddpages
  true
  print.printer_hp_psc_2170_series.print_orientation
  0
  print.printer_hp_psc_2170_series.print_pagedelay
  500
  print.printer_hp_psc_2170_series.print_paper_data
  9
  print.printer_hp_psc_2170_series.print_paper_height
  11,00
  print.printer_hp_psc_2170_series.print_paper_size
  0
  print.printer_hp_psc_2170_series.print_paper_size_type
  0
  print.printer_hp_psc_2170_series.print_paper_size_unit
  1
  print.printer_hp_psc_2170_series.print_paper_width
  8,50
  print.printer_hp_psc_2170_series.print_reversed
  false
  print.printer_hp_psc_2170_series.print_scaling
  1,00
  print.printer_hp_psc_2170_series.print_shrink_to_fit
  false
  print.printer_hp_psc_2170_series.print_to_file
  false
  print.printer_hp_psc_2170_series.print_unwriteable_margin_bottom
  0
  print.printer_hp_psc_2170_series.print_unwriteable_margin_left
  0
  print.printer_hp_psc_2170_series.print_unwriteable_margin_right
  0
  print.printer_hp_psc_2170_series.print_unwriteable_margin_top
  0
  privacy.cpd.cookies
  false
  privacy.sanitize.migrateFx3Prefs
  true
  privacy.sanitize.timeSpan
  0
  security.enable_button.openCertManager
  true
  security.enable_button.openDeviceManager
  true
  == Firefox version
  ==
  3.6.6
  == Operating system
  ==
  windows xp sp3

  This is a English-only forum.
  Sorry

• SPA122 1.3.2(014) HTTPS ssl cert profile problem

  Hello,
  I have a problem since upgrading SPA122 from 1.3.1(003) to 1.3.2(014). The profile rule is using https to get the config files every 1 hour or so
  this was never a problem: the rule is a FQDN, the SPA does DNS lookup gets the IP and asks the web server for the config file. both 1.3.1 and 1.3.2 do ask the file with the resolved IP address rather then the FQDN.
  now the web server has a valid certificate for that FQDN, but as the SPA122 is asking the file with the IP address the cert is not valid (CN Incorrect: CN is wildcard *.domain.com and IP address is not the FQDN)
  in 1.3.1 the SPA didn't seem to care too much , got the file and provisioned, the 1.3.2 nos gives error and sais cert err!
  I changed the FQDN for security reasons: here is what the log of the SPA says: prule is https://FQDN:9192
  Nov 15 14:37:13 Y.Y.Y.Y SCAPC_init(): provision_enable=1 prule=https://ruxxx1.axxxxxxxxxxs.com:9192/xm-$MA.ipr tftp=192.168.1.3
  but here is what the SPA asks then:
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Requesting profile
  Nov 15 14:40:43 Y.Y.Y.Y ssl cert err 20
  Nov 15 14:40:43 Y.Y.Y.Y create ssl connection failed
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
  Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Failed profile
  while in 1.3.1 it got it fine:
  Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:42 Y.Y.Y.Y FMM >>>> Requesting profile
  Nov 15 14:36:44 Y.Y.Y.Y ok=20
  Nov 15 14:36:44 Y.Y.Y.Y content len (hdr) =21056"
  Nov 15 14:36:44 Y.Y.Y.Y content len (pld) =21056
  Nov 15 14:36:44 Y.Y.Y.Y response code =200
  Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
  Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
  Nov 15 14:36:44 Y.Y.Y.Y Firmware downgrade limit()
  Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:44 Y.Y.Y.Y FMM >>>> Successful profile
  IS this a BUG??:
  - Shouldn't the SPA do the https GET with the FQDN rather then the IP address?
  - Is this because the certificate is a wildcard?
  - the cert is from GEOTrust (RapidSSL), should be trusted
  Thanks
  Sven

  - the cert is from GEOTrust (RapidSSL), should be trusted
  Definitely no. Why you think RapidSSL certificate should be trusted ?
  If you are going to configure device in factory default state, then you need to have certificate issued by CA trusted by your device. Or you can add certificate of your preferred CA to device by hand, then you can use certificate issued by such CA as well (but not after reset to factory default).