Postgresql SSL Certificate Configuration

I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
FATAL: private key file "server.key" has group or world access
DETAIL: Permissions should be u=rw (0600) or less.
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not load private key file "server.key": Permission denied
My /etc/ssl permissions are as follows:
[root@ghost ssl]# ls -l
total 28
drwxr-xr-x 2 root root 4096 Apr 18 22:28 certs
drwxr-xr-x 2 root root 4096 Feb 8 13:58 misc
-rw-r--r-- 1 root root 10819 Feb 8 13:58 openssl.cnf
drwxr-xr-x 2 root root 4096 Apr 18 22:28 private
-rw-r--r-- 1 root root 1813 Apr 18 22:27 server.csr
The individual certificate permissions are as follows:
[root@ghost ssl]# ls -l certs/server.crt
-rw-r--r-- 1 root root 2126 Apr 18 22:27 certs/server.crt
[root@ghost ssl]# ls -l private/server.key
-rw------- 1 root root 3311 Apr 18 22:25 private/server.key
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates. If anyone could please help me out, I would greatly appreciate it.

FATAL: could not load server certificate file "server.crt": No such file or directory
FATAL: private key file "server.key" has group or world access
DETAIL: Permissions should be u=rw (0600) or less.
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not access private key file "server.key": Permission denied
FATAL: could not load private key file "server.key": Permission denied
IME, postgres is hard-coded to look for server.{key,crt} in it's data directory, and it needs to be owned by the unpriv'ed user:
/srv/pgData-8.4 # ll server*
-rw------- 1 postgres postgres 1.5K Jul 13 2010 server.crt
-rw------- 1 postgres postgres 887 Jul 13 2010 server.key
-rw------- 1 postgres postgres 700 Jul 13 2010 server.req

Similar Messages

  • Configuring SSL certificates on ALBPM Studio

    Hi,
    I am invoking a web service which is deployed on a web logic server which is a secure server and needs SSL certificates to communicate. I have the certificates but don’t know how to configure it to my ALBPM Studio.
    Can I configure those to studio or do I need to deploy my code on the Enterprise edition installed on application server having these SSL certificates? But in that case I would land up investing so much time in deploying the code on server after even a small change. Since I don’t have those certificates configured to my studio it is not allowing me to catalog the service in my project and throwing Introspection error. The details of the error are mentioned below:
    +[Error] Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..+
    +[Error] Instrospection exception: Web Service WSDL parse exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target...+
    Can anyone throw any pointers on this type of error
    Thanks,
    Akshay

    In order to communicate with SSL secured webservices (those with WSDL end point starting as https:// you need to have certificates from these servers.
    For BPM Standalone these are the steps
    1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
    2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
    3. Run the following command at a command prompt:
    C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
    4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
    5. You will then get the following message if all is successful - "Certificate was added to keystore".
    6. Restart Tomcat (inbuilt server in BPM Studio).
    This should solve your problem.
    Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
    http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File
    Arvind
    Visit my blog at http://soa-bam-bi.blogspot.com/ for more tips on BPM & SOA

  • Creating SSL certificate and configuring it with JBOSS 4.0.1

    I have to post some data to a secured site from my application.
    For this, I am creating connection to that site using URLConnection and to send data I create OutputStream using the connection.
    But, while creating the stream it is showing SSLException and message is No trusted certificate found.
    For this, I need to create SSL certificate (mostly using keytool command) and configure it with my application server which is JBOSS 4.0.1
    Now, my problem is that I don't know the exact steps to create a certificate and configure it with JBOSS. Please provide the steps in detail.

    I think you have this back to front. Unless this exception came from the server, in which case it is misconfigured, you don't have to create a certificate, you have to import the server's certificate, or that of one of its signers, into the client's truststore, and tell Java where the truststore is if it's in a non-standard location.
    See http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html. You'll have to ask about the JBoss part in a JBoss forum.

  • Why we need SSL Certificates for configuring App Server in Sharepoint

    Hi Support,
    We are planning to have a separate server for Apps, while configuring the server its asking for certificate. The main scenario is while configuring server inside the same firewall why we need SSL for configuring.
    Could you please let me know the reason why we need SSL for configuring App Server.
    Thanks in Advance,
    Regards,
    Pradeep

    Hi  Pradeep,
    SSL (Secure Sockets Layer) is a transaction security standard that provides encrypted protection between browsers and App Servers. When SSL is enabled for an App Server, browsers communicate with the App
    Server by means of an HTTPS connection, which is HTTP over an encrypted Secure Sockets Layer. HTTPS connections are widely used by banks and web vendors for secure transactions over the web.
    Secure Sockets Layer  is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. This is such a scenario. As a prerequisite
    for configuring Task Synchronization, the computer that is running SharePoint Server must have SSL configured.
    Reference:
    http://blogs.technet.com/b/speschka/archive/2012/09/03/planning-the-infrastructure-required-for-the-new-app-model-in-sharepoint-2013.aspx
    http://corypeters.net/2013/03/ssl-and-sharepoint-2013/
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

  • Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

    Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

    Hi, William
    My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
    hope for your answer

  • Unable to configure SSL certificate on Apex

    I am trying to configure ssl certificate in one apex application.
    http://docs.tpu.ru/docs/oracle/en/oas/10.1.2.0.0/web.1012/b14007/ssl.htm#i1031859
    as per the above document first step is create a wallet with SSL certificate information.
    While creating wallet i am trying to import the CA certificate and User Certificate.
    But i am not able to import the certificates properly. I am getting error messages.
    Error Message :
    User certificate installation failed
    Possible Errors;
    -- Input was not a valid certificate.
    -- No matching certificate was found
    -- CA certificate is needed for certificate chain not found please install it first.
    What could be the reason for this. and solution for this problem ?

    Yes I am using OWM ( Oracle Wallet Manager)
    First I have created a new wallet and then i did create service request.
    Then Import user certificate and import CA certitificates are enabled.
    Then tried to import the certificates above mentioned errors are coming.....
    Yes first i imported the CA certificate then i imported the user certificate using the wallet manager. I used the copy - paste certificate method while importing.
    Any how if do import user certificate first it will show an error saying install ca certificate first.
    Message was edited by:
    Santhosh Kumar T

  • Can't find SSL certificate in SQL server configuration manager?

    Hi 
    It's been 2 days and I need a help. I have visited a number of sites and I still can't make it work
    Two severs I have: Windows 2012 Standard with SQL 2008 R2 and SQL 2012 
    I am trying to set it up on SQL 2008 R2 right now. 
    I have a certificate from a CA and did the followings.
    1. Open MMC
    2. Add Certificates Snap-in as a computer account (In fact, I tried all the three accounts)
    3. Right click-on Personal folder and All taks and Import 
    4. Installed the certificate with Certificate import Wizard
    5. The certificate shows up under Personal/Certificates and Trusted Root Certification Authorities/Certificates
    I did this with a local administrator account as well as MSSQL account(SQL Server service account I created). Even though the server is part of domain, SQL server is set up with local accounts. 
    This is a simply summary. I tried everything in the article such as 'Create Custom Request'. 
    I am not sure what I am missing. Why can't I see the certificate in SQL Server configuration manager? 
    I even made MSSQL (service account) as administrator. Not working.  
    as I am not using the domain service account, I believe below is not relevant. 
    Missing detail on "Install a certificate in the Windows certificate store..."
    When following recommended security procedures and running SQL server under a domain service account, the service will fail to start after assigning a certificate to the protocols.  This is because the service account does not have permissions to read
    the private key.  Fix this in the Certificates MMC snap-in (preferably right after installing the certificate.)  Select the certificate you just imported, then in the Action menu select "Manage private keys."  Grant the domain service
    account read access to the private key of the server certificate.
    Below is the few of reference I looked at.. 
    https://support.microsoft.com/en-us/kb/316898/
    https://msdn.microsoft.com/en-us/library/ms191192(d=printer).aspx
    https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
    http://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-
    http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx

    Hi Dinesh 
    Thanks for the reply. 
    I did looked into the both sites as well. but it did not work. 
    Below is the step to install SQLs server certificate. and I was stuck with Step 9. when click 'next' in the wizard, I am not getting into a place to select 'computer' as certificate type. 
    Do you know what is wrong please? 
    Open the Microsoft Management Console (MMC): click Start, then click Run and in the Run dialog box type: MMC
    On the File menu, click Add/Remove Snap-in...
    Select Certificates, click Add.
    You are prompted to open the snap-in for your user account, the service account, or the computer account. Select the Computer Account.
    Select Local computer, and then click Finish.
    Click OK in the Add/Remove Snap-in dialog box.
    Click to select the Personal folder in the left-hand pane.
    Right-click in the right-hand pane, point to All Tasks, and then click Request New Certificate...
    Click Next in the Certificate Request Wizard dialog box. Select certificate type 'Computer'.
    You can enter a friendly name in text box if you want or leave it blank, then complete the wizard.
    Now you should see the certificate in the folder with the fully qualified computer domain name

  • VPN: Configuration loses SSL certificate

    Hi there,
    *The challenge.*
    I'd like to conncet to our VPN netzwork with my MacBook Pro.
    In my network configuration I choose my SSL certificate.
    *The problem*
    Each time i try to connect, i get stucked at the "identification" (Normaly i should get this "trust certificate dialog".
    Having again a look into my network configuration the SSL certificate isnt select anymore.
    *Please help!*
    +// The SSL certificate passes severals tests on my windows-machine.+
    Please help.

    Not enough information, such as what VPN software you are using. For VPN issues, it almost always ends up that resolving the issue involves consulting with whomever manages the VPN.

  • Configure OWA to require a client ssl certificate only for external connection

    Hello.
    At now i migrated OWA client from Exchange 2003 to Exchange 2010 and faced with a problem.
    I want to then external client (somebody like user from home PC) connect to Outlook Web App, client certificate will be required.
    But then client connect (somebody from work PC) to internal Outlook Web App Url, Integrate Windows Auth will be used and client ssl certificate not required.
    Is it possible? Or i need to enable Outlook Anywhere?

    Hi,
    Base on my konwledge, I don't think it is possible.
    When you install Exchange 2003, only one Default Web Site in Internet Information Services (IIS). if you change the authentication method and enable SSL on OWA, client ssl certificate always be required whether it's external or internal.
    I recommend you refer to the following articles:
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/mobility-client-access/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/security-message-hygiene/SSL_Enabling_OWA_2003.html
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft.
    Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Thanks.
    Niko Cheng
    TechNet Community Support

  • Cisco ASA 5505 and comodo SSL certificate

    Hey All,
    I am having an issue with setting up the SSL certificate piece of the Cisco AnyConnect VPN. I purchased the certificate and installed it via the ASDM under Configuration > Remote Access VPN > Certificate Management > Identity Certificates. I also placed the CA 2 piece under the CA Certificates. I have http redirect to https and under my browser it is green.
    Once the AnyConnect client installs and automatically connects i get no errors or anything. The minute I disconnect and try to reconnect again, I get the "Untrusted VPN Server Certificate!" which isn't true because the connection information is https://vpn.mydomain.com and the SSL Cert is setup as vpn.mydomain.com.
    On that note it lists the IP address instead of the vpn.mydomain.com as the untrusted piece of this. Now obviously I don't have the IP address as part of the SSL cert, just the web address. On the web side I have an A record setup to go from vpn.mydomain.com to the IP address of the Cisco ASA.
    What am I missing here? I can post config if anyone needs it.
    (My Version of ASA Software is 9.0 (2) and ASDM Version 7.1 (2))

    It's AnyConnect version 3.0. I don't know about the EKU piece. I didn't know that was required. I will attach my config.
    ASA Version 9.0(2)
    hostname MyDomain-firewall-1
    domain-name MyDomain.com
    enable password omitted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd omitted
    names
    name 10.0.0.13.1 MyDomain-Inside description MyDomain Inside
    name 10.200.0.0 MyDomain_New_IP description MyDomain_New
    name 10.100.0.0 MyDomain-Old description Inside_Old
    name XXX.XXX.XX.XX Provider description Provider_Wireless
    name 10.0.13.2 Cisco_ASA_5505 description Cisco ASA 5505
    name 192.168.204.0 Outside_Wireless description Outside Wireless for Guests
    ip local pool MyDomain-Employee-Pool 192.168.208.1-192.168.208.254 mask 255.255.255.0
    ip local pool MyDomain-Vendor-Pool 192.168.209.1-192.168.209.254 mask 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address Cisco_ASA_5505 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address Provider 255.255.255.252
    boot system disk0:/asa902-k8.bin
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 10.0.3.21
    domain-name MyDomain.com
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network MyDomain-Employee
    subnet 192.168.208.0 255.255.255.0
    description MyDomain-Employee
    object-group network Inside-all
    description All Networks
    network-object MyDomain-Old 255.255.254.0
    network-object MyDomain_New_IP 255.255.192.0
    network-object host MyDomain-Inside
    access-list inside_access_in extended permit ip any4 any4
    access-list split-tunnel standard permit host 10.0.13.1
    pager lines 24
    logging enable
    logging buffered errors
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-712.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static Inside-all Inside-all destination static RVP-Employee RVP-Employee no-proxy-arp route-lookup
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.XX 1
    route inside MyDomain-Old 255.255.254.0 MyDomain-Inside 1
    route inside MyDomain_New_IP 255.255.192.0 MyDomain-Inside 1
    route inside Outside_Wireless 255.255.255.0 MyDomain-Inside 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    action terminate
    dynamic-access-policy-record "Network Access Policy Allow VPN"
    description "Must have the Network Access Policy Enabled to get VPN access"
    aaa-server LDAP_Group protocol ldap
    aaa-server LDAP_Group (inside) host 10.0.3.21
    ldap-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
    ldap-group-base-dn ou=MyDomain,dc=MyDomainnet,dc=local
    ldap-scope subtree
    ldap-naming-attribute sAMAccountName
    ldap-login-password *****
    ldap-login-dn cn=Cisco VPN,ou=Special User Accounts,ou=MyDomain,dc=MyDomainNET,dc=local
    server-type microsoft
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http MyDomain_New_IP 255.255.192.0 inside
    http redirect outside 80
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint LOCAL-CA-SERVER
    keypair LOCAL-CA-SERVER
    no validation-usage
    no accept-subordinates
    no id-cert-issuer
    crl configure
    crypto ca trustpoint VPN
    enrollment terminal
    fqdn vpn.mydomain.com
    subject-name CN=vpn.mydomain.com,OU=IT
    keypair vpn.mydomain.com
    crl configure
    crypto ca trustpoint ASDM_TrustPoint1
    enrollment terminal
    crl configure
    crypto ca trustpool policy
    crypto ca server
    shutdown
    crypto ca certificate chain LOCAL-CA-SERVER
    certificate ca 01
        omitted
      quit
    crypto ca certificate chain VPN
    certificate
        omitted
      quit
    crypto ca certificate chain ASDM_TrustPoint1
    certificate ca
        omitted
      quit
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable outside client-services port 443
    crypto ikev2 remote-access trustpoint VPN
    telnet timeout 5
    ssh MyDomain_New_IP 255.255.192.0 inside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    dynamic-filter updater-client enable
    dynamic-filter use-database
    dynamic-filter enable
    ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 rc4-md5 des-sha1
    ssl trust-point VPN outside
    webvpn
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 3
    anyconnect image disk0:/anyconnect-linux-2.4.1012-k9.pkg 4
    anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 5
    anyconnect profiles MyDomain-employee disk0:/MyDomain-employee.xml
    anyconnect enable
    tunnel-group-list enable
    group-policy DfltGrpPolicy attributes
    dns-server value 10.0.3.21
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
    default-domain value MyDomain.com
    group-policy MyDomain-Employee internal
    group-policy MyDomain-Employee attributes
    wins-server none
    dns-server value 10.0.3.21
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split-tunnel
    default-domain value MyDomain.com
    webvpn
      anyconnect profiles value MyDomain-employee type user
    username MyDomainadmin password omitted encrypted privilege 15
    tunnel-group MyDomain-Employee type remote-access
    tunnel-group MyDomain-Employee general-attributes
    address-pool MyDomain-Employee-Pool
    authentication-server-group LDAP_Group LOCAL
    default-group-policy MyDomain-Employee
    tunnel-group MyDomain-Employee webvpn-attributes
    group-alias MyDomain-Employee enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:1c7e3d7ff324e4fd7567aa21a96a8b22
    : end
    asdm image disk0:/asdm-712.bin
    asdm location MyDomain_New_IP 255.255.192.0 inside
    asdm location MyDomain-Inside 255.255.255.255 inside
    asdm location MyDomain-Old 255.255.254.0 inside
    no asdm history enable

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • Problem in Authenticating Clients using SSL certificates in EP 7.0

    Hi all,
    Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
    We have completed our configuration as defined in following links
    http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
    and SAP note 583439.
    But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
    So in short it dosent authenticate users on their certicates.
    Following are snaps that I have taken from my default logs.
    Latest snap.
    Date , Time , Message , Severity , Category , Location , Application , User
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Exiting method , Path ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Certificate: Version: 3
    Serial number: 4123385933
    Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
    Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
    Valid not before: Tue Feb 20 09:17:00 EST 2007
          not after: Wed Feb 20 09:17:00 EST 2008
    Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
    RSA public key (1024 bits):
    public exponent: 10001
    modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
    Certificate Fingerprint (MD5)  : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
    Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
    Extensions: 1
    , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not after: Wed Feb 20 09:17:00 EST 2008 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not before: Tue Feb 20 09:17:00 EST 2007 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Serial: f5c5e04d , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path ,  , com.sap.engine.services.ssl.verifyChain () ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
    java.lang.NullPointerException
         at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
         at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
         at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error ,  , com.sap.engine.services.httpserver.dispatcher ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() ,  ,
    02/27/2007 , 15:13:59:535 , Handshake failed
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Info ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    Regards,
    Atif Mukhtar

    Atif,
    Did you get a solution to the problem you were having? We have a similar problem.
    Thanks,
    Dave

  • Exchange 2010: How to renew an SSL certificate?

    Hi all.  I have done some reading but it seems I can't find just a simple step-by-step on how to renew an SSL certificate issued by a 3rd party CA for Exchange 2010.  I really don't want to mess this one up by cobbling together partial answers
    from various forums and end up omitting something, then being stuck unable to figure out why I broke email while the CEO flips out. 
    This is a standard GoDaddy 5-domain UCC certificate.  There is only one Exchange server, SP3 (I don't think I have Rollup 6 on yet).  The existing certificate expires in a month or so. 
    I have some specific questions but perhaps these would be answered via what I hope will be a step by step instruction set in your reply :) Sorry to appear lazy by asking for the full instructions just that so far no single forum post nor MS TechNet article
    has addressed all my concerns, or in some cases information conflicts.  So my concerns for example are:  can you do a renewal for a certificate before the old one expires?  It is actually a renewal, or are you adding a 2nd certificate? 
    Do you have to do anything in IIS or does EMC or EMS do all that for you? 
    Thank you. 

    -->Can you do a renewal for a certificate before the old one expires? 
    Yes. Normally 3rd party CA allows you to renew certificate before the current one expires.
    -->It is actually a renewal, or are you adding a 2nd certificate? 
    You have to renew the certificate and a new/second certificate will be added to your server certificate store. Please check below for detailed step of Godaddy renewal. http://stevehardie.com/2013/10/how-to-renew-a-godaddy-exchange-2010-ssl-certificate/
    -->Do you have to do anything in IIS or does EMC or EMS do all that for you? 
    You will have to do it from MMC or EMS. No need to do anything from IIS.
    Follow the steps below to make your work easy or follow the video in this site site.http://www.netometer.com/video/tutorials/Exchange-2010-how-to-renew-SSL-certificate/
    1. Run this command from EMS to generate CSR. You can see the CSR named "newcsr.txt" in C:\CSR
    folder
    Set-Content -path "C:\CSR\newcsr.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=WA, l=Bellavue, o=Contoso, cn=commonname.domain.com" -DomainName autodiscover.domain.com -PrivateKeyExportable $True)
    2. Renew the certificate from Godaddy (from Godaddy portal) using the new CSR (i.e. newcsr.txt). Download the certificate from Godaddy after renewal.
    3. Open Exchange MMC. Go to Server configuration. Right click on the pending request.  Click on complete pending request and browse to the newly downloaded certificate. Make sure you have internet when doing this.
    4. Assign services using the steps in the below site. Make sure you have selected the new certificate. You will see the thumbprint just before completion http://exchangeserverpro.com/how-to-assign-an-ssl-certificate-to-exchange-server-2010-services/
    5.Delete the old one certificate from MMC.
    From EMS use this command 
    Remove-ExchangeCertificate -Thumbprint <old cert thumprint>
    You can see the the certificate thumprints using Get-ExchangeCertificate command
    MAS. Please dont forget to mark as answer if it helped.

  • [solved] dovecot errors after renewing SSL certificate

    System:
    OS X Server (Mountain Lion) 2.2
    Using a single SSL Certificate for all services.
    Symptom:
    Users can't log into their IMAP accounts hosted on OS X Server (Mountain Lion) after renewing SSL Certificate
    Diagnostics:
    Give you an indication whether it's this problem. Some or all may apply:
    Log shows all kinds of dovecot errors. e.g.
    dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
    config: Fatal: Error in configuration file /Library/Server/Mail/Config/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
    dovecotd[nnn]: master: Error: service(config): command startup failed, throttling
    /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf shows commented out lines:
    ssl_cert
    ssl_key
    ssl_ca
    Solution:
    Go to the Certificates pane of the Server App  and choose Secure Services Using: Custom
    Set IMAP and POP server certificates to to None
    Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf
    Now set Secure Services Using: <My single SSL Certificate for all services>
    Keep an eye on what the server App is doing to /Library/Server/Mail/Config/dovecot/conf.d/10-ssl.conf and you should now see all the ssl* settings as you would expect, and pointing to the correct SSL certificate  in /etc/certificates
    Hope this works for you too!

    I had something similar happen. When I do anything with SSL certificates it deletes any regular websites. Only the sites that are setup for https are listed.
    Couldn't understand why my website wasn't working and it turned out that the system had deleted it. The web server had multiple host set and I had to rebuild all the ones that had used port 80. All the ones that use 443 were fine.
    Hope this helps.

  • File Adapter FTP SSL SSL Certificate Exception

    After reviewing the results of searching on this error, I do not find anything that fits my situation:
    SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
    I am not using X.509 certificate for client authentication.
    My connection is using a non-public certificate.
    I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
    I am getting the following error:
    Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
    Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
    Any recommendations?

    Hi,
    The main reasons for this error are:
    1. The correct server certificate could not be present in the TrustedCA
    keystore view of NWA. Please ensure you have done all the steps
    described in these two URLs:
    Security Configuration at Message Level
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
    0a1550b0/frameset.htm
    2. The server certificate chain contains expired certificate. Check for
    it (that was the cause for other customers as well) and if it's the case
    renew it or extend the validation.
    3. Some other people have reported similar problem and mainly the
    problem was that the certificate chain was not in correct
    order. Basically the server certificate chain should be in order
    Own->Intermedite->Root. To explain in detail, if your server certificate
    is A which is issued by an intermediate CA B and then B's certificate is
    issued by the C which is the root CA (having a self signed certificate).
    Then your certificate chain contains 3 elements A->B->C. So you need to
    have the right order of certificate in the chain. If the order is B
    first followed by A followed by C, then the IAIK library used by PI
    cannot verify the server as trusted. Please generate the certificate in
    the right order and then import this certificate in the TrustedCA
    keystore view and try again. Please take this third steps as the
    principal one.
    Hope it solves your querie.
    Regards,
    Caio Cagnani

Maybe you are looking for

  • How do my husband and I use the same itunes acct

    People tell me all the time that their whole family has the same iTunes account so they can share everything. How do they do that? I tried to do mine on my husands phone and it said that the account was already in use so he set up his own. How do we

  • Enter Valid Ship-to-party/Sold-to-Party-

    Using T.code:J1ILIC01(Deemed Export License), I entered data for Series Group,License Type,License Name,Creation Date,Expiry Date and Pressed Enter. I get the error'Enter Valid Ship-to-party/Sold-to-Party'. I have entered a Valid Ship-to-party/Sold-t

  • ITunes 7.0.2.16 overwriting 4th Gen iPod Video database changes

    Whenever I connect my 4th Gen Video iPod to my PC, iTunes overwrites any changes I've made to my iPod's database (song ratings, Last Played times, etc.) with whatever was true the last time I disconnected it. For example: Let's say I have a song on m

  • I've done a software update twice, and the app store won't load. Why won't it download the app store?

    I've been trying ro upgrade to the newest OS X, but every time I update it, nothing happens. Specifically, I want the App Store and it won't come up. Input?

  • How do I get an image off iDVD

    I have a DVD of photo images that was made with iDVD 4 or 5. I now have iDVD6. I can't find some photo images that should have been saved on a CD. How do I download some of the images that are on the DVD? Thank you.