Problem in configuring certificates in OSB

Similar Messages

• Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Problem to configure Blink Pro (App). Error SSL certificate verification error (PJSIP_TLS_ECERTVERIF) (503)

  Hi, William
  My question is if you can help me and support me to configure the Blink Pro App, I have a Mac Book Air, OS X 10.9.1.
  hope for your answer

• Lync 2010 Certificate Issue - "There was a problem verifying your certificate from the server"

  Greetings.
  My Issue:
  Lync 2010 client does not connect to server;error displayed "Cannot sign into Lync. There was a problem verifying the certificate from the server."
  Description:
  The client is running on my Windows 7 box, and my CA server is a Windows Server 2003 box. I have installed the hotfix on the Server 2003 box to update the Web Enrollment portion of CA to allow for newer clients (Vista and 7) to receive certificates from
  this server. 
  Lync server is running on Server 2008 R2 STD, installation was a success.
  The Windows 7 box is a part of the domain.
  I have manually exported the Root CA from my Enterprise CA server from
  Trusted Root Certification Authorities -> Certificates and imported into the same location on my Windows 7 box. 
  If I look at the certification path on the Root CA, on my Windows 7 box,  it says "The certificate is OK." The same goes for the servers involved. 
  Still nothing.
  I have read the other forum posts on here about people having success once they manually import the Root CA from the Enterprise CA server, but this is not my case here. 
  All certificates are successfully assigned on the Lync server box; however, I did have to manually import the Root CA into Lync server's
  Trusted Root Certification Authorities -> Certificates before I could successfully assign them. Had to do this on another deployment I completed, so I didn't think anything of it.
  To recap: it seems that even with my Root CA imported into my Windows 7 box I can still not connect to my Lync server with the client, and I get the error message "There was a problem verifying the certificate from the server."

  Solved
  Solution :  Export certificate from Lync Server Start > Administrative Tools > IIS > Server Certificate > Export >   abc.pfx   save it,  Copy and place the certificate where Ms Lync 2010 client is installed or getting certificate
  error.  Follow these steps on client machine to install certificate 
  Run > mmc > add or remove snap in > certificates > computer account > local computer >finish > ok > expand Certificate > Trusted Root Certification Authorities > Certificate > All task > Import > copy abc.pfx certificate
  and delete unnecessary certificate from there.
  Restart Client machine and open microsoft Lync client 2010 and open option menu > Personal > Advanced > choose Auto Configuration > save ok

• Problem in configuring SSO using SAML for applications hosted on diff m/c

  Hi Techies,
  I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
  I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
  I am summarizing the problem below -
  Steps followed for Configuring SSO using SAML
  1. Created 2 domains on 2 seperate machines namely domainA and domainB
  2. Source appliction is deployed on domainA and the target application is deployed on domaninB
  The steps mentioned in the following tutorial has been followed-
  http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
  3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
  to WEBLOGIC_HOME/server/lib of destination machine.
  4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
  changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
  is thrown -
  " SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
  weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
  in the FederationServicesMBean, key alias: testalias "
  The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
  problem only occurs when domains are created on seperate machines.
  Alterative to the problem: when the certificate is generated seperately for domainB and copied to
  WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
  Note: I am using Weblogic portal 9.2.1
  Any quick replies will be much appreciated. Thanks.
  Edited by saurabh.agrawal at 02/06/2008 2:01 PM

  Hi François,
  You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
  As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
  -Vinod

• How to secure connection in sql server 2008? my main problem is which certificate should i add in mmc

  i'm recently working on hardening of sql server 2008. now i face with a problem. my problem is  how to secure connection in sql server 2008?  my main problem is which certificate should i add in mmc? what are these certificates about?and guide
  me in choosing the appropriate certificate.
  and how should i know that the connection in sql server is secured?
  plz guide me from the beginning cause i'm rookie in this subject.
  thanks in advance.

  Hi sqlfan,
  Question 1: my problem is how to secure connection in sql server 2008?
  Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. For more information about Encrypting Connections to SQL Server, please refer to the following
  article:
  http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  Question 2: my main problem is which certificate should i add in mmc? what are these certificates about?and guide me in choosing the appropriate certificate.
  To install a certificate in the Windows certificate store of the server computer, you will need to purchase/provision a certificate from a certificate authority first. So please go to a certificate authority to choose the appropriate certificate.
  For SQL Server to load a SSL certificate, the certificate must meet the following conditions:
  The certificate must be in either the local computer certificate store or the current user certificate store.
  The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
  The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
  The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
  The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host
  name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
  Question 3: how should i know that the connection in sql server is secured?
  If the certificate is configured to be used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the certificate. For more detail about this,
  please refer to Configuring SSL for SQL Server in the following article:
  http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
  If you have any question, please feel free to let me know.
  Regards,
  Donghui Li

• Configure Certificate Authentication.

  I'm configuring a SOAP adapter (receiver) and in the SAP Doc Libray this is what it says to use a certificate :
  If the server requests a certificate from the client, set the indicator Configure Certificate Authentication.
  ¡        Specify the Keystore Entry.
  ¡        Specify the Keystore View.
  Problem is this indicator doesn't even show up in my adapter communication channel!
  Has anyone had this issue?
  Thanks - Andrew

  Hi Andrew,
  have you got XI with SP13?
  this is a feature available only from SP13:
  Receiver SOAP Adapter
  You can now configure a certificate authentication for the HTTPS and SMTPS transport protocols.
  if you want to check you SP level
  open IR or ID then <b>Help</b> menu and choose <b>Information</b>
  if your SP is lower then you'll have to update your XI
  Regards,
  michal

• SP13 - missing indicator Configure Certificate Authentication

  Hi all,
  We are trying to set up configuration for scenario with certificate authentication. XI will send data to remote system using certificate authentication. Even if we are on SP13, we don't see any "Configure Certificate Authentication" indicator in SOAP communication channel, which should allow us to enter the keystore value for the certificate to be used. In documentation for SP13 release there is written that the authentication should be enabled.
  Is there anything we should switch or turn on to have this indicator displayed in SP13?
  Thank you for your help.
  Jozef

  Hi,
  thank you for your answer. The problem is probably in the update which has not been done correctly. One of the system components (SAP-XI-TOOLS or something like this) was not properly updated (patched to SP13).
  Thank you for you suggestion.
  Best regards,
  Jozef

• Problem in configuring

  HI
  This is my first attempt to deploy a webapplication on weblogic
  1)have installed weblogic 7.0 sp5
  2)I wanna use jdbc/oci driver and oracle 9i as the databse
  Problems:
  1)configured the weblogic for standalone application
  the config.xml is
  - <Domain Name="mydomain">
  - <Server Name="python" NativeIOEnabled="true" ListenAddress="192.168.0.102" ListenPort="7001">
  <SSL Name="python" ListenPort="7002" HostnameVerificationIgnored="true" Enabled="true" ServerCertificateFileName="democert.pem" ServerPrivateKeyAlias="demokey" ServerPrivateKeyPassPhrase="pkpassword" />
  <WebServer DefaultWebApp="DefaultWebApp" LogFileName="access.log" LoggingEnabled="true" Name="python" />
  <Log FileName="weblogic.log" />
  </Server>
  - <Application Deployed="true" Name="DefaultWebApp" Path="./applications">
  <WebAppComponent Name="DefaultWebApp" Targets="python" URI="DefaultWebApp" />
  </Application>
  - <Application Name="certificate" Path="./applications">
  <WebAppComponent Name="certificate" Targets="python" URI="certificate.war" />
  </Application>
  <Security Name="mydomain" GuestDisabled="false" />
  <Log FileName="wl-domain.log" />
  </Domain>
  if i want to configure the connection pooling,database,driver
  so can i add the coresponding tags to the config file
  or
  do i need to have the integration version for this
  2)how shall i proceed to specify the connection pool,driver and databse
  as bea say in the features of sp5
  Oracle 10g JDBC Thin Driver
  In WebLogic Server 7.0SP5, the Oracle 10g (10.1.0.2.0) version of the Oracle Thin driver was added to the release and is now the default version of the Oracle Thin driver.
  JDBC MultiPool Failover Enhancements
  In WebLogic Server 7.0SP5, the following enhancements were made to JDBC MultiPools:
  Connection request routing enhancements to avoid requesting a connection from a disabled connection pool within a MultiPool.
  Automatic failback on recovery of a failed connection pool within a MultiPool.
  Failover for busy connection pools within MultiPools with the High Availability algorithm.
  Failover callbacks for MultiPools with the High Availability algorithm.
  Failback callbacks for MultiPools with either algorithm.
  i wud b thankful if somebody can guide me how shall i proceed

  For connection pooling and data source configuration with WebLogic and Oracle database, please refer to
  http://www.sys-con.com/story/?storyid=43045&DE=1

• Problem in configuring the HTTPS

  hi all,
  I am facing the problem in configuring HTTPS.I have fallowed the procedure given in the tomcat documentation.I am working with Tomcat 5.0.I have created my own certificate and it was stored in the home directory.
  The problem i am facing was when configuring the tomcat's Server.xml file.I have removed the comments and the port number was 8443, which was in the xml tag.But when entering https://localhost:8443/ it was not giving the opening page instead it was giving the "page cannot displayed".
  Can anybody please tell me the mistake i have did in configuring the server to HTTPs.Also please tell me the way to configure my IIS.
  Thanks in advance
  lakshman

  hi all,
  I did the configuration for the HTTPS in Tomcat.The page was opening and i have did the fallowing modification in the previous connector tag.
  I have added the keyStoreFile which provides the Filepath of the .keyStore file.
  Now the Https in Tomcat was working fine.
  Thanks for your help and advice
  lakshman

• Configuring Retry in OSB Buisness service

  Hi All
  I have to invoke a web service protected with username password digest security. I have a requirement of retrying this web service in case of fault 3 times with some delay.
  The problem is when i configure retry application errors to Yes and specify the retry count as 2 with a 2 second delay. I get and error on second invocations as duplicate nonce (Since it retries the same message and the backed web service complains that the same nonce is being sent again)
  Currently i am routing to this service and hence this cannot be put in a loop of (i would have to change this to service callout). Also there is no wait activity in OSB.
  What options do i have? Please help. Thanks

  Thanks for the replies Guys!
  @Pierluigi: Ur idea can work, I can encapsulate the BS with a PS and from my main proxy service retry this PS via Route Node. Will let u know. Thanks
  @veejai24
  The problem is not with retrying, its with retrying a password digest protected web service. The problem is that during retrial, OSB does not generate the nonce again (in SOAP header) and rather retires the same soap message again. The backend service throws an error that a duplicate nonce is being sent.

• WebVPN-Problem with Digital Certificate and AAA

  Hello everyone,
  I have a problem during configuring WebVPN on ASA 5520 using AAA and digital certificate of Microsoft. (MSCEP)
  Currently, The WebVPN service is enabled and it worked well with AAA (local or external) only,
  But now, I want to use both AAA and Certificate for most secure-I mean that the users will be authenticated 2 times (firstly, it is checked by valid certificate then user/pass is second one).
  Here are details:
  I tried installation CA server (Microsoft CA service combined with SCEP) and register ASA with CA server (ASA work as subordinate CA)-->these steps is ok, asa has registed, then client use web-browser request CA and it's issued by CA administrator then it is installed on web-browser.
  Testing:
  The Client tried to test with access SSL VPN, the welcome WEBVPN message prompt user/pass but the message is "Logon Failed" before I give user and pass,
  Does anyone know and advise ?
  Thanks
  Khanh

  Hi all,
  Here are attach files for my issuse,
  Khanh

• Problem in configuring Terms of Payment

  Hello Friends,
  I'm facing a problem during configuration of payment terms in which i give 15% discount to the customer if paid within 15 days & also the credit period is 15 days for net payment. When i try to configure the same i get an error message FC114 - Enter periods in ascending order, since the cash discount period & the credit period are the same.
  Payment Terms - Within 15 days 15% discount, Within 15 days due net
  Request your assistance.
  Regards,
  Padmanabhan

  Hi Padmanabhan,
  your requirement is not clear, for both the options are on the same day, there should be some difference in days for a discount and net payments in any business, try to collect correct requirement from your client. It may be further 15 days from the due date for discount, then it becomes 30 days.
  How do you offer both options to your customers, in any business i did not heard such terms,
  correct me if i am wrong.
  Bye
  Venkat Cheedalla.

• Problem with configuration of wifi newtork- dhcp

  hi.
  i've got a small problem with configuration of wi-fi network.
  i use dhcp network.
  there are some errors about network during boot up (but its to fast for my to write it down)
  after log-in i have to setup network access by typing
  iwconfig eth2 essid SpeedTouchBCE72F
  and then i heve to run this command
  dhclient
  and after that i've got an access to internet
  this is my rc.file
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # HARDWARECLOCK: set to "UTC" or "localtime"
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="pl_PL.UTF-8"
  HARDWARECLOCK="localtime"
  TIMEZONE="Europe/London"
  KEYMAP="-u pl2"
  CONSOLEFONT="lat2-16.psfu.gz"
  USECOLOR="yes"
  LC_ALL="pl_PL.UTF-8"
  LESSCHARSET="UTF-8"
  # HARDWARE
  # Scan hardware and load required modules at bootup
  MOD_AUTOLOAD="yes"
  # Module Blacklist - modules in this list will never be loaded by udev
  MOD_BLACKLIST=()
  # Modules to load at boot-up (in this order)
  #   - prefix a module with a ! to blacklist it
  MODULES=()
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  HOSTNAME="linugrat"
  # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available
  # interfaces.
  # Interfaces to start at boot-up (in this order)
  # Declare each interface then list in INTERFACES
  #   - prefix an entry in INTERFACES with a ! to disable it
  #   - no hyphens in your interface names - Bash doesn't like it
  # Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
  lo="lo 127.0.0.1"
  eth2="dhcp"
  INTERFACES=(lo eth2)
  ROUTES=(!gateway)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  #   - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(gateway)
  # Enable these network profiles at boot-up.  These are only useful
  # if you happen to need multiple network configurations (ie, laptop users)
  #   - set to 'menu' to present a menu during boot-up (dialog package required)
  #   - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network-profiles
  #NET_PROFILES=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  #   - prefix a daemon with a ! to disable it
  #   - prefix a daemon with a @ to start it up in the background
  DAEMONS=(syslog-ng ipw3945d network netfs crond)
  # End of file
  szymon

  Hi Mariano
  I think you need to <b>restart your portal Engine</b> after making correct settings.
  Also please refer to the link below to get a better insight:-
  http://help.sap.com/saphelp_nw04s/helpdata/en/0b/719a425ffac46ae10000000a155106/frameset.htm
  Regards
  Navneet

• Cannot open install assistant.  I get this error message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Pleas

  How can I downloade a trial of Adobe Elements 12? 
  I followed the instructions to download assistant...but get this message: The application cannot be installed due to a certificate problem.  The certificate does not match the installed application certificate, does not support application upgrades, or is invalid.  Please contact the application author.

  Hi alposer,
  Please remove the copy of the Adobe Download Assistant you currently have installed and then reinstall the Adobe Download Assistant.
  Regards,
  Rave

• Workflow Manager Configuration - Certificate with Thumbprint does not have a private key

  After following the video series on how to install and Configure Workflow Manager into SharePoint 2013 http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx,
  I get to the 'Configure Certificates' section in the Workflow Manager Configuration:  I browse to our wildcard certificate and select it.
  When I try to move to the next page of the configuration wizard, I get the following red error under the certificate:
  Certificate with thumbprint LONG STRING does not have a private key.
  I checked the properties of the certificate, and it says: You have a private key that corresponds to this certificate.
  What am I missing??
  Thank you.
  macrel

  Hi,
  According to your post, my understanding is that you got error under the certificate.
  Please make sure you configure the workflow manager correctly.
  More information:
  Install and configure workflow for SharePoint Server 2013
  Installing and Configuring Workflow Manager 1.0
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support