Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in
Hi,
'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
I get the following error when attempting to access WebLogic via Apache:
Internet Explorer cannot display the webpage
These are the last lines in wlproxy log:
Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
Do you know if there are limitations to the certificate length that the plug-in can use?
Yes 4096 bit Certificates are not supported by the plugin.
You can use up to 2048 bit.
There is a Bug which clearly mentions it.
I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
Hope this helps.
Faisal Khan
Edited by: Faisal Khan on Feb 27, 2010 2:08 PM
Similar Messages
-
Problems using Oracle or MSSql DBMS with Weblogic 5.1 SP6
We have installed Weblogic 5.1 with service pack 6 on NT 4.0.
The database access works fine with the default Cloudscape,
but when we try to use the SQL scripts for Oracle supplied by BEA,
we keep getting rollbacks.
We have also tried to modify the SQL scripts to access a MSSQL 7
database,
and we get the same kind of problems.
Can anybody help ?
Thanx.
Fabien Coppens
Consultant B2C,
Fi System
78 Bld. de la République
92100 Boulogne
Tel : +33-1-47 61 52 55
mailto : [email protected]I guess SQL syntax for cloudscape may not be same as Oracle. Pls check
cloudscape manuals.
Also you are talking about rollbacks. Could you be more specific.?
Pls post full stack trace here.
Kumar
Fabien Coppens wrote:
We have installed Weblogic 5.1 with service pack 6 on NT 4.0.
The database access works fine with the default Cloudscape,
but when we try to use the SQL scripts for Oracle supplied by BEA,
we keep getting rollbacks.
We have also tried to modify the SQL scripts to access a MSSQL 7
database,
and we get the same kind of problems.
Can anybody help ?
Thanx.
Fabien Coppens
Consultant B2C,
Fi System
78 Bld. de la République
92100 Boulogne
Tel : +33-1-47 61 52 55
mailto : [email protected] -
Problem in installation of free SSL certificate on Weblogic using keytool
We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
Steps followed:-
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option Custom Identity And Custom Trust provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option KeyStores for Identity and Trust locations.
Error on console:
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
<Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
If anyone knows the solution ,please help us out.Thanx in advance.
I was really happy to get reply yesterday from "mv".I was not expecting such instant response.Thanx all guys for your interest and support.
I have solved this issue.
We have weblogic 9 on unix env.
Following steps which I followed:
#generate private key
keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
#generate csr
keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
We copied that text file in "ert4nov2009.crt" rt file used below.
Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
roo ca in "root4nov2009.cer" file.
intermediate ca in "intermediateca4nov2009.cer"
both these files used in
#import root certificate
keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
#import intermediate ca certificate
keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
#install free ssl certifiate
keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
#after this admin configuration
In weblogic admin console module, we did following settings:-
1. under Configuration tab
a. Under KeyStore tab
For keystore , we selected "Custom identity and Custom Trust"
Under Identity,
Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
Same we copied Under "Trust", as we have not created separate keystore for trust.
Save setting.
b. Under SSL tab
Identity and Trust Locations: select "Keystores"
Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
Save setting.
c. Under General tab
Check checkbox "SSL Listen Port Enabled"
and mention ssl port "SSL Listen Port"
Save setting.
After this activate changes.You might see error on admin module.
Using command prompt, stop the server and again restart and then try to access using https and port ...
you will definately get output...
in our case issue might be due to key size..we used 1024 key size ..it solve problem.
for your further reference plz find link below..it is also helpful.
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674 -
installed a new SSL certificate with 2048 bit encryption (as is now required by issuer of certificate). Everything is OK with IE, FF shows error: (Fehlercode: sec_error_unknown_issuer)
== URL of affected sites ==
https://www.dongil.at/I have also tried all the solutions mentioned - but no luck.
I wrote to Geotrust support and the pointed out that I needed the intermediate certificate and provided me with this url:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
Please note, this intermediate certificate was *not* the same is linked to above - seems like there are 2 different intermediate certificates, depending on what type of certificate you got from Geotrust.
Just to recap - if you got yourself a "QuickSSL, QuickSSL Premium or SSL Trial"-certificate (like me) then use this intermediate:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422
If you got a "True BusinessID or Enterprise SSL"-certificate, you should use this:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1423
- Lasse -
DSEE 6.3.1 and 2048-bit SSL certificates
Related to my previous post, I'm standing up a new 6.3.1 proxy server and directory server instance that are being added to my existing environment. We use GoDaddy for SSL certificates and they require 2048-bit CSRs, which cannot be generated with 6.3.1 software. That being the case I generated the CSR for each host using openssl with the command:
openssl req -new -newkey rsa:2048 -nodes -out ldp05_domain_com.csr -keyout ldp05_domain_com.key -subj "/C=us/ST=Massachusetts/L=Cambridge/O=My Corp/OU=Network Operations/CN=ldp05.domain.com"I then took the CSR and received a new signed 2048-bit cert from GoDaddy. I added the GoDaddy root bundle certs into my CA cert chain and then attempted to add the server cert.
On the directory server I have the problem:
# dsadm add-cert /usr/local/ds/domain/ ldp05.domain.com /tmp/ldp05.domain.com.crt
Unable to find private key for this certificate.
Failed to add the certificate.I get the same error when attempting to add the certificate through DSCC.
I have a different problem with the 2048-bit certificate on the proxy server. I added the CA cert and that was fine. However, when I add the server cert, it shows up in the CA cert chain.
# dpadm add-cert /usr/local/dps/domain/ dps05.domain.com /tmp/dps05.domain.com.crt
# dpadm list-certs /usr/local/dps/domain/
Alias Valid from Expires on Self-signed? Issued by Issued to
defaultservercert 2011/02/25 10:08 2013/02/24 10:08 y CN=dps05.domain.com:389 Same as issuer
1 certificate found.
# dpadm list-certs -C /usr/local/dps/domain/|grep dps05
dps05.domain.com 2011/02/25 11:43 2014/02/25 11:43 n SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=dps05.domain.com, OU=Domain Control Validated, O=dps05.domain.comHas anyone successfully added 2048-bit CA signed certificates to both DPS and DS instances? Is there a limitation on the size of a certificate that can be imported as a non CA cert in directory proxy server 6.3.1?Sadly after opening a case with Oracle support I was told that the hotfix wasn't built for Linux (which I'm running) and would take 1-2 weeks to complete. I have managed to solve 99% of the issue on my DPS host thus far and have only one remaining issue which is upon adding the cert.
In order to generate the 2048-bit CSR I had to run the following:
# cd /usr/local/dps/domain/alias
# modutil -changepw "NSS Certificate DB" -dbdir .
# certutil -R -s "CN=dps05.domain.com,OU=Network Operations,O=My Corp,L=City,ST=State,C=US" -o /tmp/dps05.domain.com.csr -d /usr/local/dps/domain/alias -a -g 2048For reference, running the dpadm command to set the cert db password didn't work.
# dpadm stop /usr/local/dps/domain
# dpadm get-flags /usr/local/dps/domain
# dpadm set-flags /usr/local/dps/domain/ cert-pwd-prompt=onOnce I had the properly sized CSR I had the cert issued and attempted to add the root certs to the CA chain and the server cert to the server certificates:
# dpadm add-cert /usr/local/dps/domain gd-root-bundle gd_bundle.crt
# dpadm list-certs -C /usr/local/dps/endeca |grep -i daddy
- This shows the Go Daddy root cert bundle in the CA cert chain
# dpadm add-cert /usr/local/dps/domain dps05.domain.com dps05.domain.com.crt
# dpadm list-certs /usr/local/dps/domain
- Shows only the defaultservercert
# dpadm list-certs -C /usr/local/dps/endeca |grep -i daddy
- The server cert now shows up in the CA chain.Does anyone have any idea how I can properly add the new cert to the server cert list so it can be used by the server? -
Wildcard SSL Certificates with MFE?
Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
Before doing anything I figured I'd try a website that used a wildcard certificate.
When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
Thanks.This is interesting question. I look forward testing this myself
What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you! -
Godaddy SSL certificate on weblogic
Hello,
Recentally I purchased ssl certificate from godaddy, they send me 2 files (mydomain.crt) and (gd_bundle.crt).
now I don't know how to create .pem file just to complete the installation. below the instruction I did.
- keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore identity.jks -storepass password -keypass password
- keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore identity.jks -storepass password
here when I enter this I get an error ( keytool error: java.io.FileNotFoundException: CertChain.pem (No such file or directory not found). so how to create the CertChain.pem from the files I got from godaddy.
- keytool -import -file CertChain.pem -alias client -keystore identity.jks -storepass password
- keytool -import -file rootCA.cer -alias RootCA -keystore trust.jks -storepass password
Keytool –list –v –keystore <keystore-name> -storepass <keystore-password>I found out how to install godaddy ssl certificate on weblogic follow the link below.
http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
but I still get This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store. -
Using log4j v.1.2 with Weblogic 7.0
I try to use logging pissibilities of Log4j with Weblogic 7.0 using com.bea.logging.WeblogicAppender
class from logtoolkit.jar.
When I use Weblogic's version of Log4j (v. 1.1.3), all is OK. When I try to use
current version of Log4j (v.1.2.6), I receive java.lang.NoSuchFieldError: priority
at com.bea.logging.WeblogicAppender.append(Unknown Source)
at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:221)
at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:57)
at org.apache.log4j.Category.callAppenders(Category.java:187)
at org.apache.log4j.Category.forcedLog(Category.java:372)
at org.apache.log4j.Category.info(Category.java:674)
at com.mydomain.framework.log.Log4JLogger.logInfo(Log4JLogger.java:73)
There is configuration file:
<log4j:configuration>
<appender name="WeblogicAppender" class="com.bea.logging.WeblogicAppender">
<layout class="org.apache.log4j.PatternLayout"></layout>
</appender>
<root>
<priority value ="debug" />
<appender-ref ref="WeblogicAppender"/>
</root>
</log4j:configuration>
Does anybody know this problem?Try changing "priority" to "level".
Kevin -
Problems using Sony ECM DS70P Microphone with Vado HD 3rd gen
Problems using Sony ECM DS70P Microphone with Vado HD 3rd genXHello.
I have just purchased a Vado HD 3rd gen & was looking forward to using my Sony ECM DS70p Microphone,but after a couple of tests, the recording is extremely low & barley laudable.
The Microphone works fine on My Kodak Zi8.
Is there an internal setting I have to adjust, or is there a fault with the Vado
The Sony ECM DS70pMicrophone can be clearly seen in use here on a official Creative video.
http://www.youtube.com/watchv=oixLDAmc5qw
If anybody can offer some help or advice please, I would be very grateful.
Does anyone have a suggestion for a low profile stereo mic, to use with the Vado 3rd Gen
Thank you.
Thank you.This is happening to me too, I don't know if this is an Adobe Flash Player 11.5's bug or it's just my computer. All my browsers, chrome, IE9, Fox, doesn't even load anime videos. I tried reinstalling 11.5 many times, it have no effect but I use IE9 64-bit to run the videos that couldn't run. I waited 25 min for a JW player to load an episode of anime and I'm sick of it.
-
I could use Ipod Classic (30g) controls with connection to Highlander (adapter plug into JBL single CD player), but cannot with new 160g Ipod Classic. What gives?
Charge it up fully. Toggle the hold switch. Try getting into diagnostics mode again. See Corrupt iPod classic.
tt2 -
Accepting runtime-specified SSL certificates in WebLogic 11g
Hi all!
In our application we need to call several Web Servervices based on URL's and trusted SSL certificates that are stored in database. Those certificates are self-signed but we cannot add them in the WebLogic truststore (we only want to accept them for those specific web service calls). This is 2-way SSL but our server refuses the remote certificate.
What is the right way to do this?
In WebLogic 10g we used to do the following:
WlsSSLAdapter adapter = new WlsSSLAdapter();
try {
// setup for client certificate
adapter.setKeystore(…);
adapter.setClientCert(…);
// setup for accepting the remote certificate
adapter.setTrustManager(new TrustManager() {
@Override
public boolean certificateCallback(X509Certificate[] paramArrayOfX509Certificate, int paramInt) {
return paramArrayOfX509Certificate[0] == expectedCertificate;
} catch (Exception e) {
throw new RuntimeException(e);
((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(weblogic.wsee.jaxrpc.WLStub.SSL_ADAPTER, adapter);However in WebLogic 11g it appears that even if the <tt>TrustManager</tt> is called (which we checked by using a debugger), WebLogic refuses the certificate:
<validationCallback: validateErr = 16>
< cert[0] = Serial number: 9232073310112809071929676484517784211
Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
Not Valid Before:Tue Nov 01 14:33:31 CET 2011
Not Valid After:Sun Nov 02 14:33:31 CET 2031
Signature Algorithm:MD5withRSA
>
<weblogic user specified trustmanager validation status 16>
<Certificate chain received from mestoudi2 - 10.142.0.23 was not trusted causing SSL handshake failure.>
<Validation error = 16>
<Certificate chain is untrusted>
<SSLTrustValidator returns: 16>
<Trust status (16): CERT_CHAIN_UNTRUSTED>
<NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
…I think the first difference occurs on the line "+weblogic user specified trustmanager validation status 16+" where in WebLogic 10g the value was 0 instead of 16.
If we check "Use JSSE SSL" in the WebLogic administration console (which switches the implementation to com.sun.net.ssl instead of com.certicom.tls), the <tt>TrustManager</tt> is not called at all.
We also tried to configure the <tt>TrustManager</tt> by implementing a <tt>javax.net.ssl.X509TrustManager</tt> that we set on a <tt>weblogic.wsee.connection.transport.https.HttpsTransportInfo</tt> passed to the stub using
((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(TRANSPORT_INFO, transportInfo);But it is not called either – however it works for setting up a proxy for example. We are generating the stubs using the clientgen Ant task (<tt>weblogic.wsee.tools.anttasks.ClientGenTask</tt>).
We are a little bit stuck, any idea of what we should do? Is the WebLogic 11g behavior a regression or is there something else we should configure to get back the old behavior?Hello,
Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
I suggest that you change the default configuration (not using the demo one),
then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
once your certificated is added to your trust store it should work.
I hope it will help. -
Using StoneBeat WebCluster load balancing with WebLogic
Hi,
I have done some testing of WebLogic Server with my company's StoneBeat WebCluster
distributed load balancing software. This might be one more option to consider
as a load balancing solution for WLS. It is advanced in the sense that load balancing
is really dynamic, there are no single-points of failure (distributed architecture)
and there is a very good, configurable test subsystem that runs on each cluster
node to check for overload situations, HW/OS failures, ...
In the initial testing, the WebCluster load balancing works with WebLogic replication,
although there are some cases that need mroe consideration (please see below).
I had to get a patch to WLS6SP1 on NT to make WLS' multicast work when there are
several NICs on the cluster nodes.
However, there is one case which causes problems:
- I have 3 cluster nodes
- P: 2, S: 3 (SessionServlet = 1)
- 2: offline - P: 3, S: 1 (SessionServlet = 2; WebCluster randomly selected a
new node to handle the connection)
- 2: online - P: 2, S: ? (SessionServlet = 3, WebCluster redistributes the load
when a node goes online)
- 2: offline
- P: 3, S: 1 (__SessionServlet = 1__) NB!
The log messages show that when node 2 comes back online it retrieves the replica
from the secondary (node 1) and not from the primary (node 3). After a while (5-6
minutes), node 3 tries to update the replica on node 1. Node 1 considers this
a stale update request and removes the Primary 16... (node name) and then the
secondary for 16... (the replicated object). Then there's a message (still on
node 1) that it is unable to find object 16... Back on node 3 the primary for
16... is removed.
From the WLS6 documentation (under the discussion of using replication with external
HW load balancing solutions) I thought that this case would have been handled:
- it is stated that after the failure of a node, if the HWLB box sends the next
request to a node where there is no replica, WLS is able to retrieve the replica
- to be fair, this is what happens: when node 2 came back online, it retrieved
the replica from node 1 (the secondary) - I suppose that there is an assumption
that if a request arrives to a node without a replica, the primary __must have
failed__
Is there any way to get around this problem?
Admittedly, WebCluster has a problem in that the stickyness of connections is
not perfect: - when a node goes online, a connection that was correctly persisted
(based on either source-ip or source-network address) may be moved to a new node
since the load is redistributed. Our load balancing is very dynamic, but doesn't
maintain a list of who is connected to which node when resistribution takes place
Regards,
Frank Olsen
Stonesoft
Rick,
You may want to look at the Alteon and F5 configuration we have on edocs.
Take a look at the following URLs for a possible solution
http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
Chuck Nelson
DRE
BEA Technical Support -
Use of Wildcard SSL cert with DRM
DRM needs a URL to be embedded in the protected PDF document(e.g., mysite.mycompany.com). The SSL certificate for the URL must be from a trusted provider (e.g., Verisign). My question is will Adobe Reader accept for DRM a wild card SSL certificate (e.g., *.mycompany.com) from a trusted provider?
Hi,
The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Nvidia 295.40 Problems Using XBMC Assaultcube or anything with(SOLVED)
The title pretty much sums it up , Ever since I updated to 295.40 . The previous driver 295.33 was working fine . Problems Using XBMC , Wine , Assaultcube or anything with uses Open GL . The two machines that are affected have the same hardware ( Nvidia 6200 pci) . Let me know if any of you are having similar issues . I will continue to work on this for a couple of hours . Thanks .
Last edited by sliposk (2012-05-03 18:47:26)Tried upgrading the nvidia package after upgrading linux to 3.3.2 but with no success, it still freezes…
Gusar wrote:As I wrote in the other thread, the main point of 295.40 is to fix security vulnerabilities. So if you want to use older versions, at least patch them: http://www.nvnews.net/vbulletin/showthread.php?t=178006
Tried to patch 295.33, successfully (making a 295.33-3 package to stay clean), but had the same failures and freezes. Looks like the problem we are experiencing is caused by the security fix… -
Problem using webservice method consumer proxy with rawdata from abap
Hello Gurus,
I am struggling with an error using a proxy consumer service from ABAP. The proxy was generated using the WSDL from the web service provider. For a specific method we need to send a rawstring as seen bellow:
The file to be sent on this call is a ZIP file XAdES-BES signed and on BASE64. I’ve implemented the proper code to get the original file from local PC, and convert it to BASE64 before moving the content to the webservice structure and call the service proxy. At SOAMANAGER I also configured the webservice and the proper port with the WSDL:
The communication is working properly but my problem is with the binary content. When calling the webservice the response is that the structure of the file is wrong. I found it very strange since I used a tiny SOAPUI project with the same WSDL and it worked with no problem.
After debugging I could see that the content moved to the rawdata string before calling the proxy does not match the content that I can see from the call payload on web services util (srt_util)!
So the sample code for my method:
* get the file from the specified folder
call function 'GUI_UPLOAD'
exporting
filename = ld_zipfilename
filetype = 'BIN'
importing
filelength = zip_size
tables
data_tab = t_zip_data[]
exceptions
file_open_error = 1
file_read_error = 2
no_batch = 3
gui_refuse_filetransfer = 4
invalid_type = 5
no_authority = 6
unknown_error = 7
bad_data_format = 8
header_not_allowed = 9
separator_not_allowed = 10
header_too_long = 11
unknown_dp_error = 12
access_denied = 13
dp_out_of_memory = 14
disk_full = 15
dp_timeout = 16
others = 17.
* convert to string
clear buffer_zip.
call function 'SCMS_BINARY_TO_STRING'
exporting
input_length = zip_size
importing
text_buffer = buffer_string
tables
binary_tab = t_zip_data[]
exceptions
failed = 1
others = 2.
* encode base 64
perform encode_base64 using buffer_string
buffer_zip.
form encode_base64 using in_string type string
out_string type xstring.
data: l_sbuff type string.
* convert the file to BASE64
call method cl_http_utility=>encode_base64
exporting
unencoded = in_string
receiving
encoded = l_sbuff.
call function 'SCMS_STRING_TO_XSTRING'
exporting
text = l_sbuff
importing
buffer = out_string
exceptions
failed = 1
others = 2.
endform. "encode_base64
calling the webservice:
l_input-xxxx-dokument = buffer_zip.
try.
call method l_proxy_test->webservice
exporting
input = l_input
importing
output = l_output.
catch cx_ai_soap_fault into lr_exc_soap_fault.
endtry.
From my understanding rawstring should be the same as ABAP xstring. If I debug the program and check the content of the l_input-dokument before calling the proxy I get binary content: “Izw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04Ij8…” that is in fact correct
If I check the payload after call I can see that the binary content sent on the XML is not the same, in fact it is totally different: ”SXp3L2VHMXNJSFpsY25OcGIyNDlJakV1TUNJZ1pXNWpiMlJw…” !!
I’ve tried a lot of different conversions, changed configuration on the communication, port, etc and nothing seems to work. I really can’t figure out why the binary content on the call is not the same as I move to the webservice structure.
If I use the project from SOAP UI and send the proper binary content, that is “Izw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04Ij8…” it works perfectly and the response is successfully.
Anyone has a clue what could be causing this?
Appreciate any kind of input.
Regards,
João Silva Pinto.Anyone? Any clue would be appreciated.
Maybe you are looking for
-
Inventory report for stock category B
Hi everyone, We are trying to generate a customer stock inventory report with stock category B. The table MARD is not displaying any values annwe also looked at table MKOL. Its not giving us any. How do i get the inventory report for this stock type
-
CR not working for me with VS2010
OK with VS2008 I had no problem.. But with VS2010 I can't get Crystal Reports working at all... I have installed - VS 2010 Sp1 - Full Crystal Reports 2008 Sp3 - CRforVS_13_0_1 - CRforVS_redist_13_0_1 (for 32bit and 64bit) I have tried unistalling ev
-
Performed an Archive and Install and now my Admin password doesn't work
I talked to CS this afternoon per an issue with iTunes and was instructed to perform an Archive and Install. I just got done running both discs and the computer seems ready to go. When I click on my user name (I'm the admin) my password no longer wor
-
Folks, I have created a standalone instance of sqlserver 2012 and installed the reporting services engine features .All are working fine post the install and also for quite sometime.After few days i pointed out seeing that reporting services databas
-
It's possible ON UPDATE CASCADE in table relationships?
Hi, how are you? Sorry my weak English, I'm brazilian. I like create an "ON UPDATE CASCADE" in my table relationship but find only "ON DELETE CASCADE" in Oracle 9i Database Online Documentation. I would like your help. Thank you. Eduardo A. Reche Lop