Requirement of hardware for 150 clients

Hi,
I want to setup infrastructure for 150 clients for SAP B1 8.8 pl 10. I want to know that what will be the configuration required for server. Is one server enough or more than one server will be required. in that case, what will be steps to configure for load balancing.

Hi,
Do you mean 150 concurrent users for B1? That might be too much for it.
Thanks,
Gordon

Similar Messages

IDOC with different hardware for both clients

Hi All,
I am creating a MATMAS IDOC and I have receiver client on different hardware.
I have performed distribute model view(BD64) at sender client and got at receiver client also.
Now when I generate partner profile at receiver client end. It is not working.
It gives message ' No messages have been defined for the selection conditions in the model'
Can anyone help me..
-Maharshi

Closing the Thread as found the solution.
"As both clients are on diffrent servers so we need to create logical systems on both clients(with same name) and need to perform SM59 also at both ends."

What is the ideal size of hardware for 500 concurrent users?

Hi,
I have a DB of 10GB and around 1500 forms/reports,
400 no of concurrent users.
Can anybody help me in deciding requirement of hardware for db and app.server
rgd

A lot is going to depend on the type of setup you require. How many servers you will split this up on. What your reports and forms are doing. How your datamodel is set up. How much data you have, etc.
Not sure there is a concise answer to that question.
Tony

Kadmin: Missing parameters in krb5.conf required for kadmin client while in

Hi all
When i am going to run commands like
kadmin addprinc -randkey
kadmin ktadd -k
i am receiving kadmin: Missing parameters in krb5.conf required for kadmin client while ininitializing kadmin interface
any ideas??
What kind of parameters are missing???
thanks a lot

Hi,
It is a common problem. I used Oracle Linux to sort it out.
Perhaps you're using the wrong command? AFAIK kadmin should be used when working remotely. You don't say where you are in relation to the server? If sitting at the server you should be using kadmin.local. For example if I issue:
sudo kadmin.local
I get:
Authenticating as principal root/admin@LKDC:SHA1.EB237F611F07B2E8A636804052E8F7252BBA978F with password
If I issue:
sudo kadmin
I get:
Authenticating as principal root/admin@LKDC:SHA1.EB237F611F07B2E8A636804052E8F7252BBA978F with password
If I issue:
sudo kadmin
I get:
Authenticating as principal root/[email protected] with password.
kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface
A vital difference. Issuing:
sudo kadmin.local -q list_prinicpals
show show successfully kerberized users, services & hosts. Changing it to kadmin -q list_principals shows nothing except the error message. The above examples are for a client machine.
If you have any questions, ask.
Kirill Babeyev

The business requires the ability for client to provide a remittance file detailing what invoices the single payment is to be applied to.

The business requires the ability for client to provide a remittance file detailing what invoices the single payment is to be applied to.
hi the requirement is we have 10000 sales orders for this sales orders only one invoice is created when customer pays the money to this invoice(multiple line items in this single invoice) the remittance file should get that what invoices that single payment is applied to

Um, well looky here :)
https://social.technet.microsoft.com/Forums/windowsserver/en-US/cf6abdeb-a517-424c-bbef-050bee22a658/remoteapp-error-when-launching-dashboard-from-client-pc?forum=winserveressentials
Grey
PS: Has nothing to do with the price of eggs, but interesting ?
http://www.windowsnetworking.com/articles-tutorials/netgeneral/host-remoteapps-windows-pcs-part1.html

Minimal requirements for remote client app to call a EJB 3 session bean

I'm just starting to get into EJBs, trying to learn the EJB 3 APIs. I kind of understand the setup on the server side to create a session bean. What I don't understand is what I would have to deploy for each of the remote client app (Swing-based GUI or something like that) installations. Of course, the client app code would have to be deployed to each client desktop, but what stuff related to the session bean? Just the session bean interface class?
For ease of discussion, let's say my bean is CalculatorBean, having two interfaces, CalculatorRemoteIface and CalculatorLocalIface. Let's also say my client app, CalculatorUI, is a simple Swing-based GUI that grabs a reference to a CalculatorBean.
Other than just the Swing-based classes and the JRE, what JARs/classes will I want to deploy to each desktop?
(Please assume the latest Sun Java System App Server 9 and Java EE 5, if you are familiar with them.)

Personally- I would deploy your backend
in EJB 3.0, but then expose it as a web service. It
is MUCH easier for your clients to connect to a web
service (and mantain that code), then to have them
connect via RMI/JNDI.Oh, I would say it's quite the opposite. RMI/JNDI is MUCH easier from a client point of view than web services. To make web services work easy from the client side you have to generate code and the tools that generate code from a web services wsdl file doesn't do a great job today. But that was not the question. But take some time reading this article about webservices...it's quite funny and spot on: http://wanderingbarque.com/nonintersecting/2006/11/15/the-s-stands-for-simple
Now to your question, yes you will need the remote interface on the client side.
/klejs

Hardware recommendations and advice for 100 client network

Hi
We are currently looking at setting up a very basic separate wireless network for a client in two adjacent large cabins (3m apart) that will support up to 100 clients max concurrently. This will be solely for contractors to access basic internet, connections to web mail etc. There will be no existing infrastructure to connect to, so we will be looking at an internet connection of some form, a small switch and the wireless network. Range isn't an issue as they are next to each other its the support for such a large amount of connections. I thought a clustered setup of 2-4 WAP321 might be a bit stretched and we might get issues as the number of simultaneous connections gets near 100. I was also looking at a couple of standalone Aironet 1600s, one in each cabin.
The network itself is very basic, as it is literally just shared internet access but I need to ensure that it's reliable with 100 clients connected.
I did ring presales tech but they weren't mcuh help and sounded like they knew less than me, so any help would be appreciated.
Regards
Harry

Dear Harry,
Thank you for reaching Small Business Support Community.
By checking on the WAP321 datasheet I see:
- Recommended user support = Up to 32 connective users, 20 active users
- Active clients per cluster = 80
I agree with you when say "might be a bit stretched and we might get issues as the number of simultaneous connections gets near 100", therefore I suggest you to go for an enterprise-class, entry-level device like the Aironet1600 you mention. I would anyway suggest you to contact back the presales team or the Wireless-Mobility Support Community for further assistance and advice.
Thank you for your time on this matter and please let me know if there is anything I may assist you with in the meantime.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.

ChaRM configuration issue for 2 Clients...

Dear Friends,
I have configured ChaRM in Solution Manager 7.0 EhP1 system. It is working fine without any issues. But now I came across a new requirement and finding trouble in configuring the required scenario.
Currently there is only single client in DEV, QA and PRD system for which ChaRM is configured. Now, I want to configure the ChaRM for 2 clients in each system.
For example,
<ZCHARM_1> -- SOL:001 -- > DEV : 100 --> QAS : 200 --> PRD1 : 300
<ZCHARM_2> -- SOL:001 -- > DEV : 500 --> QAS : 600 --> PRD2 : 700
(Please note, ZCHARM_X is a project and SOL-001 is a Solution Manager ChaRM client).
First up all, I would like to understand, is it possible? is it supported by SAP ?
If yes, how can we configure client specific route for SAP standard transport layer (SAP)? What are the other concerns in using above system landscape in ChaRM?
Please note, we do not want to use separate hardware for either DEV or QA system.
Please can someone guide in this case?
Rajesh Narkhede

Rajesh,
I am not aware if you have searched on this issue, but You may want to take a look at this thread.
Change Request Management for multiple production clients
This configuration should work fine, because in essence, its a 3 system landscape, so there should not be major issues on the way.
From the TMS Standpoint you need to define a transport layer for each development client.
You can create a single project with the logical components or you can create multiple projects with each set of systems. Remember to do the TMS configuration right and you should be set.
Cheers!
Edited by: Banerjee Vivek on Mar 29, 2011 1:02 PM

Initial configuration of ACS 5.1 for EAP authentication for Wireless clients

Hi,
I have set-up with below devices :
Wireless LAN controller 5508
LAP 3302i
and ACS 5.1
since i am new in ACS 5.1 configuration , I need so information to go ahead to configure ACS 5.1.
which EAP method to use for wireless client authentication ? what is the best practice ?
I have gone through some cisco documents and it shows that best practice is to configure PEAP but for the same , I need to install certificate in ACS server as well in client PC. is that so ?
I have no clear picture for this certificate ?
from where i can get this certificate or do i need to purchase this certificate separately from cisco. how to install it in ACS server ?
I will be obliged to get atleast initial configuration for ACS 5.1 to enable the EAP method,
I need GUI based initial configuration for ACS 5.1
This mentioned ACS 5.1 is installed on ACS 1121 hardware appliance.

Hi,
which EAP method to use for wireless client authentication ? what is the best practice ?
-> I would advise the most widely spread EAP method, which has the best ratio security/easy to deploy: PEAP with MSCHAPv2, which is available by default by all windows machines.
I have gone through some cisco documents and it shows that best practice is to configure PEAP but for the same , I need to install certificate in ACS server as well in client PC. is that so ?
-> You will always need to install a server certificate, however, there is no need for client certificate because the authentication is based on the MSCHAP credentials exchange, not certificate based. The only requirement on the client regarding certificates is the following.
If you want to validate the server certificate, you have to install the server certificate under the trusted CAs of the clients.
If you do not require to trust the server certificate, you can simply disable the option of server certificate validation.
I have no clear picture for this certificate ?
from where i can get this certificate or do i need to purchase this certificate separately from cisco. how to install it in ACS server ?
-> The server certificate can be a simple self signed certificate that you generate and install on the ACS GUI.
Please feel free to follow this step-by-step guide on
PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server:
http://www.cisco.com/en/US/partner/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml or in pdf
http://www.cisco.com/image/gif/paws/112175/acs51-peap-deployment-00.pdf.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

How to disable spool for particular client

Hi experts,
we have two clients in our development server ( 008 and 009)
we are using 009 as quality. this is newly imported client from prd .I want to disable spool in 009 client. my requirement is, no user able to take printouts from 009.is there any possibility to disable for particular client? around 150 users have access for 009. i think its not easy to remove the authorization from each user manually. Kindly suggest me to do this.
Regards,
Nagendra.

Hi Venkatesh,
008 is development client. what ever i do regarding this deactivating the spool in 009, it should not effect 008 client.
it is possible by removing authorization from each user in 009 client. but it takes long time.
is there any way to do this ?

Hardware for oracle database

Hi,
is there any good documentation source where I can find information about hardware which is good to use for oracle database.
I need to select new hardware for single instance OLTP database with ~ 150 users. Db size is not big. < 50 gb. OS - Linux Red Hat.
Any advices?
M.

Ideally you should get some benchmarking regarding your requirements and then you can choose on the Hardware. The budget also matters here.
You need to identify the response time required for all number of users, concurrent users and total size of the database. Now a days people opt Intel based (not much costly compared to SUN,IBM) and Linux operating system also.
There is no clear cut guideline.
Dilipkumar Patel.

Looking for a client appointment app

I'm looking for an application for a friend who is a personal trainer. And if such an application doesn't exist, I'm considering writing one (I'm a software engineer)
The application would maintain a database of clients, and a schedule of appointments with them.
For each client, the following data needs to be maintained: contact information, current statistics (weight, body fat percentage, strength) as well as a history of statistics. Clients pay for a package of sessions in advance, and the app would keep track of how many prepaid sessions remain, updating that number with each scheduled appointment and each payment. Every client has recurring appointments, several per week, but rescheduling is common, and needs to be easy. And the app should be able to print out a year report for taxes.
I was thinking that it should interface with Address Book for contact information, and Calendar for appointments.
The main app should run on Snow Leopard, but mobile access through an iOS 4 sister app would be great. (Although if it works with Address Book and Calendar, their synchronization through MobileMe might be sufficient)
Is there any such thing? There must be other trainers, and other professionals with similar needs.
-Ron.

Hi Ron,
was there a template for bento that met all of the requirements that you detailed? My wife is a personal trainer and we've been looking for similar functionality in an app. Currently she's using the calendar app and contact book, but as you say, rescheduling is frequent and tracking remaining sessions would be very helpful. Let me know,
Paul

Setting Up Certificate Validation for Jabber clients

Hi:
I would like to get certificates signed from private internal CA for Jabber clients. Cisco documentation says it requires HTTP/Tomcat for CUPS, HTTP/Tomcat for CUCM and UCXN[8.6].
The exiting Tomcat certificate has these two files: tomcat.pem, tomcat.der and a bunch of tomcat-trust certificates as well with associated files.
My question is is there any harm in generating a new tomcat certifcate or could I just generate CSR's for the two existing Tomcat files to be signed? When you generate a new Tomcat certificate does it create or overwrite the .pem and .der? I don't want to break anything in this process so looking for some feedback.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_2_5/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes_chapter_011.html

Generating a CSR for the Tomcat certificate and installing the signed certificate will replace the .pem/.der file you see listed. Once you sign the CSR and upload the final certificate, you'll need to restart Cisco Tomcat from the CLI for it to pickup the new cert. Anything that is in a -trust store is something that server will accept during a TLS/SSL handshake, not something it uses itself.

Config for Production client

Dear all,
I'm a new basis and now I'm working in big project ERP. I have a disturbed about config for Production client.
In scc4 we must set client role is Production and No change allowed for Objects. But in production some time we need do Open and Close Period, or change following business requirement, ... This is not allowed to do in Production client.
How do we config for Production client to cover this requirements ?
Do we need a config client for maintain Production client ? Example: Production client is 500, Config client is 100. When we need Open or Close Period or change anything, we do in 100 and transfer request to 500.
Thank you very much.
Regards,
Thanh.
Do not use text message language, the next time your thread will be deleted.
Read the "Rules of Engagement"
Edited by: Juan Reyes on Dec 1, 2010 11:06 AM

You can customize transaction to be executable although the setting in SCC4 is "productive", this is accomplished by using transaction SOBJ:
Note 1497640 - Open and close periods in productive client
You can theoretically put every customizing view there and make it "executable" in a production system.
Markus

Using JSSE : "Invalid Netscape CertType extension for SSL client" Error

Hi all,
Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
Both client and server certificates I generated from our internal Netscape Certificate Manager.
Function of the server :
The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
Function of the client :
The Client sends a GET request to the server and gets the response back.
I simply changed the key store name alone in the working sample code.
It is not working.
The Exception thrown on client side :
D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
localhost
1089
/urls
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
Exception thrown on server side :
D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
ption: Invalid Netscape CertType extension for SSL client
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
Exception: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
at ClassServer.run(ClassServer.java:128)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
... 1 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
The Client code :
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.security.KeyStore;
* This example shows how to set up a key manager to do client
* authentication if required by server.
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
public class SSLSocketClientWithClientAuth1 {
public static void main(String[] args) throws Exception {
 String host = null;
 int port = -1;
 String path = null;
 for (int i = 0; i < args.length; i++)
 System.out.println(args);
 if (args.length < 3) {
 System.out.println(
 "USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 host = args[0];
 port = Integer.parseInt(args[1]);
 path = args[2];
 } catch (IllegalArgumentException e) {
 System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 * Set up a key manager for client authentication
 * if asked by the server. Use the implementation's
 * default TrustStore and secureRandom routines.
 SSLSocketFactory factory = null;
 try {
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("clientkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 factory = ctx.getSocketFactory();
 } catch (Exception e) {
 throw new IOException(e.getMessage());
 SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
 * send http request
 * See SSLSocketClient.java for more information about why
 * there is a forced handshake here when using PrintWriters.
 socket.startHandshake();
 PrintWriter out = new PrintWriter(
 new BufferedWriter(
 new OutputStreamWriter(
 socket.getOutputStream())));
 out.println("GET " + path + " HTTP/1.1");
 /* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
 out.println("Host: " + host);
 out.println();
 out.flush();
 * Make sure there were no surprises
 if (out.checkError())
 System.out.println(
 "SSLSocketClient: java.io.PrintWriter error");
 /* read response */
 BufferedReader in = new BufferedReader(
 new InputStreamReader(
 socket.getInputStream()));
 String inputLine;
 while ((inputLine = in.readLine()) != null)
 System.out.println(inputLine);
 in.close();
 out.close();
 socket.close();
 } catch (Exception e) {
 e.printStackTrace();
The Server code :
* @(#)ClassFileServer.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
/* ClassFileServer.java -- a simple file server that can server
* Http get request in both clear and secure channel
* The ClassFileServer implements a ClassServer that
* reads files from the file system. See the
* doc for the "Main" method for how to run this
* server.
public class ClassFileServer extends ClassServer {
private String docroot;
private static int DefaultServerPort = 2001;
* Constructs a ClassFileServer.
* @param path the path where the server locates files
public ClassFileServer(ServerSocket ss, String docroot) throws IOException
 super(ss);
 this.docroot = docroot;
* Returns an array of bytes containing the bytes for
* the file represented by the argument path.
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to path could not be loaded.
public byte[] getBytes(String path)
 throws IOException
 System.out.println("reading: " + path);
 File f = new File(docroot + File.separator + path);
 int length = (int)(f.length());
 if (length == 0) {
 throw new IOException("File length is zero: " + path);
 } else {
 FileInputStream fin = new FileInputStream(f);
 DataInputStream in = new DataInputStream(fin);
 byte[] bytecodes = new byte[length];
 in.readFully(bytecodes);
 return bytecodes;
* Main method to create the class server that reads
* files. This takes two command line arguments, the
* port on which the server accepts requests and the
* root of the path. To start up the server: 
* <code> java ClassFileServer <port> <path>
* </code> 
* <code> new ClassFileServer(port, docroot);
* </code>
public static void main(String args[])
 System.out.println(
 "USAGE: java ClassFileServer port docroot [TLS [true]]");
 System.out.println("");
 System.out.println(
 "If the third argument is TLS, it will start as\n" +
 "a TLS/SSL file server, otherwise, it will be\n" +
 "an ordinary file server. \n" +
 "If the fourth argument is true,it will require\n" +
 "client authentication as well.");
 int port = DefaultServerPort;
 String docroot = "";
 if (args.length >= 1) {
 port = Integer.parseInt(args[0]);
 if (args.length >= 2) {
 docroot = args[1];
 String type = "PlainSocket";
 if (args.length >= 3) {
 type = args[2];
 try {
 ServerSocketFactory ssf =
 ClassFileServer.getServerSocketFactory(type);
 ServerSocket ss = ssf.createServerSocket(port);
 if (args.length >= 4 && args[3].equals("true")) {
 ((SSLServerSocket)ss).setNeedClientAuth(true);
 new ClassFileServer(ss, docroot);
 } catch (IOException e) {
 System.out.println("Unable to start ClassServer: " +
 e.getMessage());
 e.printStackTrace();
private static ServerSocketFactory getServerSocketFactory(String type) {
 if (type.equals("TLS")) {
 SSLServerSocketFactory ssf = null;
 try {
 // set up key manager to do server authentication
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("serverkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 ssf = ctx.getServerSocketFactory();
 return ssf;
 } catch (Exception e) {
 e.printStackTrace();
 } else {
 return ServerSocketFactory.getDefault();
 return null;
Could anyone help ?
thanks in advance
Jayaprakash

The same thing.
I have found the place where the exception throws.
It is com.sun.net.ssl.internal.ssl.AVA class.
It has a constructor AVA(StringReader)
There is a check in this constructor of different certificate extensions
(if-else). If it sees no familiar extension it throws exception and handshake fails.
It is not difficult to fix this problem: just ignore unknown extension.
Everything works fine with this "improved" class (under VA 3.5).
But the problem is - the using of this class in applets.
How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in?

Requirement of hardware for 150 clients

Similar Messages

Maybe you are looking for