Root certificate issue with keytool (Tomcat)

Similar Messages

• SSL certificate issue with WLS 10.3

  Hi All,
  I am facing this issue with my WLS cluster.
  <21-Apr-2010 10:42:00 o'clock BST> <Warning> <Security> <BEA-090482> <BAD_CERTIF
  ICATE alert was received from system.core.com - 10.15.135.30.
  Check the peer to determine why it rejected the certificate chain (trusted CA co
  nfiguration, hostname verification). SSL debug tracing may be required to determ
  ine the exact reason the certificate was rejected.>
  <21-Apr-2010 10:42:00> <Warning> <Uncaught exception in server handler: javax.ne
  t.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from
  system.core.com - 10.15.135.30. Check the peer to determine wh
  y it rejected the certificate chain (trusted CA configuration, hostname verifica
  tion). SSL debug tracing may be required to determine the exact reason the certi
  ficate was rejected.>
  Please suggest. I have also tried the below settings.
  Node Manager:
  -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
  Admin Server:
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  Many thanks in advance.

  Hi Sandip,
  I am facing this issue right after when I have configured the listen address to my system IP in Machine(NodeManager), earlier it was "localhost".
  Also I have tried to generate the certificates e.g.
  C:\bea\wlserver_10.3\server\bin>java utils.CertGen -cn system.core.com -keyfilepass DemoIdentityPassPhr
  ase -certfile mycertificate -keyfile .keystore
  Generating a certificate with common name system.core.com and key strength 1024
  issued by CA with certificate from C:\bea\WLSERV~1.3\server\lib\CertGenCA.der file and key from C:\bea\WLSERV~1.3\server
  \lib\CertGenCAKey.der file
  C:\bea\wlserver_10.3\server\bin>java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePa
  ssPhrase -keyfile .keystore.pem -keyfilepass DemoIdentityPassPhrase -certfile mycertificate.pem -alias demoidentity
  No password was specified for the key entry
  Key file password will be used
  Imported private key .keystore.pem and certificate mycertificate.pem
  into a new keystore DemoIdentity.jks of type jks under alias demoidentity
  Tried the above but not wokring. Please advise.
  Edited by: R Vashi on 21-Apr-2010 03:38

• Issue with starting tomcat in windows for webcenter sites installation

  Hello All,
  I have been trying to install oracle webcenter sites on windows 7, I followed all the steps in the documentation for the configuration and setup. but anytime I start the tomcat using the startup.bat script I get errors as shown below.
  C:\WCS11gR1\tomcat\bin>catalina debug
  Using CATALINA_BASE: "C:\WCS11gR1\tomcat"
  Using CATALINA_HOME: "C:\WCS11gR1\tomcat"
  Using CATALINA_TMPDIR: "C:\WCS11gR1\tomcat\temp"
  Using JAVA_HOME: "C:\Program Files\Java\jdk1.7.0_21"
  Using CLASSPATH: "C:\WCS11gR1\home\bin;C:\Program Files\Java\jdk1.7.0_21\l
  ibtools.jar;;C:\WCS11gR1\tomcat\bin\bootstrap.jar"
  Initializing jdb ...
  runrun org.apache.catalina.startup.Bootstrap start
  java.io.IOException: Cannot run program "C:\Program": CreateProcess error=2, The
  system cannot find the file specified
  at java.lang.ProcessBuilder.start(ProcessBuilder.java:1042)
  at java.lang.Runtime.exec(Runtime.java:615)
  at java.lang.Runtime.exec(Runtime.java:483)
  at com.sun.tools.jdi.AbstractLauncher$Helper.launchAndAccept(AbstractLau
  ncher.java:180)
  at com.sun.tools.jdi.AbstractLauncher.launch(AbstractLauncher.java:132)
  at com.sun.tools.jdi.SunCommandLineLauncher.launch(SunCommandLineLaunche
  r.java:235)
  at com.sun.tools.example.debug.tty.VMConnection.launchTarget(VMConnectio
  n.java:495)
  at com.sun.tools.example.debug.tty.VMConnection.open(VMConnection.java:3
  26)
  at com.sun.tools.example.debug.tty.Commands.commandRun(Commands.java:559
  at com.sun.tools.example.debug.tty.TTY.executeCommand(TTY.java:491)
  at com.sun.tools.example.debug.tty.TTY.<init>(TTY.java:765)
  at com.sun.tools.example.debug.tty.TTY.main(TTY.java:1067)
  Caused by: java.io.IOException: CreateProcess error=2, The system cannot find th
  e file specified
  at java.lang.ProcessImpl.create(Native Method)
  at java.lang.ProcessImpl.<init>(ProcessImpl.java:288)
  at java.lang.ProcessImpl.start(ProcessImpl.java:133)
  at java.lang.ProcessBuilder.start(ProcessBuilder.java:1023)
  ... 11 more
  Fatal error:
  Unable to launch target VM.
  If I run it by clicking on the bat file directory I get this error in my catalina log file below:
  May 27, 2013 5:04:48 PM org.apache.catalina.startup.Catalina start
  SEVERE: Cannot start server. Server instance is not configured.
  Kindly advise me on what to do to resolve this issue.

  Yes I did that all the commands give me error.
  If I use the startup.bat I get a list of errors ending with:
  org.apache.catalina.startup.Catalina start SEVERE: Cannot start server. Server instance is not configured.
  but I have configured the instance using the following settings for windows:
  SET CATALINA_HOME = C:\WCS11gR1\tomcat
  SET CATALINA_BASE = C:\WCS11gR1\tomcat
  SET JAVA_HOME=C:\Program Files\Java\jdk1.7.0_21
  SET JAVA_OPTS=-Xmx1500m
  SET CS_HOME=C:\WCS11gR1\home
  SET CATALINA_OPTS=-XX:MaxPermSize=192m -Dfile.encoding=UTF-8 -Dnet.sf.ehcache.enableShutdownHook=true -Djava.net.preferIPv4Stack=true

• How to update revoked certificate issue with CS5 suite?

  I have a security issue found with a Nessus scan that states:
  Synopsis: An application installed on the remote Windows host is signed by a revoked certificate.
  Description&#8232;: The remote host is using Adobe software that has been digitally signed by a revoked certificate. An Adobe build server was compromised, which has caused at least two malicious utilities to be signed with Adobe's code signing certificate. Any software signed by this revoked certificate (including legitimate Adobe software) is no longer trusted.
  I have followed everything I found on how to correct this, but most information is regarding CS6.  I have updated the certificate through Acrobat (version 9), but that has not fixed my issue. 
  The programs it says that are affected are:
  Bridge.exe
  Extension Manager
  Illustrato
  Photoshop
  I see no way to update anytype of certificate in these programs.
  Is it just that CS5 is no longer supported, or have I missed an update?
  Thanks,
  Dan

  Rahul,
  You can do this in the doDMl method of your Entity Object.
  See this white paper:
  http://www.oracle.com/technology/products/jdev/collateral/papers/10131/businessrulesinadfbctechnicalwp.pdf
  If you have follow-up questions, please use the JDeveloper forum, since your question is not related to JHeadstart.
  Steven Davelaar,
  JHeadstart Team.

• Why am I now having certificate issues with Firefox but not IE?

  I can no longer log into Gmail, Facebook, Amazon, etc... using Firefox. I get the following error "accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)". It works with IE but not Firefox. This just started a few days ago - prior to that I was able to log into those https sites without issue.
  Any suggestions? Thank you.

  "browser.xul.error_pages.expert_bad_cert" was set on false so I set it to true and tried reloading.
  Got the page giving me the option to add exception and continue. Kept trying that and would not continue to the page even after accepting 10+ times.

• Certificate Authority certificate issued with incorrect hash algorithm

  Hi all,
  We have a certificate authority which was migrated from Server 2003 to 2008R2, the issue is that after running this command:
  certutil -setreg ca\csp\CNGHashAlgorithm sha256
  to upgrade the CA to SHA256, we renewed the CA certificate but the certificate still renewed using SHA1. The cryptographic settings in the CA properties dialog box says SHA256 however the certificate is issued using SHA1. Here is the image:
  Any pointers to how we can reissue CA certificate with SHA256 algorithm?
  Thanks,
  Ojas

  [Puneet Singh] What i feel is that your initial key which was generated was CAPI based that might be the reason you might be facing the problem.
  Try to do the things in below sequence.
  certification authority’s system, you will need to run the following commands from an elevated command line window:
   certutil -setreg ca\csp\CNGHashAlgorithm SHA256
  net stop certsvc
  net start certsvc
  Make sure you are  using a Key Storage Provider that supports SHA256 – for example the Microsoft Key Storage Provider -
  and then renew the certification authority’s certificate.
   if you have the CAPI provider or you are CAPI based key  then you have to convert it to CNG key and use certutil
  repair so that  it does start using the CNG key.
  Puneet Singh

• Clean Access appliace, Certificate issue with CA server on Windows

  Dear all,
  When the CCA agent connects to the network and authenticates on the CCA manager he get the security messange and he has to click yes in order to continue. to prevent this from comming up, he has to remove the temporary certificate and assign a CA certificate. When I did that using the attached procedure I got an error while logging to the CAM Manager (attached the procedure and the error). please advise what could be the reason for this issue in order to solve it!
  regards,

  Hi,
  Thank you for posting in Windows Server Forum.
  From your desciption it seems that you have set the RDS CAL to per device on one server and the one which is facing error, you are pointing that server to the server which is already set as Per device CAL and thus you are facing the error. Means The RD licensing
  mode on the Remote desktop server set to Per Device, while the license server might have only Per User CALs.
  If this is the case, the license server issues only temporary licenses that cannot be upgraded. When the temporary licenses are within several days of expiring, "Event ID 26, Source: Application Pop-up" appears in the application event log on the client.
  The event message indicates the number of days remaining before the temporary license expires. Similarly, "Event ID 1011, Source TermService" appears in the application event log on the terminal server.
  There are solution to this issue by changing the license mode and check the result. Also it can be possible that the remote desktop server might not be able to locate the license server. 
  Please go through below link carefully. (As it’s for server 2003 but we can verify the solution as described)
  Troubleshooting Remote Desktop Licensing Error Messages
  http://technet.microsoft.com/en-us/library/cc756826(v=ws.10).aspx#BKMK_12
  In addition, you can try following solution.
  1 - Open regedit
  2 - Go to this location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
  3 - Then Delete MSLicensing key totally.
  4 - Now reconnect to the same server machine through remote desktop.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Quality Certificate Issue with multiple batchs with same delivery note

  Hi,
  Hi,
  My Company Business Process:
  Quality certificates are generated prior to the good receipt through IDOC process.
  When we  receive the goods, GR should look for existing quality certificates and trasnfer the inspection results to inspection lot.
  When we are trying to receive for single batch & delivery note, It is looking for existing quality certificates. There is no problem in this senario.
  But when we receive the multiple batchs with the same delivery note, system is generating new quality certificates. It is not looking for existing QC which got generated through IDOC process. This is the actual proble.
  Note: I am not sure is standard SAP does not supprot  to receive the multiple batchs with the same delivery note or not at the time of GR. Please advise me.
  Thanks,
  Suman

  In data origin in certificate profile SAP supports " mix the origins within a characteristic. For example, the results data can originate from an inspection and the specification data can originate from batch determination."
  Now here question arises Is batch determination of one batch or multiple bacthes took place against a single delivery note.
  As per my understnading it should be one batch with is supported in std SAP.

• Still getting certificate issues and chat problems (again)

  i am getting untrusted certificate messages again when in thunderbird. I cannot access the add ons, and the message appears whenever I open thunderbird, even though it appears messages are downloading. still cannot access chat on thunderbird either. I cant wait much longer.. if this keeps on going, i am going to have to dump all the mozilla stuff and go back to what i was using previously, which is a shame, because i much prefer firefox and thunderbird.

  lets try that again. Mozilla operates dozens of web sites and server locations. So read the message and identify the exact server and what the error is.
  Is it an expired certificate, issues with trust chains or what?
  So far I have the equivalent of "my car does not start!, it is a Ford"

• On some sites we get sec_error_unknown_issuer SSL error due to missing root certificate TC TrustCenter Class 2 L1 CA XI. Firefox is the only browser having this issue. Why is that certificate not preinstalled and shipped with Firefox?

  On some sites we get sec_error_unknown_issuer SSL error due to missing root certificate TC TrustCenter Class 2 L1 CA XI. Firefox is the only browser having this issue. Why is that certificate not preinstalled and shipped with Firefox?
  Check sales.sauer-danfoss.com for details with Firefox 7.
  Thanks
  Stefan

  You are not sending the TC TrustCenter Class 2 L1 CA XI intermediate certificate
  *http://sales.sauer-danfoss.com/
  Web servers need to send all required intermediate certificates to build the chain to build-in root certificates.
  You need to install that intermediate certificate on your server.
  *http://www.trustcenter.de/en/infocenter/root_certificates.htm#3479
  You can test the certificate chain via a site like this:
  *http://www.networking4all.com/en/support/tools/site+check/

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• JSP Compilation Issue with Tomcat 4.0.6

  Hi There,
  I've been checking the following issue online for sometime but I just can't seem to figure what is wrong with the server setup. I've this very simple JSP page processing the form variables submitted to an action page which is another JSP page. Thecode segement in the target JSP is like this;
  if(request.getParameter("contactUsSubmit")!=null)
  }Whenever I try to use request.getParameter("XYZ") in the target page just like above, I get following error from Tomcat;
  Apache Tomcat/4.0.6 - HTTP Status 500 - Internal Server Error
  type Exception report
  message Internal Server Error
  description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request.
  exception
  javax.servlet.ServletException: org/apache/jasper/runtime/JspException
       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:481)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
       at java.security.AccessController.doPrivileged(Native Method)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:458)
       at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:551)
       at java.lang.Thread.run(Thread.java:534)
  root cause
  java.lang.NoClassDefFoundError: org/apache/jasper/runtime/JspException
       at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:463)
       at org.apache.jsp.contact$jsp._jspService(contact$jsp.java:174)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:201)
       at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:381)
       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
       at java.security.AccessController.doPrivileged(Native Method)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
       at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:458)
       at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:551)
       at java.lang.Thread.run(Thread.java:534)
  When I comment the code fragment, it works. It is not about what is in the if statment is true, I can assure you. Consider it as simple output to ease your mind.
  Any ideas why this might be happening? I'vve tried the same code with Resin 2.x and Tomcat 5.5 , it works just fine. Do you think there is something missed with the Tomcat setup or the Tomcat version (4.0.6) on that specific server is no good?
  Any comments are greatly appreciated.
  Thanks in advance...
  Regards,
  Mert

  Hi There,
  As you said using equals would not work as it should be a valid String in order for the eqauls function to work.
  Unfortuantely I can't access the Servlet created or the log files. It has crossed my mind too but this is a setup by the service provider and they don't let you nose into their business but they ahvedone something wrong with their system as far I can think.
  I've wanted to print the output to the web but when i use the request.getParameter it just creates the error.
  Java service is provided optional and as any optional service it is not well supported so I need to make them some pointers. So any more ideas?
  Cheers,
  Mert

• Issue with Client Authenication Certificates within Bootable Media

  Hi All,
  I am in the process of deploying SCCM 2012 R2 in our environment parallel to our existing SCCM 2007 R3 environment. So far everything is working well. I have hit, however my first issue. This seems to be related to Client Authentication certificate validation.
  The problem occurs when booting from SCCM 2012 Task Sequence Bootable media and attempting to contact a local Management Point. I am using a USB Boot key at this point as I do not want to overlap with our existing PXE environment.
  The SMSTS.LOG shows the error 0x80072f8f. Specifically the error that I need to get past is:
  [TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  [TSMESSAGING]                : dwStatusInformationLength is 4
   TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  [TSMESSAGING]                : *lpvStatusInformation is 0x10
   TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  [TSMESSAGING]            :
  WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
   TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  [TSMESSAGING] AsyncCallback(): ----------------------------------------------------------------- TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  I have followed all of the recommended steps that I can think of so far. I have:
  Ensured that the Server Authentication and client authentication certificate on all Site systems is correct (I.e. all certificates are based on Certificate Templates as per the TechNet documentation)
  Ensured the Root and Issuing CA's are registered within the SCCM 2012 Site
  The Distribution Point role and Bootable Media are using a dedicated Client Authentication certificate that has been imported via a .PFX
  Ensured this certificate is in a "Not blocked" state
  Ensured the Date and Time of each Site System and of WinPE during the boot process is in sync.
  Checked the MPControl.LOG on each of our 2 Management Points looking for errors. These logs are all clear.
  Checked the IIS Web Logs on the Management Points. These logs are also all clear.
  The SMSTS.LOG is successfully importing the Root CA certificates ....
  Root CA Public Certs=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)Importing certificates to root store TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  Added certificate to store or replaced matching certificate in store. TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  Added certificate to store or replaced matching certificate in store. TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
  I have noticed that there are plenty of issues related to an invalid CA due to root CA import issues or CRL checking. We currently have CRL checking disabled and based on the "INVALID_CN" reference I don't believe CRL check is part of the equation.
  With regards to the Common Name I can confirm the following:
  The "ConfigMgr Client Certificate" Template used to auto enroll all domain joined systems is based upon the "Workstation Authentication" template. The Subject Field is set, as by default to "None". The SAN is set to DNS name.
  The "ConfigMgr OSD Certificate" Template used to create the client authentication certificate used on the DPs and Bootable Media is set to "Supplied at Request". I set a CN of "Configmgr OSD Certificate" for this certificate.
  I have tried using another client authentication certificate for the DPs and Bootable media that had no Subject Name defined.
  Can offer any suggestions as to where I might be going wrong?
  Thanks,
  Nathan Sutton
  NSutton

  Hi Jason,
  Here is the log as requested. I will post it up in separate messages.
  <![LOG[LOGGING: Finalize process ID set to 724]LOG]!><time="13:36:01.388+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="tslogging.cpp:1495">
  <![LOG[==============================[ TSBootShell.exe ]==============================]LOG]!><time="13:36:01.388+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728"
  file="bootshell.cpp:1055">
  <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:01.404+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="util.cpp:964">
  <![LOG[Debug shell is enabled]LOG]!><time="13:36:01.404+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:1066">
  <![LOG[Waiting for PNP initialization...]LOG]!><time="13:36:01.419+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:60">
  <![LOG[RAM Disk Boot Path: MULTI(0)DISK(0)RDISK(0)PARTITION(1)\SOURCES\BOOT.WIM]LOG]!><time="13:36:01.419+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732"
  file="configpath.cpp:302">
  <![LOG[WinPE boot path: D:\SOURCES\BOOT.WIM]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="configpath.cpp:327">
  <![LOG[Booted from removable device]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="configpath.cpp:357">
  <![LOG[Found config path D:\]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:548">
  <![LOG[Booting from removable media, not restoring bootloaders on hard drive]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:582">
  <![LOG[D:\WinPE does not exist.]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:599">
  <![LOG[D:\_SmsTsWinPE\WinPE does not exist.]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:613">
  <![LOG[Executing command line: wpeinit.exe -winpe]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:860">
  <![LOG[Executing command line: X:\windows\system32\cmd.exe /k]LOG]!><time="13:36:02.935+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:860">
  <![LOG[The command completed successfully.]LOG]!><time="13:36:02.951+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:942">
  <![LOG[Successfully launched command shell.]LOG]!><time="13:36:02.951+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:432">
  <![LOG[The command completed successfully.]LOG]!><time="13:36:15.371+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:942">
  <![LOG[Starting DNS client service.]LOG]!><time="13:36:15.371+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:666">
  <![LOG[Executing command line: X:\sms\bin\i386\TsmBootstrap.exe /env:WinPE /configpath:D:\]LOG]!><time="13:36:15.890+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732"
  file="bootshell.cpp:860">
  <![LOG[The command completed successfully.]LOG]!><time="13:36:15.890+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:942">
  <![LOG[==============================[ TSMBootStrap.exe ]==============================]LOG]!><time="13:36:16.062+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
  file="tsmbootstrap.cpp:1165">
  <![LOG[Command line: X:\sms\bin\i386\TsmBootstrap.exe /env:WinPE /configpath:D:\]LOG]!><time="13:36:16.062+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212"
  file="tsmbootstrap.cpp:1166">
  <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:964">
  <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\TSRESNLC.DLL']LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="resourceutils.cpp:169">
  <![LOG[Current OS version is 6.2.9200.0]LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:3094">
  <![LOG[Adding SMS bin folder "X:\sms\bin\i386" to the system environment PATH]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212"
  file="tsmbootstrap.cpp:963">
  <![LOG[Failed to open PXE registry key. Not a PXE boot.]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmbootstrap.cpp:844">
  <![LOG[Media Root = D:\]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmbootstrap.cpp:1000">
  <![LOG[WinPE boot type: 'Ramdisk:SourceIdentified']LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmbootstrap.cpp:779">
  <![LOG[Failed to find the source drive where WinPE was booted from]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="2" thread="1212" file="tsmbootstrap.cpp:1036">
  <![LOG[Executing from Media in WinPE]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmbootstrap.cpp:1041">
  <![LOG[Verifying Media Layout.]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:1623">
  <![LOG[MediaType = BootMedia]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2607">
  <![LOG[PasswordRequired = false]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2633">
  <![LOG[Found network adapter "Realtek PCIe GBE Family Controller" with IP Address X.X161.12.]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="0"
  thread="1212" file="tsmbootstraputil.cpp:517">
  <![LOG[Running Wizard in Unattended mode]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2803">
  <![LOG[Loading Media Variables from "D:\sms\data\variables.dat"]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsremovablemedia.cpp:322">
  <![LOG[no password for vars file]LOG]!><time="13:36:16.156+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmediawizardcontrol.cpp:247">
  <![LOG[Entering TSMediaWizardControl::GetPolicy.]LOG]!><time="13:36:16.156+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmediawizardcontrol.cpp:527">
  <![LOG[Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00']LOG]!><time="13:36:16.172+480"
  date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="environmentscope.cpp:263">
  <![LOG[Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912}]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
  file="environmentscope.cpp:623">
  <![LOG[Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00420041003300410033003900300030002D0043004100360044002D0034006100630031002D0038004300320038002D003500300037003300410046004300320032004200300033007D00']LOG]!><time="13:36:16.172+480"
  date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="environmentscope.cpp:263">
  <![LOG[Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03}]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
  file="environmentscope.cpp:623">
  <![LOG[Setting LogMaxSize to 1000000]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:555">
  <![LOG[Setting LogMaxHistory to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:556">
  <![LOG[Setting LogLevel to 0]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:557">
  <![LOG[Setting LogEnabled to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:558">
  <![LOG[Setting LogDebug to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:559">
  <![LOG[UEFI: false]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:569">
  <![LOG[Loading variables from the Task Sequencing Removable Media.]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:584">
  <![LOG[Loading Media Variables from "D:\sms\data\variables.dat"]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsremovablemedia.cpp:322">
  <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:964">
  <![LOG[Setting SMSTSLocationMPs TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSMediaGuid TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSBootMediaPackageID TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSBootMediaSourceVersion TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSBrandingTitle TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSCertSelection TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSCertStoreName TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSDiskLabel1 TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSHTTPPort TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSHTTPSPort TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSIISSSLState TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSMediaCreatedOnCAS TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSMediaPFX TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSMediaSetID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSMediaType TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSPublicRootKey TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSRootCACerts TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSSiteCode TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSSiteSigningCertificate TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSStandAloneMedia TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSSupportUnknownMachines TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSTimezone TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSUseFirstCert TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSx64UnknownMachineGUID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  <![LOG[Setting _SMSTSx86UnknownMachineGUID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
  NSutton

• My System root certificate is not trusted and I cannot open Preferences with my Administrator password.

  My computer was hacked three days ago and malware installed. After consultation with Apple Support I reinstalled the OS and all seemed to be well. Today I tried to set some Preferences but my Admin password wouldn't work. I tried to reset it using my Apple ID, to no avail. Checking in Keychain Access I found that under System, my Certificate contains a message: 'This root certificate is not trusted'.

  DO NOT install "Avast." I asked about it as a possible cause of the problem, not as a solution.
  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
  You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1309 ' 0.5 0.25 50 1000 15 5120 1000 25000 6 6 5 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1536 500 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 1024 25 50 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pace|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d 'Mb/s:Mb/s:ms/s:KiB/s:%:total:MB:total:lifetime:sampled:per sec' 'Net in:Net out:I/O wait time:I/O requests:CPU usage:Open files:Memory:Mach ports:Energy:Energy:File opens:Forks:Failed forks:System errors' 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' CFBundleIdentifier );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' %s{' ','\n'{"${k[22]}",}}'%s\n' '%.1f GiB: %s\n' '\n    ...and %d more line(s)\n' '\nContents of %s\n    '"${k[22]}"'mod date: %s\n    '"${k[22]}"'size (B): %d\n    '"${k[22]}"'checksum: %d\n%s\n' );c=(879294308 4071182229 461455494 216630318 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 1383871077 1591517921 676087606 1445213025 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of|yc/!{ s/^.+is |\.//g;p;q;} ' ' BEGIN { FS="\f";if(system("A1 42 83 114")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' $1>1{$NF=$NF" x"$1} /\*/{if(!f)f="\n\t* Code injection"} {$1=""} 1;END{print f} ' ' NR==2&&$4<='${p[7]}'{print $4} ' ' BEGIN{FS=":"} ($1~"wir"&&$2>'${p[22]}') {printf("wired %.1f\n",$2/2^18)} ($1~/P.+ts/&&$2>'${p[19]}') {printf("paged %.1f\n",$2/2^18)} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q"\f"$0"\f"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/, .+:/ { print;n++;} END{if(n<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { print "/L.+/Scr.+/Templ.+\.app$";print "/L.+/Pri.+\.plugin$";if(NR<'{${p[14]},${p[21]}}') print "^/[Sp].+|'${k[21]}'";} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt|xpc)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print $0"$";} END { split("'"${c[*]}"'",c);for(i in c) print "\t"c[i]"$";} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt|xpc))$/p;' ' BEGIN{ FS="= "} $2 { gsub(/[()"]/,"",$2);print $2;} !/:/&&!$2{print "'${k[23]}'"} ' ' /^\//!d;s/^.{5}//;s/ [^/]+\//: \//p;' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' BEGIN{FS=": "} /^ {10}O/ {exit} /^ {0,12}[^ ]/ {next} $1~"Ne"&&$2!~/^In/{print} $1~"Si" { if(a[2]) next;split($2,a," ");if(a[1]-a[4]<'${p[5]}') print;};$1~"T"&&$2<'${p[20]}'{print};$1~"Se"&&$2!~"2"{print};' ' BEGIN { FS="\f";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS="\f";} $2<=m[$1]{next} $1==9||$1==10 { "ps -c -ouid -p"$4"|sed 1d"|getline $4;} $1<11 { o[$1]=o[$1]"\n    "$3" (UID "int($4)"): "$2;} $1==11&&$5!~"^/dev" { o[$1]=o[$1]"\n    "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==12&&$5 { "ps -c -ocomm -p"$5"|sed 1d"|getline n;if(n) $5=n;o[$1]=o[$1]"\n    "$5" => "$3" (UID "$4"): "$2;} $1~/1[34]/ { o[$1]=o[$1]"\n    "$3" (UID "$4", error "$5"): "$2;} END { n=split("'"${k[27]}"'",u,":");for(i=n+1;i<n+4;i++)u[i]=u[n];split("'"${k[28]}"'",l,":");for(i=1;i<15;i++) if(o[i])print "\n"l[i]" ("u[i]")\n"o[i];} ' ' /^ {8}[^ ]/{print} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n    "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n    [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"stat -f%z "F|getline S;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[30]}"' "F|getline g) { l++;if(l<=L) f=f"\n    "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n    '"${k[22]}"'"T;printf("'"${f[8]}"'",F,D,S,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[30]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[31]}"'\\ :'"${k[33]}"' \""$0"\"/*/'${k[32]}'";p|getline b;close(p);if(b~/ .+:/||!b) b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[32]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ / [VY]/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/'$'\f''/;s/(\n)c/\1'$'\f''/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */    /;p;' ' s/^.+ |\(.+\)$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2'$'\t\t''\1/p' ' /es: ./{ /iOS/d;s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/://;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/'$'\f''(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8,9,10}$'\f''/;s/ *'$'\f'' */'$'\f''/g;p;' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS="\f"} { printf("'"${f[6]}"'",$1/2^30,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[29]}}'/ { getline d;if(d~"t") print $1;} ' ' BEGIN{FS="\t"} NR>1&&$NF!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $NF"\f"a[split($(NF-1),a," ")];} ' '|tail -n'{${p[6]},${p[10]}} ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;/^ +(([MNPRSV]|De|Li|Tu).+|Bus): .|d: Y/d;s/:$//;$d;p;' ' BEGIN { RS=",";FS=":";} $1~"name" { gsub(/["\\]/,"",$2);print $2;} ' '|grep -q e:/' '/[^ .]/p' '{ print $1}' ' /^ +N.+: [1-9]/ { i++;} END { if(i) print "system: "i;} ' ' NF { print "'{admin,user}' "$NF;exit;} ' ' /se.+ =/,/[\}]/!d;/[=\}]/!p ' ' 3,4d;/^ +D|Of|Fu| [0B]/d;s/^  |:$//g;$!H;${ x;/:/p;} ' ' BEGIN { FS=": ";} NR==1 { sub(":","");h="\n"$1"\n";} /:$/ { l=$1;next;} $1~"S"&&$2!~3 { getline;next;} /^ {6}I/ { i++;L[i]=l" "$2;} END { if(i) print h;for(j=0;j<'${p[24]}';j++) print L[i-j];} ' ' /./H;${ x;s/\n//;s/\n/, /g;/,/p;} ' ' {if(int($6)>'${p[25]}')printf("swap used %.1f\n",$6/1024)} ' ' BEGIN{FS="\""} $3~/ t/&&$2!~/'{${k[24]},${k[29]}}'/{print $2} ' ' int($1)>13 ' p ' BEGIN{FS="DB="} { sub(/\.db.*/,".db",$2);print $2;} ' {,1d\;}'/r%/,/^$/p' ' NR==1{next} NR>11||!$0{exit} {print $NF"\f"substr($0,1,32)"\f"$(NF-7)} ' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' '1;END { exit "find /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom -mtime -'${p[23]}'s"|getline;} ' ' NR<='${p[26]}' { o=o"\n"$0;next;} { o="";exit;} END{print o|"sed 1d"} ' ' {o=o"\n"$0} NR==6{p=$1*$5} END{if(p>'${p[27]}'*10^6)print o|"sed 1d"} ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[30]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin' env pluginkit scutil 'dtrace -q -x aggsortrev -n' security sed\ -En awk 'dscl . -read' networksetup mdutil lsof test osascript\ -e netstat mdls route cat uname powermetrics codesign lockstat );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[32]} '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop {/,}L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|(allow|call)ing|Goog|(mplet|nabl)ed|ry HD|safe b|succ|xpm' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA[(]|pa(gin|us)|Purg(ed|in)| err|Refus|s ful|TCON|tim(ed? ?|ing )o|trig|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0<0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno!=0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1\f%@d\f%s\f%d\n\",@a);printa(\"2\f%@d\f%s\f%d\n\",@b);printa(\"11\f%@d\f%s\f%d\f%s\f%d\n\",@c);printa(\"12\f%@d\f%s\f%d\f%d\n\",@d);printa(\"13\f%@d\f%s\f%d\f%d\n\",@e);printa(\"14\f%@d\f%s\f%d\f%d\n\",@f);printa(\"3\f%@d\f%s\f%d\n\",@g);printa(\"4\f%@d\f%s\f%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f'$'\f''%Sc'$'\f''%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' /\ kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{auto*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*{,/*} .launchd.conf" list '-F "" -k Sender hidd -k Level Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' vm.swapusage --dns -get{dnsservers,info} dump-trust-settings\ {-s,-d,} '~ "kMDItemKind=Package"' '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |gnment |jnl_io.+)err|disk.+abo','USBF:.+bus'}'"' -name\ kMDItem${k[33]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[33]} :CFBundleDisplayName $EUID {'$TMPDIR../C ','/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s -type f -size +'${p[11]}'M -exec stat -f%z'$'\f''%N {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' 'L*/A*/Fi*/P*/*/a*.json' users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$(Sender): \$Message" -k Sender Rne "launchd|nsurls" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "[{}<>]|asser|commit - no t|deprec|done |ect pas|fmfd|Goog|ksho|ndum|obso|realp|rned f|/root|sandbox ex" ' getenv '/ "kMDItemDateAdded>=\$time.now(-'${p[23]}')&&kMDItem'${k[33]}'=*"' -m\ / '' ' -F "\$Time \$(RefProc): \$Message" -k Sender Req launchd -k Level Nle 3 -k Message Rne "asse|bug|File ex|hij|Ig|Jet|key is|lid t|Plea|ship" ' print{,-disabled}\ {system,{gui,user}/$UID} '-n1 --show-initial-usage --show-process-energy' -r ' -F "\$Message" -k Sender nsurlstoraged -k Time ge -1h -k Level Nle 4 -k Message Req "^(ER|IN)" ' '/A* -type d -name *.app -prune ! -user 0' -vv '-D1 -IPRWck -s5 sleep 1' );N1=${#c2[@]};for j in {0..20};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console,launchd}\ log SMC Login\ hook 'I/O per process' 'High file counts' UID {System,Login,Agent,User}\ services\ {load,disabl}ed {Admin,Root}\ access Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ caches/logs XPC\ cache Startup\ items Shutdown\ codes Heat Diagnostic\ reports Bad\ {plist,cache}s 'VM (GiB)' Bundles{,' (new)'} Trust\ settings Activity Free\ space Stylesheet Library\ paths{,' ('{shell,launchd}\)} Data\ packages Modifications );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};export -f A1 A2 F;B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d$'\e' <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F$'\e' ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D$((i-1))'() { A'$i' $@;C0;};';for j in 2 3;do eval D$((i+2*j-3))'() { local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D0 0 N1+1 2;D0 0 $N1 1;B1;C2 31;B1&&! B2&&C2 32;D2 22 15 63;D0 0 N1+2 3;D0 0 N1+15 17;D4 3 0 N1+3 4;D4 4 0 N1+4 5;D4 N3+4 0 N1+9 59;D0 0 N1+16 99;for i in 0 1 2;do D4 N3+i 0 N1+5+i 6;done;D4 N3+3 0 N1+8 71;D4 62 1 10 7;D4 10 1 11 8;B2&&D4 18 19 53 67;D2 11 2 12 9;D2 12 3 13 10;D2 13 32 70 101 25;D2 71 6 76 13;D2 45 20 52 66;A1 7 77 14;B3 28;A1 20 31 111;B6 0 28 5;B4 0 0 110;C2 66;B2&&D0 45 90 124;D4 70 8 15 38;D0 9 16 16 77 45;C4;B2&&D0 35 49 61 75 76 78 45;B2&&{ D0 28 17 45;C4;};B2&&{ A1 43 85 117;B3 29;B4 0 0 119 76 81 45;C0;B4 29 0 118 119 76 82 45;C0;    };D0 12 40 54 16 79 45;D0 12 39 54 16 80 45;D4 74 25 77 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 75;};B2&&D4 19 21 0;B2&&D4 40 10 42;D2 2 0 N1+19 46 84;D2 44 34 43 53;D2 59 22 20 32;D2 33 0 N1+14 51;for i in {0..2};do A1 29 35+i 104+i;B3 25+i;done;B6 25 27 5;B6 0 26 5;B4 0 0 110;C2 69;D2 34 21 28 35;D4 35 27 29 36;A1 40 59 120;B3 18;A1 33 60 121;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D4 50 38 5 68;B4 19 0;D5 37 33 34 42;B2&&D4 46 35 45 55;D4 38 0 N1+20 43;B2&&D4 58 4 65 76 91;D4 63 4 19 44 75 95 12;B1&&{ D4 53 5 55 75 69&&D4 51 6 58 31;D4 56 5 56 97 75 98&&D0 0 N1+7 99;D2 55 5 27 84;D4 61 5 54 75 70;D4 14 5 14 96;D4 15 5 72 96;D4 17 5 78 96;C4;};D4 16 5 73 96;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 50;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 0 11 73 102;A1 42 86 114;j=$?;for i in 0 1 2;do ((i==2&&j==1))&&break;((! j))||((i))||B2&&A1 18 $((79+i-(i+53)*j)) 107+8*j 94 74||continue;B7 11;B4 0 0 11;C3 $((23+i*(1+i+2*j)));D4 $((24+i*(1+i+2*j))) 18-4*j 82+i-16*j $((112+((3-i)*i-40*j)/2));done;D4 60 4 21 24;D4 42 14 1 62;D4 43 37 2 90 48;D4 41 10 42;D2 48 36 47 25;A1 4 3 60&&{ B3 9;A2 14 61;B4 0 10 21;B4 9 0;A2 14 62;B4 0 0 21;B6 0 10 4;C3 5;};D4 9 41 69 100;D2 72 21 68 35;D2 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D4 54 5 7 75 76 69;D4 52 5 8 75 76 69;D4 57 4 64 76 91;D2 0 4 4 84;D2 1 4 51 84;D4 21 22 9 37;D0 0 N1+17 108;D4 76 24 38;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D1 31 47;D4 64 4 71 41;D4 65 5 87 116 74;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B6 14 0 4;C3 67;A1 24 75 74;B4 1 1 122||B7 12;B4 0 0 123;B3 23;A2 39 57 30;B6 23 0 4;C3 68;B4 4 13 27 89 65;A1 24 23;B7 13;C3 73;B4 4 0 87;A2 14 61 89 20;B4 0 17;A1 26 50 64;B7 17;C3 6;A1 4 88;D5 77 44 89;D4 7 11 6;D0 0 N1+18 109;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
  [Process started]
          Part 1 of 8 done at … sec
          Part 8 of 8 done at … sec
          The test results are on the Clipboard.
          Please close this window.
  [Process completed]
  The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
  Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.
  12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you're told to do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.
  Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Which are the root certificates firefox is preloaded with and how can I see that

  I am interested in finding out how I can see root certificates my firefox browser is preloaded with. I also would like to know how can I change that setting

  Hi,
  Please check if this happens in [https://support.mozilla.com/en-US/kb/Safe%20Mode Safe Mode].
  [http://kb.mozillazine.org/Problematic_extensions Problematic Extensions]
  [https://support.mozilla.com/en-US/kb/Troubleshooting%20extensions%20and%20themes Troubleshooting Extensions and Themes]
  [http://support.mozilla.com/en-US/kb/Uninstalling+add-ons Uninstalling Add-ons]
  [http://kb.mozillazine.org/Uninstalling_toolbars Uninstalling Toolbars]
  Safe mode disables the installed '''Extensions''', and themes ('''Appearance''') in '''Tools''' ('''Alt''' + '''T''') > '''Add-ons'''. Hardware acceleration is also temporarily disabled - the manual setting is '''Tools''' > '''Options''' > '''Advanced''' > '''General''' > '''Use hardware acceleration when available'''. [https://support.mozilla.org/en-US/kb/Options%20window%20-%20Advanced%20panel?as=u Options > Advanced]. All these settings/add-ons can also be individually or collectively disabled/enabled/changed in Firefox normal mode to check if an extension, theme or hardware acceleration is causing issues.