RV042 giving out router certificate instead of server certificate

Similar Messages

• RV042 giving out certificate instead of server

  RV042 router is giving out the outer certificate  instead of server certificate. Outlook anywhere is failing and we are receiving certificate errors for any secure site behind this firewall.  I'm not talking  about remote  management. I'm talking about people trying to access our  web site,  which is secured, and getting an error because the RV042 is  giving its  own SSL certificate instead of the Server's certificate.  Firmware Version:  1.3.13.02-tm.  I don't see any updates for that  hardware.  I do have it working on an RV042 with the same firmware at a different location. 
  How do we turn that off or keep it from happenning? 
  Output from a test site
  Attempting to resolve the host name xxxx in DNS.
  The host name resolved successfully.
  Additional Details
  Testing TCP port 443 on host xxxx to ensure it's listening and open.
  The port was opened successfully.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Test Steps
  ExRCA is attempting to obtain the SSL certificate from remote server xxxx on port 443.
  ExRCA successfully obtained the remote SSL certificate.
  Additional Details
  Remote  Certificate Subject: SN=California, L=Irvine, C=US, O="Cisco-Linksys,  LLC", OU=RV042, CN=68:ef:bd:b8:0f:78, Issuer: SN=California, L=Irvine,  C=US, O="Cisco-Linksys, LLC", OU=RV042, CN=68:ef:bd:b8:0f:78.
  Validating the certificate name.
  Certificate name validation failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Host  name xxxx doesn't match any name found on the server  certificate SN=California, L=Irvine, C=US, O="Cisco-Linksys, LLC",  OU=RV042, CN=68:ef:bd:b8:0f:78.

  The fix that worked for me was to totally turn off https access to the router.  Remote access had not been emabled but internal was responding on 443.  Going to straight HTTP stopped it from responding to HTTPS requests. 

• Use Homepage SSL certificate as exchange server certificate?

  the certicate needs to match the fully qualified domain name that you connect against.
  so if the web site uses www.domain.de and the echange server's OWA/Activesync is owa.domain.de it wont match and you'll get errors. However if the SSL cert is wildcard to *.domain.de you'll be OK.

  Hi there,
  im a little certificate dau
  i have a certificate for our homepage which certifies on "Domain123.de".
  Is it possible to use this certificate for our mail server? (exchange 2007)
  The mail domain is "[email protected]"
  Our AD Domain is "Domain456.local"
  I hope you can help me here.
  Heres some bacon to attract the pros
  This topic first appeared in the Spiceworks Community

• How to get the Server Certificate Chain File?

  Hi all,
  I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
  documentation:
  Generate a private key file, then submit to Verisign, get the certificate
  file.
  Because I have only one WebLogic server. I clear the "Server Certificate
  Chain File" field.
  But I get error message after reboot WebLogic. Following is the error
  message:
  <2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
  figuration, java.lang.Exception: Required file server-certchain.pem which is
  spe
  cified by ServerCertificateChainFileName, was not found>
  java.lang.Exception: Required file server-certchain.pem which is specified
  by Se
  rverCertificateChainFileName, was not found
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
  enThread.java:152)
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
  stenThread.java:180)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  My question is: Should I input the rootCA certificate into the Server
  Certificate Chain File field? If yes, where can I get the rootCA certificate
  file?
  Thanks

  [sorry, deleted irrelevant wrong answer]

• Installing Server Certificate

  've created a self signed certificate using the java keytool. When attempting to install the certificate as a Server Certificate using iPlanet 4.1 Server Manager,I receive an error writing to the certificate file. I can install this same certificate as a Trusted CA certificate.
  Is there anything I should do different when generating the certificate if I'm going to be using it as a server certificate?
  Thanks,
  Bob

  When starting CMS from command line, it starts correctly, but when i'm trying to start from the admin console, it doesn't work. Also, i tried start from command line and open from admin console, but the admin console says "server off" and the server is already started.
  DOES ANYONE KNOW WHAT KIND OF PROBLEM IS THAT???
  thanks,
  Marcelo

• Certsrv not giving out UC/SAN certificates in server 2012

  Hello
  I'm trying to use the certsrv utility to publish certificates for a fictitious set of testing domains I have.  Certsrv is returning certificates, but for some reason they will not include a SAN field.  I feel like the problem is that I missed a
  check box or setting somewhere, because these exact instructions will work in a my classmates environment.
  I also used Certutil to set validity and renewal to 75 years, just to be safe
  These are the steps:
  Open IIS
  Create Certificate request
  Fill in distinguished name properties (Are any of these, other than CN, required?)
  Microsoft RSA Cryptographic Provider
  2048 bit length
  Save as: SAN request.csr
  Browse to http://localhost/certserv
  request a certificate
  Advanced request
  Submit a request using base 64 file
  Copy+Paste from "SAN request.csr" to the certificate request field
  Certificate Template: Web Server
  Additional Attributes:  SAN:dns=pr.droids.com&finance.droids.com&manufacturing.droids.com
  Submit
  Download Certificate (not Certificate Chain)
  Save as:  SAN.cer
  Back to IIS Manager
  Complete a certificate request
  Friendly name: SAN
  Store: Personal
  This all runs fine, the certificate shows up, but when viewed, the SAN field is missing.  Is there something in MMC that needs to be changed?  Or an I just forgetting something?

  Try to run there commands in powershell on server
          PS
  C:\> certutil.exe
  -setreg ca\ValidityPeriodUnits 75
      PS C:\> certutil.exe
  -setreg ca\RenewalValidityPeriodUnits 75
      PS C:\> certutil.exe
  -setreg ca\RenewalValidityPeriod Years
      PS C:\> certutil.exe
  -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
          PS
  C:\> Restart-Service CertSvc

• Step by Step : How to Create an SSL Server Certificate (Part 3)

  How to Create an SSL Server Certificate (Part 3)
  In the previous part you have completed step 10, now you are almost there.
  Step 11:
  This is another very important step.
  Leave the settings as is or tick more options if you know what you do.
  Step 12:
  Again leave as it is.
  Step 13:
  Another important step !
  In the DNS Name field enter the host name(s) separated by spaces (or commas), e.g.
  myserver.name.private myserver.dyndns.org
  You can enter your local IP if you wish.
  Step 14:
  Certificate Assistant now procedes to create your certificate. Within a few seconds you should see the new certificate in your Keychain.
  Switch to Server App (if at this stage Server App has crashed, don't worry , re-open Server App and proceed.
  Repeat step 2 described in Part 1 and select the new certificate from the drop-down menu of available certificates.
  You may want to use this certificate for all services (iChat, iCal, Mail, Web) or create different ones.
  If you use the same certificate for all services the name of the certificate is diplayed next to "SSL Certificate", if you don't you will see "Custom" instead.
  Addendum:
  1. Do not forget to open port 443 in your router to enable https connections.
  2. Enable SSL in your iCal account settings if you wish.
  Enjoy your server !

  Hi,
  Are you talking about the Mercedes leaderboard ad?  Because that look a lot more complicated than "fade in - fade out" images?
  Anyway... I am looking at the easiest way to create a banner ad with fade in - fade out images that I have created in illustrator.
  This tutorial helped me alot.
  http://www.youtube.com/watch?v=gFw-1D8yaMs&NR=1
  cheers

• Incoming email - Routing rules on exchange server 2003

  I am configuring SAP system to receive emails as per note 455140. We currently have only one client and have updated necessary profile parameters including setting SMTP port to 25 for incoming mails. We have specified our enterprise exchange server 2003 as the mail server in SCOT transaction and are able to send out emails from SAP without issues, but cannot receive emails in SAP.
  Following note 607108, I am able to receive emails in the SAP system using telnet test (by passing mail server), thereby I believe all relevant configuration settings in SAP system have been correctly maintained. Now, if I try to send an email to SAP user from another SAP system or Microsoft Outlook or Internet, these emails are not being received in SAP. No inbound traces are generated in SAP since the mail has not been received by SAP.
  As part of the config, our server admins have set up a rule on mail server to forward specific emails to SAP system. Does anyone have any insight into what might be the issue here? Also, if someone can provide links/directions on how to setup routing rules on exchange server 2003 to forward specific requests to SAP system (I believe this is where our issue is).
  Thanks!
  Fahad

  Hello Markus,
  By specific, I meant emails addressed to specific users need to be forwarded to SAP. Instead of specifying *ATcompany.com --> WebASHost:25000, we put in a rule userATcompany.com --> WebASHost:25000
  Based on your response, I asked SAP support whether there is such restriction when SU01 email address and exchange email address are same, exchange will not forward to SAP. Below is there response
  "SAPconnect like most mail platforms route mails via the email address.
  SAP recommends the following:-
  UserATClient.SID.company.com
  I know that a DNS entry will have to be written for this to be routed
  to your Exchange server for relay into SAP.
  The only other recommendation is to use the local part of the mail
  address to route the mails. This will not require an external DNS
  entry but every new user will have to be updated in Exchange.
  User.client.sidATcompany.com
  There are no other way of correctly routing mails other than these
  methods. Thank you."
  Now SAP says when email addresses are same and if we put in a rule based on local part of the mail, it should still forward.
  Since the issue is through exchange, SAP will not provide further support to resolve this and we cannot go with sub-domains currently due to business requirements.
  Any suggestions.
  Thanks,
  Fahad

• Linkysys RV042 QuickVPN to router issues

  Hi
  Any help with this issue is greatly appreciated as I have been stuck on this for acouple of days now, this is my first time posting to a forum... I have setup VPN connections before but only through packages such as openswan & openvpn not through such a device.
  My VPN router is connected directly to an ADSL modem, directly behind the RV042 I have placed my test machine on port 1 both Wan1 & port 1 show as Gree (active).
  Modem...
  DHCP enabled
  local IP: 10.1.1.1
  The VPN has...
  Wan1: 10.1.1.2
  Lan1: 10.222.43.1
  Test machine...
  IP address: 10.222.43.100
  I have been given two Linksys RV042 devices to setup as VPN end point/connections from one LAN to another.
  However before I do this I have been testing the setup of a test machine (Laptop Windows 7 professional & also tried XP professional with exactly the same results) to the VPN router device.I have configured the router with the basic setup as described in the step-by-step guide / pdf and setup a test user & one tunnel I have left every thing as default and only changed what is necessary.
  I have generated a certificate for the server and distributed a client certificate to my client machine and installed in the "C:\Program Files (x86)\Linksys\Linksys VPN Client\" directory (as I understand I can simply download to this location and its installed for the client).
  The above is a run down of the steps listed in the setup guide provided on the CD, every time I try to connect to the server I get the following error message.
  Failed to establish a connection.This could be caused by one of the following:1. Incorrect password.2. No valid IP for the network card.3. Incorrect server address.4. You may need to disable your Windows firewall.5. Local IP address conflicts with the subnet of remote VPN server.
  1. I know my password is correct
  2. I am not sure what "No valid IP for the network card" means though I am able to get access to the internet through the modem on my test laptop and have access to the web interface of the RV042 so I assume that my IP is valid?
  3. I know the server address is correct I have tried both internal address of the RV042 and the wan1 address of the RV042
  4. I get exactly the same error message whether the firewall is turned on or off on either of the XP or 7 machines.
  5. This is the one that I am confused about, there are no machines connected so I am unsure how there could be a conflict. however just to make sure I have changed the IP of the laptop to one outside of the range allocated to the tunnel, and I still get the same error message.
  I have checked the log file of the server "system log" and this is what I get it appears that the server actually accepts the connection from what I can make of this series of messages.
  Jan 22 10:32:04 2010         Connection Accepted         TCP 10.222.43.100:3374->209.46.39.47:443 on ixp1
  Jan 22 10:32:32 2010        Connection Accepted        ICMP type 8 code 0 10.1.1.2->10.1.1.1 on ixp1
  Jan 22 10:33:44 2010         Authentication Success         HTTP Basic authentication succeeded for user: test
  The log file on the local machine however shows that there is an error though it just says "Failed to connect" so  I am very confused about where the issue lies.
  2010/01/22 11:46:13 [STATUS]OS Version: Windows XP
  2010/01/22 11:46:13 [STATUS]Windows Firewall is OFF
  2010/01/22 11:46:13 [STATUS]One network interface detected with IP address 10.222.43.100
  2010/01/22 11:46:13 [STATUS]Connecting...
  2010/01/22 11:46:13 [STATUS]Connecting to remote gateway with IP address: 10.1.1.2
  2010/01/22 11:46:14 [STATUS]Remote gateway was reached by https ...
  2010/01/22 11:46:14 [STATUS]Remote gateway was reached by https ...
  2010/01/22 11:46:14 [WARNING]Failed to connect!
  Thanks for reading and thanks in advance for any help provided.
  JC

  Hi SamirDarji
  Thank you for your reply to my post. This mostly gives me a solution to work with, however I have now been faced with another issue. I am now supposed to synchronize with a ADSL modem / router / vpn / firewall in another location for which is a different brand. From what I can see is that I have the same settings available on both RV042 and the other device. My question is... now I have setup all vpn devices, I am confused about how to connect / test the devices. The two RV042 devices have a test connection button under vpn summary for the tunnel but neither of them appear to connect (it just cycles through and never connects). Initially I thought that the devices may not be able to see each other as the two RV042 devices are behind a firewall / modem however i have put the vpn RV042 routers on the dmz of the test networks behind their gateway modems. The ADSL modem / router / vpn / firewall device on the live network is the gateway as well, this device has the firewall disabled (the firewall job is passed down the chain to a few special purpose firewall devices before the core switches) would this affect the vpn?
  thanks again
  JC

• Profile Manager Enrollment - iOS - Server Certificate Invalid

  I have been getting an error trying to enroll iOS devices into profile manager. My MacBook and iMac enroll just fine. However my iPhone and iPad do not.
  When I enroll my MacBook Pro, I first log into https://(FQDN)/mydevices, select profiles, Install Trusted Profile. I then go back to devices, and click 'Enroll now'. When I check the Profiles section of System Preferences, I see that the 'Trusted Profile' has added two certificates refering to my server. I can only assume one matches the Self Signed I generated shortly after making my hostname public, and the other Apple Push generated for me.
  However when I do this exact same process on my iPad/iPhone, when I attempt the 'Enroll Now' step, I get the error "The server certificate for "https://(FQDN)/devicesmanagement/api/device/ota_service" is invalid.
  My searches for this issue have turned up issues close to this, but never exactly this, and the solutions don't seem to work for me. Here are some key points to note:
  1. Tried demoting to standalone, re-promote to OD Master, then deleted all certificates, and regenerated all (including the Push cert from Apple)
  2. Ran sudo changeip -checkhostname
  3. DNS routes forward and reverse correctly in my local LAN
  4. I had been getting "Remote Verification failed: (os/kern) failure" / "TEAVerifyCert() returned NULL" in my logs every 3 seconds until I did the steps listed in '1'
  Looking forward to 10.7.1

  @hombre7777
  Thanks for the info. That makes sence what you are telling me. Their instuctions are kind of bland and dont make sence as much as they should.
  The only thing that scares me on this one is now we need to put a device in the dmz....
  So now upgrading our xserv to 10.7 when it becomes stable would now be using the magic triangle, and trying to only have 1 to manage osx machines / and now ios devices. Edit our wiki's thats already in place, and have important databases on filemaker is now going to reside in the dmz....
  So someone wasn't thinking on this one!!! haha
  It looks like we will have to seperate things now, so ios devices are managed on their own machine in the dmz with now a hole leaked in the firewall for AD to authenticate so we can pull users down to associate profiles with them.
  Our osx machine will then contain a seperate spot to manage osx devices bound to user accounts, as well as manage filemaker and wiki's that are in use already.
  It would be nice if they had figured out a way to do this a little different so we wern't opening holes in the firewall.
  The funny thing is I was able to get the ipad to bind and enroll the very first time when i was on a vpn tunnel from my house trying things out.
  So I know you can do it, without having to go public, although the push service wasn't working properly and I was not able to bind osx and enroll. So i stared over.
  Ill play around to see what I can figure out later. Thanks for the help. If you find out the port numbers please let me know as well! Im not able to move the box to an outside firewall right now. I have to much to do. I can probably do that next week.

• Is there a way to generate server certificates in a multi-controller environment?

  Q: Is there a way to generate server certificates in a multi-controller environment? 
  A: 1.  For PEAP, only the Radius Server needs a certificate, not the controller.  Managing a certificate for each controller for 802.1x when you can  alternatively manage a single certificate for each radius server is a mistake.
  2.  For Captive Portal, if you don't want your guest or company users to have an untrusted error every time they hit the captive portal you will need a public certificate that all your users will trust.  That could either involve (1) A  different certificate for each controller with the subject being the fqdn of each controller or (2) a single, identical certificate that has the SAN or Subject ALT Name filled out with the FQDN of each controller listed in the SAN field (https://www.digicert.com/subject-alternative-name.htm)
  Here is an example of a cert with multiple fqdns in the Subject Alternative Name field below:  Of course, you will have to pay for each SAN that you have added to the certificate.  If you will have an environment where you have a VRRP and that is the ip address that the clients will be redirected to, you should make the SAN point to the VRRP.
  A document on certificates that is specifically geared toward ClearPass, instead of controllers is here:  Certificates 101 V1.0  It speaks to certificates on ClearPass, but the concepts are the same...
  Solution:-
  We can use ClearPass server to generate the CSR, where the CN is named after the 1st controller, which included all the Subject Alternate Names (SANs) for the other 3 controllers as well as the master controllers (in case of an N+1 failover).  This allows to save/export the private key as a file.
  After submitting the CSR for a UCC and after receiving the cert,  then proceed to chain the cert to include server, all intermediate and root CAs.  Then copy the chained cert as well as the private key file to a MacBook so that we can use OpenSSL to create a PFX formatted cert as follows:
  sudo openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem
  Once this generated a PFX cert,  upload it to all controllers and used it under Configuration > Management > General for both “WebUI Management Authentication Method” as well as “Captive Portal Certificate” (even though the ClearPass Guest captive portal is using a different cert for the captive portal page itself).
  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Create-a-CSR-with-multiple-SANs

  Sorry I'm still confused here.  What you are describing makes no sense for properly using TestStand.
  Maybe I can help you find the right solution if I can understand your goal?
  Do you want to dynamically populate the variables (Locals and FileGlobals) with values?  Or do you want to dynamically create the variables from scratch (i.e. add subproperties to the sequence file) based on some file?
  Generally what happens is people want an ASCII file (in your case I'm guessing CVS) such that they can change the values of variable so that when TS is executing it will load those values and use them.  In this case NI recommends the Property Loader.  There is an example for this in <TestStand>\Examples.  Open the workspace and look for the PropertyLoader example.  Also, if you google "proprety loader teststand" then you will find various articles which may assist you.
  When you say "define the variables for the sequence/sequence file"  Are you actually referring to manually right clicking in the sequence file and saying Insert Local?  or are you just saying that you change the value of a variable?
  Thanks,
  jigg
  CTA, CLA
  teststandhelp.com
  ~Will work for kudos and/or BBQ~

• RV042 V3 "Out of Memory"

  Hi,
  Recently I've been experiencing issues with my RV042 that I've had for just under two years. I am running the latest firmware.
  The issue is when I am using PPTP the router seems to die, not every time but I would say about once a week now. I am the only PPTP user, simply using RDP. A few hours into an RDP session the PPTP connection drops and cannot be re-established, or quickvpn, nothing. Routing still works (somewhat, high latency) locally.
  When I've checked the logs both times I see:
  Time
  Event-Type
  Message
  Sep 3 17:07:56 2012
  Kernel
  Out of memory: Killed process 14354 (pppd).
  Sep 3 17:07:56 2012
  Kernel
  Out of Memory: Kill process 14354 (pppd) score 177 and children.
  Sep 3 17:07:56 2012
  Kernel
  Out of memory: Killed process 14367 (sh).
  Sep 3 17:07:56 2012
  Kernel
  Out of Memory: Kill process 14354 (pppd) score 234 and children.
  Sep 3 16:46:41 2012
  Kernel
  Out of memory: Killed process 14330 (pppd).
  Sep 3 16:46:41 2012
  Kernel
  Out of Memory: Kill process 14329 (pptpctrl) score 134 and children.
  Sep 3 16:46:41 2012
  Kernel
  Out of memory: Killed process 14324 (pppd).
  Sep 3 16:46:41 2012
  Kernel
  Out of Memory: Kill process 14324 (pppd) score 177 and children.
  Sep 3 16:46:40 2012
  Kernel
  Out of memory: Killed process 14328 (sh).
  Sep 3 16:46:40 2012
  Kernel
  Out of Memory: Kill process 14324 (pppd) score 234 and children.
  Sep 3 15:36:15 2012
  Kernel
  Out of memory: Killed process 14187 (pppd).
  Sep 3 15:36:15 2012
  Kernel
  Out of Memory: Kill process 14187 (pppd) score 177 and children.
  Sep 3 15:36:15 2012
  Kernel
  Out of memory: Killed process 14191 (sh).
  Sep 3 15:36:15 2012
  Kernel
  Out of Memory: Kill process 14187 (pppd) score 234 and children.
  Sep 3 14:51:40 2012
  Kernel
  Out of memory: Killed process 14096 (pppd).
  Sep 3 14:51:40 2012
  Kernel
  Out of Memory: Kill process 14096 (pppd) score 177 and children.
  Sep 3 14:51:38 2012
  Kernel
  Out of memory: Killed process 14102 (sh).
  Sep 3 14:51:38 2012
  Kernel
  Out of Memory: Kill process 14096 (pppd) score 233 and children.
  Sep 3 14:11:37 2012
  Kernel
  Out of memory: Killed process 13953 (pppd).
  Sep 3 14:11:37 2012
  Kernel
  Out of Memory: Kill process 13953 (pppd) score 177 and children.
  Sep 3 14:11:37 2012
  Kernel
  Out of memory: Killed process 13960 (sh).
  Sep 3 14:11:37 2012
  Kernel
  Out of Memory: Kill process 13953 (pppd) score 234 and children.
  Sep 3 13:37:30 2012
  Kernel
  Out of memory: Killed process 13767 (pppd).
  Sep 3 13:37:30 2012
  Kernel
  Out of Memory: Kill process 13767 (pppd) score 177 and children.
  Sep 3 13:37:30 2012
  Kernel
  Out of memory: Killed process 13771 (sh).
  Sep 3 13:37:30 2012
  Kernel
  Out of Memory: Kill process 13767 (pppd) score 234 and children.
  Sep 3 13:13:30 2012
  Kernel
  Out of memory: Killed process 13531 (pppd).
  Sep 3 13:13:30 2012
  Kernel
  Out of Memory: Kill process 13531 (pppd) score 177 and children.
  Sep 3 13:13:30 2012
  Kernel
  Out of memory: Killed process 13539 (sh).
  Sep 3 13:13:30 2012
  Kernel
  Out of Memory: Kill process 13531 (pppd) score 234 and children.
  Sep 3 13:11:39 2012
  Kernel
  Out of memory: Killed process 13503 (sh).
  Sep 3 13:11:39 2012
  Kernel
  Out of Memory: Kill process 13503 (sh) score 114 and children.
  Sep 3 13:11:36 2012
  Kernel
  Out of memory: Killed process 13496 (pppd).
  Sep 3 13:11:36 2012
  Kernel
  Out of Memory: Kill process 13496 (pppd) score 177 and children.
  Sep 3 13:11:36 2012
  Kernel
  Out of memory: Killed process 13502 (sh).
  Sep 3 13:11:36 2012
  Kernel
  Out of Memory: Kill process 13496 (pppd) score 234 and children.
  Sep 3 13:10:21 2012
  Kernel
  Out of memory: Killed process 13490 (pppd).
  Sep 3 13:10:21 2012
  Kernel
  Out of Memory: Kill process 13490 (pppd) score 177 and children.
  Sep 3 13:10:20 2012
  Kernel
  Out of memory: Killed process 13492 (sh).
  Sep 3 13:10:20 2012
  Kernel
  Out of Memory: Kill process 13490 (pppd) score 234 and children.
  Sep 3 13:09:36 2012
  Kernel
  Out of memory: Killed process 13479 (pppd).
  Sep 3 13:09:36 2012
  Kernel
  Out of Memory: Kill process 13479 (pppd) score 177 and children.
  Sep 3 13:09:35 2012
  Kernel
  Out of memory: Killed process 13486 (sh).
  Sep 3 13:09:35 2012
  Kernel
  Out of Memory: Kill process 13479 (pppd) score 234 and children.
  Sep 3 13:08:20 2012
  Kernel
  Out of memory: Killed process 13094 (pppd).
  Sep 3 13:08:20 2012
  Kernel
  Out of Memory: Kill process 13094 (pppd) score 88 and children.
  Sep 3 13:08:20 2012
  Kernel
  Out of memory: Killed process 13469 (tar).
  Sep 3 13:08:20 2012
  Kernel
  Out of Memory: Kill process 13469 (tar) score 112 and children.
  Sep 3 13:08:20 2012
  Kernel
  Out of memory: Killed process 13471 (sh).
  Sep 3 13:08:20 2012
  Kernel
  Out of Memory: Kill process 13471 (sh) score 114 and children.
  Sep 3 13:08:20 2012
  Kernel
  Out of memory: Killed process 13468 (sh).
  Sep 3 13:08:20 2012
  Kernel
  Out of Memory: Kill process 13094 (pppd) score 116 and children.
  Sep 3 13:08:19 2012
  Kernel
  Out of memory: Killed process 13474 (cut).
  Sep 3 13:08:19 2012
  Kernel
  Out of Memory: Kill process 13471 (sh) score 170 and children.
  Sep 3 13:07:41 2012
  Kernel
  Out of memory: Killed process 13473 (sh).
  Sep 3 13:07:41 2012
  Kernel
  Out of Memory: Kill process 13471 (sh) score 228 and children.
  Sep 3 13:07:41 2012
  Kernel
  Out of memory: Killed process 13472 (sh).
  Sep 3 13:07:41 2012
  Kernel
  Out of Memory: Kill process 13471 (sh) score 285 and children.
  Sep 3 13:07:19 2012
  Kernel
  Out of memory: Killed process 13466 (sh).
  Sep 3 13:07:19 2012
  Kernel
  Out of Memory: Kill process 13466 (sh) score 112 and children.
  Sep 3 13:07:19 2012
  Kernel
  Out of memory: Killed process 13467 (pptpd).
  Sep 3 13:07:19 2012
  Kernel
  Out of Memory: Kill process 13467 (pptpd) score 95 and children.
  Sep 3 13:07:19 2012
  Kernel
  Out of memory: Killed process 13461 (sleep).
  Sep 3 13:07:19 2012
  Kernel
  Out of Memory: Kill process 13461 (sleep) score 112 and children.
  Sep 3 13:07:18 2012
  Kernel
  Out of memory: Killed process 13457 (sleep).
  Sep 3 13:07:18 2012
  Kernel
  Out of Memory: Kill process 13457 (sleep) score 112 and children.
  Sep 3 13:07:17 2012
  Kernel
  Out of memory: Killed process 13463 (sh).
  Sep 3 13:07:17 2012
  Kernel
  Out of Memory: Kill process 13094 (pppd) score 117 and children.
  Sep 3 13:07:16 2012
  Kernel
  Out of memory: Killed process 13465 (pppd).
  Sep 3 13:07:16 2012
  Kernel
  Out of Memory: Kill process 13464 (pptpctrl) score 134 and children.
  Sep 3 13:04:43 2012
  Kernel
  Out of memory: Killed process 13459 (tar).
  Sep 3 13:04:43 2012
  Kernel
  Out of Memory: Kill process 13459 (tar) score 114 and children.
  Sep 3 13:04:43 2012
  Kernel
  Out of memory: Killed process 13460 (gzip).
  Sep 3 13:04:43 2012
  Kernel
  Out of Memory: Kill process 13459 (tar) score 172 and children.
  Sep 3 13:04:03 2012
  Kernel
  Out of memory: Killed process 13456 (cut).
  Sep 3 13:04:03 2012
  Kernel
  Out of Memory: Kill process 13453 (sh) score 171 and children.
  Sep 3 13:04:03 2012
  Kernel
  Out of memory: Killed process 13455 (grep).
  Sep 3 13:04:03 2012
  Kernel
  Out of Memory: Kill process 13453 (sh) score 229 and children.
  I have no idea what would be causing this, the thing just seems to run out of memory and starts eating itself alive until its a brick.
  Any ideas?

  Hi Anythony, pppd is a point to point protocol daemon. The pptpctrl controls parts of the pptp such as ip addresses, etc.
  Can you try to delete all PPTP users, disable the PPTP function, save it, reboot the router and reenable the server and add the users? If still receiving these log errors, may need to try to give the entire router a factory reset, but hopefully that is unavoidable with the above steps.
  -Tom
  Please rate helpful posts

• Server certificate rejected by ChainVerifier

  Hi,
  I have written a java program for connecting to an HTTPS URL and get the response from the site.
  The HTTPS URL works well when I typed the URL in browser. But the same URL is failing while connecting using my program. I am getting the following exception while connecting to my HTTPS page "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"
  I am attaching the code below for your reference.
          String s = new String();
          s = "MyRequest=" + s;
          IAIK.addAsJDK14Provider(true);
          IAIK.addAsJDK14Provider();
          KeyStore keystore = Utils.getJavaDefaultKeystore();
          /* Giving "SUN version 1.5" as a provider */
          System.out.println("keystore provider:"+keystore.getProvider());
             FileInputStream fis = new FileInputStream("mycertificatefile");
             BufferedInputStream bis = new BufferedInputStream(fis);
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             Certificate cert = null;
             while (bis.available() > 0) {
                 cert = cf.generateCertificate(bis);
             keystore.setCertificateEntry("service_ssl",cert);
          SecureConnectionFactory secureconnectionfactory = new SecureConnectionFactory(keystore);
          secureconnectionfactory.setIgnoreServerCertificate(false);
          HttpURLConnection httpurlconnection = secureconnectionfactory.createURLConnection(url);
          httpurlconnection.setRequestMethod("POST");
          BufferedWriter bufferedwriter = new BufferedWriter(new OutputStreamWriter(httpurlconnection.getOutputStream()));
          bufferedwriter.write(s, 0, s.length());
          bufferedwriter.close();
          Utils.setBasicAuthenticationHeader(httpurlconnection, user, password);
          try
              httpurlconnection.connect();
          catch(ConnectException connectexception)
              error("Connection timeout");
              System.exit(1);
          catch(Exception exception)
              exception.printStackTrace();
              error("Connection exception");
              System.exit(1);
          int i = httpurlconnection.getResponseCode();
          System.out.println("http Response Code = " + i);
  If I pass the setIgnoreServerCertificate(true), then I am getting the following exception
  java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
  Thanks & Regards,
  Santhosh.C

  VS,
  I am not sure, how far this will solve my problem. Let me try this. BTW, I have solved the issue on my own.
  I generated keystore and truststore from the generated certificates and supplied the certificate as input to my program.
  Here is the program for your reference.
             HttpClient client = new HttpClient();
             client.getParams().setAuthenticationPreemptive(true);
             Credentials defaultcreds = new UsernamePasswordCredentials(USER, PASSWORD);
             client.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), defaultcreds);
           Protocol authhttps = new Protocol("HTTPS",
                  (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(
                          urlkeystore, PASSWORD,
                          urltruststore, PASSWORD), TARGET_HTTPS_PORT);
           Protocol.registerProtocol("https", authhttps);
            PostMethod filePost = new PostMethod(FINAL_URL);
           STATUS = client.executeMethod(filePost);
            String responseString = filePost.getResponseBodyAsString();
            if (responseString != null && responseString.length() > 0)
                 System.out.println("Response String : " + responseString);
  Thanks & Regards,
  Santhosh.C

• SSL VPN Failed to validate server certificate (cannot access https)

  Hi all,
  I have the next problem.
  I've configured in an UC520 a SSL VPN.
  I can access properly and I can see the labels, but I only can access urls which are http, not https:
  I can access the default ip of the uc520 (192.168.1.10) but
  When I try to get access to a secure url I get the msg: Failed to validate server certificate
  I'm trying to access a Cisco Digital Media Manager, whose url is https://pc.sumkio.local:8080
  Does the certificate of both hardware has to be the same?
  How can I add a https?
  Here is the config of the router:
  webvpn gateway SDM_WEBVPN_GATEWAY_1
  ip address 192.168.1.254 port 443 
  ssl trustpoint TP-self-signed-2977472073
  inservice
  webvpn context SDM_WEBVPN_CONTEXT_1
  secondary-color white
  title-color #CCCC66
  text-color black
  ssl authenticate verify all
  url-list "Intranet"
     heading "Corporate Intranet"
     url-text "DMM Sumkio" url-value "http://pc.sumkio.local:8080"
     url-text "Impresora" url-value "http://192.168.10.100"
     url-text "DMM" url-value "https://pc.sumkio.local:8443"
     url-text "DMM 1" url-value "http://192.168.10.10:8080"
     url-text "UC520" url-value "http://192.168.10.1"
  policy group SDM_WEBVPN_POLICY_1
     url-list "Intranet"
     mask-urls
     svc dns-server primary 192.168.10.250
     svc dns-server secondary 8.8.8.8
  default-group-policy SDM_WEBVPN_POLICY_1
  aaa authentication list sdm_vpn_xauth_ml_1
  gateway SDM_WEBVPN_GATEWAY_1
  max-users 10
  inservice
  Any help would be apreciatted.
  Thank you

  Hi, thanks for your advise.
  I'm trying to copy the certificate via cut and paste, but I'm getting a
  % Error in saving certificate: status = FAIL
  I dont know if I'm doing this right.
  I open the https page from the DMM with Mozilla Firefox, and in options I export the certificate in PEM format.
  I get a file which if I open with notepad is like
  -----BEGIN CERTIFICATE-----
  MIICOzCCAaSgAwIBAgIET7EwyzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJV
  KoZIhvcNAQEFBQADgYEAdk7n+tJi0igrTD2o7RD9ty8MLTyHN4uk8km+7DbpEy0g
  mxLY0UZswYvbj15kPdd8QbeGEdDR6SXOYePsfIRJzL0mqMON4oiUhsqAK5y2yC6R
  nqy4wWQ2fGVEYAeLpb1jGKdZWpuag/CO90NMHcMiobfBh+4eTqm7kRPTEyma6V0=
  -----END CERTIFICATE-----
  If I try to authenticate the trustpoint, I get that error.
  how can I export the certificate from the DMM?
  I think that this file is not the right file.
  and then, do I have to make some changes in
  webvpn gateway SDM_WEBVPN_GATEWAY_1?
  Should I choose the new trustpoint?
  I understand that the old trustpoint is for the outside connection, no for the LAN connection.
  Dont worry about me, answer when you can but I really need to fix this.
  Thank you so much

• Verification failed certificate for this server is invalid

  I attempt to log into the iCloud on my iPod over a WiFi connection and it gives me the Verification Failed. The certificate for this server is invalid. You might be connecting to a server that is pretending to be "setup.icloud.com" which could put your confidential information at risk.
  Why am I getting this and how can I access the iCloud to backup my files?

  This happened to me because my router was configured to use Open DNS servers (Primary 208.67.222.222, Secondary 208.67.220.220). Temporarily adjusting the DNS settings on the router to 4.2.2.1 and 4.2.2.2 did the trick. Open DNS does weird things with certain certificates. Even if your router is configured to used something else, try the ones listed above to see if it makes a difference.