Safari client certificate problem w/ Canada Post website

Similar Messages

• SSL client certificate problem with exchange owa

  Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
  When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
  Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
  I cannot get through this dialog because it seems I do not have the required certificate.
  What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
  I do not understand what mobileme has to do with this exchange server at all.
  What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
  Can anybody point in the right direction please ?
  For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
  Another strange bit, when setting up the exchange server inside mail.app, it works perfectly...

  Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
  When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
  Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
  I cannot get through this dialog because it seems I do not have the required certificate.
  What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
  I do not understand what mobileme has to do with this exchange server at all.
  What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
  Can anybody point in the right direction please ?
  For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
  Another strange bit, when setting up the exchange server inside mail.app, it works perfectly...

• Safari/Mail certificate problem with gmail/google

  Here is my problem:
  I have set-up Mail to use my gmail account through POP. Since yesterday, when I try to get or send mail, mail gives me the error:
  Unable to verify SSL server pop.gmail.com
  Mail was unable to verify the identity of this server, which has a certificate issued to "pop.gmail.com'. The error was:
  You might be connecting to a computer that is pretending to be "pop.gmail.com', and putting your confidential information at risk. Would you like to continue anyway?
  I then have the option to show the certificate,cancel or continue. If I hit Continue, nothing happens and mail set itself to offline. If I force Mail back online (Menu Mailbox/Go Online), when it goes on the next automatic check, it turns back offline. After hours of google search, I also tried the option to show the certificate, then drag the icon of the certificate to the desktop, then open the certificate with Keychain in order to add it to the keychain but this did not work for me, keychain refused to open it and if I double-click it on the desktop it opens as a clipping content. If I change the typre/creator to force Keychain to open it, then I got an error "Unable to import an item".
  I then tried to access gmail within Safari (not through POP) and I got this error when I tried to login:
  Safri cannot establish a secure connection to www.google.com
  At the same time, I had no problem to access it with Firefox. Back to google search, I tried to use Safari debug menu to set the security to "Performs Lax Certificate Checks" and then I could access my gmail with Safari. However the problem persists in Mail.
  I believe this is a system-wide certificate issue (Firefox not affected because of a diffrent handling of certificates?not much knowledge about certificates). I tried all the standard troubleshooting:
  re-boot, logoff, repair permissions, reapply latest security updates, reapply latest OS update, reset Safari, clean-up caches, discarded all mail preferences,clear-up keychain of any google/gmail.
  Finally I also found in my searches to try ro download a certicate from Thawte (ThawtePremiumServerCA.cer) and add it to my keychain but this does not solve the problem.
  Help will be greatly appreciated
  System info: iMac G5 1.6, 1Gb RAM, OS X 10.3.9 (everything up to date according to Software update), internet connection through Airport extreme base station.

  Are you saying that this is a well-recognised issue?
  Can we assume that the reason for not fixing it is that Nokia want people to use Nokia Messaging instead? It came free with my phone and I did try it. It connected & synchronised well but contacts in headers kept appearing in quotes ("") and when I checked my email from my main IMAP client my sent items included incomplete versions of my emails as well as the finished email - as if it was sending drafts.
  I guess I'm sticking with MfE for calendar and IMAP for email...

• SSL certificate problem on most https websites

  Some https sites can not be reached in my system, and it is going to include more https sites as times goes by. I have noticed that the problem is the SSL certificate. I even check an arch iso and there I have the same problem. I tetsted two thing in case it rings any bell for you
  omid@localhost›~⁑ curl -v https://github.com
  * Rebuilt URL to: https://github.com/
  * Adding handle: conn: 0x1757250
  * Adding handle: send: 0
  * Adding handle: recv: 0
  * Curl_addHandleToPipeline: length: 1
  * - Conn 0 (0x1757250) send_pipe: 1, recv_pipe: 0
  * About to connect() to github.com port 443 (#0)
  * Trying 192.30.252.128...
  * Connected to github.com (192.30.252.128) port 443 (#0)
  * successfully set certificate verify locations:
  * CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
  * SSLv3, TLS handshake, Client hello (1):
  * SSLv3, TLS handshake, Server hello (2):
  * SSLv3, TLS handshake, CERT (11):
  * SSLv3, TLS handshake, Server finished (14):
  * SSLv3, TLS handshake, Client key exchange (16):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * Unknown SSL protocol error in connection to github.com:443
  * Closing connection 0
  curl: (35) Unknown SSL protocol error in connection to github.com:443
  in which  you can see the problem. But
  omid@localhost›~35↵⁑ curl -v3 https://github.com
  * Rebuilt URL to: https://github.com/
  * Adding handle: conn: 0xf31250
  * Adding handle: send: 0
  * Adding handle: recv: 0
  * Curl_addHandleToPipeline: length: 1
  * - Conn 0 (0xf31250) send_pipe: 1, recv_pipe: 0
  * About to connect() to github.com port 443 (#0)
  * Trying 192.30.252.129...
  * Connected to github.com (192.30.252.129) port 443 (#0)
  * successfully set certificate verify locations:
  * CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
  * SSLv3, TLS handshake, Client hello (1):
  * SSLv3, TLS handshake, Server hello (2):
  * SSLv3, TLS handshake, CERT (11):
  * SSLv3, TLS handshake, Server finished (14):
  * SSLv3, TLS handshake, Client key exchange (16):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSL connection using RC4-SHA
  * Server certificate:
  * subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
  * start date: 2013-06-10 00:00:00 GMT
  * expire date: 2015-09-02 12:00:00 GMT
  * subjectAltName: github.com matched
  * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance EV CA-1
  * SSL certificate verify ok.
  > GET / HTTP/1.1
  > User-Agent: curl/7.33.0
  > Host: github.com
  > Accept: */*
  >
  < HTTP/1.1 200 OK
  * Server GitHub.com is not blacklisted
  < Server: GitHub.com
  < Date: Fri, 06 Dec 2013 09:55:10 GMT
  < Content-Type: text/html; charset=utf-8
  < Status: 200 OK
  < Cache-Control: private, max-age=0, must-revalidate
  < Strict-Transport-Security: max-age=2592000
  < X-Frame-Options: deny
  < Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Tue, 06-Dec-2033 09:55:10 GMT; secure; HttpOnly
  which seems OK.  Is there even anyway to add certificate to avoid this strange behavior. I use an updated x86_64 KDE.
  Last edited by nikta (2013-12-06 11:37:06)

  [omid@localhost ~]$ ldd `which curl`
  linux-vdso.so.1 (0x00007fff8bd7c000)
  libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f9f479c6000)
  libz.so.1 => /usr/lib/libz.so.1 (0x00007f9f477b0000)
  libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f9f47592000)
  libc.so.6 => /usr/lib/libc.so.6 (0x00007f9f471e7000)
  libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f9f46fbe000)
  libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f9f46d51000)
  libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f9f46949000)
  /lib64/ld-linux-x86-64.so.2 (0x00007f9f47c2b000)
  libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f9f46745000)
  [omid@localhost ~]$ pacman -Q|egrep '(openssl|curl|ca-cert)'
  ca-certificates 20130906-1
  ca-certificates-java 20130815-1
  curl 7.33.0-3
  lib32-openssl 1.0.1.e-2
  mingw-w64-openssl 1.0.1e-4
  openssl 1.0.1.e-5
  Last edited by nikta (2013-12-06 13:15:18)

• Secure Mobility Client Certificate Problem | scep-forwarding-url

  Hi All,
  I am having a problem configuring SCEP for my secure mobilty client.  I have created a connection profile to allow certificate requestes but when I fill in the scep-forwarding-url field I get an error. 
  The CA we are using is an internal MS CA with SCEP already enabled.  This has been configured for a long time with our current Cisco VPN client using certificate authentication.  The ASA is running 8.4.1.
  Here is the error I get when I try to enter the command into the group policy associated with my certificate enrollement connection profile:
  group-policy SSLGP attributes
  scep-forwarding-url value http://10.1.1.2/certsrv/mscep/mscep.dll
  Attempting to retrieve the CA/RA certificate(s) using the URL. Please wait ...
  Received 3 CA/RA certificate(s) using the SCEP URL.
  NON-RESIDENT CERT: serial: 11111111000100000145, subject: cn=SCEP_ADD_ON,o=OUNIT,c=UK
  NON-RESIDENT CERT: serial: 11111111000100000146, subject: cn=SCEP_ADD_ON,o=OUNIT,c=UK
  NON-RESIDENT CERT: serial: 11111111478AAB288393FAFf2a3E274, subject: cn=CERTSVR-01
  WARNING: Please check if you have all the required certificate(s) in the config to authenticate the certificates that will be issued using this SCEP URL
  Can someone explain why this is happening as it will not take the config?
  Thanks in advance.
  Ian

  Ian:
  I'am a roockie working on CA. I did the instalation over 2003 server and I checked and scep server is reachable in fact if I enter ther scep url I  get a message regarding the thumbprint and password. I got the same messege regarding the additional trustpoints, but in my environment I just have only one CA server. I notice by the certificate serial that I have the certificates generated on the CA numbered as 2 and 3 respectively but I have three questions.    
  1 .- I checked If the certificates could be exported as a .cer file but I just have two options as .dat or as text but I dont know how to import the text because the format looks different from the text chains we use to generate the trust points.
  2.- Because my config was not working I erased the ASA config and gave a different hostname to the ASA in fact I create an identity certificate with this name ¿Do i need to return to the original hostname?
  3.- Does the TAC gave You additional information on how to deal with CA server?

• Client Certificate Problems...

  Hoping someone can help!
  I'm trying to get onto a secure website for my son's school.  I can access from my windows PC and from iPad (all using same home wifi connection) but failing totally with the Mac.  Contacted school and they say its something to do with my computer and not the school site (they are probably right as I can access it easily from everything aprt from my Mac).  This is my error:
  Any suggestions?
  Thanks

  From the Safari menu bar, select
  Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
  and confirm. Test.

• In iPad how to use webdav nab   with client certificate

  I have created one webdav enable site in apple mac mini server using apache. The webdav site is secured with https as well as client certificate.
  While browsing the website using safari/IE everything is working fine,but with ipad's webdav utility it is not working.Client cert is not picking up by webdav nav tool, although the client ssl cert is installed in ipad.

  Hi Olek
  I Have a working WebDAV setup with tomcat 6.0
  the only problem is this only works on windows XP
  anyway here is the code,
      <servlet>
      <servlet-name>webdav</servlet-name>
      <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class>
      <init-param>
        <param-name>debug</param-name>
        <param-value>0</param-value>
      </init-param>
      <init-param>
        <param-name>listings</param-name>
        <param-value>true</param-value>
      </init-param>
      <!-- Uncomment this to enable read and write access -->
      <init-param>
        <param-name>readonly</param-name>
        <param-value>false</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <!-- The mapping for the webdav servlet -->
    <!-- Using /* as the mapping ensures that jasper, welcome files etc are
         over-ridden and all requests are processed by the webdav servlet.
         This also overcomes a number of issues with some webdav clients
         (including MS Webfolders) that do not respond correctly
  to the
         redirects (302) that result from using a mapping of / -->
    <servlet-mapping>
      <servlet-name>webdav</servlet-name>
      <url-pattern>/*</url-pattern>
    </servlet-mapping>put that in your web.xml file
  and here is a basic example of how to use it in a jsp.
  <%
  String networkPath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath() + "/";
  %>
  <body onload="document.getElementById('anchor').click();">
      <a id="anchor" href="<%= networkPath %>Temp/Test/file.doc" folder= "<%= networkPath/Temp/Test/">
             Open in Web Folder View
      </a>
  </body>Hope this helps you

• Canada Post Mississauga PO

  I have been having a problem with Parcels getting stuck in the Mississauga PO. The last Parcel I had cleared Customs on June 2/3 and was handed over to CP for shipping. It sat there till last Friday before it started moving again. I had the Seller from Germany put a search on it to get it moving twice. I was not sure if he was doing it so I told him in a nice way I would be looking for a Refund as it was almost 8/9 days over the expected arrival time and this time it worked and the Parcel is moving finally.This is not the first time this has happened with  a Parcel coming from Europe. I have not bought any thing from the US because of the GSP and I refuse to pay customs on items that do not even have duties.

  lukey9 wrote:
  That I under stand with that PO but with that many workers 3 weeks is too long to sit around. Before I retired they used to say to us how many workers work here and the answer would be may be 50 %.When you look up the tracking info the information you see on the Canada Post website is not accurate. The way it is posted it makes you think that the parcel has cleared customs and is back in the hands of the postal delivery end of things. In fact, your parcel sat in customs the entire time. That is where the delay was. Trust me, I have absolutely no love for Canada Post but I have researched this issue extensively and that is what I have discovered. It would be quite uncommon for a parcel to sit with CP for 3 weeks just waiting to go out for delivery. Not having seen your tracking info I can still with almost 100% certainty say that the package was i9ndeed stuck in customs and not sitting with CP. To add insult to injury if you call CP and Customs they play a great game of "it's their fault" pointing the finger at eachother and neither will actually confirm who has your package. It was only through my contact with some chatty employees that I discovered the truth. Cheers, thD

• Non-Deterministic Exception When Connecting With Wrong Client Certificate

  I am working on an internal application and need to determine the correct client-side SSL certificate to use when connecting to a server (the user can supply multiple client-side certificates). I had expected that if I connected to a server using the wrong client certificate the java client would throw a SSLHandshakeException and I could then try the next certificate. This seems to work some of the time, however the java client will sometimes throw a “SocketException: Software caused connection abort: recv failed”, in which case it is not possible to know that the wrong certificate caused the problem.
  Below is the code I have been using to test as well as the intermittent SocketException stack trace. Does anyone have an idea as to how to fix this problem? Thanks in advance.
  Note: the TrustAllX509TrustManager is a trust manager that trusts all servers.
  protected void connectSsl() throws Exception {
        final String host = "x.x.x.x";
        final int portNumber = 443;
        final int socketTimeout = 10*1000;
        // Note: Wrong certificate (expect SSLHandshakeException).
        final String certFilename = "C:\\xxx\\clientSSL.P12";
        final String certPassword = "certPassword";
        final BufferedInputStream bis = new BufferedInputStream(new FileInputStream(new File(certFilename)));
        final char[] certificatePasswordArray = certPassword.toCharArray();
        final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        final KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bis, certificatePasswordArray);
        keyManagerFactory.init(keyStore, certificatePasswordArray);
        final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        final SSLContext context = SSLContext.getInstance("SSL");
        context.init(keyManagers, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
        final SocketFactory secureFactory = context.getSocketFactory();
        final Socket socket = secureFactory.createSocket();
        final InetAddress ip = InetAddress.getByName(host);
        socket.connect(new InetSocketAddress(ip, portNumber), socketTimeout);
        socket.setSoTimeout(socketTimeout);
        // Write the request.
        final OutputStream out = new BufferedOutputStream(socket.getOutputStream());
        out.write("GET / HTTP/1.1\r\n".getBytes());
        out.write("\r\n".getBytes());
        out.flush();
        InputStream inputStream = socket.getInputStream();
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        byte[] byteArray = new byte[1024];
        int bytesRead = 0;
        while ((bytesRead = inputStream.read(byteArray)) != -1) {
           outputStream.write(byteArray, 0, bytesRead);
        socket.close();
        System.out.println("Response:\r\n" + outputStream.toString("UTF-8"));
     }Unexpected SocketException:
  main: java.net.SocketException: Software caused connection abort: recv failed
       at java.net.SocketInputStream.socketRead0(Native Method)
       at java.net.SocketInputStream.read(SocketInputStream.java:129)
       at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
       at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
       at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
       at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

  Thanks for the quick response. Here are answers to the questions:
  1) No, this issue is not associated with one particular certificate. I have tried several certificates and see the same issue.
  2) I agree it would be simpler to only send the required certificate, but unfortunately the project requires that the user be able to specify multiple certificates and, if a client-side certificate is required, the application try each one in turn until the correct certificate is found.
  3) Yes, I realize the TrustAllX509TrustManager is insecure, but I am using this for testing purposes while trying to diagnose the client certificate problem.
  In terms of testing, I am just wrapping the above code in a try/catch block and executing it in a loop. It is quite odd that the same exact code will sometimes generate a SSLHandshakeException and other times a SocketException.
  One additional piece of information: if I force the client code to use "SSLv3" using the Socket.setEnabledProtocols(...) method, the problem goes away (I consistently get a SSLHandshakeException). However, I don't think this solves my problem as forcing the application to use SSLv3 would mean it could not handle TLS connections.
  The code to specify the SSLv3 protocol is:
  SSLSocket sslSocket = (SSLSocket) socket;
  sslSocket.setEnabledProtocols(new String[] {"SSLv3"});
  One other strange issue: if instead of specifying the SSLv3 protocol using setEnabledProtocols(...) I instead specify the protocol when creating the SSLContext, the SocketException problem comes back. So if I replace:
  final SSLContext context = SSLContext.getInstance("SSL");
  with:
  final SSLContext context = SSLContext.getInstance("SSLv3");
  and remove the "sslSocket.setEnabledProtocols(new String[] {"SSLv3"})" line, I see the intermittent SocketException problem.
  All very weird. Any thoughts?

• Canada Post Alert re July 18 & 19 (upcoming weekend)

  For anyone who "didn't get the memo" from Canada Post, I thought I'd post it here, as it could inconvenience or confuse some sellers over this coming weekend: "The following services will be unavailable Saturday, July 18 to Sunday, July 19 while we perform essential maintenance:canadapost.ca – new profile creation, changes to existing profiles and access to FlexDeliveryepost.ca – all servicesWe apologize for any inconvenience this may cause and we thank you for your patience."
    

  Oh yes..... it's all coming back to me now. The last time Canada Post announced a planned outage, I recall it went twice as long and ran into a second day of work stoppage for all online tools. Mobile wasn't affected at the time. I use the Canada Post website for two things and two things only: 1. To give my domestic buyers an EXACT delivery estimate in terms of business days for their package as I might be the only seller annoyed by the vagueness of ebay.ca's 'one to eight business days' which is neither accurate nor truthful as the 'one' is only good if a buyer lives, like, next to me and delivery to remote and northern communities in Canada takes up to and including 13 or even 14 business days from my location; and 2. HS Codes for international shipments. I need those codes for customs and, as I discovered the last time there was an outage, there may be other places online to find the codes but I am leery as to their trustworthiness. At least one code I found on an alternate site was not the same as another I'd used before. If it's a random website providing the information, what is it to them to give the wrong code? Suddenly, an innocent box of diecast cars destined for New Zealand has been commandeered at the border for having been declared as containing live bull frogs or something.  Naturally, I am being somewhat facetious.  Does anyone have an alternate site for HS Codes up their sleeve? Thanks.  

• Why the website is requiring my computer to send a client certificate

  I can no longer access my course's website using Safari. A message pops-up informing that the site is requiring a "client certificate to validate my ID"  to get through the main page. When I click on the available certificates that Safari offers me, the same message pops-up again, and I can't go foward. When I access the same website using Chrome from a Vaio computer, this problem does not occur. What should I do? I never had this problem before.
  Thanks for your help.
  Renata

  Hello Peter249,
  >> but I don't have that option on the server and must supply it via code (C# .NET 4.0).
  From your description, it seems that you are trying to create a SSL communication between your server side and client side. As far as I know, we need to install the certificate file in both client side and server side and if you are using server mode, for
  creating the SSL communication, we must import a certificate with the associated private key to the server machine's Personal store. For details, please check this link:
  SSLStream example - how do I get certificates that work?
  By the way, since you are working with a web project, it is recommended to post asp.net related issues to:
  http://www.asp.net/
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• I'm having website certificate problems.

  Recently, when I try to purchased anything on eBay, a box pops up stating:
  "The certificate for this website was signed by an unknown certifying authority. you might be connecting
  to a website that is pretending to be checkout.payments.ebay.com....."
  Is there something i can do about this? For now, I use Firefox and don't have any certificate problems but
  I'd prefer to use Safari.
  Thanks
  jt

  This question has nothing to do with iBooks, nor anything to do with OS X Server — this question is really getting bounced around the forums, too! — and probably nothing to do with the particular web browser you're using.
  This is either something weird with local DNS or the host you're connecting to (that would be bad), or something weird with the certificate being presented by the eBay web site you're accessing:
  Launch Terminal.app from Applications > Utilities and issue the command
  dig +short checkout.payments.ebay.com
  Here's an example of what that command looks like, with the $ prompt and with the output shown before the next $ prompt:
  $ dig +short checkout.payments.ebay.com
  66.211.180.57
  66.135.215.197
  $
  I've posted the two IP addresses that I get from that command.
  If you get those two addresses, it's probably eBay's error. 
  If not, post what you get for IP addresses.
  If you don't get anything output from the command, or if you get something different from those two hosts, you might have an issue with your local DNS setup.

• I am trying to load a website on my computer when this "client certificate" pop up comes up- I click continue and have also tried cancel but my page will not load. Please help?

  help!

  Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
  Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
  The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
  Back up all data.
  Double-click anywhere in the line below on this page to select it:
  com.apple.idms.appleid.prd
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
  Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
  The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
  Credit for this idea to Christian Braukmueller of SAP.

• On the Washington Post website, when I try to click on an article, I get the message, "Invalid URL". I don't have this problem with other Web sites. I recently upgraded to the secure version of Firefox.

  I never had this problem before. I don't know if it's related to now having the secure (HTTPS) version of Firefox. Some WaPo links DO work, but most don't. One other thing: at least once when I Googled "The Washington Post" and clicked on the apparent result, I got a message saying that the certificate was "Not Trusted" and that legitimate Web sites did not ask me to override this issue and proceed to the site. Yet the website I'm trying to use is "www.washingtonpost.com", which I know for a fact is THE Post Website. What's going on, and how can I fix this? Thanks.

  I never had this problem before. I don't know if it's related to now having the secure (HTTPS) version of Firefox. Some WaPo links DO work, but most don't. One other thing: at least once when I Googled "The Washington Post" and clicked on the apparent result, I got a message saying that the certificate was "Not Trusted" and that legitimate Web sites did not ask me to override this issue and proceed to the site. Yet the website I'm trying to use is "www.washingtonpost.com", which I know for a fact is THE Post Website. What's going on, and how can I fix this? Thanks.

• SOAP Receiver Adapter problem (client certificate required)

  My Scenario is similar to described in https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3721. [original link is broken] [original link is broken] [original link is broken] I have two PI servers running on one machine. I am trying to post message HTTPS with Client authentication via SOAP adapter from one PI system to SOAP adapter of other PI server. I have done the following configuration.
  PI Server AXD - (Client) - Receiver SOAP adapter
  PI Server AXQ - (Server) - Sender SOAP Adapter.
  Steps in AXD
  1. I have created a certificate of AXD in the service_ssl view of key storage.
  2. I have imported the AXQ public certificate in to AXD in the TrustedCAs of Key storage
  Steps in AXQ
  1. I have created a certificate of AXQ in the service_ssl view of key storage.
  2. I have imported the AXD public certificate in to AXQ in the TrustedCAs of Key storage.
  3. I have created a user in AXQ and assigned the certificate of AXD under usermangement in Security provider to this user.
  4. I have added the AXD certificate under Client Authentication tab with require client certificate option checked in the SSL Provider.
  5. I have assigned the user created in AXQ in the step above to the Sender Agreement.
  Now when I post message from AXD with Configure Client Authentication checked (Here I have selected the certificate of AXD and view as service_ssl) I am getting the following error.
  Exception caught by adapter framework: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:884) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3
  Any pointer to solve this problem is highly appreciated.
  Thanks
  Abinash

  Hi Hemant,
  I have couple of questions. Why do we need to import certificate for SOAP WS-Security and from where I can get it?
  As far as my scenario goes I am not using message level security.
  Secondly what do you mean by TRUSTED/WebServiceSecurity? I don't see any such view inside the Key Storage.  I can see a view named just WebServiceSecuity though.
  Also I don't have a decentralized adapter installation rather I have two separate PI instances having their own central adapter engine.
  Abinash