Safari - Configuration Profile - Digital Certificate

Similar Messages

• How to push EAP-TLS configuration Profile and Certificates to Mac books and Iphones

  Hi Team,
  We were able to push the EAP-TLS configuration profiles and certificates to windows devices via group policy.  However, we're now looking to see how we can accomplish this for Mac book and iphones?  Is there an open source application or something we can leverage to do this?
  Thanks

  I think ammahend was looking for a rough count which is what my question was going to be. The reason I would ask this is that if the device count is low then you could manually provision certs on those devices. Not ideal since you will have to manually generate CSRs, get them signed and then installed on the machines.
  Another way to do this is if you have an MDM solution in place. You can have the MDM integrate with your CA via SCEP and then on-board devices that way. You don't have to integrate ISE with MDM (advanced licenses needed) as you can only have ISE check for the cert and only perform EAP-TLS authentications. 
  Hope this helps!
  Thank you for rating helpful posts! 

• Configure verisign digital certificate

  Hi,
  I am not sure if this question is for this forum, any help would be apreciated.
  I have installed Sun Java Portal Server (2005Q4) with Sun Java Web Sever as a container.
  I have purchased a verisign digital certificate, installed successfully in webserver
  container.
  What I need is to configure a webserver site or alias to hide /portal/dt url string, just typing
  https://midominio.com/ authentication page should appear.
  How can I configure this in Sun Java Webserver?
  Thanks in advance.
  Carlos.

  Sinan,
    We are experiencing the same exact problem. How did you fix this issue??
  Regards,
  Vinay

• Configuration Profile Code-Signing Certificates

  Today, I learned that the Code-Signing Certificate used for signing Device Configuration Profiles is _different_ (and much more expensive) than the SSL Certificate used by other Lion Server services.
  I understand that these certificates follow a trust _chain_, and that Lion Server creates a default Code-Signing certificate based on the self-signed certificate it creates during setup. Since then, I've replaced my self-signed SSL Cert with a fully verified one.
  How can I use OpenSSL to create a Code-Signing certificate based on my purchased SSL Certificate, just like Lion Server did?

  You must obtain a code-signing cert from a trusted authority or it won't be trusted by any of your clients.
  ** Code-signing your profiles is kind of pointless if you're a small business or school. This is only useful if you're a large enterprise (or maybe a college or university) deploying profiles to many devices and are worried about tampering. A signed SSL cert more useful than a code-signing cert.
  ** (This is totally my opinion but that's how I see it. Code-signing certs allow your clients to determine that the code is in fact from you and it hasn't been altered in transit to the client. If this is really a concern for you then you would need to obtain a cert from a trusted authority, but I bet it's not...)

• Distributing iPhone Configuration Profiles: Safari Error

  Hello,
  I created a configuration profile using iPhone Configuration Utility that I emailed and successfully installed on an iPhone 3G 2.0.
  I copied (via scp) the same file to server running Mac OS X 10.5.2. When I first downloaded the profile (named CP-V.mobileconfig) using Safari, the iPhone displayed the raw XML of the profile. Re-reading the Enterprise Deployment Guide, I added the proper MIME type: "AddType application/x=apple-aspen-config mobileconfig" and reloaded Apache.
  Now, the iPhone displays "Safari can't download this file".
  Apache logs no error and logs the access:
  ... "GET /iphone/CP-V.mobileconfig HTTP/1.1" 200 4005
  Any suggestions for how to debug this?
  -- Tom Kishel

  I had the same problem and after a lot of head scratching I finally figured out that I had my MIME type set incorrectly.
  Mine was set to "application/x-appleaspen-config" rather than "application/x-apple-aspen-config".
  Once I made that change the profile worked like a charm.
  To check mime types you can use the www.web-sniffer.net service. Select "Request type: HEAD" to see the http response header only.

• Certificate in the identity section of mdm payload of configuration profile.

  Hi,
  I am using iPhone configuration utility to create a configuration profile. I want to have an mdm payload. It has an identity section which needs a credential.
  Thr credential section has this text >> "Use the Credentials settings payload to add certificates and identities to the device. Certificates in PKCS1 and PKCS12 format are supported. Use P12 (PKCS #12 standard) files that contain exactly one identity. The file extensions .p12 and .pfx are recognized. When an identity is installed, the user is prompted for the passphrase that protects it, unless you include the passphrase in the payload."
  I dont know what certificate I need for this? I have a developer certificate and a certificate available for me in the "Other" tab of certificate section on the iOS provisioning portal. This certificate is "Mobile Device Management CSR Signing Certificate"
  They are not accepted as valid entries in the identity section.
  I am blocked and cannot create a configuration profile. Any help is highly appreciated.
  Thanks in advance

  I had the same problem, i had 4 certificate, which one is need here?
  1. devepoler certificate
  2. Mobile Device Management CSR Signing Certificate
  3. MDM_<company>_Certificate.pem which download fromhttps://identity.apple.com/pushcert
  4. ssl certificate
  which one should i use?

• Error while deploying configuration profile

  Hi, I'm using iPhone-4 4.3.5 GSM and trying to deploy configuration profile.
  Conf. profile has defined VPN (custom-ssl) with certificates: srever and client crt
  I do press install in iPhone Configuration utility.
  iPhone suggests me to install profile.
  I can't find anything anywhere about this issue:
  When I do press install and get a log (iPhone configuration utility -> console):
  Oct 11 09:58:50 unknown mc_mobile_tunnel[180] <Warning>: MC|mc_mobile_tunnel starting.
  Oct 11 09:58:50 unknown profiled[171] <Warning>: MC|Profile vvj.develbureau.ru queued for installation.
  Oct 11 09:58:50 unknown mc_mobile_tunnel[180] <Warning>: MC|mc_mobile_tunnel shutting down.
  Oct 11 09:59:04 unknown profiled[171] <Warning>: MC|Beginning profile installation...
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|VPN: couldn't create vpn interface
  Oct 11 09:59:09 unknown Preferences[81] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from  to (null)
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Rolling back installation of profile *********************...
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Installation of profile ************************ failed with error: NSError 0x1f5a3ef0:
  Desc   :     vvj.
  Sugg   :     VPN VPN (vvj-custom-ssl).
  US Desc: The profile vvj could not be installed.
  US Sugg: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
  vvj
  ...Underlying error:
  NSError 0x1f5a3b00:
  Desc   :     VPN VPN (vvj-custom-ssl).
  US Desc: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
  "VPN (vvj-custom-ssl)"
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Profile ************** failed to install with error: NSError 0x1f5a42a0:
  Desc   :
  Sugg   :     vvj.
  US Desc: Profile Failed to Install
  US Sugg: The profile vvj could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError 0x1f5a3ef0:
  Desc   :     vvj.
  Sugg   :     VPN VPN (vvj-custom-ssl).
  US Desc: The profile vvj could not be installed.
  US Sugg: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type : MCFatalError
  Params : (
  vvj
  ...Underlying error:
  NSError 0x1f5a3b00:
  Desc   :     VPN VPN (vvj-custom-ssl).
  US Desc: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
  "VPN (vvj-custom-ssl)"
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Removing certificate with persistent ID 63657274000000000000000b
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Removing certificate with persistent ID 63657274000000000000000c
  Oct 11 09:59:10 unknown Preferences[81] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x1f5bef80:<VPNBundleController: 0x1f5bef80>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
  Oct 11 10:00:09 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 0 -> 1
  Oct 11 10:00:09 unknown com.apple.SpringBoard[71] <Notice>: CoreAnimation: timed out fence 500
  Oct 11 10:00:10 unknown profiled[171] <Warning>: profiled|Idled.
  Oct 11 10:00:10 unknown profiled[171] <Warning>: profiled|Service stopping.
  Oct 11 10:00:10 unknown com.apple.SpringBoard[71] <Notice>: CoreAnimation: timed out fence 500
  Oct 11 10:00:36 unknown CommCenter[32] <Notice>: No more assertions for PDP context 0.  Returning it back to normal.
  Oct 11 10:00:36 unknown CommCenter[32] <Notice>: Scheduling PDP tear down timer for (340005936.512346) (current time == 340005636.512355)
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>: active (but IDLE) sessions
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd54b90 {port = 0x404f, caller = Preferences(81):MobileVPN, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd54040 {port = 0x380f, caller = Preferences(81):com.apple.settings.wi-fi, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd50030 {port = 0x1e07, caller = SpringBoard(71):com.apple.preferences, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:04:15 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 1 -> 0
  Oct 11 10:04:15 unknown kernel[0] <Debug>: set_crc_notification_state 0
  Oct 11 10:04:55 unknown kernel[0] <Debug>: launchd[183] Builtin profile: MobileSafari (sandbox)
  Oct 11 10:04:55 unknown MobileSafari[183] <Warning>: No search engine config file found at /var/mobile/Library/Safari/SearchEngines.plist
  Oct 11 10:04:56 unknown configd[25] <Debug>: CaptiveNetworkSupport:UIAllowedNotifyCallback:70 uiallowed: true
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:58 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:05:03 unknown configd[25] <Debug>: CaptiveNetworkSupport:UIAllowedNotifyCallback:70 uiallowed: false
  Oct 11 10:06:16 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 0 -> 1

  Hi, I'm using iPhone-4 4.3.5 GSM and trying to deploy configuration profile.
  Conf. profile has defined VPN (custom-ssl) with certificates: srever and client crt
  I do press install in iPhone Configuration utility.
  iPhone suggests me to install profile.
  I can't find anything anywhere about this issue:
  When I do press install and get a log (iPhone configuration utility -> console):
  Oct 11 09:58:50 unknown mc_mobile_tunnel[180] <Warning>: MC|mc_mobile_tunnel starting.
  Oct 11 09:58:50 unknown profiled[171] <Warning>: MC|Profile vvj.develbureau.ru queued for installation.
  Oct 11 09:58:50 unknown mc_mobile_tunnel[180] <Warning>: MC|mc_mobile_tunnel shutting down.
  Oct 11 09:59:04 unknown profiled[171] <Warning>: MC|Beginning profile installation...
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|VPN: couldn't create vpn interface
  Oct 11 09:59:09 unknown Preferences[81] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from  to (null)
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Rolling back installation of profile *********************...
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Installation of profile ************************ failed with error: NSError 0x1f5a3ef0:
  Desc   :     vvj.
  Sugg   :     VPN VPN (vvj-custom-ssl).
  US Desc: The profile vvj could not be installed.
  US Sugg: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
  vvj
  ...Underlying error:
  NSError 0x1f5a3b00:
  Desc   :     VPN VPN (vvj-custom-ssl).
  US Desc: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
  "VPN (vvj-custom-ssl)"
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Profile ************** failed to install with error: NSError 0x1f5a42a0:
  Desc   :
  Sugg   :     vvj.
  US Desc: Profile Failed to Install
  US Sugg: The profile vvj could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError 0x1f5a3ef0:
  Desc   :     vvj.
  Sugg   :     VPN VPN (vvj-custom-ssl).
  US Desc: The profile vvj could not be installed.
  US Sugg: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type : MCFatalError
  Params : (
  vvj
  ...Underlying error:
  NSError 0x1f5a3b00:
  Desc   :     VPN VPN (vvj-custom-ssl).
  US Desc: The VPN service VPN (vvj-custom-ssl) could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
  "VPN (vvj-custom-ssl)"
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Removing certificate with persistent ID 63657274000000000000000b
  Oct 11 09:59:09 unknown profiled[171] <Warning>: MC|Removing certificate with persistent ID 63657274000000000000000c
  Oct 11 09:59:10 unknown Preferences[81] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x1f5bef80:<VPNBundleController: 0x1f5bef80>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
  Oct 11 10:00:09 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 0 -> 1
  Oct 11 10:00:09 unknown com.apple.SpringBoard[71] <Notice>: CoreAnimation: timed out fence 500
  Oct 11 10:00:10 unknown profiled[171] <Warning>: profiled|Idled.
  Oct 11 10:00:10 unknown profiled[171] <Warning>: profiled|Service stopping.
  Oct 11 10:00:10 unknown com.apple.SpringBoard[71] <Notice>: CoreAnimation: timed out fence 500
  Oct 11 10:00:36 unknown CommCenter[32] <Notice>: No more assertions for PDP context 0.  Returning it back to normal.
  Oct 11 10:00:36 unknown CommCenter[32] <Notice>: Scheduling PDP tear down timer for (340005936.512346) (current time == 340005636.512355)
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>: active (but IDLE) sessions
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd54b90 {port = 0x404f, caller = Preferences(81):MobileVPN, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd54040 {port = 0x380f, caller = Preferences(81):com.apple.settings.wi-fi, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:02:36 unknown SCHelper[80] <Notice>:   0x1cd50030 {port = 0x1e07, caller = SpringBoard(71):com.apple.preferences, path = /Library/Preferences/SystemConfiguration/preferences.plist}
  Oct 11 10:04:15 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 1 -> 0
  Oct 11 10:04:15 unknown kernel[0] <Debug>: set_crc_notification_state 0
  Oct 11 10:04:55 unknown kernel[0] <Debug>: launchd[183] Builtin profile: MobileSafari (sandbox)
  Oct 11 10:04:55 unknown MobileSafari[183] <Warning>: No search engine config file found at /var/mobile/Library/Safari/SearchEngines.plist
  Oct 11 10:04:56 unknown configd[25] <Debug>: CaptiveNetworkSupport:UIAllowedNotifyCallback:70 uiallowed: true
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:57 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:04:58 unknown MobileSafari[183] <Warning>: -[UIApplication endIgnoringInteractionEvents] called without matching -beginIgnoringInteractionEvents. Ignoring.
  Oct 11 10:05:03 unknown configd[25] <Debug>: CaptiveNetworkSupport:UIAllowedNotifyCallback:70 uiallowed: false
  Oct 11 10:06:16 unknown SpringBoard[71] <Notice>: MultitouchHID(1cd1d100) uilock state: 0 -> 1

• VPN error when using Microsoft digital certificates.

  Hi,
  I tried implementing site-site VPN between Cisco Router and Cisco ASA using Microsoft digital certificates. After performing the following configurations, I was not able to ping to other site LAN. I enabled debug and got following out put. I sucessfully enrolled digital certificates.
  Cisco ASA config:
  access-list 100 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
  nat (inside) 0 access-list 100
  static (inside,outside) 1.1.1.10 10.1.1.10 netmask 255.255.255.255
  route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  crypto map mymap 1 match address 100
  crypto map mymap 1 set peer 2.2.2.2
  crypto map mymap 1 set transform-set myset
  crypto map mymap interface outside
  crypto ca trustpoint winca
  enrollment url http://10.1.1.10:80/certsrv/mscep/mscep.dll
  crl configure
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  tunnel-group 2.2.2.2 type ipsec-l2l
  tunnel-group 2.2.2.2 ipsec-attributes
  trust-point winca
  On router:
  crypto ca trustpoint winca
  enrollment mode ra
  enrollment url http://1.1.1.10:80/certsrv/mscep/mscep.dll
  crypto isakmp policy 19
  encr 3des
  group 2
  authentication rsa-sig
  crypto isakmp key cisco address 1.1.1.1
  crypto map mymap 10 ipsec-isakmp
  set peer 1.1.1.1
  set transform-set myset
  match address 100
  access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  Debug output on ASA
  CorpASA# Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Removing peer from peer table failed, no match!
  Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Error: Unable to remove PeerTblEntry
  CorpASA#
  CorpASA#
  CorpASA# Nov 15 02:13:06 [IKEv1]: Removing peer from peer table failed, no match!
  Nov 15 02:13:06 [IKEv1]: Error: Unable to remove PeerTblEntry
  Nov 15 02:13:11 [IKEv1]: Removing peer from peer table failed, no match!
  Nov 15 02:13:11 [IKEv1]: Error: Unable to remove PeerTblEntry
  Debug out put on router:
  R2#ping 10.1.1.10 source 192.168.1.1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
  Packet sent with a source address of 192.168.1.1
  Nov 15 02:21:01.067: %SYS-5-CONFIG_I: Configured from console by console
  Nov 15 02:21:02.651: ISAKMP: received ke message (1/1)
  Nov 15 02:21:02.655: ISAKMP (0:0): SA request profile is (NULL)
  Nov 15 02:21:02.655: ISAKMP: local port 500, remote port 500
  Nov 15 02:21:02.655: ISAKMP: set new node 0 to QM_IDLE
  Nov 15 02:21:02.655: ISAKMP: insert sa successfully sa = 64597C20
  Nov 15 02:21:02.655: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.
  Nov 15 02:21:02.659: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success
  Nov 15 02:21:02.659: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1
  Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-07 ID
  Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-03 ID
  Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-02 ID
  Nov 15 02:21:02.659: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
  Nov 15 02:21:02.663: ISAKMP (0:1): Old State = IKE_READY  New State = IKE_I_MM1
  Nov 15 02:21:02.663: ISAKMP (0:1): beginning Main Mode exchange
  Nov 15 02:21:02.663: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
  Nov 15 02:21:02.703: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
  Nov 15 02:21:02.707: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  Nov 15 02:21:02.707: ISAKMP (0:1): Old State = IKE_I_MM1  New State = IKE_I_MM2
  Nov 15 02:21:02.707: ISAKMP (0:1): processing SA payload. message ID = 0
  Nov 15 02:21:02.707: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:02.707: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
  Nov 15 02:21:02.711: ISAKMP : Scanning profiles for xauth ...
  Nov 15 02:21:02.711: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 19 policy
  Nov 15 02:21:02.711: ISAKMP:      encryption 3DES-CBC
  Nov 15 02:21:02.711: ISAKMP:      hash SHA
  Nov 15 02:21:02.711: ISAKMP:      default group 2
  Nov 15 02:21:02.711: ISAKMP.:      auth RSA sig
  Nov 15 02:21:02.711: ISAKMP:      life type in seconds
  Nov 15 02:21:02.711: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
  Nov 15 02:21:02.715: ISAKMP (0:1): atts are acceptable. Next payload is 0
  Nov 15 02:21:02.771: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:02.771: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
  Nov 15 02:21:02.775: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  Nov 15 02:21:02.775: ISAKMP (0:1): Old State = IKE_I_MM2  New State = IKE_I_MM2
  Nov 15 02:21:02.783: ISAKMP (0:1): constructing CERT_REQ for issuer cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
  Nov 15 02:21:02.783: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
  Nov 15 02:21:02.783: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  Nov 15 02:21:02.787: ISAKMP (0:1): Old State = IKE_I_MM2  New State = IKE_I_MM3
  Nov 15 02:21:02.903: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
  Nov 15 02:21:02.907: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
  Nov 15 02:21:02.907: ISAKMP (0:1): Old State = IKE_I_MM3  New State = IKE_I_MM4
  Nov 15 02:21:02.907: ISAKMP (0:1): processing KE payload. message ID = 0
  Nov 15 02:21:02.979: ISAKMP (0:1): processing NONCE payload. message ID = 0
  Nov 15 02:21:02.987: ISAKMP (0:1): SKEYID state generated
  Nov 15 02:21:02.991: ISAKMP (0:1): processing CERT_REQ payload. message ID = 0
  Nov 15 02:21:02.991: ISAKMP (0:1): peer wants a CT_X509_SIGNATURE cert
  Nov 15 02:21:02.995: ISAKMP (0:1): peer want cert issued by cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
  Nov 15 02:21:02.995: ISAKMP (0:1): Choosing trustpoint winca as issuer
  Nov 15 02:21:02.995: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:02.995: ISAKMP (0:1): vendor ID is Unity
  Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID seems Unity/DPD but major 11 mi.smatch
  Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID is XAUTH
  Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:02.999: ISAKMP (0:1): speaking to another IOS box!
  Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
  Nov 15 02:21:03.003: ISAKMP (0:1:): vendor ID seems Unity/DPD but hash mismatch
  Nov 15 02:21:03.003: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
  Nov 15 02:21:03.003: ISAKMP (0:1): Old State = IKE_I_MM4  New State = IKE_I_MM4
  Nov 15 02:21:03.007: ISAKMP (0:1): Send initial contact
  Nov 15 02:21:03.067: ISAKMP (1): My ID configured as IPv4 Addr,but Addr not in Cert!
  Nov 15 02:21:03.067: ISAKMP (1): Using FQDN as My ID
  Nov 15 02:21:03.067: ISAKMP (0:1): SA is doing RSA signature authentication using id type ID_FQDN
  Nov 15 02:21:03.067: ISAKMP (0:1): ID payload
          next-payload : 6
          type         : 2
          FQDN name    : R2.cisco.com
          protocol     : 17
          port         : 500
          length       : 20
  Nov 15 02:21:03.067: ISAKMP (1): Total payload length: 20
  Nov 15 02:21:03.095: ISAKMP (0:1): constructing CERT payload for hostname=R2.cisco.com
  Nov 15 02:21:03.095: ISKAMP: growing send buffer from 1024 to 3072
  Nov 15 02:21:03.095: ISAKMP (0:1): using the winca trustpoint's keypair to sign
  Nov 15 02:21:03.215: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
  Nov 15 02:21:03.219: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
  Nov 15 02:21:03.219: ISAKMP (0:1): Old State = IKE_I_MM4  New State = IKE_I_MM5
  Nov 15 02:21:03.375: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
  Nov 15 02:21:03.375: ISAKMP: set new node -1205710646 to QM_IDLE
  Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
  Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
  Nov 15 02:21:03.383: ISAKMP (0:1): received packe.t from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
  Nov 15 02:21:03.383: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
  Nov 15 02:21:03.383: ISAKMP: Info Notify message requeue retry counter exceeded sa request from 1.1.1.1 to 2.2.2.2...
  Success rate is 0 percent (0/5)
  R2#
  Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
  Nov 15 02:21:13.219: ISAKMP (0:1): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
  Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
  Nov 15 02:21:13.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
  R2#
  Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
  Nov 15 02:21:23.219: ISAKMP (0:1): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
  Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
  Nov 15 02:21:23.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
  R2#
  Nov 15 02:21:32.651: ISAKMP: received ke message (1/1)
  Nov 15 02:21:32.651: ISAKMP: set new node 0 to QM_IDLE
  Nov 15 02:21:32.651: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. (local 2.2.2.2, remote 1.1.1.1)
  Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
  Nov 15 02:21:33.219: ISAKMP (0:1): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
  Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
  Nov 15 02:21:33.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
  R2#
  Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
  Nov 15 02:21:43.219: ISAKMP (0:1): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
  Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
  Nov 15 02:21:43.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
  PLease assist me in sorting this issue, i need to implement on my live network.
  Thanks a lot in advance.
  Regards,
  Mohan.D

  HI Mate ,
  your ASA is sending the ASA certificate :
  but after that we are recieving an isakmp notify message which tears down the connection ?
  somehow the remote peer didn't like the ASA certificate
  do you have access to that peer ? is it a CISCO ASA?
  is the time synchronized with that side ?
  it the CA certificate installed on that peer?
  HTH
  Mohammad.

• "no access to the digital certificate" - Trying to export my first iOS app from Flash - Help please

  Hello
  I'm trying to export my first iOS app from flash to my desktop / on the device (Flash Pro CC, Iphone5)
  I followed the instructions on the adobe website to build an air app for iOS but on the last step it
  doesn't export the app.
  What I've done so far:
  - Apple developer account
  - creating the certificate + convert it to .p12
  - app ID / Name etc.
  - creating the provisioning profile from apple
  - iOS Air app in flash (Only Text "Hello world" with a tween)
  Now i have to load the certificates into Flash & enter a password (is it the password that
  i entered in the certificate or from my developer account/ Apple ID password? Both didn't work at the end)
  When i klick on publish in the last step than it loads a while but then i get the Error:
  "no access to the digital certificate"
  What is wrong? Can you help me please.

  Also, I should say, when I go into my phone on the computer and try to install an app, I get this message:
  Unable to start operation. Installer is already in use.
  Any ideas

• Using a digital certificate to send an encrypted email.

  I want to send an e-mail through my i-pad using a digital certificate, that i have already configurated in my e-mail account. This e-mail i want to send also encrypted. Do i need to have a public certificate code from the person i´m sending the e-mail to? Like outlook express works?
  thanks for the answer in advance

  Hello,
  Your best option will be to use an encoder for feedback in your system. If you use an encoder then at the end of the move, the controller will compare your trajectory position with the position the encoder reads (the actual position) and make the necessary adjustments. Also, this is all handled transparently so you won't have to worry about any complicated programming issues.
  Regards,
  Andy Bell
  Applications Engineer
  National Instruments

• Browser settings in configuration profile

  Hello,
  I am using Mountain Lion + Server in a lab environment and need to set the start page in Safari and Chrome on each device (iMac). Is there a way accomplish that with the configuration profiles? Or is there another nice way?
  Thanks in advancce.

  Hi there is no standard interface and different browsers store this information differently.
  [http://forums.sun.com/thread.jspa?threadID=5324218&tstart=0]

• CIDX Adopter Digital Certificates

  Guys,
  Here is the scenario..
  We are getting the HTTPS message from external system to XI.
  We are using CIDX Adopter to read external message and validate the digital certificates and map to ORDERS05 Idoc. As soon I trigger the message from external system (HTTPS message), I am seeing message in XI RWB adopter engine, when CIDX adopter is trying the validate the digital signatures somehow it is pointing to J2EE_GUSET user. And it is giving error as below mention.
  <b>ERROR</b>
  "Signature verification failed, alerted;Error when accessing keystore:service_ssl
  Signature verification failed, alerted
  Unexpected error while packing the CIDX message -
  null
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Error encountered while receiving inbound action; See nested exception for detailed error message -
  Message Processing caused Failure. -
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Delivery of the message to the application using connection CIDXAdapter failed, due to: Error encountered while receiving inbound action; See nested exception for detailed error message. "
  <b>Regarding Digital Certificates</b>
        We got the digital certificates from my external party and installed and
         created the Key stores in XI Visual Administration tool.
         We configured in sender agreement by selecting those key stores..
  Can any one help me on how to resolve the issue, is there any problem in Visual Admin Toll, while installing the certificates..
  Thanks
  Murali
  Message was edited by:
          Murali Babu Pallabothula

  HI,
  See the below links
  HTTP* Errors /people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  also see the below links may be useful..
  See the below links
  /people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
  SAP Java Cryptographic Toolkit
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  http://help.sap.com/saphelp_nw04/helpdata/en/fb/322f41d606ef23e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/45/341a2176b74002e10000000a155369/frameset.htm
  Also see the below threads.
  how to deal with digital signatures when converting messages?
  Certificates Vs Digital Signatures
  Security Issues: SSL on SOAP Adapter and Digital Signature in BPM
  message level security: difference digital signature and certificate
  Loading Invoice XML IDoc with digital signature via XI into R/3
  Regards
  CHilla

• A site is telling me that i have no digital certificate installed....

  Hi. Trying to access a page on the Spanish version of the IRS, to file a tax document here. I can't get access to the page (or any of their secure pages), and I get this message, which has been Google translated:
  ''The error "403 byrule" is a mistaken identity. Occurs when you try to access an option that requires electronic certificate and the browser does not detect that one is installed or not properly selected. If the choice of the certificate you get a page that says "page can not be displayed" or similar error is possible that the certificate is damaged, changes or problems in the operating system or other causes. If possible, you should try to reinstall a valid copy of your certificate.
  This error in Firefox indicates that there is no digital certificate installed. Go to "Tools" "Options" ("Firefox", "Preferences" Mac "Edit" "Preferences" in Linux), "Advanced" and select the "Encryption". Click on the "View Certificates" and verify that your certificate is installed correctly. If no certificate on the tab "Your Certificates" will have to import a valid copy of the browser. If necessary, also refer to the instructions on importing certificates from our "Help" and the links that we propose below. Once the certificate is installed also make sure that Mozilla Firefox is configured correctly. This may refer to the "Installation, configuration and management of electronic certificates for Mozilla Firefox.''
  Under "view certificates" in preferences/encryption, "Your Certificates" is blank. And I don't see anything in "Authorities" that seems to relate to this website. In 'Servers" there were some exceptions I created (reluctantly) when the site asked for it. I deleted them, still not working."
  I've tried with both "Select one automatically" and "Ask me every time"
  Click on the page below, click on any of the links with a lock to see the resulting error.
  Thanks in advance.

  Thanks. You are very much on the right track, and I can't thank you enough. The page you sent me to is has the right link. But I can't just download the certificate, as you proposed. It's actually part of a significant security system. I went to the webpage that accompanied the link. I have to fill out a form, from that get a code... then go to a local gov't office, show my ID, get another code, then come back, input that, and get my personalized certificate. I'll let you know how it goes. But without you I have no idea how I'd even have gotten onto the right path. Thanks again.

• Can't install configuration profile using iPhone Config Utility 3.5 and iPad iOS 5.1

  Sorry for the long title, but...
  I had a certificate expire in my configuration profile (that allows access to the Enterprise WiFi network). In the past, that means I go fetch a new certificate, install it into the configuration profile, attach the device to the computer via USB, and download that to the device. It's all good.
  With iCU 3.5 and iOS 5.1, that all works fine until the last step. I hit the install button - nothing happens. Zilch. Nada, Zero. I happen to be a developer as well, so I have Xcode open and am watching the device console. Absolutely nothing happens on the device console.
  What am I doing wrong? I can't believe that this is broken, and if it is broken I'm the first person to trip on it, so what's up?
  (I did workaround this problem by exporting and sharing the configuration via email to the device and installing it from the attachment. That part still seems to work, and the profile itself also seems to work. The problem seems to be with iCU and downloading profiles.)
  Thanks for your help.

  I ran into same problem. I think ithis might be your problem . This fixed mine I had settings already set and tried to install on new ipad and wouldn't work wouldn't do anything just set there I hit install and never did nothing. What I did was del the settings for configuration and re set them all over again and boom it's worked it works fine for me now. Hope this helps

• Cannot install configuration profiles using iphone configuration utility, why?

  I have several working configuration profiles, which I can distribute both via email and a website.
  I'd like to install the profiles through the iPhone Configuration Utility, but I am not able to do so. The devices show up just fine in the list. When I choose the Configuration Profile tab and clicking the install-button on a profile (which will install fine via Email or website) in the list, nothing happens. Regardless of the device beeing out of the box, or activated via iTunes. What am I missing?
  I have tried this on several iPad and iPad 2 devices with the latest (4.3.3) firmware installed.

  Hi,
  I have the same problem. After creating profile with only General tab being set up it is failing to install on my iPad.
  Profile installation failed
  The profile could not be added to device
  Any suggestions?
  I even erase all content and setting but that didn't help either.
  The only alarming thing is that in my Certificate section I have red message:
  "This certificate was signed by and untrusted issuer"
  Can that effect installation?
  If that is the case how to fixed it?
  P.S. iPad was purchased from Apple Store.
  Regards,