Secure Channel and Key sharing

Hi all,
I'm new in this Java Card technology and in the last month i've been studying some documents and guidelines to develop a SIM Toolkit application.
What i have in hands now will need the share keys for assymmetric encryption, so i will need the share a public key.
So my main doubts are, when a Secure Channel is established from the card, the other point of the channel is the network operator right? So to establish a secure connection i will need get a secure channel in the install() method and send the random key to use in decryption? For this i read somewhere that there are APDU specific commands for keys.
Maybe this is a little confusing but there are some concepts about this that aren't clear inside my head ;)
If someone can provide me some answers or some guideline regarding this i would be very thankful.
Regards

Hi Shane,
Thanks for your answers! So analysing what you said:
safarmer wrote:
Hi,
igosneves wrote:
What i have in hands now will need the share keys for asymmetric encryption, so i will need the share a public key.This is easy enough to do. When you install the Applet, you should be able to generate a key pair for this. Then when you need to encrypt data to the card, you can first send an APDU to retrieve the public key. Then use it to encrypt the data before sending back to the card.
Yes, this can be done using APDU but to retrieve they key i have to use a specific APDU created by me? I ask this because i only found APDU for Put Key operation... :P
igosneves wrote:
So my main doubts are, when a Secure Channel is established from the card, the other point of the channel is the network operator right? Not sure what you mean by this, but the client application will be the other end of the secure channel. That is, the application communicating with the applet through APDU's.
Yes that is what i meant to. The client application will be someone that is sending APDUs through a card reader or through an OTA platform am i right?
And if i want to do something like have a server, generate the key pairs in that server and share the public key to the Applet so that there i can send encrypted SMS from the mobile to the server? The process is the same for sharing keys? The only way to put the key in the card is using card reader or OTA?
igosneves wrote:
So to establish a secure connection i will need get a secure channel in the install() method and send the random key to use in decryption? For this i read somewhere that there are APDU specific commands for keys. If you want to use a GP secure session you will need to ensure that the client knows the card platform keys. Since this is not a overly secure model (as you are using a secret key), you may want to focus on using the key pair you mentioned earlier in your post. If the platform keys are compromised it is possible for code to be added/removed from your card. You can either simply use the public key for securing data to the card, or you can use 2 asymmetric key pairs (client and server) to establish a symmetric session key (3TDEA?) for the secure session. You could model this off TLS/SSL.
Cheers,
ShaneThanks again,
Rodrigo

Similar Messages

  • Secure Channel base key

    Hi everyone,
    Please, how can i get the Secure Channel base key ?
    All my thanks !
    Edited by: user13723459 on 27 janv. 2011 05:55

    Regarding this issue,
    I have two cards (for GSM). To manage contents on the first one I have to provide two 16-byte keys (Cenc and Cmac). The process involves INITIALIZE_UPDATE/EXTERNAL_AUTHENTICATE and the commands are sent to the Card Manager (select by default after reset). Once I have identified myself I can start loading/installing/deleting etc.
    Withe the second one I have to do things different:
    1. The very first APDU I send is VERIFY (with a key), not an INITIALIZE_UPDATE/EXTERNAL_AUTHENTICATE pair
    2. I send the VERIFY to the GSM applet (selected by default after reset), not to the card manager
    3. Having successfully identified myself before the GSM applet, I select the Card manager and start loading/installing/deleting etc.
    What is the difference, or maybe why should there be a difference? I understand the first case-show your credentials to the card manager and it will let you manage card contents, but what is the difference in the second case? Why do I identify myself before the GSM applet, not before the card manager?
    Thanks

  • How to determine Secure Channel key set index or version within applet

    Hi,
    Is there any way to determine from within the applet the used key set index or key set version?
    The ProviderSecurityDomain object does not contain such a property to my understanding.
    b.r.
    Fabe

    No there is not. There are API's to ask the security domain to do crypto operations using the current secure channel session keys and GP says that the security domain needs to be aware of what keys to use for this.
    The key information is not exposed to the applet as it is not generally required and for security reasons.
    Cheers,
    Shane

  • Using SSH as a secure channel for other programs

    Hi,
    I'm wondering if it's possible to use an SSH connection as a generic secure channel for other programs. I want to write a server-client program where I can open up an SSH channel first and then have the server and client communicate over it. If there is some other way to communicate via a secure channel and using SSH-like users and keys that would be great too.

    fukawi2 wrote:
    Basu wrote:It's a simple message exchange system.
    I've been looking into this... Best solution I've found is AMQP / RabbitMQ.
    (I hate reinventing the wheel)
    Well, reinventing the wheel can teach you a great deal IMO. That usally how I get to learn how stuff works

  • Secure Channel Problem!

    I tried to open secure channel and I got some problems.
    I use GalactIC Lite card and Gemplus 433 card reader.
    Initialize Update command works fine.
    I use derivation data to generate ENC and MAC session keys.
    Then I use ENC session key to verify Card Cryptogram and it is ok.
    So I generate Host Cryptogram and maced data.
    I send External Authenticate command but I received 69 82 (Security status not satisfied).
    After I executed my program several times, Initialize Update command also received 69 82 error.
    Initialize Update command can not work anymore.
    What�s wrong with my program?
    Is my card blocked?
    Thanks.

    I use following apdu commands to open secure channel.
    Key info:
    S-ENC : 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F
    S-MAC : 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F
    ICV : 00 00 00 00 00 00 00 00
    1. Select Card Manager
    APDU : 00 A4 04 00 07 A0 00 00 00 03 00 00
    RESPONSE : 6F 18 84 07 A0 00 00 00 03 00 00 A5 0D 9F 6E 06 4A 5A 10 78 01 00 9F 65 01 FE 90 00
    2. Initialize Update
    APDU : 80 50 01 01 08 00 00 00 00 00 00 00 1C
    RESPONSE : 00 00 11 15 00 00 71 78 02 99 01 01 0A D3 7E 33 E2 D8 69 98 EF 70 C9 AE C3 76 D2 C9 90 00
    Host challenge : 00 00 00 00 00 00 00 1C
    Card challenge : 0A D3 7E 33 E2 D8 69 98
    Card cryptogram : EF 70 C9 AE C3 76 D2 C9
    Derivation Data : E2 D8 69 98 00 00 00 00 EF 70 C9 AE 00 00 00 1C
    Host Cryptogram Data (to encrypt) : 0A D3 7E 33 E2 D8 69 98 00 00 00 00 00 00 00 1C 80 00 00 00 00 00 00 00
    Card Cryptogram Data (to encrypt for verification) : 00 00 00 00 00 00 00 1C 0A D3 7E 33 E2 D8 69 98 80 00 00 00 00 00 00 00
    Session S-ENC key = S-ENC ECB encryption(Derivation Data)
    Session S-MAC key = S-MAC ECB encryption(Derivation Data)
    Then I use session S-ENC key to encrypt Card Cryptogram Data.
    The last 8-byte of result is the same as Card cryptogram(from initialize update response).
    So I use session S-ENC key to encrypt Host Cryptogram Data.
    The last 8-byte of result is Host Cryptogram.
    Host Cryptogram : A4 1D BA 34 77 72 15 3F
    The data to be Maced is :
    84 82 01 00 10 A4 1D BA 34 77 72 15 3F 80 00 00 00 00 00 00 00 00 00 00
    Then I use Session S-MAC key to encrypt the data and the last 8-byte of result is C-MAC.
    C-MAC : A4 E0 16 AA 74 5B C0 78
    3.External Authenciate
    APDU : 84 82 01 00 10 A4 1D BA 34 77 72 15 3F A4 E0 16 AA 74 5B C0 78
    RESPONSE : 69 82
    What's wrong with my commands?
    Thanks!!

  • File and print sharing keep turning off

    I have a thinkpad SL510 with Win Pro installed and for some reason the File and Print sharing checkbox for the Ethernet adapter keeps turning off after I reboot or restart the computer...What do you have to do to prevent this from happening?
    Solved!
    Go to Solution.

    downsct, welcome to the forum,
    are you using Access Connections by any chance?
    There is a setting in Access Connections which can influence file and printer sharing. If you look at the profile's further settings, there is an entry for network security, file and printer sharing needs to be activated.
    I think this is a great feature of AC as it will override the windows settings, you can choose to allow or block in each profile; e.g. allowed at home, but blocked at the Airport or Hotel.
    Hope this helps
    Andy  ______________________________________
    Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points
    Did you find a post helpfull? You can thank the member by clicking on the star to the left awarding them Kudos Please add your type, model number and OS to your signature, it helps to help you. Forum Search Option T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more. FYI Unsolicited Personal Messages will be ignored.
      Deutsche Community     Comunidad en Español    English Community Русскоязычное Сообщество
    PepperonI blog 

  • PUT KEY works only without C-MAC and C-DEC secure channel

    HI!
    I would like to know why the PUT KEY command to set a new key set only works if a secure channel is opend without secure messaging. My smartcard is GP 2.1.1 compatible.
    This is a problem because I'm not allowed to open a secure channel without secure messaging when the smartcard state is SECURED. I even don't know why this is not allowed. Visa Platform 2.0.1 defines this behavior but I can't find it in the GP 2.1.1 spec.
    Best regards, globalplayer.

    Are you saying that the PUT-KEY command works only in the card life cycle state SECURED?
    I can show you that for JCOP it also works in OP_READY, security level '00' --> authentication only, no secure messaging expected:
    - /terminal "winscard:4|OMNIKEY CardMan 5x21 0"
    --Opening terminal
    /card -a a000000003000000 -c com.ibm.jc.CardManagerresetCard with timeout: 0 (ms)
    --Waiting for card...
    ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 ;.....1.EJCOP41V
    32 33 31 97 231.
    ATR: T=1, FI=1/DI=3 (93clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V231"
    => 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
    (54923 usec)
    <= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 oe...........Y.e
    01 FF 9F 6E 06 40 51 63 45 29 00 73 4A 06 07 2A ...n.@QcE).sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00 ..*.n....
    Status: No Error
    cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    cm> init-update 255
    => 80 50 00 00 08 AE 78 53 3B 25 42 AC 42 00 .P....xS;%B.B.
    (75418 usec)
    <= 00 00 70 15 00 05 94 91 11 07 FF 02 00 38 5C 1F ..p..........8\.
    9C 9B 00 3A 3D 5D F1 31 A0 12 7A 35 90 00 ...:=].1..z5..
    Status: No Error
    cm> ext-auth plain
    => 84 82 *00* 00 10 59 65 45 89 C1 15 42 BD DB 6D CF .....YeE...B..m.
    CA 0D 8E E3 C7 .....
    (179029 usec)
    <= 90 00 ..
    Status: No Error
    cm> card-info
    Card Manager AID : A000000003000000
    Card Manager state : OP_READY
    cm> set-key 1/1/DES-ECB/404142434445464748494a4b4c4d4e4f 1/2/DES-ECB/404142434445464748494a4b4c4d4e4f 1/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    cm> put-keyset 1
    => 80 D8 00 81 43 01 80 10 F1 D3 F6 3B 73 F8 EF 6C ....C......;s..l
    0A CE B0 23 2A 26 D0 98 03 8B AF 47 80 10 F1 D3 ...#*&.....G....
    F6 3B 73 F8 EF 6C 0A CE B0 23 2A 26 D0 98 03 8B .;s..l...#*&....
    AF 47 80 10 F1 D3 F6 3B 73 F8 EF 6C 0A CE B0 23 .G.....;s..l...#
    2A 26 D0 98 03 8B AF 47 00 *&.....G.
    (214587 usec)
    <= 01 8B AF 47 8B AF 47 8B AF 47 90 00 ...G..G..G..
    Status: No Error

  • Sharepoint and SSRS report trust relationship ssl/tls secure channel remote certificate is invalid

    I have no experience with sharepoint at all. but this is what I observed.
    I intermittently getting this error message on my sharepoint. could not establish trust relationship for the ssl/tls secure channel. Remote Certificate is invalid according to the validation procedure.
    Screnshot of the error 
    This is how the sharepoint page layout.
    I have report.aspx. and below is the content of the aspx file.
    The url is http://sharepoint.COMPANY.com/Pages/Report.aspx.
    The URL is intranet only.
    The sharepoint is hosted in SERVER1 and the SSRS is hosted in SERVER.
    I observed this error happens on both HTTP and HTTPS http sharepoint COMPANY com/Pages/Report.aspx OR https sharepoint COMPANY com/Pages/Report.aspx
    So far, the step I did was to follow this blog http://krishnasangani.blogspot.ca/2013/06/the-remote-certificate-is-invalid.html Restarted
    IIS in SERVER1 AND SERVER2. but the problem persist. Another I have done is to click the certificate in internet explorer and everything looks ok on that side to (certificate is valid)
    It seems to only happen earlier during the morning, then it fixes itself around 9 Oclock. It has been on going for about 2 weeks. Please help troubleshooting this.
    <%@ Page Inherits="Microsoft.SharePoint.Publishing.TemplateRedirectionPage,Microsoft.SharePoint.Publishing,Version=14.0.0.0,Culture=neutral,PublicKeyToken=71e9bsasdasdasd9c" %> <%@ Reference VirtualPath="~TemplatePageUrl" %> <%@ Reference VirtualPath="~masterurl/custom.master" %><%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bsasdasdasd9c" %>
    <html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:547SF010-65B3-11d1-A29F-00457845FFSW"><head>
    <!--[if gte mso 9]><SharePoint:CTFieldRefs runat=server Prefix="mso:" FieldList="FileLeafRef,Comments,PublishingStartDate,PublishingExpirationDate,PublishingContactEmail,PublishingContactName,PublishingContactPicture,PublishingPageLayout,PublishingVariationGroupID,PublishingVariationRelationshipLinkFieldID,PublishingRollupImage,Audience,PublishingPageImage,PublishingPageContent,SummaryLinks,ArticleByLine,ArticleStartDate,PublishingImageCaption,HeaderStyleDefinitions"><xml>
    <mso:CustomDocumentProperties>
    <mso:PublishingContact msdt:dt="string">8</mso:PublishingContact>
    <mso:HeaderStyleDefinitions msdt:dt="string"></mso:HeaderStyleDefinitions>
    <mso:display_urn_x003a_schemas-microsoft-com_x003a_office_x003a_office_x0023_PublishingContact msdt:dt="string">First Last Name</mso:display_urn_x003a_schemas-microsoft-com_x003a_office_x003a_office_x0023_PublishingContact>
    <mso:PublishingContactPicture msdt:dt="string"></mso:PublishingContactPicture>
    <mso:PublishingContactName msdt:dt="string"></mso:PublishingContactName>
    <mso:ContentTypeId msdt:dt="string">0x010100C568DB5SDH48375LKNSDFG8340JKRG8034U6NEGK8TNGE8U34NIOGE8355H3358TRNG38G43JIOEG0T3JIGE9034340R8J05T4I54T4J8903HH5640K9445G54HH6564H65665</mso:ContentTypeId>
    <mso:Comments msdt:dt="string"></mso:Comments>
    <mso:PublishingContactEmail msdt:dt="string"></mso:PublishingContactEmail>
    <mso:PublishingPageLayout msdt:dt="string">https://sharepoint.COMPANY.com/_catalogs/masterpage/PageFromDocLayout.aspx, Body only</mso:PublishingPageLayout>
    <mso:PublishingPageContent msdt:dt="string">&lt;div class=&quot;ms-rtestate-read ms-rte-wpbox&quot;&gt;&lt;div class=&quot;ms-rtestate-notify ms-rtestate-read a74e0591-4ee6-4837-935a-3c932a967fac&quot; id=&quot;div_a74e0591-4ee6-4837-935a-3c932a967fac&quot;&gt;&lt;/div&gt;
    &lt;div id=&quot;vid_a74e0591-4ee6-4837-935a-3c932a967fac&quot; style=&quot;display:none&quot;&gt;&lt;/div&gt;&lt;/div&gt;
    &lt;div class=&quot;ms-rtestate-read ms-rte-wpbox&quot;&gt;&lt;div class=&quot;ms-rtestate-notify ms-rtestate-read e97fce7c-b702-4530-ae50-16ea77475fd5&quot; id=&quot;div_e97fce7c-b702-4530-ae50-16ea77475fd5&quot;&gt;&lt;/div&gt;
    &lt;div id=&quot;vid_e97fce7c-b702-4530-ae50-16ea77475fd5&quot; style=&quot;display:none&quot;&gt;&lt;/div&gt;&lt;/div&gt;
    </mso:PublishingPageContent>
    <mso:PublishingRollupImage msdt:dt="string"></mso:PublishingRollupImage>
    <mso:RequiresRouting msdt:dt="string">False</mso:RequiresRouting>
    </mso:CustomDocumentProperties>
    </xml></SharePoint:CTFieldRefs><![endif]-->
    <title>Report</title></head>
    A few questions I have in mind is Any pointer to troubleshoot this problem AND By looking at the ASPX file, Would you be able to determine what method is my Sharepoint page calling the SSRS report , integrated mode, native mode? IEFrame? The reason I am asking
    this is that maybe IF I google using the right terminology I can get to the similar problem and solution.
    Thanks

    Please let us know if you are using
    SharePoint communicates to an external service via HTTPS 
    Please try perform following steps:
    Fix is to setup a trust between SharePoint and the server requiring certificate validation.
    In SharePoint Central Administration site, go to “Security” and then “Manage Trust”.  Upload the certificates to SharePoint.  The key is to get both the root and subordinate certificates on to SharePoint.
    The steps to get the certificates from the remote server hosting the WCF service are as follows:
    1.  Browse from IE to the WCF service (e.g., https://remotehost/service.svc?wsdl)
    2.  Right click on the browser body and choose “Properties” and then “Certificates” and then “Certificate Path”.
    This tells you the certificate chain that’s required by the other server in order to communicate with it properly.  You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to
    File” to save the certificate with the default settings.
    As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA.
    reference : http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
    If my contribution helps you, please click Mark As Answer on that post and
    Vote as Helpful
    Thanks, ShankarSingh(MCP)

  • Security settings for print and file sharing on a wireless network.

    I would like to gather some security information on file and print sharing on my wireless network before I set it up . What steps do I need to take to make it secure? Is it better to just buy a wirelss print server?
    Thanks

    You can secure the wireless network, set a password on the shared resources or both.
    The box said windows xp or better... So I installed Linux!

  • I need to create public and private keys for security certificate and I can't find the certificate. Where is it?

    I purchased a security certificate, and the site tells me that it was successfully installed. I need to export the certificate so that I can create the public and private keys, but I cannot find the certificate to do so.

    Thank you.

  • HT4623 After 7.0.2 update to iPhone 4 the key pad response is up to 10 seconds for the security code and for text. Help?

    Post 7.0.2 update the response time from keying security code and text is up to 10 seconds. Help please?

    Post 7.0.2 update the response time from keying security code and text is up to 10 seconds. Help please?

  • Just bought a 3TB Time Capsule for a small office. Will have 4 users with MacBooks. What would ne the best setup for time machine individual backups and internet sharing in a secure way?

    Just bought a 3TB Time Capsule for a small office. Will have 4 users with MacBooks. What would ne the best setup for time machine individual backups and internet sharing in a secure way?

    Set up each Mac for Time Machine backups in the normal way.  Time Machine will keep each backup separate on the Time Capsule, so users will only be able to see the backups of their own Mac.
    Yes....there are convoluted workarounds that might allow one user to see the backups of another.....IF...they know the administrator password of the "other" Mac.
    As far as Internet sharing, all users will have access to the Internet if they have a wired or wireless connection. If a Mac connects using wireless, it is possible to limit the time that they are allowed to connect to the network.
    For example, you might limit the ability to connect to the wireless from say each Weekday from 8 AM to 6 PM.
    With a wired Ethernet connection, you cannot limit access times to the Internet.

  • Logical channels and secureChannel.resetSecurity();

    Hi,
    1- an external entity A selects an applet APP on logical channel 0 and establishes a secure channel.
    2- another external entiry B selects the same applet on channel 1 without establishing a secure channel.
    3- B exchanges a few commands and responses with the APP.
    4- The execution of the commands in (3) leads to calling secureChannel.resetSecurity() within APP.
    5- secureChannel.resetSecurity() returns the error code 6985 which means conditions of use not satisfied.
    It looks like the secure channel that was established when the APP was selected through the logical channel 0, cannot be reset while the APP is selected on a different logical channel.
    Has anyone faced this situation before? Any ideas how to reset the secure channel under the described circumstances?
    Thanks in advance,
    Hugo

    Hi,
    Logical channel 0 is the basic channel. Have you tried having all host applications on a logical channel other than 0?
    As a rule, we only ever used GP secure channel to secure card issuance/updates or to secure updating the main transport key on the card (the private key had to be encrypted). These actions only ever had one channel to the card open. All other communication was done through a secure channel that was handled by the applet (AES based) that did not rely on the card platform keys so this wasn't an issue in our case.
    Cheers,
    Shane

  • AS2: Where to specify certificates and keys: CC or Receiver Agreement

    Hello,
    when configuring a AS2 scenario (Proxy - AS2 Receiver) I am wondering about configuration details for certificates.
    In the AS2 receiver configuration channel I can enter:
    SSL Certificates
    Server Certificate (Keystore)
    Private Key for Client Authentification
    In receiver agreement I can enter:
    AS2 Sender Configuration
    Signing Key
    AS2 Receiver Configuration
    EncryptionCertificate
    So I am not sure what to configure where? I am right that transport level security is done in the communication channel, and message level security in the receiver agreement?
    If I use SSL without client authentification in combination with Digital Signature I have to enter Server Certificate of parter in communication channel and Signing Key in Receiver Agreement, right?
    Sorry, maybe this was a little bit confusing.

    Hi,
    you need to configure certificates in receiver agreement.  I did it quite long back.. You need to enter some alias name of certificates over there.
    Once you open the Receiver agreement, you can easily figure it out.
    Thanks
    Inder

  • Reporting services with R2 on DPM2012 - Could not establish trust relationship for the SSL/TLS secure channel

    Hi everyone,
    A somewhat similar question has been asked before by others but none of the answers given has helped me.I am attempting a DPM 2012 installation, which is failing at the "deploying reports" stage.My analysis of logs seems to point me in the direction of an SSL
    error, which does not make sense since the configuration files say SSL is disabled (or at least, should be).
    Here are the symptoms:
    1.I am able to browse http://FQDN/Reports_MSDPM2012 folder from internet explorer
    2.I am also able to browse http://FQDN/ReportServer_MSDPM2012 from internet explorer
    3.The information given in the logs and relevant config files is shown below:
    <<RSREPORTSERVER.CONFIG>>
    <ConnectionType>Default</ConnectionType>
    <LogonUser></LogonUser>
    <LogonDomain></LogonDomain>
    <LogonCred></LogonCred>
    <InstanceId>MSRS10_50.MSDPM2012</InstanceId>
    <InstallationID>{d9b1c335-5842-4a81-9148-79184c38bf09}</InstallationID>
    <Add Key="SecureConnectionLevel" Value="0"/>
    <Add Key="CleanupCycleMinutes" Value="10"/>
    <Add Key="MaxActiveReqForOneUser" Value="20"/>
    <Add Key="DatabaseQueryTimeout" Value="120"/>
    <Add Key="RunningRequestsScavengerCycle" Value="60"/>
    <Add Key="RunningRequestsDbCycle" Value="60"/>
    <Add Key="RunningRequestsAge" Value="30"/>
    <Add Key="MaxScheduleWait" Value="5"/>
    <Add Key="DisplayErrorLink" Value="true"/>
    <Add Key="WebServiceUseFileShareStorage" Value="false"/>
    <!--  <Add Key="ProcessTimeout" Value="150" /> -->
    <!--  <Add Key="ProcessTimeoutGcExtension" Value="30" /> -->
    <!--  <Add Key="WatsonFlags" Value="0x0430" /> full dump-->
    <!--  <Add Key="WatsonFlags" Value="0x0428" /> minidump -->
    <!--  <Add Key="WatsonFlags" Value="0x0002" /> no dump-->
    <Add Key="WatsonFlags" Value="0x0428"/>
    <Add Key="WatsonDumpOnExceptions" 
    4.The DPM log file still appears to be using SSL even though i used reporting services configuration to remove SSL bindings:
    running.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException: exception ---> Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.ReportDeploymentException:
    exception ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could
    not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
    The remote certificate is invalid according to the validation procedure.
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest,
    Exception exception)
    5:I do have an SCCM site on the default web site used by SMS clients but on different ports
    I am stumped.Somebody please give some advice
    Thank you

    Hi
    This is an old post but did you come right?

Maybe you are looking for

  • How to set up the airport express with a linksys wireless-g broadband router

    I need to know if and how to set up an airport express to use to extend a home wi-fi network. I have AT&T service with a 2WIRE modem. I am using a Linksys wireless-G broadband router. I also have the new Macbook Air notebook. The airport express keep

  • Down payment block - Urgent Pls

    Hi all , Can some plesae let me know how to set payment block default on prepayments and cash in advance documents in order to prevent prepayments and cash in advance documents in special purpose ledger from premature payment refund to customer Any h

  • Need a FM for gettng starting & ending date based on the settlement period

    Hi, I have to filter a database table based on the settlement period( IDENT3 ) and the field available is of date field. Can anyone give me a function module by which can calculate the starting date and ending date by providing the settlement period

  • Searching PDF's with Sharepoint and Adobe's iFilter (Reader 9 install bug?)

    Hi, The suggested way to get the latest iFilter for PDF's is to install the latest Adobe Reader version 9. However I think that there is a bug in the install process -anyone agree? The Adobe web site says that the iFilter that comes with Reader versi

  • Saved Views on Query

    We are running queries through the Portal . On one query we have a number of saved views, and the last view that we created we would like to use as the default view for the query How do you set / determine the default view that a query is using?