SJSWS 7.0 u5 cert renew problem

Similar Messages

• CSS SSL renewal problem

  While renewing the ssl certification in CSS everything went fine while installation but after that when i checked with the following command
  sh ssl associate rsakey | grep url(dont want to mention name)
  i can see the previous as well as the new both key as associated and says yes
  while the new should show yes and old should be no
  same it is showing for cert
  can anyone help me to sort out with this problem what it can be
  Thanks in advance

  Sagar,
  Have you performed the "no ssl associate rsakey" and the "no ssl associate cert"?
  After that, perform the "clear ssl file " and "clear ssl file rsakey "
  HTH
  Dave

• CLIENT-CERT - UserNameMapper problem

  Hi,
  I have a client, wich sends a soap-message, containing a username, to a
  webservice, that responds with "hello, <username>". The communication
  is over ssl. The webservice is running in a weblogic server 7.0 sp1.
  I have 2-way ssl working. Now I'm trying to restrict access to the
  web-service.
  I changed the web.xml of the web-service to require BASIC as
  auth-method. This works fine.
  Then I changed BASIC to CLIENT-CERT in the web.xml.
  I changed the active type of the defaultIdentityAsserter to X.509.
  I implemented a UserNameMapper class, which prints data of the presented
  certificate, and returns a username, that exists in the
  embedded-ldap-realm of weblogic server, and that has the right to
  execute the webservice (it works with BASIC auth).
  I put the name of the UserNameMapper class in the
  defaultIdentityAsserter, and I included it in my classpath.
  The UserNameMapper is working, because the data of the certificate is
  printed on stdout. But I get a 401 (Unauthorized)-error code when trying
  to access the web-service.
  Can someone give me a hint on what I'm mising?
  Thanks,
  Noella
  ************* code of UserNameMapper *********************
  import java.security.cert.*;
  public class VZNUserNameMapper implements
  weblogic.security.providers.authentication.UserNameMapper{
  public VZNUserNameMapper() {
  public String mapCertificateToUserName(X509Certificate[] certs,
  boolean ssl) {
  System.out.println(certs[0].getSubjectDN().toString());
  return "noella";
  public String mapDistinguishedNameToUserName(byte[]
  distinguishedName) {
  return null;

  Thanks it worked. Somehow I missed in documentation this x.509 setting.
  I've also had a problem with setting "Client Certificate Requested But Not Enforced"
  in WLS 7.0.0 but it seems to be working fine in SP1.
  Thanks again
  Greg
  "kirann" <[email protected]> wrote:
  hi,
  I believe you need to turn on x.509 Identity Assertion in the server
  console..
  Please check the documention.
  thanks
  kiran
  "Greg" <[email protected]> wrote in message
  news:3e243a25$[email protected]..
  Hi!
  I'm trying to set up my web application to use client-cert
  authentication. I've set in web.xml login config to
  <auth-method>CLIENT-CERT</auth-method>. When I'm accessing my
  application I'm always getting 401 Unauthorized. If I set
  login to BASIC, browser pops up login dialog and everything works
  fine.
  I've done following:
  - created and installed in WLS trusted CA certificate
  - created and installed client certificate signed by that CA in
  IE 5.5
  - configured WLS to use ssl and set "Client Certificate Enforced"
  - managed to connect to document root or console application
  using https://localhost:7002/console and verified that accually client
  certificate
  is used (not able to connect without one)
  Now I'm really stuck and have no ideas.
  Please help. Thanks in advance.
  Greg

• Dev account renewal problem

  Hi ;
  First, I do not understand why Apple does not care about my problem?  I wrote them many times but no answer, why?
  It was time to renew my account. I had click the renew button, paid 99$ with my credit card. I thought it was over. Then somebody hacked the apple developer page, It was closed something like 1-2 weeks as you remember. Finally, developer page opened then i see that it still asks my to renew my account and pay 99$ more. Why do i have to pay again? I wrote Apple many times, send my credit card transaction bill but no change. After 10 days
  my account will be closed but i have already paid the price. What should i do?
  Best
  Murat

  Wrong forum.  You want the developer forum

• Exchange SSL cert renewal on SBS 2011

  My SBS 2011 certificate was coming up for renewal. I followed the usual steps by requesting a new one (GoDaddy) using the SBS console. When I recieved the new certificaye, I installed it and everything looked good. However, I get the following message in my daily report. I have a new certificate and it is installed via the console.How do I apply this certificate to the exchange portion?
  MSExchange Web Services 25 7/26/2015 6:47:59 PM 1 Event Details: The Exchange certificate [Subject] CN=remote.company.com, OU=Domain Control Validated [Issuer] CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US [Serial Number] 27C233A90E9354 [Not Before] 7/28/2014 10:18:27 AM [Not After] 7/28/2015 10:18:27 AM [Thumbprint]...
  This topic first appeared in the Spiceworks Community

  Hi,
  SBS 2011 Essentials is designed to host you e-mail outside your network on a hosted solution like Office 365. So if you want exchange functionality you need to configure your server to use office 365 or any other hosted exchange solution.
  Here is some information: http://blogs.technet.com/b/sbs/archive/2011/06/30/sbs-2011-essentials-and-office-365-great-value-for-our-customers.aspx
  So no exchange installed locally this would also not be supported, because if you want that you need to go for SBS 2011 standard, which includes a locally installed exchange server.
  Ref: http://social.technet.microsoft.com/Forums/en-US/e6957002-70c2-4f62-8bcd-cf3f5ccbb600/exchange-2010-on-sbs-2011-essentials?forum=smallbusinessserver

• Office 365 subscription renewal problem

  About 7 weeks ago I received a reminder that my Office 365 subscription would be automatically renewed through iTunes. Recently, it was indeed renewed and my account was charged 119.99. Moreover when I sign into my Apple account, it correctly shows that the subscription is active for another year. The problem is as follows: When I log into my actual Office account, Microsoft says my subscription has expired and I need to renew. While so far my office applications seem to still work (on my Windows computers and iPad), I have lost my 1Tb of OneDrive storage and am unable to manage my installs. I'm afraid that soon the applications will stop working completely. Anybody else experiencing this issue?

  As of today, I also cannot properly access my Office programs. Like you, this is a catastrophe for me since I depend on Office for my work. I contacted Microsoft (by chat) and told them that (1) although my subscription was autorenewed on iTunes for one year, and (2) that I had the receipt from iTunes store to prove it, Microsoft nonetheless proceeded to cancel the subscription after only two 2 days. The help person informed me that nothing could be done by Microsoft, and that I had to get in touch with Apple.  I sent Apple an email yesterday, and hopefully they will get back to me very soon with an immediate solution to this EXTREMELY ANNOYING PROBLEM.

• Photoshop CS6 Renewal Problem -- Infinite Subscription Screen?!

  So, recently I had a problem with credit card fraud. I got a new card, therefore, I had to change my credit card info on my creative cloud subscription. I renewed (changed) it probably around 2 and a half hours ago. And it said I didn't have any problems. And when I go to "my account," it says that my subscription is valid until March 2014. I then tried to get into Photoshop and the "Renew Your Subscription" screen popped up. I hit the "Try Again" button, and it goes to the next screen saying that my subscription is renewed and I am free to use my product. I then hit the "Continue" button in order to, you know, continue, yet it jumps back to the "Renew Your Scubsciption" screen. It continues to do this infinitely (I've waited at least 15 minutes, like the screen suggests), and I'm not sure how to get my products to work? Thank you to anyone that can help
  ~ Jillian

  Refer to this:
  Sign in or activation errors
  You may need to manually delete the OPM.db, also, to make your sign in stick...
  Mylenium

• BEA 10 WSRP digitial cert retrieval problem

  Hello,
  We are running two BEA portal applications within the same domain and are connecting the two using WSRP (local proxy). Not long ago we ran into a problem where our remote portlet classes were not able to retrieve the user's digital certificate through:
  X509Certificate[] certs = (X509Certificate[])
  servletReq.getAttribute(
  "javax.servlet.request.X509Certificate");
  This code works fine in a non-WSRP environment. The response from BEA was that this was specifically stripped from the request object prior to sending it to the producer. This answer came from a BEA trouble ticket and from the following BEA forum thread: http://forums.bea.com/thread.jspa?threadID=5700000376
  So, as far as getting the cert in the producer portlet class goes, we moved to use BEA's Custom Data Transfer mechanism and all is well.
  However..... we are seeing the same problem with servlets. In the case of the remote portlets, there was no "javax.servlet.request.X509Certificate" request attribute to recieve. In the case of the servlets, it does exist but the retrieved X509Certificate[] object has 0 certs. It is not "null", but rather is a good object with just 0 items.
  So, we fixed the problem for how a remote portlet class can retrieve the user's digistal certificate, but now how can we retrieve the cert in a remote servlet?
  Thanks - peter

  Peter,
  Yes the /<web-app>/resource? URL is the resource proxy servlet.
  We understand the issues with WSRP and JSR-168. The good news is WSRP
  2.0 and JSR-286 will address some of these issues. See: serveResource
  and clientAttributes. In addition, we are working with the committees to
  standardize things like Custom Data Transfer.
  In your particular case it would be dangerous to set
  "javax.servlet.request.X509Certificate" on a request which did not
  receive that particular certificate. So, at best you might be able to
  write a servlet which worked with all WSRP consumers.
  Good Luck,
  Nate
  Peter Len wrote:
  Nate,
  Thanks for the reply. Well, I am not sure specifically about if we are using the consumer's resource proxy servlet. The URL that gets generated in our Producer for calling our servlet starts like:
  https://ri.ic.mcdonaldbradley.com:443/PortalWAR/resource?_windowLabel=T2400557971208964511199&wsrp-urlType=resource........
  so it looks like a resource servlet. I would assume that adding a ResourceHeaderFilter is something that is done by the consumer, not the producer, just like the Custom Transfer backing file resides on the consumer. We don't own the consumer portal, however, and so having them add stuff like this might be problematic. In any case, it would seem that if they did add something like that, the producer's servlet would have to change how it was looking for the cert object (servletReq.getAttribute(
  "javax.servlet.request.X509Certificate")).
  The problem I am seeing is that our portal-neutral JSR-168 portlets are starting to become BEA-specific JSR-168 portlets because we have to change our code to handle BEA classes (ex SimpleStateHolder) for a BEA solution to a BEA WSRP implementation issue. Not sure, for example, if other portals would still send the user certificate in a WSRP request object, which is something that BEA did not want to do.
  In any case, I will have to do more research into how to implement a ResourceHeaderFilter solution.
  Thanks - Peter

• SPA122 1.3.2(014) HTTPS ssl cert profile problem

  Hello,
  I have a problem since upgrading SPA122 from 1.3.1(003) to 1.3.2(014). The profile rule is using https to get the config files every 1 hour or so
  this was never a problem: the rule is a FQDN, the SPA does DNS lookup gets the IP and asks the web server for the config file. both 1.3.1 and 1.3.2 do ask the file with the resolved IP address rather then the FQDN.
  now the web server has a valid certificate for that FQDN, but as the SPA122 is asking the file with the IP address the cert is not valid (CN Incorrect: CN is wildcard *.domain.com and IP address is not the FQDN)
  in 1.3.1 the SPA didn't seem to care too much , got the file and provisioned, the 1.3.2 nos gives error and sais cert err!
  I changed the FQDN for security reasons: here is what the log of the SPA says: prule is https://FQDN:9192
  Nov 15 14:37:13 Y.Y.Y.Y SCAPC_init(): provision_enable=1 prule=https://ruxxx1.axxxxxxxxxxs.com:9192/xm-$MA.ipr tftp=192.168.1.3
  but here is what the SPA asks then:
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Requesting profile
  Nov 15 14:40:43 Y.Y.Y.Y ssl cert err 20
  Nov 15 14:40:43 Y.Y.Y.Y create ssl connection failed
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
  Nov 15 14:40:43 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Resync failed: https_get failed
  Nov 15 14:40:43 Y.Y.Y.Y FMM >>>> Failed profile
  while in 1.3.1 it got it fine:
  Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:42 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Requesting resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:42 Y.Y.Y.Y FMM >>>> Requesting profile
  Nov 15 14:36:44 Y.Y.Y.Y ok=20
  Nov 15 14:36:44 Y.Y.Y.Y content len (hdr) =21056"
  Nov 15 14:36:44 Y.Y.Y.Y content len (pld) =21056
  Nov 15 14:36:44 Y.Y.Y.Y response code =200
  Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
  Nov 15 14:36:44 Y.Y.Y.Y [FPRV] Upgrade status flags cleared
  Nov 15 14:36:44 Y.Y.Y.Y Firmware downgrade limit()
  Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:44 Y.Y.Y.Y SPA122 ac:12:34:56:2d:0a -- Successful resync https://X.X.X.X:9192/xm-ac1234562d0a.ipr
  Nov 15 14:36:44 Y.Y.Y.Y FMM >>>> Successful profile
  IS this a BUG??:
  - Shouldn't the SPA do the https GET with the FQDN rather then the IP address?
  - Is this because the certificate is a wildcard?
  - the cert is from GEOTrust (RapidSSL), should be trusted
  Thanks
  Sven

  - the cert is from GEOTrust (RapidSSL), should be trusted
  Definitely no. Why you think RapidSSL certificate should be trusted ?
  If you are going to configure device in factory default state, then you need to have certificate issued by CA trusted by your device. Or you can add certificate of your preferred CA to device by hand, then you can use certificate issued by such CA as well (but not after reset to factory default).

• Mail using old instead of new X.509 certificate, two certs causes problems

  I have two X.509 Thawte certificates on my key chain. One expires in 2008, the other expires later in 2007. The 2008 certificate has an additional email address embedded over the 3 in the 2007 certificate.
  When I send signed email the old certificate is getting sent instead of the new. If I look at my email entries in ADDRESS BOOK, the old certificate shows except the new email address that is unique to the 2008 certificate.
  I exported the 2007 certificate, deleted the 2007 certificate and closed and opened KeyChain Utility and now the 2008, which is the expected certificate shows for all email addresses. Problem is that I can't read any old email that was encrypted with the 2007 certificate unless I import the old certificate.
  Anyone know how to have both certificates on your key chain and have OS X default to the latest certificate for sending email, but use the correct certificate for reading all email when mail has been encrypted with one of several certificates over time?
  Importing and exporting, deleting certificates as you update certificate is a real pain.

  I'm having a similar problem. Also have thawte certificates. I renewed the one about to expire which seems to have worked. I deleted the old one; wrong move, as I now could not read the email that used the old one. I fetched the old certificate, which appears in Certificates, but the email still seems to not be decryptable. There seems to be no way to get it into the My Certificates place. I have used these for several years with no problems until now.
  If anybody has a clue on how to read the old email, I would love to hear it.

• Renewal problem

  I sign my my old nokia music account to my new phone which suddenly got expire i could not able to renew my account, i sign with new account but but always appairs as- you are sign with nokia music unlimited subscription.

  Hi Scott,
  It's weird that it shows that the subscription did not complete since I used it (and got charged) for two months before the problems started.
  I did purchase a new subscription today and so far it works, but I tried adding another credit card just to check and it gave me the same error as last time:
  "invalid card, please check card details". I noticed there's no field to write down the card's security number, so maybe that's the problem.
  Can you check it for me? I also can't delete my previous credit card information (i.e. the one that stopped working and led to this cancellation).
  My main concern right now is the cancelling fee, I can't check if I got charged and it doesn't feel right to pay for a system's mistake. I'm mistrusting Creative Cloud right now and a bit afraid of this happening again next month.

• Number / subcription renewal problem

  I have had my Skype phone number for several years with a continuing issue every year during the auto renewal service. I have several other non Skype lines that all ring at the same time, I answer the one I am nearest to at that time. However, for this to work, and it usually does perfectly, the Skype "Voicemail" feature must be disabled otherwise Skype answers the call too quickly never giving my other lines a change to ring. So long as the Skype voicemail feature is off/disabled every is fine. However, every year at auto renewal time the Voicemail feature is automatically enabled again and until I figure out the problem I miss a week of incoming calls. Essentially during the auto renewal process the program resets Skype features, turning them all ON again. Please tell me how this yearly bugger-up can be fixed, it costs me time and money when customers can't reach me, worse I never even know they called.

  Hi,
  First of all before starting the assignment of Number Ranges, Please classify as many possibility of EG and ESG Combinations in an excel sheet. 
  Identify all common / similar grouping and give desirable number ranges.
  It will be quite simple if you do so.
  Regards
  Kenu

• Nokia Music Renewal Problem

  Hi, 
  I am using NOKIA LUMIA 610. 
  My Nokia Music Subscription is ended and want to renew the subscription. 
  On my phone: Nokia Music > Settings > Renew Subscription > Clicked on "Where can I buy a Voucher from?' link which redirected on http://link.nokia.com/support/musicnmurenewals link (which later shows error i.e. HTTP 404 File not Found).
  Later tried to renew the subscription from below given link:
  http://www.oxicash.in/recharge/nokia-music.aspx
  but it also gave problem (Please find attached document for more details).
  Please let me know how can i renew my Nokia Music Subscription.
  Thank You.
  Edward
  Attachments:
  Nokia Music.doc ‏1281 KB

  Hi PalrajRK
  Thank you for posting and welcome to Nokia forum! 
  You will need to have a full Nokia Account if you would like to renew your subscription using a Credit Card or Operator billing. When logged in to the Nokia Store, select Extend your subscription > Redeem voucher on the homepage and enter the PIN code of the voucher.
  Note that your Nokia Music Unlimited subscription is tied to your Nokia Account, so if you log in with an account already in use on a different phone your subscription will move to the current phone and you will no longer be able to download new music on your other phone. 
  If my post helped you, please don't forget to click on the "White Star" and if it resolved your issue click on "Accept as Solution"

• Subscription Renewal Problems and Poor Customer Se...

  I have has Unlimited European subscription for several years with automatice renewal. Yesterday I found that my service no longer works. Apparently the card on my account had expired and so as the renewal payment did not go through my service was ended without any warning or notification of a problem.
  I contacted Customer'Service' - haha - and was told to add the subscription to my account again and that my telephone number would be renewed as  it was already part of my package. Last year I paid £33 - this year it cost £58 and the number was NOT included. The system wanted me to pay about another £35 to renew the number as well!
  I contacted Skype again and was told there was nothing they could do. Skype numbers are no longer included in the Subscription and because mine had lapsed it cannot be renewed and I have to pay for both services. An increase of over 100% in a year. A formal complaint by email got an initial standard reply that had nothing to do with my complaint and the second reply was basically 'tough luck'.
  I have cancelled the subscription renewal and will transfer the number to another provider.
  What can anyone do about the mighty Microsoft organisation? - well I can certainly publish this story on as many sites as I can to warn others.
  I think this is just a way to get people onto the new more expensive packages.

  dale.strugnell571
  Facts:
  Paid via Paypal 25/06/2013
  received Delivery Email on 26/06/2013
  Minutes not loaded by 26/06/2013
  Penalised because I used the last 10minutes
  Message from Skype: displayed above. Skype to load Minutes on the 30/06/2013
  As you can see:Nothing at 12h30
  Require minutes to call 87 Mother who is sick and alone in another part of South Africa!
  Please load my service which i paid for, please don't do this again...

• Changing the MaaS360 MDM Apple ID and certificate during cert renewal

  Kumar (MaaS360) wrote:You cannot change your Apple ID to renew the certificate. For existing devices to continue working, you need to renew the same certificate under the same Apple ID you created during the initial sign up.If for some reason, you do not know the Apple ID you used or the owner is no longer with the company, reach out to our helpdesk with your account #. We can provide you details about your APNS certificate. Post this, you can reach out to Apple to see if they can move the original certificate to a new Apple ID.Kumar, thanks for information and luckily we still have access to the Apple ID that created the initial certificate. The reason I was asking is because the Apple ID that was used to create the first cert was someone's personal account and I was looking to see if I could change it to a new dedicated Apple ID...

  Has anyone who is using Spiceworks MaaS360 MDM, attempted to change their Apple ID during the certificate renewal process?
  In other words, has anyone attempted to use a different Apple ID (other than the one used to create the initial certificate) to create the new CSR during the certificate renewal?
  My certificate is up for renewal and I would like to use a different Apple ID for creating the new certificate. Just wanted to see if anyone else has successfully attempted this.
  This topic first appeared in the Spiceworks Community