SocketException in client authentification

Similar Messages

• SCCM Internet Based Client Management Client authentification certificate on untrusted forest

  Hi everybody,
  I'm installing a IBCM server of SCCM 2012 and i'm facing a problem related the client authentification certificate. My DMZ server is in another domain of the primary site and the is only a one way trusted between. I'm not able to push the
  client authentification certificate using GPO. Is there a way to get the that certificate?
  Thanks for your help.
  Guillaume

  First, there's no single client auth cert. Each client must have its own unique client auth cert.
  Next, issuing certs to a system can be done in many different ways including the web portal, AD auto-enrollment, and the command-line. In this case, AD auto-enrollment can work if you've set up cross-forest support in your PKI. That is nothing done by default
  though and is something you need to configure. You can certainly use one of the other methods however.
  I highly recommend you engage a more knowledgeable PKI resource though because doing PKI right is not easy.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SecureSocket with client authentification (AIR) ?

  Hi,
  I'm trying to establish a secured TCP connection with a symmetric TLS authentication (two way authentication).
  I can connect with success to the server with SecureSocket if the client authentification is disabled but I don't know where to set my public/private key (in p12 format) on the Adobe AIR client side to make the connection successfull with client authentification enable.
  As mentionned on this page : Using TLS Client Authentication with AIR Applications
  I tried on Android and Windows platform. I installed my client certificate to the respective trustsores on each platform.
  If I issue an request from a browser to the server from those platforms, I'm succesfully connected and authenticated (of course my server doesn't "understand" HTTP as it's a TCP server using a propretary protocol, but at least the TLS mechanism works).
  Is client authentication even supported for SecureSocket, I would be surprised if not as it seems to be such a basic thing ?
  Regards,
  Michel

  Hi, Florian,
  It seems that you have already got Ldaps worked. May I ask you a querstion? Which certificate did you use? I can't get my ldaps work when I use my own CA issued by openssl.
  PLS share me with your experinces.
  Thanks a lot in advanced.
  Rong

• Problem with client authentification

  hi!
  I try to authenticate using SASL "External" and SSL.
  The SSL connection works fine, also SASL when using "Digest-MD5" but when I try to authenticate using "External" I get connected as anonymous.
  Here is what I did:
  I created a self-signed certificate with owner "uid=xyz,ou=OrgUnit1,ou=OrgUnit2,o=Org".
  My client has this certificate in it's keystore.
  The server has an entry with "dn=uid=xyz,ou=OrgUnit1,ou=OrgUnit2,o=Org" an this entry has the userCertificate attribute, which also contains my self-signed certificate.
  I edited the "certmap.conf" file like this:
  certmap default     default
  default:DNComps
  default:FilterComps     uid
  default:verifycert     on
  As I understood the manual, this means the server should search the directory for an RDN "uid=xyz" and check if the certificate of this user is the same as the one provided by the client. If it is, the client should get the permissions of this entry.
  But in the logfile I always get this message:
  conn=4 fd=1148 slot=1148 SSL connection from 172.16.0.190 to 172.16.0.190
  conn=4 SSL 128-bit RC4
  conn=4 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
  conn=4 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
  conn=4 op=1 SRCH base="uid=xyz,ou=OrgUnit1,ou=OrgUnit2,o=Org" scope=0 filter="(objectClass=*)" attrs="entryid"
  conn=4 op=1 RESULT err=0 tag=101 nentries=1 etime=0
  conn=4 op=2 fd=1148 closed - A1
  So, one possibility is I understood something completly wrong and the other is the server doesn't find the entry "uid=xyz,ou=OrgUnit1,ou=OrgUnit2,o=Org" because of any misconfiguration or I need a user certificate, which has been issued by a CA...
  Can anyone help me?
  Thanks a lot!
  Florian

  Hi, Florian,
  It seems that you have already got Ldaps worked. May I ask you a querstion? Which certificate did you use? I can't get my ldaps work when I use my own CA issued by openssl.
  PLS share me with your experinces.
  Thanks a lot in advanced.
  Rong

• Configuring Sender HTTPS Connection -- Server/Client Authentification

  Hello together,
  I need to configure an HTTPS Sender Connection with client and server authentication. I have already check the documentation however I am still not sure about the particular steps. My questions are as follows:
  - Do I configure the HTTPS connection on the ABAP or JAVA stack?
  - Is it necessary to setup an HTTP sender communication channel
  - How does the URL look like (compared to HTTP connection)?
  I have provided XI certificates to the client and the client has provided the certificates to me already. So I guess I have to import them somehow on XI.
  Any help is appreciated!
  Thank you very much.

  Hi
  Please follow below steps for HTTPS configuration as sender
  You need to use either SOAP adapter or XI Adapter for HTTPS connectivity.
  Here configure the Security Check for Inbound Messages.
  Refer below links
  http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/0a1640a991c742e10000000a1550b0/frameset.htm
  XI3.0: Soap Sender with HTTPS
  SAP Security Guide XI, HTTP and SSL
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/97/818a4286031253e10000000a155106/frameset.htm
  No configuration is required in the adapter-specific sender channel configuration (inbound) of the Integration Directory.
  The authentication/authorization is performed by the J2EE Engine and therefore needs to be configured with the Visual Administrator. This configuration is described in the J2EE Engine Administration Manual and is outlined in the following section.
  When a message is to be sent to the Adapter Engine (and ultimately to the Integration Server), the J2EE Engine serves as the SSL Server and presents its server certificate to the client as part of the SSL handshake procedure.
  Client-Side Configuration (Required)
  The public certificate of the trusted authority (CA) that signed the public certificate of the SSL server needs to be imported to the list of trusted certificates of the SSL client. This allows the SSL client to accept the certificate of the server in the SSL handshake.
  Server-Side Configuration (Optional)
  If basic authentication is used, no additional configuration is required on server side.
  If client certificate authentication is requested or required by selection of the corresponding option in the SSL service and configuration of the ClientCertLoginModule in the SecurityProvider service (using the J2EE Administration Tool), additional configuration steps are required.
  If the server certificate check on the client side is successful, the client sends its public certificate to the server as part of the SSL handshake (when requested). The server needs to map the certificate to a user for authentication and will then check the authorization based on the security roles of the user.
  Perform the following steps to allow the J2EE engine to map the client certificate to a user:
         1.      Import the CA cert of the client certificate to the list of trusted certificates (TrustedCAs keystore view in the keystore service) and import the client cert to an arbitrary keystore view.
         2.      Map the client certificate to an existing user with role SAP_XI_APPL_SERV_USER by using the Visual Administrator, SecurityProvider service, UserManagement tab page.
  Refer below link
  Here u go
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

• Client authentification

  Hello,
  I'm trying to use jsse whit an Apache-mod_ssl server.
  I want the server to authenticate the client but it doesn't work.
  First question : The KeyManagerFactory is the only way to authenticate a client ?
  Second question : my certificate are generated with openssl.
  How do I create a KeyManagerFactory and the Keystore with my certificate ?
  Third question : Apache log says "Re-negotiation handshake failed: Not accepted by client!?".
  It seems that my client don't accept a renegotiation, does somebody knows why?
  thanks
  Nicolas

  KeyManagerFactory is not the only way :
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty ("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
       System.setProperty("javax.net.ssl.trustore",myTruststore);
  URL u = new URL("https://www.mysite.com");
  java.net.URLConnection c = u.openConnection();
  BufferedReader in = new BufferedReader(new InputStreamReader(u.openStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
       System.out.println(inputLine);
  in.close();
  it works if :
  -your CAs have been imported in the cacerts file (using keytool)
  -your client certificate is in the file "myTruststore"
  look at this for openssl certificates :
  http://forum.java.sun.com/thread.jsp?forum=2&thread=144315
  http://forum.java.sun.com/thread.jsp?forum=2&thread=4240
  the explaination is good.

• How to make call to Sender Soap Adapter using HTTPS with Client Aut

  Hello everyone, I have spent some time trying to get this to work. We downloaded a trail certificate from SAP and installed it on our machine and I created a webservice that works great. I tested the HTTPS without client authentification and it works great, as soon as I change it to use with Client Authentification I can't get it to go through. I am using Soap Sonar to test the certificates. To get the certificate I called the url with firefox then saved the certificate in my trust store, from there I import it to soap sonar as a signed certificate, but I am getting the error  <Exception>Object contains only the public half of a key pair. A private key must also be provided.</Exception>  I assume I am doing something way wrong, is there a way to get the certificate with both public and private key pair, or a way to test this that I can't seem to find in documentation or blogs?
  I def award points
  Cheers
  Devlin

  Hi
  I think This link is useful to u
  http://www.sapag.co.in/SAP-XI-SOAP-Adapter-FAQ'S.html
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4
  Thanks
  Santosh

• Client Certification

  Hi,
  My application has to communicate with a Server using Server and Client Authentification. Using the default Trustmanager, I get an unknown certificate ValidatorException.
  When I use my custom Trustmanager to disable th server certification, I get an 403 Not authorized Error.
  So here are my questions:
  1-Is the server certification obligatory for the client certification. I mean if I disable the server check, is it possible to establish the communication?
  2-In the debug output I noticed the following:
  ###########BEGIN##########
  0B40: 41 20 44 65 75 74 73 63 68 6C 61 6E 64 20 30 33 A Deutschland 03
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** Certificate chain
  *** <==== IS THIS WRONG? IS IT Normal that the certificate chain is not written ?
  JsseJce: Using cipher RSA/ECB/PKCS1Padding from provider BC
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  #############END############
  Is ist normal that the certificate chain is not shown, although it is listed at the beginning of the debug output:
  adding as trusted cert:
  Subject: CN=GRP: Auslpertal, ....
  Issuer: CN=CA TESTA .... Algorithm: RSA; ...
  Valid from Thu .....
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  What could be the reason of the error?
  I am using JDK 1.4.2(tried it with JDK1.4 too) and BouncyCastleProvider 119(tried it with SunJSSE too)
  Please help a.s.a.p
  thanx in advance
  aniss

  403 Not Authorized is an HTTP error code. It looks like maybe the SSL handshake completed successfully but for some reason the server is returning a 403 on the particular URL you are trying to retrieve.

• Jsse 1.0.2 samples didn't work

  hello I'm trying to make a connection between the sample client and the sample server of jsse 1.0.2
  When The server need the client authentification I've got the following exception :
  server side : java.net.SocketException: Socket closed
  client side : java.lang.IllegalArgumentException: 69
  The configuration for the server :
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  SSLContext ctx;
            KeyManagerFactory kmf;
  TrustManagerFactory tmf;
            KeyStore ks;
            char[] passphrase = "passphrase".toCharArray();
            ctx = SSLContext.getInstance("SSLv3");
            kmf = KeyManagerFactory.getInstance("SunX509");
  tmf = TrustManagerFactory.getInstance("SunX509");
            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("testkeys"), passphrase);
  kmf.init(ks, passphrase);
  tmf.init(ks);
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            ssf = ctx.getServerSocketFactory();
  ServerSocket ss = ssf.createServerSocket(port);
            ((SSLServerSocket)ss).setNeedClientAuth(true);
  The configuration for the client :
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  SSLContext ctx;
            KeyManagerFactory kmf;
  TrustManagerFactory tmf;
            KeyStore ks;
            char[] passphrase = "passphrase".toCharArray();
            ctx = SSLContext.getInstance("SSLv3");
            kmf = KeyManagerFactory.getInstance("SunX509");
  tmf = TrustManagerFactory.getInstance("SunX509");
            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("testkeys"), passphrase);
  ks.load(new FileInputStream("testkeys2"), passphrase);
            kmf.init(ks, passphrase);
  tmf.init(ks);
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            factory = ctx.getSocketFactory();
  SSLSocket socket = (SSLSocket)factory.createSocket("127.0.0.1", 443);
  socket.startHandshake();
       PrintWriter out = new PrintWriter(
                      new BufferedWriter(
                      new OutputStreamWriter(
                      socket.getOutputStream())));
       out.println("GET /index.html HTTP/1.1");
       out.println();
       out.flush();
  I use the same testkeys file for both client and server.
  If you got any suggestions
  thanks

  add this line code to activate trace mode,
  you'll be able to see where is the problem in the SSL handshake protocol
  System.setProperty("javax.net.debug","all");

• AS2: Where to specify certificates and keys: CC or Receiver Agreement

  Hello,
  when configuring a AS2 scenario (Proxy - AS2 Receiver) I am wondering about configuration details for certificates.
  In the AS2 receiver configuration channel I can enter:
  SSL Certificates
  Server Certificate (Keystore)
  Private Key for Client Authentification
  In receiver agreement I can enter:
  AS2 Sender Configuration
  Signing Key
  AS2 Receiver Configuration
  EncryptionCertificate
  So I am not sure what to configure where? I am right that transport level security is done in the communication channel, and message level security in the receiver agreement?
  If I use SSL without client authentification in combination with Digital Signature I have to enter Server Certificate of parter in communication channel and Signing Key in Receiver Agreement, right?
  Sorry, maybe this was a little bit confusing.

  Hi,
  you need to configure certificates in receiver agreement.  I did it quite long back.. You need to enter some alias name of certificates over there.
  Once you open the Receiver agreement, you can easily figure it out.
  Thanks
  Inder

• SOAP with HTTPS Connection

  Hi All,
  For a requirement, I need to connect the PI with 3rd party Web server system for both inbound and outbound interfaces.
  Currently, I am with SAP PI 7.31 single stack system. I was communicated as HTTPS without client Authentication option need to use.
  As I read in some of the discussion, there is no need of using exchange certifications if HTTPS without client Authentication was selected.
  My Basis team confirmed, we have installed the certificates in PI machine. I didn't see any option of selecting the certificate in the sender SOAP communication channel. we have already shared the SOAP URL(https://..... :HTTPS enabled port/.....) of the particular interface to web server team to trigger data. But in SOAP receiver channel, I have given the https:// based URL of the web server system along with the selection of HTTPS without client Authentication option.
  When I pinged the Receiver Communication Channel, getting error as below.
  What is the exact difference between the 1. HTTPS without client authentication
                                                              2. HTTPS with client authentication.
  Can anybody explain the above questions in detail, particularly about the 1st once.
  Regards,
  Raj kumar.

  Hi Harish,
  Thanks for your reply.
  Second link gave me the clarity on the with & without client authentication. Now I am clear about the Sender Soap Channel. Confirm me, I don't have to select any option, other than providing the https://... based URL of the webservice system at receiver SOAP Channel, right?.( If my requirement is https without client authentification)
  Interface flow for my requirement will be
  ECC --> PI --> Webservice system ( Do I need to choose any option?)
  Webservice system --> PI ----> ECC.(Clear about this flow)
  If no certificates are involved for without client authentication process, how much extent it will be secure by providing security at transport level only ?
  Thanks,
  Phaniraj.

• SSL CONNECT sessions failing 4.0.5

  We upgraded from 3.6 to 4.0.5 and are seeing a lot of messages like the following:
  CONNECT connect://login6.smartworks.com:443, service-common reports: timed out waiting for data from client
  Results in a 504 error.
  We see this for many hosts, though SSL and CONNECT works for most hosts.
  I'm thinking this may be self-signed or otherwise invalid/untrusted CAs. In 3.6 we used "CertificateChecking OFF" in magnus.conf, which I believe avoids this issue. I'm not sure how to replicate that funtionality in 4.x
  This is similar to http://forum.java.sun.com/thread.jspa?forumID=733&threadID=5110369 but I don't see a resolution there. AcceptTimeout is set high.
  Timeout occurs at 60 seconds, though I have no 60 second timeouts in my config. SSLClientAuthTimeout defaults to 60, so I set that to 120 and believe that made the response to the client at 120. The client sees "Gateway Timeout" and the proxy returns 504. "Security" is "off", if that matters.
  HELP!

  To use https use tomcat+apache.
  You can configure apache to make SSL with client authentification.
  It's cleaner than use tomcat+jsse.

• Several RMI (easy) issues

  Hi,
  Developping a small RMI application, I face the following issues:
  I can run several RMI servers on a machine (launched with 1 or more userId (root, guest, foo)) but how can RMI clients be notified of how many RMI servers have been launched (and their port number). How to specify the server we want to log in ? Is it possible to have from a client the list of all RMI servers running on a machine ?
  I would like that clients use login/passwd to connect the RMI server. In fact, If the client authentifies itself with root/passroot it automatically runs on the root RMI server launched. How can I do that ?
  Thanks.
  If it is not clear enought I will explain my problems differently.

  Here are my replies:
  1) the issue is that the server can execute system commands (kill ,renice, performance command...). So, I don't want, if a server has been started as root, that every body accessing this server can run a kill on a process. So every user would have to launch its own server and then only access to services it can perform normally when logging on this machine. Moreover the RMI server has to retrieve a lot of infomation in less than 1sec (do some sys calls and internally retrive the state of all processes running on the server machine) so I think is better do launch several servers.
  Note: the client MUST have a direct access to the server machine. It is a pre-requiered.
  2) Thanks.
  3) So the client can send the login/passwd info tho the server, which look in the unix account on the system, register the client with the good server and that accept the connection.
  A lot of messages talking aboiut RMI security gives some idea on how implmenting a secured connection between client/server but I cannot find any pseudo-code or code sample.
  Do you have sme pointers ?
  Thanks

• [TMG 2010] Open port

  Hello,
  Sorry for my English, a little rusty
  ^ ^
  I need to open TCP and UDP ports 46015
  for a java application that connects
  us to a room with video outside.
  http://evo.caltech.edu/evoGate/Documentation/faq/firewall/firewall.html
  I create protocols and make
  the rule but it does not work!
  the rule:
  Web Conference -> Incoming TCP
  (46015) outgoing TCP (46015)
  UDP Send Receive (46015)
  -> From: Internal to External
  When I enabled it works after
  2-3 minutes it does not work ...
  When I check in the log:
  [Engine][analyseNetwork] Default UDP port (46015): false, RTT = 0
  [Engine][analyseNetwork] ... tested with xxx.xxx.xxx.xxx
  [Engine][analyseNetwork] Default TCP port (46015): false
  [Engine][analyseNetwork] Port 80 TCP: true
  [Engine][analyseNetwork] Port 443 TCP: true
  [Engine][analyseNetwork] Port 8080 TCP: false
  [Engine][analyseNetwork] Port 8443 TCP: false
  Thank youfor your help

  Thank you
  for your help
  That is what happens
  in the log:
  Adresse IP du client Nom d'utilisateur du client Agent client Client authentifié Service Nom du serveur Serveur de référence Nom de l'hôte de destination Adresse IP de destination Protocole Transport Méthode HTTP URL Règle Informations sur les filtres Type MIME Source de l'objet Heure du journal Informations sur le cache Informations sur l'erreur Port de destination Port source Type d'enregistrement de journal Type de session Réseau source Réseau de destination Action Bidirectionnel Interface réseau En-tête IP brut Charge utile brute Temps de traitement Code du résultat Octets envoyés Octets reçus Adresse IP original du client Code d'état HTTP Heure GMT du journal Serveur d'authentification Résultat de l'analyse NIS Signature NIS Nom de la menace Action d'inspection de détection de programmes malveillants Résultat de l'inspection de détection de programmes malveillants Catégorie d'URL Mode de transmission des données ID de groupe UAG Version UAG ID de module UAG ID UAG Gravité UAG Type UAG Nom d'événement UAG ID de session UAG Nom de tronçon UAG Nom de service UAG Code d'erreur UAG Durée de l'inspection de détection de programmes malveillants (millisecondes) Niveau de menace Adresse NAT Champ du journal des informations sur le service interne Chemin de l'application cliente Hachage SHA1 de l'application cliente État d'approbation de l'application cliente Nom interne de l'application cliente Nom de produit de l'application cliente Version de produit de l'application cliente Version de fichier de l'application cliente Nom du fichier d'origine de l'application cliente FQDN du client Protocole d'application NIS Raison à la catégorisation des URL Version du client Forefront TMG Nom de l'hôte de destination de l'URL Règle remplacée
  172.16.100.3 FOREFRONT - 131.215.116.151 UDP E UDP - - Web conférence(1) - - 13/02/2014 13:27:53 0x0 0x0 46015 54052 Pare-feu Interne Externe Connexion initiée 0 0x0 SUCCESS 0 0 172.16.100.3 13/02/2014 12:27:53 - - - - 0 - 0 - - - - - - 0 0 192.168.1.33 0 - -
  172.16.100.3 FOREFRONT - 192.65.196.81 UDP E UDP - - Web conférence(1) - - 13/02/2014 13:27:53 0x0 0x0 46015 54053 Pare-feu Interne Externe Connexion initiée 0 0x0 SUCCESS 0 0 172.16.100.3 13/02/2014 12:27:53 - - - - 0 - 0 - - - - - - 0 0 192.168.1.33 0 - -
  172.16.100.3 FOREFRONT - 192.65.196.79 TCP S TCP - - Web conférence(1) - - 13/02/2014 13:27:55 0x0 0x0 46015 61689 Pare-feu Interne Externe Connexion initiée 0 0x0 SUCCESS 0 0 172.16.100.3 13/02/2014 12:27:55 - - - - 0 - 0 - - - - - - 0 0 192.168.1.33 0 - -
  172.16.100.3 FOREFRONT - 192.65.196.79 HTTPS TCP - - Autoriser l'accès Web pour tous les utilisateurs - - 13/02/2014 13:27:55 0x0 0x0 443 61692 Pare-feu Interne Externe Connexion initiée 0 0x0 SUCCESS 0 0 172.16.100.3 13/02/2014 12:27:55 - - - - 0 - 0 - - - - - - 0 0 192.168.1.33 0 - -

• Proxy configuration for 10.1.2 b2b with 10.1.3 ohs

  Looking for documentation on configuring outbound proxy for b2b through an OHS instance. I found some docs showing mod_proxy configuration, but the doc also had mod_oc4j configuration instructions. Can anyone explain what functionality mod_oc4j would provide for an outbound https post? We're also concerned that mod_proxy may not send https connections properly. I believe we want to initiate ssl sessions at the b2b server, but not have any ssl authentication until the connection reaches the external endpoint beyond the proxy server. We've been referred to document B25761, but we're still seeking a bit more guidance.
  TIA

  Hello,
  could you please clarify how to setup an SSL client authentification between two trading partners for B2B in reverse proxy configuration (using OHS)?
  Are the necessary steps same as those specified in your previous post?
  At the present time I have two trading partners communicating with each other using HTTPS + client certificate authentification. So far this setup works pretty well. Now I would like to move one of the trading partners behind a proxy (OHS) in our DMZ but I still want them to authorize against each other using client certificates.
  What should I do to make the client certificate authentification work? Is B2B proxy configuration "smart enough" and as such already supports this scenario?
  Thanks in advance,
  Krystof Nemec