SSL and "Hostname Verifier" field

Similar Messages

• Hostname verifier does not get invoked

  Hi All,
  I am new to weblogic and currently facing an issue with SSL. I checked this forum but none of the solutions really worked for me, so seeking advice starting a new thread. Kindly help.
  Problem 1
  I have a REST webservice running in one weblogic server and another weblogic server contains a client which is based on the code from the following link -
  http://wiki.open-esb.java.net/attach/RestBCEchoSSL/SslClient.java
  One way handshaking is enabled in both the weblogic and the KeyStore and Truststore are read from configurable directory in the client java code. I specify a directory which resides outside weblogic home.
  Even though there is an HostnameVerifier implemented in the code to return true always, it does not get invoked and I get a certificate exception as below -
  <Warning> <Security> <BEA-090542> <Certificate chain received from xx.yy.zz.rrr - xx.yy.zz.rrr was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  But when I run the java client from Eclipse I am able to invoke the webservice methods using HTTPs.
  So is not it possible to add a default hostname verifier as in the java code when the application is deployed in weblogic?
  Problem 2
  I another attempt to solve the above issue I turned off the hostname verification from weblogic admin console in the client weblogic side. In the console for the server Configuration > SSL->Hostname Verification field is set to "None". But that did not help.
  Then I added the '-Dweblogic.security.SSL.ignoreHostnameVerification=true' flag into the <domain>/bin/startWebLogic.sh file and restarted the weblogic. No luck again.
  ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Dweblogic.Name=${SERVER_NAME} -Djava.security.policy=${WL_HOME}/server/lib/weblogic.policy -Dweblogic.security.SSL.ignoreHostnameVerification=true ${PROXY_SETTINGS} ${SERVER_CLASS}
  I tried recreating the certificate using the' hostname' instead of the ip address ( also added an entry into the /etc/hosts file putting the ip and hostname so that I can do ping <hostname> from the client and get response returned from the server side). Again no luck :(. I keep getting the same handshake failure as mentioned above.
  The weblogic version is 10.x.
  Thanks,
  Amrit

  I did some more research for the issue mentioned which I yet to get rid of.
  1) I wrote a REST web service which makes a call to another REST service deployed on another weblogic using HTTPs (same code as mentioned above is used). I delpoyed the war and made a http call to the first webservice, the other REST service was invoked successfully using HTTPs. So this confirmed that there is no problem with the certificates or keystore or hostname verifictaion.
  2) My actual application still throws the handshake exception as below -
  <Warning> <Security> <BEA-090542> <Certificate chain received from xx.yy.zz.rrr - xx.yy.zz.rrr was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  So I think the problem is something else but weblogic is priniting the exception message wrong.
  The process hierarchy ( in UNIX ) is as shown below -
  bea 31914 31913 0 14:29 ? 00:00:00 /bin/sh <DOMAIN HOME>//bin/startWebLogic.sh
  bea 31989 31914 0 14:29 ? 00:01:25 /opt/bea/jdk160_24/bin/java <The weblogic start server process> started by startWebLogic.sh
  bea 32107 31989 0 14:29 ? 00:00:09 /opt/bea/jdk160_24/bin/java <One of custom process>
  bea 2038 32107 0 18:38 ? 00:00:15 /opt/bea/jdk160_24/bin/java <Another custom process which contains my java classes containing the REST client>
  The problem is there in both Weblogic 11 and 10.3 version.
  I will be grateful if someone gives any clue about the problem.

• BEA-090563 -- Cannot create instance of Hostname Verifier

  I am trying to use custom hostname verifier for my osb project and following are the steps.
  1. Create java class -- given below as reference...
  2. Add the full class name @ Admin server --> ssl --> Advanced --> custom hostname verifier -- also choose custom hostname verifier in the host name verification field above it.
  3. Package the class in the jar file using eclipse export java project and place the file in server-lib folder.
  4. Restart admin and osb server.
  I am facing following error ---
  osb_domain.log00932:####<Aug 3, 2012 12:01:41 PM EST> <Error> <Security> <server host name> <osb_server1> <[ACTIVE] ExecuteThread: '
  1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <6cf4c9e4b2f5468a:-4668cc77:138ea27406f:-8000-000000000000095d> <134
  3959301805> <BEA-090563> <Cannot create instance of Hostname Verifier <package name>:WildcardHostnameVerifier.>
  Can somebody let me know if there are any additional settings required for this to work ?
  JAVA CLASS
  package <package name>;
  import java.io.ByteArrayInputStream;
  import java.security.cert.Certificate;
  import java.security.cert.CertificateEncodingException;
  import java.security.cert.CertificateException;
  import java.security.cert.CertificateFactory;
  import java.security.cert.X509Certificate;
  import java.util.regex.Matcher;
  import java.util.regex.Pattern;
  import javax.net.ssl.SSLPeerUnverifiedException;
  import javax.net.ssl.SSLSession;
  import weblogic.security.SSL.HostnameVerifier;
  * @author Ravi_Shah01
  public class WildcardHostnameVerifier implements HostnameVerifier {
       /* (non-Javadoc)
       * @see com.certicom.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession)
       public WildcardHostnameVerifier() {
            System.out.print("Creating instance of WildcardHostnameVerifier");
       public boolean verify(String hostname, SSLSession session) {
            try {
                 Certificate cert = session.getPeerCertificates()[0];
                 byte [] encoded = cert.getEncoded();
                 CertificateFactory cf = CertificateFactory.getInstance("X.509");
                 ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
                 X509Certificate xcert = (X509Certificate)cf.generateCertificate(bais);
                 String cn = getCanonicalName( xcert.getSubjectDN().getName() );
                 if(cn.equals(hostname))
                      return true;
                 Pattern validHostPattern = Pattern.compile("\\*\\.[^*]*\\.[^*]*");
                 Matcher validHostMatcher = validHostPattern.matcher(cn);
                 if(validHostMatcher.matches())
                      String regexCn = cn.replaceAll("\\*.", "(.)*[\\.\\$]");
                      Pattern pattern = Pattern.compile(regexCn);
                      Matcher matcher = pattern.matcher(hostname);
                      if(matcher.matches())
                           if(matcher.group().equals(hostname))
                                return true;
                           else
                                return false;
                      else
                           return false;
                 else
                      return false;
            } catch (SSLPeerUnverifiedException e) {
                 e.printStackTrace();
                 return false;
            } catch (CertificateEncodingException e) {
                 e.printStackTrace();
                 return false;
            } catch (CertificateException e) {
                 e.printStackTrace();
                 return false;
       * Return just the canonical name from the distinguishedName
       * on the certificate.
       * @param subjectDN
       * @return
       private String getCanonicalName(String subjectDN) {
            Pattern pattern = Pattern.compile("CN=([-.*aA-zZ0-9]*)");
            Matcher matcher = pattern.matcher(subjectDN);
            if(matcher.find())
                 return matcher.group(1);
            return subjectDN;
  }

  Hi Ravi,
  3. Package the class in the jar file using eclipse export java project and place the file in server-lib folder.Instead of placing the jar in server-lib, please modify setDomainEnv.cmd/setDomainEnv.sh as below to add jar in the classpath-
  set CLASSPATH=<Your_Jar_PATH>;%CLASSPATH%
  Restart WebLogic Server and re-test.
  From Weblogic 10.3.4 onwards there is a patch available to enhance the existing default BEA hostname verifier to include wildcard certificates and wildcard host name verifier is available in Weblogic 10.3.6
  Regards,
  Anuj

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Custom hostname verifier not used when business services use a http proxy

  On OSB 10.3, we have a business services with an https end point. To access this end point, the business service used an http proxy.
  The certificate of the business endpoint is a wildcard certificate *.certificate.be . So we have a custom hostname verifier defined in the ssl configuration on the weblogic Server
  As we can see with the verbose mode at the jvm, the custom hostname verifier is not used when we use a http proxy in the business service. Osb use a ALSBHostnameVerifier and this one the defaulthostName
  <Mar 2, 2011 7:31:11 AM CET> <Debug> <AlsbTransports> <BEA-000000> <*** Connecting via proxy *** HTTP @ my.proxy.be/XXX.XXX.XXX.XXX:8080>
  [Loaded com.bea.wli.sb.transports.http.ALSBHostnameVerifier from file:/bea/osb_10.3/lib/sb-transports-main.jar]
  [Loaded weblogic.security.utils.SSLWLSHostnameVerifier$DefaultHostnameVerifier from file:/bea/wlserver_10.3/server/lib/weblogic.jar]
  Is there any way to force business service to used hostname verfifier defined in weblogic ssl server config?
  Thanks

  This is a known issue. Raise a case with support and ask a patch for bug#9182604
  Regards,
  Anuj

• WL-10.3.5 Error Creating Wildcard Hostname Verifier for Facebook OAuth

  Hi,
  I am writing an application that uses OAuth for 3rd party login. However, Weblogic 10.3.5 does not by default accept the way Facebook uses a wildcard in their SSL Certificate.
  Caused By: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from graph.facebook.com - 31.13.70.23 failed hostname verification check.
  Certificate contained *.facebook.com but check expected graph.facebook.comSo I am attempting to use a Custom Hostname Verifier that implements the weblogic.security.SSL.HostnameVerifier interface, to use instead of the standard BEA Hostname Verifier. I have packaged into a jar, my CustomHostnameVerifier class that implements the weblogic.security.SSL.HostnameVerifier interface. Here's where I might be running into trouble. To make this class available on the weblogic classpath, I have tried placing the jar in various weblogic lib directories on my development machine. (%WL_HOME%\wlserver_10.3\server\lib) And then in the weblogic console's advanced settings for SSL on the DefaultServer, I select that I want to use a Custom Hostname verifier, and provide the full class name of my class: my.package.prefix.CustomHostnameVerifier.
  Now when I reboot and try connecting with Facebook, a ClassNotFoundException is thrown:
  Caused By: weblogic.utils.NestedRuntimeException: [Security:090563]Cannot create instance of Hostname Verifier my.package.prefix.CustomHostnameVerifier...
  Caused By: java.lang.ClassNotFoundException: my.package.prefix.CustomHostnameVerifierI have checked that the class is in fact accessible from the jar, and have also used the start-up argument: -Dweblogic.security.SSL.HostnameVerifier=my.package.prefix.CustomHostnameVerifier, instead of and in addition to the SSL tab settings in the console. I've found no luck so far using suggestions from documentation and the web. I was just hoping someone might know what I'm doing wrong here, or be able to point me in the right direction for properly making classes available to weblogic.
  Thanks.
  -Tyler

  I solved this problem. I've extracted all required libraries from weblogic server.
  com.bea.core.descriptor.settable.binding_1.4.0.0.jar
  com.bea.core.descriptor.wl.binding_1.1.0.0.jar
  com.bea.core.descriptor.wl_1.1.0.0.jar
  com.bea.core.descriptor_1.4.0.0.jar
  com.bea.core.xml.beaxmlbeans_1.0.0.0_2-4-0.jar
  com.bea.core.xml.beaxmlbeans_2.2.0.0.jar
  com.bea.core.xml.staxb.buildtime_1.3.0.0.jar
  com.bea.core.xml.staxb.runtime_1.3.0.0.jar
  com.bea.core.xml.stax_1.1.0.0.jar
  com.bea.core.xml.xmlbeans_1.0.0.0_2-4-0.jar
  com.bea.core.xml.xmlbeans_2.2.0.0.jar
  glassfish.jaxb.xjc_2.1.6.jar
  glassfish.jaxws.rt_2.1.3.jar
  glassfish.jaxb_2.1.6.jar
  glassfish.jaxws.tools_1.0.0.0_2-1-3.jar     
  wlfullclient.jar
  weblogic.jar
  webserviceclient+ssl.jar
  webserviceclient.jar
  webservices.jar
  wlfullclient5.jar
  wlclient.jar

• Question about Domain and Host name fields.

  Hello! Just a quick question, I currently have the Mail Server up and running although I'm a little unsure about what exactly needs to be entered into the users email application.
  I've tested POP and IMAP using the information that I entered into the "Domain Name" field, and into the "Host name" field, and everything worked great.
  Example:
  Incoming Mail Server: mail.example.com
  Outgoing Mail Server: smtp.example.com
  Although while setting up another site and including the normal mail setup via DNS I've also noticed that I can send and receive email by using other sites that belong to me, as long as they are pointing towards our server.
  Example:
  Incoming Mail Server: mail.mynewsite.com
  Outgoing Mail Server: smtp.mynewsite.com
  So, I guess my question is whether its bad to use other websites in the incoming and outgoing mail server fields, or should I stick to the incoming and outgoing sites that I have listed in the Mail Server's 'Domain Name' and 'Host Name' fields?
  I hope that made sense, thanks again for your help.
  Paul
  PowerMac G5, Xserve G5, and PowerBook G4 Mac OS X (10.4.8)

  Does it matter if our users type mail.example.com
  into the incoming mail server, or are they allowed to
  use their own domain name "mail.mydomain.com" as long
  as the DNS is setup correctly?
  There is no intrinsic 'meaning' to hostnames entered into the mail client. These are merely converted to IP addresses, using available dns, and then the mail client communicates with the IP address, using whatever port number is applicable for the service required (e.g., port 25 for smtp, port 110 for pop). So you could use the hostname woohooo.mydomain.com for the smtp or pop server, as long as it resolves to the correct IP.
  This enables laptop users to have the one smtp/pop hostname, with lan dns resolving it to the local private IP and ext dns resolving same hostname to wan IP.
  There is also no need to have two separate hostnames for pop and smtp. These are typically used by ISPs because they have separate servers doing each job - one doing pop, one doing smtp. If one server does both (and there is no likelihood of splitting the services later) then just the one hostname for pop and smtp is fine.
  -david

• How to change IP address and hostname in solaris 9

  Hi experts,
  I want to change IP address and hostname of the server , Plese give steps, or any precise document .
  Thanks
  Mohan
  Message was edited by:
  mohan_sr

  did you already change your ip and host?
  if not, do the following instructions:
  * verify your hostname
  - uname -a
  - cat /etc/nodename
  both should show your hostname
  * alter your hostname
  - uname -S newname
  * verify the hostname
  - uname -a
  - cat /etc/nodename
  both should show your newname
  * edit /etc/hostname.ce0 (type ce0 depends on your net device)
  - echo 'newname' > /etc/hostname.ce0
  * verify /etc/hostname.ce0
  - cat /etc/hostname.ce0
  should show your newname
  * edit the following files
  - /etc/net/ticlts/hosts
  - /etc/net/ticots/hosts
  - /etc/net/ticotsord/hosts
  replace old with new hostname
  * edit /etc/inet/hosts
  replace ip and hostname
  * you have to look for
  - /etc/inet/networks
  - /etc/inet/netmask
  fit yout data
  After doing all changes you have to reboot your system.
  Use ipconfig to verify network data

• Hostname verifier errors in web service client

  We have a Web service consumer that runs in WebLogic, and we're receiving a hostname verifier error whenever the consumer attempts to contact the external Web service. The error is happening because the certificate's subject is for a hostname that is different than the URL that the consumer uses.
  One possible solution is to write a custom hostname verifier, but we'd prefer to not do that. Can this error be mitigated if we import the external Web service's certificate is added to the WebLogic truststore?
  Thank you

  NO, it cannot be mitigated..
  Importing the certificate into the trust store means you trust the certificate, but if the certificate's CN doesn't match the host name... then we have to disable host name verification/ write a custom host name verifier..

• Displaying Message in business place and Section code field in FB60 Tcode

  hii experts,
  I want to display a message 'Enter value in Business place and section code fields'
  if these fields are left empty under tcode FB60.
  I know that i hv to do modification in SAP Std program but i m not sure
  whether i should use User Exit / Enhancement for this. Plz help
  Regards,
  Apoorv Sharma

  Hi  Apoorv Sharma,
  Use the transaction CMOD, create a project and verify some of user-exit bellow can help you:
  F050S001   FIDCMT, FIDCC1, FIDCC2: Edit user-defined IDoc seg
  F050S002   FIDCC1: Change IDoc/do not send                   
  F050S003   FIDCC2: Change IDoc/do not send                   
  F050S004   FIDCMT, FIDCC1, FIDCC2: Change outbound IDoc/do no
  F050S005   FIDCMT, FIDCC1, FIDCC2 Inbound IDoc: Change FI doc
  F050S006   FI Outgoing IDoc: Reset Clearing in FI Document   
  F050S007   FIDCCH Outbound: Influence on IDoc for Document Ch
  F180A001   Balance Sheet Adjustment                          
  FARC0002   Additional Checks for Archiving MM Vendor Master D
  RFAVIS01   Customer Exit for Changing Payment Advice Segment 
  RFEPOS00   Line item display: Checking of selection condition
  RFKORIEX   Automatic correspondence                          
  SAPLF051   Workflow for FI (pre-capture, release for payment)
  Try also the BAdIs and verify if it is the moment that you need:
  FI_HEADER_SUB_1300 - Screen Enhancement for Document Header SAPMF05A
  FBAS_CIN_MF05AFA0 - EWT - Downpayment Clearing - Tax transfer for CIN
  FI_RES_ITEM_CURRENCY - Document of Residual Item with Invoice Currency
  FBAS_CIN_MF05AFA0 - EWT - Downpayment Clearing - Tax transfer for CIN
  FVFZ - Replacement for Function Modules of Function Group FVFZ
  FI_FB08_SUBST_BUDAT - FB08: Check Posting Date for Reversal of FI Doc. with FB08
  Case there are some place that your validations are validates,  so implement your code  with messages kind  "E".
  Best Regards.
  Welinton Rocha

• I make a new id and complete all fields and I but my cricket card information and submit but show me message to return to iTunes support

  I make a new id and complete all fields and I but my cricket card information and submit but show me message to return to iTunes support

  Then you need to contact iTunes support.
  There is probably a problem with your credit card or AppleID.  If there is an account security problem, only iTunes support will be able to help you.
  Use this form:  https://ssl.apple.com/emea/support/itunes/contact.html

• Acrobat XI Windows 7 - unable to (copy and) paste form fields to a different pdf.

  To maintain a consistent appearance and function in the forms I create for various departments, I copy a few form fields  (text, checkboxes) from an unrelated Acrobat PDF. Then I paste those fields into a different PDF document that I am making fillable.
  I do this because Acrobat does not allow setting a default for certain attributes when creating form fields, i.e. an unchecked scroll option, a default font other than Helvetica (in Acrobat 8, 9, and X). Plus it is time-saving to copy and paste fields that are the same in another PDF, like name, address, phone. etc.
  We just updated to Acrobat XI and Windows 7 and now I cannot paste copied fields onto a different PDF.
  Using "replace pages" is not applicable as I am pasting to an entirely different form and copying form fields with the settings I use. 
  Is this a glitch or is something new that was not in Acrobat 8, 9, and X?
  Also, question regarding this forum entry -  http://forums.adobe.com/message/5638333#5638333 - which is somewhat different from my current question.
  The PDF creator could not paste copied fields on other pages of the same PDF. Was this ever resolved so that copy and paste worked as it has for the last 3 versions of Acrobat?
  Thanks!
  Joanie

  Gilad:  You're right: when the fields are different, such as a checkbox and a text field, and you try to title them the same, Acrobat gives you a message. I received no messages, the field names are not the same or I missed one and Acrobat is no longer messaging about it.
  My question is different. Acrobat XI will not let me paste any field copied from a different PDF.  I've been doing that for 5 years in three different versions.  Maybe Acrobat XI has a new process for that, which I could not find in Acrobat help. Maybe it's because all forms now have extended rights automatically in Acrobat XI and there is another method to copy common fields to other PDFs.
  Any thoughts about the new Acrobat XI? It's different in many good ways, but different.
  Thanks for your ideas.

• How do I bind to directory server with SSL and authentication?

  I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
  Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
  Here are the problems:
  1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
  2) I was never prompted to authenticate for the directory binding.
  So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
  What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
  Thank you.

  You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
  Cheers,
  Vikas

• Key fields and non-key field of condition table

  Hello Gurus,
        what is key fields and non-key field of condition table?
  thanks very much!

  Key field
  Each condition table contains keys that can be used for creating dependent condition records.
  for example let take condition type PR00.
  PR00 uses access sequence PR02 .
  Access sequence PR02 has following tables associated with it namely 304, 305 & 306
  When you create a conditon record for PR00 with transaction VK11 or VK31, you have a button 'key combination' which is nothing but fields associated with tables 304, 305 & 306.
  In brief, Condition records are always created using specific keys. Condition tables are used to define the structure of the keys of a condition record.
  Non key field
  For example take condition table 144 - sales deal basic data.
  Table 144 is associated with access sequence PBUD.
  If you check the fields associated with this table (click technical view button), there are three fields at bottom which do not have 'key' check mark -KDATU, PLTYP, KSTAF
  So, when you create a condition record for PBUD, system does not propose these 3 fields in 'key combination' and hence are non key fields.
  Please reward points for good answers as this would help increase the total donation that SAP will make to the United Nations World Food Programme.

• How to create popup window with radio buttons and a input field

  Hi Guys,
  Can somebody give some directions to create a stand alone program to create a window popup with 2 radio button and an input field for getting text value. I need to update the text value in a custom table.
  I will call this stand alone program from an user exit. 
  Please give me the guidance how go about it or please give any tutorial you have.
  Thanks,
  Mini

  Hi,
  There are multiple aspects of your requirements. So let's take them one at a time.
  You can achieve it in the report program or you can use a combination of the both along.
  You can create a standalone report program using the ABAP Editor (SE38). In the report program you can call the SAP Module pool program by CALL Screen <screen number>. And then in the module pool program you an create a subscreen and can handle the window popup with 2 radio button and an input field for getting the text.
  For help - Module Pool programs you can search in ABAP Editor with DEMODYNPRO* and you will ge the entire demo code for all dialog related code.
  For Report and other Module pool help you can have a look at the following:
  http://help.sap.com/saphelp_nw70/helpdata/en/47/a1ff9b8d0c0986e10000000a42189c/frameset.htm
  Hope this helps. Let me know if you need any more details.
  Thanks,
  Samantak.