SSL Certificate - No public Biztalk

Hello !!
I've been working with Biztalk since 2006 version, always doing some AS2, encryption and so on. It's the first time a customer requires to use a GoDaddy, Symantec, etc. SSL (in the past always self-signed ssl).
My question is simple:  This biztalk server is not public, won't use a URL, just plain IP.  The guys at GoDaddy or Symantec does not understand what I'm asking for, they just keep asking what's the URL of the website.
Can you give me any directions on how to work with this scenario? How do I request the SSL certificates for encryption and signing?
Thank you!
Victor

You will have a problem with that which you might not be able to overcome.
The names on the certificate used for TSL/SSL must match the host names used in the url either directly or by wildcard.
However, no public vendor will sell you a total wildcard certificate and probably no public vendor will sell you an IP address based certificate because a particular address, 10.4.5.6 for example, can be used many, many times on different networks. 
If you actually own that public address space, maybe, but it's unlikely you do.
You have two realistic options:
Assign the BizTalk endpoint a name in a DNS namespace you own and buy a certificate for that.  You don't actually have to register the host name, the clients can use a hosts file or equivalent.
Continue to use self-issued certificates.
One question, of the BizTalk Server is not public, how is the customer accessing it?  I don't need to know how, but it's an unusual request to require a public cert for an internal service.

Similar Messages

  • Server 2008R2 - SSL Certificate Weak Public Key Strength

    Hello -
    I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
    The first is finding is:
    'SSL Certificate Weak Public Key Strength'
    "Retina has detected that the certificate on the target supports a  cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
    "Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
    **Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
    The second finding is:
    'SSL Certificate Self-Signed'
    "Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
    "Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
    **Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
    Any help would be greatly appreciated!!
    Thanks,
    Ryan

    A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
    Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
    #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
    #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
    #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
    #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
    #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
    $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
    $myCertsList = Get-ChildItem $myCerts.PSPath
    $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
    $myCerts.Close()
    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

  • SSL Certificate & Local Access

    Hi everyone,
    I'm currently in the process of re-keying exchange with a new certificate.
    Currently, outlook clients have the following configuration:
    Mail Server: server01.domain.local
    HTTP Proxy: exchange.domain.com.au
    Therefore the current SSL is keyed for:
    Primary: exchange.domain.com.au
    Alternate: server01.internal.local, autodiscover.domain.com.au, autodiscover.internal.local
    With the old certificate, this is fine - however from November the 1st 2015 SSL authorities are allowing only external fully qualified domain names.
    Therefore the SSL can ONLY be key for:
    Primary: exchange.domain.com.au
    Alternate: autodiscover.domain.com.au
    This means that when connecting to exchange server01.domain.local I receive an error stating the the name on the certificate does not match the name of the host (because it's connecting locally).
    Is there any way of adjusting configuration in Exchange for users to connect to the external exchange.domain.com.au even though they are local? I would obviously need to update autodiscover etc also
    Cheers,
    Anthony

    There are two possible solutions using SSL certificate from public and pricate 
    1. Use ssl cert from public CA for public domain name (exchange.domain.com.au) on Reverse proxy servers like ISA or TMG for external access. and use Internal CA for internal names on exchnage server (server01.internal.loca)
    or
    2.You can create another site using separate NIC card on exchange server. Use Internal CA certificate on Default site and public CA certificate on New site.

  • Sending SSL Certificate to external Web service in BizTalk 2010

    Hi,
    We are facing issues in calling the external web service(SAP I Web service) which is authenticated using the SSL self signed certificates.
    When BizTalk sends the request to SAP it fails with HTTP 401 error, and in SAP PI the log says calling application not sending the client certificate. Please help us in sending the request to external web service by signing with the client
    certificate.
    Below are the details,
    1. This is a 2-way SSL communication authenticating based on the client Certificate.
    2. BizTalk server public key certificate is shared to SAP PI and using SAP PI certificate public key in biztalk
    3. Configuration done at BizTalk as given below
    1. Created BizTalk Certificate using makecert command
    2. Client and Server Certificate Installation
    - Installed BizTalk Client Certificate in Certificates Store under
    a. Current User--> Personal (Private Key)
    b. Current User --> Trusted Root Certification Authorities (Public Key)
    c. Local Computer --> Personal (Private key)
    d. Local Computer --> Trusted Root Certification Authorities (Public Key)
    e. Current User--> Other People
    Installed SAP Server Certificate in Certificates Store under
    a. Current User --> Trusted Root Certification Authorities
    b. Current User --> Trusted People
    c. Local Computer --> Trusted Root Certification Authorities
    d. Local Computer --> Trusted People
    e. Current User--> Other People
    3. BizTalk Status Solicit Response Send Port(used to call the SAP PI Web service) Configuration
    - Transport Type  WCF-Custom
    - Binding  BasicHttpbinding
    Security Mode : Transport
     Client Credential Type : Certificate
     Proxy Credential Type : None
     Realm : localhost
    • Message
     Client Credential Type : Certificate
    Client CredentialsClient Certificate
     findValue : CN=< Thumbprint >
     x509Findype : FindByThumbPrint
    • Server Certificate
     findValue : <Thumbprint>
     x509Findype : FindByThumbPrint

    Hi All,
    The reasons why the trigger from BizTalk is failing and the trigger from SoapUI is successful.
    In SoapUI configuration we select the Private key of the client certificate and provide the password for the same.
    In BizTalk we only have the option of selecting the certificate and we cannot provide the password. Below is the MSDN article for the same
    In one of the Site  , its mentioned as below, Kindly let us knwo whether the below mentioned will work or not
    Organization Security Restrictions::
    Each organization may have restriction on using client certificates for security reasons . One such restriction is when a user requests a client certificate a password prompt is displayed . A client certificate can be used only if the correct password is provided
    becuase Biztalk Server uses services and services cannot interact with dialog boxes so do not use client certificates requiring password validation.
    To Prevent the issue , configure the policy so no password are prompted when a certificate is used this setting is enforced by the Group policy Object (GPO) system cryptography: Force strong Key protection for user keys stored on the computer . If setting
    this policy , then the value should be set to "User input is not required when new keys are stored and used "
    Kindly let us know whether setting needs to be done in the system cryptography
    Thanks

  • Use public SSL certificate for WebAccess 8 on SLES10 Linux S

    Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
    Thanks in advance.
    Wilson

    wilsonhandy wrote:
    > Currently my WebAccess 8 server is running on NetWare. I want to move
    > my WebAccess to SLES10 SP3 server and use public SSL certificate from
    > third-party on SLES 10. I think this is just to get apache to use the
    > public cert on SLES 10 Linux server and nothing to change on
    > WebAccess, right?
    Yeah, it's purely an Apache config. No need to do anything to
    WebAccess just to get SSL working.
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms

  • How do I install this self-signed SSL certificate?

    I haven't been able to connect to the jabber server I've been using (phcn.de) for quite some time now, so I filed a bug report with mcabber. The friendly people there told me to install phcn.de's self-signed certificate, but I can't figure out for the life of me how to do that.
    I know I can download something resembling a certificate using
    $ gnutls-cli --print-cert -p 5223 phcn.de
    Which does give me something to work with:
    Resolving 'phcn.de'...
    Connecting to '88.198.14.54:5223'...
    - Ephemeral Diffie-Hellman parameters
    - Using prime: 768 bits
    - Secret key: 767 bits
    - Peer's public key: 767 bits
    - PKCS#3 format:
    -----BEGIN DH PARAMETERS-----
    MIHFAmEA6eZCWZ01XzfJf/01ZxILjiXJzUPpJ7OpZw++xdiQFBki0sOzrSSACTeZ
    hp0ehGqrSfqwrSbSzmoiIZ1HC859d31KIfvpwnC1f2BwAvPO+Dk2lM9F7jaIwRqM
    VqsSej2vAmAwRwrVoAX7FM4tnc2H44vH0bHF+suuy+lfGQqnox0jxNu8vgYXRURA
    GlssAgll2MK9IXHTZoRFdx90ughNICnYPBwVhUfzqfGicVviPVGuTT5aH2pwZPMW
    kzo0bT9SklI=
    -----END DH PARAMETERS-----
    - Certificate type: X.509
    - Got a certificate list of 1 certificates.
    - Certificate[0] info:
    - subject `CN=phcn.de', issuer `CN=phcn.de', RSA key 1024 bits, signed using RSA-SHA, activated `2009-05-04 08:26:21 UTC', expires `2014-04-08 08:26:21 UTC', SHA-1 fingerprint `d01bf1980777823ee7db14f8eac1c353dedb8fb7'
    -----BEGIN CERTIFICATE-----
    MIIBxzCCATCgAwIBAgIINN98WCZuMLswDQYJKoZIhvcNAQEFBQAwEjEQMA4GA1UE
    AwwHcGhjbi5kZTAeFw0wOTA1MDQwODI2MjFaFw0xNDA0MDgwODI2MjFaMBIxEDAO
    BgNVBAMMB3BoY24uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALqS+tnB
    tNruBGdcjw0o+BWSdfkKH4T3VpS7bkrsS0q7RD5iUIao7jH2lJqTk1TrLbQe28+R
    H0X9Ya+w22iYFea2l3wkrTnBfgdSZbRhpSxgVvC2QEBMoSrEQoRpo5lzXadRlob/
    RQ+rhu/cWCNeiRJzfkmNirPVEciGKQHrwKxxAgMBAAGjJjAkMCIGA1UdEQQbMBmg
    FwYIKwYBBQUHCAWgCwwJKi5waGNuLmRlMA0GCSqGSIb3DQEBBQUAA4GBALFBalfI
    oESZY+UyVwOilQIF8mmYhGSFtreEcUsIQvG1+cgD16glKehx+OcWvJNwf8P6cFvH
    7yiq/fhMVsjnxrfW5Hwagth04/IsuOtIQQZ1B2hnzNezlnntyvaXBMecTIkU7hgl
    zYK97m28p07SrLX5r2A2ODfmYGbp4RD0XkAC
    -----END CERTIFICATE-----
    - The hostname in the certificate matches 'phcn.de'.
    - Peer's certificate issuer is unknown
    - Peer's certificate is NOT trusted
    - Version: TLS1.0
    - Key Exchange: DHE-RSA
    - Cipher: AES-128-CBC
    - MAC: SHA1
    - Compression: NULL
    - Handshake was completed
    - Simple Client Mode:
    Unfortunately, the above command spits out more than a certificate. Do I need the additional information? If so, what do I need it for? Where do I need to put the certificate file?

    Hi,
    I recently found out a way how to install test or self-signed certificates and use it with S1SE.
    See:
    http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
    Follow the instructions there
    1. Create CA
    2. Create root ca certificate
    Now install the root-ca-certificate in S1SE -> Security>Certificate Management and Install a "Trusted Certificate Authority".
    Paste the contents of the file: cacert.pem into the message-text box.
    Then restart the server. Now your CA-Cert should be visible in the Manage Certificates menu.
    The next step is to send a certificate-request from S1SE to your e-mail-address.
    The contents of the e-mail the server sends to you (certificate request) must be pasted into the file: newreq.pem.
    Now just sign the Request:
    CA.pl -sign
    The last step is that you have to paste the contents of the file newcert.pem into the message-box of the Security>Certificate Management - now under the option Certificate for "This Server".
    Then you have to reboot the server/instance again and it should work with your certificate.
    Regards,
    Dominic

  • Problem in Authenticating Clients using SSL certificates in EP 7.0

    Hi all,
    Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
    We have completed our configuration as defined in following links
    http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
    and SAP note 583439.
    But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
    So in short it dosent authenticate users on their certicates.
    Following are snaps that I have taken from my default logs.
    Latest snap.
    Date , Time , Message , Severity , Category , Location , Application , User
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Exiting method , Path ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Certificate: Version: 3
    Serial number: 4123385933
    Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
    Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
    Valid not before: Tue Feb 20 09:17:00 EST 2007
          not after: Wed Feb 20 09:17:00 EST 2008
    Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
    RSA public key (1024 bits):
    public exponent: 10001
    modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
    Certificate Fingerprint (MD5)  : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
    Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
    Extensions: 1
    , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not after: Wed Feb 20 09:17:00 EST 2008 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Not before: Tue Feb 20 09:17:00 EST 2007 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Serial: f5c5e04d , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 ,  Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path ,  , com.sap.engine.services.ssl.verifyChain () ,  ,
    02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
    java.lang.NullPointerException
         at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
         at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
         at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error ,  , com.sap.engine.services.httpserver.dispatcher ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() ,  ,
    02/27/2007 , 15:13:59:535 , Handshake failed
    [EXCEPTION]
    java.io.EOFException: Connection closed by remote host.
         at iaik.security.ssl.Utils.a(Unknown Source)
         at iaik.security.ssl.o.b(Unknown Source)
         at iaik.security.ssl.o.c(Unknown Source)
         at iaik.security.ssl.r.f(Unknown Source)
         at iaik.security.ssl.f.c(Unknown Source)
         at iaik.security.ssl.f.a(Unknown Source)
         at iaik.security.ssl.r.d(Unknown Source)
         at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
         at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
         at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
         at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
         at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
         at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
    , Info ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug ,  , com.sap.engine.services.ssl ,  ,
    02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug ,  , com.sap.engine.services.ssl ,  ,
    Regards,
    Atif Mukhtar

    Atif,
    Did you get a solution to the problem you were having? We have a similar problem.
    Thanks,
    Dave

  • Cannot display images after updating SSL certificate

    Hello All,
    With the changes in SSL certificates (no support for .local domains in public certificates), I had to update the SSL certificate used for our Exchange 2010 Server.  We are a small organization with a single server running Exchange Server 2010. 
    There were some articles about how to change the URL's within Exchange to use the public (not .local) domain names.  We followed these instructions and now, when a user using Outlook sends an e-mail with an image embedded to other users in the domain,
    they see a placeholder for the graphic with the text "The linked image cannot be displayed.  The file may have been moved, renamed, or deleted.  Verify that the link points to the correct file and location." .  This is causing a great
    deal of concern to the users and I cannot find anything on how to fix or even troubleshoot this issue.  Any assistance will be greatly appreciated.
    Thanks in advance,
    Allen
    Long time IT professional always learning the new stuff! Thank you for your assistance.

    Hi,
    According to your post, I understand that client face an problem “The linked image cannot be displayed.  The file may have been moved, renamed, or deleted.  Verify that the link points to the correct file and location” after change SSL certificate.
    If I misunderstand your concern, please do not hesitate to let me know.
    Do you see the "page cannot be displayed" error only from your DC server or also from a Windows 7 client machine? What browser do you use and what version?
    Please run “certutil –store” command from a command to verify that the certificate is correctly installed in the certificate store. Also run “certutil -store my” to check the certificate from CA.
    If the certificate is already installed, please refer to below link to check the value of Cache in registry:
    https://support.microsoft.com/en-us/kb/2753594
    Thanks
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Allen Wang
    TechNet Community Support

  • File Adapter FTP SSL SSL Certificate Exception

    After reviewing the results of searching on this error, I do not find anything that fits my situation:
    SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
    I am not using X.509 certificate for client authentication.
    My connection is using a non-public certificate.
    I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
    I am getting the following error:
    Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
    Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
    Any recommendations?

    Hi,
    The main reasons for this error are:
    1. The correct server certificate could not be present in the TrustedCA
    keystore view of NWA. Please ensure you have done all the steps
    described in these two URLs:
    Security Configuration at Message Level
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
    0a1550b0/frameset.htm
    2. The server certificate chain contains expired certificate. Check for
    it (that was the cause for other customers as well) and if it's the case
    renew it or extend the validation.
    3. Some other people have reported similar problem and mainly the
    problem was that the certificate chain was not in correct
    order. Basically the server certificate chain should be in order
    Own->Intermedite->Root. To explain in detail, if your server certificate
    is A which is issued by an intermediate CA B and then B's certificate is
    issued by the C which is the root CA (having a self signed certificate).
    Then your certificate chain contains 3 elements A->B->C. So you need to
    have the right order of certificate in the chain. If the order is B
    first followed by A followed by C, then the IAIK library used by PI
    cannot verify the server as trusted. Please generate the certificate in
    the right order and then import this certificate in the TrustedCA
    keystore view and try again. Please take this third steps as the
    principal one.
    Hope it solves your querie.
    Regards,
    Caio Cagnani

  • How to get the Users Name from the SSL certificate?

    Trying to achieve the following:
    Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
    Does SSO do this or something else?

    Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
         File scriptFile = File.createTempFile("script", ".js");
         FileWriter fw = new FileWriter(scriptFile);
         fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
         fw.flush();
         fw.close();
         BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
         String uName = br.readLine();
         br.close();
         scriptFile.delete();
         if (scriptFile.exists()) scriptFile.deleteOnExit();
         return uName;
    }

  • SQL Server SSL Certificate

    Hi All,
    I am slowly getting to the bottom of applying SSL throughout my project but am stuck in the current situation and I need help please..
    Project is a Java servlet running on Windows. Java 1.6 and Tomcat 7 but connects to a SQL Server database and an Oracle database (running on unix). We have a keystore set up successfully on the servlets' server with root, intermediate certificates etc
    that successfully encrypts the connection to Oracle. The server team maintaining the server hosting the SQL Server database have supplied me with an SSL certificate, I am told is for accessing the SQL Server database. I am assuming it is a public key certificate.
    I am trying to apply this certificate to encrypt the network traffic to the SQL Server database. I have attempted to import the certificate into the keystore mentioned above using the Java keytool but this does not work so I deleted the certificate from
    the keystore again. I found the URL below which I have followed to install the certificate through MMC but cannot find how to now force Tomcat to encrypt the network traffic.
    http://support.microsoft.com/kb/316898
    Can someone please tell me what I am missing here please? There is loads of guidance on setting up keystores with root and intermediate certificates etc, but I cannot find any guidance on what to do in Tomcat to use a single provided SSL certificate. Do
    I use the Java cacerts file and import the certificate in there?
    Thanks in advance
    Regards
    AJF

    Hi SQL Team - MSFT
    Thank you for your response.
    I have been looking at this further.  I have only been given one SSL certificate which I am assuming because it has a file format of ".cer" it is the public key for the certificate on the server hosting the SQL server database.  For this to work
    they way we want, the "clients" will not have SQL Server Configuration Manager installed, but instead will have the SSL certificate mention above stored in a Keystore set up with the "Keytool" in the Java JRE.
    I am unsure how the guys who manage the server hosting the SQL server database have set up the SSL certificate, i.e. if they have set up a root and intermediate certificate etc.  I am currently trying to get information out of them (They are not
    located immdiately near my location).  I have a funny feeling they have not set up the SSL at their end correctly, and I am wondering if they have just imported into the servers browser, the same public key certificate they forwarded to me.  When
    you say "you have to first export the Trusted Root Certificate Authority from the server and import this to the client", what part of the SSL certificate(s) do you mean?
    Do you mean the Certificate Authority root certificate and I have to import that into the client as well as the public key certificate?
    I look forward to you next feedback.
    Regards
    Alanjo

  • ISE: Guest SSL Certificate Not Trusted Error

    Team,
    We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
    I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
    Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
    Please advice
    Thanks in advance

    The only solution that can competely resolve your issue is to get a certificate from any trusted  CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may  appear sometimes.

  • Accepting runtime-specified SSL certificates in WebLogic 11g

    Hi all!
    In our application we need to call several Web Servervices based on URL's and trusted SSL certificates that are stored in database. Those certificates are self-signed but we cannot add them in the WebLogic truststore (we only want to accept them for those specific web service calls). This is 2-way SSL but our server refuses the remote certificate.
    What is the right way to do this?
    In WebLogic 10g we used to do the following:
        WlsSSLAdapter adapter = new WlsSSLAdapter();
        try {
            // setup for client certificate
            adapter.setKeystore(…);
            adapter.setClientCert(…);
            // setup for accepting the remote certificate
            adapter.setTrustManager(new TrustManager() {
                @Override
                public boolean certificateCallback(X509Certificate[] paramArrayOfX509Certificate, int paramInt) {
                    return paramArrayOfX509Certificate[0] == expectedCertificate;
        } catch (Exception e) {
            throw new RuntimeException(e);
        ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(weblogic.wsee.jaxrpc.WLStub.SSL_ADAPTER, adapter);However in WebLogic 11g it appears that even if the <tt>TrustManager</tt> is called (which we checked by using a debugger), WebLogic refuses the certificate:
    <validationCallback: validateErr = 16>
    <  cert[0] = Serial number: 9232073310112809071929676484517784211
        Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
        Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
        Not Valid Before:Tue Nov 01 14:33:31 CET 2011
        Not Valid After:Sun Nov 02 14:33:31 CET 2031
        Signature Algorithm:MD5withRSA
        >
    <weblogic user specified trustmanager validation status 16>
    <Certificate chain received from mestoudi2 - 10.142.0.23 was not trusted causing SSL handshake failure.>
    <Validation error = 16>
    <Certificate chain is untrusted>
    <SSLTrustValidator returns: 16>
    <Trust status (16):  CERT_CHAIN_UNTRUSTED>
    <NEW ALERT with Severity: FATAL, Type: 42
        java.lang.Exception: New alert stack
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
    …I think the first difference occurs on the line "+weblogic user specified trustmanager validation status 16+" where in WebLogic 10g the value was 0 instead of 16.
    If we check "Use JSSE SSL" in the WebLogic administration console (which switches the implementation to com.sun.net.ssl instead of com.certicom.tls), the <tt>TrustManager</tt> is not called at all.
    We also tried to configure the <tt>TrustManager</tt> by implementing a <tt>javax.net.ssl.X509TrustManager</tt> that we set on a <tt>weblogic.wsee.connection.transport.https.HttpsTransportInfo</tt> passed to the stub using
    ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(TRANSPORT_INFO, transportInfo);But it is not called either – however it works for setting up a proxy for example. We are generating the stubs using the clientgen Ant task (<tt>weblogic.wsee.tools.anttasks.ClientGenTask</tt>).
    We are a little bit stuck, any idea of what we should do? Is the WebLogic 11g behavior a regression or is there something else we should configure to get back the old behavior?

    Hello,
    Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
    look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
    I suggest that you change the default configuration (not using the demo one),
    then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
    opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
    once your certificated is added to your trust store it should work.
    I hope it will help.

  • Expert advice needed: Why could I not connect to my own server after deletion of SSL certificate?

    Issue: Could not connect to my own server after deletion of SSL certificate despite having SSL disabled
    Hello,
    I admit I am lay user with rudimentary SSL knowledge and I therefore messed up my certificates and I could no longer access my own server (Wikis, WebDav, Device Manager) with Safari. (error: Safari can't connect to server)
    Eventually, I could resolve the problem but I do not understand why there was problem in the first place.
    Maybe someone can explain that to me ?
    OK, here is what I did:
    I created a Certificate Authority because I wanted to use a free SSL Server certificate for our private server.
    (I followed  http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388 )
    Despite several attempts I never got the server to accept the certificate for web services, the certificate was accepted for iCal, Mail and iChat but not for Web services. I tested an older certificate that was created when I set up the server and that that worked for all services incl. Web. So the problem was with my certificate only.
    Out of desperation and lack of concentration I deleted the "original" certificate.
    Now, I soon noticed that I could no longer log in to my server. I solved the problem by restoring the original certificate.
    My question:
    I had SSL disabled in the Server app settings. Why does Safari still look for a proper certicate ? (the server logfile had an entry that a .pem file could not be found which makes sense if the cert has been deleted)
    I would be very grateful for an expert advice.
    Regards,
    Twistan

    Because....
    the server does not have a 'trusted' certificate assigned to it.
    Only the RDP Gateway has the trusted certificate for the external name.
    If you want to remove that error, you have to do one of the following:
    Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
    So, something like,
    server.domain.publicdomain.com
    Or,
    Install that certificate on your remote computer so it is trusted.
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

  • Getting SSL certificate via LDAP connection

    Hello...
    I'm trying to get the SSL Certificate from a Novell eDir directly by connecting through ldap. The object dn is:
    cn=SSLSERVICES1024 - SERVICES, ou=gip, o=testorg
    and when I list all the attributes are:
    ===========
    nDSPKICertificateChain: 0
    hostServer: cn=SERVICES,ou=GIP,o=testorg
    nDSPKIPublicKey: 0
    nDSPKIKeyFile: @P
    objectClass: nDSPKIKeyMaterial, top
    nDSPKIPrivateKey: 0
    nDSPKIPublicKeyCertificate: 0
    cn: SSLSERVICES1024 - SERVICES
    nDSPKISubjectName: O=testorg.OU=GIP.CN=SERVICES
    nDSPKIGivenName: SSLSERVICES1024 - SERVICES.GIP.testorg
    ACL: 2#entry#[Public]#hostServer, 2#subtree#cn=SAS Service - SERVICES,ou=GIP,o=testorg#[All Attributes Rights]
    ==============
    Which attribute do I take to instanciate a X509Certificate class?
    Any ideas?
    Thank you!

    I am not exactly sure what you are trying to do, but I was using e-directory and trying to get SSL working. Here is the URL for what I did to get SSL working.
    http://forum.java.sun.com/thread.jsp?forum=51&thread=322566
    hopefully it helps
    -Allison

Maybe you are looking for

  • Print multiple pages on one page in Preview?

    I tried to print a PDF in OSX Lion and I was unable to find the option to print multiple pages on one Page. Instead there is an option to print multiple copies of pages on one page. Does anybody know where I can find the old option from (as in Snow L

  • Opening and closing balance mismatch for - RG23A Part II

    Dear SAP Gurus, RG23A-Part-II for the month of May 2010 and have noticed the following problems 1. The closing balance of last month is not tallying with the opening balance of current month. The balances printed in the register for BED, EDUCESS And

  • PS CS5 importing images issue!

    Hi folks, i got a problem with ps cs5. I opened an 300 DPI A5 document and started to design it out. After some time i wanted to import some of my .png files into the composition. But then it happend, Photoshop boosted the size up of my image... its

  • Problem in cascading the Prompt..

    Hi Guru's, I need your expert advice on problem related to Prompt. I have 5 columns in one Prompt which belong to different dimension from same subject area which are joined from Fact table. Report month is from Buisness month table and Reportdate is

  • XML with Java

    Hi, I am new in XML and I need to design a Java GUI interface for managing changes to xml data(inserting, deleting of nodes). But i have no idea on how the communication is going to be established (How to link java to xml..). Any help will be very ve