SSL certificates possible with different tools
I had the impression that the SSL certificate can be configured with Linux eg. RHEL only by following the normal procedure of installing mod_ssl package, using genkey …etc
But, I came to know that SSL certificate can be generated with the web server like Tomcat also. Is it correct that generation of SSL certificates is not limited to Linux only?
I hope my query is clear that if SSL certificates can be generated not only with Linux but with other tools also.
Please revert with the reply to my query.
Regards
Try using Google to get information.
Just because you happen to be a user of these forums (and also glancing at your posting history to see what sort of issues you are curious about) doesn't mean you should ask every question here at this web forum site.
When I place one of your sentences into Google,
"I came to know that SSL certificate can be generated with the web server like Tomcat also"
I get more than 800,000 search results that would easily guide toward better information than waiting for someone here to teach you about a non-Oracle topic.
Similar Messages
-
I am working with a modified version of the example "Acquire N - Multi-Analog Software Trig.vi" in Labview. The example retrieves data from 6 input channels each time an analog trigger occures. Is there any way to software trig (if possible with different treshold on each channel) on all channels in a logical OR-function?
Unfortunately you can only configure a trigger for a single channel. You could, in software, create a multiple-channel software trigger, but it will not be nearly as efficient.
Here is what you could do. You could call the the AI Start VI and AI Read VI in a while loop like the "Acquire-N-Multi-Analog Software Trig VI" but you would not be able to use the conditional retrieval part of the code. Initially, you could read only a few values from each channel and be comparing those values to each individual threshold within the loop. When all of the values have reached the thresholds, you could change (increase) the amount of values being read by AI Read.
This method would always be reading from the channels, but would not be returning a lot of data until all of
the channels have reached their threshold. Just a suggestion. I hope this helps.
Regards,
Todd D.
Applications Engineering
National Instruments -
DS 6: SSL certificate mapping with subject/issuer containing (")
Hello,
I got my personal test certificate from Verisgin, with an issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
The subject of the certificate ends with: ...OU=Digital ID Class 1 - Netscape, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."
My certmap.conf looks like:
certmap VeriSign [issuerDN]
VeriSign:FilterComps cn
VeriSign:verifycert on
VeriSign:CmapLdapAttr certSubjectDN
The question is what's the valid form of these strings containing (") in certmap.conf ([issuerDN]) to match the issuer and in certSubjectDN attribute - assuming it follows DirectoryString syntax. Note that they surround strings containing comma (,).
I see in logs:
conn=1 op=-1 msgId=-1 - SSL 128-bit RC4; client *OU=Digital ID Class 1 - Netscape,OU=Persona Not Validated,OU=\22www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98\22,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22; issuer CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22,C=US
I tested configuration against cert strings from logs, but they don't work. Strings containing (") also don't work.
Did anyone face the same issue?
Thanks for help in advance.The DN normalized version of O="Verisign, Inc." is O=Verisign\, Inc.
You may want to try this. BUt I must admit that I've never tried to do certificate mapping with quotes.
The certificate mapping functionality hasn't changed since the Netscape DS 4 code when Sun and Netscape started to work together.
Ludovic. -
SQL executing error differences with different tools, need help!!
Hi everyone,
I'm getting trouble with executing SQL query using SQLdevelopper.
but it returns the error about bind value parameter in & out doesn't set.
I also try to same SQL with other tools but only one tool could succeed
executing which is Osqledit.
SQL*Developper--------No
Object Browser--------No
Sql*Plus-------No
Osqledit-----Yes
does anybody know why some sql tools couldn't succeed executing
same sql such as Osqledit?
and also in this case often to cause or not?
thank you for reading and helping me.thanks SHUBH I think so too.
To Colin and others,
here is my SQL query which wasn't written in English so
it took me for a while to translate.
and it very long SQL which my co-worker made it.
sorry for it unable to read easily tho I need your help.
in additon, we use bind-values on this SQL.
select
shopcode,
JAN,
h.lowestestprice,
h.highestprice,
h.amount,
h.totalsales,
h.retailprice,
h.aprice,
h.normalamount,
h.normaltotalsales,
h.normalretailprice,
h.normalaprice,
h.discountamount,
h.discounttotalsales,
h.discountretailprice,
h.discountaprice,
h.memberamount,
h.memberretailprice,
h.memberretailprice,
h.memberaprice,
h.normalreserveamount,
h.discountreserveamount
from
select
shopcode,
JANcode JAN,
min(lowestestprice) lowestestprice,
max(highestprice) highestprice,
sum(amount) amount,
sum(totalsales) totalsales,
sum(retailprice) retailprice,
sum(aprice) aprice,
sum(normalamount) normalamount,
sum(normaltotalsales) normaltotalsales,
sum(normalretailprice) normalretailprice,
sum(normalaprice) normalaprice,
sum(discountamount) discountamount,
sum(discounttotalsales) discounttotalsales,
sum(discountretailprice) discountretailprice,
sum(discountaprice) discountaprice,
sum(memberamount) memberamount,
sum(membertotalsales) membertotalsales,
sum(memberretailprice) memberretailprice,
sum(memberaprice) memberaprice,
sum(normalreserveamount)
normalreserveamount,
sum(discountreserveamount)
discountreserveamount
from
testsalesfact
where
salesdate between :begindate and :enddate
group by
shopcode,
JANcode
) h
full outer join
select
shopcode,
JANcode,
min(lowestestprice) lowestestprice,
max(highestprice) highestprice,
sum(amount) amount,
sum(totalsales) totalsales,
sum(retailprice) retailprice,
sum(aprice) aprice,
sum(normalamount) normalamount,
sum(normaltotalsales) normaltotalsales,
sum(normalretailprice) normalretailprice,
sum(normalaprice) normalaprice,
sum(discountamount) discountamount,
sum(discounttotalsales) discounttotalsales,
sum(discountretailprice) discountretailprice,
sum(discountaprice) discountaprice,
sum(memberamount) memberamount,
sum(membertotalsales) membertotalsales,
sum(memberretailprice) memberretailprice,
sum(memberaprice) memberaprice,
sum(normalreserveamount)
normalreserveamount,
sum(discountreserveamount)
discountreserveamount
from
shopweeksaleswk
where
salesdate between :begindate and :enddate
group by shopcode, JAN
union all
select
a.shopcode,
a.JAN,
min(a.pricewiotax) lowestestprice,
- max(a.pricewiotax) highestprice,
sum(a.amount) amount,
sum(a.totalsales) totalsales,
sum(a.retailprice) retailprice,
sum(a.aprice) aprice,
sum(a.normalamount) normalamount,
sum(a.normaltotalsales) normaltotalsales,
sum(a.normalretailprice) normalretailprice,
sum(a.normalaprice) normalaprice,
sum(a.discountamount) discountamount,
sum(a.discounttotalsales) discounttotalsales,
sum(a.discountretailprice) discountretailprice,
sum(a.discountaprice) discountaprice,
sum(a.memberamount) memberamount,
sum(a.membertotalsales) membertotalsales,
sum(a.memberretailprice) memberretailprice,
sum(a.memberaprice) memberaprice,
sum(a.normalreserveamount)
normalreserveamount,
sum(a.discountreserveamount)
discountreserveamount
from (
select
p.shopcode,
substr(p.makedate, 1, 8) salesdate,
p.JAN,
p.pricewiotax,
p.amount amount,
trunc(p.amount * p.pricewiotax)
totalsales,
trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice))
retailprice,
decode(decode
(p.discountcode, '000000',
p.retailprice,
p.discountretailprice), 0, 0,
trunc(p.amount * p.pricewiotax) -
trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice)))
aprice,
decode(p.discountcode, '000000',
p.amount, 0) normalamount,
decode(p.discountcode, '000000',
trunc(p.amount * p.pricewiotax), 0)
normaltotalsales,
decode(p.discountcode, '000000',
trunc(p.amount * p.totalsales), 0)
normalretailprice,
decode(p.totalsales, 0, 0, decode
(p.discountcode, '000000',
trunc(p.amount * p.pricewiotax) -
trunc(p.amount * p.retailprice), 0))
normalaprice,
decode(p.discountcode, '000000', 0,
p.amount) discountamount,
decode(p.discountcode, '000000', 0,
trunc(p.amount * p.pricewiotax))
discounttotalsales,
decode(p.discountcode, '000000', 0,
trunc(p.amount *
p.discountretailprice))
discountretailprice,
decode(p.discountretailprice, 0, 0,
decode(p.discountcode, '000000', 0,
trunc(p.amount * p.pricewiotax)
trunc(p.amount *
p.discountretailprice))) discountaprice,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then p.amount else 0 end
memberamount,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then trunc(p.amount * p.pricewiotax)
else 0 end membertotalsales,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554') then
trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice,
p.discountretailprice)) else 0 end
memberretailprice,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554') then
decode(decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice),
0, 0,
trunc(p.amount * p.pricewiotax) -
trunc(p.amount * decode
(p.discountcode,'000000',
p.retailprice, p.discountretailprice)))
else 0 end memberaprice,
decode(p.discountcode, '000000',
decode(p.discountsec, '07',
p.amount, 0), 0)
normalreserveamount,
decode(p.discountcode, '000000', 0,
decode(p.discountsec, '07',
p.amount, 0)) discountreserveamount
from shopweeksaleswk p
where p.salesdate between :begindate
and :enddate
and p.makedate not between
:begindate|| '000000 '
and :enddate|| '000000 '
) a
group by a.shopcode, a.JAN
union all
select
a.shopcode,
a.JAN,
min(a.pricewiotax) lowestestprice,
max(a.pricewiotax) highestprice,
sum(a.amount) amount,
sum(a.totalsales) totalsales,
sum(a.retailprice) retailprice,
sum(a.aprice) aprice,
sum(a.normalamount) normalamount,
sum(a.normaltotalsales) normaltotalsales,
sum(a.normalretailprice) normalretailprice,
sum(a.normalaprice) normalaprice,
sum(a.discountamount) discountamount,
sum(a.discounttotalsales) discounttotalsales,
sum(a.discountretailprice) discountretailprice,
sum(a.discountaprice) discountaprice,
sum(a.memberamount) memberamount,
sum(a.membertotalsales) membertotalsales,
sum(a.memberretailprice) memberretailprice,
sum(a.memberaprice) memberaprice,
sum(a.normalreserveamount)
normalreserveamount,
sum(a.discountreserveamount)
discountreserveamount
from (
select
p.shopcode,
substr(p.makedate, 1, 8) salesdate,
p.JAN,
p.pricewiotax,
p.amount *- 1 amount,
trunc(p.amount * p.pricewiotax) *- 1
totalsales,
trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice)) *-
1 retailprice,
decode(decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice),
0, 0,
trunc(p.amount * p.pricewiotax) -
trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice))) *-
1 aprice,
decode(p.discountcode, '000000',
p.amount, 0) *- 1 normalamount,
decode(p.discountcode, '000000',
trunc(p.amount * p.pricewiotax), 0) *
- 1 normaltotalsales,
decode(p.discountcode, '000000',
trunc(p.amount * p.retailprice), 0) *
- 1 normalretailprice,
decode(p.retailprice, 0, 0, decode
(p.discountcode, '000000',
trunc(p.amount * p.pricewiotax) -
trunc(p.amount * p.retailprice), 0)) *- 1
normalaprice,
decode(p.discountcode, '000000', 0,
p.amount) *- 1 discountamount,
decode(p.discountcode, '000000', 0,
trunc(p.amount * p.pricewiotax)) *
- 1 discounttotalsales,
decode(p.discountcode, '000000', 0,
trunc(p.amount *
p.discountretailprice)) *- 1
discountretailprice,
decode(p.discountretailprice, 0, 0,
decode(p.discountcode, '000000', 0,
trunc(p.amount * p.pricewiotax) -
trunc(p.amount *
p.discountretailprice))) *- 1
discountaprice,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then p.amount *- 1 else 0 end
memberamount,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then trunc(p.amount * p.pricewiotax) *- 1 else 0 end membertotalsales,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then trunc(p.amount * decode
(p.discountcode, '000000',
p.retailprice, p.discountretailprice)) *-
1 else 0 end memberretailprice,
case when substr(p.cardnumber,
1, 7) in
('4986428', '4986429', '4986554')
then decode(decode
(p.discountcode, '000000',
p.retailprice,
p.discountretailprice), 0, 0,
trunc(p.amount * p.pricewiotax) -
trunc(p.amount *
decode(p.discountcode,'000000',
p.retailprice, p.discountretailprice))) *
- 1 else 0 end memberamount,
decode(p.discountcode, '000000',
decode(p.discountsec, '07',
p.amount, 0), 0)*
-1 normalreserveamount,
decode(p.discountcode, '000000', 0,
decode(p.discountsec, '07',
p.amount, 0))*
-1 discountreserveamount
from shopweeksaleswk p
where p.salesdate not between :begindate
and :enddate
and p.makedate
between :begindate|| '000000 '
and :enddate|| '000000 '
) a
group by a.shopcode, a.JAN
) m
using (shopcode,JAN)
where
and h.lowestestprice != m.lowestestprice
or h.highestprice != m.highestprice
(h.amount != m.amount
or h.totalsales != m.totalsales
or h.aprice != m.aprice
or h.normalamount != m.normalamount
or h.normaltotalsales != m.normaltotalsales
or h.normalretailprice != m.normalretailprice
or h.normalaprice != m.normalaprice
or h.discountamount != m.discountamount
or h.discounttotalsales != m.discounttotalsales
or h.discountretailprice != m.discountretailprice
or h.discountaprice != m.discountaprice
or h.memberamount != m.memberamount
or h.membertotalsales != m.membertotalsales
or h.memberretailprice != m.memberretailprice
or h.memberaprice != m.memberaprice
or h.normalreserveamount != m.normalreserveamount
or h.discountreserveamount != m.discountreserveamount)
order by shopcode, JAN ; -
SSL certificate issue with WLS 10.3
Hi All,
I am facing this issue with my WLS cluster.
<21-Apr-2010 10:42:00 o'clock BST> <Warning> <Security> <BEA-090482> <BAD_CERTIF
ICATE alert was received from system.core.com - 10.15.135.30.
Check the peer to determine why it rejected the certificate chain (trusted CA co
nfiguration, hostname verification). SSL debug tracing may be required to determ
ine the exact reason the certificate was rejected.>
<21-Apr-2010 10:42:00> <Warning> <Uncaught exception in server handler: javax.ne
t.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from
system.core.com - 10.15.135.30. Check the peer to determine wh
y it rejected the certificate chain (trusted CA configuration, hostname verifica
tion). SSL debug tracing may be required to determine the exact reason the certi
ficate was rejected.>
Please suggest. I have also tried the below settings.
Node Manager:
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
Many thanks in advance.Hi Sandip,
I am facing this issue right after when I have configured the listen address to my system IP in Machine(NodeManager), earlier it was "localhost".
Also I have tried to generate the certificates e.g.
C:\bea\wlserver_10.3\server\bin>java utils.CertGen -cn system.core.com -keyfilepass DemoIdentityPassPhr
ase -certfile mycertificate -keyfile .keystore
Generating a certificate with common name system.core.com and key strength 1024
issued by CA with certificate from C:\bea\WLSERV~1.3\server\lib\CertGenCA.der file and key from C:\bea\WLSERV~1.3\server
\lib\CertGenCAKey.der file
C:\bea\wlserver_10.3\server\bin>java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePa
ssPhrase -keyfile .keystore.pem -keyfilepass DemoIdentityPassPhrase -certfile mycertificate.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
Imported private key .keystore.pem and certificate mycertificate.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
Tried the above but not wokring. Please advise.
Edited by: R Vashi on 21-Apr-2010 03:38 -
SSL Certificate Mismatch with AnyConnect client
Hello,
We are having a problem with the AnyConnect client when connecting to our VPN. We are running the following:
AnyConnect v2.4.0202
(2 each) ASA v8.2(1) -- active/standby failover
AnyConnect Essentials Licensing
NOTE: We are not using certificates for authentication.
Primary clients: Windows XP and Windows 7
Problem
We have purchased an Entrust certificate for our ASA failover cluster called "vpn.company.com" and the it is attached to the outside interface on the ASA.
Steps to Reproduce
Install the AnyConnect (AC) client via https://vpn.company.com/. Connection occurs here without issue.
Once the AC client is installed and we try to use it in stand-alone mode (i.e., w/o hitting the ASA w/ a browser), a certificate mismatch occurs, and AC brings up the Windows/IE Security Alert dialog (see attachment CertError.jpg).
The user must press Yes to bypass mismatch.
PROBLEM: On Windows 7, the user must have administrative privileges and run the AC client as administrator -- otherwise, they get a dialog saying "Unable to establich VPN" (see attachment Unable.jpg).
The issue is we have a valid certificate that should be used for the connection. However, when looking at the connections made by the AC client with Fiddler, it would appear that the AC client is trying to connect directly to the ASA's IP address, and not the name. This is a nuisance for XP users, and a show-stopper for Win7 users as they do not have admin privileges.
I have not been able to find any documentation on Cisco.com relating to this issue. In short, how do I get the AC client to use "vpn.company.com" so there is no Cert mismatch?
Thanks,
-MattTim,
I will read through the article more thoroughly; I've already been through parts of it -- won't hurt to go through again. I did initially have the IP address in my XML file, and immediately removed it when I noticed that it was using the IP address in the FIddler dump. It hasn't had any effect unfortunately -- even with uninstalling and re-installing the AC client locally.
The only other article/post I've come across on Cisco's site that comes close is here:
Cisco Support Community: ASA VPN Load Balancing/Clustering with Digital Certificates Deployment Guide
which seems to suggest that I will need a UCC certificate (which seems ridiculous) to do some of what I need to do. However the issue with that post is that it still wouldn't fix the issue where the AC client is using the IP address.
I will let you know if I find any smoking guns in the doco link you sent. Any other thoughts appreciated. I can't believe Cisco made the setup of the AC client this convoluted.
Thanks!
-Matt -
SSL Certificate problem with WL 5.1
"We are still using WLServer 5.1 SP12
I just installed a new certificate (request generated with WL, signed by our 'local' CA)
I always get the following message:
Do Okt 10 15:17:25 CEST 2002:<I> <WebLogicServer> Loaded License : /apps/weblogic/license/WebLogicLicense.xml
Do Okt 10 15:17:25 CEST 2002:<I> <WebLogicServer> Server loading from weblogic.class.path. EJB redeployment enabled.
java.lang.StringIndexOutOfBoundsException: String index out of range: 15
at java.lang.String.charAt(String.java:506)
at weblogic.security.ASN1.ASN1Utils.parseDateInt(ASN1Utils.java:300)
at weblogic.security.ASN1.ASN1Utils.inputASN1Date(ASN1Utils.java:292)
at weblogic.security.X509.input(X509.java:118)
at weblogic.security.X509.initialize(X509.java:64)
at weblogic.security.Certificate.<init>(Certificate.java:54)
at weblogic.security.X509.<init>(X509.java:44)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:207)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:318)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:238)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1245)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:879)hi
Did you solved it?
If it is may i know how you solved it
thanks -
Installing Valid SSL Certificate for Agent Reskilling Tool
Has anyone done this? I'm looking for documentation and can't find anything. There's documentation for UCM/CUIC, but nothing for agent reskilling. The Cisco Security Best Practices seems to just gloss over this subject and not really provide any good data.
davidHi David, I recently tried to do this and I think I figured out a solution. This is on ICM 8.5(4). Let me know if this works for you.
Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Uninstall. Close SSL Encryption Utility.
Create Certificate request in IIS Manager.
Complete Certificate request in IIS Manager.
Export Certificate in IIS to c:\icm\ssl\[yourfile.pfx]. Remember password you use.
Open command prompt
Cd c:\icm\ssl\bin
Openssl.exe
pkcs12 -in c:\icm\ssl\[yourfile.pfx] -nocerts -out keyfile-encrypted.key
pkcs12 -in c:\icm\ssl\[yourfile.pfx] -clcerts -nokeys -out [host.crt]
Exit
Copy c:\icm\ssl\bin\host.crt to c:\icm\ssl (overwrite if necessary)
Copy c:\icm\ssl\bin\keyfile-encrypted.key to c:\icm\ssl (overwrite if necessary)
Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Install. Click no when it asks to create a new certificate. Close SSL Encryption Utility. I got one error but certificate imported successfully.
Verify by going to https:///reskill
Openssl commands taken from http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/ -
FWSM Failover - Possible with different hardware versions?
Hi, I need to replace a FWSM module currently running as the primary unit in a failover configuration installed in two 6509s. The replacement FWSM module is a newer hardware version than the current module it is to replace. Obviously I will ensure the same IOS and licenses are installed on the new module but will having a difference in the hardware versions affect the failover configuration?
The faulty module being replaced has the following hardware config:
HW 3.0
FW 7.2(1)
The replacement module has the following config:
HW 4.2
FW 7.2(1)
Thanks in advance for any help..Daniel, this is a good question for TAC. I do not see any ducumentation on FWSM requiering to be same Hardware version, the failover requires same code and you are correct on that one. I don't think hardware version diferences may affect failover, I would suggest to have it cleared by TAC.
Jorge -
Hi all,
I had to upgrade my production server from 4.1 to 6.0sp4. The server was also different as we can't afford any big down-time. I couldn't find any iWS related proper documentation for SSL certificate migration between different servers, so I did a hack and copied the cert7.db and key3 db manually and renamed it as expected...
I was never sure if I was doing right.... BUT IT WORKED :-)
Now after setting up live server for a months, I am getting complains about certificate errors and/or warnings from various customers. In all cases there is a problem coz of 'ancient' browsers (like lesser than IE5 or NS4.7). Any mordern browser is working perfectly (including my favorite Opera). And customers are happy again coz site is working fine after browser upgrade. But my concern is:
HAVE I DONE ANYTHING WRONG IN SSL MIGRATION OR ITZ JUST iWS 6.0's PROBLEM?
Any info / suggestion will be highly appreciated.
Thanx.There isn't enough information for me to be certain, but I suspect the errors are unrelated to anything on the server side. The most likely explanation is that the ancient browsers have an expired root CA cert for the CA that signed your certificate. Upgrading either the browser or the browser's root CA certs would address the problem.
Copying the trust database files from iWS 4.1 to iWS 6.0 is safe. -
Jcontrol.exe not starting after creating ssl certificate
hi,
Iu00B4ve got a netweaver AS Java (only) 640 SP19. I tried to create a SSL certificate (Test) with visual admin and after importing "getCert" i wanted to restart the SAP-System. The problem is that jcontrol.exe has not been started and stayed grey (status: stopped).
Hereu00B4s a part of the dev-trace:
[Thr 3796] Thu Nov 20 16:17:36 2008
[Thr 3796] *** ERROR => invalid return code of process [bootstrap_ID103537200] (exitcode=-2) [jstartxx.c 1465]
[Thr 3796] JControlExecuteBootstrap: error executing bootstrap node [bootstrap_ID103537200] (rc=-2)
[Thr 3796] JControlExecuteBootstrap: execute bootstrap process [bootstrap_ID103537250]
[Thr 3796] INFO: Unknown property [JLaunchParameters=]
[Thr 3796] [Node: server0 bootstrap] java home is set by profile parameter
Java Home: D:\apps\j2sdk1.4.2_17-x64
dev_bootstrap:
trc file: "D:\usr\sap\CCM\JC10\work\dev_bootstrap", trc level: 1, release: "640"
node name : bootstrap
pid : 1992
system name : CCM
system nr. : 10
started at : Thu Nov 20 16:17:32 2008
arguments :
arg[00] : D:\usr\sap\CCM\JC10/j2ee/os_libs/jlaunch.exe
arg[01] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
arg[02] : -DSAPINFO=CCM_10_bootstrap
arg[03] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
[Thr 3736] Thu Nov 20 16:17:32 2008
[Thr 3736] INFO: Unknown property [box.number=CCMJC10iswdmz5]
[Thr 3736] INFO: Unknown property [ms.host=iswdmz5]
[Thr 3736] INFO: Unknown property [ms.port=3611]
[Thr 3736] INFO: Unknown property [system.id=10]
JStartupReadInstanceProperties: read instance properties [D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties]
-> ms host : iswdmz5
-> ms port : 3611
-> OS libs : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> Admin URL :
-> run mode : NORMAL
-> run action : NONE
-> enabled : yes
Used property files
-> files [00] : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
Instance properties
-> ms host : iswdmz5
-> ms port : 3611
-> os libs : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> admin URL :
-> run mode : NORMAL
-> run action : NONE
-> enabled : yes
Bootstrap nodes
-> [00] bootstrap : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [01] bootstrap_ID10353720 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [02] bootstrap_ID10353725 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID103537200 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [01] ID103537250 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
[Thr 3736] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 3736] JLaunchRequestQueueInit: create pipe listener thread
[Thr 3564] JLaunchRequestFunc: Thread 3564 started as listener thread for np messages.
[Thr 3732] WaitSyncSemThread: Thread 3732 started as semaphore monitor thread.
[Thr 3736] NiInit2: NI already initialized; param 'maxHandles' ignored
[Thr 3736] [Node: bootstrap] java home is set by profile parameter
Java Home: D:\apps\j2sdk1.4.2_17-x64
JStartupIReadSection: read node properties [bootstrap]
-> node name : bootstrap
-> node type : bootstrap
-> node execute : yes
-> java path : D:\apps\j2sdk1.4.2_17-x64
-> java parameters : -Djco.jarm=1 -Djco.jarm=1
-> java vm version : 1.4.2_17-b06
-> java vm vendor : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type : server
-> java vm cpu : amd64
-> heap size : 128M
-> root path : D:\usr\sap\CCM\JC10\j2ee\cluster
-> class path : .\bootstrap\launcher.jar
-> OS libs path : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> main class : com.sap.engine.offline.OfflineToolStart
-> framework class : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path : D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar
-> parameters : com.sap.engine.bootstrap.Bootstrap ./bootstrap ID1035372
-> debuggable : yes
-> debug mode : no
-> debug port : 60000
-> shutdown timeout: 120000
[Thr 3704] JLaunchIStartFunc: Thread 3704 started as Java VM thread.
JHVM_LoadJavaVM: VM Arguments of node [bootstrap]
-> stack : 2097152 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: -Denv.class.path=d:\apps\SAPJCo\sapjco.jar
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -Djco.jarm=1
-> arg[ 5]: -Dsys.global.dir=D:\usr\sap\CCM\SYS\global
-> arg[ 6]: -Dapplication.home=D:\usr\sap\CCM\JC10\j2ee\os_libs
-> arg[ 7]: -Djava.class.path=D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar;.\bootstrap\launcher.jar
-> arg[ 8]: -Djava.library.path=D:\apps\j2sdk1.4.2_17-x64\jre\bin\server;D:\apps\j2sdk1.4.2_17-x64\jre\bin;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\j2ee\os_libs;D:\usr\sap\Python\.;d:\sapdb\programs\bin;d:\sapdb\programs\pgm;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\SharedComponents\ScanEngine;C:\Program Files\CA\SharedComponents\CAUpdate\;C:\Program Files\CA\SharedComponents\ThirdParty\;C:\Program Files\CA\SharedComponents\SubscriptionLicense\;C:\Program Files\CA\eTrustITM;D:\apps\SAPJCo;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\exe;D:\usr\sap\CCM\SYS\exe\run
-> arg[ 9]: -Dmemory.manager=128M
-> arg[ 10]: -Xmx128M
-> arg[ 11]: -DLoadBalanceRestricted=no
-> arg[ 12]: -Djstartup.mode=BOOTSTRAP
-> arg[ 13]: -Djstartup.ownProcessId=1992
-> arg[ 14]: -Djstartup.ownHardwareId=D2128917885
-> arg[ 15]: -Djstartup.whoami=bootstrap
-> arg[ 16]: -Djstartup.debuggable=yes
-> arg[ 17]: -DSAPINFO=CCM_10_bootstrap
-> arg[ 18]: -DSAPSTARTUP=1
-> arg[ 19]: -DSAPSYSTEM=10
-> arg[ 20]: -DSAPSYSTEMNAME=CCM
-> arg[ 21]: -DSAPMYNAME=iswdmz5_CCM_10
-> arg[ 22]: -DSAPDBHOST=
-> arg[ 23]: -Dj2ee.dbhost=iswdmz5
[Thr 3704] JHVM_LoadJavaVM: Java VM created OK.
JHVM_BuildArgumentList: main method arguments of node [bootstrap]
-> arg[ 0]: com.sap.engine.bootstrap.Bootstrap
-> arg[ 1]: ./bootstrap
-> arg[ 2]: ID1035372
[Thr 3708] Thu Nov 20 16:17:34 2008
[Thr 3708] JLaunchIExitJava: exit hook is called (rc=0)
[Thr 3708] JLaunchCloseProgram: good bye (exitcode=0)
and the jvm_bootstrap.out:
Bootstrap MODE:
<INSTANCE GLOBALS>
determined by parameter [ID1035372].
Missing RunningMode property - runningin NORMAL mode.
Instance [ID1035372] will run in [NORMAL] mode, performing action [NONE]
Discovered property [instance.en.port] with value [3211] !
Discovered property [instance.en.host] with value [iswdmz5] !
Synchronizing file [.\.hotspot_compiler].
...Synched ok!
Synchronizing file [..\..\SDM\program\.hotspot_compiler].
...Synched ok!
Synch time: 922 ms
I hope this is enough information. Before importing the certificate from the SAP Support Portal the AS Java runned perfectly.
regards
Tobias NagelAdditional information:
When I deactivate SSL by switching from automatic starting to manual starting in the configtool the jcontrol.exe process starts without any errors. -
Is it possible to use single ssl certificate for multiple server farm with different FQDN?
Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
WaliullahIf you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean -
Problem with OAS Instance Name y Host Name to create trial ssl certificate
Hi, everyone
I have a problem when creating a trial ssl certificate from Verisign page, affer a live assistance, that page rejected my CSR generated from OAS, saying thay my common name has invalid characters.
My Oracle Application Server installation name: Instance.HostName is:
IAS_IND01.ind-internet
So, Verisign told me this name can't contain "_" or "-" characters for example.
I need to know if it's possible to change the instance name and if OAS host name changes also if i change server's host name.
I wouldn't like to reinstall all over again.
Please help.
Regards
DavidHi,
No your AS server will not automatic. even if you change your host name.
If U 'll try to change your host name, be carefull when U 'll try to start you AS instacne
it ' not start anymore , AS user hosts fill to get full quallified name of your host.
U 've two choices
-1 delete your AS, then change your hosts name, then new installtion of AS
2- If U 've exprience with AS, just breng your AS down, change your hosts name,
U 'll need to do some changes in your AS, just read admininstrator Guide.
Cheers,
Hamdy -
Securing RDS with SSL certificate
Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?
Hi,
I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2??? -
Ssl-handshake fails with scandinavian chars in client certificate
Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----
Maybe you are looking for
-
Gestures no longer work in iTunes 10.4 (80)
Can you folks confirm the following please? In previous vesions of iTunes I could go back and forth by simply swiping 2 fingers similar to navigating in Safari. With Lion back/forth is done with 1 finger alas iTunes does not respond to 1 or 2 fingers
-
URGENT : Really need Nokia's help on this one... A...
Good day! I am using my Nokia N70-1 for both of my personal and business matters. This morning, I saw a warning on my phone regarding an operation it couldn't process: It goes like this: "Telephone: Not enough memory to perform operation. Delete some
-
Transport Request Between Server
Dear All, I did request from One client to Other client in Same Server. Its working fine. But I don't know, How to transport Request between One server ( QTY ) to Another Server ( DEV ). Let me know. Edited by: thomas_raja on May 30, 2011 4:08 PM
-
Restrict Component in a BOM from Planning
HI Techies, I have a specific requirement where my client uses Phantom as a component in BOM and they are materials which does not require to be planned for the Components of the Phantom too. They had the flexilibility of using them with Qty = 0 in o
-
can anybody help out with this?? once i click on a OK button, the input that was put in will be dispalyed but how do i add more text that was not inputed? any help pls???