SSL Help
I'm out of ideas on how to get SSL up and running.
I ran the SSL file generation servlet and sent the reqest to Verisign. The
servlet generated a www_domain_com-key.der file. Verisign sent back a
cert.cer file which I renamed to cert.pem. I downloaded (copied/pasted)
Verisign's intermediate CA from here
http://www.verisign.com/support/install/intermediate.html and named it
verisignCA.pem.
I've tried using utils.der2pem and utils.pem2der to make all of the files
the same type. Regardless of what I'm using I keep getting this error. Any
ideas?
<Apr 23, 2002 10:16:34 AM EDT> <Info> <WebLogicServer> <Loaded License :
/u01/bea_dev2/license.bea>
<Apr 23, 2002 10:16:34 AM EDT> <Info> <WebLogicServer> <License allows low
strength (export) SSL.>
<Apr 23, 2002 10:16:34 AM EDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException: Incorrect
block length 125 (modulus length 128) possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
<Apr 23, 2002 10:16:34 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.IOException: Inconsistent security
configuration,weblogic.security.AuthenticationException: Incorrect block
length 125 (modulus length 128) possibly incorrect
SSLServerCertificateChainFileName set for this server certificate.>
Thanks,
Eric
Exporting from my browser worked. Thanks.
"kirann" <[email protected]> wrote in message
news:[email protected]..
hi,
try extracting the root ca cert from the intermediate chain.. you can do
that by importing in to IE and export back ony the root ca.
and specify the root ca in the weblogic server's ca filename.
thanks
kiran
"Eric F" <[email protected]> wrote in message
news:3cc571ac$[email protected]..
I'm out of ideas on how to get SSL up and running.
I ran the SSL file generation servlet and sent the reqest to Verisign.The
servlet generated a www_domain_com-key.der file. Verisign sent back a
cert.cer file which I renamed to cert.pem. I downloaded (copied/pasted)
Verisign's intermediate CA from here
http://www.verisign.com/support/install/intermediate.html and named it
verisignCA.pem.
I've tried using utils.der2pem and utils.pem2der to make all of the
files
the same type. Regardless of what I'm using I keep getting this error.Any
ideas?
<Apr 23, 2002 10:16:34 AM EDT> <Info> <WebLogicServer> <Loaded License :
/u01/bea_dev2/license.bea>
<Apr 23, 2002 10:16:34 AM EDT> <Info> <WebLogicServer> <License allows
low
strength (export) SSL.>
<Apr 23, 2002 10:16:34 AM EDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:Incorrect
block length 125 (modulus length 128) possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
<Apr 23, 2002 10:16:34 AM EDT> <Info> <Security> <Not listening for SSL,
java.io.IOException: Inconsistent security
configuration,weblogic.security.AuthenticationException: Incorrect block
length 125 (modulus length 128) possibly incorrect
SSLServerCertificateChainFileName set for this server certificate.>
Thanks,
Eric
Similar Messages
-
Securing SQL Server 2012 Azure VM with SSL - Help!!!
Hello all,
I am trying to encrypt with SSL my SQL server 2012 Azure VM; I have created the cert and I can see it in cert mgr but when I go to SQL config MGR -protocols for MSSQLSERVER to setup the encryption, the certificate tab contains no certificates :(
this is so annoying please can someone help me with this?
Thanks so much,
BN.Also, I am getting the following error whilst connecting to the Azure VM client side via SQL management studio:
“The certificate chain was issued by an authority that is not trusted”
I can get around this by specifying "TrustServerCertificate=True" in the connection string; what is causing this and should I be alarmed? can this be resolved?
Hi ,
According to your error message, When the SQL Server instance has only a self-signed certificate, the encrypt property is set to true and the trustServerCertificate property is set to true. There is an similar issue about SqlException (0x80131904), you can
review the following post.
http://stackoverflow.com/questions/17615260/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-conn
In addition, there is detail about writing secure connection strings for SQL Database in Windows Azure, you can review it.
http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx
Regards,
Sofiya Li
Sofiya Li
TechNet Community Support -
SSL Help required : using JDeveloper
I am using a single self signed certificate created using keytool on both the client and server end. (i.e. the same keystore as the truststore and keystore as well as the same on the client and the server)
Tried this sample code to fetch the WSDL of my webservice in JDeveloper. Successfully did this.
===========================================================
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import javax.security.cert.X509Certificate;
import oracle.security.ssl.OracleSSLCredential;
import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
public class SSLSocketClientWithClientAuth {
public static void main(String[] args) {
if (args.length < 4) {
System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
"[wallet] [password]");
System.exit(-1);
String hostname = args[0].toLowerCase();
int port = Integer.decode(args[1]).intValue();
String walletPath = args[2];
String password = args[3];
HTTPConnection httpsConnection = null;
OracleSSLCredential credential = null;
try {
httpsConnection = new HTTPConnection("https", hostname, port);
} catch (IOException e) {
System.out.println("HTTPS Protocol not supported");
System.exit(-1);
try {
credential = new OracleSSLCredential();
credential.setWallet(walletPath, password);
} catch (IOException e) {
System.out.println("Could not open wallet");
System.exit(-1);
httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_RC4_128_SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA","SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_DES_CBC_SHA","SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"});
// httpsConnection.setSSLCredential(credential);
System.out.println("Set credentials and cipher suite");
try {
httpsConnection.connect();
System.out.println("Connected!!!!!");
} catch (IOException e) {
System.out.println("Could not establish connection");
e.printStackTrace();
System.exit(-1);
//javax.servlet.request.
X509Certificate[] peerCerts = null;
/* try {
SSLSession sslSession = httpsConnection.getSSLSession();
System.out.println("Getting session.........");
httpsConnection.connect();
}catch(Exception e){
e.printStackTrace();
System.out.println("null Getting session.........");
System.exit(-1);
try{
peerCerts =
(httpsConnection.getSSLSession()).getPeerCertificateChain();
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
System.err.println("Unable to obtain peer credentials");
e.printStackTrace();
System.exit(-1);
String peerCertDN =
peerCerts[peerCerts.length - 1].getSubjectDN().getName();
peerCertDN = peerCertDN.toLowerCase();
if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
System.out.println("Certificate for " + hostname +
" is issued to " + peerCertDN);
System.out.println("Aborting connection");
System.exit(-1);
try {
HTTPResponse rsp = httpsConnection.Get("/spmlws/HttpSoap11?wsdl");
System.out.println("Server Response: ");
System.out.println(rsp.getText());
System.out.println("Server Response: ");
System.out.println(rsp.getText());
} catch (Exception e) {
System.out.println("Exception occured during Get");
e.printStackTrace();
System.exit(-1);
=====================================================
But on using the client proxy generated for my webservice using JDeveloper and then setting the system properties such as
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
I get the following exception:
<MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
]]></SUPPL_DETAIL>
Please can anybody help me with this!!!!
Thanks in advance
NileshHi,
Try the following.
String_arctest model = new String_arctest();
ReturnTestString str=new ReturnTestString(model);
str.setArg1("HalloWelt");
Request_ReturnTestString req=new Request_ReturnTestString(model);
req.addReturnTestString(str);
wdContext.nodeRequest_ReturnTestString().bind(req);
wdContext.nodeRequest_ReturnTestString()
.currentRequest_ReturnTestStringElement().modelObject().execute();
wdContext.nodeResponse().invalidate();
wdContext.nodeResponse().nodeReturnTestStringResponse().invalidate();
Regards, Anilkumar -
SSL help required : urgent !!!
I have been trying to setup OC4J in 2 way SSL mode for a couple of days but have been facing some issues with it.
I see these some errors when I access it from IE
<MSG_TEXT>Exception in SelectionKey cancel</MSG_TEXT>
<SUPPL_DETAIL><![CDATA[java.lang.NullPointerException
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.closeIdleHandler(ServerSocketAcceptHandler.java:583)
at oracle.oc4j.network.ServerSocketAcceptHandler$IdleHandlers.expireHandlers(ServerSocketAcceptHandler.java:604)
at oracle.oc4j.network.ServerSocketAcceptHandler.selectorThreadHouseKeeping(ServerSocketAcceptHandler.java:217)
at oracle.oc4j.network.NIOServerSocketDriver.selfHouseKeeping(NIOServerSocketDriver.java:129)
at oracle.oc4j.network.NIOServerSocketDriver.run(NIOServerSocketDriver.java:149)
at com.evermind.server.http.HttpConnectionListener.run(HttpConnectionListener.java:294)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
at java.lang.Thread.run(Thread.java:595)
]]></SUPPL_DETAIL>
Could anybody help me with this!!! Provide me appropriate pointers for setting up OC4J in 2 way SSL mode. I have been searching for documents but have not been able to find it.
I would also like to send the certificate programatically so is there any sample code available for that.
Thanks in advance.....
NileshThanks for the prompt reply. I have another difficulty see if you can help
This is the output that is generated in the JDeveloper console on running the example from b14429.pdf (OC4J guide). Examle :
====================================================
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import javax.security.cert.X509Certificate;
import oracle.security.ssl.OracleSSLCredential;
import java.io.IOException;
import javax.net.ssl.SSLPeerUnverifiedException;
public class SSLSocketClientWithClientAuth {
public static void main(String[] args) {
if (args.length < 4) {
System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
"[wallet] [password]");
System.exit(-1);
String hostname = args[0].toLowerCase();
int port = Integer.decode(args[1]).intValue();
String walletPath = args[2];
String password = args[3];
HTTPConnection httpsConnection = null;
OracleSSLCredential credential = null;
try {
httpsConnection = new HTTPConnection("https", hostname, port);
} catch (IOException e) {
System.out.println("HTTPS Protocol not supported");
System.exit(-1);
try {
credential = new OracleSSLCredential();
credential.setWallet(walletPath, password);
} catch (IOException e) {
System.out.println("Could not open wallet");
System.exit(-1);
httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"});
httpsConnection.setSSLCredential(credential);
try {
httpsConnection.connect();
} catch (IOException e) {
System.out.println("Could not establish connection");
e.printStackTrace();
System.exit(-1);
// X509Certificate x509 = new X509Certificate();
//javax.servlet.request.
X509Certificate[] peerCerts = null;
try {
peerCerts =
(httpsConnection.getSSLSession()).getPeerCertificateChain();
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
System.err.println("Unable to obtain peer credentials");
e.printStackTrace();
System.exit(-1);
String peerCertDN =
peerCerts[peerCerts.length - 1].getSubjectDN().getName();
peerCertDN = peerCertDN.toLowerCase();
if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
System.out.println("Certificate for " + hostname +
" is issued to " + peerCertDN);
System.out.println("Aborting connection");
System.exit(-1);
try {
HTTPResponse rsp = httpsConnection.Get("/");
System.out.println("Server Response: ");
System.out.println(rsp);
} catch (Exception e) {
System.out.println("Exception occured during Get");
e.printStackTrace();
System.exit(-1);
================================================================
C:\j2sdk1.4.2_09\bin\javaw.exe -client -classpath "D:\eclipse\workspace\OC4JClient\OC4JClient\classes;D:\eclipse\workspace\jdev\extensions\.jar;C:\Documents and Settings\nilesh_bafna\Desktop\Nitin\lib\jssl-1_1.jar;E:\product\10.1.3.1\OracleAS_1\j2ee\home\lib\http_client.jar;E:\product\10.1.3.1\OracleAS_1\jlib\javax-ssl-1_1.jar" -Djava.protocol.handler.pkgs=HTTPClient -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.keyStorePassword=welcome1 -Djavax.net.ssl.trustStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.trustStorePassword=welcome1 -DOracle.ssl.defaultCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SSLSocketClientWithClientAuth ps4372.persistent.co.in 443 F:/oc4jcert/client.keystore welcome1
keyStore is : F:/oc4jcert/client.keystore
keyStore type is : jks
init keystore
init keymanager of type SunX509
found key for : oracle-client
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
To: Wed Apr 18 21:18:14 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af96be]
Algorithm: [MD5withRSA]
Signature:
0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
trustStore is: F:\oc4jcert\client.keystore
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Algorithm: RSA; Serial number: 0x45af96be
Valid from Thu Jan 18 21:18:14 GMT+05:30 2007 until Wed Apr 18 21:18:14 GMT+05:30 2007
adding as trusted cert:
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Algorithm: RSA; Serial number: 0x45af95dc
Valid from Thu Jan 18 21:14:28 GMT+05:30 2007 until Wed Apr 18 21:14:28 GMT+05:30 2007
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1152299454 bytes = { 41, 212, 166, 48, 109, 77, 185, 232, 204, 95, 158, 141, 60, 96, 196, 172, 49, 19, 49, 22, 222, 234, 47, 76, 27, 130, 5, 176 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 839
*** ServerHello, TLSv1
RandomCookie: GMT: 1152299454 bytes = { 206, 186, 162, 116, 179, 72, 44, 198, 189, 25, 70, 227, 170, 235, 83, 186, 152, 49, 194, 222, 248, 3, 191, 170, 248, 95, 134, 35 }
Session ID: {69, 175, 178, 190, 47, 141, 131, 115, 241, 226, 39, 29, 241, 65, 235, 165, 57, 40, 52, 85, 68, 85, 68, 84, 108, 141, 1, 125, 193, 191, 158, 208}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
To: Wed Apr 18 21:14:28 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af95dc]
Algorithm: [MD5withRSA]
Signature:
0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
Found trusted certificate:
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
To: Wed Apr 18 21:14:28 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af95dc]
Algorithm: [MD5withRSA]
Signature:
0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US>
*** ServerHelloDone
matching alias: oracle-client
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
To: Wed Apr 18 21:18:14 GMT+05:30 2007]
Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
SerialNumber: [ 45af96be]
Algorithm: [MD5withRSA]
Signature:
0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 236, 206, 185, 158, 75, 201, 230, 16, 170, 40, 193, 70, 188, 134, 36, 134, 14, 20, 191, 121, 246, 8, 7, 2, 137, 66, 166, 10, 185, 246, 104, 154, 27, 82, 161, 133, 11, 130, 11, 130, 71, 84, 155, 165, 239, 227 }
main, WRITE: TLSv1 Handshake, length = 763
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 EC CE B9 9E 4B C9 E6 10 AA 28 C1 46 BC 86 ......K....(.F..
0010: 24 86 0E 14 BF 79 F6 08 07 02 89 42 A6 0A B9 F6 $....y.....B....
0020: 68 9A 1B 52 A1 85 0B 82 0B 82 47 54 9B A5 EF E3 h..R......GT....
CONNECTION KEYGEN:
Client Nonce:
0000: 45 AF B2 BE 29 D4 A6 30 6D 4D B9 E8 CC 5F 9E 8D E...)..0mM..._..
0010: 3C 60 C4 AC 31 13 31 16 DE EA 2F 4C 1B 82 05 B0 <`..1.1.../L....
Server Nonce:
0000: 45 AF B2 BE CE BA A2 74 B3 48 2C C6 BD 19 46 E3 E......t.H,...F.
0010: AA EB 53 BA 98 31 C2 DE F8 03 BF AA F8 5F 86 23 ..S..1......._.#
Master Secret:
0000: CA 5C BA B3 D0 C9 26 A9 3A 06 08 8F 27 2E CE 17 .\....&.:...'...
0010: 93 98 BC DF EF 78 2A 99 DB 3E 50 3B 01 D1 84 5F .....x*..>P;..._
0020: 28 80 CE 7C 7C C1 12 A4 11 F6 33 9B 2E D9 6F BE (.........3...o.
Client MAC write Secret:
0000: 80 FF CE 99 7C 45 4C D8 60 FA 40 79 A2 A4 36 7C .....EL.`[email protected].
Server MAC write Secret:
0000: 2D F1 A0 A8 ED A1 7B DD 89 A5 01 90 43 BF F1 19 -...........C...
Client write key:
0000: E1 3F 33 54 D3 C5 3A 26 4A 41 65 DA AC 44 3B 28 .?3T..:&JAe..D;(
Server write key:
0000: C5 08 52 AE A9 0A 4F D0 AD 54 49 C6 4E 2F 9C 4E ..R...O..TI.N/.N
... no IV for cipher
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 134
main, WRITE: TLSv1 Change Cipher Spec, length = 1
main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
IOException in getSession(): java.net.SocketException: Software caused connection abort: socket write error
Unable to obtain peer credentials
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:56)
Process exited with exit code -1.
=====================================================
I think this is the problem with ciphers. So can anybody please help me with this!!!. This is very urgent!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks in advance
Nilesh -
Interference between mutliple SSLSocket
Hello,
I wrote a client and a server applications using SSLSocket and Channels.
A single communication from client to server is Ok but if a second connection is made by the same client, there is interference between both connection. The first input channel became wordless and bytes sent by server are received by the second SSLSocket.
Here is the code :
Client :
public static void main(String args[]) {
new Thread(new Runnable() {
public void run() {
check("1");
}).start();
try {
Thread.sleep(2000);
} catch (InterruptedException e) { e.printStackTrace(); }
new Thread(new Runnable() {
public void run() {
check("2");
}).start();
public static void check(final String name) {
try {
Preferences p = Preferences.userNodeForPackage(TestMain.class);
// .... filling preferences p
KeyManager[] kms = null;
if (keyStore != null)
kms = SSLHelper.getKeyManagers(keyStore, keySecret, keyPassword);
final TrustManager[] tms = SSLHelper.getTrustManagers(trustStore, trustSecret);
tms[0] = new X509TrustManagerWrapper(localStore, localSecret, (X509TrustManager) tms[0]);
final SSLContext context = SSLHelper.getSSLContext(kms, tms);
final SSLSocketFactory ssf = context.getSocketFactory();
final int port = 7000;
final String server = "distant server";
SSLSocket socket = (SSLSocket) ssf.createSocket(server, port);
socket.startHandshake();
final WritableByteChannel outputChannel = Channels.newChannel(socket.getOutputStream());
final ReadableByteChannel inputChannel = Channels.newChannel(socket.getInputStream());
System.out.println(name + " - Connected");
new Thread(new Runnable() {
public void run() {
final ByteBuffer buff = ByteBuffer.allocate(1000);
try {
int nbRead = 0;
int i = 0;
while ((i = inputChannel.read(buff)) > 0) {
nbRead = i;
while (nbRead != 12) {
i = inputChannel.read(buff);
nbRead += i;
nbRead = 0;
buff.flip();
System.out.print(name + " - Reception of ");
while (buff.hasRemaining()) {
System.out.print(buff.getChar());
System.out.println("");
buff.clear();
buff.putChar('h');
buff.putChar('e');
buff.putChar('l');
buff.putChar('l');
buff.putChar('o');
buff.flip();
outputChannel.write(buff);
buff.clear();
} catch (IOException e) { e.printStackTrace(); }
}).start();
} catch (IOException e) { e.printStackTrace();
} catch (GeneralSecurityException e) { e.printStackTrace();}
}Code for SSL Helper :
public final class SSLHelper {
public final static KeyStore getKeyStore(String store, char[] secret) throws IOException, GeneralSecurityException {
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
final File f = new File(store);
if (f.exists() && f.canRead()) {
ks.load(new FileInputStream(f), secret);
} else {
ks.load(null,null);
return ks;
public final static KeyManager[] getKeyManagers(KeyStore ks, char[] keyPassword) throws IOException, GeneralSecurityException {
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyPassword);
return kmf.getKeyManagers();
public final static KeyManager[] getKeyManagers(String keyStore, char[] keySecret, char[] keyPassword) throws IOException, GeneralSecurityException {
return getKeyManagers(getKeyStore(keyStore, keySecret), keyPassword);
public final static TrustManager[] getTrustManagers(String trustStore, char[] trustSecret) throws IOException, GeneralSecurityException {
return getTrustManagers(getKeyStore(trustStore, trustSecret));
public final static TrustManager[] getTrustManagers(KeyStore ks) throws IOException, GeneralSecurityException {
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
return tmf.getTrustManagers();
public final static SSLContext getSSLContext(KeyManager[] kms, TrustManager[] tms) throws IOException, GeneralSecurityException {
final SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(kms, tms, null);
ctx.getServerSessionContext().setSessionTimeout(1);
return ctx;
public final static SSLContext getSSLContext(String keyStore, char[] keySecret, char[] KeyPassword, String trustStore, char[] trustSecret) throws IOException, GeneralSecurityException {
KeyManager[] kms = null;
if (keyStore != null) {
kms = getKeyManagers(keyStore, keySecret, KeyPassword);
TrustManager[] tms = null;
if (trustSecret != null) {
tms = getTrustManagers(trustStore, trustSecret);
return getSSLContext(kms, tms);
public static SSLContext getSSLContext(String keyStore, char[] keySecret, char[] keyPassword) throws IOException, GeneralSecurityException {
KeyManager[] kms = null;
if (keyStore != null) {
kms = getKeyManagers(keyStore, keySecret, keyPassword);
return getSSLContext(kms, null);
public static SSLContext getSSLContext(String trustStore, char[] trustSecret) throws IOException, GeneralSecurityException {
TrustManager[] tms = null;
if (trustStore != null) {
tms = getTrustManagers(trustStore, trustSecret);
return getSSLContext(null, tms);
Code for Server :
public static void main(String args[]) {
Preferences p = Preferences.userNodeForPackage(ServerMainTest.class);
p.put("port", "7000");
// .... filling preferences p
String keyStore = p.get("keyStore", "");
char[] keySecret = p.get("keySecret", "keySecret").toCharArray();
char[] keyPassword = p.get("keyPassword", "keyPassword").toCharArray();
try {
BoundConcurrent server = new BoundConcurrent(p);
SSLContext ctx;
SSLServerSocket ss;
ctx = SSLHelper.getSSLContext(keyStore, keySecret, keyPassword);
ss = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket();
server.setServerSocket(ss);
server.setService(new TestServer());
String nbThread = "10";
server.setThreadNumber(Integer.valueOf(nbThread));
server.launch();
} catch (GeneralSecurityException e) { e.printStackTrace();
} catch (IOException e) { e.printStackTrace(); }
public class TestServer implements Service {
private final static int BUFF_SIZE = 10000;
private final ByteBuffer readByteBuffer = ByteBuffer.allocateDirect(BUFF_SIZE);
private final ByteBuffer writeByteBuffer = ByteBuffer.allocateDirect(BUFF_SIZE);
private WritableByteChannel outputChannel;
public void serve(Socket socketService) {
try {
final ReadableByteChannel inputChannel = Channels.newChannel(socketService.getInputStream());
outputChannel = Channels.newChannel(socketService.getOutputStream());
System.out.println(Thread.currentThread().getName() + " - Reception of new connection");
SSLSocket s = (SSLSocket) socketService;
s.getSession().invalidate();
byte[] b = s.getSession().getId();
final StringBuilder sb = new StringBuilder();
for(int i = 0; i < b.length; i++) {
sb.append(b);
System.out.println(sb.toString());
new Thread(new Runnable() {
public void run() {
final ByteBuffer buff = ByteBuffer.allocate(1000);
try {
int nbRead = 0;
int i = 0;
while ((i = inputChannel.read(buff)) > 0) {
nbRead = i;
while (nbRead != 10) {
i = inputChannel.read(buff);
nbRead += i;
nbRead = 0;
buff.flip();
System.out.print(Thread.currentThread().getName() + " - Reception of ");
while (buff.hasRemaining()) {
System.out.print(buff.getChar());
System.out.println("");
buff.clear();
} catch (IOException e) { e.printStackTrace(); }
}).start();
while (true) {
writeByteBuffer.clear();
writeByteBuffer.putChar('c');
writeByteBuffer.putChar('o');
writeByteBuffer.putChar('u');
writeByteBuffer.putChar('c');
writeByteBuffer.putChar('o');
writeByteBuffer.putChar('u');
writeByteBuffer.flip();
outputChannel.write(writeByteBuffer);
try {
Thread.sleep(3000);
} catch (InterruptedException e) { e.printStackTrace(); }
} catch (IOException e) { e.printStackTrace(); }
public class BoundConcurrent extends Server {
protected int threadNb = -1;
public BoundConcurrent(Preferences pref) {
super(pref);
public void setThreadNumber(int nb) {
threadNb = nb;
@Override
public void launch() {
try {
bind();
} catch (IOException e) { return; }
if (threadNb==-1)
threadNb = getPreferences().getInt("threadNB", 10);
final ThreadGroup group = new ThreadGroup("Service");
for (int i=0; i<threadNb; i++) {
final String name = "server"+i;
try {
new Thread(group, new RunnableService(), name).start();
} catch (NullPointerException e) { break; }
public class RunnableService implements Runnable {
public void run() {
Socket serviceSocket;
while (true) {
synchronized (serverSocket) {
try {
serviceSocket = serverSocket.accept();
final SSLSocket sslSocket = (SSLSocket)serviceSocket;
sslSocket.setEnableSessionCreation(true);
sslSocket.getSession().invalidate();
} catch (IOException e) { break; }
try {
service.serve(serviceSocket);
serviceSocket.close();
} catch (IOException e) { e.printStackTrace(); }
Thanks.
Edited by: duncan55 on 21 juin 2012 03:08It's not a mess, you don't understand that there is one instance of service (one thread) by client.Me case rests, m'lud. It's such a mess that you don't even understand your own code. You have:
public class TestServer implements ServiceIt has an instance member:
private final ByteBuffer writeByteBuffer = ByteBuffer.allocateDirect(BUFF_SIZE);You instantiate it here:
ss = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket();
server.setServerSocket(ss);
server.setService(new TestServer());and nowhere else. There is therefore only one instance of TestServer. It has a serve(Socket socketService) method, that is called with different values of 'socketService' where you reuse the 'writeByteBuffer' member for all sockets:
writeByteBuffer.clear();
writeByteBuffer.putChar('c');
writeByteBuffer.putChar('o');
writeByteBuffer.putChar('u');
writeByteBuffer.putChar('c');
writeByteBuffer.putChar('o');
writeByteBuffer.putChar('u');
writeByteBuffer.flip();
outputChannel.write(writeByteBuffer);QED. Try the tutorial I mentioned and see how it's done. -
Protect against DOS attack on NIO Server
I have a NIO server which recently underwent a DOS attack. The attack was very simply a packet flood in which a rogue engineered client sent a packet request to the system 80,000 times in about 5 seconds.
The packet was successfully ignored in the application code (it just logged it). Logging usually take the IP address but in this case using getInetAddress() on the socket channel returned null every time.
However, as far as future protection goes how could I modify the system to be able to withstand such attacks? Under normal operation the server would establish TCP socket connection with client on a public port. Then client sends login packet and if authorized client can send other request packets to get data and perform user actions (like chatting).
In this attack user did not bother to attempt to login and instead just sent many of the same data request packets over and over, causing the system to use up the thread pool and block other legitimate clients from now connecting. I am not expert in security like this, so what is best practice for making code stand up?
Some general questions I can think of:
- would using SSL help?
- some way to throttle client requests to a certain frequency or byte limit per second?
- should have one port for login and another for data requests after login succeed?
Thanks In Advance.You can't use SSL with non-blocking NIO unless you want tackle the complexities of the SSLEngine (or use my Scalable SSL product), and in any case I'm not sure it would really help - it would just move the DOS attack into the SSLEngine handling. Separate ports won' t help either as there is nothing to stop the attacker using either of them, or both.
Maybe your best defence is to identify rogue packets as quickly as possible, and drop the entire connection if you get a bad packet (e.g. one where getInetAddress() returns null, although in fact I don't see how that is actually possible). You might proceed from there to logging rogue source addresses and dropping connections from them immediately.
I would also investigate what can be done in the firewall configuration. -
Trying to switch my email account on 3 devices (IMAC, IPhone, IPad) fro POP to IMAP so when I delete mail from one device, it deletes it from all 3. I was told to create an IMAP acct first om the mac, but the server told me not to use SSL or SPA but to use SMTP Authentication. It's automatically setting it to SSL HELP!!
Imap means email is on the server of your email provider and you get a local copy on your device. then all activity like moving to folders and deleting is synchronized to the server and your other devices.
You need to find out the imap settings for you email account. Typically on a MAC you can setup as other email and select imap. It might then automatically discover the settings.
On iOS devices you might have to manually fill in incoming and outgoing server and ports, authentication etc.
Do a google search on imap iOS setup for you email provider. -
Error while adding a connector for SSL..help!!!
i'm getting this error when i added a connector for SSL and restarted tomcat
my connector tag is
<Connector keystorePass="kalima" scheme="https" port="8443" sslProtocol="TLS" redirectPort="-1" enableLookups="true" keystoreFile="Mykeystore" protocol="TLS" keystore="C:\Documents and Settings\santhoshyma\Mykeystore" clientauth="false" algorithm="SunX509" keypass="changeit" secure="true" keytype="JKS">
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystorePass="kalima" keystoreFile="C:\SSLTest\Mykeystore"/>
</Connector>
LifecycleException: Protocol handler instantiation failed: java.lang.NullPointe
rException
at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.
java:1368)
at org.apache.catalina.core.StandardService.initialize(StandardService.j
ava:609)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav
a:2384)
at org.apache.catalina.startup.Catalina.load(Catalina.java:507)
at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:250)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:424)The question is answered in CRM 7.0 forum:
Getting error while adding a custom field (with input help) through AET -
Help with getting Web Start working with two-way SSL
I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul -
Cisco 1841 SSL VPN and Anyconnect Help
I am pretty new to Cisco programming and am trying to get an SSL VPN set up for remote access using a web browser and using Anyconnect version 3.1.04509. If I try to connect via a web browser I get an error telling me the security certificate is not secure. If I try to connect via Anyconnect I get an error saying "Untrusted VPN Server Blocked." If I change the Anyconnect settings to allow connections to untrusted servers, I get two errors that say"Certificate does not match the server name" and "Certificate is malformed." Below is the running config in the router at this time. There is another Site-to-Site VPN tunnel that is up and working properly on this device. Any help would be greatly appreciated. Thanks
Current configuration : 7741 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname buchanan1841
boot-start-marker
boot-end-marker
logging message-counter syslog
no logging buffered
enable secret 5 XXXXXXX
enable password XXXX
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
crypto pki trustpoint buchanan_Certificate
enrollment selfsigned
revocation-check crl
rsakeypair buchanan_rsakey_pairname
crypto pki certificate chain buchanan_Certificate
certificate self-signed 01
30820197 30820141 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
1D311B30 1906092A 864886F7 0D010902 160C6275 6368616E 616E3138 3431301E
170D3133 30373038 32323330 33335A17 0D323030 31303130 30303030 305A301D
311B3019 06092A86 4886F70D 01090216 0C627563 68616E61 6E313834 31305C30
0D06092A 864886F7 0D010101 0500034B 00304802 4100C76B D94BABC2 6D7FB1F1
AF9AA76F E631B841 7CFEA806 1F52420B 9C83D754 D58393B1 EC02FCA8 BFBE82D6
79645A32 4ECEDB43 8AEB1590 9CCC309E 17E70061 86150203 010001A3 6C306A30
0F060355 1D130101 FF040530 030101FF 30170603 551D1104 10300E82 0C627563
68616E61 6E313834 31301F06 03551D23 04183016 8014AF2E 3FCF66AF C8A43F5F
97DFABA9 C74371FD 127A301D 0603551D 0E041604 14AF2E3F CF66AFC8 A43F5F97
DFABA9C7 4371FD12 7A300D06 092A8648 86F70D01 01040500 034100C1 47D2E8B0
4AC15F69 E8CBE141 E8EE96C5 7BF1EE51 102278B8 ED525185 9F112FA6 0D51F7A6
3382DB09 8692EEE7 200471B3 BF12FBD0 223EB549 4A352049 513F4B
quit
dot11 syslog
ip source-route
ip cef
no ipv6 cef
multilink bundle-name authenticated
username buchanan privilege 15 password 0 XXXXX
username cybera password 0 cybera
username skapple privilege 15 secret 5 XXXXXXXXXX
username buckys secret 5 XXXXXXXXXXX
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key p2uprEswaspus address XXXXXX
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set cybera esp-3des esp-md5-hmac
crypto ipsec profile cybera
set transform-set cybera
archive
log config
hidekeys
ip ssh version 1
interface Tunnel0
description Cybera WAN - IPSEC Tunnel
ip address x.x.x.x 255.255.255.252
ip virtual-reassembly
tunnel source x.x.x.x
tunnel destination x.x.x.x
tunnel mode ipsec ipv4
tunnel protection ipsec profile cybera
interface FastEthernet0/0
description LAN Connection
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.2
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1
description WAN Connection
ip address x.x.x.x 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface ATM0/0/0
no ip address
shutdown
atm restart timer 300
no atm ilmi-keepalive
interface Virtual-Template2
ip unnumbered FastEthernet0/0
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.254
ip local pool LAN_POOL 192.168.1.50 192.168.1.99
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 4.71.21.0 255.255.255.224 x.x.x.x
ip route 10.4.0.0 255.255.0.0 x.x.x.x
ip route 10.5.0.0 255.255.0.0 x.x.x.x
ip route x.x.x.x 255.255.240.0 x.x.x.x
ip route x.x.x.x 255.255.255.255 x.x.x.x
ip route x.x.x.x 255.255.255.255 x.x.x.x
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.201 22 x.x.x.x 22 extendable
ip nat inside source static tcp 192.168.1.202 23 x.x.x.x 23 extendable
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
password xxxxx
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway_1
ip address x.x.x.x port 443
http-redirect port 80
ssl trustpoint buchanan_Certificate
inservice
webvpn install svc flash:/webvpn/anyconnect-w
in-3.1.04059-k9.pkg sequence 1
webvpn context employees
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "LAN_POOL"
svc default-domain "buchanan.local"
svc keep-client-installed
svc dns-server primary 192.168.1.2
svc wins-server primary 192.168.1.2
virtual-template 2
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_2
gateway gateway_1
max-users 10
inservice
endbuchanan1841#Perhaps you have changed the host-/domainname after the certificate was created?
I'd generate a new one ...
Michael
Please rate all helpful posts -
I am having email problems with the new Mountain Lion. stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely. Help
Incoming Mail (IMAP) Server - requires SSL:
imap.gmail.com
Use SSL: Yes
Port: 993
Outgoing Mail (SMTP) Server - requires TLS:
smtp.gmail.com (use authentication)
Use Authentication: Yes
Use STARTTLS: Yes (some clients call this SSL)
Port: 465 or 587
Account Name:
your full email address (including @gmail.com) Google Apps users, please enter username@your_domain.com
Email Address:
your full Gmail email address ([email protected]) Google Apps users, please enter username@your_domain.com
Password:
your Gmail password
The Quick Answer
Follow the instructions below to set up IMAP1 access in most email clients.
Google Apps users, please follow the default instructions unless otherwise noted, replacing 'your_domain.com' with your actual domain2 name.
this is all greek to me. WHAT IS STARTTLS? On the first page of Apple set up there is a TLS certificate and it is marked NONE- should I change it to the long APPLE CERT option? The next page under ADVANCED: THERE IS A BOX SSL MARKED. Then IMAP Path Prefix - I put stmp.gmail.com.. is that right? Port 993 can use this one? as 456 doesn't work and 587 said it wasn't safe. Under AUTHENTICATION I used PASSWORD. Should I have used external client cert TLS?
Please help me set this up securely. ThanksApple - Support - Mail Setup Assistant
-
Help on FRM-41211 Integration error: SSL failure running another product.
Am getting the above error, whenever I run my interface form calling a Report module.
What's baffling though is - this only happens during the initial call to the RUN_PRODUCT built-in. That is, after acknowledging the Form error, the Reports Background Engine is displayed, then everything would seem to be work after that.
Could this be a bug or is there a run-around to this?
Thanks a lot for your ideas and help.We were getting this error on windows98 machines if someone had opened wordpad or some other unrelated application before running a report after they booted the machine. We solved the problem by forcing the reports backgroup engine to run at startup to prevent this error.
HOST (
'start /m RWRBE60.exe ',
no_screen); -- START BACKGROUND ENGINE TO PREVENT SSL INTEGRATION ERROR -
New ipod touch 32gb. Can access iTune store.Can sample music selection. Completed latest update for ipod Can't make any purchases. Get error "could not complete your iTunes store request. An unknown error occured (-1202)". security SSL 3.0 & TSL 1.0 OK. Firewall enabled for iTunes. ???
laneymenion wrote:
Using Proxy: Yes
HTTP Proxy: 192.168.100.15:80
Change the Using Proxy to No
Have you allowed itunes and itunes helper in your security software firewall? -
Ever since last sunday, whenever I try to purchase an app from itunes, I always get this error explaining that I cannot establish a secure connection. I made sure TLS 1.0 and SSL 3.0 were enabled in options and I made sure the firewall was notblocking itunes, and I made sure that the host file was not blocking itunes.
I've done everything, please help?I have become ridiculously desperate. Itunes works for everyone else on my connection excepr e. I'VE TRIED EVERYTHING. I UNINSTALLED ALL SECURITY SOFTWARE AND CHECKED MY HOST FILE. NOTHING IS WRONG AND STILL ITUNES DOWN RIGHT REFUSES TO WORK. SOMEBODY PLEASE HELP ME!!!
-
Help needed in importing SSL Certificate
Hi All,
The SSL certificate in our application server has expired. We have created a new certificate and imported it through oracle wallet manger. But the application server is not recognizing the new certificate. Still shows certificate error when we try to access the application via https.
We are using oracle application server 10.1.2.0.2
I don’t have much knowledge on application server.
Please help me on this.
Thanks in Advance,
JeyHi Jeykrishnan,
The installation consists of three main parts:
a) Importing the Primary Root CA
b) Import the Intermediate Certificate and Cross Certificate
c) Installing your SSL123 certificate
a) Importing the Primary Root CA
1. Launch Oracle Wallet Manager.
2. Click Operations and select Import Trust Certificates from the menu
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
b) Importing the Intermediate and Cross certificates
1. Launch the Oracle Wallet Manager.
2. Click Operations > Import Trust Certificates from the menu.
3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
6. Repeat the same steps for the Cross certificate
c) Importing your SSL123 certificate
1. Click Operations > Import User Certificate from the menu bar.
2. The Import Certificate dialog appears.
3. Select the Paste the Certificate radio button, and click OK.
4. The Import Certificate dialog appears.
5. Paste the entire contents of your SSL123 Certificate file and click OK.
6. A message should show that the certificate was imported successfully.
7. When you return to the main window, wallet status should show "Ready."
Regards
FAbian
Maybe you are looking for
-
Create adaptive web service model for a web dynpro project
I have been trying to create a new new adaptive web service model for a web dynpro project.I am using the URL of the wsdl file to create the model. I have copied the url link of the wsdl from the overview tab of the web services navigator. The web se
-
Want to Create View as per Condition Fires After Parameter Form.
Hi .. I want to create a report from a view,and that view would create after parameter form of that report. Example.. I want to select max(sal) of each Dept.where employee hired between 1-jan-2007 and 31-jul-2007' I want when i Passes dates in Parame
-
How long does iPad 2 last after it is lost?
I left my iPad on the bus today (It has not been a good day). First thing I did was ring up the bus company. I then jumped onto the iCloud.com and used "Find my iPhone". I eventually located it (at my university), we locked ot, sent a message and pla
-
I am new to Solaris. I downloaded the 4 CD set from Sun (dated 1/06) and installed it over another Solaris install (I had a DVD dated 3/05). Now JDS doesn't work at all, it either segfaults or crashes the whole system (I don't know where to find the
-
af:panelGroup -- undefined object?
Hi, Using ADF, I created a JSF jsp page that has three textboxes and two buttons-resetButton and submitButton. Trying to write some JavaScript code to make the resetButton work (clear the contents of all 3 textboxes). I was able to obtain the documet