SSL JDK 1.4 problem
I have a java client (using jdk 1.3.1_03) talking to a web service deployed
on Weblogic 7.0.1 (using JDK 1.4 instead of default 1.3.1_03) through ssl
sucessfully. But If I swith client JDK also to JDK 1.4, I am getting a
handshake failure. I know weblogic 7 is not certified for JDK 1.4. But I
really need to use 1.4. Is there a work around? Here is the error log I am
getting. Any response is appreciated.
Thanks,
Vish
D:\dev\cie\client>set JAVA_HOME=D:\JBuilder8\jdk1.4
D:\dev\cie\client>set WL_HOME=c:\bea\weblogic700
D:\dev\cie\client>set
ANTCLASSPATH=D:\JBuilder8\jdk1.4\lib\tools.jar;c:\bea\webl
ogic700\server\lib\weblogic_sp.jar;c:\bea\weblogic700\server\lib\weblogic.ja
r;c:
\bea\weblogic700\server\lib\webservices.jar;
D:\dev\cie\client>set
PATH=c:\bea\weblogic700\server\bin;D:\JBuilder8\jdk1.4\jre
\bin;D:\JBuilder8\jdk1.4\bin;
D:\dev\cie\client>java -classpath
D:\JBuilder8\jdk1.4\lib\tools.jar;c:\bea\weblo
gic700\server\lib\weblogic_sp.jar;c:\bea\weblogic700\server\lib\weblogic.jar
;c:\
bea\weblogic700\server\lib\webservices.jar; org.apache.tools.ant.Main runssl
Buildfile: build.xml
runssl:
[java] [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[java] [BaseWLSSLAdapter] : Strict cert checking disabled by default
[java] [BaseWLSSLAdapter] : Trusted certificates will be loaded from
c:\bea
\user_projects\cip\trusted.crt
[java] [BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.
FileInputStream@1e232b5
[java] [BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.w
ebservice.client.WLSSLAdapter@16f144c
[java] [BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.
BaseWLSSLAdapter$NullTrustManager@19da4fc
[java] [WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.
WLSSLAdapter$NullVerifier@f6ac0b
[java] [BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSoc
ketFactoryImpl@1938039
[java] [WLSSLAdapter] :
openConnection(https://teilhard.darwin.nasa.gov:802
1/time-service/TimeService?WSDL) returning
weblogic.webservice.client.https.Http
sURLConnection:https://teilhard.darwin.nasa.gov:8021/time-service/TimeServic
e?WS
DL
[java] [WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.clien
t.WLSSLAdapter$NullVerifier@f6ac0b
[java] [WLSSLAdapter] : -- loaded certs from
c:\bea\user_projects\cip\trust
ed.crt
[java] java.io.IOException: Write Channel Closed, possible SSL
handshaking
or trust failure
[java] at com.certicom.tls.record.WriteHandler.write(Unknown
Source)
[java] at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSen
t(Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(
Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(
Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.handleHand
shakeMessage(Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.handleHand
shakeMessages(Unknown Source)
[java] at
com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
[java] at com.certicom.tls.record.ReadHandler.readRecord(Unknown
Source
[java] at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplet
e(Unknown Source)
[java] at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHand
shake(Unknown Source)
[java] at com.certicom.tls.record.WriteHandler.write(Unknown
Source)
[java] at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown
Source)
[java] at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStrea
m(Unknown Source)
[java] at
weblogic.webservice.client.https.HttpsURLConnection.getInputS
tream(HttpsURLConnection.java:216)
[java] at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefin
ition(DefinitionFactory.java:71)
[java] at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.
java:63)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:108)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:84)
[java] at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.j
ava:73)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeService_Impl.<
init>(TimeService_Impl.java:23)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
testTimeSvc(TimeServiceClient.java:69)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
main(TimeServiceClient.java:55)
[java] weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to
retrie
ve WSDL from
https://teilhard.darwin.nasa.gov:8021/time-service/TimeService?WSDL
. Please check the URL and make sure that it is a valid XML file
[java.io.IOExce
ption: Write Channel Closed, possible SSL handshaking or trust failure]
[java] at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefin
ition(DefinitionFactory.java:86)
[java] at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.
java:63)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:108)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:84)
[java] at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.j
ava:73)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeService_Impl.<
init>(TimeService_Impl.java:23)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
testTimeSvc(TimeServiceClient.java:69)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
main(TimeServiceClient.java:55)
On the client side, try removing the the jsse.jar from the j2sdk1.4.1\jre\lib.
"Vish Magapu" <vm> wrote:
I have a java client (using jdk 1.3.1_03) talking to a web service deployed
on Weblogic 7.0.1 (using JDK 1.4 instead of default 1.3.1_03) through
ssl
sucessfully. But If I swith client JDK also to JDK 1.4, I am getting
a
handshake failure. I know weblogic 7 is not certified for JDK 1.4. But
I
really need to use 1.4. Is there a work around? Here is the error log
I am
getting. Any response is appreciated.
Thanks,
Vish
D:\dev\cie\client>set JAVA_HOME=D:\JBuilder8\jdk1.4
D:\dev\cie\client>set WL_HOME=c:\bea\weblogic700
D:\dev\cie\client>set
ANTCLASSPATH=D:\JBuilder8\jdk1.4\lib\tools.jar;c:\bea\webl
ogic700\server\lib\weblogic_sp.jar;c:\bea\weblogic700\server\lib\weblogic.ja
r;c:
\bea\weblogic700\server\lib\webservices.jar;
D:\dev\cie\client>set
PATH=c:\bea\weblogic700\server\bin;D:\JBuilder8\jdk1.4\jre
\bin;D:\JBuilder8\jdk1.4\bin;
D:\dev\cie\client>java -classpath
D:\JBuilder8\jdk1.4\lib\tools.jar;c:\bea\weblo
gic700\server\lib\weblogic_sp.jar;c:\bea\weblogic700\server\lib\weblogic.jar
;c:\
bea\weblogic700\server\lib\webservices.jar; org.apache.tools.ant.Main
runssl
Buildfile: build.xml
runssl:
[java] [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[java] [BaseWLSSLAdapter] : Strict cert checking disabled by default
[java] [BaseWLSSLAdapter] : Trusted certificates will be loaded
from
c:\bea
\user_projects\cip\trusted.crt
[java] [BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.
FileInputStream@1e232b5
[java] [BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.w
ebservice.client.WLSSLAdapter@16f144c
[java] [BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.
BaseWLSSLAdapter$NullTrustManager@19da4fc
[java] [WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.
WLSSLAdapter$NullVerifier@f6ac0b
[java] [BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSoc
ketFactoryImpl@1938039
[java] [WLSSLAdapter] :
openConnection(https://teilhard.darwin.nasa.gov:802
1/time-service/TimeService?WSDL) returning
weblogic.webservice.client.https.Http
sURLConnection:https://teilhard.darwin.nasa.gov:8021/time-service/TimeServic
e?WS
DL
[java] [WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.clien
t.WLSSLAdapter$NullVerifier@f6ac0b
[java] [WLSSLAdapter] : -- loaded certs from
c:\bea\user_projects\cip\trust
ed.crt
[java] java.io.IOException: Write Channel Closed, possible SSL
handshaking
or trust failure
[java] at com.certicom.tls.record.WriteHandler.write(Unknown
Source)
[java] at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSen
t(Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(
Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(
Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.handleHand
shakeMessage(Unknown Source)
[java] at
com.certicom.tls.record.handshake.HandshakeHandler.handleHand
shakeMessages(Unknown Source)
[java] at
com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
[java] at com.certicom.tls.record.ReadHandler.readRecord(Unknown
Source
[java] at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplet
e(Unknown Source)
[java] at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHand
shake(Unknown Source)
[java] at com.certicom.tls.record.WriteHandler.write(Unknown
Source)
[java] at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown
Source)
[java] at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStrea
m(Unknown Source)
[java] at
weblogic.webservice.client.https.HttpsURLConnection.getInputS
tream(HttpsURLConnection.java:216)
[java] at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefin
ition(DefinitionFactory.java:71)
[java] at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.
java:63)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:108)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:84)
[java] at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.j
ava:73)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeService_Impl.<
init>(TimeService_Impl.java:23)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
testTimeSvc(TimeServiceClient.java:69)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
main(TimeServiceClient.java:55)
[java] weblogic.webservice.tools.wsdlp.WSDLParseException: Failed
to
retrie
ve WSDL from
https://teilhard.darwin.nasa.gov:8021/time-service/TimeService?WSDL
.. Please check the URL and make sure that it is a valid XML file
[java.io.IOExce
ption: Write Channel Closed, possible SSL handshaking or trust failure]
[java] at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefin
ition(DefinitionFactory.java:86)
[java] at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.
java:63)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:108)
[java] at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServi
ceFactory.java:84)
[java] at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.j
ava:73)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeService_Impl.<
init>(TimeService_Impl.java:23)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
testTimeSvc(TimeServiceClient.java:69)
[java] at
gov.nasa.darwin.cip.middleware.time.client.TimeServiceClient.
main(TimeServiceClient.java:55)
Similar Messages
-
hi,
yesterday i upgraded my system:
[2011-03-02 22:34] Running 'pacman -Su'
[2011-03-02 22:34] starting full system upgrade
[2011-03-02 22:46] removed util-linux-ng (2.18-4)
[2011-03-02 22:46] Generating locales...
[2011-03-02 22:46] de_AT.UTF-8... done
[2011-03-02 22:46] de_AT.ISO-8859-1... done
[2011-03-02 22:46] de_AT.ISO-8859-15@euro... done
[2011-03-02 22:46] de_DE.UTF-8... done
[2011-03-02 22:46] de_DE.ISO-8859-1... done
[2011-03-02 22:46] de_DE.ISO-8859-15@euro... done
[2011-03-02 22:46] en_US.UTF-8... done
[2011-03-02 22:46] en_US.ISO-8859-1... done
[2011-03-02 22:46] Generation complete.
[2011-03-02 22:46] upgraded glibc (2.13-1 -> 2.13-4)
[2011-03-02 22:46] upgraded alsa-lib (1.0.23-2 -> 1.0.24.1-1)
[2011-03-02 22:46] upgraded alsa-utils (1.0.23-3 -> 1.0.24.2-1)
[2011-03-02 22:46] upgraded binutils (2.21-3 -> 2.21-4)
[2011-03-02 22:46] upgraded cherokee (1.0.20-2 -> 1.2.1-1)
[2011-03-02 22:46] upgraded chromium (9.0.597.94-1 -> 9.0.597.107-1)
[2011-03-02 22:46] upgraded curl (7.21.3-1 -> 7.21.4-2)
[2011-03-02 22:46] upgraded file (5.05-1 -> 5.05-2)
[2011-03-02 22:46] upgraded gegl (0.1.4-1 -> 0.1.6-1)
[2011-03-02 22:46] upgraded vim-runtime (7.3.102-1 -> 7.3.125-1)
[2011-03-02 22:46] upgraded python2 (2.7.1-5 -> 2.7.1-7)
[2011-03-02 22:46] upgraded ruby (1.9.2_p136-2 -> 1.9.2_p180-1)
[2011-03-02 22:46] Updating desktop and mime database...done.
[2011-03-02 22:46] upgraded gvim (7.3.102-1 -> 7.3.125-1)
[2011-03-02 22:46] installed util-linux (2.19-4)
[2011-03-02 22:46] upgraded udev (165-1 -> 166-2)
[2011-03-02 22:46] warning: /etc/inittab installed as /etc/inittab.pacnew
[2011-03-02 22:46] warning: /etc/rc.conf installed as /etc/rc.conf.pacnew
[2011-03-02 22:46] upgraded initscripts (2010.07-2 -> 2011.02.1-1)
[2011-03-02 22:46] upgraded libdrm (2.4.23-1 -> 2.4.23-2)
[2011-03-02 22:46] upgraded libgl (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
[2011-03-02 22:46] upgraded intel-dri (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
[2011-03-02 22:47] upgraded jre (6u23-4 -> 6u24-1)
[2011-03-02 22:47] upgraded jdk (6u23-4 -> 6u24-1)
[2011-03-02 22:47] upgraded mkinitcpio (0.6.8-1 -> 0.6.8-2)
[2011-03-02 22:47] >>> Updating module dependencies. Please wait ...
[2011-03-02 22:47] >>> MKINITCPIO SETUP
[2011-03-02 22:47] >>> ----------------
[2011-03-02 22:47] >>> If you use LVM2, Encrypted root or software RAID,
[2011-03-02 22:47] >>> Ensure you enable support in /etc/mkinitcpio.conf .
[2011-03-02 22:47] >>> More information about mkinitcpio setup can be found here:
[2011-03-02 22:47] >>> http://wiki.archlinux.org/index.php/Mkinitcpio
[2011-03-02 22:47]
[2011-03-02 22:47] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
[2011-03-02 22:47] ==> Building image "default"
[2011-03-02 22:47] ==> Running command: /sbin/mkinitcpio -k 2.6.37-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
[2011-03-02 22:47] :: Begin build
[2011-03-02 22:47] :: Parsing hook [base]
[2011-03-02 22:47] :: Parsing hook [udev]
[2011-03-02 22:47] :: Parsing hook [autodetect]
[2011-03-02 22:47] :: Parsing hook [pata]
[2011-03-02 22:47] :: Parsing hook [scsi]
[2011-03-02 22:47] :: Parsing hook [sata]
[2011-03-02 22:47] :: Parsing hook [filesystems]
[2011-03-02 22:47] :: Generating module dependencies
[2011-03-02 22:47] :: Generating image '/boot/kernel26.img'...SUCCESS
[2011-03-02 22:47] ==> SUCCESS
[2011-03-02 22:47] ==> Building image "fallback"
[2011-03-02 22:47] ==> Running command: /sbin/mkinitcpio -k 2.6.37-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26-fallback.img -S autodetect
[2011-03-02 22:47] :: Begin build
[2011-03-02 22:47] :: Parsing hook [base]
[2011-03-02 22:47] :: Parsing hook [udev]
[2011-03-02 22:47] :: Parsing hook [pata]
[2011-03-02 22:48] :: Parsing hook [scsi]
[2011-03-02 22:48] :: Parsing hook [sata]
[2011-03-02 22:48] :: Parsing hook [filesystems]
[2011-03-02 22:48] :: Generating module dependencies
[2011-03-02 22:48] :: Generating image '/boot/kernel26-fallback.img'...SUCCESS
[2011-03-02 22:48] ==> SUCCESS
[2011-03-02 22:48] upgraded kernel26 (2.6.37-5 -> 2.6.37.2-1)
[2011-03-02 22:48] upgraded libburn (1.0.0.pl00-1 -> 1.0.2.pl00-1)
[2011-03-02 22:48] upgraded libfm (0.1.14-2 -> 0.1.14-4)
[2011-03-02 22:48] upgraded libisofs (1.0.0-1 -> 1.0.2-1)
[2011-03-02 22:48] upgraded libldap (2.4.23-1 -> 2.4.24-1)
[2011-03-02 22:49] upgraded librsvg (2.32.1-1 -> 2.32.1-2)
[2011-03-02 22:49] upgraded libwpd (0.9.0-1 -> 0.9.1-1)
[2011-03-02 22:49] upgraded lsof (4.84-1 -> 4.84-2)
[2011-03-02 22:49] upgraded mercurial (1.7.5-1 -> 1.8-1)
[2011-03-02 22:49] upgraded mesa (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
[2011-03-02 22:49] warning: /etc/ntp.conf installed as /etc/ntp.conf.pacnew
[2011-03-02 22:49] warning: /etc/conf.d/ntp-client.conf installed as /etc/conf.d/ntp-client.conf.pacnew
[2011-03-02 22:49] upgraded ntp (4.2.6.p2-1 -> 4.2.6.p3-1)
[2011-03-02 22:49] upgraded pcmanfm (0.9.8-2 -> 0.9.8-5)
[2011-03-02 22:49] upgraded phpmyadmin (3.3.9.2-1 -> 3.3.9.2-2)
[2011-03-02 22:49] upgraded ppl (0.11-1 -> 0.11.2-1)
[2011-03-02 22:49] upgraded ppp (2.4.5-1 -> 2.4.5-2)
[2011-03-02 22:49] upgraded python-imaging (1.1.7-2 -> 1.1.7-3)
[2011-03-02 22:49] upgraded python2-numpy (1.5.1-1 -> 1.5.1-2)
[2011-03-02 22:49] upgraded qt (4.7.1-3 -> 4.7.2-1)
[2011-03-02 22:49] upgraded v4l-utils (0.8.1-1 -> 0.8.3-1)
[2011-03-02 22:49] upgraded vi (050325-3 -> 050325-4)
[2011-03-02 22:49] upgraded vlc (1.1.7-2 -> 1.1.7-4)
[2011-03-02 22:49] upgraded wget (1.12-3 -> 1.12-5)
[2011-03-02 22:49] upgraded xf86-video-intel (2.14.0-1 -> 2.14.0-2)
[2011-03-02 22:49] upgraded xvidcore (1.2.2-1 -> 1.3.0-1)
i updated the four new files (*.pacnew). after a reboot i realized that mysqld failed to start and i didn't find anything in the logs. next thing was that the wicd daemon started and connected, but wicd-client failed with the error message "Bus error.". chromium also fails:
[16297:16297:1023095321:ERROR:chrome/browser/process_singleton_linux.cc(949)] Failed to create socket directory.
[16297:16297:1023098229:ERROR:chrome/browser/browser_main.cc(1293)] Failed to create a ProcessSingleton for your profile directory. This means that running multiple instances would start multiple browser processes rather than opening a new window in the existing process. Aborting now to avoid profile corruption.
i found out that uninstalling jdk solves the problem, but that's no option for me. the above errors also appear when i install openjdk6 or jdk version 6u23-4. chromium doesn't even start if i install jdk after a reboot without logging in and out again (ergo java is not even in the path).
maybe that's also interesting:
$ uname -a
Linux mathias-laptop 2.6.37-ARCH #1 SMP PREEMPT Fri Feb 25 09:07:57 UTC 2011 i686 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux
i couldn't find any related problems on the web...
thank you for any help, ideas or hints!strange thing was, wicd and chromium worked when run as root. but i found the reason: no space left on my root partition =o| .
-
SPA303 Provisioning over SSL with Client Verification problem
Hello,
We use DHCP (66) HTTPS URL for provisioning and initial configuration of SPA303 phones.
When Client Verification is enabled - the phones fail to authenticate to the web server and provisioning fails. It works perfectly when Client Verification is disabled. Debug logs and ssl traffic sniffing revealed only that the phones fail to authenticate properly with the built-in certificates to the server.
The server certificate passes validation (Cisco issued), however, since no full CA chain is availible from Cisco - we can't be completely sure it's valid.
Server side is Apache, the SSL conf is as follows:
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.cert
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.key
SSLProtocol All -SSLv2
SSLVerifyClient require
SSLCACertificatePath /usr/local/apache2/conf/ssl/conf/ssl/
SSLCACertificateFile /usr/local/apache2/conf/ssl/conf/ssl/combinedca.crt
Could it be a problem with the server conf or certificate(s) issue?
PS.
We followed those to obtain the certs:
https://supportforums.cisco.com/docs/DOC-9852
https://supportforums.cisco.com/docs/DOC-12709
Any ideas appriciated!SOLVED!
I solved the problem.
The key to the solution was the ifolder39_admin.pdf - page 226.
Best regards
Andre -
Hi,
I have a form that calls a web service on start up in the docReady event.
This has been working well in one of our development environments where the the web service is on a plain non secure connection.
However, when we try and make the same web service call using ssl instead, the returned values are not populated in the form. If I run the call twice in a row, it works as usual but this is not an acceptable solution.
The other web services calls on the form all work as expected. It is just this one being called during the docReady event.
Has anybody else encountered this problem?
Thanks,
LukeHi Luke,
I had a similar problem and the reason was that the SSL certificate on the server was not valid (without any errors or warnings).
You might want to first try to access the service from a browser and make sure you don't get any security warnings, if you get any security warnings, Adobe won't be able to call that service.
Hope this helps.
Thanks,
Vikram -
SSL/DIGITAL SIGNATURE Configuration problems
Dear All,
We are facing problems while configuring SSL for Digital signature. We are following the stpes given in ADS Configuration document. Documents present in help.sap.com do not give a clear picture of the various steps involved in authentication using digital signature. We require help with all the steps involved. To provide brief background, we have ABAP and JAVA engines on seperate servers and we were able to configure ADS successfully using basic authentication method as described in ADS config document. Now for Digital signature. we need to configure SSL, while doing so we are facing problems. We went through a lot of blogs and sdn links and numerous documents in SDN but still the problem remains. Please help us.
Regards
MohammedHi,
When we execute the standard transaction for form 16 , three pdf forms are copied to the given location, they are
Annex , form12BA and form16
Only file Annex contains data, the other two files are of 0 bytes. And also the file containing the data doesn't contain digital signature.
We have gone through all the configuration check given in the ADS configuration document and all are given the correct output.
Also we have installed the credential file.
Please guide us.
Regards
Dheeraj -
CSS SSL and link modification problem
Hi all
We have a problem using our CSS to offload SSL for a site. The offload works for the first connection, but the web application seems to be rewriting relative links as absolute links.
For example, a user hits the site at https://www.mydomain.com. The CSS is configured to terminate the SSL traffic, and then send HTTP to the internal web server on TCP/81.
What we're seeing in the client's browser is that all links are being returned as http://www.mydomain.com:81/... instead of https://www.mydomain.com/...
Any idea of how we can do this without messing around with the web server too much? I.e. is there a way on the CSS to do link translation?
ThanksIf the link are indeed hardcoded like this, there is nothing the CSS can do.
Bad server design.
If the server is returning a redirect to http://... the CSS can intercept it and rewrite it to https.
Please verify if there is a redirect.
Gilles. -
JDK MetalWorks demo problems...
Hello,
I have been writing a Swing based MDI application (Taking the metalworks demo as a basis) and have come across some annoying, problems which i have tried to find a solution to and have also posted before without any responses... Can anyone tell me how I may go about verifying that these are indeed jdk issues and if there are any workarounds or known fixes... here is an example of a couple :
(I am using Jdk 1.4.0_01 on win2k)
Using the MetalWorks Demo as an example as we all have that code shipped with the jdk :
// 1
Add an accelerator to the open menu item like the following :
open.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_F5, 0));
Now Create a dialog using new, close the opened dialog and press F5 which is the new accellerator... NOTHING HAPPENS.... until you open another dialog and click on it...
I am seeing this now in my own application whereby all my accelerator mappings get 'lost' when a window is closed, so when i have an accelerator to bring back up this window its disastrous as the mapping breaks.... HELP !
// 2
Another problem i have is the following :
See http://forum.java.sun.com/thread.jsp?forum=57&thread=116814 , which is causing it to maximise over the windows start bar....
I was told jdk1.4.x solves this but it does not... try it with the MetalWorksDemo...
// 3
Another problem is starting the MetalWorks demo, if you open the open dialog on Windows or Solaris it gets decorated with a green (!?) color, even though the rest of the application has the default sun purple decoration....
Any help at all on any of these topics greatly appreciated...
=Astrange thing was, wicd and chromium worked when run as root. but i found the reason: no space left on my root partition =o| .
-
[IMAP SSL] Certificate-Based Login problems
Hi,
I am trying to set up a Certificate-Based Login authentication for an installation of Java Messaging Server 7 Update 3 over Solaris x86 64bit platform.
The objetive is to allow a client to establish an SSL session using a certificate that has been issued by a CA that the server has established as trusted and then grant access to the user without providing his password.
In my installation, unfortunately password is allways required to login any user. These are the steps I have made:
1. Add the CA-signed server certificate.
2. Add the trusted Certificate Authority.
3. Turn on all cipher suites including the weak ones.
4. Enable SSL
./configutil -o service.imap.enablesslport -v yes
./configutil -o service.imap.enable -v 1
./configutil -o service.imap.sslport -v 993
./configutil -o service.imap.sslusessl -v yes
./configutil -o encryption.rsa.nssslpersonalityssl -v "Product-Cert" (where Product-Cert is my CA signed server certificate)
5. Check with the netstat command to verify that the service is running.
bash-3.00# ./configutil -o service.imap.sslport
993
bash-3.00# netstat -an | grep 993
*.993 *.* 0 0 49152 0 LISTEN
Once I have taken these steps, when I use a client to establish an SSL session with a PKCS#12 certificate installed (signed by the same CA trusted by MS and the email address in your users' certificates matches the email address in a users' directory entry) the connection is correct stablished using the port 993 but it is allways necessary to login with password to grant access.
The imap logs seems to show that the MS is not requesting the user's certificate from the client, because allways shows "plaintext authentication" (this correspond a try to access to the user's inbox without Login).
[10/Mar/2010:10:31:38 -0100] goody imapd[2623]: Account Notice: badlogin: [192.168.169.12:1595] plaintext llcc authentication failure
[10/Mar/2010:10:31:41 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:1595] [unauthenticated] 2010/3/10 10:31:37 0:00:04 41 907 0
[10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Network Error: Socket error [192.168.169.12:2226] : I/O function error
[10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:2226] [unauthenticated] 2010/3/10 10:31:56 0:00:25 11 511 0
Also there are some error logs related to the Ciphers:
[10/Mar/2010:10:30:39 -0100] goody imapd[2623]: General Error: SSL initialization error: Unable to enable SSL cipher suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SH
A (0x0064)
(-8186)
Please, Can you help me to discover if there is something wrong in my configuration?
Thanks in advance.
Kind Regards,
LuisThanks for your reply Shane.
Yes, I have configured the client to use port 993. I think the problem is in the Multiplexor configuration, after finished, I allways get this Log message in the ImapProxy Logs:
[15/Mar/2010:17:25:10 -0100] goody ImapProxy[1865]: General Error: (id 455) Connection limit reached for client IP 192.168.169.108
[15/Mar/2010:17:25:22 -0100] goody ImapProxy[1865]: General Error: (id 477) Connection limit reached for client IP 192.168.169.108
[15/Mar/2010:17:25:37 -0100] goody ImapProxy[1865]: General Error: (id 499) Connection limit reached for client IP 192.168.169.108
Where 192.168.169.108 is the IP of the server where MS is installed. The strange thing is that there are no connections established becacause this is a development environment, when I try to check the IMAP port (not ssl) I find a strange behaviour:
bash-3.00# telnet localhost 143
Trying 192.168.169.108...
Connected to goody.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY UNSELECT SORT CATENATE URLAUTH LANGUAGE ESEARCH ESORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ENABLE QRESYNC CONTEXT=SEARCH CONTEXT=SORT WITHIN SASL-IR XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN STARTTLS] Messaging Multiplexor (Sun Java(tm) System Messaging Server 7.3-11.01 (built Sep 1 2009))
. login llcc LLCC_PASSWORD
Connection to goody closed by foreign host.
The ConnLimits parameter is set to default in the ImapProxyAService.cfg (i.e. default:ConnLimits 0.0.0.0|0.0.0.0:20).
Also I have set this values not present in the link: http://wikis.sun.com/display/CommSuite/Configuring+Encryption+and+Certificate-Based+Authentication#ConfiguringEncryptionandCertificate-BasedAuthentication-ToSetUpCertificateBasedLogin
configutil -o local.mmp.enable -v 1
configutil -o local.store.enable -v 0
configutil -o local.imta.enable -v 0
configutil -o local.http.enable -v 0
Any idea?
One question more. I have read that Store Administrators have proxy authentication privileges to any service (POP, IMAP, HTTP, or SMTP), which means they can authenticate to any service using the privileges of any user. The question is: Is there any way for the Store Administrator to access to the mailbox of all the users using the IMAP protocol?
Thanks a lot for your help,
Best Regards,
Luis -
Hi,
I am trying to lock groups to a specific tunnel group but unfortunitly no matter what I do the group-lock feature doesnt seem to work. Basically here is what I want to do:
1-Users detail is pulled from AD through LDAP
2-AD group is mapped to the appropriate group on the ASA using attribute mapping
3-user should only use the tunnel that he/she is locked to
4-this all should be done without the user needing to select a group the vpn portal
5-we will be using Any connect and VPN portal for communication
All works fine except the group-lock feature. If enabled and set to "group-lock value NET_ADMIN_G" I get the following error on debug webvpn and the user is not allowed in.
webvpn_auth.c:http_webvpn_post_authentication[1503]
WebVPN: user: (test) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2905]
User came in on group he wasn't supposed to come in on!
when removed no matter what I do the user is mapped to DefaultWEBVPNGroup tunnel group,
SSLVPN(config-group-policy)# sho vpn-sessiondb webvpn
Session Type: WebVPN
Username : test Index : 132
Public IP : 10.1.1.1
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)AES256 Hashing : Clientless: (1)SHA1
Bytes Tx : 252897 Bytes Rx : 48894
Group Policy : NET_ADMIN Tunnel Group : DefaultWEBVPNGroup
Login Time : 11:18:13 EDT Fri Mar 22 2013
Duration : 0h:01m:12s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Asa is on 9.11.4.
group policy:
group-policy NET_ADMIN internal
group-policy NET_ADMIN attributes
wins-server none
dns-server value 2.2.2.2
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-session-timeout alert-interval 25
vpn-filter value VPN_SPLIT_TUNNEL
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
password-storage disable
ip-comp enable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_SPLIT_TUNNEL
default-domain value brightstarcorp.com
split-dns value brightstarcorp.com
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn value svgmelb.au.brightstarcorp.com
leap-bypass disable
nem disable
backup-servers clear-client-config
msie-proxy method no-modify
vlan none
nac-settings none
address-pools value SSL_POOL
ipv6-address-pools none
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list value NETADMIN_BOOKMARK
filter value INTERNAL_WEBACL
homepage use-smart-tunnel
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression lzs
anyconnect dtls compression lzs
anyconnect modules value posture
anyconnect profiles value net_admin_p type user
anyconnect ask none default webvpn
customization value NETADMIN_PORTAL
hidden-shares visible
activex-relay enable
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
auto-signon allow uri * auth-type all
Tunnel Group:
tunnel-group NET_ADMIN_G type remote-access
tunnel-group NET_ADMIN_G general-attributes
address-pool SSL_POOL
authentication-server-group LDAP
authorization-server-group LDAP
accounting-server-group RGROUPADMIN
default-group-policy NET_ADMIN
authorization-required
tunnel-group NET_ADMIN_G webvpn-attributes
customization NETADMIN_PORTAL
group-alias infra_network enable
group-url https://x.x.x.x/network enable
dns-group DNSGROUP
Any ideas?
Thanks in advanceHi Portu,
Heres debug Ldap:
SLVPN#
[553] Session Start
[553] New request Session, context 0x00007fff33beb228, reqType = Authentication
[553] Fiber started
[553] Creating LDAP context with uri=ldap://1.1.1.13:389
[553] Connect to LDAP server: ldap://1.1.1.13:389, status = Successful
[553] supportedLDAPVersion: value = 3
[553] supportedLDAPVersion: value = 2
[553] Binding as bind
[553] Performing Simple authentication for test to 1.1.1.13
[553] LDAP Search:
Base DN = [OU=xx ENTERPRISE,DC=xxx,DC=com]
Filter = [sAMAccountName=test]
Scope = [SUBTREE]
[553] User DN = [CN=test,OU=Users,OU=xx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com]
[553] Talking to Active Directory server 1.1.1.13
[553] Reading password policy for test, dn:CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com
[553] Read bad password count 0
[553] Binding as test
[553] Performing Simple authentication for test to 1.1.1.13
[553] Processing LDAP response for user test
[553] Message (test):
[553] Authentication successful for test to 1.1.1.13
[553] Retrieved User Attributes:
[553] objectClass: value = top
[553] objectClass: value = person
[553] objectClass: value = organizationalPerson
[553] objectClass: value = user
[553] cn: value = test
[553] sn: value =
[553] c: value = AU
[553] l: value = xxx
[553] st: value = xxx
[553] title: value = test user / IT
[553] description: value = Network
[553] postalCode: value = xxx
[553] physicalDeliveryOfficeName: value = xxx
[553] telephoneNumber: value = xxx
[553] givenName: value = test
[553] distinguishedName: value = CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=br
[553] instanceType: value = 4
[553] whenCreated: value = 20110327224420.0Z
[553] whenChanged: value = 20130319223953.0Z
[553] displayName: value = test
[553] uSNCreated: value = 84454809
[553] memberOf: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] memberOf: value = CN=Networks,OU=Distribution Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = NET_ADMIN
[553] mapped to LDAP-Class: value = NET_ADMIN
[553] memberOf: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate
[553] mapped to IETF-Radius-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
aaa common debug:
AAA API: In aaa_open
AAA session opened: handle = 3
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
Initiating authentication to primary server (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authentication Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = ACCEPT
AAA_NextFunction: authen svr = BSTAR_LDAP, author svr = LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_USER_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating user group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
User Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_USER_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_AUTHORIZE,
AAA FSM: In AAA_InitTransaction
Initiating authorization query (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTHORIZE, auth_status = ACCEPT
AAA_NextFunction: author svr = BSTAR_LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_AUTH_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating authorization group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTH_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_TUNN_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(DfltGrpPolicy)
Got server ID 0 for group policy DB
Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: DfltGrpPolicy
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up DfltGrpPolicy
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Tunnel Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
Class attribute created from LDAP-Class attribute
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
Checking simultaneous login restriction (max allowance=3) for user test
AAA FSM: In AAA_Callback
user attributes:
1 User-Name(1) 6 "test"
2 User-Password(2) 10 (hidden)
3 Group-Policy(4121) 9 "NET_ADMIN"
4 AAA-AVP-Table(4243) 11268 "[04],[00][00]t[00][00][00][F8][03][00][00][0F][04][00]"
5 LDAP-Class(20520) 10 "NET_ADMIN[00]"
6 LDAP-Class(20520) 11 "USERS[00]"
user policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff35d685e0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 3
6 Primary-DNS(4101) 4 IP: 1.1.1.13
7 Secondary-DNS(4102) 4 IP: 1.1.1.30
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 52
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
14 Default-Domain-Name(4124) 18 "xxxxcorp.com"
15 Secondary-Domain-Name-List(4125) 18 "xxxxcorp.com"
16 Nat-Enabled-IPSec(4130) 4 0
17 IPSec-UDP-Port(4131) 4 10000
18 IPComp(4135) 4 1
19 Authentication-On-Rekey(4138) 4 0
20 Required-Firewall-Vendor-Code(4141) 0 0x0000000002e006b0 ** Unresolved Attribute **
21 Required-Firewall-Product-Code(4142) 0 0x0000000002e006b0 ** Unresolved Attribute **
22 Required-Firewall-Description(4143) 0 0x00007fff35d687fa ** Unresolved Attribute **
23 Secure-unit-config(4144) 4 0
24 Individual-user-auth-config(4145) 4 0
25 User-auth-idle-timeout(4146) 4 0
26 Cisco-IP-telephony-config(4147) 4 0
27 Split-Tunneling-Policy(4151) 4 1
28 Required-Firewall-Capability(4152) 0 0x0000000002e006b0 ** Unresolved Attribute **
29 Client Firewall Optional(4154) 0 0x0000000002e006b0 ** Unresolved Attribute **
30 Backup-Ip-Sec-Peers-Enabled(4155) 4 2
31 Network-Extension-Mode-Allowed(4160) 4 0
32 URL list name(4167) 17 "NETADMIN_BOOKMARK"
33 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
34 Cisco-LEAP-Passthrough-config(4171) 4 0
35 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff35d68835 ** Unresolved Attribute **
36 IE-Proxy-Server-Method(4177) 4 1
37 The tunnel group that tunnel must be associated with(4181) 11 "NET_ADMIN_G"
38 User ACL for inbound traffic(4182) 8 ""
39 User ACL for outbound traffic(4183) 8 ""
40 Indicates whether or not PFS is required for IPSec(4184) 4 0
41 WebVPN URL Entry enable(4189) 4 1
42 WebVPN File Server Entry enable(4191) 4 1
43 WebVPN File Server Browsing enable(4192) 4 1
44 WebVPN SVC Keep enable(4201) 4 1
45 WebVPN SVC Keepalive interval(4203) 4 20
46 WebVPN SVC Client DPD period(4204) 4 30
47 WebVPN SVC Gateway DPD period(4205) 4 30
48 WebVPN SVC Rekey period(4206) 4 0
49 WebVPN SVC Rekey method(4207) 4 0
50 WebVPN SVC Compression(4208) 4 2
51 WebVPN Customization(4209) 15 "NETADMIN_PORTAL"
52 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
53 WebVPN SVC DTLS Compression(4213) 4 2
54 Extended Authentication-On-Rekey(4218) 4 0
55 WebVPN SVC DTLS enable(4219) 4 1
56 WebVPN SVC MTU(4221) 4 1406
57 CIFS hidden shares(4222) 4 1
58 CVC-Modules(4223) 7 "posture"
59 CVC-Profile(4224) 17 "net_admin_p#user,"
60 CVC-Ask(4227) 4 4
61 CVC-Ask-Timeout(4228) 4 0
62 WebVPN ActiveX Relay(4233) 4 1
63 VLAN ID(4236) 4 0
64 NAC Settings(4237) 0 0x00007fff35d68985 ** Unresolved Attribute **
65 WebVPN Session timeout alert interval(4245) 4 25
66 List of address pools to assign addresses from(4313) 13 "SSL_POOL"
67 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff35d68998 ** Unresolved Attribute **
68 Smart tunnel on home page enable(4324) 4 1
69 Disable Always-On VPN(4325) 4 0
70 SVC ignore DF bit(4326) 4 0
71 Client Bypass Protocol(4331) 4 0
72 Gateway FQDN(4333) 29 "xxx.xxxxcorp.com"
73 CA URL for SCEP enrollment(20530) 0 0x00007fff35d689c7 ** Unresolved Attribute **
tunnel policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff351cddd0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 0
6 Primary-DNS(4101) 4 IP: 10.125.3.7
7 Secondary-DNS(4102) 4 IP: 10.125.3.5
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 124
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Group-Policy(4121) 13 "DfltGrpPolicy"
14 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
15 Default-Domain-Name(4124) 18 "xxxxcorp.com"
16 Secondary-Domain-Name-List(4125) 0 0x00007fff351cdfc7 ** Unresolved Attribute **
17 Nat-Enabled-IPSec(4130) 4 0
18 IPSec-UDP-Port(4131) 4 10000
19 IPComp(4135) 4 0
20 Authentication-On-Rekey(4138) 4 0
21 Secure-unit-config(4144) 4 0
22 Individual-user-auth-config(4145) 4 0
23 User-auth-idle-timeout(4146) 4 30
24 Cisco-IP-telephony-config(4147) 4 0
25 Split-Tunneling-Policy(4151) 4 1
26 Client Firewall Optional(4154) 0 0x00007fff351cdfec ** Unresolved Attribute **
27 Backup-Ip-Sec-Peers-Enabled(4155) 4 1
28 Group-giaddr(4157) 4 IP: 0.0.0.0
29 Intercept-DHCP-Configure-Msg(4158) 4 0
30 Client-Subnet-Mask(4159) 4 IP: 255.255.255.255
31 Network-Extension-Mode-Allowed(4160) 4 0
32 WebVPN Content Filter Parameters(4165) 4 0
33 WebVPN Parameters configuration(4166) 4 1
34 URL list name(4167) 0 0x00007fff351ce008 ** Unresolved Attribute **
35 Forwarded ports(4168) 0 0x00007fff351ce009 ** Unresolved Attribute **
36 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
37 Cisco-LEAP-Passthrough-config(4171) 4 0
38 Default WebVPN homepage(4172) 0 0x00007fff351ce016 ** Unresolved Attribute **
39 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff351ce017 ** Unresolved Attribute **
40 Application Access Name(4175) 18 "Application Access"
41 IE-Proxy-Server(4176) 0 0x00007fff351ce02b ** Unresolved Attribute **
42 IE-Proxy-Server-Method(4177) 4 1
43 IE-Proxy-Server-Exceptions(4178) 0 0x00007fff351ce030 ** Unresolved Attribute **
44 IE-Proxy-Server-Bypass-Local(4179) 4 0
45 The tunnel group that tunnel must be associated with(4181) 0 0x00007fff351ce035 ** Unresolved Attribute **
46 Indicates whether or not PFS is required for IPSec(4184) 4 0
47 NAC Enable/Disable(4185) 4 0
48 NAC Status Query Timer(4186) 4 300
49 NAC Revalidation Timer(4187) 4 36000
50 NAC Default ACL(4188) 8 ""
51 WebVPN URL Entry enable(4189) 4 0
52 WebVPN File Server Entry enable(4191) 4 0
53 WebVPN File Server Browsing enable(4192) 4 0
54 WebVPN Port Forwarding enable(4193) 4 0
55 WebVPN Port Forwarding Exchange Proxy enable(4194) 4 0
56 WebVPN Port Forwarding HTTP Proxy enable(4195) 4 0
57 WebVPN SVC enable(4199) 4 0
58 WebVPN SVC Required enable(4200) 4 0
59 WebVPN SVC Keep enable(4201) 4 0
60 WebVPN SVC Keepalive interval(4203) 4 20
61 WebVPN SVC Client DPD period(4204) 4 30
62 WebVPN SVC Gateway DPD period(4205) 4 30
63 WebVPN SVC Rekey period(4206) 4 0
64 WebVPN SVC Rekey method(4207) 4 0
65 WebVPN SVC Compression(4208) 4 2
66 WebVPN Customization(4209) 0 0x00007fff351ce08a ** Unresolved Attribute **
67 Single Sign On Server Name(4210) 0 0x00007fff351ce08b ** Unresolved Attribute **
68 WebVPN SVC Firewall Rule(4211) 17 "private#,public#,"
69 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
70 WebVPN SVC DTLS Compression(4213) 4 2
71 HTTP compression method(4216) 4 0
72 Maximum object size to ignore for updating the session timer(4217) 4 4
73 Extended Authentication-On-Rekey(4218) 4 0
74 WebVPN SVC DTLS enable(4219) 4 1
75 WebVPN SVC MTU(4221) 4 1406
76 CIFS hidden shares(4222) 4 0
77 CVC-Modules(4223) 20 "dart,vpngina,posture"
78 CVC-Profile(4224) 15 "IPSEC_VPN#user,"
79 CVC-IKE-Retry-Timeout(4225) 4 10
80 CVC-IKE-Retry-Count(4226) 4 3
81 CVC-Ask(4227) 4 2
82 CVC-Ask-Timeout(4228) 4 0
83 IE-Proxy-Pac-URL(4229) 0 0x00007fff351ce1a4 ** Unresolved Attribute **
84 IE-Proxy-Lockdown(4230) 4 1
85 WebVPN Smart Tunnel(4232) 0 0x00007fff351ce1a9 ** Unresolved Attribute **
86 WebVPN ActiveX Relay(4233) 4 1
87 WebVPN Smart Tunnel Auto Download enable(4234) 4 0
88 WebVPN Smart Tunnel Auto Sign On enable(4235) 0 0x00007fff351ce1b2 ** Unresolved Attribute **
89 VLAN ID(4236) 4 0
90 NAC Settings(4237) 0 0x00007fff351ce1b7 ** Unresolved Attribute **
91 MemberOf(4241) 0 0x00007fff351ce1b8 ** Unresolved Attribute **
92 WebVPN Idle timeout alert interval(4244) 4 1
93 WebVPN Session timeout alert interval(4245) 4 1
94 Maximum object size for download(4253) 4 2147483647
95 Maximum object size for upload(4254) 4 2147483647
96 Maximum object size for post(4255) 4 2147483647
97 User storage(4256) 0 0x00007fff351ce1cd ** Unresolved Attribute **
98 User storage objects(4257) 19 "cookies,credentials"
99 User storage shared key(4258) 0 0x00007fff351ce1e2 ** Unresolved Attribute **
100 VDI configuration(4259) 0 0x00007fff351ce1e3 ** Unresolved Attribute **
101 NAC Exception List(4312) 4 0
102 List of address pools to assign addresses from(4313) 0 0x00007fff351ce1e8 ** Unresolved Attribute **
103 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff351ce1e9 ** Unresolved Attribute **
104 IPv6 filter-id(4315) 8 ""
105 WebVPN Unix user ID(4317) 4 65534
106 WebVPN Unix group ID(4318) 4 65534
107 Disconnect VPN tunnel when a Smartcard is removed(4321) 4 1
108 WebVPN Smart Tunnel Tunnel Policy(4323) 0 0x00007fff351ce1fe ** Unresolved Attribute **
109 Disable Always-On VPN(4325) 4 1
110 SVC ignore DF bit(4326) 4 0
111 SVC client routing/filtering ignore(4327) 4 0
112 Configure the behaviour of DNS queries by the client when Split tunneling is enabled(4328) 4 0
113 Client Bypass Protocol(4331) 4 0
114 IPv6-Split-Tunneling-Policy(4332) 4 0
115 Gateway FQDN(4333) 0 0x00007fff351ce217 ** Unresolved Attribute **
116 CA URL for SCEP enrollment(20530) 0 0x00007fff351ce218 ** Unresolved Attribute **
Auth Status = ACCEPT
AAA API: In aaa_close
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 3
In aaai_close_session (3)
Thanks, -
SSL, 128-bit encryption problem
Hi
I need to establish a connection over SSL with 128-bit encryption from my
client application to Active Directory. But when a connection is established
I look at the System log and see the cipher strength is only 56.
Does anybody have an idea how can I raise the cipher strength?
ThanksSorry,
It was my fault. I used 56-bit SDK. After upgrade all is perfect.
"Gennady" <[email protected]> wrote in message
news:9mgd4d$[email protected]..
Hi
I need to establish a connection over SSL with 128-bit encryption from my
client application to Active Directory. But when a connection isestablished
I look at the System log and see the cipher strength is only 56.
Does anybody have an idea how can I raise the cipher strength?
Thanks -
Server 3 / SSL Certificate / Open Directory - Problem!
We've updated from Server 2 to Server 3 / OS X 10.9.
We have an SSL certificate for server from Comodo.
Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
Does this matter? Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
Anyone got any clues as to whether to fix or not, and if to fix, how?
Thanks in advance.Have you check to see that the certificate is indeed "Trusted" by your server?
Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them. You can create a "Self Signed" Certificate and still have certificates in there. That doesn't mean that anyone else on the planet has to trust them.
Open Keychain Access in your utilities folder. Depending on how you have it configured, you may have to look around to find the certificate in question. It may be under login, or System.
When you select your Certificate, if it's there, does it show as trusted?
Another thing you can check... Often times Certificate authories, use Intermdeiate certificates. Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else. A good example is Godaddy. They sell both SSL and Code signing certificates of all flavours. In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain. My Godaddy cert looks to be trusted by Verisign via an intermediate.
Have a look here... https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
Not sure if it's directly relevant, but there it is.
The point is, I think you need to verify that your certificate is trusted by your server. OD won't use an untrusted certificate.
--an afterthought-- Anything in the logs?
Open up your server window where you try to select the certificate for OD. Also, in another window open up the terminal. In terminal, type:
tail -f /var/log/system.log
In the server window try to select the certificate and click done. See what the output in terminal says. -
JDK setting / Execution problem
I have installed jdk 6 on C:\JAVA\JDK\ path. I am creating simple hello world application inside bin folder. when i compile this file it gets compiled - ok. but when i try to run this file using command java.exe i get following.......
C:\Java\jdk\bin>javac test.java
C:\Java\jdk\bin>java test
Exception in thread "main" java.lang.NoClassDefFoundError: test
Caused by: java.lang.ClassNotFoundException: test
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
source code is
class test {
public static void main (String args[]){
System.out.println("hello");
I have installed oracle jbuilder 10g, 10g developer suite, 9i database and may have some other java applications. I try to set path and classpath but none works.. any body help.................thanks for ur kind reply but did not work.....
C:\Java\jdk\bin>set classpath=c:\java\jdk\bin
C:\Java\jdk\bin>java -classpath test
Usage: java [-options] class [args...]
(to execute a class)
or java [-options] -jar jarfile [args...]
(to execute a jar file)
where options include:
-client to select the "client" VM
-server to select the "server" VM
-hotspot is a synonym for the "client" VM [deprecated]
The default VM is client.
-cp <class search path of directories and zip/jar files>
-classpath <class search path of directories and zip/jar files>
A ; separated list of directories, JAR archives,
and ZIP archives to search for class files.
-D<name>=<value>
set a system property
-verbose[:class|gc|jni]
enable verbose output
-version print product version and exit
-version:<value>
require the specified version to run
-showversion print product version and continue
-jre-restrict-search | -jre-no-restrict-search
include/exclude user private JREs in the version search
-? -help print this help message
-X print help on non-standard options
-ea[:<packagename>...|:<classname>]
-enableassertions[:<packagename>...|:<classname>]
enable assertions
-da[:<packagename>...|:<classname>]
-disableassertions[:<packagename>...|:<classname>]
disable assertions
-esa | -enablesystemassertions
enable system assertions
-dsa | -disablesystemassertions
disable system assertions
-agentlib:<libname>[=<options>]
load native agent library <libname>, e.g. -agentlib:hprof
see also, -agentlib:jdwp=help and -agentlib:hprof=help
-agentpath:<pathname>[=<options>]
load native agent library by full pathname
-javaagent:<jarpath>[=<options>]
load Java programming language agent, see java.lang.instrument
-splash:<imagepath>
show splash screen with specified image
C:\Java\jdk\bin> -
SSL offloading - Backend Server problem.
I am configuring SSL offloading for the first time. After configuring my css 11503 to do the offloading I discoverd I can still access the secure web page through a normal HTTP request from the public internet. (as apposed to HTTPS). What is the best and esasiest way to stop this from happening.
The solution is to use a redirect from HTTP to HTTPS
You can let the server do the redirect or configure the CSS with a redirect service.
More info at
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080094068.shtml
Gilles. -
I am using Flex with PHP via AMF PHP. Building application
was fine. But it gave me problem when I deployed it to server which
sits behind SSL layer. The problem is not associate with data
accessing I can access data very well but I when I go to any other
page after visiting flex part it just kicks user out to login page
again. If I simply use HTTP protocol it does not happen but if I
use HTTPS protocol it does. I did intense research in this problem.
I tried following solutions.
USE crossdomain file name crossdomain.xml
loadpolicy file
class="mx.messaging.channels.SecureAMFChannel" in
service-config.xml
class="flex.messaging.endpoints.SecureAMFEndpoint" in
service-config.xml
lastly here is my crossdomain.xml
<?xml version="1.0" ?>
<!-- https://imtecintranet/shopping -->
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"
to-ports="443"/>
</cross-domain-policy>
All this solution mentioned in different websites including
flex documentation didn't worked. It's not the problem from PHP
side since it works perfectly with Flex if I use HTTP protocol so I
think problem is in Flex side. I read in this website
http://www.onflex.org/ted/2005/11/using-flash-player-under-https-with.php
that flash player have bugs and so, I tried to solve this
problem by using cross-domain.xml file but unfortunately this
didn't solve the problem. Any help will be greatly appreciated.with some additional attributes added on to server.xml <Connector /> tag application is loading fine in local environment.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" bufferSize="64000" maxHttpHeaderSize="64000" socket.appWriteBufSize="64000" socket.appReadBufSize="64000" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\user_name\.keystore" keystorePass="*****" allowTrace="false"/>
But the same changes are not working in UAT environment, any clue on it will help me.
thanks in advance. -
Problems in Working with J2me----- call jdk packages in j2me
Hi guys,
I am developing an application to compress mp3 in cell phone. I have developed a code using javax.sound and other jdk packages
Th problem is that i want to call the functions of this code in the J2me code but it give me a error that the jdk packages not found
So the question is there any way to use JDk packages in J2me
Waiting for your Reply
Thnxpunit_solanki wrote:
So the question is there any way to use JDk packages in J2meNo, there isn't. But if it is simple, you can try to implement the part of the JDK you use that it is not on J2ME.
If you want to develop for J2ME, you should use an IDE that sets the configuration for J2ME and doesn't allow you to use libraries that are not on J2ME.
Netbeans, for example, let you choose which mobile configuration are you going to develop for.
Maybe you are looking for
-
My computer told me I needed to upgrade FF software, so I did and I don't know what more to tell you. It's self explanatory.
-
How to include the COUNT Function in business rule
Hi all, I am working in oracle data quality in ODI. This is regarding the business rule in Data quality. I need to count the number of records when my status_type="A". But when i include the COUNT function in business rule. I
-
Account total balance does not equal line item balance
Hi, I find one account total balance diff with its line item balance? What could be the reason? Thanks
-
i need to generate POPUP for tcode me32l, while processing items, i have to change price and quantity and changed value need to be updated. Similiar to POPUP_TO_CHANGE_LIST_FIELD is anything else available, so that after user gives new values to thes
-
OLE Programe to Download Data to EXECL
Im using the OLE programe to Download data from Application Server to My EXCEL file.REPORT ZTEST_34331_OLE_EXCEL NO STANDARD PAGE HEADING. {Code INCLUDE OLE2INCL. DATA: H_EXCEL TYPE OLE2_OBJECT, " Excel object H TYPE I, H_MAPL TYPE OLE2_OBJECT, " lis