SSL LLE together with Cert-C PKI Encryption

Similar Messages

• Do we need appache and ssl work together with tomcat

  Hi all,
  I have experience use tomcate+ sql2000 +JDK to develop and web search site.  Now I hope somebody told me
  1) do I need add apache with tomcat?
  2) do I need to add SSL?
  thank you every much

  Hi all,
  I download mod_jk 1.2.5_2.0.47.dll from (http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/) rname it as mod_jk.dll and put it down to apache modules, at this step I still get Syntax Ok when I try c:\apache|apache2\bin|Apache.exe -t. but when I add
  <Listener className="org.apache.ajp.tomcat5.config.ApacheConfig" modJk="c:/Apache/Apache2/modules/mod_jk.dll" /> just below the
  <Server port="8005" shutdown="SHUTDOWN" debug="0">
  I can't not star my tomcat.
  what is wrong??
  I have apache 2.0.50 and tomcat 5.0.25 on my Pc and before I add apache my tomcat work fine.
  Thank you

• SSL secured listener with Netweaver possible

  Is it possible to use a ssl-secured listener (protocol=tcps) together with sap netweaver (abap and/or java)?
  Is there significant loss of i/o throughput to be expected?
  A notes search for SSL or TCPS on BC-DB-ORA did not show results.

  I believe it should be possible to use ssl connection. Never tried it, but I think it should work since it is a matter between Oracle Client and listener and has nothing to do with SAP application server. 
  If you security requirements are such that you must encrypt traffic, and if you do not want to mess with tnsnames.ora, wallet and stuff then you might consider using some generic tunneling techniques.
  And it definitely will have some performance impact.
  ... just my two cents.

• Ssl-handshake fails with scandinavian chars in client certificate

  Hello,
  We've run into a problem with 2-way-ssl and certificates that have scandinavian
  characters in the subject. The problem cert is used as client-certificate for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link that will immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they cause it,
  but the certs ought to be according to specs: name-fields encoding is UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Premium
  Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
  java.lang.NullPointerException: Could not set value for ASN.1 string object..
  java.lang.NullPointerException: Could not set value for ASN.1 string object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

  BMPString is another asn1 type that can be used for certificate attributes with
  non-ascii characters. The workaround is simply to use the BMPString instead of
  UTF8String for that subject name attribute in the certificate request. This off-course
  assumes that you can replace the certificate, and have control over what asn1
  type is used for the subject name attributes in the certificate request (via a
  tool options, or by generating the request yourself), so it is probably not applicable.
  Pavel.
  "Ari Räisänen" <[email protected]> wrote:
  >
  Thanks again, Pavel!
  I'm filing a support case about this. You talked about a workaround (BMPString).
  Could you be more spesific? I haven't talked about this issue with Igor
  yet.
  Regards,
  Ari
  "Pavel" <[email protected]> wrote:
  Sounds like a bug in certicom code. It should support UTF8String.
  I'd file a support case.
  You might be able to use BMPString instead as a workaround.
  Pavel.
  "Igor Styrman" <[email protected]> wrote:
  Hello,
  We've run into a problem with 2-way-ssl and certificates that have
  scandinavian
  characters in the subject. The problem cert is used as client-certificate
  for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link thatwill
  immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing
  will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they
  cause it,
  but the certs ought to be according to specs: name-fields encoding
  is
  UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
  (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
  JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
  will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
  Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
  C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape
  Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte
  Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Premium
  Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
  L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA
  Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
  C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
  for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
  failed
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object..
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

• 802.1X Authentication + PKI encryption

  Hi Guys,
  I want to know if there is a relationship between 802.1x authentication and cisco PKI encryption.
  We are facing some problems with many IP Phones that were using 802.1x without problems. Once we we installed PKI encryption on ip phones , many of them began to fail : the ip phone shows phone not registered and on the status messages we can see authentication fail. I have to restart security settings on ip phones or disabling 802.1x on the switches to get phones registering again
  I am using CUCM 8.5 with 6961 phones
  Regards

  We ran into the same situation from time to time. We implemented 802.1x authentication using the Cisco Secure Services Client (SSC) on the windows hosts.
  At the beginning we were completly unable to logon on the maschines where no locally stored windows profile exists. After change to timeout to authenticate at the network in the SSC options we are able to logon to the network and also be authenticated by the domain controller.
  Sadly this works out often as a timing issue. Most times the user needs to try a couple of times. At the moment, I'm also very interessted in a good way to avoid this (as it seems to be) racecondition.
  Hope that someone else has any clue?

• WSE3.0 encrpyt and sign soap message together with disabled WSAdressing

  Good Morning,
  my task is to develop client´s applications written in .net4 who calls webservice (written by other- foreign firm in Java). My application, which calls webservice of other firm are: (plugin of MS CRM 2013, windowservice, windowformsapp for testing this communication)..
  I had to implement encrypt and sign comunication with this webservice by client and servers certifikate.
  I implemented this functions from:
  http://msdn.microsoft.com/en-us/library/aa528788.aspx
  and
  http://msdn.microsoft.com/en-us/library/aa529565.aspx
  by WSE 3.0.
  Now I have to implement to disable WSAdresing in soap messege. Is it possible to use encrypt and sign from WSE together with disabled WSadressing?
  (Other firm needs so as nodes of WSA will not be in soap message). With nodes WSAdresing in soap message, my communication with other webservice do not works. They (other firm) require no WSA nodes in soap message
  If it is posible, how to implement this functionality?

  Hi Matesak,
  I'm afraid this is not the most suitable forum for your question. Please open a new thread in this forum, you'll get more valuable responses.
  ASP.NET Forums >
  Advanced ASP.NET >
  WCF, ASMX and other Web Services
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• When accessing Intranet sites that use SSL Certificates issued by our internal PKI, FF for Windows give an error of "improperly formatted DER-encoded message"

  When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
  Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.

  Hi Guigs2,
  From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
  registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
  The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?

• Tieing 2 key systems together with fxo/fxs and 1760 routers

  Hello,
  I need some programming help from someone good on voice. I've got two offices that I'm trying to tie the phone systems together with 2x Cisco 1760 routers each with 2x PVDM-256K-4 1 DSP Modules. I've got the layout below and am basically looking to do two things.
  First, I would like ext. 210 from the first site to dial a co group “1” or directly access a “CO line” that is connected to the Cisco and get dial tone to be able to dial the directory number for a “CO line” with the same setup at the second site and have it able to be answered like a normal call and be transferred.
  The second connection I would like is to have ext. 210 be able to dial locally to one of site 1's analog single line extensions and have the Ciscos make a connection through to site 2 and go off-hook on one of the analog single line extensions of site 2 in order to get a site 2 dial tone and be able to dial locally @ site 2 to any extension, or dial one of site 2's co groups or directory number for one of site 2's real CO lines and place a “local” call to the outside world from site 2's lines.
  Obviously this process would all be reversed for site 2 accessing site 1. I've come across a couple of documents, like ID: 15405, and a section of a VoIP Configuration guide labeled OL-1070-01 and have some command structure available, but the concept of how it all takes place and should be configured is a little fuzzy.
  Thank you,
  Mark

  OK, let me simplify things. I think I'm putting way too much thought into it all. I've got site A and site B. Site A (currently for testing) has a single line extension from Site A's key system plugged into port 0 in fxo card in slot 2. Site A will have a patch from port 0 in fxs card in slot 3 to a CO line on the key system. Site B has the same setup. Both have fa 0/0 configured with IP addresses on the same network (just to simulate the connections - later I will actually move these to two separate internet feeds for more advanced testing).
  Currently for testing I have disconnected the fxs patches to the phone systems and just have a regular analog phone plugged in. When my phone plugged into Site A goes off hook, I get dial-tone from the extension hooked up to Site B (which is the exact way I want it). When my analog phone is plugged into Site B (port 0 of fxs card in slot 3) and goes off hook, it will ring port 0 of fxs card in slot 3 of Site A. This I don't understand. If I can get both to behave like Site A, I'd be happy.
  I need to know if this makes sense to anyone on how I want this to operate? Is it achievable?
  Here's my base config on it (Site A first, then Site B):
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Simmering
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$F/AM$ige2qFh9lVD6uNubE.qm80
  no aaa new-model
  voice-card 2
  voice-card 3
  ip cef
  interface FastEthernet0/0
  ip address 192.168.254.30 255.255.255.0
  speed auto
  no ip http server
  no ip http secure-server
  control-plane
  voice-port 2/0
  connection plar opx 290
  voice-port 2/1
  connection plar opx 291
  voice-port 2/2
  voice-port 2/3
  voice-port 3/0
  connection plar 190
  voice-port 3/1
  connection plar 191
  voice-port 3/2
  voice-port 3/3
  dial-peer voice 280 pots
  destination-pattern 280
  port 2/0
  dial-peer voice 281 pots
  destination-pattern 281
  port 2/1
  dial-peer voice 290 voip
  destination-pattern 29
  session target ipv4:192.168.254.40
  dial-peer voice 180 pots
  destination-pattern 180
  port 3/0
  dial-peer voice 181 pots
  destination-pattern 181
  port 3/1
  dial-peer voice 190 voip
  destination-pattern 19
  session target ipv4:192.168.254.40
  line con 0
  logging synchronous
  line aux 0
  line vty 0 4
  password Corazon64789
  logging synchronous
  login
  transport input telnet
  end
  SITE B:
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Sigma
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$1H58$6.VsVieyi4srcC7v4Lndv0
  no aaa new-model
  voice-card 2
  voice-card 3
  ip cef
  interface FastEthernet0/0
  ip address 192.168.254.40 255.255.255.0
  speed auto
  no ip http server
  no ip http secure-server
  control-plane
  voice-port 2/0
  connection plar opx 280
  voice-port 2/1
  connection plar opx 281
  voice-port 2/2
  voice-port 2/3
  voice-port 3/0
  connection plar 180
  voice-port 3/1
  connection plar 181
  voice-port 3/2
  voice-port 3/3
  dial-peer voice 290 pots
  destination-pattern 290
  port 3/0
  dial-peer voice 291 pots
  destination-pattern 291
  port 3/1
  dial-peer voice 280 voip
  destination-pattern 28
  session target ipv4:192.168.254.30
  dial-peer voice 190 pots
  destination-pattern 190
  port 2/0
  dial-peer voice 191 pots
  destination-pattern 191
  port 2/1
  dial-peer voice 180 voip
  destination-pattern 18
  session target ipv4:192.168.254.30
  line con 0
  logging synchronous
  line aux 0
  line vty 0 4
  password Corazon64789
  logging synchronous
  login
  transport input telnet
  end

• I have purchased a ringtone in the iTunes Store for my iPad, and I cannot find the download together with my music. I have received the invoice but I have no product. I am working with iOS6, if that helps. Can anybody help me?

  I have purchased a ringtone in the iTunes Store for my iPad, and I cannot find the download together with my music. I have received the invoice but I have no product. I am working with iOS6, if that helps. Can anybody help me?

  I am confused. Do you mean you found the music, not the tones, or you can't find either?
  If the former, then this is normal. You can't redownload tones from the Cloud.

• How can I create a client console and work together with the Cache Server?

  How can I edit the following Cache-Server.cmd file to create a client console and work together with the Cache Server?
  The following is the cache server file: contacts-cache-server.cmd
  @echo off
  setlocal
  if (%COHERENCE_HOME%)==() (
  set COHERENCE_HOME=c:\coherence
  set CONFIG=C:\home\oracle\coherence\Contacts
  set COH_OPTS=%COH_OPTS% -server -cp %COHERENCE_HOME%\lib\coherence.jar;C:\home\oracle\
  coherence\Contacts;C:\home\oracle\coherence\Contacts\classes;
  set COH_OPTS=%COH_OPTS% -Dtangosol.coherence.cacheconfig=%CONFIG%\contacts-cache-config.xml
  java %COH_OPTS% -Xms1g -Xmx1g -Xloggc: com.tangosol.net.DefaultCacheServer %2 %3 %4 %5 %6 %7
  :exitEdited by: junez on 23-Oct-2009 09:20

  Hi
  To run the console, change DefaultCacheServer to CacheFactory
  Paul

• Using iPhoto together with Adobe Lightroom

  I use Adobe Lightroom for my image organizing/tagging needs, since it's way more powerful than iPhoto in this area. I would however like to use iPhoto for my daily image browsing, syncing with my iPhone and for ordering prints/books ++. The way I do this now, is I let iPhoto scan the folder where I have my images. After a while when it gets outdated, I delete the database and rescan in iPhoto. Kinda cumbersome...
  So:
  1. Is there a way I can make iPhoto rescan my image folder? Maybe some script or something that can do it for me?
  2. When I rate images in LR, the ratings are stored in the IPTC Urgency field. When I import to iPhoto it doesn't import this as rating. Any way I can convert IPTC Urgency to iPhoto rating?
  3. Would Aperture be a better choice for working together with iPhoto, or would it be just as cumbersome?

  In reverse order:
  3. Would Aperture be a better choice for working together with iPhoto, or would it be just as cumbersome?
  It’s a lot better. You can grab your previews from Aperture right into iPhoto using a Media Browser, but given that Aperture will do all those things - books, syncing with iPhone etc - you’ll probably need to do it less. Like iPhoto, Aperture is integrated throughout the OS, in every Open... Dialogue, through Media Browsers to integrate with other apps and so on. The primary advantage of using Aperture is that +at least the two apps know each other exist+.
  2. When I rate images in LR, the ratings are stored in the IPTC Urgency field. When I import to iPhoto it doesn't import this as rating. Any way I can convert IPTC Urgency to iPhoto rating
  I don’t think so. There is no real way to move ratings between any apps that I know of. This area of metadata is still in its infancy.
  1. Is there a way I can make iPhoto rescan my image folder? Maybe some script or something that can do it for me?
  No. However there are apps out there that can watch that folder for you and execute specific actions on events occurring. You may be able to cook up an Automator action or Folder Action script that will import to iPhoto when a file is added to the Folder. Or use an app like Hazel to do it for you.
  Update: I’m not sure what this Lightroom plug-in brings to the party, but it may help.
  Regards
  TD
  Message was edited by: Terence Devlin

• HT5219 I have a macbook air (mid 2012) and a thunderbolt display. Do I absolutely need to connect the power supply together with the thunderbolt cable ? I found that the screen won't wake up if only the thunderbolt connection is plugged.

  I have a macbook air (mid 2012) and a thunderbolt display (27''). 
  Do I absolutely need to connect the power supply together with the thunderbolt cable ?
  I found that the screen won't wake up if only the thunderbolt connection is plugged. Is this normal ?

  I just got my ATD and late 2011 MBP up and running. I've not tried running without the power adapter from the ATD plugged in, but I just tried and didn't have any problems with the display not waking. You may want to take your query to the ATD forum - https://discussions.apple.com/community/peripherals/thunderbolt_display - perhaps someone there has experienced a similar issue.
  Good luck,
  Clinton

• My iphone doesnt want to start.all it shows is the apple icon.nothing more.i have tried holding the home button together with the lock button.what can i do .thanks

  my iphone 4 doesnt want to start . all it shows is the apple icon.i have tried holding the home button together with the lock button. nothing seems to work . please help.

  Plug the iPhone in with the Wall Charger. Then while plugged in do the Reset again, hold both Home and Power buttons until the iPhone Restarts. This usually begins to happen in less than 20 seconds time.
  If you this does not work you can try to Restore the Firmware on your iPhone. If you decide to do this, connect your iPhone to your computer with iTunes open. Hold both the Home and Power buttons until the iPhone is detected by iTunes in Recovery Mode, this takes about 20 seconds time. Restore your iPhone.
  If this does not work, you can try to Restore the Firmware on your iPhone in DFU Mode. Connect your iPhone to your computer with iTunes open. Hold both Home and Power buttons for exactly 10 seconds, release the Power Button and keep holding the Home Button until iTunes recognizes the iPhone in Recovery Mode, about 20 seconds more time. Restore the iPhone.
  If this does not work and you have Warranty or AppleCare Coverage take your iPhone to Apple for resolution of the problem.

• Help! Plug-In SLL_PI 720_46C needed to use GTS 72 together with R/3 4.6C?

  Hi together,
  maybe anybody can help me with my question:
  We want to use GTS 7.2 together with ERP 4.6C. Do I have to install additionally the plug-in SLL_PI720_46C in my feeder system? Or is it ok if I have only the standard plug-in PI2004_1_46C, SP14 installed? Do I need both?
  Thanks very much for your help and answers.
  Cheers,
  Andreas

  Andreas,
  I believe in your case it would be sufficient to install the GTS7.2 plug-in.  SAP changed its plug-in strategy for GTS 7.2 and went from the plug-in that comes pre-installed with ECC 6.0 to a separate GTS plug in for 7.2.
  I also have used GTS 7.2 with the "old" plug-in which you're referring to.  This will work for the basic Compliance and Customs functionality but I am guessing that you would run into issues when trying to use functionality that is new in GTS 7.2.
  Sascha

• Keeping a picture together with a certain paragraph of text

  I think this is probably a very rookie question but I am having a problem keeping my pictures where I want them. I need them to stay together with a certain paragraphs of text.
  A- "Lock position" doesn't work. I don't care where in the doc. they are as long as they stay with the right text.
  B- Anchored objects don't seem to be the answer, I want to do text wraps around the picture.
  All suggestions are appreciated.
  Bubby Bella

  No, that's not a problem, as long as the anchor is in the right place. Use a "custom" andchored object, rather than inline, and make sure the anchor is in a line ahead of the ones you want to wrap. A custom anchored object can be moved anywhere on the page and will continue to move with the anchor point.
  The illustration below shows two anchored objects with text wrap applied. The anchors are the first characters in the Notes: paragraph, and the postions are set as part of an object style that includes the text wrap, font (for the caption) and position information. The anchored object options dialog dispalyed is for the caption.
  In this case I didn't need to worry about wrapping the top, but pushing the image down on the page gives you this: