SSL problem: SSL Forbidden or 12204 SSL port specified is not allowed

Similar Messages

• Intrusion-detection-module 7 data-port 2: Capture not allowed on a SPAN destination port

  Hi all
  I have 2 switches Cat6509E. each with IDSM module
  I have on first switch this commands
  intrusion-detection module 7 data-port 1 capture
  intrusion-detection module 7 data-port 2 capture
  intrusion-detection module 7 data-port 1 capture allowed-vlan 4,6,16,17,66
  intrusion-detection module 7 data-port 2 capture allowed-vlan 68,70,74,134,145
  And when I trying to put the same on second switch I will get this error message
  Intrusion-detection-module 7 data-port 2:  Capture not allowed on a SPAN destination port
  What does it mean?
  Output "sh monitor" is the same on both switches
  Session 1
  Type                   : Service Module Session
  Modules allowed        : 1-9
  Modules active         : 1,7
  BPDUs allowed          : Yes
  Session 2
  Type                   : Local Session
  Source VLANs           :
      Both               : 4
  Destination Ports      : analysis-module 8 data-port 1
  Peter

  Hi Peter,
       The first switch that you mention is configured (judging from the "intrusion-detection" commands) to use the VACL capture method of sending traffic to the IDSM-2 for inspection.  You can read about this method here:
  http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1030828
  In short, you configure a VACL to define the traffic you want to capture and apply it to the appropriate VLANs.  When traffic matches the VACL, it's copied to the IDSM-2 ports that have been configured with the "intrusion-detection module 7 data-port 1  capture" commands.
  On the second switch it appears that there is a monitor session setup SPANing traffic to the IDSM-2 port.  This is an alternative method of sending trafic to the IDSM-2 for inspection and is mutually exclusive with the VACL method on a particular IDSM-2 interface.  You can read about the SPAN method here:
  http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_idsm2.html#wp1030816
  This method, in short, simply involves configuring a SPAN session with the IDSM-2 interface as the desination.
  You'll need to choose one method or the other for configuring the second switch.  If you want it to match the configuration on the first switch, simply remove the monitor (SPAN) session that's currently configured.
  Best Regards,
  Justin

• HAVE A PROBLEM WHEN SENDING AN EMAIL IT STATES IT DOES NOT ALLOW RELAYING

  HAVE A PROBLEM WHEN SENDING AN EMAIL IT STATES IT DOES NOT ALLOW RELAYING

  You have either entered the wrong SMTP server info or they have blocked the sending of e-mails from outside their network. That message indicates that you are not permitted to send through that server from the network you are using to connect.
  Contact them again. There is no magic that will allow you to bypass this.

• TS1398 I have been having network problems on my Ipad and I reset all network settings as advised in the article about problems connecting to networks.  Now my Ipad will not allow me to sign onto any network....it will not accept the passwords for any net

  My ipad has been a little glitchy for the last couple of weeks....not able to load pages because of DNS lookup failure and really slow loading...some of which has to do with the DSL service I have, but I followed the directions on one of the Apple wi-fi issues pages to reset network all connections..which I did, and now the Ipad cannot connect to WiFi because it will not accept (or cannot resolve..or??) password.  I am sure I am typing the password correctly and have tried it on several routers..and it cannot cannect to any router properly even with the correct password.  My laptop is connected just fine and it accepts the password and I have confirmed the password with the ISP and tried other routers.
    So the question is what should I do if I am entering the right password and the Ipad can't sign itself on to the Wifi network?

  Some things to try first:
  1. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  2. Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  3. Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  4. Go into your router security settings and change from WEP to WPA with AES.
  5.  Renew IP Address: (especially if you are droping internet connection)
      •    Launch Settings app
      •    Tap on Wi-Fi
      •    Tap on the blue arrow of the Wi-Fi network that you connect to from the list
      •    In the window that opens, tap on the Renew Lease button
  6. Potential Quick Fixes When Your iPad Won’t Connect to Your Wifi Network
  http://ipadinsight.com/ipad-tips-tricks/potential-quick-fixes-when-your-ipad-won t-connect-to-your-wifi-network/
  ~~~~~~~~~~~~~~~~~~~~~~~~~
  iOS 6 Wifi Problems/Fixes
  Wi-Fi Fix for iOS 6
  https://discussions.apple.com/thread/4823738?tstart=240
  How To: Workaround iPad Wi-Fi Issues
  http://www.theipadfan.com/workaround-ipad-wifi-issues/
  Another Fix For iOS 6 WiFi Problems
  http://tabletcrunch.com/2012/10/27/fix-ios-6-wifi-problems-ssid/
  Wifi Doesn't Connect After Waking From Sleep - Sometimes increasing screen brightness prevents the failure to reconnect after waking from sleep. According to Apple, “If brightness is at lowest level, increase it by moving the slider to the right and set auto brightness to off.”
  Fix For iOS 6 WiFi Problems?
  http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
  Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
  http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
  How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
  http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
  iOS 6 iPad 3 wi-fi "connection fix" for netgear router
  http://www.youtube.com/watch?v=XsWS4ha-dn0
  Apple's iOS 6 Wi-Fi problems
  http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
  ~~~~~~~~~~~~~~~~~~~~~~~
  How to Boost Your Wi-Fi Signal
  http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Boost-Your-Wi-Fi-Signal.h tm
  Troubleshooting a Weak Wi-Fi Signal
  http://ipad.about.com/od/iPad_Troubleshooting/a/Troubleshooting-A-Weak-Wi-Fi-Sig nal.htm
  How to Fix a Poor Wi-Fi Signal on Your iPad
  http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Fix-A-Poor-Wi-Fi-Signal-O n-Your-iPad.htm
  iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  WiFi Connecting/Troubleshooting http://www.apple.com/support/ipad/wifi/
  How to Fix: My iPad Won't Connect to WiFi
  http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
  iOS: Connecting to the Internet http://support.apple.com/kb/HT1695
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Connect iPad to Wi-Fi (with troubleshooting info)
  http://thehowto.wikidot.com/wifi-connect-ipad
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
  How To Fix iPhone, iPad, iPod Touch Wi-Fi Connectivity Issue http://tinyurl.com/7nvxbmz
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  Wi-Fi or Bluetooth settings grayed out or dim
  http://support.apple.com/kb/TS1559
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom

• Exception: Cannot read target memory. PL AXI slave ports access is not allowed

  Hi There,
  I am having some issues debugging with the SDK tool for a Vivado project.  I have no issues using the plan ahead version of the project, but when I try to use the SDK on  a project exported by Vivado, I am unable to read memory and get the message above.  
  Are there any settings I need to set to allow access to this memory. 
  The AXI Lite slave is located ate 0x43c0000 in memory.
  Regards
  Walter
   

  Taking this one step further,
  This basic C code writes values to a C structure containing 4 32 bit registers.
  * Copyright (c) 2009-2012 Xilinx, Inc. All rights reserved.
  * Xilinx, Inc.
  * XILINX IS PROVIDING THIS DESIGN, CODE, OR INFORMATION "AS IS" AS A
  * COURTESY TO YOU. BY PROVIDING THIS DESIGN, CODE, OR INFORMATION AS
  * ONE POSSIBLE IMPLEMENTATION OF THIS FEATURE, APPLICATION OR
  * STANDARD, XILINX IS MAKING NO REPRESENTATION THAT THIS IMPLEMENTATION
  * IS FREE FROM ANY CLAIMS OF INFRINGEMENT, AND YOU ARE RESPONSIBLE
  * FOR OBTAINING ANY RIGHTS YOU MAY REQUIRE FOR YOUR IMPLEMENTATION.
  * XILINX EXPRESSLY DISCLAIMS ANY WARRANTY WHATSOEVER WITH RESPECT TO
  * THE ADEQUACY OF THE IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO
  * ANY WARRANTIES OR REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE
  * FROM CLAIMS OF INFRINGEMENT, IMPLIED WARRANTIES OF MERCHANTABILITY
  * AND FITNESS FOR A PARTICULAR PURPOSE.
  * helloworld.c: simple test application
  * This application configures UART 16550 to baud rate 9600.
  * PS7 UART (Zynq) is not initialized by this application, since
  * bootrom/bsp configures it to baud rate 115200
  * | UART TYPE BAUD RATE |
  * uartns550 9600
  * uartlite Configurable only in HW design
  * ps7_uart 115200 (configured by bootrom/bsp)
  #include <stdio.h>
  #include "platform.h"
  #include "xparameters.h"
  void print(char *str);
  typedef struct {
  unsigned int reg0;
  unsigned int reg1;
  unsigned int reg2;
  unsigned int reg3;
  } REGMAP;
  int main()
  REGMAP *regPtr;
  unsigned int readReg[4] = {0,0,0,0};
  init_platform();
  print("AXI4 Lite Test Program\n\r");
  regPtr = (REGMAP*)XPAR_AXI_LITE_SLAVE_1_BASEADDR;
  regPtr->reg0 = 0x1234567;
  regPtr->reg1 = 0x01010101;
  regPtr->reg2 = 0x02020202;
  regPtr->reg3 = 0x03030303;
  readReg[0] = regPtr->reg0;
  readReg[1] = regPtr->reg1;
  readReg[2] = regPtr->reg2;
  readReg[3] = regPtr->reg3;
  return 0;
  The values in the readReg array are as programmed, but I can't see the contents of structure in the watch window.
  I think it may be because it is an AXI4 Lite implmentation.
  Regards
  Walter

• Having problems downloading  adobe flash player on my iPad,will not allow with chrome

  What do I do?

  You cannot run Flash on any new mobile device and it was never possible to do so on iOS systems. The closes you can get it to run Flash on a PC or Mac and use remote access software.

• SSL problem: renegotiation is not allowed

  Hi all,
  I'm trying to build a SSL client/server app (something simple, for learning purposes), and I got some pointers on the internet. However, when I ran both client and server, I got an exception on the client side: javax.net.ssl.SSLHandshakeException: renegotiation is not allowed
  Here are my codes:
  Server
  //server.jks = keystore
            //ServerJKS = keystore password
            //SeverKey = certificate's password (certificate = server_full)
            if (args.length<3) {
                 System.out.println("Usage:");
               System.out.println("   java AdminApp keyStoreName keyStorePass certPass");
               return;
            String keyStoreName = args[0];
           char[] keyStorePass = args[1].toCharArray();
           char[] certPass = args[2].toCharArray();
           System.setProperty("javax.net.ssl.trustStore", args[0]);
           System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
           try {
                KeyStore keystore = KeyStore.getInstance("JKS");
               keystore.load(new FileInputStream(keyStoreName), keyStorePass);
               KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
               kmf.init(keystore, certPass);
               SSLContext context = SSLContext.getInstance("SSL");
               context.init(kmf.getKeyManagers(), null, null);
               SSLServerSocketFactory factory = context.getServerSocketFactory();
               SSLServerSocket server = (SSLServerSocket) factory.createServerSocket(8888);
               server.setNeedClientAuth(true);
               //call method printServerSocketInfo
               printServerSocketInfo(server);
               SSLSocket socket = (SSLSocket) server.accept();
               //call method printSocketInfo
               printSocketInfo(socket);
               BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
               BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
               String msg = "Welcome to SSL Reverse Echo Server."+ " Please type in some words.";
               writer.write(msg,0,msg.length());
               writer.newLine();
               writer.flush();
               while ((msg = reader.readLine())!= null) {
                    if (msg.equals("."))
                         break;
                   char[] a = msg.toCharArray();
                   int n = a.length;
                   for(int i = 0; i < n/2; i++) {
                        char t = a;
            a[i] = a[n-1-i];
            a[n-i-1] = t;
       writer.write(a,0,n);
       writer.newLine();
       writer.flush();
       writer.close();
       reader.close();
       socket.close();
       server.close();
       } catch (Exception e) {
       System.err.println(e.toString());
  _Client_if (args.length<3) {
                 System.out.println("Usage:");
                 System.out.println(" java SslReverseEchoerRevised keyStoreName keyStorePass certPass");
                 return;
            String keyStoreName = args[0];
       char[] keyStorePass = args[1].toCharArray();
       char[] certPass = args[2].toCharArray();
       System.setProperty("javax.net.ssl.trustStore", args[0]);
       System.setProperty("javax.net.ssl.trustStorePassword", args[1]);
       //these two, to get messages out and in
       BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
       PrintStream out = System.out;
       try {
            KeyStore keystore = KeyStore.getInstance("JKS");
       keystore.load(new FileInputStream(keyStoreName), keyStorePass);
       KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
       kmf.init(keystore, certPass);
       SSLContext context = SSLContext.getInstance("SSL");
       context.init(kmf.getKeyManagers(), null, null);
       SSLSocketFactory factory = context.getSocketFactory();
       SSLSocket socket = (SSLSocket) factory.createSocket("localhost", 8888);
       //call printSocketInfo method
       printSocketInfo(socket);
       //start handshake
       socket.startHandshake();
       BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
       BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
       String msg = null;
       while ((msg = reader.readLine())!= null) {
            out.println(msg);
       msg = in.readLine();
       writer.write(msg,0,msg.length());
       writer.newLine();
       writer.flush();
       writer.close();
       reader.close();
       socket.close();
       } catch (Exception e) {
            System.err.println(e.toString());

  I think you need to setup your proxy server to allow 7002 port,
  or use port 443 for SSL ( it is the default proxy secured port)
  Hope this will help
  Mohds
  "Paul Patrick" <[email protected]> wrote:
  If this is a production problem, you should file a problem report with BEA
  Support.
  But I didn't see any certificates for the server registered. Without
  certificates and a private
  key the SSL protocol will not work.
  Paul Patrick
  "Antimo" <[email protected]> wrote in message
  news:3a12cc80$[email protected]..
  Hello there,
  we have a BIG PROBLEM on a production system.
  Some user on internet using IEXplore 5.0x could'nt access our https page.
  Error reported are:
  SSL Forbidden
  SSL port specified is not allowed
  We are using SSL on port 7002
  This is the weblogic properties reagrd SSL:.
  weblogic.security.ssl.enable=true
  # SSL listen port
  weblogic.system.SSLListenPort=7002
  Any suggestion?
  Is there a possibility to use port 80 both for https and http?
  Any help will be apprciated.
  THANK'S!

• SSL-Problems when setting up a test environment with Exchange

  Hello everyone,
  I am trying to set up a test environment with Exchange 2013 to learn how the stuff works. However, I am facing some problems due to the fact that Exchange is designed for use with SSL certificates. The main thing that makes problems is the connection with
  RPC over HTTP. I've used the MS remote connectivity analyzer to find out why it is not working and as I thought it is because of a missing SSL certificate (it seems the self signed doesn't work here). Now in order to get this working I just bought a certificate
  for "mydomain.com". Now here is the first problem: This certificate is NOT a wildcard certificate. So if I understood correctly it works for mydomain.com but it won't work for subdomain.mydomain.com. Is this correct? (First question)
  If this is correct I will probably another problem: As I said this is a learning-environment so the server is at home behind a router. This means: Only one WAN-IP. I think could get this working by forwarding everything to the Exchange Server (like mydomain.com
  goes to the WAN-IP where the router is forwarding everything like port 25 or 443 directly to the exchange Server). This way I wouldn't have any problems I think: mydomain.com has a valid SSL cert, it resolves to my WAN-IP which forwards everything to the internal
  Exchange Server. Now here is the problem: I plan to setup a SharePoint Server as well. I thought about using ARR (IIS) to make both available behind the same WAN-IP without using ports inside the url. Ideally the Exchange Server should then be available via
  "mail.mydomain.com". This will work fine with ARR but then I probably have SSL problems again? (second question)
  Do you have any ideas what I can do to solve such problems? Should I buy another certificate for mail.mydomain.com? But then I would need to buy several certificates (e.g. for autodiscover.mydomain.com to get this working as well). This can become very expensive...
  Thanks!
  Regards
  Christian

  Hi,
  For your first question, if there is a single certificate just for “mydomain.com”, it cannot work for subdomain.mydomain.com.
  Generally, antodiscover.domain.com is used to access the autodiscover service for external users. If you just need test users to access Exchange server from internal environment, it is not necessary to get a certificate for autodiscover.domain.com.
  Therefore, for your second question what I can ensure is that if all URLs that used to connect Exchange from internal and external are configured to mail.mydomain.com with all services(IIS,SMTP,POP,IMAP), there will be no certificate problems in Exchange
  side.
  Best Regards,
  Winnie Liang
  TechNet Community Support

• Single Sign-on and SSL problems

  We are using WebLogic Portal and Server (version 8.1 SP3). We want to have a single sign-on when entering the portal, so that users do not need to reauthenticate each time they access an application via an applet in the portal. We also want to protect the username/password authentication and all other connection information using SSL. We have applications in multiple domains.
  When not using SSL, SSO works okay. We are challenged for username/password exactly once, whether we access the Portal, or an application directly. As soon as we enable SSL, we are challenged repeatedly, and in some cases cannot access the applications at all, as the challenge always fails.
  We suspect that there is a Session cookie problem and that something is clobering the cookie and thus breaking the session. Does anyone have any idea on what might be causing the problem?

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Should I see this on startup? re: Two-SSL problems.

  We're having some trouble getting two way ssl to work and I was wondering if when using democert.pem and ca.pem whether we should still see this message upon startup?
  I have created a trusted keystore which basically is a copy of the cacerts file and contains the ca certificate from the client certificate.
  <Mar 9, 2005 6:00:57 PM GMT> <Info> <Security> <090515> <The certificate chain could not be completely checked for issues which could cause it to be rejected by
  a peer during SSL handshaking, no action is required unless peers are rejecting the certificate chain.>
  We are using Axis as a client (JDK 1.4 with no weblogic jars) to a WL7sp4 homed webservice and I have one certificate in the client keystore and I can see that chooseClientAlias gets called on the client.
  On the server we see the following SSL debug information
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <validationCallback: validat
  eErr = 16>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Required peer certificates
  not supplied by peer>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Validation error = 20>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is incomp
  lete>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Certificate chain is untrus
  ted>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <User defined JSSE trustmana
  gers not allowed to override>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <SSLTrustValidator returns:
  84>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <Trust failure (84): CERT_
  CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
  <Mar 9, 2005 5:09:54 PM GMT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
  .record.alert.Alert@754e13 Severity: 2 Type: 40
  Resulting in a hand shake failure on the client.
  I'm confused by the message
  "Required peer certificates
  not supplied by peer"
  because if we use a web browser it explicitly will say NO_CERTIFICATE but when we use the Axis client that doesn't appear in the log so I don't know if this is a problem with the client not sending the client certificate or not. I do see that chooseClientAlias is called during the startHandshake of the SSLSocket.
  Does CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED appear even if the client didn't provide a client certificate in the first place is are the errors above indicative of a problem with the certificate chain of the client certificate itself?
  For completeness.
  client keystore has
  Your keystore contains 1 entry
  client_cert, Mar 8, 2005, keyEntry,
  Certificate fingerprint (MD5): BE:79:37:4B:9C:F7:E3:7A:2B:FA:32:06:79:9D:E2:76
  client truststore has
  Your keystore contains 20 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  server_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  server_cert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A4:82:64:01:1B:8F:3A:EB:13:F6:41:47:82:1D:C9:41
  client_cacert, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  server trust store has
  Your keystore contains 18 entries
  certgenca, Mar 22, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
  certgencab, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass4ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
  wlsdemoca1024, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
  wlsdemoca2, Nov 27, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 24:51:DB:84:38:18:B2:6B:EB:35:54:18:D0:18:5B:C6
  verisignclass1ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
  thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
  cacert3, Mar 8, 2005, trustedCertEntry,
  Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
  verisignclass3ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
  wlsdemoca, Nov 26, 2001, trustedCertEntry,
  Certificate fingerprint (MD5): 18:18:7D:4B:7E:31:7F:4A:47:77:C8:00:D7:53:41:62
  thawteserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
  thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
  thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
  Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
  verisignserverca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
  wlsdemobcca1024, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
  wlsdemobcca, Nov 4, 2002, trustedCertEntry,
  Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
  verisignclass2ca, Jun 29, 1998, trustedCertEntry,
  Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8
  Here is the sequence of command used to setup the client/server trust/keystores
  rem @echo off
  set JAVA_HOME=C:\jdk1.3.1_09
  rem set JAVA_HOME=C:\j2sdk1.4.2_04
  set WL_HOME=C:\bea\wls7.0sp4
  rem step 1 java -cp %WL_HOME%\lib\weblogic.jar utils.CertGen changeit localhost_client_cert localhost-key export localhost
  rem step 2 keytool -storepasswd -new
  rem secret_trust_password -keystore server_trust_keystore.jks -storepass changeit
  rem step 3 keytool -import -v -noprompt
  rem -trustcacerts -alias cacert3 -file CertGenCA.der -keystore server_trust_keystore.jks
  rem -storepass secret_trust_password
  rem step 4 keytool -storepasswd -new
  rem changeit -keystore server_trust_keystore.jks -storepass secret_trust_password
  rem step 5 java -cp %WL_HOME%\lib\weblogic.jar;C:\bea utils.ImportPrivateKey client_keystore.jks client_store_password client_cert changeit localhost_client-cert.pem localhost-key.pem
  rem step 6 %JAVA_HOME%\bin\keytool -storepasswd -new changeit -keystore client_keystore.jks -storepass client_store_password
  rem step 7 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias client_cacert -file %WL_HOME%\lib\CertGenCA.der -keystore trust_store_keystore.jks -storepass changeit
  rem step 8 %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cacert -file ca.pem -keystore trust_store_keystore.jks -storepass changeit
  rem %JAVA_HOME%\bin\keytool -import -v -noprompt -trustcacerts -alias server_cert -file democert.pem -keystore trust_store_keystore.jks -storepass changeit

  Now you know why it was $525.  Also realize you are getting a computer that isn't a warranty computer.  How much did you save?
  Read the fine print on the Squaretrade warranty.  Make sure they won't turn it away for the same reason Apple does.
  Can you live without the light?  Even if it got wet in the past it boots now.  If I buy a used car and the radio doesn't work but I get it for a really good price then I figure that's part of it if I can live with it and it doesn't interfer with day to day use.
  It would be nice to know why the hard drive failed their test. Obviously if the computer boots it isn't total toast.  Clearly somebody has been inside the computer to add RAM and maybe change the drive?  That doesn't freak me in a used computer.
  Maybe somebody can comment on non idential RAM but with some computers with RAM from a reputable upgrade source it doesn't matter.  Post the exact specs of the second chip.
  My only question is, how up-front was the person from whom you bought the computer?  Did they tell you about the light?  It isn't a critical part but it is something you can assume to be working unless they tell you it isn't.  If they didn't, what else didn't they tell you?
  Screws will freak Apple Service because they only look at stuff where they know 100% what's been done to it and nobody not-certified has messed with it.  I have done all kinds of things to my computer that would have voided the original warranty 20x over but it long ago went out of warranty.  It purrs.

• HT201412 I have a problem connecting to the server (SSL problem) on my new Apple ipad.  I was supplied with a new ID password, but I am unable to get into my settings and email. Could someone please offer a suggestion?  Thanks!  A.A.

  I have a problem connecting to the server (SSL problem) on my new Apple Ipad (iOS6).  When submitting my Apple ID password, I am prevented from signing in to a secure connection due to an SSL problem.  Any suggestions ??  Thank you! 

  Sounds more like you have a problem with your apple id. For starters go to that page click manage my apple id and singn in. If you can't sign in reset password.
  https://appleid.apple.com
  if you can sign in there, try to sign in to itunes on your computer.

• HT1338 iMac and SSL problem

  I have an iMac operating under OS X.  Where can I find a patch for the SSL problem that reently occurred?

  There is none required for 10.3 or earlier. For Mountain Lion look here: Apple Security Update 2014-001. For Mavericks use App Store for the software update.

• Problem connecting to LDAP with SSL enabled

  Hi,
  I'm trying to connect to Active Directory with JNDI, but I got a few problems.
  I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
  Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
  Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
  I tried differents stuff but without results.
  I'm not able to install it, so when I run the code I've got the errors :
  IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
  Thanks in advance
  cyroul

  Hi,
  I'm trying to connect to Active Directory with JNDI, but I got a few problems.
  I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
  Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
  Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
  I tried differents stuff but without results.
  I'm not able to install it, so when I run the code I've got the errors :
  IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
  Thanks in advance
  cyroul

• Mail port number won't hold.  Received instructions from Comporium to change port number to 465, SSL checked and password required.  Now port reverts to 110 when quitting mail and reopening.

  OS X Yosemite on MacBook.  Mail port number will not hold.  Changed mail account info as instructed by Comporium, including changing port to 465, use SSL and password.  Now the port reverts to 110 when Mail app is closed and reopened; the entered port number - 465 - will not hold.

  OK folks, I think we have a winner.
  I finally got frustrated so I sponsored a conference call with a Palm Level 3 tech support guy, the Telus rep and a Bell rep.  We were on hold for a total of like 45 minutes as I chained the call along and finally got everyone on the same line.
  So here's the deal: The setup has to be done manually as thepoet suggested.  The incoming server is OK as imap and imap.telus.net with no encryption.  The outgoing server has to be set to point to mail.1xbell.ca with NO authentication, port 25 and no encryption.  The initial Bell tech support guy was quite close to the solution, just the wrong port number and the wrong sequence of setting it up.
  I have been able to send successfully, but want to try a couple of more things before I declare it a complete success.
  Thanks for your help Poet, much appreciate your persistance.

• 31.3.0 hangs when connecting to my IMAPS server (problem with intermediate certificates or SSL in general?).

  After update to 31.3.0 Thunderbird hangs when connecting to IMAPS server aie.de (intermediate certificates in chain). No error message is given, Thunderbird just hangs with out updating the subject lines of the inbox.

  It is a configuration problem of the courier imap ssl daemon, resolution is shown [http://xf.wiki.mithi.com/index.php/Error_observed_in_/var/log/messages_log,_imapd:_couriertls:_accept:_error:1408F10B:SSL_routines:SSL3_GET_RECORD:wrong_version_number#Resolution here]