SSL-server cipher command
Good day,
Just like to find out what does the "ssl-server xxx cipher" command do? is it something to do with SSL module & web servers communication?
i have this command on my configuration but it seems that the CSS donot talk to the web servers properly.
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list SSL-LIST01
ssl-server 100
ssl-server 100 vip address 10.180.6.1
ssl-server 100 rsakey RSAKEYASSOCIATION1
ssl-server 100 rsacert CERTASSOCIATIO1
ssl-server 100 cipher rsa-with-rc4-128-sha 10.180.6.1 80
active
!************************** SERVICE **************************
service DETDRSERVER01
ip address 10.180.6.35
port 80
active
service DETDRSERVER02
ip address 10.180.6.37
port 80
active
service SSL-MODULE01
type ssl-accel
keepalive type none
slot 3
add ssl-proxy-list SSL-LIST01
active
!*************************** OWNER ***************************
owner OWNER
content DRSERVERS-HTTP-RULE
vip address 10.180.6.1
balance aca
add service MYDRSERVER02
add service MYDRSERVER01
protocol tcp
port 80
active
content DRSERVERS-SSL-RULE
vip address 10.180.6.1
application ssl
protocol tcp
port 443
add service SSL-MODULE01
active
when i tried it from IE, I get the certificate but it doesn't connect to the web server homepage.
What is the command to see the traffic between CSS & web servers.
Any help appreciated.
Thanks.
To assign a cipher suite to the virtual SSL server, use the ssl-server number cipher command. For each available SSL version, there is a distinct list of supported cipher suites representing a selection of cryptographic algorithms and parameters. Your choice depends on your environment, certificates and keys in use, and security requirements. By default, no supported cipher suites are enabled. Use the no form of this command to remove a cipher suite from the server.
For more information have a look at http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008011940f.html#1139899
Similar Messages
-
SSL Server: No available certificate or key.... exception
Hi,
I want to create a very simple SSL Server for testing purposes.
I have searched google and these forums for an answer, but anything that I found did not help (will say below what I tried).
Here is my code:
import java.io.IOException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
public class Server {
private int port = 25000;
private SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
public Server() {
try {
SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(port);
Echo echo = new Echo(socket);
Thread t = new Thread(echo);
t.start();
} catch (IOException e) {
e.printStackTrace();
public static void main(String[] args) {
new Server();
}and
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
public class Echo implements Runnable {
SSLServerSocket socket;
public Echo(SSLServerSocket socket) {
this.socket = socket;
@Override
public void run() {
try {
SSLSocket connectedSocket = (SSLSocket) socket.accept();
// creating the streams
InputStream inputstream = connectedSocket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader in = new BufferedReader(inputstreamreader);
OutputStream outputstream = connectedSocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
BufferedWriter out = new BufferedWriter(outputstreamwriter);
// echoing...
String input = "";
while (input.compareTo("abort") != 0) {
input = in.readLine();
System.out.println("Server received message: " + input);
out.write(input + " " + input);
out.flush();
} catch (IOException e) {
e.printStackTrace();
}When I run the code, I get
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
at Echo.run(Echo.java:24)
Line 24 in Echo.java is SSLSocket connectedSocket = (SSLSocket) socket.accept();
I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
I have tried relative and full pathnames for javax.net.ssl.keyStore, as well as copying the keystore right into the directory with the class-files
I have tried to set javax.net.ssl.keyStore (and javax.net.ssl.keyStorePassword) via the command line's -D switch and via System.setProperty
After all that failed, I even tried to import the generated public key into the server's keystore as well
No matter what I did, I always get above exception upon calling accept().
I am using Java 6 (Java(TM) SE Runtime Environment (build 1.6.0_17-b04)) on Windows 7 64 Bit
Any help is appreciated.I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
Are you sure you created a keystore with an RSA keypair, and not a DSA keypair? -
CSS11501 ssl-server urlrewrite Not Working
I have a CSS11501 with the on-board SSL module.
The device is configured with the relevant ss-proxy-list,ssl services and content rules to receive https sessions, decrypt them and pass them onto backend http Web servers - this is working ok.
However, the customer also wants any normal http sessions sent from the users browser to be re-written to https - this is to cater for the situation where the user accidently types a http url instead of using https. e.g.
//http:www.mydomain.com/webstuff/content.html
should be:
//https:www.mydomain.com/webstuff/content.html
From the documentation I have read it appears to me that the 'urlrewrite' command does exactly this.
However, I have configured this in my ssl-proxy-list but it doesn't seem to work - a browser session using http just times-out and doesn't get re-directed to https.
Have I got the correct command..?
My relevant config bits are below:
ssl-proxy-list ssl_listxxxx
ssl-server 33
ssl-server 33 vip address xxx.xxx.xxx.xxx
ssl-server 33 rsacert my_cert
ssl-server 33 rsakey my_key
ssl-server 33 cipher rsa-export-with-rc4-40-md5 xxx.xxx.xxx.xxx 80
ssl-server 33 urlrewrite 1 www.mydomain.com
active
service ssl-serxxxx
type ssl-accel
slot 2
keepalive type none
add ssl-proxy-list ssl_listxxxx
active
content ssl-content
vip address xxx.xxx.xxx.xxx
port 443
protocol tcp
add service ssl-serxxxx
application ssl
advanced-balance ssl
active
content backed-http-content
add service http-content-1
add service http-content-1
protocol tcp
port 80
url "/webstuff*"
advanced-balance sticky-srcip-dstport
vip address xxx.xxx.xxx.xxx
active
Thanks....JohnHi Gilles,
thanks again, this is great and I think what the customer wants.
The only thing I'm not clear on here is the IP address used in the 'secure-transfer' service (ip address 2.2.2.2)
Is this just s spoof ip address or should it be a valid server ip address.?
Cheers...John
********** SERVICE ***********
service secure-transfer
ip address 2.2.2.2
keepalive type none
type redirect
no prepend-http
domain https://www.cisco.com
active
service regular-server1
ip address 10.2.3.4
active
service regular-server2
ip address 10.2.3.5
active
********* OWNER *********
owner CSS-Team
content default-redirect
vip address 206.25.90.84
protocol tcp
port 80
url "/*"
add service secure-transfer
active
content ssl-rule
vip address 206.25.90.84
protocol tcp
port 443
add service regular-server1
add service regular-server2
active -
Problems Reading SSL server socket data stream using readByte()
Hi I'm trying to read an SSL server socket stream using readByte(). I need to use readByte() because my program acts an LDAP proxy (receives LDAP messages from an LDAP client then passes them onto an actual LDAP server. It works fine with normal LDAP data streams but once an SSL data stream is introduced, readByte just hangs! Here is my code.....
help!!! anyone?... anyone?
1. SSL Socket is first read into " InputStream input"
public void run()
Authorization auth = new Authorization();
try {
InputStream input = client.getInputStream();
while (true)
{ StandLdapCommand command;
try
command = new StandLdapCommand(input);
Authorization t = command.get_auth();
if (t != null )
auth = t;
catch( SocketException e )
{ // If socket error, drop the connection
Message.Info( "Client connection closed: " + e );
close( e );
break;
catch( EOFException e )
{ // If socket error, drop the connection
Message.Info( "Client connection close: " + e );
close( e );
break;
catch( Exception e )
//Way too many of these to trace them!
Message.Error( "Command not processed due to exception");
close( e );
break;
//continue;
processor.processBefore(auth, command);
try
Thread.sleep(40); //yield to other threads
catch(InterruptedException ie) {}
catch (Exception e)
close(e);
2 Then data is sent to an intermediate function
from this statement in the function above: command = new StandLdapCommand(input);
public StandLdapCommand(InputStream in) throws IOException
message = LDAPMessage.receive(in);
analyze();
Then finally, the read function where it hangs at "int tag = (int)din.readByte(); "
public static LDAPMessage receive(InputStream is) throws IOException
* LDAP Message Format =
* 1. LBER_SEQUENCE -- 1 byte
* 2. Length -- variable length = 3 + 4 + 5 ....
* 3. ID -- variable length
* 4. LDAP_REQ_msg -- 1 byte
* 5. Message specific structure -- variable length
DataInputStream din = new DataInputStream(is);
int tag = public static LDAPMessage receive(InputStream is) throws IOException
* LDAP Message Format =
* 1. LBER_SEQUENCE -- 1 byte
* 2. Length -- variable length = 3 + 4 + 5 ....
* 3. ID -- variable length
* 4. LDAP_REQ_msg -- 1 byte
* 5. Message specific structure -- variable length
DataInputStream din = new DataInputStream(is);
int tag = (int)din.readByte(); // sequence tag// sequence tag
...I suspect you are actually getting an Exception and not tracing the cause properly and then doing a sleep and then getting another Exception. Never ever catch an exception without tracing what it actually is somewhere.
Also I don't know what the sleep is supposed to be for. You will block in readByte() until something comes in, and that should be enough yielding for anybody. The sleep is just literally a waste of time. -
Problem trying to read an SSL server socket stream using readByte().
Hi I'm trying to read an SSL server socket stream using readByte(). I need to use readByte() because my program acts an LDAP proxy (receives LDAP messages from an LDAP client then passes them onto an actual LDAP server. It works fine with normal LDAP data streams but once an SSL data stream is introduced, readByte just hangs! Here is my code.....
help!!! anyone?... anyone?
1. SSL Socket is first read into " InputStream input"
public void run()
Authorization auth = new Authorization();
try {
InputStream input = client.getInputStream();
while (true)
{ StandLdapCommand command;
try
command = new StandLdapCommand(input);
Authorization t = command.get_auth();
if (t != null )
auth = t;
catch( SocketException e )
{ // If socket error, drop the connection
Message.Info( "Client connection closed: " + e );
close( e );
break;
catch( EOFException e )
{ // If socket error, drop the connection
Message.Info( "Client connection close: " + e );
close( e );
break;
catch( Exception e )
//Way too many of these to trace them!
Message.Error( "Command not processed due to exception");
close( e );
break;
//continue;
processor.processBefore(auth, command);
try
Thread.sleep(40); //yield to other threads
catch(InterruptedException ie) {}
catch (Exception e)
close(e);
2 Then data is sent to an intermediate function
from this statement in the function above: command = new StandLdapCommand(input);
public StandLdapCommand(InputStream in) throws IOException
message = LDAPMessage.receive(in);
analyze();
Then finally, the read function where it hangs at "int tag = (int)din.readByte(); "
public static LDAPMessage receive(InputStream is) throws IOException
* LDAP Message Format =
* 1. LBER_SEQUENCE -- 1 byte
* 2. Length -- variable length = 3 + 4 + 5 ....
* 3. ID -- variable length
* 4. LDAP_REQ_msg -- 1 byte
* 5. Message specific structure -- variable length
DataInputStream din = new DataInputStream(is);
int tag = (int)din.readByte(); // sequence tag// sequence tagI suspect you are actually getting an Exception and not tracing the cause properly and then doing a sleep and then getting another Exception. Never ever catch an exception without tracing what it actually is somewhere.
Also I don't know what the sleep is supposed to be for. You will block in readByte() until something comes in, and that should be enough yielding for anybody. The sleep is just literally a waste of time. -
Problems reading an SSL server socket stream using readByte()
Hi I'm trying to read an SSL server socket stream using readByte(). I need to use readByte() because my program acts an LDAP proxy (receives LDAP messages from an LDAP client then passes them onto an actual LDAP server. It works fine with normal LDAP data streams but once an SSL data stream is introduced, readByte just hangs! Here is my code.....
help!!! anyone?... anyone?
1. SSL Socket is first read into " InputStream input"
public void run()
Authorization auth = new Authorization();
try {
InputStream input = client.getInputStream();
while (true)
{ StandLdapCommand command;
try
command = new StandLdapCommand(input);
Authorization t = command.get_auth();
if (t != null )
auth = t;
catch( SocketException e )
{ // If socket error, drop the connection
Message.Info( "Client connection closed: " + e );
close( e );
break;
catch( EOFException e )
{ // If socket error, drop the connection
Message.Info( "Client connection close: " + e );
close( e );
break;
catch( Exception e )
//Way too many of these to trace them!
Message.Error( "Command not processed due to exception");
close( e );
break;
//continue;
processor.processBefore(auth, command);
try
Thread.sleep(40); //yield to other threads
catch(InterruptedException ie) {}
catch (Exception e)
close(e);
2 Then data is sent to an intermediate function
from this statement in the function above: command = new StandLdapCommand(input);
public StandLdapCommand(InputStream in) throws IOException
message = LDAPMessage.receive(in);
analyze();
Then finally, the read function where it hangs at "int tag = (int)din.readByte(); "
public static LDAPMessage receive(InputStream is) throws IOException
* LDAP Message Format =
* 1. LBER_SEQUENCE -- 1 byte
* 2. Length -- variable length = 3 + 4 + 5 ....
* 3. ID -- variable length
* 4. LDAP_REQ_msg -- 1 byte
* 5. Message specific structure -- variable length
DataInputStream din = new DataInputStream(is);
int tag = (int)din.readByte(); // sequence tag// sequence tagI suspect you are actually getting an Exception and not tracing the cause properly and then doing a sleep and then getting another Exception. Never ever catch an exception without tracing what it actually is somewhere.
Also I don't know what the sleep is supposed to be for. You will block in readByte() until something comes in, and that should be enough yielding for anybody. The sleep is just literally a waste of time. -
SCA design question - PIX and SCA with dual logical SSL server.
I have a SCA design question. please correct or verify my solution.
1. connectivity.
<Client with port 443>--<ISP>--<PIX>--<SCA>--<SERVER(two IP on single NIC and each IP associates to WEB server) with port 81>
* client will access WEB server with x.x.1.100 or x.x.1.101
2. physical IP address
- PIX outside=x.x.1.1
- PIX inside=x.y.1.1
- SCA device=x.y.1.2
- SERVER NIC1=x.y.1.10
- SERVER NIC2=x.y.1.11
3. PIX NAT
- static#1=x.x.1.100 map to x.y.1.10
- static#2=x.x.1.101 map to x.y.1.11
4. SCA configuration.
mode one-port
no mode one-port
ip address x.y.1.2 netmask 255.255.255.0
ip route 0.0.0.0 0.0.0.0 x.y.1.1
ssl
server SERVER1
ip address x.y.1.10
localport 443
remoteport 81
server SERVER2
ip address x.y.1.11
localport 443
remoteport 81
Thanks,The document http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/scacfggd/ has a link to a page which describes how to use the configuration manager command line interface to configure the Secure Content Accelerator. Several configuration examples are also included in this page.
-
Help! Unable to FTP into SSL Server
PLEASE HELP!
I lease a secure server that -- for years -- I used to be able to access flawlessly via FTP with Fetch in Passive mode.
For some reason, I can no longer access this server from either of my Macs, as I have been doing for years. I've changed nothing on my Macs, except for downloading and installing Apple's various "patches"... which leads me to think that this is the culprit.
I've double checked my DSL modem... my DSL service... even my Hosting provider has double-checked everything... all is well. I can access the SSL server on a different machine without issues, and can even access other non-SSL servers just fine with either of my Macs. BUT... when I try to access my SSL server, I ALWAYS get the same error message:
"Can't build data connection: Connection timed out."
I've even tried a half-dozen other FTP programs... ALWAYS the same results. (Even if I go to a local coffeeshop and, using my wireless connection, use a completely different service provider... I STILL get the same results!!!
THIS leads me to suspect something is obviously wrong here... but I am completely stumped.
If anyone can offer me any enlightenment or, ideally, help me solve this issue. I'll put in a good word for you with the Honcho upstairs!
Thanks,
Jeff
P.S. I'm using two different Macs... always getting the same results:
15" Powerbook G4/1 Ghz w/OS X 10.3.9 and
PowerMac G4/533 Mhz w/OS X 10.2.8...
... each with FAR more RAM and Disk Space than is even a concern!
P.P.S. I'm also including a Session Log as reference... the username, password, IP address and domain name are bogus, but the rest is actual.
=========
Connection attempt 1:
Connecting ssl.domainname.com (123.45.67.890)
220 host.domainname.com FTP server (Version wu-2.6.1-16) ready.
USER username
331 Password required for username.
PASS ******
230 User username logged in. Access restrictions apply.
SYST
215 UNIX Type: L8
Remote system is UNIX - text files transfer optimization is ON
MACB ENABLE
500 'MACB ENABLE': command not understood.
PWD
257 "/" is current directory.
PORT 10,0,0,5,192,111
200 PORT command successful.
LIST
425 Can't build data connection: Connection timed out.
15" G4/1 Ghz Powerbook Mac OS X (10.3.9) PowerMac G4/533 Mhz (running 10.2.8)
15" G4/1 Ghz Powerbook Mac OS X (10.3.9)
15" G4/1 Ghz Powerbook Mac OS X (10.3.9)Hi Jeff,
Curiously, do you have a firewall up and running at home? Have you checked to see if port 21 (for FTP) is open and/or forwarded?
I couldn't access a FTP server which I used to visit (prior to getting broadband access) and realized that I needed to forward port 21 in my router settings to properly connect.
Also, are Sharing settings/privileges set correctly?
Hope this helps a little...
Steve -
Cisco Prime Infrastucture vulnerability SSL RC4 Cipher Suites Supported
Hi All,
I have a question on how to disable RC4 Cipher Suites Supported on Cisco Prime Infrastructure Platform.
My Client have use Nessus Software to scan on prime. and found on below vulnerability
SSL RC4 Cipher Suites Supported
Cisco prime infrastructure deploy on latest 2.1
we have gain the root access and modifier the ssl.conf and restart the service also unable to solve.
/opt/CSCOlumos/httpd/ssl/backup/ssl.conf
/opt/CSCOlumos/httpd/ssl/ssl.conf
C:\Program Files\Tenable\Nessus>nessuscmd -v -p 443 -i 21643 192.168.1.55
Starting nessuscmd 5.2.7
Scanning '192.168.1.55'...
Host 192.168.1.55 is up
Discovered open port https (443/tcp) on 192.168.1.55
[i] Plugin 21643 reported a result on port https (443/tcp) of 192.168.1.55
+ Results found on 192.168.1.55 :
- Port https (443/tcp) is open
[i] Plugin ID 21643
| Here is the list of SSL ciphers supported by the remote server :
| Each group is reported per SSL Version.
| SSL Version : TLSv1
| Medium Strength Ciphers (>= 56-bit and < 112-bit key)
| DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-C
| C(56) Mac=SHA1
| RC4-MD5 Kx=RSA Au=RSA Enc=RC4(1
| 8) Mac=MD5
| RC4-SHA Kx=RSA Au=RSA Enc=RC4(1
| 8) Mac=SHA1
|
| SSL Version : SSLv3
| Medium Strength Ciphers (>= 56-bit and < 112-bit key)
| DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-C
| C(56) Mac=SHA1
| DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-C
| C(56) Mac=SHA1
| High Strength Ciphers (>= 112-bit key)
| EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(
| 68) Mac=SHA1
| RC4-MD5 Kx=RSA Au=RSA Enc=RC4(1
| 8) Mac=MD5
| RC4-SHA Kx=RSA Au=RSA Enc=RC4(1
| 8) Mac=SHA1
| The fields above are :Hi ,
"SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709.
CSCum03709 PI 2.0.0.0.294 with SSH vulnerabilities
Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)
Thanks-
Afroz
***Ratings Encourages Contributors *** -
RV082 v3, SSL Server Allows Cleartext Communication Vulnerability
Hello, looking for some guidance here...
Have multiple RV082 v3's running the latest code level (RV0XX-v4.2.1.02-20120118-code)
and they are being scanned from the corporate side and they are tell me there is a "SSL Server Allows Cleartext Communication Vulnerability"
I've tried a couple things but the vulnerability keeps reappearing on the scans.
They recently passed this info along to me which sounds like a firmware concern.
Here are the ciphers currently accepted. The ADH ones are the cause of the problem, since ADH stands for "Anonymous Diffie Hellman"
Testing SSL server x.x.x.x on port 443
Supported Server Cipher(s):
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted SSLv3 256 bits ADH-AES256-SHA
Accepted SSLv3 256 bits ADH-CAMELLIA256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 256 bits CAMELLIA256-SHA
Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 168 bits ADH-DES-CBC3-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1 256 bits ADH-AES256-SHA
Accepted TLSv1 256 bits ADH-CAMELLIA256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits ADH-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Looking fro some guidance on where the problem might be.
Thanks.Hi Chris,
I think the router supports SSLv2, which causes it to fail some security audits. If I recall correctly, the workaround is to forward port 443 to a non-existant IP address on the LAN. That way when there is a scan there is no response. -
We have a new security product that has detected SSL Weak Cipher strengths. I have been going round and round trying to figure out what the issue might be.
What I am down to is a config option with the OpenSSL. It appears it reads the SSL Cipher strengths from the vhost-ssl.conf file in the \etc\apache2\vhosts.d directory.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
The above is the default string. I have changed it as follows to eliminate the weak SSLv2.
SSLCipherSuite ALL:!ADH:!EXport56:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:+E XP:+eNULL:-SSLv2
The problem is the server still comes back support encryption less than 128 bit. What options do I need to change to fix this issue?IS this an OES1 or OES2 server? On what port is the weak cipher being used? When you installed your server, did you enable the option to use certificates from eDirectory?
-
We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
not have a private key information property attached to it" There is no software firewall set on the DC. When I run Certutil -VerifyStore MY it shows the current certificates as well as the revoked and expired certificates
correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
appreciated.Hi,
Have you tried this?
How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
http://support.microsoft.com/kb/889651
Best Regards,
Amy -
Hi,
We develop a server-side application which receives incoming https connections using self-signed certificate. It was all ok while we were using Windows 7 or Windows 2008 as OS, but when our clients started installing Windows 8 as server OS they encountered
big problem: application got unavailable in few hours after start.
In event logs we have following:
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
After restart, application recreates certificate and all works normal few hours till next fatal error.
This
article did not help us. And I repeat that this error appears only on Windows 8 (we tested on Windows 8.1). Windows 2012 Server we did not test yet.
How we can solve this problem?
Best regards.Hi,
Since this article released in 2008,I suspect the code mentioned in this article doesn't supprot Windows 8.
And since the certificate was written by C#,I suggest you submit a new case on MSDN Forum as they will be more professional on your issue:
https://social.msdn.microsoft.com/Forums/en-US/home
Regards,
Kelvin hsu
TechNet Community Support -
Step by Step : How to Create an SSL Server Certificate (Part 3)
How to Create an SSL Server Certificate (Part 3)
In the previous part you have completed step 10, now you are almost there.
Step 11:
This is another very important step.
Leave the settings as is or tick more options if you know what you do.
Step 12:
Again leave as it is.
Step 13:
Another important step !
In the DNS Name field enter the host name(s) separated by spaces (or commas), e.g.
myserver.name.private myserver.dyndns.org
You can enter your local IP if you wish.
Step 14:
Certificate Assistant now procedes to create your certificate. Within a few seconds you should see the new certificate in your Keychain.
Switch to Server App (if at this stage Server App has crashed, don't worry , re-open Server App and proceed.
Repeat step 2 described in Part 1 and select the new certificate from the drop-down menu of available certificates.
You may want to use this certificate for all services (iChat, iCal, Mail, Web) or create different ones.
If you use the same certificate for all services the name of the certificate is diplayed next to "SSL Certificate", if you don't you will see "Custom" instead.
Addendum:
1. Do not forget to open port 443 in your router to enable https connections.
2. Enable SSL in your iCal account settings if you wish.
Enjoy your server !Hi,
Are you talking about the Mercedes leaderboard ad? Because that look a lot more complicated than "fade in - fade out" images?
Anyway... I am looking at the easiest way to create a banner ad with fade in - fade out images that I have created in illustrator.
This tutorial helped me alot.
http://www.youtube.com/watch?v=gFw-1D8yaMs&NR=1
cheers -
Not able to start managed server from command prompt
Hi,
I am trying to start manged server from command prompt. The command i am using is as follows:
startManagedWebLogic.cmd MS1 [http://]<Listen_Address>:<Admin_port>
Where MS1 is the name of my managed server.
But i am getting following exceptions:
There are 1 nested errors:
weblogic.management.ManagementException: Unable to obtain lock on C:\bea\user_pr
ojects\domains\PB530Domain\servers\AdminServer\tmp\AdminServer.lok. Server may a
lready be running
at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.ja
va:159)
at weblogic.management.internal.ServerLocks.getServerLock(ServerLocks.ja
va:58)
at weblogic.management.internal.DomainDirectoryService.start(DomainDirec
toryService.java:73)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesMan
ager.java:459)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServ
icesManager.java:164)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:711)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:482)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:440)
at weblogic.Server.main(Server.java:67)
>
<Feb 10, 2009 6:48:16 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FAILED>
<Feb 10, 2009 6:48:16 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical
service failed. The server will shut itself down>
<Feb 10, 2009 6:48:16 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FORCE_SHUTTING_DOWN>
Please help me to resolve this issue.
thanks,
Sonal
Edited by: [email protected] on Feb 10, 2009 5:16 AMLooking at your error message a little closer, I don't believe it has anything to do with port conflicts but rather that even though you are executing the startManagedWeblogic.cmd with your managed server name (MS1), the error indicates that it is trying to start the Admin Server (not MS1). Note in your error message the following: Unable to obtain lock on C:\bea\user_pr
ojects\domains\PB530Domain\servers\AdminServer\tmp\AdminServer.lok. Server may a
lready be running
It is saying that it cannot start the Admin Server because it is already running (which is probably true in your case). Have you made any changes to the startManagedWeblogic.cmd or the startWeblogic.cmd scripts? I would start debugging there and try to figure out why the script is trying to start your admin server instead of MS1 as you requested on the cmd line.
Maybe you are looking for
-
VPRS with Free Goods and Batch Determination
Dear Experts, I have a problem on the products billing with Free Goods. I will explain this, before the implementation of Batch Management (with batch split) the billing document show the condition VPRS on the main item (TAN) and the free goods item
-
Currency Translation feature in BEx reports
Hi colleagues, As you know, when creating queries, you can right click a given key figure and from Currency Translation frame you can select a customized Currency Conversion Key so OLAP engine displays the "converted" value of such Key figure. Standa
-
MRS Push with SMP 3.0 and Service Manager 4.2 is not working
Hi All, I am working on SMP 3.0 SP 06 Service Manager 4.2 application . I have configured MRS Push which is not working . Service Order push is working fine. If anyone has configured MRS push with any one the Syclo mobile products ,Please share the s
-
HT1660 I HAVE 2 ITUNES USER`S ID HOW CAN I MERGE THEM, IF SO?
I HAVE 2 ITUNES USER`S ID HOW CAN I MERGE THEM, IF SO?
-
Safari 8.0.3 is not responsive
I have a MacBook Pro from 2011 and its running OS X Yosemite 10.10.2 So every time I open Safari it usually takes about a minute to open. When it does open, if I even just move my cursor to hover over the search bar, the dreaded colorful beach ball s