Steps involved in validating a server's certificate
Hello All,
I'm writing a custom trust manager and wondering if anyone can tell me all the steps that are involved in validating a certificate presented by the server during an SSL handshake. The following are the things I think are must to check if a certificate is valid/trusted.
1. Date verification: The certificate date is valid.
2. Host name verification: The subject's common name matches the host name that your application is trying to connect to.
3. Do you trust the CA: Check if the certificate is signed by a CA that you trust.
Are there any other low level things that we need to check for? I looked at some of the J2SDK code... X509TrustManagerImpl, SimpleValidator etc. and they do a lot of other things which I never thought of. Can some one educate me a bit on this?
I thought of using the default trust manager provided by sun in my own trust manager as suggested in the JSSE reference guide. But I guess, it is hard to find what exactly was the problem for not trusting a certificate as the default implementation always throws CertificateExcption no matter what the case is. Instead, it would be nice to throw sub classes of CertificateException, such as CertificateExpiredException or HostNameNotValidException (This class does not exisits in the the API ofcourse). What are your opinions on this?
Thanks
Sai Pullabhotla
Depending on whether or not uour SSL container (eg. servlet etc..) has already done some of these things, but you may want to think about these:
1. IF you use CRL, does the server cert exist in your CRL?
2. In verifying the CA, if there's an intermediate one, you should
also verify that the entire CA chain is valid and trusted by you.
3. Purpose of the server cert. Does it meet your requirement?
4. IF you use and require strong encryption, does the server cert support it?
Similar Messages
-
Steps involved in Uninstalling SQL Server service packs
Hi,
Came to know that we can uninstall sql server service packs from SQL 2008 SP1 onwards.
Question is, for suppose i have installed SQL 2008 SP3 and found problem. Now I want to uninstall SP3, what are the steps involved to uninstall a service pack? Can we also uninstall QFE, Cummulative updates and hotfix's as well?
How does sql server does the rollback or uninstall of service pack behind the scenes?
Appreciate your help.
Thank you.Hello,
@Cheer08: When SP1 CU3 and SP1 CU4 were released we found that some SQL Server users had issues with SSIS and SSRS, when these CUs were
uninstalled we found the issues continue, and we were back to normal when we reapplied SP1 or SP1 CU2.
@Samantha: About the Resource DB, it certainly plays a factor on applying updates and upgrading process, which is explained
here. About how it is used to allow rollback of updates
in SQL Server, the Resource DB seems to be used to copy back the objects and semantics to system databases as explained in the following article.
http://extremeexperts.com/sql/yukon/resourcedatabase.aspx
@Samantha: no official documents to my knowledge, I just have a real world experience on this as I mentioned to @Cheer08.
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com -
What r the steps involved in validation ?
Hi All,
Can u give me the steps to be performed in maintaining validations in FI
which r the tcodes used and what r maintained in it.
what r the steps to be performed by the abaper.
its urgent
helpful answers are rewarded
thanks everyoneyes ,i've registered in rggbr000 by cpoying this to zrggbr000
exits-name = 'U900'. "single validation: only one
exits-param = c_exit_param_none. "data record used
exits-title = text-102. "Example EIS
APPEND exits.
also i've coded
form U900
endform.
in the same zrggbr000
after that how this form is called during the runtime.
thats what the problem is -
Validating a server's certificate
I am writing an app that does an https post of a request and gets a result returned. The company that I am interacting with has a certificate from verisign. I know nothing about certificates! I need to validate their certificate in code as I do this transaction. I need to validate that their cert is current, check the authority and the url. Anyone have an example of this type of action? Do I do this right before the post or does this happen during the post? Sorry I am such a newbie!
Thanks!
BillHello!!!
I've a similar problem. I need validate a client certificate against my server. I'm researching in this field and I've learning some things. You need have one keystore, this is the place where the certificates are stored. In this keystore you need have the CA root certificates (Certificate Authory or similar), so to speak, the trusted certificates (verisign, thawte, etc). Your application trust by default in this entities. You can add more entities when you want, only you need the CA root certificates to import them. Afterwards, you need validate a client certificate against this keystore, so the client cert must have a sign from a CA inside it. Then we're going to validate the cert asking to the keystore if the client cert exists inside it, first look for the same CA root that the client cert have and if this CA root exists then we will look for final client cert, and if this certificate exists then the process will be ok.
This is the process more or less, I'm sorry if I can't explain me better, so you can read more of this in the java tutorial or the JSSE tutorial, or JCE tutorial.
If you have installed J2SE in your machine, you will see the keystore in C:\Documents and Settings\<your_user>\.keystore
and c:\j2sdk1.4.1_02\jre\lib\security\cacert
This is my code, works, but I need do finish it:
package autenticacion;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.*;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.sun.net.ssl.SSLContext;
import java.io.*;
public class TestCert {
KeyStore keyStore;
String keyStorePath;
char[] keyStorePassword;
public TestCert(){
this.keyStore = null;
this.keyStorePath = "";
this.keyStorePassword = null;
public TestCert(KeyStore keyStore, String keyStorePath, char[] keyStorePassword){
this.keyStore = keyStore;
this.keyStorePath = keyStorePath;
this.keyStorePassword = keyStorePassword;
public static void main( String[] args )
FileInputStream keyStoreIStream = null;
try
String keyStorePath = "D:/JAVA/j2sdk1.4.1_02/jre/lib/security/cacerts";//"c:/Documents and Settings/instalador/.keystore";
char[] keyStorePassword = "changeit".toCharArray();//"password".toCharArray();
String pathFileName = "c:/mykeyFile.cert";
//dynamically set SunJSSE as a security provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Open the keystore file.
try
// Open the stream to read in the keystore.
keyStoreIStream = new FileInputStream(keyStorePath);
catch( FileNotFoundException e )
// If the path does not exist then a null stream means
// the keystore is initialized empty. If an untrusted
// certificate chain is trusted by the user, then it will be
// saved in the file pointed to by keyStorePath.
keyStoreIStream = null;
// Create a KeyStore Object
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// Init the Keystore with the contents of the keystore file.
// If the input stream is null the keystore is initialized empty.
keyStore.load(keyStoreIStream, keyStorePassword);
// Close keystore input stream
if(keyStoreIStream != null)
keyStoreIStream.close();
keyStoreIStream = null;
//Array en el que se guardan todos los certificados que nos envien.
//X509Certificate[] chain = (X509Certificate[]) request.getAttribute("java.security.cert.X509Certificate");
//isChainTrusted
TestCert test = new TestCert( keyStore, keyStorePath, keyStorePassword );
X509Certificate[] cert = test.getCertFromFile(pathFileName);
test.getAcceptedIssuers();
System.out.println(test.isChainTrusted(cert));
catch( Exception e )
e.printStackTrace();
System.out.println( "main Error: " + e.toString() );
} finally{
try{
if(keyStoreIStream!=null){
keyStoreIStream.close();
}catch( Exception e){
e.printStackTrace();
System.out.println( "main Error: " + e.toString() );
// getAcceptedIssuers retrieves all of the certificates in the keyStore
// and returns them in an X509Certificate array.
public X509Certificate[] getAcceptedIssuers()
X509Certificate[] X509Certs = null;
try
// See how many certificates are in the keystore.
int numberOfEntry = keyStore.size();
// If there are any certificates in the keystore.
if(numberOfEntry > 0)
// Create an array of X509Certificates
X509Certs = new X509Certificate[numberOfEntry];
// Get all of the certificate alias out of the keystore.
Enumeration aliases = keyStore.aliases();
// Retrieve all of the certificates out of the keystore
// via the alias name.
int i = 0;
while (aliases.hasMoreElements())
String alias = (String)aliases.nextElement();
System.out.println(alias);
X509Certs[i] = (X509Certificate)keyStore.getCertificate(alias);
System.out.println(X509Certs);
i++;
catch( Exception e )
System.out.println( "getAcceptedIssuers Exception: "
+ e.toString() );
X509Certs = null;
return X509Certs;
// isChainTrusted searches the keyStore for any certificate in the
// certificate chain.
private boolean isChainTrusted(X509Certificate[] chain)
boolean trusted = false;
try
// Start with the root and see if it is in the Keystore.
// The root is at the end of the chain.
for (int i = chain.length - 1; i >= 0; i-- )
if (keyStore.getCertificateAlias(chain[i]) != null)
trusted = true;
break;
catch( Exception e )
System.out.println( "isChainTrusted Exception: "
+ e.toString() );
trusted = false;
return trusted;
* Obtiene el certificado de un fichero y lo pasa a un objeto de la clase X509Certificate.
private X509Certificate[] getCertFromFile(String filename){
X509Certificate chain[] = null;
FileInputStream fis = null;
try{
//The following example parses a PKCS#7-formatted certificate reply stored in a file and extracts all the certificates from it:
Vector v = new Vector();
fis = new FileInputStream(filename);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection c = cf.generateCertificates(fis);
Iterator i = c.iterator();
while (i.hasNext()) {
X509Certificate cert = (X509Certificate)i.next();
System.out.println(cert);
v.add(cert);
chain = new X509Certificate[v.size()];
chain = (X509Certificate [] ) v.toArray(chain);
} catch (Exception ex){
ex.printStackTrace();
} finally {
try{
fis.close();
}catch (Exception ex){
ex.printStackTrace();
return chain;
If you do finish your code I'd like you tell me something.
Bye. -
SSL Certificate appears valid in Server Admin, but as expired in browsers
I've imported a certificate from Thawte that expires June 29 2008. It shows the correct dates within the Certificates tab of Server Admin, and everthing looks fine, but when I load an https: page on my server, the browser tells me that the certificate expired June 30 2007.
This is a fairly new Mac Pro running OSX 10.5.2 Leopard Server, and Apache 2.2.
If you click on the embedded icon from Thawte that links to their site for verification, it also shows that the certificate is valid.
I've deleted and re-imported it a few times, and rebooted the server, but it always shows as expired in browsers.
Sample page with link to Thawte;
https://cstore.uvic.ca/index-ssl.lasso
Thanks in advance to anyone who can help me get this fixed.
Brad.
Message was edited by: FastCompanyCamelot,
Thanks for the reply. I'm not offended by your suggestion that it's something simple that I've overlooked, rather I'm hoping that it is.
I have selected the certificate on the appropriate site on the web panel. When you visit the site link In my original message, you'll see that the correct certificate is being served, but it appears as expired to the browser, even though it shows as valid in Server Admin.
I also found it in the Keychain utility, and it also shows as a valid certifcate there. I did find an entry in the Keychain utility for an earlier attempt at installing an expired certificate, so I deleted that entry. -
Missing the "Microsoft Exchange Server Auth Certificate"
Hi Everyone,
I have a single Exchange box.
Was integrating my Lync and Exchange and noticed some issues after configuring my Lync pre-reqs: http://technet.microsoft.com/en-us/library/jj721919.aspx
Following the line of communication and event logs, I quickly saw that the error was not on my Lync Server, but on my Exchange. The "Microsoft Exchange Server Auth Certificate" that is created during Ex2013 install was missing.
It was not there to give out tokens for the Server to Server authentication required to integrate Lync, Exchange, and Sharepoint.
Running Get-AuthConfig: http://technet.microsoft.com/en-us/library/jj215766(v=exchg.150).aspx
pointed to a thumbprint that did not exist anymore.
I confirmed this by checking the local cert store (local computer>personal>certificates), looking in the ECP (servers>certificates), and also running Get-ExchangeCertificate
In my Exchange Server event log, I found the following errors:
Log Name: Application
Source: MSExchange Certificate Deployment
Date: 6/8/2014 4:00:50 AM
Event ID: 2005
Task Category: General
Level: Warning
Keywords: Classic
User: N/A
Computer: server.domain.com
Description:
Federation or Auth certificate not found: ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation
Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.
Event Xml:
2005
3
1
0x80000000000000
2391484
Application
server.domain.com
ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3
AND
Log Name: Application
Source: MSExchange OAuth
Date: 6/8/2014 1:25:41 PM
Event ID: 2004
Task Category: Configuration
Level: Warning
Keywords: Classic
User: N/A
Computer: server.domain.com
Description:
Unable to find the certificate with thumbprint ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.
Event Xml:
2004
3
2
0x80000000000000
2397430
Application
server.domain.com
ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3
Googling has only produced one article that is about another issue that I would have found further down the line if I wasn't testing within the pre-reqs. The solution is the same, but the article is somewhat poorly written and does not respond to all
the comments enough to leave one feeling it's 100% correct.
http://blogs.technet.com/b/jenstr/archive/2012/11/22/getting-internal-server-error-500-when-creating...
The broad strokes are clear:
The fix is to create a new "Microsoft Exchange Server Auth Certificate" by using the following sequence of cmdlets In EMS on the MBX server:
1. New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
Do not accept to replace the SMTP certificate when prompted
2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
3. $a=get-date
4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
5. Set-AuthConfig –PublishCertificate
6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate.
Remember to do iisreset on both CAS and MBX servers. Then finally, you can try to re-issue the New-CsPartnerApplication cmdlet.
65 Million Dollar question:
Is the syntax in part 1 correct? Two people says to add the domain? Jens responds, but it's vague. What would the correct command look like? I do not know where to add the -DomainName within the command and which name I
should add? The FQDN of the CAS?
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services
smtp
Thank you everyoneHi,
Yes, we need to specify a valid FQDN for either the Subject or the DomainName parameter. Please run the following command:
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName server.domain.com -Services
smtp
Then following the other steps in your posting to re-create the Microsoft Exchange Server Auth Certificate.
Regards,
Winnie Liang
TechNet Community Support -
Error in authentication with ldap server with certificate
Hi,
i have a problem in authentication with ldap server with certificate.
here i am using java API to authenticate.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
I issued the new certificate which is having the up to 5 years valid time.
is java will authenticate up to one year only?
Can any body help on this issue...
Regards
Rangasorry i am gettting ythe same error
javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
here when i am using the old certificate and changing the system date means i can get the authentication.
can you tell where we can concentrate and solve the issue..
where is the issue
1. need to check with the ldap server only
2. problem in java code only.
thanks in advance -
Sun.security.validator.ValidatorException: No trusted certificate found
Hello,
I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
-Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password On my development environment I can call the Web Service correctly.
Although, on the production environment, I am getting the following exception:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
at $Proxy171.send(Unknown Source)
at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
333)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
at org.jboss.remoting.Client.invoke(Client.java:1634)
at org.jboss.remoting.Client.invoke(Client.java:548)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
d certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
nnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
0)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
275)
... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
09)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
49)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 more Both systems are configured with the same JBoss, JVM, ...
The certificate details are:
Owner=
CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA
Fingerprints=
MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
List:
. digitalSignature
. keyEncipherment
. dataEncipherment
. keyAgreement
Extended Key Usage= none
On production I have also tried adding the following properties:
-Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password But I still get the error.
Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
Any help would really be welcome.
Thanks in advance.
Best regards,
Victor BatistaHi,
Thanks for your prompt reply.
I have also tried to add all the chain of certificates on my truststore, although I get the exception:
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 moreAnd all the certificates are valid.
I really don't understand what is going on.
Can I Ignore expired certificates? Any property?
When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
Thanks in advance,
Victor -
Steps involved in adding USB external HDD to a TC
Please forgive me if this question is somewhere in the forum, I haven’t been able to find it. At least I haven’t been able to find the actual steps involved (but I’m sure that they are probably right in front of me).
Here is my problem. I have a 1Tb Time Capsule, an iMAC, a MacBook, a MacBook Pro. I am running out of some space on my TC and have had to exclude a few directories in order to get it to successfully backup. I would like to back up all of my directories if possible.
After reading the post by Pondini , I http://discussions.apple.com/thread.jspa?threadID=2296894 I see that I can add external USB drives to my time capsule (http://web.me.com/pondini/Time_Machine/TCQ4.html). If I want to add, lets say 2 usb drives and then backup each computer to its own drive. Is it simple a matter of getting a powered usb hub, and then on each individual computer configure its individual time machine backup (system preferences -> Time Machine -> Select Disk? Or do I control all of this from my ‘master’ computer, which is the iMAC? If this is the case, then what would be the steps involved.
Does this question make sense?JM43 wrote:
Is it simple a matter of getting a powered usb hub, and then on each individual computer configure its individual time machine backup (system preferences -> Time Machine -> Select Disk?
Yup.
Depending on the sizes, you might want to get a single large drive and back up 2 of the Macs to it. You could partition it so each one has it's own space, or let them share the whole drive.
Just be sure to format it/them +*Mac OS Extended+* with the GUID Partition Map scheme.
Or do I control all of this from my ‘master’ computer, which is the iMAC?
No, it isn't a "master." You may use it that way, but only a Mac running OSX Server is considered as a "master." All your Macs are equal.
One suggestion, though; I'd recommend backing the iMac up to a directly-connected USB (or, better, FireWire) external HD. That's much faster and more reliable, and will reduce the amount of traffic on your network. -
The verification of the server's certificate chain failed
Hi All,
Not sure this is the right forum for this but never mind.
I am trying to get abap2GApps working and am having problems with the client certificates.
I am getting the below error in ICM :-
[Thr 06] Mon Jul 30 09:34:47 2012
[Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 06] session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"
[Thr 06] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 06] >> Begin of Secude-SSL Errorstack >>
[Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 06] << End of Secude-SSL Errorstack
[Thr 06] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 06] SSL NI-sock: local=172.30.7.170:59036 peer=172.30.8.100:80
[Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT
[Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]
Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.
For accounts.google.com they use (this set works) :-
1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
For docs.google.com they use a different set of SSL certs. :-
1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Google Internet Authority, O=Google Inc, C=US
3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Can anyone explain what I am doing wrong or how to correct this?
Thanks
CraigFurther UPDATE
After removing every certificate related to docs.google.com I still get the same error!
I have even tried downloading the root certificate directly from GeoTrust themselves and yet I still get the same error.
I have even resorted to running SAP program ZSSF_TEST_PSE from note 800240 to check the PSE and all is well!
Referring to SAP Note 1318906 suggests I am missing a certificate in the chain but I am not!
"Situation: The ICM is in the client role and the following entry is displayed in the trace:
ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
Reason:You try to set up a secure connection to a server, but the validity of the certificate cannot be verified because the required certificates are not available.
Solution:The missing certificates are listed in the trace file. You must use transaction STRUST to insert these certificates in the Personal Security Environment (PSE) that is used for the connection. The certificates are usually made available to you by the server administrator. If the certificates are public Certification Authority (CA) certificates, you can also request the certificates there."
What could possibly causing this?
Please help!
Craig -
Microsoft Exchange Server Auth Certificate Error
I have new install the Exchange server 2013. I accidentally assigned the IIS service to the Microsoft Exchange Auth Certificate. now i'm facing problem to connect exchange server from outlook.
The Error shows
"There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site
name. Outlook is unable to connect to the proxy server. (Error Code 10)."
Certificate shows error
"This CA root Certificate is nit trusted because it is not in the Trusted Root Certificate Authorities store"
Please help me...
ThanksHI Winnie,
if i use root CA from AD CA can solve this issue?
Please see the result:
[PS] C:\Windows\system32>Get-ExchangeCertificate | FL
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 12/19/2018 12:37:13 PM
NotBefore : 12/19/2013 12:37:13 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 30F29F3C289D448A4244C95D267B9976
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=Microsoft Exchange Server Auth Certificate
Thumbprint : 514DDBBDAB0878766B9D305A0D500CBEA334E109
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 12/18/2018 3:51:00 PM
NotBefore : 12/18/2013 3:51:00 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 2AAA1A565B385794473CE3AC8D3A85F4
Services : IIS, SMTP
Status : Valid
Subject : CN=Microsoft Exchange Server Auth Certificate
Thumbprint : 5E6026E8C9CC18BFE3684E58CD2876AC97A2514D
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=DBH-EX01
NotAfter : 12/11/2018 7:25:05 PM
NotBefore : 12/11/2013 7:25:05 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1C611FA9102B64B3462A0100FEF74A12
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=DBH-EX01
Thumbprint : 2FD1A8D2141DCA036F3DD5BE1191FD1FB6966EE9
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-DBH-EX01}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-DBH-EX01
NotAfter : 12/9/2023 5:03:46 PM
NotBefore : 12/11/2013 5:03:46 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 4013857FC4683FA940C6DCC87A83A05F
Services : None
Status : Valid
Subject : CN=WMSvc-DBH-EX01
Thumbprint : BAE5A99C48FDFDBDBDE1E158833F862BB977DC01 -
Use custom not ConfigMgr SQL Server Identification Certificate
Hello,
I noticed that during the database creation steps in System Center 2012 Configuration Manager, the SQL server's instance gets assigned a SSL Certificate called ConfigMgr SQL Server Identification Certificate. I currently have one that
I have assigned by our own PKI solution as I am pointing this to our SQL cluster.
Is there anyway to use my PKI issued certificate over the self-signed one that gets deployed by System Center during the installation process? When I use my own PKI issued certificate, System Center is unable to connect saying there is an issue with
the certificate (which I know is untrue as other applications can communicate to the cluster fine with my PKI issued certificate).
Thanks in advance!Hi,
This technet article might be of more help.
PKI Certificate Requirements for Configuration Manager
http://technet.microsoft.com/en-us/library/gg699362.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
SCCM 2007 Site Server Signing Certificate - Any Way to Extend Life of Template
Good morning,
It looks like my Site Server Signing certificate can't be renewed past the five year validity that the template was given. So, come Feb. 14th, I can't renew my existing Site Server Signing certificate. Is there any way to extend the life of the
certificate template so I can just "renew" the existing certificate on my server as opposed to creating and distributing a new one? Thanks for any help anyone can provide.Good morning,
It looks like my Site Server Signing certificate can't be renewed past the five year validity that the template was given. So, come Feb. 14th, I can't renew my existing Site Server Signing certificate. Is there any way to extend the life of the
certificate template so I can just "renew" the existing certificate on my server as opposed to creating and distributing a new one? Thanks for any help anyone can provide. -
How to connect to Windows 2008 VPN server with certificate support
Unfortunatelly if I select any Windows 2008 server compatible protocol (PPTP, L2TP) I cannot select PKI certificate, its only available for Cisco VPN. Yet my company has 1000 laptops and utilizing Windows 2008 Server for VPN (Cisco is too expensive and unnecessary because VPN is part of Windows Server). PKI certificate is required for connection security.
Any plans to enable certificates for PPTP or L2TP in 2.1 firmware? Even better would be to add SSTP protocol with certificate support, because it takes only one standard TCP connection (https) per user (uses least possible NAT resources for heavy loaded NATed WiFi spots). Also in some public places https is the only option to connect as PPTP and L2TP are filtered.Hi Shahzad,
>>how to connect sql server 2008 r2 sp2 with visual studio 2013 ultimate?
Based on your issue, if you wan to connect the sql server 2008 r2 sp2 from VS2013 IDE. I suggest you can try the Ammar and darnold924's suggestion to check your issue.
In addition, I suggest you can also refer the following steps to connect the sql server 2008 r2 sp2 with visual studio 2013 ultimate.
Step1: I suggest you can go to VIEW->SQL Server Object Explorer->Right click SQL Server->Add SQL Server.
Step2: After you connect the SQL Server 2008 r2 sp2 fine, I suggest you can go to VIEW->Server Explorer-> right click the Data Connection->Add Connection.
And then you can create the connect string in the Add Connection dialog box.
Hope it help you!
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
What are the steps involved in configuring Oracle EBSR12 after installation
What are the steps involved in configuring Oracle EBS R12 after installation is complete?
We have an empty oracle EBS R12 installed and up and running. We do not have anything configured.
Please direct me to the documents that can be followed to do initial steps for the application functionality to work.
Thanks,
SRWhat are the steps involved in configuring Oracle EBS R12 after installation is complete?
We have an empty oracle EBS R12 installed and up and running. We do not have anything configured.
Please direct me to the documents that can be followed to do initial steps for the application functionality to work.All Oracle EBS Docs 11i/R12 can be found at:
Oracle Applications Documentation
http://www.oracle.com/technetwork/documentation/applications-167706.html
Thanks,
Hussein
Maybe you are looking for
-
What does the AC Adapter for the WD My Cloud Look Like?
I have the WD My Cloud 3TB Part Number: WDBCTL0030HWT-00 I unplugged all my network equipment and went back to plug them in once everything was rearranged. But I have 2 AC to DC adapters that use the same plug, so I don't know which one is the right
-
How to include another partition in tape backup
Hi I use a shell script written by my sysadmin to take backup of our oracle system on tape. now i moved some datafiles on another partition and hence want to include that partition also in tape backup. for fs in $(cat /tmp/dailybkupfs | awk '{print $
-
How do I get outbound email working on my iPhone 4S with iOS7.0.2?
Since installing iOS7 on my iPhone 4S I can no longer send email. I can receive email no problem, and I have checked my passwords several times. Is there a fix that will allow me to send email again?
-
Publisher role cannot overwrite PDF when publishing from computer
I'm an admin on a site with one publisher role assigned, using Contribue 3. When the publisher wants to update an existing PDF, Contribute does not give him the option to overwrite the existing file, instead automatically appending it as "filename_00
-
Are vector graphics still high res when you import into Premiere?
Someone in our company is producing a commercial and he asked me for our logo. I sent him a PDF of a logo I created in Illustrator, so it's completely vector. He now says he needs a bigger logo that is high res. I thought vector was always high res a