Sun VM and IE Certificates

Similar Messages

• Private key and digital certificate

  I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
  and i got,
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 1 entry
  demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
  Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
  Question :
  I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
  If so , what are private keys and digital certificate in the above contents ?
  Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen

  The content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .

• ISE 1.2 and iPEP Certificate Requirements

  Hi,
  For 1.1.x version of ISE, there are some constraints regarding the certificates used for iPEP and Admin:
  Both EKU attributes should be disabled, if both EKU attributes are disabled in the Inline Posture certificate, or both EKU attributes should be enabled, if the server attribute is enabled in the Inline Postur  certificate.
  [http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bea904.shtml]
  Does the same thing applies for iPEP in ISE 1.2? The User Guide for ISE 1.2 and Hardware Installation Guide doesn't mention anything about EKU and specific certificate attributes..
  Any thoughts?
  Thank you,
  Octavian

  The EKU validation has been removed in version 1.2
  "If you configure ISE for services such as Inline  Policy Enforcement Point (iPEP), the template used in order to generate  the ISE server identity certificate should contain both client and  server authentication attributes if you use ISE Version 1.1.x or  earlier. This allows the admin and inline nodes to mutually authenticate  each other. The EKU validation for iPEP was removed in ISE Version 1.2,  which makes this requirement less relevant."
  Source:
  http://www.cisco.com/en/US/products/ps11640/products_tech_note09186a0080bff108.shtml

• How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

  Hi,
  I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
  Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
  Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
  Please suggest how to pass both the certs from client Application..

  Hi,
  This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
  And for more information, you could refer to:
  http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
  Regards

• ISE 1.2 and multiple certificates

  Hello,
  Hopefully someone can answer this question.  We have ISE 1.2 setup and running, 802.1x and user and computer certificates.  All is working fine except some users have two user certificates, one from our server the other from our parent company.  When these users log in they get a bubble message saying "additional information is required to connect to the network", they click on this and they are asked to pick a certificate.  If they pick the one from us all works. 
  Question, is there a way either in Windows or ISE to use our certificate by default?  The PCs in question all have the cisco NAC agent, 4.9.43, and are either XP, Windows 7 or 8. 
  Thanks

  Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac. 

• My company loaded profiles onto my iPad for email and calendars.. There is also a signing certificate and a certificate. What are these for? Additionally are they able to monitor apps and usage, ie Internet usage when it is not on their wifi?

  My company loaded profiles onto my iPad for email and calendars.. There is also a signing certificate and a certificate. What are these for?
  Additionally are they able to monitor apps and usage, ie Internet usage when it is not on their wifi?
  I do not have any VPN enabled?

  Do you happen to have an Android?  If so and depending on what version there is a great data usage analyse tool built-in.  See if you can go to Settings -> Data Usage  from there you can pick a current or previous billing cycle and then use the vertical sliders to select a date range and it will filter the usage data per app to show you exactly what app(s) were using data during that time frame.

• Cisco ISE Admin and EAP certificate renewal

  Hi board,
  maybe I'm asking a rather dumb question here, but anyway :)
  I'm currently thinking about how to renew an admin/EAP certificate on an ISE node and the effect on the endpoint authentication.
  Here's the thing I do, when I initially install an ISE node
  1.) CSR creation on ISE (PAN) - CN=$FQDN$ and SAN="fqdn as well"
  2.) Sign CSR and bind certificate on ISE node - done
  Now after 10 month or so (if the certificate is valid for one year) I want to renew the ISE admin/EAP certificate.
  CSR creation: I cannot use the $FQDN$ as the CN, because there is still the current certificate (CN must be unique in the store, right?)
  So what to do now? Do I really need to create a temporary SSC and make it the admin/EAP certificate, delete the current certificate and then create a new CSR? There must be a better and more important non-disruptive way of doing this.
  How do you guys do this in your deployments?
  Thanks in advance and sorry again if this is a silly question.
  Johannes

  you can install a new certificate on the ISE before it is active, Cisco recommends that you install the new certificate before the old certificate expires. This overlap period between the old certificate expiration date and the new certificate start date gives you time to renew certificates and plan their installation with little or no downtime. Once the new certificate enters its valid date range, enable the EAP and/or HTTPS protocol. Remember, if you enable HTTPS, there will be a service restart
  Certificate Renewal on Cisco Identity Services Engine Configuration Guide
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116977-technote-ise-cert-00.html

• Sun Creator and using the JNI

  Does any developer or Sun person have a direction for me to go in the use of the JNI within Java Sun Creator?
  It seems last weekend I was talking to a person from SUN in regards to tis issue and they have not got back to me. Has any one that uses searches looks through this user forum used the JNI within Sun Creator and to what extenet if you have.
  Thank you for your help...

  dupey00_ca , Sun support is trying to contact you.
  Please see the response to your posting from ELI-NB on Jan 4
  http://forum.java.sun.com/thread.jspa?threadID=5113212&messageID=9389707#9389707
  John
  from the Creator team

• WS-Security:  Fail to configure Keystore and Identity Certificates

  Hi,
  This is my first question here!
  I want to set a secure web service, following the guide "Web Services Security Guide" i set up the keystore and Identity Certificates with a keystore that contains two certificates created by me, I set the keys to be used as signature and encryption. Not define any method for authentication.
  I deployed the application to the server (oc4j_extended_101350) and up to this point apparently everything went well.
  I created a web service proxy to test the web service with jdeveleper, but when I call the web service method the server responds with the error:
  java.rmi.ServerException:
  start fault message:
  Internal Server Error
  : End fault message
  at oracle.j2ee.ws.client.StreamingSender._raiseFault (StreamingSender.java: 571)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl (StreamingSender.java: 401)
  at oracle.j2ee.ws.client.StreamingSender._send (StreamingSender.java: 114)
  at clientmessageoc4jstda.proxy.runtime.MyWebService1SoapHttp_Stub.getHelloWorld (MyWebService1SoapHttp_Stub.java: 77)
  at clientmessageoc4jstda.proxy.MyWebService1SoapHttpPortClient.getHelloWorld (MyWebService1SoapHttpPortClient.java: 42)
  at clientmessageoc4jstda.proxy.MyWebService1SoapHttpPortClient.main (MyWebService1SoapHttpPortClient.java: 30)
  On the server the following error occurs:
  ERROR OWS-04005 error has occurred on port: () http://messagelevelsecurity/ MyWebService1SoapHttpPort: oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException.
  The client and server are not in the same directory.
  The class exposed by the web service is a simple Hello World.
  public class HelloWorld {
  public HelloWorld() {
  public String getHelloWorld(){
  return "Hello World";
  Thanks in advance
  I apologize for my English

  I had to add : " outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");" to the client code and it started working !

• Points System Incorrectly invalidated $50 and $5 certificate, left with $40...

  To whom it may concern,
  I received an email back on 12/24/2013 stating that My Best Buy redeemed my points for a $50 certificate.  I continued to purchase items without using the certificate.  On 12/30/2013, I received another email stating that My Best Buy redeemed additional points for a $5 certificate.  I have not made any additional purchases since the $5 certificate and yet when I attempted to use both of the certificates the other day, I was told they were not valid and had likely been used.  The only thing that I have returned was purchased on 12/30/2013 after receiving the $5 certificate.  The tablet was then returned in the following two days.  I know from previous experience that Best Buy only awards points on purchases at a minimum 30 days after the purchase has been completed to ensure that the awarded points are only given on items that have been kept.
  Given this, why is it that your system invalidated my $50 and $5 certificates, and then proceeded to give me a $40 certificate instead? What happened to the additional points that your system issued back prior to downgrading me to a $40 certificate???  I'll be honest with you - I have already had multiple displeasing experiences at Best Buy and hope this will not be another one.  I can assure you that if it is, I will be transitioning my purchases to Amazon instead of through your company.
  Please advise...

  Good morning mrod5167, and welcome to the forum,
  I can understand having questions if it appears that points are missing from your account or if certificates were cancelled for some reason.  After using the email address you registered with the forum to review your My Best Buy™ account, I believe that I can explain why those certificates were cancelled.  Whenever a return is processed, any points that were awarded for the original purchase would be removed.  The returns that you processed at the beginning of the year involved bonus points that you had been awarded from one of our private shopping events, so when removed caused your points balance to go negative and the two certificates to be cancelled.  Once the point values for the two certificates reposted to your account, you no longer had a negative balance, but only enough for a $40 certificate.
  I hope that explanation helps; however, if you do have additional questions, please feel free to send me a private message and I will see what I can do to further assist.  A private message can be sent by clicking on the blue button located within my signature.
  Thank you for reaching out to us.
  Derek|Social Media Specialist | Best Buy® Corporate
   Private Message

• Oracle Workflow Server in a SUN machine; and the Oracle

  Hi All
  I have installed Oracle Workflow Server in a SUN machine; and the Oracle
  Workflow Client (Builder) in a WIN2000 machine.
  In the SUN machine, I already had installed Oracle9i and OMS (Oracle
  Management Server) version 9.2.0.1.0.
  In the WINDOWS 2000 machine, I already had installed the Oracle9i
  Client and the OWB (Oracle Warehouse Builder) version 9.0.3.35.0. Workflow
  Builder
  was installed together with Oracle Client components.
  I have a OWB (Oracle Warehouse Builder) project, and I deploy and schedule
  JOBS in OEM.
  Now I need Oracle Workflow in order to better ordering, manage and schedule
  that jobs.
  I'm reading the following documentation:
  Oracle Workflow Guide (Release 2.6.2)
  http://www.csis.gvsu.edu/GeneralInfo/Oracle/workflow.920/a95265.pdf But I think Oracle Workflow is very complex to learn quickly.
  My OWB Project has several mappings that load tables in a Data Warehouse.
  When I deploy these mappings one by one, in OEM, I can execute them in OEM
  and they work well.
  But when I use the Workflow Deployment Wizard, I create a new Workflow
  Project (Item type and Process).
  But I can't Launch this process. I go to Launch Process in Workflow page
  (http://:/pls//) but when I iniciate the project,
  it stops in the OWB Standard Begin Function. It does not go ahead.
  Well, when I use the Workflow Deployment Wizard inside OWB, it generates
  jobs that can
  be viewed inside OEM (Oracle Enterprise Manager) too. But when I submit
  these jobs, I can't get success too.
  Can somebody help me? May you guide me in order to solve my problem, or send
  me some
  documents or links about workflow, and it's integration with OWB and OEM?
  Best regards

  I think this might be more of an OWB question, and how OWB uses workflow, I have sent an email internally to try and get someone to responsd. You should also consider contacting Oracle Support if you are having these kinds of problems.
  Hi All
  I have installed Oracle Workflow Server in a SUN machine; and the Oracle
  Workflow Client (Builder) in a WIN2000 machine.
  In the SUN machine, I already had installed Oracle9i and OMS (Oracle
  Management Server) version 9.2.0.1.0.
  In the WINDOWS 2000 machine, I already had installed the Oracle9i
  Client and the OWB (Oracle Warehouse Builder) version 9.0.3.35.0. Workflow
  Builder
  was installed together with Oracle Client components.
  I have a OWB (Oracle Warehouse Builder) project, and I deploy and schedule
  JOBS in OEM.
  Now I need Oracle Workflow in order to better ordering, manage and schedule
  that jobs.
  I'm reading the following documentation:
  Oracle Workflow Guide (Release 2.6.2)
  http://www.csis.gvsu.edu/GeneralInfo/Oracle/workflow.920/a95265.pdf But I think Oracle Workflow is very complex to learn quickly.
  My OWB Project has several mappings that load tables in a Data Warehouse.
  When I deploy these mappings one by one, in OEM, I can execute them in OEM
  and they work well.
  But when I use the Workflow Deployment Wizard, I create a new Workflow
  Project (Item type and Process).
  But I can't Launch this process. I go to Launch Process in Workflow page
  (http://:/pls//) but when I iniciate the project,
  it stops in the OWB Standard Begin Function. It does not go ahead.
  Well, when I use the Workflow Deployment Wizard inside OWB, it generates
  jobs that can
  be viewed inside OEM (Oracle Enterprise Manager) too. But when I submit
  these jobs, I can't get success too.
  Can somebody help me? May you guide me in order to solve my problem, or send
  me some
  documents or links about workflow, and it's integration with OWB and OEM?
  Best regards

• JDBC Thin Connections with SSL and client certificates

  Hi ,
  we are going have a look at JDBC Thin Connections with SSL and client certificates.
  I have two questions:
  1. Is it possible to use SSL connections from JDBC Thin Driver and which release of the driver introduced it
  2. Is it possible to use client certificates with JDBC Thin Driver and which release of the driver introduced it
  Thanks for your help
  regards
  Markus Reichert

  I could not reproduce the error after appending the SSL certificate to the certdb.txt file available under $Jinitiator_Home/lib/security folder.
  Steps to add the SSL Certificate:
  1. Run the form with the https mode in the IE Browser.
  2. Security Alert is raised.
  3. Click on the View Certificate button.
  4. In the Certificate Window, click on the Details tab.
  5. Click on the Copy to File button to copy the certificate.
  6. Copy the certificate and append to the certdb.txt file.

• SUN ray and windows License

  Hi,
  I want to use sun ray solution with 100 windows client. can someone tell me which is the best license solution. i mean , should I go with windows terminal license or vmare solution.
  if you can please explain me about the vmare solution and benefits.
  thanks
  rajesh

  Well to be honest; we don't currently have someone here with full SUN knowledge that can answer that. I am a Windows administrator and trying to find all the applications and appliances whether they are compatible with AD 2008 R2 level. If the Sun Ray and V210 don't have an AD link/integration, that is then actually good news.
  Olaf

• IPhone's and Public Certificates

  Hello,
  My question is specific to using PEAP (EAP-MSCHAP v2) with 3rd party certificates on iPhones. I have read that despite having a public certificate, iPhones will continue to prompt to accept the cert every time. Can anyone confirm if this is true or if you
  can avoid the cert prompt by having a public certificate installed?
  Thanks

  Hi,
  I don’t similar the iPhone certificate processing mechanism, but base on my experience, it must your iPhone not trust the root certificate of your CA. Please confirm your
  iPhone have install the certificate which same with your NPS server.
  Certificate enrollment for computers that are not domain members cannot be performed with autoenrollment. When a computer is joined to a domain, a trust is established that
  allows autoenrollment to occur without administrator intervention. When a computer is not joined to a domain, trust is not established and a certificate is not issued. Trust must be established using one of the following methods:
  An administrator (who is, by definition, trusted) must request a computer or user certificate using the CA Web enrollment tool.
  • An administrator must save a computer or user certificate to a floppy disk and install it on the non-domain member computer. Or, when the computer is not accessible to the
  administrator (for example, a home computer connecting to an organization network with an L2TP/IPsec VPN connection), a domain user whom the administrator trusts can install the certificate.
  • An administrator can distribute a user certificate on a smart card (computer certificates are not distributed on smart cards).
  The related KB:
  Certificates and NPS
  http://social.technet.microsoft.com/Forums/en-US/3dcbc123-c7ed-479a-82fc-79670c05bed5/iphones-and-public-certificates?forum=winserverNAP
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Portal and BW certificate must be different

  Hi,
  We've installed BI with BI Java and Portal as Addin on same System.
  We've configured the BI & Portal integration via NWA and everything is ok. But after when tested we got " The system is unable to interpret the SSO ticket received " errors during Bex Launcher.
  When we checked the configuration via RSPOR_SETUP Repost on ABAP Stack, everything except the following seems ok.
  Status 10: Import Portal Certificate into BI            <b>Portal and BW certificate must be different</b>
  Status 12: Maintain User Assignment in Portal           <b>System failure during call of function module RSWR_RFC_SERVICE_TEST</b>
  I think the problem is when we imported the Portal Certificate into BI, as they reside on same system error occurs at step 10.
  This is the production system. On Development System, Portal+BI Java are on another server than BI and this problem was not occured.
  Does anyone experienced this issue?

  Hi,
  Of cours I've solevd the issue via sap note "917950 SAP NetWeaver 2004s: Setting Up BEx Web"
  Here is the section you've to consider ;
  Add-In Installation and importing Certificates with identical system ID (SID)
  In case of Add-In installation, the system ID (SID) of
  AS-ABAP and AS-Java is identical. This causes problems
  during import and certificates, if you are using the
  Template Installer. Because the ABAP system does not allow
  to import a certificate with identical Distinguished Names (DN) (e.g. identical common names (CN), subject names, ...). Also the standard client of the J2EE must be different from the standard client of the ABAP system.
  If the common names are identical, the report RSPOR_SETUP
  displays the error message "Portal and BW certificate must be different" (English).
  If the client of the Portal certificate is existing in the
  ABAP system, the error message "Add-In Installation: check logon.ticket_client (see note 994785)" is diplayed.
  This issue could be solved by creating a new Portal
  certificate with a different Distinguished Name (DN). The
  steps to create a new Portal certificate are described in
  the report RSPOR_SETUP documentation of step "Export Portal Certificate to the Portal" (step 9):
       1. Delete J2EE certificate (SAPLogonTicketKeypair
  and SAPLogonTicketKeypair-cert) in Visual Administrator under Services Keystorage
       2. Create new J2EE certificate (SAPLogonTicketKeypair with other Distinguished Name) in
  Visual Administrator under Services Keystorage (as
  described in documentation of step 9 "Export Portal
  certificate in Portal", report RSPOR_SETUP)
       3. Delete J2EE certificate in certificate list
  and access control list (ACL) with transaction STRUSTSSO2
       4. Import new J2EE certificate to certificate
  list in transaction STRUSTSSO2
       5. Add new J2EE certificate to access control
  list (ACL) in transaction STRUSTSSO2
  See report RSPOR_SETUP documentation of step "Configure User Management in Portal" (step 8) or note 994785 how to
  change the standard client of the J2EE.
  Message was edited by:
          HUSEYIN BILGEN