Time consumption for certificate verification

Similar Messages

• Online Security with "best attempts" set for certificate verification

  As many others, I've had some security issues with both webkit browsers and the iTunes store after upgrading to 10.4.8 and running the late-November security update. Basically it was impossible to access https sites as well as the iTunes store without changing my certificate verification settings in Keychain.
  After switching Keychain preferences for certificates to "best attempt" for both OCSP and CRL, things are working fine again. But now my concern is about security. Basically, how insecure are such settings? Is Apple working at all on a fix for this or should I basically wait to upgrade to Leopard before expecting a solution?
  Thanks in advance.

  Hi Shadya10,
  Those are some pretty big questions! I'm not saying that your company can't become a CA because obviously there are companies that have, but this is almost something that happens at the state level if your not already intimate with PKI. Just from the tenor of your questions I'd suggest you contract with a reputable, existing CA to provide your PKI infrastructure. I could explain key management and how revocation checking works, but really if you're asking in an Adobe forum this is way more than you want to be dealing with.
  If you're really interested you need to start with reading RFC 5280.
  Steve

• Oracle SGA Real Time Consumption Information(9i,10g and 11g)

  Hello,
  I need to prepare a comparative analysis report of SGA for an Oracle Production Instance
  The analysis would show the pre-allocated memory to SGA components v/s real time consumption of memory by these SGA components. I need to do this for each of following components.
  SGA itself
  Fixed Size
  Variable Size
  Database Buffers
  Redo Buffers
  The pre-allocated memory to above SGA components can be obtained by querying v$sga. But from where do I get its real time(current) memory conusmption in Oracle Production environment.
  In addition to above, i need the same information (pre-allocated and real time consumption) for following.
  Keep buffer cache
  Recycle buffer cache
  Specific block size caches
  Shared pool
  Large pool
  Java pool
  streams pool
  Which tables do I need to consider in order to derive 1)pre-allocated memory and 2)real time consumption for above mentioned SGA components
  Please advice.
  Thank you for your time in reading this post.
  Thanks,
  Ruchir

  Hi,
  Have a look at v$sgastat. Also, use statspack in 9i and AWR reports on 10g. Also, the size of the caches won't grow unless they are used. The parameters you have specified within the parameter file, like sga_target (10g onwards) and possibly the other pools if you have specified them, will show you what the caches can grow to.
  For example, you could just log onto the DB and do show parameter sga_ or shared_pool and you will seee values for these. Also, it depends whether you are running in automatic memory management mode - where the sga_target parameter is set - or manual. 9i will be manual, but 10g could be auto. In manual case, 9i, check out the parameters individually.
  Also, read the docs about the parameters shown and you will see what it says abotu them. There will be lots in the docs about performance tuning and monitoring of the instance. You might even learn some other interesting facts while reading through the docs...
  Hope this helps,
  Rob
  http://www.ora00600.com

• Getting this error: Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.

  I keep getting this error on my new Macbook Pro w/ Retina.
  "Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you."
  Connected to a wifi network and QNAP storage system.  There are 5 computers on this network, and each backs up just fine.  The issue is isolated to this one machine.
  This error shows up every week or so.

  A third-party NAS is unsuitable for use with Time Machine, especially if it's your only backup. I know this isn't the answer you want. I know Time Machine accepts the NAS as a backup destination. I know that the manufacturer says the device will work with Time Machine, and I also know that it usually seems to work. Except when you try to restore, and find that you can't.
  Apple has published a specification for network devices that work with Time Machine. None of the third-party NAS vendors, as far as I know, meets that specification. They all use the incomplete, obsolete Netatalk implementation of Apple Filing Protocol.
  If you want network backup, use as the destination either an Apple Time Capsule or an external storage device connected to another Mac or to an 802.11ac AirPort base station. Only the 802.11ac base stations support Time Machine, not any older model.
  Otherwise, don't use Time Machine at all. There are other ways to back up, though none of them is anywhere near as efficient or as well integrated with OS X. I don't have a specific recommendation.
  If you're determined to keep using the NAS with Time Machine, your only recourse for any problems that result is to the manufacturer (which will blame Apple, or you, or anyone but itself.)

• Hostname Verification failed for certificate with CommonName 'gawlsdev02.ss

  Hi All,
  I want to know the meaning and the reason of this exception:
  <Jun 17, 2010 2:05:52 PM EDT> <Warning> <Security> <BEA-090504> <Certificate chain received from gawlsdev02 - 147.141.83.104 failed
  hostname verification check. Certificate contained gawlsdev02.ssga.statestr.com but check expected gawlsdev02>
  <Jun 17, 2010 2:05:52 PM EDT> <Debug> <TLS> <000000> <Hostname Verification failed for certificate with CommonName 'gawlsdev02.ssga.
  statestr.com' against hostname: gawlsdev02>
  thanks in advance.

  When Webloigic Server tries to validate the certificate, it compares te CN of the certificate with the hostname from where the request is coming from.
  If they don't match, hostname verfication fails and SSL connection is not established.
  In your case I see the CN is gawlsdev02.ssga.statestr.com whereas WLS is expecting it to be gawlsdev02.
  U can use this option to ignore host name verification
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  To know about other SSL issues, u can refer this
  http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/
  -Faisal

• I got the message:   Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you. I got the message:   Time Machine completed a verification of your backups. To improve reliability, Time Ma

  I got the message:
  Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.
  Here's what the text of the system.log says when I filter for backupd:
  Jan  9 11:37:14 justin-steeds-macbook-pro com.apple.backupd[2618]: Starting standard backup
  Jan  9 11:37:14 justin-steeds-macbook-pro com.apple.backupd[2618]: Network destination already mounted at: /Volumes/TimeMachine
  Jan  9 11:37:33 justin-steeds-macbook-pro com.apple.backupd[2618]: Recovery backup declined by user.
  Jan  9 11:37:33 justin-steeds-macbook-pro com.apple.backupd[2618]: Backup canceled.
  Jan  9 11:48:20 justin-steeds-macbook-pro com.apple.backupd[2859]: Starting standard backup
  Jan  9 11:48:20 justin-steeds-macbook-pro com.apple.backupd[2859]: Network destination already mounted at: /Volumes/TimeMachine
  Jan  9 11:48:42 justin-steeds-macbook-pro com.apple.backupd[2859]: Recovery backup declined by user.
  Jan  9 11:48:43 justin-steeds-macbook-pro com.apple.backupd[2859]: Backup canceled.
  Jan  9 11:51:07 justin-steeds-macbook-pro com.apple.backupd[2917]: Starting standard backup
  Jan  9 11:51:07 justin-steeds-macbook-pro com.apple.backupd[2917]: Network destination already mounted at: /Volumes/TimeMachine
  Jan  9 11:51:34 justin-steeds-macbook-pro com.apple.backupd[2917]: Recovery backup declined by user.
  Jan  9 11:51:34 justin-steeds-macbook-pro com.apple.backupd[2917]: Backup canceled.
  Jan  9 11:53:50 justin-steeds-macbook-pro com.apple.backupd[2987]: Starting standard backup
  Jan  9 11:53:50 justin-steeds-macbook-pro com.apple.backupd[2987]: Network destination already mounted at: /Volumes/TimeMachine
  Jan  9 11:54:07 justin-steeds-macbook-pro com.apple.backupd[2987]: Recovery backup declined by user.
  Jan  9 11:54:07 justin-steeds-macbook-pro com.apple.backupd[2987]: Backup canceled

  Since this is a MacBook Pro hardware community, you might get better results by asking your question at the Time Machine forum, located within the Lion discussion group. 
  https://discussions.apple.com/community/mac_os/mac_os_x_v10.7_lion

• In time Consumption of Raw material in case of Subcontracting

  HI Gurus
  Please look into the following issue.
  Presently we are sending Raw material to subcontracting vendor  through 541 mvt type  along with excis challan.Then subcontractor intimates raw material consumption details time to time through mail/fax.Now as per client requirement raw material consumption should be done in time i.e. when they are receiving raw material consumption details. They don't want book the raw material consumtion at the the time of receipt of finish goods.
  Please guide me to book in time consumption of raw material.
  Redards
  Kumar

  Thnks for your reply.
  I want to do the manual consumption from subcontracting stock. Client don't want to book the consumption at the the time of raw material transfer to subcontractor. Also there will be problem in subcontracting challan reconcillation.
  We can't do the manual consumption through 543 mvt type .Is there any workarround for this ?

• Import cert in Cisco 7921 with error "certificate verification failed"

  Hi everyone
  I am trying to install a digit cert on a 7921 and I get the message on import of "certificate verification failed".
  I have tried a number of time, create CSR file then login to certificate web site and get file assigned then import it back to the phone. I used the DER format
  Many thx indeed,
  Roy

  Hi,
  Referencing: https://supportforums.cisco.com/thread/2095711
  Have you followed the steps outlined in page 72 of this guide?  This should be applicable to 792x.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf
  Do you have any trace logs from the phone you can post after your attempt to import the cert?

• Content server certificate verification

  Hello, everybody,
  we would like to use the proxy server as an HTTP-to-HTTPS converter for around 30 URLs/destination servers in a configuration as follows:
  clients (actually another proxy)
  --->HTTP---> web proxy
  --->HTTPS--> firewall
  --->Internet
  We added the forward (http-->https) and reverse (https-->http) mappings in the web proxy already, and they work.
  I'd like to know which certificate/key file is for client requests (not used here, only HTTP), and which is for the outgoing HTTPS requests for content servers, and how exactly content server certificate checking can be manipulated.
  There are:
  (a) a key file in magnus.conf
  (b) a cert database in magnus.conf
  (c) a security setting (on/off) in magnus.conf
  (d) a key file in the Init statement in the obj.conf
  (e) a cert file in the Init statement in the obj.conf
  (f) a security setting (on/off) in the Init statement in the obj.conf
  ...but which is for what?
  The admin document (which I have read up and down) mentions "security" and "encryption", but IMHO fails to state whether the terms refer to incoming requests (which I assume), and which refer to outgoing requests.
  So in more detail:
  1) If I generate a key and put a corresponding certificate into a key file, what is the effect if I mention this file in (a) or (d) above, resp.? Do these entries have to be the same (i.e., do they have to mention the same file)?
  2) In (1), for which connection does the certificate/key apply: to requests incoming from the clients (if HTTPS/SSL were used there), acting as a server certificate, or as client certificate for outgoing requests, or both?
  3) The certificate database in (b) and (e), resp., is it for verifying the client certificates in incoming requests (which is often mentioned), for verifying the content server certificates in outgoing requests (which is hardly ever mentioned), or both? I need to verify the content server certificates, and some of them are issued by strange or own CAs, so I need to add a few CA certificates.
  4) Do I have to add the CA certificates as chain certificates or as CA certificates? "CA certificates" would make sense to me (after all, they are CA certificates), but those are apparently only for client certificate verification, so I added them as chain certificates (a chain of a single element...). Strange that if I click "Do not trust", a certificate that was earlier trusted for client certs is now "only" valid as CA certificate -- as if one was somehow "less" than the other.
  5) With an Equifax server certificate on a certain host, I get a message that the content server allegedly refuses to respond to the connection or may be highly loaded. Using openssl, I can connect from the same host to the content server without problems, in SSL2, SSL3, TLSv1. It makes no difference if the Equifax CA certificate is in the cert database or not, or if "Security" is on or off, or if "Initialize certs only" is checked. Using ssldump, I see that the proxy gives a "bad_certificate" fatal alert to the server. (The list of supported ciphers is a lot shorter with the proxy than with openssl, BTW.) Happens with at least two content servers, both of which can be contacted without problems via openssl, and the server certificates of which can be verified with their corresponding CA certificates I have available.
  6) What does "Security on", "off" and "Initialize certs only" actually do? (...apart from putting a line into obj.conf...)."Security" is such a broad term used in (c) and (f), but does it refer to the client or the content server side? (Yes, I know that SSL provides authentication and encryption, I'm just not sure about how to configure what on the proxy software.) Guess I'm repeating myself here ;-)
  7) I read that there is a tool "certadmin". Is it provided with some other Sun software? (I think with the portal server, right?) I would love to get hold of a tool for really looking into the cert databases (not using the admin server functionality). I also heard of another tool, but don't recall its exact name -- something like idscertutil, or some other *certutil. Does this ring a bell with anybody?
  I'm using proxy 3.6 SP6.
  Any insights are welcome.
  Thanks for your help,
  Stefan

  Gerd,
  Don't know which version of fetchmail comes with 10.3.x and 10.4.x respectively.
  However, older versions would check for an SSL certificate in an opportunistic way and still go ahead if there wasn't one. More recent versions will interrupt comunications.
  In other words, since you do not use SSL you must disable it in fetchmail. If I remember correctly (not 100% sure), you must add:
  sslproto ''
  to .fetchmailrc
  Alex

• Set Up Material Block for Invoice Verification

  Hi,
  Please share your experience for customization setting under General settings for material management "Set Up Material Block for Invoice Verification".
  When should we use " Material is bloked at first read" and "Material is blocked when invoice is posted".
  Does it improve MIRO transaction performance if we chnage the setting from " Material is bloked at first read" to "Material is blocked when invoice is posted"?
  Thanks & Regards,
  AG

  Hi,
  Set Up Material Block for Invoice Verification
  Use: -
     In this step, you specify at what point materials are blocked in Invoice Verification:
     o   During the allocation phase, all materials present in the invoice are blocked.
     o   During simulation or posting, materials whose stocks are to be changed are blocked and are read again.
     o   Materials whose stocks are to be changed, are blocked and are read again when you post.
     When you post directly to a material, the given material is blocked immediately in all settings.
  Standard settings: -
  In the standard system, materials are blocked during the allocation phase.
  It is suggested to block materials during allocation phase itself, so that user has not to enter all the details and then get block error at the time of Simulation or Posting. Also it improves the performance since all these transactions need not to be carried out and system informs initially that materials are blocked.
  Also refer SAPNote 210828 - Material blocks in logistics invoice verification

• Finder keeps asking for password verification

  Finder keeps asking for password verification when I ask to move or delete a file.
  How can I stop this from happening?
  Thanks in advance.

  Repairing the permissions of a home folder in Lion is a complicated procedure. I don’t know of a simpler one that always works.
  Launch the Terminal application by entering the first few letters of its name into a Spotlight search. If that doesn’t work, then in the Finder, press the key combination shift-command-U. The application is in the folder that opens.
  Drag or copy – do not type – the following line into the Terminal window, then press return:
  chmod -R -N ~
  You may see a few error messages about an “invalid argument” while the command is running. You can ignore those. If you get an error message with the words “Permission denied,” enter this:
  sudo !!
  You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up.
  Next, boot from your recovery partition by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the recovery desktop appears, select Utilities ▹ Terminal from the menu bar.
  In the Terminal window, enter “resetpassword” (without the quotes) and press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select  ▹ Restart from the menu bar.

• Time Table for File Vault 2 FIPS-140-2 Certification

  I believe I read something that Lion/File Vault 2 encryption was submitted to NIST for FIPS-140-2 certification.   I know that IOS 5 is first to be certified, but does anyone know the time table for Lion/File Vault 2 to be certified?     I was told a few months ago that it would be certified by 12/31/2011.   Any update would be appreciated.  

  Disclosure: I work for NIST, but not in the Computer Security Div. (the group that issues the certificates).
  Looking at the NIST list of validated modules, Lion's crypto module recieved its certification on 3/30/12, but I don't know if this applies to all apps or just the libraries.  It doesn't apply to 3rd party apps yet (note says it will be re-evaluated for that use).  I wouldn't think File Vault is a "third party" app. 
  I'll post more if I find out anything.

• Time machine completed a verification of your backups....

  "Time Machine completed a verification of your backups on “Jimka Ussner's Time Capsule”. To improve reliability, Time Machine must create a new backup for you." ????
  what is going on?
  should i erase my time machine and start over or can my backups be saved?

  See > http://pondini.org/TM/C13.html

• Time Machine on a NAS - Avoiding "Time Machine completed a verification of your backups....."

  I use Time Machine to wirelessly backup my MBA to a Buffalo NAS. It will work fine for weeks or months, then I will see the dreaded "Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.” error. Of course this means I lose all my backups.
  I have researched this pretty thoroughly and I know that using TM with a NAS has some risk. But I am hoping to not have to resort to dragging out a USB drive everytime (daily) I want to do a backup.
  Can anyone share sucess stories of how they make TM work reliably with a NAS? Is it a Buffalo problem and a different NAS works better? I know the majority of TM users have no problems. What am I doing wrong?
  Thanks.

  I have a Synology 1511+ and had the same issue. Except my backups would only corrupt every month or two.
  After lots of searching I found the issue is backing up over wifi to the NAS. I found the solution to this was to install a small app: Time Machine Scheduler (free).
  It can be found here: http://www.klieme.com/TimeMachineScheduler.html
  All you need to do is install, and set backups only to run over Ethernet. Works great for me as I use my mac 50/50 between my workstation and wirelessly around the house. Haven't had an issue since.

• Time Machine completed a verification... must create new backup??

  I just saw a notice on my headless MacMini that "Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you. Click Start New Backup to create a new backup. This will remove your existing backup history. Click "Backup Later" to be reminded tomorrow.
  That sounds ominously like it should have said "Time machine encountered an error, and you're going to lose all your history when I start a new backup for you, but you really have no choice other than to delay the pain for a day".
  This is a relatively new 2Tb capsule, model A1409, from 9/7/11, which is backing up a Mac Mini (new as of April) and a new MacBook Pro (as of May).
  Is there any way not to lose that backup history? Any way to debug what happened so I can take steps to make sure it doesn't happen again?
  Thanks!
  Steve

  Bob,
  After re-reading my initial reply, please do NOT think I was saying that "you" didn't answer my question about what happened.
  I was trying to imply that sunspots and cosmic rays are indeed sometimes part of our life in IT, and that I was just going to "accept it, lose my history, and go on".
  I do truly appreciate help, and would have hated to have you think that was directed "at" your reply...
  Steve