Validate certificate using OCSP protocol.`

Similar Messages

• How can I validate a signature using OCSP?

  I need to manage signed PDF documents. It was very easy to create a java prog to create and sign a PDF document (using itext).
  I use the certificate from my Belgium Identity card for signature. Fine.
  My problem is when reading the sign document.
  On most PC, I see the signature with a yellow question mark (identity of the signer is unknown) which is not fine.
  On some PC, when the signed document is opened, I see a real time connection to "http://ocsp.eid.belgiulm.be" and the signature appears with a green check which is very fine. That what I want.
  What 'and how) are the required configuration to force this OCSP check?
  I am using Adobe Reader 9 (v 9.4.1)
  Thanks

  The validation is currently done on both PC. That not the problem.
  But on the first one, the validation fails because the "Identity of the signer is unknown"
  On my second PC, the validation is done using OCSP (I see a realtime connection to "ocsp.eid.belgium.be") resulting in a successfull validation.
  I would like TO FORCE OCSP VALIDATION on both PC. But I have no idea on how to force this OCSP validation. By chance, it happens on the first PC but I do not know why?

• Problems using https protocol to connect to open a web site

  Hi,
  I am trying to connect to a web site from my java programme. When I try connecting using htpp protocol, I am able to open the web page then I am giving the username,password to login into that web site..its working fine.
  But, When I try connecting using https protocol connection, I am not getting the page opened and after some time I am getting below error
  Exception in thread "main" org.apache.xmlrpc.XmlRpcException: I/O error while communicating with HTTP server: Connection timed out: connect
       at org.apache.xmlrpc.client.XmlRpcCommonsTransport.writeRequest(XmlRpcCommonsTransport.java:244)
       at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:151)
       at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:115)
       at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56)
       at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167)
       at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:137)
       at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:126)
       at com.wipro.bugc.Test1.call(Test1.java:94)
       at com.wipro.bugc.Test1.main(Test1.java:124)
  Caused by: java.net.ConnectException: Connection timed out: connect
  Can anyone please suggest or give sample code to work with https web sites in java.
  I will have to use only https protocol to open any browser as my server only opens the web pages using https protocol
  Thanks in advance

  Hi,
  Thank you for your immediate reply. Please find the below code for your infomationa and please let me know where I am wrong..
  Below is the example we used to connect to "rojects.maemo.org" site and end up with the error I mentioned in the previous topic.
  package com.wipro.bugc;
  import java.net.Authenticator;
  import java.net.URL;
  import java.security.cert.X509Certificate;
  import java.util.HashMap;
  import java.util.Map;
  import javax.net.ssl.HostnameVerifier;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.SSLContext;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.X509TrustManager;
  import org.apache.http.HttpEntity;
  import org.apache.http.HttpHost;
  import org.apache.http.HttpResponse;
  import org.apache.http.auth.AuthScope;
  import org.apache.http.auth.NTCredentials;
  import org.apache.http.auth.UsernamePasswordCredentials;
  import org.apache.http.client.HttpClient;
  import org.apache.http.client.methods.HttpGet;
  import org.apache.http.impl.client.DefaultHttpClient;
  import org.apache.http.protocol.BasicHttpContext;
  import org.apache.http.protocol.HttpContext;
  import org.apache.xmlrpc.client.XmlRpcClient;
  import org.apache.xmlrpc.client.XmlRpcClientConfigImpl;
  import org.apache.xmlrpc.client.XmlRpcCommonsTransportFactory;
  public class Test1 {
      private static void install() throws Exception {
          // Create a trust manager that does not validate certificate chains
          TrustManager[] trustAllCerts = new TrustManager[] {
              new X509TrustManager() {
                  public X509Certificate[] getAcceptedIssuers() {
                      return null;
                  public void checkClientTrusted(X509Certificate[] certs, String authType) {
                      // Trust always
                  public void checkServerTrusted(X509Certificate[] certs, String authType) {
                      // Trust always
          // Install the all-trusting trust manager
          SSLContext sc = SSLContext.getInstance("SSL");
          // Create empty HostnameVerifier
          HostnameVerifier hv = new HostnameVerifier() {
              public boolean verify(String arg0, SSLSession arg1) {
                      return true;
          sc.init(null, trustAllCerts, new java.security.SecureRandom());
          HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
          HttpsURLConnection.setDefaultHostnameVerifier(hv);
      public static void call(String url) throws Exception {
           HttpClient httpClient = new HttpClient();
           httpClient.setHttpConnectionFactoryTimeout(600000000);
          httpClient.getParams().setAuthenticationPreemptive(false);
         Credentials defaultcreds = new UsernamePasswordCredentials("username", "password");
         httpClient.getState().setCredentials(new AuthScope("projects.maemo.org", 443, AuthScope.ANY_REALM), defaultcreds);     
            HttpHost targetHost = new HttpHost("projects.maemo.org", -1, "https");
            System.setProperty("proxySet", "true");
            System.setProperty("http.proxyHost", "xxxx.com");
            System.setProperty("http.proxyPort", "xxxx");
            Authenticator proxyAuthenticator = new HttpAuthenticateProxy(
                      "username", "password");
            Authenticator.setDefault(proxyAuthenticator);
            XmlRpcClient rpcClient = new XmlRpcClient();
            XmlRpcCommonsTransportFactory factory = new XmlRpcCommonsTransportFactory(
                      rpcClient);
            factory.setHttpClient(httpClient);
            rpcClient.setTransportFactory(factory);
          XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
          config.setServerURL(new URL(url));
          config.setEnabledForExtensions(true);
            config.setEnabledForExceptions(true);           
            config.setBasicUserName("username");
            config.setBasicPassword("password");
            rpcClient.setConfig(config);      
            Map<String, String> loginMap = new HashMap<String, String>();
            String bugzillaUserName = "username";
            String bugzillaPassword = "password";
            loginMap.put("login", bugzillaUserName);
            loginMap.put("password", bugzillaPassword);
            Object loginResult = rpcClient.execute("User.login",new Object[] { loginMap });
            System.out.println("loginResult.toString() "
                      + loginResult.toString());
      public static void main(String[] args) throws Exception {
          String url = "https://projects.maemo.org/bugzilla_sandbox/xmlrpc.cgi";
          Test1.install();
          Test1.call(url);
          System.out.println("Finished.");
  }

• Signed Applet not loading on Mac OS X if using HTTPS protocol

  Hi All,
  I need to open a trusted applet on Mac OS 10.2. The applet works fine if using HTTP protocol. But if the protocol used is HTTPS the the applet does not loads and "javax.net.ssl.SSLException - untrusted server cert chain" exception comes on the console.
  The error comes for both - Verisign and javakey - signed applet.
  On seaching for possible solution on the net, i came across following link: http://www.macosxhints.com/article.php?story=20020525101202503&query=Workaround+for+secure+Java+applet+problems
  It says that this is Mac's known bug and gives the workaround as:
  1. Access the problematic site with Internet Explorer on Windows. Click on the padlock item and export the certificate to a file.
  2. Copy the certificate to your Mac.
  3. Use the command
  sudo keytool -import -trustcacerts -keystore /Library/Java/Home/lib/security/cacerts -file mycert.cer
  to import the certificate file to your keystore (substitute mycert.cer with the name of the file containing the certificate). The keystore is password protected - the default password is "changeit".
  4. Restart your browser
  But the client cannot be asked to do all this to run the applet.
  Is this problem being solved by Mac in their java implementation or is there any other possible solution?
  Thanx in advance.
  Regards,
  Charu

  I am experiencing the same problem - I notice it does not happen on OS9.2 using IE but appears a problem on all browsers on OSX
  Apple gave me the following reply.....
  Re: Bug ID# 3268633: cannot load applet class under https connection
  Hello Andrew,
  Thank you for bringing this problem to our attention. We have received feedback
  from engineering on your
  reported issue.
  Please know that to get Java to recognize the certificate you will need to do
  one of two things, depending
  on which VM you are using. Since you want it to work with Internet Explorer, we
  will assume Java 1.3.1.
  In Java 1.3.1 you'll need to add the certificate to
  /Library/Java/Home/lib/security/cacerts using
  /usr/bin/keytool to import the certificate into the certificate database.
  In Java 1.4.1 you should be able to just add the certificate to the keychain
  using certtool. For more
  details on how to do this, please refer to the information found at
  <http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html>. After
  doing so, if you should require
  further help from Apple in resolving this issue, we recommend that you request
  assistance from Developer
  Technical Support. This must be done by filing a Technical Support Incident.
  So I am supposed to tell every Mac user to do the above am I?!!!

• Correct JDBC url using IPC protocol

  What is correct url to connect to db with orcl SID using IPC protocol? Couldn't find this in documentation....
  jdbc:oracle:oci:@[WHAT GOES HERE?]

  If you are having problems with TCP then you should find and fix those problems. Many thousands of others use TCP with, and without, Glassfish and it works just fine for them. That indicates you have an issue with one, or more of those four things I ask you to provide but chose not to.
  Fix would be to upgrade DB to 12.1.0.2 or downgrade to 11, where I haven't got any problems with connection pool.
  SHOW US (don't just tell us):
  1. WHAT you are doing - that means posting the code and ALL relevant info about TNSNAMES and other properties/settings being used such as connection pool settings.
  2. HOW you are doing it - that means showing a copy of the console that shows the LAUNCH and EXECUTION of the code
  3. WHAT results you get - that means showing a copy of the console showing any results or exceptions you are getting
  4. WHAT results you expected to get
  You should also do basic troublshooting:
  1. confirm that you can connect to the DB without using JDBC
  2. confirm that you can connect and work properly WITHOUT using a connection pool
  That other link you provided shows pool settings that are pretty much guaranteed to cause the pool to close connections. An idle timeout of only 60 seconds greatly increases the possibility that a connection that is checked out of the pool and still in use may get closed if it isn't returned to the pool properly.
  This link describes the attirbutes  and their defaults:
  https://docs.oracle.com/cd/E19316-01/820-4338/abhcy/index.html
  You are using SEVERAL non-default settings - and you are having a problem. That suggests you should go back to the defaults and test again.
  We can NOT see your computer screen or SEE what you are doing. We can NOT debug code that we can't see.
  Are you a bot? Or are you using some replay templates? Have you read my first post? Do I ask for help in debug any code? What code you are taking about? I ask for proper url using OCI driver over IPC protocol.
  This is my tnsnames.ora
  ORCL_IPC =
    (DESCRIPTION =
      (ENABLE = BROKEN)
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = IPC)(Key = ORCL))
        (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (CONNECT_DATA =
        (SERVER = DEDICATED)
        (SERVICE_NAME = ORCL)
  and jdbc config
  <jdbc-connection-pool validation-table-name="DUAL" datasource-classname="oracle.jdbc.pool.OracleDataSource" max-pool-size="50" res-type="javax.sql.DataSource" steady-pool-size="10" statement-cache-size="100" name="c2onlinePool" statement-timeout-in-seconds="30" is-connection-validation-required="true" idle-timeout-in-seconds="7200" max-wait-time-in-millis="10000" validate-atmost-once-period-in-seconds="60">
        <property name="driverClass" value="oracle.jdbc.OracleDriver"></property>
        <property name="user" value="***"></property>
        <property name="url" value="jdbc:oracle:thin:@127.0.0.1:1521/orcl"></property>
        <property name="password" value="***"></property>
        <property name="portNumber" value="1521"></property>
        <property name="databaseName" value="orcl"></property>
        <property name="serverName" value="127.0.0.1"></property>
  </jdbc-connection-pool>
  which is working (I'm testing with ping from glassfish web console), I just want to switch to IPC protocol.
  I tried with
  jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY = LISTENER))(CONNECT_DATA=(SERVICE_NAME=orcl)))
  jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=ORCL)))
  but every time JVM crashes with stackoverflow, as soon as I click on ping in console.
  Maybe it's just another driver bug. I have similar situation with thin driver - version 12.1.0.1 didn't work, but version 12.1.0.2 worked ok.

• Renewing public key certificate used for Seeburger AS2

  My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition?  More specifically...
  1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date? 
  2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system? 
  3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?

  Hi Kurt
  In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.
  This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.
  I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-
  i) import new cert replacing original cert of the same name
  ii) import new cert into new name, manually update sender/receiver agreements
  Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.
  Rgds
  Eng Swee

• ITSMobile using HTTPS protocol

  Hello,
  I am new on ITSMobile and I am having issue connecting using https protocol.  I keep getting a message on my device MC70 "The Web site you want to view request identification.  Select the certificate to use when connecting".  Unfortunately I only got a blank box and nothing to choose.  When I click OK I only get the previous site I been to and will not get the login screen that I need.
  I am using a Symbol MC70 with windows mobile 5.0.  All the settings in SICF are okay so with the ports.  I appreciate whoever can give help on my issue.

  We are having the same issue.
  Does anybody have any suggestions?  We are using a self-signed certificate.

• Wireless WRT160N Connection Error "Windows cannot validate certificate"

  I installed and configured the WRT160N v.2 wireless router. My notebook running windows xp sees the network and has a good signal.  When I try to connect, I get an error that "windows cannot validate certificate" or "validating identify".  Does anyone know what  the problem is and how to fix it?
  Thanks...Rich

  You need to change the Wireless Settings on your router...
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1...Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  -Here select manual configuration...Wireless Network mode should be mixed...
  -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Radio Band to Standard-20MHz and change the Standard channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WPA, For Encryption, select AES...For Passphrase input your desired WPA Key. For example , MySecretKey , This will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
  Now see if you can locate your new Wireless Network and attempt to connect...
  If the above fails : 
  Please go to the Control Panel and double click on Network Connections, right click on Wireless Network Connection and click on Properties.Choose the Wireless Networks-tab and remove all the preferred networks from the list and click Add...Click the tab Authentication, in this window you have to choose Enable IEEE 802.1x authentication for this network and EAP type set to Protected EAP (PEAP?, now click O.k...
  Try to re-connect to your wireless network, it should connect...

• How to create a certificate using keytool / terminal?

  I have problems with creating certificates using the terminal. I use the instructions below and typed in all the required information. When it asks me to type "yes" and confirm, the whole process just starts from the beginning over and over and I have to type in the same things. What do I do wrong? How do I confirm the information I typed in?
  I am trying to create a certificate to sign apps for GooglePlay and Amazon. I am using DPS Professional.
  Thanks for help!
  Instructions:
  (Mac OS) Create a certificate file using Keytool
  Open Terminal, which is located in the Applications > Utilities folder.
  Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
  1
  keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
  Specifying “10000” sets the expiration date after 22 October 2033.
  Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
  Follow the prompts to specify the certificate information.
  When prompted to confirm choices, enter yes, and then press Return to use the same password.
  A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well.

  It could be access/rights issue. Enable root user and try again.

• File to File scenario using Transport Protocol FTP  Problem

  Hi,
  my scenario is a file to file scenario using Transport Protocol FTP
  there are 3 systems involved
  a. computer 1 ( My system-source)
  b. computer 2 (XI server)
  c. computer 3 (Target system)
  I want XI to pick file from computer 1 and post it to computer 3
  I am logging on to XI server from computer 1(thro SAP GUI),
  <u><b>Sender communication  channel :</b></u>
  Transport protocol:FTP
  Messsage protocol: file
  <u><b>In FTP connection Parameters:</b></u>
  Server: computer 1 IP address
  port:21
  User name and PW---> I have given computer 1 Username and password.
  Connection mode: permanently
  Transfer mode: Binary
  Folder: C:\ftproot\output
  filename : given
  <u><b>In Receiver Communication Channel</b></u>
  Transport protocol:FTP
  Message protocol: file
  <u><b>In FTP connection Parameters:</b></u>
  Server: computer 3 IP address
  port:21
  User name and PW---> I have given computer 3 Username and password.
  Connection mode: permanently
  Transfer mode: Binary
  Put File: Use Temporary File
  Folder:
  eccserver\saploc\tmp
  filename scheme: given
  When I activate the scenario file is not getting picked from the source
  In Adapter Framework: Message says up and running No message processing now
  How to check FTP server is up and running on computer 1 (source system)and Computer 2 (XI server)?
  What could be the problem ?
  Thanks
  dushanth

  Hi
  Consider that I dont have FTP installed on my computer. According to this blog
  /people/shabarish.vijayakumar/blog/2006/08/01/along-came-a-file-adapter-mr-ftp-and-rest-of-the-gang
  I have configured.
  In sender comm channel I have given Ipaddress of computer 1 (which has a file to be picked)
  In Receiver Comm channel I have given IP address of computer 3 (in which file to be posted)
  and computer 2 is the XI server
  Computer 1 has FTP installed
  1. XI server should have FTP installed or not ? IF yes is it FTP client  or FTP server   or Guild FTP (according to the blog is enough)
  2. Computer 3 should have FTP installed or not ?
  Please help me I am really confused.
  Thanks
  dushanth

• Error to Connect Oracle Files from Mac Os10  using smb protocol .

  I connect my MacOs10 to oracle Workspaces using smb protocol but when I try to copy a file into a folder the system show me "error -36".
  From the finder I type "apple -k" and then I write "smb://nomeserver". The system show me "User name" and "Password" and after the authentication I see "MyHome" resource on my desktop.
  I navigate into MyWorkspaces folders and than I copy a file from a local directory. After a few second the system show me "error -36" and the file is not transferred from local to server.
  Any idea?
  Thanks

  In OCS10g SMB protocol not supported, use FTP or WebDav.

• Wildcard Certificate use in Sun Java System Messaging Server (IMAPs/POPs)

  I'm trying to use a wildcard certificate acquired from GlobalSign and am having problems getting
  it (properly) into the cert database.
  I tried using certutil, and that didn't seem to work at all, it would list without user cert status:
  rmorneau+root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
  GlobalSign-Ext-CA CT,c,
  *.xxxxxxxxxxx.edu ,,
  I had some success using msgcert and pk12util, but after importing it in, then seeing that it did
  have user cert status, after a quick restart of Messaging (IMAP/POP), SSL quit for IMAP and kicked all
  my IMAPs users out temporarily (until I put the original cert8.db and key3.db back).
  -------- ImapProxy_20101115.log----
  20101115 135531 ImapProxyAService.cfg (id 2590) SSL negotiation failed for IP XXX.XXX.X.XXX: Cannot connect: SSL is disabled. (-12268)
  pop.xxxxxxxxx.edu u,u,u
  GlobalSign-Ext-CA CT,c,
  *.xxxxxxxxxxx.edu u,u,u
  I truly appreciate any help on this matter.
  -Bob

  2. Does the certificate nickname in NSS match the configured certificate nickname in the product?I'm not sure, but I'll try that the next time I try this... will probably be late at night were I won't be interrupting IMAPs and POPs
  Makes sense. Prior to release 7 update 4, the servers have to be shut down before modifying certificate databases. As of 7 update 4 you can do a one-time migration to the cert9.db/key4.db format that >should allow certificates to be updated without taking the servers offline.
  This was in the log just before the other log entry that I showed before.
  20101115 135440 ImapProxyAService.cfg ASockSSL_Init: couldn't find cert imap.xxxxxxxxx.edu (-8174)
  This is the key line from the log. The server is looking for a certificate with the NSS certificate nickname of 'imap.xxxxxxxxx.edu' and is not finding that certificate so issue 2 is likely the problem.Yes, this was it. Oversite on my part, forgot they had to match and could not be a form of just domainname.edu or *domainname.edu.
  You either need to modify the default:SSLCertNicknames setting to match the nickname of the new certificate, or install the new certificate using the existing certificate nickname of 'imap.xxxxxxxxx.edu'I modified the default:SSLCertNicknames setting.
  Thank you CNewman very much for all your help.
  And, for those trolling for an answer with more detail via an Internet search (that is, if Oracle doesn't screw up these forums for anon searches)::::
  With the private key in hand (not password protected), I used 'openssl' to get it into a pkcs12 type file:
  (It is best to do this as root and not as sudo root as you might run into problems if your host
  does not have root power to write to your home dir on the/a NFS share.... you will get "unable to write 'random state'".)
  root@mmp1:/var/opt/SUNWmsgsr/config/GlobalSign-certs-new# /usr/sfw/bin/openssl pkcs12 -export \
  -in ket-wildcard-cert.pem -inkey private.key -out cert.pkcs12 -name xxxxxxxxx.edu
  Enter Export Password:
  Verifying - Enter Export Password:
  Where "private.key" is the key file, and "ket-wildcard-cert.pem" is the (pem format) cert from our cert provider,
  and cert.pkcs12 is our cert file that will be imported into the database, and xxxxxxxxx.edu is whatever you (nick)name your cert
  in the database
  (I think you could use a password protected private key if you have that password.. I don't.)
  Next, I used 'msgcert' to import the pkcs12 cert file into the database (I'm sure there is a way
  to use certutil or even pk12util to do the same, but I'm on Sun Messenger 6.3 at this time, so that's what I used.
  If someone would like to elaborate for those....?):
  (It is best, when using 'msgcert', to do it where your mailsrv user has some privs.. I took my pkcs12 cert and moved into /tmp.)
  root@mmp1:/tmp# /opt/SUNWmsgsr/sbin/msgcert import-cert cert.pkcs12
  Enter the PKCS#12 file password: (blank)
  Enter the certificate database password: (token password in sslpassword.conf)
  Make sure your (wildcard) cert nickname matches what you have in
  ImapProxyAService.cfg and PopProxyAService.cfg at the "default:SSLCertNicknames" field.
  Edit if need be.
  root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
  GlobalSign-Ext-CA CT,c,
  xxxxxxxxx.edu u,u,u
  root@mmp1:/var/opt/SUNWmsgsr/config# grep default:SSLCertNicknames *AService.cfg
  ImapProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
  PopProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
  Then, of course, restart the msg service(s).
  /opt/SUNWmsgsr/sbin/stop-msg
  /opt/SUNWmsgsr/sbin/start-msg
  Edited by: 810750 on Nov 18, 2010 8:08 AM
  Edited by: 810750 on Nov 18, 2010 8:11 AM

• Using https protocol thru Oracle Developer 6.0

  Hi ,
  I would like to know if it is possible to use https protocol from Oracle Developer 6.0.
  we have used http protocol when using
  Show_Document() and it works fine. But when we try to use https (which our application requires - secure mode)then we get the following error:
  FRM-99999 Invalid URL sent to browser with target_BLANK.
  Full Details: unknown protocol:https
  We would appreciate any help on this problem.
  Are there any patches which would enable the use of this protocol??
  Thanks,
  Sanjay Sinha
  email:[email protected]
  null

  There are other services that may cause you trouble.
  I have had to turn off SMTP and DHCP services in the past.

• How to validate xml using xsd

  Hi All
  please tell me how to validate xml using xsd
  regards

  Try using this link:
  = http://www.google.nl/search?q=XML+validate+oracle for instance or
  = use the search button on this forum and / or
  = read the FAQ on this (XML DB FAQ
  Thanks Eddie et all, for educating me via http://awads.net/wp/2006/11/14/barts-punishment-for-asking-dumb-questions (don't mind the URL , the info there is really useful)
  The following link on this site is just brilliant: http://www.albinoblacksheep.com/flash/posting.php
  Grz
  Marco
  Message was edited by:
  mgralike

• Validate date using RE

  Hey guys,
  Need to validate date using RE in format MM/DD/YYYY and optional HH:MM:SS
  I already have simple solution, but would like to add checks for leap year and dates like 02/30/2006 or 04/31/2006
  So far I have this:
  private static final String datePattern =
       "^(0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])[- /.](19|20)\\d\\d" +
       "(\\s(([0-1]?[0-9]|2[0-3]):([0-5]?[0-9]):([0-5]?[0-9]))){0,1}$";

  A much better way is to specify the format of the data and parse it using the SimpleDateFormat class method parse.