Webdav with client ssl certificate

I have created one webdav enable site in apple mac mini server using apache. The webdav site is secured with https as well as client certificate.
While browsing the website using safari/IE everything is working fine,but with ipad's webdav utility it is not working.Client cert is not picking up by webdav nav tool, although the client ssl cert is installed in ipad.

Some more checking using wireshark on the destination server.
I created a simple html page that is contained under a directory that requires SSL and a client certificate, as configured in the apache configuration.
This works fine from the IE and Firefox desktop browsers.
Now, using Safari on the iPad with the appropriate certificates installed (client cert and CA cert) using the profile management tool, I attempted to connect to this page.
Wireshark shows the iPad contacting the server and the TLSv1 protocol selection (Client Hello and Server Hello).
Following this the server issues the requested server certificate and the CA cert to the iPad device.
The iPad device responds with an ACK and this is where it stops the communication. No further packets appear.
During this time, the iPad has requested that a client certificate be selected using the dialog and the appropriate client cert is selected, however the network transaction does not show the iPad ever sending this certificate to the server.

Similar Messages

  • How to authenticate BPEL process to a PL with Client SSL Cerificate

    Hi,
    I need to invoke a partner link which requires authentication with Client SSL certificate. So, here is the use case:
    - The PL's endpoint is https://some.server.com/web_service;
    - I have a client SSL certificate supplied by the web service provider in the form of PKCS12 (PFX) file. I should use this certificate for authentication.
    I read carefully the BPEL Administration Guide, the part about SSL authentication (http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#CHDHIBEG), but in this guide is described how outer services can be authenticated by the BPEL Process Manager with client SSL certificates, not the vice versa.
    So, I completed the following tasks:
    - I imported the server certificate of https://some.server.com/web_service into $ORACLE_HOME/jdk/jre/lib/security/cacerts file;
    - since I didn't find a way to import the client certificate as a PFX file, I converted it PEM file, using OpenSSL utilities and manage to import in cacerts client certificate's public key, but not the private key. Of course this didn't help me in any way to get authenticated.
    I would appreciate any help on this topic!
    Thank you!
    Simeon

    i get this action plan and works for me...
    1. Download the new Client Certificate.
    2. Convert the Client PFX to JKS as per:
    http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores
    3. Using firefox go to the WSDL site:
    * Add the exception, if Firefox ask for it.
    * Import the server certificate to Firefox following the instructions displayed
    4. Once you imported the certificate on Firefox, go to:
    * Tools -> Options
    * Select Advanced and click on "Encryption" tab
    * Click on View Certificates
    * Go to the Servers tab
    * Select the "servercfa" and click on "Export"
    * Save the certificate adding the .cer extention to the name.
    * Ensure that you select in Save as Type "X.509 Certificate with Chain (PEM)"
    5. Import using keytool the exported certificate from step 4 to the JKS obtained in step
    2:
    * i.e: keytool -import -alias servercert -file servercfa.crt -keystore client.jks -storepass welcome1
    6. Add both keyStore and trustStore properties to the jdev.conf pointing to the same JKS :
    AddVMOption -Djavax.net.ssl.keyStore=C:\jdevstudio10133\jdk\jre\lib\security\client.jks
    AddVMOption -Djavax.net.ssl.keyStorePassword=welcome1
    AddVMOption -Djavax.net.ssl.keyStoreType=JKS
    AddVMOption -Djavax.net.ssl.trustStoreType=JKS
    AddVMOption -Djavax.net.ssl.trustStore=C:\jdevstudio10133\jdk\jre\lib\security\client.jks
    AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1
    7. Open Jdev and retest the issue.
    Tocarli.

  • Configure OWA to require a client ssl certificate only for external connection

    Hello.
    At now i migrated OWA client from Exchange 2003 to Exchange 2010 and faced with a problem.
    I want to then external client (somebody like user from home PC) connect to Outlook Web App, client certificate will be required.
    But then client connect (somebody from work PC) to internal Outlook Web App Url, Integrate Windows Auth will be used and client ssl certificate not required.
    Is it possible? Or i need to enable Outlook Anywhere?

    Hi,
    Base on my konwledge, I don't think it is possible.
    When you install Exchange 2003, only one Default Web Site in Internet Information Services (IIS). if you change the authentication method and enable SSL on OWA, client ssl certificate always be required whether it's external or internal.
    I recommend you refer to the following articles:
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/mobility-client-access/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/security-message-hygiene/SSL_Enabling_OWA_2003.html
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft.
    Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Thanks.
    Niko Cheng
    TechNet Community Support

  • Issue with Client Authenication Certificates within Bootable Media

    Hi All,
    I am in the process of deploying SCCM 2012 R2 in our environment parallel to our existing SCCM 2007 R3 environment. So far everything is working well. I have hit, however my first issue. This seems to be related to Client Authentication certificate validation.
    The problem occurs when booting from SCCM 2012 Task Sequence Bootable media and attempting to contact a local Management Point. I am using a USB Boot key at this point as I do not want to overlap with our existing PXE environment.
    The SMSTS.LOG shows the error 0x80072f8f. Specifically the error that I need to get past is:
    [TSMESSAGING] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    [TSMESSAGING]                : dwStatusInformationLength is 4
     TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    [TSMESSAGING]                : *lpvStatusInformation is 0x10
     TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    [TSMESSAGING]            :
    WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
     TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    [TSMESSAGING] AsyncCallback(): ----------------------------------------------------------------- TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    I have followed all of the recommended steps that I can think of so far. I have:
    Ensured that the Server Authentication and client authentication certificate on all Site systems is correct (I.e. all certificates are based on Certificate Templates as per the TechNet documentation)
    Ensured the Root and Issuing CA's are registered within the SCCM 2012 Site
    The Distribution Point role and Bootable Media are using a dedicated Client Authentication certificate that has been imported via a .PFX
    Ensured this certificate is in a "Not blocked" state
    Ensured the Date and Time of each Site System and of WinPE during the boot process is in sync.
    Checked the MPControl.LOG on each of our 2 Management Points looking for errors. These logs are all clear.
    Checked the IIS Web Logs on the Management Points. These logs are also all clear.
    The SMSTS.LOG is successfully importing the Root CA certificates ....
    Root CA Public Certs=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)Importing certificates to root store TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 19/12/14 11:27:22 AM 1164 (0x048C)
    I have noticed that there are plenty of issues related to an invalid CA due to root CA import issues or CRL checking. We currently have CRL checking disabled and based on the "INVALID_CN" reference I don't believe CRL check is part of the equation.
    With regards to the Common Name I can confirm the following:
    The "ConfigMgr Client Certificate" Template used to auto enroll all domain joined systems is based upon the "Workstation Authentication" template. The Subject Field is set, as by default to "None". The SAN is set to DNS name.
    The "ConfigMgr OSD Certificate" Template used to create the client authentication certificate used on the DPs and Bootable Media is set to "Supplied at Request". I set a CN of "Configmgr OSD Certificate" for this certificate.
    I have tried using another client authentication certificate for the DPs and Bootable media that had no Subject Name defined.
    Can offer any suggestions as to where I might be going wrong?
    Thanks,
    Nathan Sutton
    NSutton

    Hi Jason,
    Here is the log as requested. I will post it up in separate messages.
    <![LOG[LOGGING: Finalize process ID set to 724]LOG]!><time="13:36:01.388+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="tslogging.cpp:1495">
    <![LOG[==============================[ TSBootShell.exe ]==============================]LOG]!><time="13:36:01.388+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728"
    file="bootshell.cpp:1055">
    <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:01.404+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="util.cpp:964">
    <![LOG[Debug shell is enabled]LOG]!><time="13:36:01.404+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:1066">
    <![LOG[Waiting for PNP initialization...]LOG]!><time="13:36:01.419+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:60">
    <![LOG[RAM Disk Boot Path: MULTI(0)DISK(0)RDISK(0)PARTITION(1)\SOURCES\BOOT.WIM]LOG]!><time="13:36:01.419+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732"
    file="configpath.cpp:302">
    <![LOG[WinPE boot path: D:\SOURCES\BOOT.WIM]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="configpath.cpp:327">
    <![LOG[Booted from removable device]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="configpath.cpp:357">
    <![LOG[Found config path D:\]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:548">
    <![LOG[Booting from removable media, not restoring bootloaders on hard drive]LOG]!><time="13:36:01.435+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:582">
    <![LOG[D:\WinPE does not exist.]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:599">
    <![LOG[D:\_SmsTsWinPE\WinPE does not exist.]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:613">
    <![LOG[Executing command line: wpeinit.exe -winpe]LOG]!><time="13:36:01.497+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:860">
    <![LOG[Executing command line: X:\windows\system32\cmd.exe /k]LOG]!><time="13:36:02.935+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:860">
    <![LOG[The command completed successfully.]LOG]!><time="13:36:02.951+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:942">
    <![LOG[Successfully launched command shell.]LOG]!><time="13:36:02.951+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="728" file="bootshell.cpp:432">
    <![LOG[The command completed successfully.]LOG]!><time="13:36:15.371+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:942">
    <![LOG[Starting DNS client service.]LOG]!><time="13:36:15.371+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:666">
    <![LOG[Executing command line: X:\sms\bin\i386\TsmBootstrap.exe /env:WinPE /configpath:D:\]LOG]!><time="13:36:15.890+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732"
    file="bootshell.cpp:860">
    <![LOG[The command completed successfully.]LOG]!><time="13:36:15.890+480" date="12-19-2014" component="TSBootShell" context="" type="1" thread="732" file="bootshell.cpp:942">
    <![LOG[==============================[ TSMBootStrap.exe ]==============================]LOG]!><time="13:36:16.062+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
    file="tsmbootstrap.cpp:1165">
    <![LOG[Command line: X:\sms\bin\i386\TsmBootstrap.exe /env:WinPE /configpath:D:\]LOG]!><time="13:36:16.062+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212"
    file="tsmbootstrap.cpp:1166">
    <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:964">
    <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\TSRESNLC.DLL']LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="resourceutils.cpp:169">
    <![LOG[Current OS version is 6.2.9200.0]LOG]!><time="13:36:16.078+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:3094">
    <![LOG[Adding SMS bin folder "X:\sms\bin\i386" to the system environment PATH]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212"
    file="tsmbootstrap.cpp:963">
    <![LOG[Failed to open PXE registry key. Not a PXE boot.]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmbootstrap.cpp:844">
    <![LOG[Media Root = D:\]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmbootstrap.cpp:1000">
    <![LOG[WinPE boot type: 'Ramdisk:SourceIdentified']LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmbootstrap.cpp:779">
    <![LOG[Failed to find the source drive where WinPE was booted from]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="2" thread="1212" file="tsmbootstrap.cpp:1036">
    <![LOG[Executing from Media in WinPE]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmbootstrap.cpp:1041">
    <![LOG[Verifying Media Layout.]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:1623">
    <![LOG[MediaType = BootMedia]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2607">
    <![LOG[PasswordRequired = false]LOG]!><time="13:36:16.094+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2633">
    <![LOG[Found network adapter "Realtek PCIe GBE Family Controller" with IP Address X.X161.12.]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="0"
    thread="1212" file="tsmbootstraputil.cpp:517">
    <![LOG[Running Wizard in Unattended mode]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:2803">
    <![LOG[Loading Media Variables from "D:\sms\data\variables.dat"]LOG]!><time="13:36:16.109+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsremovablemedia.cpp:322">
    <![LOG[no password for vars file]LOG]!><time="13:36:16.156+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmediawizardcontrol.cpp:247">
    <![LOG[Entering TSMediaWizardControl::GetPolicy.]LOG]!><time="13:36:16.156+480" date="12-19-2014" component="TSMBootstrap" context="" type="0" thread="1212" file="tsmediawizardcontrol.cpp:527">
    <![LOG[Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00']LOG]!><time="13:36:16.172+480"
    date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="environmentscope.cpp:263">
    <![LOG[Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912}]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
    file="environmentscope.cpp:623">
    <![LOG[Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00420041003300410033003900300030002D0043004100360044002D0034006100630031002D0038004300320038002D003500300037003300410046004300320032004200300033007D00']LOG]!><time="13:36:16.172+480"
    date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="environmentscope.cpp:263">
    <![LOG[Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03}]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212"
    file="environmentscope.cpp:623">
    <![LOG[Setting LogMaxSize to 1000000]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:555">
    <![LOG[Setting LogMaxHistory to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:556">
    <![LOG[Setting LogLevel to 0]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:557">
    <![LOG[Setting LogEnabled to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:558">
    <![LOG[Setting LogDebug to 1]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:559">
    <![LOG[UEFI: false]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:569">
    <![LOG[Loading variables from the Task Sequencing Removable Media.]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:584">
    <![LOG[Loading Media Variables from "D:\sms\data\variables.dat"]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsremovablemedia.cpp:322">
    <![LOG[Succeeded loading resource DLL 'X:\sms\bin\i386\1033\TSRES.DLL']LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="util.cpp:964">
    <![LOG[Setting SMSTSLocationMPs TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSMediaGuid TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSBootMediaPackageID TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSBootMediaSourceVersion TS environment variable]LOG]!><time="13:36:16.172+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSBrandingTitle TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSCertSelection TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSCertStoreName TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSDiskLabel1 TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSHTTPPort TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSHTTPSPort TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSIISSSLState TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSMediaCreatedOnCAS TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSMediaPFX TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSMediaSetID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSMediaType TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSPublicRootKey TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSRootCACerts TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSSiteCode TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSSiteSigningCertificate TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSStandAloneMedia TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSSupportUnknownMachines TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSTimezone TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSUseFirstCert TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSx64UnknownMachineGUID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    <![LOG[Setting _SMSTSx86UnknownMachineGUID TS environment variable]LOG]!><time="13:36:16.187+480" date="12-19-2014" component="TSMBootstrap" context="" type="1" thread="1212" file="tsmediawizardcontrol.cpp:604">
    NSutton

  • URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

    Hi,
    I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
    I am trying to get work with url: https://reports.mydomain.com
    I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
    https://reports.mydomain.com/ReportServer - works fine
    https://reports.3pro.hr/Reports/ - I got error:
    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    In rsreportserver.config I have:
    <Add Key="SecureConnectionLevel" Value="2"/>
    When looking my ReportServerService_date.log file I have something like:
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
    Also, error shown in log file:
    appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
    ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
    The remote certificate is invalid according to the validation procedure.
    Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
    -- Hrvoje Kusulja

    I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
    before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
    but I didn't roll them back either so they may have been necessary.)
    Step 1:
    Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
    file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
    SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
    Step 2: 
    In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
    <Add Key="SecureConnectionLevel" Value="3"/>
    Step 3:
    In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
    is valid for your certificate.  For example, if my cert matches *.mydomain.local:
    <UrlRoot>
    https://myserver.mydomain.local/ReportServer
    </UrlRoot>
    Step 4:
    Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
    the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
    broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
    Step 5:
    This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
    The corrected value should be the same as in step 3, for example:
    <ReportServerUrl>
    https://myserver.mydomain.local/ReportServer
    </ReportServerUrl>
    Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
    Good luck!

  • Enterprise App with push notifications signed with client's certificate.

    Hello all,
    We have an enterprise application that we wrote for a client that will only be deployed internally. The application has push notifications bound to our store account. The build fails with:
    Error 1
    The Publisher attribute of the Identity element in the app manifest must have the value of the Publisher ID value from your developer account: CN=607****
    How do I do one of the following:
    1. Get the client cert to be our app cert.
    2. Associate a cert when you sign up for a developer account.
    Thanks!

    Hi Larry,
    >> Error 1  The Publisher attribute of the Identity element in the app manifest must have the value of the Publisher ID value from your developer account: CN=607****
    Right click on your manifest file and choose view code option. Modify Publisher element in Identity like the following image.
    About client certification, please post more information to make it clear, I don’t understand what do you want to do.
    Regards,
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate
    the survey.

  • Webdav using Client Certificates

    Hello all
    Finder (10.5.6) seems not to be able to use Webdav with client certificates. Especially in conjunction with Alfresco Share this would be nice.
    Any ideas?
    Pascal.

    Hi,
    > have a question, if we use this mechansim do we have to mainatin User's cerificate in user master or >this is not needed as we are accepting the connection from the intermediary server which is trusted by >the J2EE engine.
    I think it depends from your Biller Direct application.
    In my company we use Rosettanet B2B with SAP XI and have this setup :
    Internet -- https --> Apache -- https --> Web dispatcher -- https --> SAP J2EE PI
    The client certificate from the B2B partner is sent up to SAP PI and we did not have to set the certificate in the user mast.
    We did have to import the certificate in the J2EE keystore and to configure the Rosettanet connector.
    Regards,
    Olivier

  • SQL Server SSL Certificate

    Hi All,
    I am slowly getting to the bottom of applying SSL throughout my project but am stuck in the current situation and I need help please..
    Project is a Java servlet running on Windows. Java 1.6 and Tomcat 7 but connects to a SQL Server database and an Oracle database (running on unix). We have a keystore set up successfully on the servlets' server with root, intermediate certificates etc
    that successfully encrypts the connection to Oracle. The server team maintaining the server hosting the SQL Server database have supplied me with an SSL certificate, I am told is for accessing the SQL Server database. I am assuming it is a public key certificate.
    I am trying to apply this certificate to encrypt the network traffic to the SQL Server database. I have attempted to import the certificate into the keystore mentioned above using the Java keytool but this does not work so I deleted the certificate from
    the keystore again. I found the URL below which I have followed to install the certificate through MMC but cannot find how to now force Tomcat to encrypt the network traffic.
    http://support.microsoft.com/kb/316898
    Can someone please tell me what I am missing here please? There is loads of guidance on setting up keystores with root and intermediate certificates etc, but I cannot find any guidance on what to do in Tomcat to use a single provided SSL certificate. Do
    I use the Java cacerts file and import the certificate in there?
    Thanks in advance
    Regards
    AJF

    Hi SQL Team - MSFT
    Thank you for your response.
    I have been looking at this further.  I have only been given one SSL certificate which I am assuming because it has a file format of ".cer" it is the public key for the certificate on the server hosting the SQL server database.  For this to work
    they way we want, the "clients" will not have SQL Server Configuration Manager installed, but instead will have the SSL certificate mention above stored in a Keystore set up with the "Keytool" in the Java JRE.
    I am unsure how the guys who manage the server hosting the SQL server database have set up the SSL certificate, i.e. if they have set up a root and intermediate certificate etc.  I am currently trying to get information out of them (They are not
    located immdiately near my location).  I have a funny feeling they have not set up the SSL at their end correctly, and I am wondering if they have just imported into the servers browser, the same public key certificate they forwarded to me.  When
    you say "you have to first export the Trusted Root Certificate Authority from the server and import this to the client", what part of the SSL certificate(s) do you mean?
    Do you mean the Certificate Authority root certificate and I have to import that into the client as well as the public key certificate?
    I look forward to you next feedback.
    Regards
    Alanjo

  • SSL certificates and Web Services Usage inside Oracle Database Questions!

    We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
    Service1 is already working, and we can call the service from PL/SQL without troubles.
    However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
    Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
         - SSL Certificates:
    1- Can installed certificates in the Database put in risk the stability of the database?
              2- Can installed certificates in the Database generate performance issues?
              3- Can installed certificates reloading the Databases?
              2- Can installed certificates in the Database generate security issues?
         - Web services:
    1- Can web services calling from the Database put in risk the stability of the database?
    2- Can web services calling from the Database generate performance issues?
    3- Can web services calling from the Database generate security issues in the DMZ?
    Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
    Those are the links describing the procedure mentioned above.
    1 -http://www.kotti.es/2009/11/oracle-wallet/
    DB: Oracle 9i.
    Average number of lines in file: 300
    Periodicity: Twice at day.

    Thiago:
    You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
    I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
    http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
    Regards,
    Jason

  • SSL Certificates (p12) and server side authorization

    Hello dear ALL!
    Can u tell me how to store multiple certs in AIR app if it's possible?
    I have an server side SSL authorization. But I can't sign AIR app with client p12 certificate =(
    Is there another way to use my client certificate?
    Sorry for my english =)

    Anyone?
    Client can have several certificates (logins).
    Where in the system or in AIR app its stores?

  • SSL Certificates - sec_error_unknown_issuer

    Fix your browser already. Getting these SSL errors on every other site is starting to really get annoying! There is nothing wrong with the SSL certificates or the sites. It's your browser that is unable to verify the certificates.
    http://i.imgur.com/52qSNXt.png
    Latest addition to the sites that do not work: https://www.inspirepay.com
    The latest browser causing nothing but trouble for clients.
    ''Edited for language. Please see [[Forum rules and guidelines]]''

    What is an "(i)frame"? Not everybody is a code freak. I'm with the other guy -- FIX your browser! OR AT LEAST tell ME how to fix it in PLAIN ENGLISH.

  • Wildcard SSL certificates

    Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wildcard certificates comes with limitation of being able to install it on only one physical machine. I assume CSS would be considered one physical machine if SSL traffic is terminated on the CSS, however, wanted to find out whether wildcard SSL certificate is supported on CSS. We are using CSS11503 and depending on whether it supports wildcard certificate, we are planning on purchasing SSL accelerator.

    Thanks for the information, Gilles. Looking at the pricing structure of SSL certificates, I wonder why wildcard certs aren't widely used as one would expect based on the cost. Well, I guess I will find out when I implement one. Thanks again.

  • Server 3 / SSL Certificate / Open Directory - Problem!

    We've updated from Server 2 to Server 3 / OS X 10.9.
    We have an SSL certificate for server from Comodo.
    Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
    Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
    I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
    Does this matter?  Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
    Anyone got any clues as to whether to fix or not, and if to fix, how?
    Thanks in advance.

    Have you check to see that the certificate is indeed "Trusted" by your server?
    Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them.  You can create a "Self Signed" Certificate and still have certificates in there.  That doesn't mean that anyone else on the planet has to trust them.
    Open Keychain Access in your utilities folder.  Depending on how you have it configured, you may have to look around to find the certificate in question.  It may be under login, or System. 
    When you select your Certificate, if it's there, does it show as trusted?
    Another thing you can check...  Often times Certificate authories, use Intermdeiate certificates.  Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else.  A good example is Godaddy.  They sell both SSL and Code signing certificates of all flavours.  In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain.  My Godaddy cert looks to be trusted by Verisign via an intermediate.
    Have a look here...  https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
    Not sure if it's directly relevant, but there it is.
    The point is, I think you need to verify that your certificate is trusted by your server.  OD won't use an untrusted certificate. 
    --an afterthought--  Anything in the logs?
    Open up your server window where you try to select the certificate for OD.  Also, in another window open up the terminal.  In terminal, type:
    tail -f /var/log/system.log
    In the server window try to select the certificate and click done.  See what the output in terminal says.

  • Installing SSL Certificate(s) on IOS

    Having an issue with an SSL certificate (DigiCert) on a Cisco 2811 running IOS 124-24.T4.
    I can get the certificate(s), intermediate and server certs installed fine unsing the one trustpoint created. And the ssl website works fine for IE browsers, but other browser types get errors. When I do an SSL cert check it shows that the "The server is not sending the requied intermediate certificate" (see attachment). I feel like I have followed what documentaiton is available correctly. Any suggestions is greatly appreciated.
    This is the best directions I could find to follow. They are specifically for go-daddy certs but I think it would be the same process for any.
    http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/smid/622/ArticleID/21/reftab/195/t/Installing-GoDaddy-SSL-Certificates-on-a-Cisco-IOS-Router-using-CLI.aspx
    Thanks,
    BR

    Hi ,
    If you have multiple CA certs, you need to authenticate the trustpoint containing the identity certs using the immediate intermediate cert and then use other trustpoints to import the  other CA certs one by one.
    So basically,we need to follow the following configuration to import the 3 CA certificate and the Identity certificate on the router:
    1.  Create root trustpoint
    >>
    >> Crypto ca trustpoint root
    >> Enrollment terminal
    >>
    >> chain-validation stop
    >>
    >> revocation-check none
    >>
    >> Crypto ca authenticate root
    >> (this will prompt to paste in the PEM/base64 of the Root CA certificate)
    >> Quit after you paste the Root CA certificate.
    >>
    >>
    >> 2.  Create intermediate trustpoint for the primary intermediate certificate
    >>
    >> crypto ca trustpoint intermediate-primary
    >> enrollment terminal
    >>
    >> chain-validation continue root
    >>
    >> revocation-check none
    >>
    >> crypto ca authenticate intermediate-primary
    >> (this will prompt to paste in the PEM/base64 of the Primary Intermediate CA certificate)
    >> Quit after you paste the intermediate primary certificate.
    >>
    >>
    >> 3.  Create intermediate trustpoint for the secondary intermediate certificate
    >>
    >> crypto ca trustpoint intermediate-secondary
    >> enrollment terminal
    >> keypair
    >> chain-validation continue intermediate-primary
    >>
    >> crypto ca authenticate intermediate-secondary
    >> (this will prompt to paste in the PEM/base64 of the Secondary Intermediate CA certificate)
    >> Quit after you paste the intermediate secondary certificate.
    >>
    >> 4.  Import the IDentity certificate
    >>
    >> crypto ca import intermediate-secondary certificate
    >> (paste the ID certificate PEM/base64 here)

  • SSL certificates for multiple websites

    I am having problems with websites recognizing the SSL certificate assigned to said site. For example, I have three secure websites; (1) x.abc.com, (2) y.abc.com, and (3) z.abc.com. All are setup for SSL with associated SSL certificates from a signed authority. However, when I browse to said sites, I receive an SSL mismatch error pertaining to the domain name. For whatever reason, two of the sites want to use the main site SSL certificate.
    I have verified that the sites are setup correctly with the proper SSL certificate and restarted web services. Any ideas?
    Thanks!

    You do this by IP Aliasing the machine
    Oh, you were referring to IP Aliases. Sorry. I interpreted your comment as meaning Server Aliases within Apache (where multiple hostnames map to the same virtual host configuration).
    My bad.
    So we're both right - you need multiple IP addresses on your server (either by duplicating the inteface in System Preferences, or through IPAliases.conf) and you need to bind one SSL site to each IP address (although you could also use different port numbers on the same IP address in Apache).
    If you're using NAT you still need multiple public IP addresses that forward to each of the IP Aliases (or virtual hosts).

Maybe you are looking for

  • Cannot get HttpClient to work for Windows Phone 8.1

    I am new to development and trying to create a basic Windows Phone App that uses HttpClient with no success. I keep getting an unhandled exception. I get the same error whether using my own code or the downloadable sample RSS Reader: 'RSSreader.exe'

  • I have installed LR 6 upgrade desktop only and won't "go there" on the desktop

    I have installed LR 6 upgrade desktop only, 3X now (extracting the files etc) it is not marrying up with LR5 (also an upgrade from LR4..and 3) I am not interested in CC- (2 fold, accumulating cost, ability to edit when power or server is down). I rea

  • Can't set up wireless connection for HP C4385 All-In-One with Windows 7.

    Hi guys, I just got a new laptop with Windows 7 64 bit. I already had an HP C4385 All-In-One that I was using with my last computer. I have also just set up a new wireless network because I got a new cable provider. So basically I needed to do everyt

  • How to batch convert .eps into .ai files?

    Hi everyone I have over the years gathered a huge asset library of all kinds of graphic design assets. Now I need to put this into a system and I want to use Bridge since I'm a freelancer and can't afford another system (my library is over 40GB). My

  • Acrobat X Professional - Batch Convert - Please FIX!

    When batch converting multiple MSWord Documents into Acrobat PDF's the process strips the title from the document (in the properties of the MS Word document) and replaces it with "filename.doc". When you need to process 100's of work documents daily