Weblogic server 9.2 and SSL server certificate for the wrong site

Similar Messages

• Just updated iPhone iOS and it is asking for the wrong AppleID. How do I change it if I can't get into the iPhone?

  I just updated the iPhone iOS. I get the Hello Screen. It asks me to choose a WiFi. Then it takes me to a login but it has the WRONG AppleID listed. I changed the AppleID months ago. I do not have the password for the old ID, and I have no access to that email account to reset it. What the heck do I do? I can't get past this step.

  UPDATE: Problem solved! Just got off the phone with Apple support. It only took all of about 10 minutes tops to fix, which was great. I think it was relatively painless because I never changed my password. Even when I changed email addresses/Apple IDs, my password never changed. So if there was an old password that you no longer remembered associated with the old Apple ID, I imagine that could be trickier.
  These were the steps:
  Settings --> Messages --> Send & Recieve --> tap old Apple ID --> Sign Out
  Settings --> Facetime --> Send & Recieve --> tap old Apple ID --> Sign Out
  Settings --> Messages --> Send & Recieve --> log-in with current Apple ID
  Settings --> Facetime --> Send & Recieve --> log-in with current Apple ID
  Settings --> iTunes & App Store --> he had me verify that it was showing my current Apple ID, which it was, so we didn't need to mess with anything there
  Settings --> iCloud --> it was still showing the old Apple ID and wouldn't let me change it (it was grayed out), so he had me scroll down and Delete Account. This is where I think I needed to enter my password, but fortunately it was the same as always, so no problem there.
  -- Select "Keep data on my iPhone" or something like that
  Then:
  Settings --> iCloud --> log-in with your current Apple ID/iCloud account.
  -- Select "Merge" so it syncs everything up.
  All done!
  Good luck to anyone else who has this very annoying little issue! Hope it's as relatively painless to fix as it was for me.

• How to download certificate for the first time programmatically?

  Hi, I'm accessing a https server which has a self signed certificate for the first time. I was trying to download the certificate using like
  cert = sslsession.getPeerCertificates()[0]
  However I got the following exception: SSLPeerUnverifiedException
  If I have the certificate on disk and I installed it using keytool to the keystore, I could see the keychain using this method. But is there a way in java to download the certificate for the first time?
  Many thanks.
  minji

  hi ejp, thanks a lot for the link, it really helps a lot.
  Now I'm having another problem. I could now download the certificate and store in my keystore. but if I immediately reconnect to the https web page, I still got the exception telling me the certificate was not found:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  This should not happen as I have already had this certificate in my keystore. If I rerun the program, there's no problem, indicating the certificate was really there. I first guessed I might have to again call System.setProperty("javax.net.ssl.trustStore", "mycacerts") but that does not help.
  anybody with an idea?

• New server and/or CA certificate for connection from custom authentication

  We are running Access Manager version 72005Q4 in the Sun ONE Web Server 6.1SP5 B06/23/2005 container with java build 1.5.0_07-b03. I run a custom authentication module which checks sessions against our university single sign on system which is CAS (from Yale/Jasig). The checks are essentially https calls. All this has been working well for us for the last couple of years.
  I would like to migrate the certificate used on the university CAS system from a Verisign certificate to a wildcard certificate issued by the IPS CA in spain -- these are in most browsers but are not in the standard batch of cacerts CA's -- and are free for .edu domains.
  My other java based authentication plugins (Blackboard, custom apps etc) have worked fine once I import the certificate into the cacerts for the java container, but I'm missing something (obvious probably) about importing this certificate so that my amserver custom authentication module can connect to the CAS server once the CAS server is using the new certificate.
  Could anyone provide guidance on where I need to import this server certificate (or preferably the IPS CA) in order to allow the custom authentication module to work properly? I assume this same problem has been solved by people wishing to connect from the amserver to services with self signed certificates. For some reason I'm finding the debugging unexpectedly difficult, I'll outline some of those details below.
  Relevant things I've tried so far:
  Import both the server cert and the IPS CA into the cacerts of the java container identified in the web server server.xml /usr/jdk/entsys-j2se.
  Import the IPS CA into the web server cert8 style db via the web admin server.
  The debugging has surprised me a bit, as I'm not getting an error that is explicitly SSL related error. It almost seems like the URLConnection object ends up using a HttpURLConnection rather than an HttpsURLConnection and never gives me a cert error, rather a connection refused since there is no non SSL service running on CAS. The same code pointed to the server running the verisign cert works as expected.
  Part of the stack:
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: java.net.ConnectException: Connection refused
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.socketConnect(Native Method)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:516)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:466)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.NetworkClient.doConnect(NetworkClient.java:157)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:287)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:311)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:489)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:477)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:422)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:937)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.util.SecureURL.retrieve(Unknown Source)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(Unknown Source)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.fsu.ucs.authentication.providers.CASAMLoginModule.process(CASAMLoginModule.java:86)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:729)
  The relevent bit of code from the SecureURL.retrieve looks as follows:
  URL u = new URL(url);
  if (!u.getProtocol().equals("https"))
  throw new IOException("only 'https' URLs are valid for this method");
  URLConnection uc = u.openConnection();
  uc.setRequestProperty("Connection", "close");
  r = new BufferedReader(new InputStreamReader(uc.getInputStream()));
  String line;
  StringBuffer buf = new StringBuffer();
  while ((line = r.readLine()) != null)
  buf.append(line + "\n");
  return buf.toString();
  } finally { ...
  The fact that this same code in other authentication modules running outside the amserver (in other web containers as well, tomcat and resin for example) running java 1.5 works fine with the new CA, as well as with self signed certs that I've imported into the appropriate cacerts file leads me to believe that I'm either importing the certificate into the wrong store, or that there is some additional step needed for the amserver in the Sun Web container.
  Thank you very much for any insights and help,
  Ethan

  I thought since this has had a fair number of views I would give an update.
  I have been able to confirm that the custom authentication module is using the cert8 db defined in the AMConfig property com.iplanet.am.admin.cli.certdb.dir as documented. I do seem to have a problem using the certificate to make outgoing connections, even though the certificate verifies correctly for use as a server certificate. This is likely a question for a different forum, but just to show what I'm looking at:
  root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u V
  certutil: certificate is valid
  root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
  certutil: certificate is invalid: Certificate type not approved for application.
  root@jbc1 providers#/usr/sfw/bin/certutil -M -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -t uP,uP,uP
  root@jbc1 providers#/usr/sfw/bin/certutil -V -l -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
  FSU Wildcard Certificate : Certificate type not approved for application.
  So it could be that I don't understand how to use the certutiil to get the permissions I want, or it could be that using the same certificate for both server and client functions is not supported -- though you can see why this would be a common case with wildcard certificates.
  BTW for those interested, it did seem to be the case that when the certificate failure occurred that the attempt was then made by the URLConnection to bind to port 80 in cleartext even though the URL was clearly https. I'm sure this was just an attempt to help out misformed URL, but it seemed that the URLConnection implementation in the amserver would swapped traffic over cleartext if that port had been open on the server I was making the https connection to; that seems dangerous to me, I would not have wanted it to quietly work that way exposing sensitive information to the network.
  This was why I was getting back a connection refused instead of a certificate exception. The URLConnection implementation used by the amserver is defined by java.protocol.handler.pkgs=com.iplanet.services.comm argument passwd to the JVM, and I imagine this is done because the amserver pre-dates the inclusion of the sun.net.www.protocol handlers, but I don't know, there maybe reasons why the amserver wants it own handler. I only noticed that this is what was going on when I as casting the httpsURLConnection objects to other types trying to diagnose the certificate problem. I would be interested in hearing if anyone knows if there is a reason not to use sun.net.www.protocol with the amserver.
  After switching to the sun.net.www.protocol handler I was able to get my certificate errors rather than the "Connection Refused" which is what lead me to the above questions about certutil.

• My 4th generation iPod Touch won't let me get on to the App Store. When I log on to iTunes, an alert pops up that says the certificate for the server is invalid, and that it may be a server pretending to be iTunes. What should I do?

  My iPod won't let me on to the App Store, and whenever I go on to ITunes, an alert pops up that the certificate for the server is invalid, and that I may be connecting to a server that is only pretending to be iTunes.apple.com and my personal info may be at risk. I downloaded an emulator yesterday from coolroms.com but deleted the app this afternoon. I cleared my safari search data, my cookies and data, and web inspector, which still didn't work. I then proceeded to reset my iPod and then download the newest version of IOS 6.1.5 but yet still am having problems. Also to the App Store and iTunes, several other apps aren't working. Any help here?

  Also, when I go on to safari, another alert pops up that safari cannot verify the identity of the website, anything that I type in to as common as google.com. It gives me 3 options to either cancel, look at details, and continue. I've looked at the details of the website of Google and it is legitimate the site. Any help?

• An error occurred searching the certificates for the server. ...

  Hi,
  I am using DSEE 6.2 in Fedora 7
  Each time I access the "Security" tab of my server in DSCC. I get the following error:
  "*An error occurred searching the certificates for the server. An authentication error occurred connecting to xxxxx. Check that the User ID and password are correct*"
  I need to click the "Click here to update authentication" link in the same tab and enter the User ID and password for the user that create the server. The error will gone for this session but reappear as I start a new session in DSCC

  This looks like a known bug. Please log a support case so this can be investigated further
  http://sunsolve.sun.com/search/document.do?assetkey=1-1-6537622-1

• New deploy child domain certificate server didn't publish root trust certificate to the client

  Child domain certificate didn't install into child domain workstation.
  https://support.microsoft.com/en-us/kb/281271?wa=wsignin1.0
  Certification Authority configuration to publish certificates in Active Directory of trusted domain
  Any advise?
  Thanks.

  Hi,
  >>New deploy child domain certificate server didn't publish root trust certificate to the client
  Is this an enterprise root CA or standalone CA?
  If it is an enterprise root CA, it will automatically use Group Policy to propagate its certificate to the Trusted Root Certification Authorities certificate store for all users and computers in the domain. If it is an standalone CA, we can configure GPO
  to distribute the certificate.
  Regarding how to use policy to distribute certificates, the following article can be referred to for more information.
  Use Policy to Distribute Certificates
  https://technet.microsoft.com/en-us/library/cc772491.aspx
  We can run command gpupdate/force to immediately update group policy and then we can refresh the certificates in certmgr.msc to see if the certificate will come up.
  Besides, for certificate questions, we can also ask for suggestions in the following forum.
  Security
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Removing Server 2000 DC and adding Server 2008 DC.

  Removing Server 2000 DC and adding Server 2008 DC.
  From: Server 2000 Sp4 (not leaving in place, no plans to demote)
  To: Server 2008 Sp2 (will be a single DC and hold Global Catalog)
  Single forest domain. Only one DC.
  Problem: The old server 2000 is still a primary DC and the new server 2008 is not taking over.
  Completed the following tasks:
  NIC binding (connected NIC at top of list on new server)
  New server is also DNS server. This role is working and it points to itself 127.0.0.1 and clients have been moved to use the new server for DNS, they are working.
  New server has some shared folders. Clients are connected and this is working until we remove the old server, then they cannot authenticate to the mapped drive.
  Both servers show the role of Domain Controller
  Adprep /forestprep and /domainprep and /domainprep /gpprep were run on the server 2000 (as it was the existing DC) with a successful message.  (not sure if enough time was allowed for replication)
  All five Flexible Single Master Operations (FSMO) roles were transferred using GUI.
  Schema Master, Domain naming master, Infrastructure master, RID master, PDC Emulator.
  And have been verified. All roles transferred and the new server 2008 and new server is also the global catalog.
  Then to verify new server is handling the role we unplugged the Ethernet cable from the Old server 2000, then went to client stations and re-started them and they would not find the new DC and connect to it.
  On the new server when we opened active directory users and computers the domain did not appear.
  Verified in DNS manager the A record and reverse pointer were correct.
  For some reason the new server is looking to the old server. Even though all roles are moved over and DNS appears to be setup correctly it won’t exist independently.
  What’s missing?
  If something was missed or performed wrong, do we have to remove the roles and start from scratch? Or can we re-run adprep and walk the steps again leaving all as-is?

  Hello,
  as first step please post an unedited ipconfig /all from the old and new DC/DNS server and one problem client.
  It seems that your installation from the new DC wen't well and as described in
  http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2008-or-windows-server-2008-r2.aspx Just check again yourself.
  A DC should NEVER be shutdown or just disconnected from a domain, it MUST be demoted correct, as you ruin into replication errors in the event viewer without that steps and you will never be able to install a additional DC with using the same name.
  See the end of my article about removal steps.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Hi, my iphone could not be activated after upgrade it from IOS4 to IOS6, it shows that is due to activation server is unavailable and no sim card in the iphone. Anyone can help me please?

  Hi, my iphone could not be activated after upgrade it from IOS4 to IOS6, it shows that is due to activation server is unavailable and no sim card in the iphone. Anyone can help me please?

  It is 99% hacked/jailbroken iPhone to use a different carrier than intended. You have to put the sim from the original carrier or ask them to unlock the iPhone. We as well as Apple cannot help you with this.

• Recording video/audio files using Flash Meida Server through rmtp, and allow users to access the recorded files through http.

  As titled, what is the way to record video/audio files using Flash Meida Server through rmtp, and allow users to access the recorded files through http?
  What I am trying to do, is to record a user's microphone's input and save it to the server. Afterwards, I would like other users to be able to access the recorded files and mainuplating the audio data, by computeSpectrum(), to do some visualization of the audio. As I know computeSpectrum() cannot work on streaming files, so I think I need to access the recorded files using http instead of rmtp. Is that true?
  How can I redirect the http request to the files I was recorded into my applications/appName folder? Or I need to somehow moved the recorded files to the /webroot folder?
  Thanks!

  I probably have asked a stupid question.
  My recorded streams are still saved in the applications/appName/streams folder.
  And I redirect the www.mydomain.com/streams to point to the applications/appName/streams folder.
  And the rmtp recorded streams are abled to connect through http now.

• Just FYI, Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide in Word format in the TechNet Gallery

  The Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide is now available for download in Word format in the TechNet Gallery at
  http://bit.ly/1pYZT3F
  Thanks -
  James McIllece

  hello again,
  meanwhile I was lucky to find this article about Idenity Mapping in TechNet in the Storage Team Blog:
  http://blogs.technet.com/b/filecab/archive/2012/10/09/nfs-identity-mapping-in-windows-server-2012.aspx
  Likely to be overseen at the end of one paragraph it says:
  "Client for NFS does not support NFS V4.1 in Windows 8 or Windows Server 2012"
  Question : Is this an official statement and is it still valid with most recent
  Windows Server 2012 R2 that NFS client does NOT support NFSv4.x  ??
  thanks - Rainer

• MobileMe/iCal Error: "The server has not specified a calendar home for the account at..."

  Hi everyone,
  I get a problem when trying to add my MobileMe account in iCal. The error message I receive after trying to add ("+") my MobileMe account to iCal is:
  "The account information was not found. The server has not specified a calendar home for the account at "/ -- https://cal.me.com/".
  Attached the screenshot: http://grab.by/cPDP
  Any idea's on what could be going wrong?
  Thanks,
  Michael

  Hi everyone,
  I get a problem when trying to add my MobileMe account in iCal. The error message I receive after trying to add ("+") my MobileMe account to iCal is:
  "The account information was not found. The server has not specified a calendar home for the account at "/ -- https://cal.me.com/".
  Attached the screenshot: http://grab.by/cPDP
  Any idea's on what could be going wrong?
  Thanks,
  Michael

• Certificate for the website, was going to copy and send an email to the website to ask about the certificate. I got my cursor just inside the pop up and the whole computer shut down. Why what happened i am not sure about going to the website now....

  Question
  Went to Crossings Book Club website while there something popped up about the certificate for the website, i was going to copy it and send an email to the website to ask about the certificate. I got my cursor just inside the pop up and the whole computer shut down.

  If you think getting your web pages to appear OK in all the major browsers is tricky then dealing with email clients is way worse. There are so many of them.
  If you want to bulk email yourself, there are apps for it and their templates will work in most cases...
  http://www.iwebformusicians.com/Website-Email-Marketing/EBlast.html
  This one will create the form, database and send out the emails...
  http://www.iwebformusicians.com/Website-Email-Marketing/MailShoot.html
  The alternative is to use a marketing service if your business can justify the cost. Their templates are tested in all the common email clients...
  http://www.iwebformusicians.com/Website-Email-Marketing/Email-Marketing-Service. html
  "I may receive some form of compensation, financial or otherwise, from my recommendation or link."

• Multiple Certificates for the same WLS

  Hi,
  IHAC who asks the following:
  Background
  Bigshop Limited carried out a soft launch of our e-tailing website under
  the
  url fonzie.bigshop.com.au
  We have a verisign certificate setup up for 128 bit ssl under the
  knownname
  fonzie.bigshop.com.au
  All ssl connections that connect to the site with this url are able to
  establish an SSL session.
  Current Issue
  Bigshop is now in the process of carrying out the public launch of the
  website. The public url for the website will be www.bigshop.com.au
  We have generated new public/private key pair and a Certificate Signing
  Request (CSR) and have ordered a new certificate from verisign
  Could you please advise if it is possible to operate two certificates
  for
  the one server. This will allow our www.bigshop.com.au and
  fonzie.bigshop.com.au url's to operate concurrently and enable both to
  establish SSL session with valid certificates.
  Is what they want to do possible ?? any suggestions
  appreciated,
  regards,
       Patrick.

  Did you ever figure out how to use multiple certificates to the sameserver? I have a need to do this also. Thanks a lot.
  In current versions of weblogic (5.1,6.x,7.0,8.1), you can configure only
  one certificate per server.
  -utpal

• Want to create new certificate for the SYSTEM PSE

  when i got o tcode 'STRUSTSSO2" In my system i am seeing a wrong certificate for the system PSE.
  i want to delete and and create a new certificate.
  Can some one tell me detail steps how i can remove the existing  certificate and create a new one.
  I am going to use the new certificate for SSO from portal to this server.
  Thanks
  Andy

  Hi Andy,
  To remove the System PSE, follow the procedure described in [SAP Help|http://help.sap.com/saphelp_nw70/helpdata/EN/b6/23273aafa35d46e10000000a11402f/frameset.htm].
  To create a new one, see the procedure [here|http://help.sap.com/saphelp_nw70/helpdata/EN/07/03473cbff75b01e10000000a114084/frameset.htm].
  Regards,
  Henk.