WLC cert messages

Similar Messages

• WLC cert to avoid the security warning page

  Hi guys,
  I am doing some tests with installiing a 3rd party cert on a WLC to avoid the security warning page when trying to access the WLC through https, and I am following the following configuration example:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  I have followed the same precedures given in the above document, and I am using windows CA to sign the CSR just for a test, I could install the final .pem cert successfully onto the WLC however I am still getting the same warning page when I was trying to login to the WLC through https. I have checked in my certificate store and I have trusted the root CA which is the windows CA in this case.
  I have also tried to access the WLC from the CA server (windows 2008 box) still getting the same warning message.
  so what should I do in order to make this to work with windows CA? did I missed something in the configuration?
  Thanks in advance for your time and help.
  Andy

  ok guys.... I was wrong last time... actually after double check again it was NOT working .... I think i just simply trusted the cert last time when i was using firefox....
  I have tried a number of different things and double checked the places that mentioned previously in this thread however I could not pick up anything wrong in particular, although I know there must be something I have missed out.....
  so this time I have also read through some other references on the web, and found the following:
  http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html
  I think I did very similar config and only difference is that I am using unchained cert.
  I have double checked the following:
  on virtual interface configuration, I have ip address 1.1.1.1 and DNS host name as "wlc2112.mydomain.local"
  from the controller GUI --> Security --> web auth --> certificate, under subject name, I have CN=wlc2112.mydomain.local, however under Issuer name, I have CN=mydomain, this is a bit different from the last screen shot in the above link. could this be a problem?
  in windows 2003 server, with DNS server I have a field called "wlc2112" with IP address 1.1.1.1
  as mentioned by Scott previously, I went to the mmc certificate snap in, and under trusted root certificate authorities, I have installed the WLC cert there and I could see it there as well.
  now if I try to access the WLC GUI from here I am still getting the error message same as the one below:
  http://www.vistaclues.com/the-security-certificate-presented-by-this-website-was-issues-for-a-different-website%E2%80%99s-address/
  I then followed the instruction and continue to the website, and when I go file --> properties --> certificate, it actually shows the certificate is issued to 169.254.1.1 and issued by 169.254.1.1, with a red cross on the cert itself....... I have no idea where is this come from, so I just want to ask when I try to access the WLC GUI through a web browser, after I type in https://wlc-ip-address, how does the browser know / search for which certificate it needs to look into? I think in my case here it clearly points to the wrong certificate?
  also on the server I went to http://127.0.0.1/certsrv and selected "download a CA certificate, certificate chain or CRL" and then "install this CA certificate chain", does this mean I acknowledge to trust the root CA by doing this?
  I am not sure what I have missed out but it just does not work for some reason... is there any other places that I need to check/verify?
  Sorry for the long writing but any comments would be highly appreciated.
  Thanks in advance for your help.

• WLC and message logs

  We have a WLC 4402 and there are a lot of messages in the log. How can I find out what the messages means ?
  F.example :
  Jul 20 07:07:25.076 apf_80211.c:1923 APF-1-PROC_RSN_WARP_IE_FAILED: Could not process the RSN and WARP IE's. station not using RSN (WPA2) on WLAN requiring RSN.MobileStation: 00:13:46:6e:c3:ff, SSID:HVO.
  J F.

  Its an authentication issue. Use 802.1x, WPA/PSK or LEAP with WPA/ TKIP

• WLC snmptrap messages

  Hi,
  WLC 8500 send out two types log.
  For system messages -> syslog
  For client and access-point messages ->snmptrap.
  We want to track these snmptrap messages. In WLC User interface trap messages are readable. "Client abc associated in wlan abcd."
  But we cannot read messages on any snmptrap receivers application. All messages seems just oid and their values.
  "1.3.6.7.25.34.98 = abcd."
  How to merge these oids and their description to make more readeable.
  Thanks for all.

  It sounds like your SNMP trap receiver application doesn't have the SNMP MIB files required to map the OID to a description.  You can download the MIBS for the WLCs from the Download section as described below.  Once you have the file/s you will need to reference them within the trap receiver application, usually be putting them into a certain folder, it varies by application.
  Products -> Wireless -> Wireless LAN Controller -> Standalone Controllers -> Cisco 5500 Series Wireless Catalyst -> Cisco 5508 Wireless Controller -> Management Information Base (MIB)
  There is a similar discussion on this at the link below too-
  https://supportforums.cisco.com/discussion/11268776/problem-wlc-and-snmp-ap-assocdisassoc-trap-and-3rd-party-nms
  Pete.

• WLC Warning Message: Our AP is under attack

  Hi there,
  I receive this Warning message in WLC version 5.0:
  Warning: Our AP with Base Radio MAC 00:1f:6d:b9:48:d0 is under attack (contained) by another AP on radio type 802.11b/g
  So, what does it means? Can someone explain..Great Thanks.

  I am getting the same message, but I've not been able to diagnose the issue yet.
  It seems that the AP is being contained by another wireless system. However, there is no information that I can find to indicate what is "attacking" or "containing" the AP.

• WLC syslog messages

  Does anyone know where to find a overview for the controller's syslog messages ?
  Regards
  johann Folkestad

  I think the WLC configuration guide has a chapter for error messages. This might have your necesary information.
  http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a008076ce82.html

• ISE 1.2 rejects RADIUS messages from 5508 WLC

  The setup in ref is:
  WLC 5508 HA pair running 7.6 talking to ISE 1.2 patch 7 (was 6).
  Wireless users are authenticated fine, so the 5508 is a valid NAD in ISE, but...
  When I setup active RADIUS fallback, so that the WLC can poll the ISE servers I get the message:
  "The RADIUS request from a non-wireless device was dropped because the installed license is for wireless devices only"
  Why would ISE drop a RADIUS message from a WLC which is a wireless device?  Surely this is a mistake?

  Hi Nicholas,
  This is a known defect.
  CSCug34679    ISE drop keep alive coming from WLC. 
  <B>Symptom:</B>
  ISE drops keep alive authentications coming from the WLC, with message 11054 Request from a non-wireless device due to installed wireless license.
  <B>Conditions:</B>
  When only a wireless license is install on the ISE and using active keep alive on the WLC.
  <B>Workaround:</B>
  Use passive keep alive on the WLC and not active.
  Regards,
  Jatin Katyal
  *Do rate helpful posts*

• WebAuth Cert signed by CA on WLC

  Hello guys,
  i have some Problems with IOS6 Device when using the WebAuth on WLC.
  I think that the Problem is that i have an self signed Cert on the WebAuth of the WLCs which is untrustworthy for the Safari.
  So i think the only solution is to install an Cert which is signed by an Root CA.
  i had found this instruction how to generate an Cert Request for the WLC
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
  Regarding that i have some question:
  Have anyone the same Problems generally with Untrusted Certs on IOS 6?
  When i have 2 WLCs can i use the same certificat for both WLC ( Virtual IP and DNS Name is the same)?
  Did anyone did that with a 5508 respectively 4400 Controller?
  Thanks
  Greetings Philip

  Exactly. You are getting this accept cert becuase the controller cert being presented to the device browser doesnt have the wlc cert in its trusted store.
  Yea, you would need to purchase a signed CA to over come this .. If you go this route I blogged this step by step process from CSR to install.  It might help ...
  http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Backend Encryption with SSL module & Self Signed Cert

  I am trying to configure backend encryption using the SSL module to communicate with a server using a self signed certificate. I configured Authenticate verify none. I have not copied any cert info from the server. Do I need to? The SSL module is complaining about an invalid cert. My config is basic.
  service test-service-cf8-be client
  virtual ipaddr 10.6.1.20 protocol tcp port 80
  server ipaddr 10.6.1.22 protocol tcp port 443
  log-auth-failures
  authenticate verify none
  inservice
  Thanks,
  Dave

  Yes it was up and a debug showed an invalid cert message when the service was hit. The answer turned out to be that you still need to import the root CA from the server so that the SSL mod has something to verify the cert against.
  Thanks..

• Wireless Guest CA Certificate problems

  Hi Guys,
  I have a problem with the Guest CA certificates. I'm running 5.1.151.0 code. Wwhen I try to upload a certificate from Comodo (and reboot the controller) I still get the 'There is a problem with this website's security certificate' message in IE7 and similiar in Mozilla.
  When I view the certificate on a client machine, I'm informed that the certificate cannot be verified up to a trusted certification authority.
  If I look at the cert issued to me, I can see the certificate chain - i.e.
  WLC Cert -> EssentialSSL cert -> Comodo Root cert. However these dissapear (or can't be seen) when I view the cert from the client machine.
  The Comodo Root cert is there in my 'Trusted Root Certification Authorities' on the client, but the EssentialSSL imtermediate isn't.
  I have read somewhere that version 5.1.151 can use chained or unchained certificates, which one should I be using?
  When I get the certificate from Comodo, included are a number of other certificates:
  192_168_22_1.crt
  AddTrustExternalCARoot.crt
  ComodoUTNSGCCA.crt
  EssentialSSLCA_2.crt
  UTNAddTrustSGCCA.crt
  the 192.168.22.1 is the virtual IP of the wlc (I didn't use DNS for a reason).
  Any ideas?
  Liam Burke.

  I spoke to our local SE here, and he got me a great document on how to combine the chained certificate prior to uploading the cert to the wlc.
  Basically, open up the device cert, the intermediate CA cert and the Root CA cert using notepad or equivalent, and copy and paste them all into one file, like so:
  ------ BEGIN CERTIFICATE ------
  *device certificate*
  ------ END CERTIFICATE ------
  ------ BEGIN CERTIFICATE ------
  *intermediate CA certificate*
  ------ END CERTIFICATE ------
  ------ BEGIN CERTIFICATE ------
  *Root CA certificate*
  ------ END CERTIFICATE ------
  I then combined this with my private key, (last step in the guest cert doc) and uploaded the cert to the Guest Controller.
  The best thing here is that I was able to get a cert issued by Comodo to the IP adress of the virtual interface (192.168.X.X) and I didn't need to punch a hole in my firewall to allow DNS to the corporate DNS server to resolve guest.somecompany.com to the IP. Also I didn't need to use a private IP on the virtual interface which resolves on the internet to guest.somecompany.com.
  Thanks to all who got back to me,
  Cheers,
  Liam

• JDK1.2.2 and untrusted server chain and HELP

  Hi,
  I'm using JDK1.2.2 and I've downloaded and installed JSSE1.02. I have also installed the server cert in my own truststore.
  The server to whom I want to connect sends two certificates.
  One is valid and this is the one I need and I have and one that is timed out and of no importance for me...at least I guess it is.
  But my JSSE-application throws an this exception. For more detailled information I've attached the log:
  keyStore is :
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: C:/NetDynamics50/java/jre/lib/security/lauerstore
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V3
  Subject: CN=inte.myaxa.de, OU=Executive Management, O=@AXA GmbH, L=Koeln, ST=NRW, C=DE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@31cdcb27
  Validity: [From: Fri Jun 15 16:25:05 GMT+02:00 2001,
                 To: Sun Jun 15 16:25:05 GMT+02:00 2003]
  Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [    080e20]
  Certificate Extensions: 2
  [1]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:false
  PathLen: undefined
  [2]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 17 30 15 06 08 2B 06 01 05 05 07 03 01 06 09 ..0...+.........
  0010: 60 86 48 01 86 F8 42 04 01 `.H...B..
  Algorithm: [MD5withRSA]
  Signature:
  0000: 32 D8 11 96 F5 66 CE 7A 2C DD 39 03 BB 54 41 66 2....f.z,.9..TAf
  0010: EE B7 6E 7A 95 57 73 C5 66 83 67 9C 35 B7 75 05 ..nz.Ws.f.g.5.u.
  0020: A1 6D 9D 36 A7 7A AA 12 CD AE 64 5B E5 F9 EE EF .m.6.z....d[....
  0030: 7C BB 63 7E 5A E6 9F BA 50 8F 92 A2 C6 FA B5 8B ..c.Z...P.......
  0040: 25 8B 95 37 AA C4 6D 7A C1 E6 DA 35 18 82 24 1A %..7..mz...5..$.
  0050: 9A 0D E3 A2 F1 3B 4D 35 C6 00 B7 E8 6B 14 0B 82 .....;M5....k...
  0060: BC E1 29 6E 24 10 27 B2 86 52 CD 85 C5 A9 CE 69 ..)n$.'..R.....i
  0070: D1 69 79 67 07 9E 8B A2 23 DA 97 36 F5 D8 57 57 .iyg....#..6..WW
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, v3.1
  RandomCookie: GMT: 983585972 bytes = { 41, 169, 119, 141, 169, 223, 159, 184, 182, 97, 133, 56, 227, 20, 209, 115, 225, 62, 106, 169, 106, 250, 37, 25, 45, 7, 25, 215 }
  Session ID: {}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 3B A0 55 B4 29 A9 77 8D A9 DF ...7..;.U.).w...
  0010: 9F B8 B6 61 85 38 E3 14 D1 73 E1 3E 6A A9 6A FA ...a.8...s.>j.j.
  0020: 25 19 2D 07 19 D7 00 00 10 00 05 00 04 00 09 00 %.-.............
  0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  Thread-6, WRITE: SSL v3.1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
  0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
  0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3B A0 55 .............;.U
  0030: B4 29 A9 77 8D A9 DF 9F B8 B6 61 85 38 E3 14 D1 .).w......a.8...
  0040: 73 E1 3E 6A A9 6A FA 25 19 2D 07 19 D7 s.>j.j.%.-...
  Thread-6, WRITE: SSL v2, contentType = 22, translated length = 16310
  Thread-6, READ: SSL v3.0 Handshake, length = 1599
  *** ServerHello, v3.0
  RandomCookie: GMT: 722821779 bytes = { 190, 56, 167, 5, 198, 89, 180, 112, 96, 251, 78, 78, 144, 103, 57, 130, 219, 11, 56, 169, 199, 73, 79, 241, 241, 131, 74, 145 }
  Session ID: {0, 154, 4, 1, 195, 195, 38, 26, 66, 92, 154, 191, 59, 96, 218, 24, 81, 133, 102, 48, 169, 26, 50, 42, 10, 49, 78, 150, 71, 182, 163, 33}
  Cipher Suite: { 0, 4 }
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 00 2B 15 63 93 BE 38 A7 05 C6 59 ...F..+.c..8...Y
  0010: B4 70 60 FB 4E 4E 90 67 39 82 DB 0B 38 A9 C7 49 .p`.NN.g9...8..I
  0020: 4F F1 F1 83 4A 91 20 00 9A 04 01 C3 C3 26 1A 42 O...J. ......&.B
  0030: 5C 9A BF 3B 60 DA 18 51 85 66 30 A9 1A 32 2A 0A \..;`..Q.f0..2*.
  0040: 31 4E 96 47 B6 A3 21 00 04 00 1N.G..!...
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=inte.myaxa.de, OU=Executive Management, O=@AXA GmbH, L=Koeln, ST=NRW, C=DE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@5f45cb24
  Validity: [From: Fri Jun 15 16:25:05 GMT+02:00 2001,
                 To: Sun Jun 15 16:25:05 GMT+02:00 2003]
  Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [    080e20]
  Certificate Extensions: 2
  [1]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:false
  PathLen: undefined
  [2]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 17 30 15 06 08 2B 06 01 05 05 07 03 01 06 09 ..0...+.........
  0010: 60 86 48 01 86 F8 42 04 01 `.H...B..
  Algorithm: [MD5withRSA]
  Signature:
  0000: 32 D8 11 96 F5 66 CE 7A 2C DD 39 03 BB 54 41 66 2....f.z,.9..TAf
  0010: EE B7 6E 7A 95 57 73 C5 66 83 67 9C 35 B7 75 05 ..nz.Ws.f.g.5.u.
  0020: A1 6D 9D 36 A7 7A AA 12 CD AE 64 5B E5 F9 EE EF .m.6.z....d[....
  0030: 7C BB 63 7E 5A E6 9F BA 50 8F 92 A2 C6 FA B5 8B ..c.Z...P.......
  0040: 25 8B 95 37 AA C4 6D 7A C1 E6 DA 35 18 82 24 1A %..7..mz...5..$.
  0050: 9A 0D E3 A2 F1 3B 4D 35 C6 00 B7 E8 6B 14 0B 82 .....;M5....k...
  0060: BC E1 29 6E 24 10 27 B2 86 52 CD 85 C5 A9 CE 69 ..)n$.'..R.....i
  0070: D1 69 79 67 07 9E 8B A2 23 DA 97 36 F5 D8 57 57 .iyg....#..6..WW
  chain [1] = [
  Version: V1
  Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@96e1cb27
  Validity: [From: Sat Jul 27 20:07:57 GMT+02:00 1996,
                 To: Mon Jul 27 20:07:57 GMT+02:00 1998]
  Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [  0  ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 8B 2F 9F B8 9F 5F 74 54 22 BB D8 5E DA 48 E0 33 ./..._tT"..^.H.3
  0010: 9F 01 19 13 A2 0C 26 EA 8E CE C1 57 65 F7 7C 85 ......&....We...
  0020: 84 37 17 EE 1E 6D D1 76 75 D4 C5 00 33 38 8A 75 .7...m.vu...38.u
  0030: D7 B7 AE 64 EF CD 46 08 50 26 28 63 96 F4 DF 62 ...d..F.P&(c...b
  0040: 30 18 C4 EF 76 27 25 2B E4 93 37 A3 4F DA 6E 67 0...v'%+..7.O.ng
  0050: BC 50 0C A8 94 F9 80 2E 4E FA 3F E3 06 E6 51 43 .P......N.?...QC
  0060: 88 B4 00 C6 10 AF 91 78 95 3F 28 04 99 E1 81 A7 .......x.?(.....
  0070: F0 E8 F2 FC 68 36 36 BC C1 C6 48 F9 7D FB BB 9F ....h66...H.....
  out of date cert: [
  Version: V1
  Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@96e1cb27
  Validity: [From: Sat Jul 27 20:07:57 GMT+02:00 1996,
                 To: Mon Jul 27 20:07:57 GMT+02:00 1998]
  Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  SerialNumber: [  0  ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 8B 2F 9F B8 9F 5F 74 54 22 BB D8 5E DA 48 E0 33 ./..._tT"..^.H.3
  0010: 9F 01 19 13 A2 0C 26 EA 8E CE C1 57 65 F7 7C 85 ......&....We...
  0020: 84 37 17 EE 1E 6D D1 76 75 D4 C5 00 33 38 8A 75 .7...m.vu...38.u
  0030: D7 B7 AE 64 EF CD 46 08 50 26 28 63 96 F4 DF 62 ...d..F.P&(c...b
  0040: 30 18 C4 EF 76 27 25 2B E4 93 37 A3 4F DA 6E 67 0...v'%+..7.O.ng
  0050: BC 50 0C A8 94 F9 80 2E 4E FA 3F E3 06 E6 51 43 .P......N.?...QC
  0060: 88 B4 00 C6 10 AF 91 78 95 3F 28 04 99 E1 81 A7 .......x.?(.....
  0070: F0 E8 F2 FC 68 36 36 BC C1 C6 48 F9 7D FB BB 9F ....h66...H.....
  Thread-6, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
  Thread-6, WRITE: SSL v3.0 Alert, length = 2
  javax.net.ssl.SSLException: untrusted server cert chain
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Compiled Code)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Compiled Code)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Compiled Code)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Compiled Code)
       at java.io.OutputStream.write(OutputStream.java:65)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
       at de.myaxa.application.adapter.SessionController.hitSession(Compiled Code)
       at java.lang.reflect.Method.invoke(Native Method)
       at de.myaxa.application.adapter.Command.execute(Compiled Code)
       at de.myaxa.application.adapter.MyAxaInterfaceServlet.doPost(MyAxaInterfaceServlet.java:117)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:840)
       at netdyn.servlet.CNdServletRequestHandler.handleRequest(CNdServletRequestHandler.java:132)
       at netdyn.servlet.env.CNdRequestEnvironment.executeRequest(Compiled Code)
       at netdyn.servlet.env.CNdRequestEnvironment.executeRequest(CNdRequestEnvironment.java:427)
       at netdyn.servlet.env.CNdRequestEnvironment.executeRequest(CNdRequestEnvironment.java:376)
       at netdyn.servlet.CNdServletManager.handleRequest(CNdServletManager.java:347)
       at netdyn.services.cp.worker.CNdCPWorkerOperations.webEventMessage(CNdCPWorkerOperations.java:530)
       at netdyn.services.cp.worker.CNdCPWorkerImpl.webEventMessage(CNdCPWorkerImpl.java:82)
       at netdyn.services.cp.stubs._tie_INdCPWorker.webEventMessage(_tie_INdCPWorker.java:23)
       at netdyn.services.cp.stubs._INdCPWorkerImplBase._execute(_INdCPWorkerImplBase.java:73)
       at netdyn.services.cp.stubs._INdCPWorkerImplBase._execute(_INdCPWorkerImplBase.java:48)
       at com.visigenic.vbroker.orb.SkeletonDelegateImpl.execute(Compiled Code)
       at com.visigenic.vbroker.orb.GiopProtocolAdapter.doRequest(Compiled Code)
       at com.visigenic.vbroker.orb.GiopProtocolAdapter.dispatchMessage(Compiled Code)
       at com.visigenic.vbroker.orb.ThreadPoolDispatcher.run(Compiled Code)
       at com.visigenic.vbroker.orb.WorkerThread.run(Compiled Code)
  de.myaxa.application.adapter.SessionController@89c5cb25 : javax.net.ssl.SSLException: untrusted server cert chain :

  [ O66183],
  This exception occurs because of an invalid or expired certificate within a public key certificate chain that causes the JSSE to terminate abnormally.
  If you look at your log file, you can see an 'out of date cert' message. I have extracted that part of the log with this statement:
            <SNIPPED>
  out of date cert: [
  Version: V1
  Subject: EmailAddress=[email protected],
  , CN=Thawte Server CA, OU=Certification Services
  Division, O=Thawte Consulting cc, L=Cape Town,
  ST=Western Cape, C=ZA
  Signature Algorithm: MD5withRSA, OID =
  = 1.2.840.113549.1.1.4
  Key:
  com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@96e1cb27
  Validity: [From: Sat Jul 27 20:07:57 GMT+02:00
  0 1996,
  To: Mon Jul 27 20:07:57 GMT+02:00
  7:57 GMT+02:00 1998]
  Issuer: EmailAddress=[email protected],
  , CN=Thawte Server CA, OU=Certification Services
  Division, O=Thawte Consulting cc, L=Cape Town,
  ST=Western Cape, C=ZA
  SerialNumber: [  0  ]          <SNIPPED>
  HTH.
  Allen Lai
  Developer Technical Support
  SUN Microsystems
  http://www.sun.com/developers/support/

• Autodiscover-SSLCert-Activesync Issue

  Hello. I have odd issue. So first of all we are on Exchange 2010 and have host our email and that of 2 other companies. The other companies mailboxes are setup in our domain but we change their SMTP alias to that of their domain name. We then setup their
  Outlook to point to us via Outlook Anywhere using our OWA address (owa.mydomain.com) and set their phones up for activesync with the same address. Now, we do have an external autodiscover namespace for our domain and one for one of the other domains and that
  domain along with ours auto discover.mydomain.com and theirs auto discover.theirdomain.com are both on our SSL cert, these are both A Records. The third company does not have an external auto discover namespace setup nor is that on our SSL Cert. 
  So a couple of things. 
  First, why are we having to manually type in the server when setting up email on phones for the two companies that have auto discover namespaces (shouldn't auto discover do this automatically)?
  Secondly, how can I setup the third company to use this without having to add an additional entry to the SSL Cert?
  Now the weird thing, for some reason the second company (the one with the autoautodiscover namespace), if I remove their external autodiscover.theirdomain.com namespace then all of their Outlook client start throwing up a "Allow this website to configure
  server settings" and it is some other namespace like cpanelmaildiscovery.cpanel.net or they get the SSL Cert message :The name on your SSL Cert is not same as" and it lists some other namespace. You get that same type of thing when setting up the
  phones with their external namespace in place too, but not in Outlook, only when you remove the external auto discover.theirdomainname.com entry. All of this and the third company with no external autodiscover namespace and no entry to the SSL Cert does not
  have this problem. 
  If someone can help me make heads or tails out of this mess I would appreciate it.
  Thank you. 

  The following is the answer to both your questions, I think.  For autodiscover for someone in, say, company3.com to work, the ActiveSync client needs to be able to contact autodiscover.company3.com, which will point to the server they connect to. 
  If you have configured company1.com on the certs for your Exchange servers, the client will fail on this step, and you will need to manually configure the server.  For autodiscover to work properly for all companies you host, you need to have your certificate
  configured to support all of them.
  So, to support the three companies you host, you need autodiscover names for each on your certificate - and a wildcard cert won't work, since it's for a single domain.  You need autodiscover.company1.com, autodiscover.company2.com, and autodiscover.company3.com
  on your certificate.
  As for your "weird thing", I think I'd need more detail of what is on your certificate SAN and what your SMTP namespaces are before I'd be able to guess why it does and doesn't work.

• OCA course material

  anyone who can help me to get the course material of oracle 10g database administration workshop I. Best Regards in advance!!

  Yeah, Im also looking for good course material.. Have you tried the Sybex range of books.. I used these whilst studing for my Comptia, Microsoft Certs
  Message was edited by:
  user584668

• Web Server 7 Admin Server and Self-Signed certificate

  Is it possible to create and install a self-signed certificate for the administration server in Sun Web Server 7. The default installation comes with a self-signed certificate but we would like to install our own certificate and not the certificate issued by "admin-ca-cert"
  Message was edited by:
  aar

  As far as I know its not a problem. You can install your own certificate. Make sure that the certificate nick name is changed accordingly in "server-cert-nickname" in server.xml section as shown below :
  <http-listener>
  <name>admin-ssl-port</name>
  <port>2224</port>
  <server-name>alamanac.india.sun.com</server-name>
  <default-virtual-server-name>admin-server</default-virtual-server-name>
  <ssl>
  <server-cert-nickname>Admin-Server-Cert</server-cert-nickname>
  </ssl>
  </http-listener>

• Guest WLAN Spalsh page to external URL

  Hi, I want to setup a webpage for my guest network (no authentication) users. When the client connects to the open guest network and upon opening a browser they would be directed to a survey that I would like them to take, if they don't want to take it they can begin browsing to other sites without issue. How do I do this on a my 5508 WLC?

  You mean in the WLAN config? If so, that didn't work either.
  To recap where I am at now I have my WLAN setup with just passthrough.
  Then under security Web auth > web login page I have it set as
  Unfortunatlly, I still cannot leave the External Webauth URL empty
  With the above setup, the client after connecting to the WLAN has the browser auto launch and appears to direct to the redirect site, however the page just refreshes and does not load. Long URL with domain.com/blah blah blah/1.1.1.1 virtual interface of the WLC.
  Message was edited by: Andrew Schulz