WS_Security, signature-key
Hello
Is it possible to configure two signature keys ( <signature-key>) in a security configuration ( oracle-webservices.xml).
In my application, <signature> and <verify-signature> need to use different keys: Client has his own key and server also has one. There should be a mutual authentication.
Client will sign the request (in <outbound>) with its private key and Server will verify the client signature based on the client public key.
On the other hands, server will also sign the response with its private key and client will verify the server signature using the server public key.
Client will have a copy of the server public key and server will store a copy of client public key.
Is that possible and houw to configure two key int a single security configuration in Oracle-webservices.xml ???
Thanks
Aimey
How to implement this
X509V1 is not a valid value for "Valuetype". So I guess this should not be the problem.
Similar Messages
-
OSB (11.1.1.7): Can OSB/Weblogic (11.1.1.7) support multiple PKIs (Public Key Infra-structure)
Hi All,
Would you be able to help me in understanding if OSB/Weblogic (11.1.1.7) can support multiple private key's in the domain to enable 2-SSL W/S calls ?
Solution walk-through :
A 3rd Party Web Service is only accessible via 2-way SSL http channel. To achieve this, OSB is required to use the private key which is issued by 3rd party. This private key and 3rd party root certificate (CA) need to be installed into OSB’s keystore which is based on Java Keystore format.
The private key (issued by 3rd Party) will be used by OSB for identity signature. This private key is bound to IP address of the OSB machine calling the 3rd Party web service. Also, 3rd Party root certificate (CA) will be used by OSB to verify the identity of 3rd Party web service.
Given the private key is used as the identity of the system and should be guarded closely by the target system, we believe this approach needs to be reviewed and assessed accordingly.
Limitations and drawbacks with the current solution :
1. The private key of OSB system is issued and controlled by an external application vendor.
2. OSB is enforced to use this private key and its signature algorithm for other external parties’ interactions. The current client certificate issued by 3rd Party is X509v3 certificate which uses RSA, with a 2048-bit key size, signed with a SHA-512 hash.
3. The SSL is self-signed, not signed by a publicly trusted cert provider (i.e. VeriSign)
4. Extra dependency on external vendor systems as the key provider. Currently, the keys are bound to server IP address; any changes to the production environment, (i.e. adding new nodes) will require a new key to be generated by 3rd Party system. In case 3rd Party is no more used in the future, the keys can no longer be generated.
Conclusion : OSB does not support multiple PKIs (Public Key Infra-structure) which is a mapping mechanism that OSB uses to provide its certificate for SSL connecitons to the server. Multiple private keys, require multiple PKIs which OSB does not handle.
So, do you agree that OSB/Welblofic (11.1.1.7) could not support multiple private key issued by more than one 3rd party vendor ?
Thanks,
Kunal SinghHi Kunal,
Although it is recommended to have 1 key pair for 1 identity store as it represents unique identity of your domain but you can:
import multiple key-pairs in your identity store
Configure PKI credential mapper to use reference of identity store consisting of multiple keys
When in your OSB project, you create Service Key provider(SKP) then it loads all the private keys present in identity store referred by PKI mapper. It will browse both the keys.
Depending on your requirement, you can choose different key pair for for different SKPs for "Client Authentication key" section(For SSL) and "Signature key" for DigiSign.
Please let me know if i understood your query correctly and above helps.
Regards,
Ankit -
Problem with validating SAML assertion signature ("bad" certificate?)
Hi,
We've been developing and testing webservices and webservice clients under WebLogic for awhile. In our typical configuration, we have the SAML Credential mapper configured on the webservice client side, and the SAML Identity Asserter on the webservice side, and we are using "sender-vouches", whereby the SAML assertions are being signed by the SAML Credential mapper.
Up through development, for the signing, we've been using certs issued by a test CA that we have, but now, we are moving to a pre-production environment, and we're required to use certs issued by a specific 3rd party CA. Since we've started using those new certs, we have been getting "token failed to validate" errors. We've been trying to diagnose this problem for awhile, and we're at the point that we believe that, for some reason, the certs that we got that were issued by the 3rd party CA are "bad".
Specifically, those certs are SSL Server certs, with the following characteristics:
Usages:
Digital Signature
Key Encipherment
Key Agreement
Netscape Type: SSL Server Authentication
but, they also have two "extended usage extension" OIDs, both are "2.16.840.1.101.2.x.yy.zz".
When we looked at the certs using various tools, e.g., "openssl x509...", etc., those extended usage extensions are being displayed as "unknown", which made us a littel suspicious about them, so I setup a simple test configuration with two WebLogic 10.0 MP1 instances.
For testing, we first used a cert from the 3rd party CA, which gave us the "failed to validate token" errors.
During this testing, we put a sniffer on the line, and captured the SOAP message with the signed SAML assertion, and we used a small Java app that I wrote awhile ago that will validate a digital signature. When we ran that Java app, the digital signature validated successfully (i.e., the digital signature was GOOD).
This seems to imply that the "failed to validate token signature" errors are happening because of something other than the digital signature being incorrect.
So, then, we created a certificate that matches the 3rd party CA certs almost exactly, except that we did not include the two extended usage extensions, and we configured the two WebLogic instances to use this new certificate.
When we tested with the new certificate, we no longer got the errors.
So, it appears that when the cert has those two enhanced usage extensions, WebLogic is either not willing to, or not able to, utilize the certs for validating digital signatures.
Does anyone have any insight into this problem, or has anyone encountered a problem like this before?
I also was wondering if there are any parameters for WebLogic that we might try to set that would tell WebLogic to perhaps ignore the certificate extensions and to just do the digital signature validation?
Thanks,
JimHi,
FYI, we were able to resolve this problem today. It turned out to be that the certificate and key were not "matched".
The way that we figured this out was to use openssl and the procedure here:
http://kb.wisc.edu/middleware/page.php?id=4064
which showed the mismatch.
We've since generated a new cert request and got a new certificate, and it's working now.
Jim -
Help diagnosing "The selected certificate has errors: Invalid Signature"
I am unable to sign a PDF using a new certificate I have received. I have tried Acrobat X and XI. I have also tried importing both the root and issuing CAs as trust anchors. Those certs seem to verify fine. This issue appears to be with the signature on my cert.
My suspicion is that the issue stems from the issuing CA's use of the "AlternateSignatureAlgorithm", 1.2.840.113549.1.1.10 RSASSA-PSS, for my user cert. Acrobat does not seem to recognize this algorithm. It simply lists the OID value when I look at the signature algorithm under details.
The certificate is validated fine using certutil.exe and works fine when I use it for client SSL authentication. I am using Windows 7 and have tried both 32 and 64 bit PCs.
Has anyone experienced this before?
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 100000
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
NotBefore: 11/15/2012 2:14 PM
NotAfter: 11/16/2022 2:14 PM
Subject:
CN=xyz Issuing CA
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 e3 0b d4 99 e6 01 f1
0010 0e a4 e1 82 8a 8c 39 27 62 7a 03 23 fe 03 3f b5
0020 0d b6 fa c2 1b 86 44 d6 2f 76 65 b0 02 ff 83 69
0030 b7 6a 8d b2 d7 22 74 e3 04 9a 01 ec 4c 0f de ff
0040 c3 db 8f b5 c1 d3 7d 80 f5 ca cc ca 6d ef df 2a
0050 31 25 18 0b 92 1b 4b 1f 41 c0 5f b6 b2 7e f4 43
0060 99 43 01 cf c2 60 de 79 75 ec dc 61 11 ea 87 d0
0070 76 56 a6 4f 00 4a 31 94 37 a5 37 7b 0d 61 49 74
0080 67 88 31 df 81 16 a2 ed 5c 77 6b 23 6b 92 35 c8
0090 b3 05 cc 5a 06 3c a3 b3 6c d8 ad 1e 66 28 4e 90
00a0 3f ad 66 db 6d 13 dd c8 44 29 a0 4f 62 9c f5 5a
00b0 c1 7e 84 fc e6 24 57 c2 bd ce f1 80 b7 bd 13 b8
00c0 9f d1 8a bb 41 43 67 9f 68 25 f6 a6 a2 be 44 89
00d0 11 4f 12 3d 2d d3 85 be 38 f9 97 bd e1 ce 5c 8c
00e0 4e d4 ce be 19 0b a7 91 5d ee 1e c1 84 2c 2a 5e
00f0 bb e5 4a fb 7f 2a f4 b8 06 2b 63 1f d9 c3 d9 d3
0100 5a 13 2d ea 19 63 dd 7c e5 02 03 01 00 01
Certificate Extensions: 9
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.14: Flags = 1(Critical), Length = 16
Subject Key Identifier
8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.35: Flags = 1(Critical), Length = 7e
Authority Key Identifier
KeyID=c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Certificate Issuer:
Directory Address:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Certificate SerialNumber=00 96 b6 de 15 a7 4b 97 ac
2.5.29.31: Flags = 0, Length = 36
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/root-ca.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 37
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/root-ca.cer
2.5.29.32: Flags = 0, Length = 6e
Certificate Policies
[1]Certificate Policy:
Policy Identifier=2.16.840.1.101.3.2.1.48
[1,1]Policy Qualifier Info:
Policy Qualifier Id=CPS
Qualifier:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/documents/test_policy.pdf
1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V0.0
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name (Certificate Type)
SubCA
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 41 a4 3f 79 99 d2 aa fa f9 4b 88 0c a6 be 6f 40
0010 0b df 10 93 f5 bb 48 c7 1f 89 73 73 09 58 b4 22
0020 f2 b8 0f 78 b1 da 16 81 cd 2d 86 5a 22 90 67 cd
0030 22 03 56 d5 c2 f4 df 79 b2 2a 82 e0 2e 5a 9a c3
0040 92 b5 4d f2 fe 3d 6b f0 97 b0 b7 85 b6 e9 99 4c
0050 f5 87 34 81 bc 27 f0 77 a1 c6 b2 50 b1 c8 b6 2f
0060 6f 01 61 0d 1d bc cd 3b 07 2d 18 71 d3 f1 f2 03
0070 78 e6 82 24 27 b1 65 d5 4b be 6c 20 f7 60 30 4c
0080 49 42 07 4c 13 d9 7d 77 7f 10 a4 32 bc 30 d4 82
0090 bf 40 06 0f 84 32 43 65 67 47 d0 19 59 0e e7 c2
00a0 d9 c1 10 0a 5e df a2 18 04 86 e5 e4 09 80 99 75
00b0 fd 21 ad 86 5f 77 ab 5d aa 79 74 ed eb ba c4 e8
00c0 f1 fb b2 ae 6a dd 07 5c cc 3d 93 99 ff 45 e6 f6
00d0 c6 d6 d3 22 69 c3 43 50 c0 69 e4 7f 3e 73 df 76
00e0 6f 9d fc 73 ed 54 0b 49 3b 6f c8 99 32 b1 9b d5
00f0 15 bd 5f 40 07 a2 f2 92 0e 74 2b f2 01 39 52 b0
Non-root Certificate
Key Id Hash(rfc-sha1): 8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
Key Id Hash(sha1): e7 a5 38 8b 64 5e bd 6e ee 7b 3f 61 bb 8a ed 2c cc 4b 2c 2f
Cert Hash(md5): 69 84 7c 7c d8 2a 35 12 e9 6b e8 6a fd ca be 92
Cert Hash(sha1): eb 2f 11 1b b0 c2 92 a0 14 74 50 42 50 1e de c5 53 de d7 df
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
69 84 7c 7c d8 2a 35 12 e9 6b e8 6a fd ca be 92
CERT_SHA1_HASH_PROP_ID(3):
eb 2f 11 1b b0 c2 92 a0 14 74 50 42 50 1e de c5 53 de d7 df
CERT_KEY_IDENTIFIER_PROP_ID(20):
8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
Cannot find the certificate and private key for decryption.
================ Certificate 1 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 96b6de15a74b97ac
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
NotBefore: 11/13/2012 3:35 PM
NotAfter: 11/13/2032 3:35 PM
Subject:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 d2 5f 7d c0 c5 25 7f
0010 2c 4c a2 4a 9b 6f e7 7a 35 cd 9a 2a 88 30 36 9b
0020 f8 a4 d8 31 64 72 36 1c 1b 2c dc 73 11 d6 57 a2
0030 97 91 6d bb d0 3c 13 65 28 4d 78 4e e1 c7 06 ac
0040 16 c1 2a 62 39 ba 39 f9 a1 b9 4a 14 39 28 58 0d
0050 f4 97 83 d5 ee 45 91 4a 41 06 e5 b9 60 40 20 48
0060 85 f4 2d 8e 04 7f 81 12 3a 26 e1 0f 21 32 49 bc
0070 20 ef 12 69 5a 20 a4 51 65 6d 85 4c 0f 4c 91 4c
0080 26 47 27 a7 9e 49 e0 f7 56 08 fc 90 47 11 6c a9
0090 b8 81 c6 83 c8 b2 2d e8 c4 ba 8b 45 32 c5 dd a0
00a0 d9 1c 85 10 d6 6b 42 50 9a 42 d6 e4 51 32 73 59
00b0 92 5b d1 44 82 dc be 75 65 94 e7 4a 79 15 ed 23
00c0 f8 a3 3e 28 92 31 75 5c fa b9 1b 6d e0 c3 d0 24
00d0 7a 09 86 d0 2d c7 42 eb 6b fc 95 ed 62 13 21 35
00e0 2f 0e b6 cd c2 c3 66 d4 a6 1b 53 15 49 64 ac 34
00f0 11 20 8b e4 46 bc 60 68 3e 1b cb 5c b8 05 f4 a8
0100 0a a3 53 d0 37 2a 2d 73 01 02 03 01 00 01
Certificate Extensions: 7
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.14: Flags = 1(Critical), Length = 16
Subject Key Identifier
c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.35: Flags = 1(Critical), Length = 7e
Authority Key Identifier
KeyID=c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Certificate Issuer:
Directory Address:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Certificate SerialNumber=00 96 b6 de 15 a7 4b 97 ac
2.5.29.31: Flags = 0, Length = 36
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/root-ca.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 37
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/root-ca.cer
2.5.29.32: Flags = 0, Length = 6e
Certificate Policies
[1]Certificate Policy:
Policy Identifier=2.16.840.1.101.3.2.1.48
[1,1]Policy Qualifier Info:
Policy Qualifier Id=CPS
Qualifier:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/documents/test_policy.pdf
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 69 25 3a 36 f1 13 25 88 73 94 eb cf 5b 70 2e 86
0010 8c 0d 7a 8f 3a 49 0e 42 18 da c9 00 26 68 ea 42
0020 cd 2a 24 43 0d ec 6b 15 73 14 33 69 c2 60 3d 40
0030 1c 4d 59 12 7a e9 03 00 81 ba 1e 50 55 05 bd 60
0040 88 84 bb 8e e3 f5 ce 00 42 ae fd 01 05 fd bc 5f
0050 af cc e3 a4 4d f2 84 8b 9b 0d 24 16 d6 d4 51 da
0060 50 9c c4 69 d6 b8 18 be e5 5c 48 b8 8a a3 d4 22
0070 0e 26 f2 15 d8 ff 19 34 d4 1d 69 50 02 51 da e8
0080 ad 05 a3 2f 1c e9 0f da e3 4c 36 c4 cd 6e a5 76
0090 88 19 90 78 ad fe 94 62 46 91 2b 0a 36 df e2 ea
00a0 4a a9 f4 5c dc 77 4d e5 f4 ab e9 b9 da f6 b0 9f
00b0 6c f5 50 74 14 19 05 df 96 b5 ee af a3 31 a5 af
00c0 8f 6c be 67 43 78 55 0e 39 46 80 05 12 5f c2 4f
00d0 24 fc 13 f7 e5 ee 64 0f dd 9a 49 5c 57 10 1c 4b
00e0 7a 9f 5a 1f 0c ec 5b 8d b4 c4 ed d8 09 cc 1c d9
00f0 9f 04 3f 85 ab 95 48 8e 77 e0 91 81 39 46 fb a3
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Key Id Hash(sha1): f0 fc 52 1c c1 a6 16 2d 28 c1 71 84 ae d4 18 87 74 c4 f8 1c
Cert Hash(md5): c9 af 16 63 9e 51 7b 8e 22 25 96 d7 a7 66 fa ab
Cert Hash(sha1): e6 0b ef c1 fb e6 94 13 dc 9f 26 80 33 31 43 d9 ec af d7 be
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
c9 af 16 63 9e 51 7b 8e 22 25 96 d7 a7 66 fa ab
CERT_SHA1_HASH_PROP_ID(3):
e6 0b ef c1 fb e6 94 13 dc 9f 26 80 33 31 43 d9 ec af d7 be
CERT_KEY_IDENTIFIER_PROP_ID(20):
c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Cannot find the certificate and private key for decryption.
================ Certificate 2 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 1500000003a24d67389af826d7000000000003
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
Algorithm Parameters:
30 00
Issuer:
CN=xyz Issuing CA
NotBefore: 11/15/2012 3:13 PM
NotAfter: 11/15/2013 3:13 PM
Subject:
[email protected]
CN=(e) Hugh Kelley
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 e4 55 77 34 c0 b7 58
0010 55 cd 71 1e da d4 83 fd f4 bd a5 d5 26 52 6c 7e
0020 8d 74 ea 0a b6 2c 0c ae b4 8f fc 95 07 9b 1a d4
0030 e1 9f ed e3 7e d7 f4 f0 04 2c e4 ed 4c 49 2b d7
0040 b4 42 c0 1c 12 7c b8 76 22 83 e6 d9 44 78 ce 26
0050 20 5c 9c 71 30 3c 78 01 74 fa ac f9 7b b3 83 28
0060 a8 18 52 10 d4 a5 f0 29 40 15 40 16 5c 90 4b 5d
0070 c4 57 9d 3d 29 4e ce 80 b1 f1 ae 17 a4 cc 85 0b
0080 a2 5e 73 0f ac 0f ff 8b 05 0c b9 f2 17 b3 ad 2f
0090 b7 33 c7 ac bf 16 0f 09 2a e6 b7 f9 90 42 0b 6f
00a0 3b 7f df 86 e6 e9 33 b6 d5 2d be 5f 65 4b 87 45
00b0 d4 53 fc 8e de 0f 49 fd 8b 84 f5 2e cd 00 a9 cd
00c0 0c b2 e2 7e 3e f9 e3 28 2f 9a 55 85 3e b8 b2 3a
00d0 89 ce 19 bd 88 b2 74 da 42 ac bf 07 6c 4a b8 2e
00e0 94 36 3b 28 f0 45 ec 59 f4 22 f3 03 47 85 ef 4c
00f0 ba f5 24 3e 55 60 8b e8 6e e3 e9 1e bf 3c c9 75
0100 88 9c 39 6c 20 66 c0 92 85 02 03 01 00 01
Certificate Extensions: 10
1.3.6.1.4.1.311.21.7: Flags = 0, Length = 30
Certificate Template Information
Template=1.3.6.1.4.1.311.21.8.11609700.13554795.12405411.13975648.10011376.129.8742862.14 66929
Major Version Number=100
Minor Version Number=5
2.5.29.37: Flags = 0, Length = 22
Enhanced Key Usage
Client Authentication (1.3.6.1.5.5.7.3.2)
Secure Email (1.3.6.1.5.5.7.3.4)
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
1.3.6.1.4.1.311.21.10: Flags = 0, Length = 28
Application Policies
[1]Application Certificate Policy:
Policy Identifier=Client Authentication
[2]Application Certificate Policy:
Policy Identifier=Secure Email
[3]Application Certificate Policy:
Policy Identifier=Encrypting File System
1.2.840.113549.1.9.15: Flags = 0, Length = 37
SMIME Capabilities
[1]SMIME Capability
Object ID=1.2.840.113549.3.2
Parameters=02 02 00 80
[2]SMIME Capability
Object ID=1.2.840.113549.3.4
Parameters=02 02 00 80
[3]SMIME Capability
Object ID=1.3.14.3.2.7
[4]SMIME Capability
Object ID=1.2.840.113549.3.7
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
2.5.29.31: Flags = 0, Length = 44
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/xyz Issuing CA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 45
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/xyz Issuing CA.crt
2.5.29.17: Flags = 0, Length = 50
Subject Alternative Name
Other Name:
Principal [email protected]
RFC822 [email protected]
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
Algorithm Parameters:
30 00
Signature: UnusedBits=0
0000 51 58 a1 89 fc fe 9d b3 67 36 9f 4d 41 75 9e 9f
0010 b8 30 10 3b c8 f1 0b 6a b8 ab 84 73 2e 91 7e 05
0020 e0 3a 5b 34 cd 0a 35 bd e0 f6 c2 7c 7f d0 d6 b3
0030 03 3d 8c dd 52 04 7f 62 55 a5 14 a7 5a 20 77 5d
0040 0f bb f6 4d a3 8c 2e 98 76 39 f4 30 18 bf be 5f
0050 0c 62 20 40 39 34 e6 de d2 dd 01 dd e9 bb d0 e5
0060 1e 93 93 0e de c4 c5 86 9e 15 72 ea 4c 37 5c 6c
0070 3d dc 69 8d 17 9d f8 b6 2a 51 1f f5 bc f5 fb 58
0080 2c 03 4f 88 b8 58 a3 cd ca 38 28 3a c9 34 79 4a
0090 46 7c de a1 a8 fa 28 34 1f 23 96 69 51 f1 c7 41
00a0 0b c8 a9 39 71 6c 4f 57 81 7f ec a7 2f 65 b9 97
00b0 c8 2d 1e 24 ff fc d9 58 5c 07 e9 2c 83 77 64 a9
00c0 8f 5d 42 9e c3 ea 85 88 39 7b 23 56 38 6d c9 15
00d0 4c 80 de cf 00 e0 73 27 e2 f1 b3 d4 c9 b5 83 74
00e0 4f 6e 6f 03 2f df c1 29 24 de 6a 70 cf de d4 1f
00f0 fb 07 08 85 89 f9 08 f7 68 5c 68 29 2e 3c 6c de
Non-root Certificate
Key Id Hash(rfc-sha1): c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
Key Id Hash(sha1): 42 9c bd 63 60 4c d2 a8 55 bd 1b f4 70 25 34 cd 72 38 ca 8c
Cert Hash(md5): af 8b 1e 76 71 f5 53 f4 93 62 1d e7 5e a8 d1 ff
Cert Hash(sha1): 4f 3b d3 48 ba 05 65 dd 99 bb 33 65 5b 5e ba 13 28 fe 2d 80
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
af 8b 1e 76 71 f5 53 f4 93 62 1d e7 5e a8 d1 ff
CERT_SHA1_HASH_PROP_ID(3):
4f 3b d3 48 ba 05 65 dd 99 bb 33 65 5b 5e ba 13 28 fe 2d 80
CERT_KEY_PROV_INFO_PROP_ID(2):
Key Container = {0136F9BB-2135-4642-827C-B883E0BDAF41}
Unique container name: 1119ced7dad9cbd7d39924c9f35b5886_f10cfee5-eccc-4ef4-b0fb-7042bc1815c3
Provider = Microsoft Enhanced Cryptographic Provider v1.0
ProviderType = 1
Flags = 0
KeySpec = 1 -- AT_KEYEXCHANGE
CERT_CEP_PROP_ID(87):
Enrollment Policy Url: ldap:
Enrollment Policy Id: {D8416D24-E050-45B1-B348-B9218292357C}
Enrollment Server Url: Q-PKI-01.xyzre.qa1\xyz Issuing CA
Request Id: 3
Flags = 0
DefaultNone -- 0
Url Flags = 20 (32)
PsfAllowUnTrustedCA -- 20 (32)
Authentication = 2
Kerberos -- 2
Enrollment Server Authentication = 2
Kerberos -- 2
CERT_REQUEST_ORIGINATOR_PROP_ID(71):
Q-APPDEV7-01.xyzre.qa1
CERT_KEY_IDENTIFIER_PROP_ID(20):
c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
Unique container name: 1119ced7dad9cbd7d39924c9f35b5886_f10cfee5-eccc-4ef4-b0fb-7042bc1815c3
PP_KEYSTORAGE = 1
CRYPT_SEC_DESCR -- 1
KP_PERMISSIONS = 3f (63)
CRYPT_ENCRYPT -- 1
CRYPT_DECRYPT -- 2
CRYPT_EXPORT -- 4
CRYPT_READ -- 8
CRYPT_WRITE -- 10 (16)
CRYPT_MAC -- 20 (32)
D:(A;ID;GAGR;;;SY)(A;ID;GAGR;;;BA)(A;ID;GAGR;;;S-1-5-21-2052111302-1708537768-839522115-2 4370)
Allow Full Control NT AUTHORITY\SYSTEM
Allow Full Control BUILTIN\Administrators
Allow Full Control xyzRE\hugh.kelley
Private Key:
PRIVATEKEYBLOB
Version: 2
aiKeyAlg: 0xa400
CALG_RSA_KEYX
Algorithm Class: 0xa000(5) ALG_CLASS_KEY_EXCHANGE
Algorithm Type: 0x400(2) ALG_TYPE_RSA
Algorithm Sub-id: 0x0(0) ALG_SID_RSA_ANY
0000 52 53 41 32 RSA2
0000 ...
048c
Encryption test passed
CertUtil: -dump command completed successfully.Hi Hugh,
As you figured out the certificate was using a signature algorithm that Acrobat did not understand. The "signature algorithm" is a composite of the the digest algorithm (e.g. sha1), and the encryption algorithm (e.g. RSA). Acrobat understands the following digest algorithms; MD5, SHA-1, RIPEMD-160, SHA-256, SHA384, and SHA512. As far as encryption algorithms go, it understands DSA and RSA. Just to make things a little more complicated, version XI also can handle elliptic curve, but versions 6 thru 10 were limited to DSA & RSA. If you are using a digital ID created with the DSA encryption algorithm then the only digest algorithm Acrobat can use with is SHA-1. Just like you saw sha1RSA, you could also use a digital ID with the sha1DSA signature algorithm. If you are using RSA then it will pair with all six digest algorithms I noted above (e.g. sha256RSA).
The Probabilistic Signature Scheme is not something Acrobat understands at all.
Steve -
CISCO MST (802.1S) config digest KEY calculation
Hi,
We and others before us have checked that CISCO MST (802.1S) config digest KEY calculation was not done as expected by 802.1S:
the 16 bytes configuration digest in the BPDU from Cisco does not follow the recommendation of the 802.1s. They have different values compared with those value shown in 802.1s Table 13-2. So Cisco may not use HMAC-MD5 or the signature key as specified in 802.1s 13-7(4), and Table 13-1.
CISCO MST white paper extract:
a digest of the VLANs-to-instance mapping table is sent, along with the revision number and the name. Once a switch receives a BPDU, the switch extracts the digest (a numerical value derived from the VLAN-to-instance mapping table through a mathematical function) and compares this digest with its own computed digest. If the digests differ, the port on which the BPDU was received is at the boundary of a region.
Could anyone tell us:
- how config digest key is currently calculated?
- if it is planned to be compliant
- if it is, when it is scheduled?
- on what IOS/CATos platforms?
Many thanks.
Regards/Ludovic.Cisco MST implementation was a pre-standard implementation because the software was created before the 802.1s standard was officially adopted.
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCea38886
CAT OS 8.3(1) and later and newer 12.2 IOS are standard compliant -
How can reload pkcs#11 (digital signature) ?
Hi Iam working on DigitalSignature.
Iam using Aladdin eToken pro32k
Initially Iam able to load usb tokens through application and sign the pdf documents.
1) Iam giving right password and able to do sign on pdf document through crypto usb token.
After this i didn't disconnected my usb token and try to sign another pdf doc but at this time
Iam giving wrong password(PIN) to usb token but it is going to sign successfully.
Here is the code for load a usbtoken through application.
// The cfg file contains name = GNFCeToken
//library = c:\WINDOWS\system32\eTpkcs11.dll
String configName = "C:/pkcs11.cfg";
Provider provider = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(provider);
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("PKCS11",provider);
keyStore.load(null,tokenPassword);
provider = keyStore.getProvider();
For signing a pdf doc second time I need to reload the usb token every time.
So how can I reload usb token through programatically?
Any replys will appriciate greatly."Registering" the credentials is something that is vendor middleware specific. It has nothing to do with Java code. An example of a passing mention of it is on this page: http://www.bestoken.com/support.html - "But the main function for it is that it can detect plug/unplug of
hardware, and automatically read the certificates in hardware and
register it to certificate storage section of the system." Some middlewares can do it automatically if you enable the option, some you must do it manually all the time.
Well, it looks like the MSCAPI support works a little smoother with software-based credentials. I wrote the following test:
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
public class CAPITest {
public static void main(String[] args){
try {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null) ;
Enumeration en = ks.aliases() ;
while (en.hasMoreElements()) {
String alias = (String) en.nextElement();
X509Certificate c = (X509Certificate) ks.getCertificate(alias);
PrivateKey key = (PrivateKey) ks.getKey(alias, null);
if (key != null) {
System.out.println(c.getSubjectDN().getName() + " has private key");
else {
System.out.println(c.getSubjectDN().getName());
} catch (Exception ex) {
ex.printStackTrace();
}When I ran it I got a listing of 9 certs, 4 having private keys. No password popups or anything. 3 of the certs were on a currently inserted smartcard. When I removed the smartcard and ran it again I got a dialog belonging to my middleware asking me to insert my smartcard but even after I did, the OK button was disabled and I couldn't proceed.
You've mentioned eToken a few times. If that is the only hw token you are supporting then I would reccommend using the SunPKCS11 provider directly rather than letting Microsoft CAPI get in the way. Using the SunPKCS11 provider will sidestep the certificate registration issue.
You mention " The problem i am facing is say a system is used by 1000 user with there own eToken" as a possible use situation. Is this some sort of kiosk machine with a single shared account or each user has their own user account? If each user has their own account then their credentials won't mix. If they're all using the same account then again, I think you're better off using the SunPKCS11 provider and going directly to the eToken pkcs11 interface. That way you limit the list of certs to whatever is on the currently inserted token (which you should further inspect and limit to ones that have the digitial signature key usage bit set). -
%IPS-3-Invalid__digital_signature (signature verification fauilure)
hi,
i try to load the IOS-S416-CLI.pkg into my C1841 ISR, using CLI
problem is signature cannot extract and show me this error message %IPS-3-Invalid__digital_signature (signature verification fauilure)
while i am using version 5 realm-cisco.pub signature, download from cisco tools
anyone any idea for this?Hello,
This error message literally means that the crypto signature on your router and the crypto signature in the IPS signature update do not match. This can be the result of an incorrect pubkey in your router configuration or a corrupt signature package. If you transfer the signature update from one computer to another after downloading it from Cisco.com, be sure to do the transfer in binary mode. Transferring the file in ASCII mode will remove various characters from the binary file and make the file unusable. If you have not transferred the file after downloading it from Cisco.com, or you are certain that you have not used ASCII mode to transfer the file, try downloading the file again from Cisco.com. The original download may have been corrupt.
Below is the pubkey to compare with your router configuration:
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
F3020301 0001
Quit
Thank you,
Blayne Dreier
Cisco TAC IDS Team
**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast -
??? about - Key management/Clear secure boot keys/Key ownership - in BIOS
Hi!
Could anybody explain the options in BIOS
Key management
Clear secure boot keys - Don't clear
Key ownership - HP keys
Waht does mean "keys"... what is this? I don't have any idea...
What will happen if I change it to CLEAR?
Thank you.
P.S. I tried to Google some info but unsuccessfully...Hi,
HP has not published and posted any official documentation pertaining to operating system signature keys.
Review this Microsoft article.
HP DV9700, t9300, Nvidia 8600, 4GB, Crucial C300 128GB SSD
HP Photosmart Premium C309G, HP Photosmart 6520
HP Touchpad, HP Chromebook 11
Custom i7-4770k,Z-87, 8GB, Vertex 3 SSD, Samsung EVO SSD, Corsair HX650,GTX 760
Custom i7-4790k,Z-97, 16GB, Vertex 3 SSD, Plextor M.2 SSD, Samsung EVO SSD, Corsair HX650, GTX 660TI
Windows 7/8 UEFI/Legacy mode, MBR/GPT -
Does anyone know if MIDI loops can be manually added to the Loop Browser?
that's as simple as make an apple loop with an audio file.
4 exemple:
u open exs 24, u record some drums, u open a compressor, eq ,etc(even non apple plug in).when ur happy with wath uv done,u just go to the menu region > add to aplle loops library
choose it a tag and it 's done.don't forget to define the right signature key (if it's a musical region),and well place the locator!
u can now open it in every project as an audio file or as a midi file,then logic will automaticaly open the right plug in (instrument,compressor,reverb,etc....)
extremaly usefull. -
Unable to start EBS DB after the Server Crash. Error in installing the Required RPM.
Hi , Hussein ( As most of the Time It is Only you here who comes to the rescue or give Usefull inputs. I am sorry if i mistaken, no Pan intended for Other Experts)
I 've also posted this issue here but got no response. https://forums.oracle.com/thread/2590497
Badly require your inputs and suggestions on the Following Issue. , Really Appreciate the suggestions.
I need to Install the sabayon-apply rpm which could fix the issue after the Server Crash but unable to install it.
Please see the Brief of the Issue.
I got stuck up in installing the rpm after the server(Red Hat Enterprise Linux Server release 6.0 (Santiago) x86_64 GNU/Linux) got
crashed Eventhough I am able to start it in Xwindows but not able to run or start EBS database along with many other programmes. Also The
VirtualBox machine installed on it 've No issue, they work fine But the host OS is not fine. as there are lots of
errors in .xsession-errors. which i 've pasted below. And Unable to Install the sabayon-apply rpm that could have fix the Issue.
I would highly Appreciate if anyone could drop few hints and suggestions on this Issue as this is really Urgently Important for me.
Please see the following Brief of the Issue.
after starting the server in Xwindows I was installing the rpms from RHEL6/Packages directory on the server even installed 10-12 rpms
While installing the rpm i 've inadvertantly issued or run this command
rpm -ivh *.rpm --force --nodeps as it ended up with Errors Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
After That I could Not Install any rpm with yum or rpm command as getting the Same Errors.
while trying to install individual rpm am getting the followig Errors
[root@ebs Packages]# rpm -ivh libX11*
error: libX11-1.3-2.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
error: libX11-1.3-2.el6.i686.rpm cannot be installed
[root@ebs Packages]# rpm --checksig gtk2*
gtk2-2.18.9-4.el6.i686.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-2.18.9-4.el6.x86_64.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-devel-2.18.9-4.el6.i686.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-devel-2.18.9-4.el6.x86_64.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-devel-docs-2.18.9-4.el6.x86_64.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-engines-2.18.4-5.el6.i686.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-engines-2.18.4-5.el6.x86_64.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
gtk2-immodule-xim-2.18.9-4.el6.x86_64.rpm: RSA SHA1 (MD5) PGP MD5 NOT OK
For that I tried to import the RPM GPG Key But still faced the same errors
[root@ebs yum.repos.d]# wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle Key fingerprint = 4214 4123 FECF
C55B 9086 313D 72F9 7B74 EC55 1F03
--2013-10-08 00:04:56-- http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
Resolving public-yum.oracle.com... 202.159.216.177, 202.159.216.171
Connecting to public-yum.oracle.com|202.159.216.177|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1011 [text/plain]
Saving to: “/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle”
FINISHED --2013-10-08 00:05:06--
Downloaded: 6 files, 55K in 2.0s (27.7 KB/s)
100%[===========================================================================================================================================================>]
1,011 --.-K/s in 0s
2013-10-08 00:04:56 (155 MB/s) - “/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle”
saved [1011/1011]
Than i run this command
[root@ebs yum.repos.d]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle ----it Returns with no output
[root@ebs yum.repos.d]#
[root@ebs log]# rpm -q gpg-pubkey-ec551f03-4c2d256a
gpg-pubkey-ec551f03-4c2d256a
But still I can't install the rpms, got the same Errors. please see the following
[root@ebs yum.repos.d]# yum install firefox*
Loaded plugins: refresh-packagekit, rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Downloading Packages:
(1/2): firefox-17.0.9-1.0.1.el6_4.x86_64.rpm
| 25 MB 03:42
(2/2): xulrunner-17.0.9-1.0.1.el6_4.x86_64.rpm
| 14 MB 02:03
Total
117 kB/s | 39 MB 05:46
error: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: BAD
Problem opening package xulrunner-17.0.9-1.0.1.el6_4.x86_64.rpm
[root@ebs log]# rpm -qf `which gpg`
error: rpmdbNextIterator: skipping h# 455 Header V3 RSA/SHA256
Signature, key ID fd431d51: BAD
[root@ebs log]# gpg --list-keys
/root/.gnupg/pubring.gpg
pub 1024D/11F63C51 2002-02-28
uid Jamie Cameron <[email protected]>
sub 1024g/1B24BE83 2002-02-28
pub 2048D/671DF296 2013-10-08
uid oracle
sub 2048g/9FE459CE 2013-10-08
pub 1024R/F3A5AC78 2013-10-08
uid oracle (no comment) <[email protected]>
sub 1024R/6DC65985 2013-10-08
pub 1024R/78F6C944 2013-10-08
uid root user (Example GPG Key Signature For RPM
Packages) <[email protected]>
sub 1024R/77C97AFF 2013-10-08
[root@ebs log]# rpm -qi 'gpg-pubkey-*'
Name : gpg-pubkey Relocations: (not relocatable)
Version : ec551f03 Vendor: (none)
Release : 4c2d256a Build Date: Wed 09 Oct
2013 01:09:10 AM IST
Install Date: Wed 09 Oct 2013 01:09:10 AM IST Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(Oracle OSS group (Open Source Software group)
<[email protected]>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.8.0 (NSS-3)
mQENBEwtJWoBCACpiY2rGA6T0ceBi92X88/QclytVBjtDRohOVzs3pmIPh3ULqsW
G323nmyKbKQBBSjh9OnuO9Y09VG8mzr/w9YV0Ix4cI9/HDTERZ2+TR5u+VNn5J5h
yvwQSN/FEK6oH2+mz7O0yUNleN7UltR4MOEkHIoAhIvv+1AQQKN3OM8oalz+3gv/
zz9rAoQczQzT7QWOtBrsRMZgBrKXY/TpJrpVSO3Hx8CnbhKGtLxCCrxZ5v7hh1ht
3CRAr2+h5bDA9KP6vBZWKEs7NgcvtZFDY6EJc7AoApr3phX9hHE2+snTxe82DkFT
uA69C8wLyjPCoSy+tcaCqJKOZelNy9RN/WKRABEBAAG0RE9yYWNsZSBPU1MgZ3Jv
dXAgKE9wZW4gU291cmNlIFNvZnR3YXJlIGdyb3VwKSA8YnVpbGRAb3NzLm9yYWNs
ZS5jb20+iQE8BBMBAgAmBQJMLSVqAhsDBQkWjmoABgsJCAcDAgQVAggDBBYCAwEC
HgECF4AACgkQcvl7dOxVHwMiNAf/cD8R74fCBeQsAYid5slIz7CG8xEOBUTDNEJT
p/owtzr7m7Ydp1txNBOkVeVkUP8czX5EldcmoxA4kCCyHhnxmpJnOt52Fy5ZRnYh
Ll5gYdpJpXGVScB7fnlh3rJAaesSTacVFC5MKIYPZBiTo9soSXMLNcG8WqHPasdd
AblC4t5BTDNYlX1RiPeP6m5egHnnxyAXsis8fqIZY0RC9hERxWQ6hdDAX0tJXY8F
88HDUozvo8jqTlg/5GZcfqcbUjjMUJQ5cBtH3adCthMycdPpPXWJQBuzMIdFJ03u
YuQ3XrKxBkOLips+OZuWNVZzrPOHsenb49aX4yQsLVc2E2fhKQ==
=M8XY
-----END PGP PUBLIC KEY BLOCK-----
I 've tried to remove the existing keys But Not able to remove them as well.
Is this the right way of removing the keys ?
rpm -e --allmatches 'gpg-pubkey-ec551f03-*' the ec551f03 is the
version of rpm -qi 'gpg-pubkey-*' query... Please correct
Could you tell what I am missing here that's causing the Issue.
Following are the Errors that is observed in .xsession-errors log file
===== BEGIN RING BUFFER (/usr/sbin/sabayon-apply) =====
MainThread 2013/10/08 18:34:23.3001 (sabayon-apply): No profile for
user 'root' found
MainThread 2013/10/08 18:34:23.3005 (sabayon-apply): Fatal exception!
Exiting abnormally.
MainThread 2013/10/08 18:34:23.3009 (sabayon-apply): Traceback (most
recent call last):
File "/usr/sbin/sabayon-apply", line 149, in <module>
sys.exit (util.EXIT_CODE_NO_USER_PROFILE)
SystemExit: 3
===== END RING BUFFER (/usr/sbin/sabayon-apply) =====
This configuration for the debug log can be re-created
by putting the following in ~//etc/sabayon/sabayon-debug-log.conf
(use ';' to separate domain names):
[debug log]
max lines = 1000
gnome-session[3707]: EggSMClient-WARNING: Desktop file
'/etc/xdg/autostart/esc.desktop' has malformed Icon key
'esc.png'(should not include extension)
GNOME_KEYRING_SOCKET=/tmp/keyring-x5SKbN/socket
SSH_AUTH_SOCK=/tmp/keyring-x5SKbN/socket.ssh
Failed to play sound: Not available
(polkit-gnome-authentication-agent-1:3917): GLib-GObject-WARNING **:
cannot register existing type `_PolkitError'
(polkit-gnome-authentication-agent-1:3917): GLib-CRITICAL **:
g_once_init_leave: assertion `initialization_value != 0' failed
W: main.c: This program is not intended to be run as root (unless
--system is specified).
** Message: applet now removed from the notification area
** (gnome-user-share:3948): WARNING **: gnome-user-share cannot be
started as root for security reasons.
08/10/2013 06:34:26 PM Autoprobing TCP port in (all) network interface
08/10/2013 06:34:26 PM Listening IPv{4,6}://*:5900
08/10/2013 06:34:26 PM Autoprobing selected port 5900
08/10/2013 06:34:26 PM Advertising authentication type: 'No Authentication' (1)
08/10/2013 06:34:26 PM Advertising security type: 'No Authentication' (1)
Initializing nautilus-gdu extension
Initializing nautilus-open-terminal extension
** Message: applet now embedded in the notification area
Connecting to deprecated signal
QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString)
kbuildsycoca4 running...
Connecting to deprecated signal
QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString)
Connecting to deprecated signal
QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString)
Window manager warning: Invalid WM_TRANSIENT_FOR window 0x4e00004
specified for 0x4e00019 (Restore Se).
Object::disconnect: Unexpected null parameter
QObject::connect: Cannot connect (null)::activePartChanged(
KParts::Part * ) to KHTMLPart::slotActiveFrameChanged( KParts::Part *
kio_http_cache_cleaner: Already running!
Object::disconnect: Unexpected null parameter
Window manager warning: Invalid WM_TRANSIENT_FOR window 0x5200004
specified for 0x5200019 (Restore Se).
Object::disconnect: Unexpected null parameter
QObject::connect: Cannot connect (null)::activePartChanged(
KParts::Part * ) to KHTMLPart::slotActiveFrameChanged( KParts::Part *
Object::disconnect: Unexpected null parameter
QObject::connect: Cannot connect (null)::activePartChanged(
KParts::Part * ) to KHTMLPart::slotActiveFrameChanged( KParts::Part *
Object::disconnect: Unexpected null parameter
Window manager warning: Invalid WM_TRANSIENT_FOR window 0x4e00004
specified for 0x4e08cb7 (timesofind).
libpng warning: Extra compressed data in IDAT
Window manager warning: Invalid WM_TRANSIENT_FOR window 0x4e00004
specified for 0x4e0a6e3 (Server Aut).
Highly appreciate the response.
Thanks And Regards
MZThe Packaged are already there on the server as the RHEL software DVD is copied on the server.
Yes it was working before the crash, And Even after the Crash i.e
after starting the server in Xwindows I was installing the rpms from RHEL6/Packages directory on the server even installed 10-12 rpms
and was in the process of installing the sabayon rpm i 've inadvertantly issued or run this command
rpm -ivh *.rpm --force --nodeps from RHEL software Packages directory.
and it ended up with Errors Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
After that I could Not install any rpm from rpm or yum command.
I 've Downloaded the new sabyon* and Other rpms from the net and tried to install them with rpm or yum command but
got the same Errors Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
with yum am getting this error
error: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: BAD.
I 've Tried searching on google as well for at least 10 hours but did not get any help from it so far.
The Reinstallation of OS is not AN Option for me rightnow.
Could you tell something which i could try & may be that works.
Thanks
MZ -
Error while deploying the Composite Application ERROR: (SOAPBC_START_1)
Hi,
I have a EJB web service created and deployed in GlassFish. I have created a BPEL which will recieve from the web service and then insert into a SQL table. To track the messages I have also created to File WSDLs to save the WS message and the DB message.
While deploying the Composite application I am recieving this error. "Component: sun-http-binding
ERROR: (SOAPBC_START_1) HTTPBC-E00205: Start failed. java.lang.Exception: LifecycleException: PWC3985: Protocol handler initialization failed: java.net.BindException: Already bound: 8080
Can anyone tell me what this is error is all about ??
Regards,
JaiThis is the Glassfish Server log
Nov 8, 2008 4:01:16 PM com.sun.enterprise.admin.servermgmt.launch.ASLauncher buildCommand
INFO:
C:/Program Files/Java/jdk1.6.0_06\bin\java
-Dcom.sun.aas.instanceRoot=C:/Program Files/glassfish-v2ur2/domains/domain1
-Dcom.sun.aas.ClassPathPrefix=
-Dcom.sun.aas.ClassPathSuffix=
-Dcom.sun.aas.ServerClassPath=
-Dcom.sun.aas.classloader.appserverChainJars.ee=
-Dcom.sun.aas.classloader.appserverChainJars=admin-cli.jar,admin-cli-ee.jar,j2ee-svc.jar
-Dcom.sun.aas.classloader.excludesList=admin-cli.jar,appserv-upgrade.jar,sun-appserv-ant.jar
-Dcom.sun.aas.classloader.optionalOverrideableChain.ee=
-Dcom.sun.aas.classloader.optionalOverrideableChain=webservices-rt.jar,webservices-tools.jar
-Dcom.sun.aas.classloader.serverClassPath.ee=/lib/hadbjdbc4.jar,C:/Program Files/glassfish-v2ur2/lib/SUNWjdmk/5.1/lib/jdmkrt.jar,/lib/dbstate.jar,/lib/hadbm.jar,/lib/hadbmgt.jar,C:/Program Files/glassfish-v2ur2/lib/SUNWmfwk/lib/mfwk_instrum_tk.jar
-Dcom.sun.aas.classloader.serverClassPath=C:/Program Files/glassfish-v2ur2/lib/install/applications/jmsra/imqjmsra.jar,C:/Program Files/glassfish-v2ur2/imq/lib/jaxm-api.jar,C:/Program Files/glassfish-v2ur2/imq/lib/fscontext.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqbroker.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqjmx.jar,C:/Program Files/glassfish-v2ur2/lib/ant/lib/ant.jar,C:/Program Files/glassfish-v2ur2/lib/SUNWjdmk/5.1/lib/jdmkrt.jar
-Dcom.sun.aas.classloader.sharedChainJars.ee=appserv-se.jar,appserv-ee.jar,jesmf-plugin.jar,/lib/dbstate.jar,/lib/hadbjdbc4.jar,jgroups-all.jar,C:/Program Files/glassfish-v2ur2/lib/SUNWmfwk/lib/mfwk_instrum_tk.jar
-Dcom.sun.aas.classloader.sharedChainJars=javaee.jar,C:/Program Files/Java/jdk1.6.0_06/lib/tools.jar,install/applications/jmsra/imqjmsra.jar,com-sun-commons-launcher.jar,com-sun-commons-logging.jar,C:/Program Files/glassfish-v2ur2/imq/lib/jaxm-api.jar,C:/Program Files/glassfish-v2ur2/imq/lib/fscontext.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqbroker.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqjmx.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqxm.jar,webservices-rt.jar,webservices-tools.jar,mail.jar,appserv-jstl.jar,jmxremote_optional.jar,C:/Program Files/glassfish-v2ur2/lib/SUNWjdmk/5.1/lib/jdmkrt.jar,activation.jar,appserv-rt.jar,appserv-admin.jar,appserv-cmp.jar,C:/Program Files/glassfish-v2ur2/updatecenter/lib/updatecenter.jar,C:/Program Files/glassfish-v2ur2/jbi/lib/jbi.jar,C:/Program Files/glassfish-v2ur2/imq/lib/imqjmx.jar,C:/Program Files/glassfish-v2ur2/lib/ant/lib/ant.jar,dbschema.jar
-Dcom.sun.aas.configName=server-config
-Dcom.sun.aas.configRoot=C:/Program Files/glassfish-v2ur2/config
-Dcom.sun.aas.defaultLogFile=C:/Program Files/glassfish-v2ur2/domains/domain1/logs/server.log
-Dcom.sun.aas.domainName=domain1
-Dcom.sun.aas.installRoot=C:/Program Files/glassfish-v2ur2
-Dcom.sun.aas.instanceName=server
-Dcom.sun.aas.processLauncher=SE
-Dcom.sun.aas.promptForIdentity=true
-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory
-Dcom.sun.enterprise.overrideablejavaxpackages=javax.help,javax.portlet
-Dcom.sun.enterprise.taglibs=appserv-jstl.jar,jsf-impl.jar
-Dcom.sun.enterprise.taglisteners=jsf-impl.jar
-Dcom.sun.updatecenter.home=C:/Program Files/glassfish-v2ur2/updatecenter
-Ddomain.name=domain1
-Dhttp.nonProxyHosts=localhost|127.0.0.1|jnambiar2
-Dhttp.proxyHost=web-proxy.atl.hp.com
-Dhttp.proxyPort=8088
-Dhttps.proxyHost=web-proxy.atl.hp.com
-Dhttps.proxyPort=8088
-Djava.endorsed.dirs=C:/Program Files/glassfish-v2ur2/lib/endorsed
-Djava.ext.dirs=C:/Program Files/Java/jdk1.6.0_06/lib/ext;C:/Program Files/Java/jdk1.6.0_06/jre/lib/ext;C:/Program Files/glassfish-v2ur2/domains/domain1/lib/ext;C:/Program Files/glassfish-v2ur2/javadb/lib
-Djava.library.path=C:\Program Files\glassfish-v2ur2\lib;C:\Program Files\glassfish-v2ur2\lib;C:\Program Files\glassfish-v2ur2\bin;C:\Program Files\glassfish-v2ur2\lib
-Djava.security.auth.login.config=C:/Program Files/glassfish-v2ur2/domains/domain1/config/login.conf
-Djava.security.policy=C:/Program Files/glassfish-v2ur2/domains/domain1/config/server.policy
-Djava.util.logging.manager=com.sun.enterprise.server.logging.ServerLogManager
-Djavax.management.builder.initial=com.sun.enterprise.admin.server.core.jmx.AppServerMBeanServerBuilder
-Djavax.net.ssl.keyStore=C:/Program Files/glassfish-v2ur2/domains/domain1/config/keystore.jks
-Djavax.net.ssl.trustStore=C:/Program Files/glassfish-v2ur2/domains/domain1/config/cacerts.jks
-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver
-Djmx.invoke.getters=true
-Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000
-client
-XX:+UnlockDiagnosticVMOptions
-XX:MaxPermSize=192m
-Xmx512m
-XX:NewRatio=2
-XX:+LogVMOutput
-XX:LogFile=C:/Program Files/glassfish-v2ur2/domains/domain1/logs/jvm.log
-cp
C:/Program Files/glassfish-v2ur2/lib/jhall.jar;C:\Program Files\glassfish-v2ur2\lib\appserv-launch.jar
com.sun.enterprise.server.PELaunch
start
Starting Sun Java System Application Server 9.1_02 (build b04-fcs) ...
MBeanServer started: com.sun.enterprise.interceptor.DynamicInterceptor
CORE5098: AS Socket Service Initialization has been completed.
CORE5076: Using [Java HotSpot(TM) Client VM, Version 1.6.0_06] from [Sun Microsystems Inc.]
SEC1002: Security Manager is OFF.
C:/Program Files/glassfish-v2ur2/domains/domain1/config/.__com_sun_appserv_pid
ADM0001:SunoneInterceptor is now enabled
SEC1143: Loading policy provider com.sun.enterprise.security.provider.PolicyWrapper.
WEB0114: SSO is disabled in virtual server [server]
WEB0114: SSO is disabled in virtual server [__asadmin]
ADM1079: Initialization of AMX MBeans started
ADM1504: Here is the JMXServiceURL for the Standard JMXConnectorServer: [service:jmx:rmi:///jndi/rmi://jnambiar2.asiapacific.hpqcorp.net:8686/jmxrmi]. This is where the remote administrative clients should connect using the standard JMX connectors
ADM1506: Status of Standard JMX Connector: Active = [true]
JBIFW0010: JBI framework ready to accept requests.
WEB0302: Starting Sun-Java-System/Application-Server.
WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 8080
WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 8181
WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 4848
SMGT0007: Self Management Rules service is enabled
Application server startup complete.
Registered Status Provider MBean for sun-jdbc-binding.
Registered Status Provider MBean for sun-sql-engine.
JBISE6013: JavaEEServiceEngine : Java EE Service Engine started successfully.
JBIFW1146: Engine sun-javaee-engine has been started.
Registered runtime configuration MBean for sun-jdbc-binding.
Registered runtime configuration MBean for sun-sql-engine.
HTTPBC-R00100: sun-http-binding starting
FILBC-LCY0006: Component sun-file-binding started (outbound).
FILBC-LCY0005: Component sun-file-binding started (inbound).
Started outbound.
SQLSE started.
JBIFW1146: Engine sun-sql-engine has been started.
Started outbound receiver.
Receiver started.
Receiver started.
FILBC-LCY0003: Component sun-file-binding started with the following configuration:
specification-version: 1.0
build-number: 080408_1
Threads: 10
JBIFW1146: Binding sun-file-binding has been started.
Started inbound receiver.
JDBC Binding component started.
JBIFW1146: Binding sun-jdbc-binding has been started.
PWC3982: Cannot register MBean for the Protocol
grizzlyHttpProtocol.selectorRegisterProtocol
WEB0712: Starting Sun-Java-System/Application-Server HTTP/1.1 on 9080
XSLTSE-5001:Initialized XSLT service engine successfully!
XSLTSE-5002:Started XSLT service engine successfully!
JBIFW1146: Engine sun-xslt-engine has been started.
HTTPBC-E00153: Failed to read the descriptor file for identity information; descriptor file is 'C:\Program Files\glassfish-v2ur2\domains\domain1\jbi\components\sun-http-binding\install_root/META-INF/jbi.xml'
java.net.MalformedURLException: unknown protocol: c
at java.net.URL.<init>(URL.java:574)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:650)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:180)
at com.sun.jbi.httpsoapbc.HttpSoapBindingLifeCycle.identity(HttpSoapBindingLifeCycle.java:1103)
at com.sun.jbi.httpsoapbc.HttpSoapBindingLifeCycle.logComponentInfo(HttpSoapBindingLifeCycle.java:1075)
at com.sun.jbi.httpsoapbc.HttpSoapBindingLifeCycle.start(HttpSoapBindingLifeCycle.java:476)
at com.sun.jbi.framework.ComponentFramework.startComponent(ComponentFramework.java:1846)
at com.sun.jbi.framework.ComponentFramework.startComponent(ComponentFramework.java:1792)
at com.sun.jbi.framework.ComponentOperation.process(ComponentOperation.java:233)
at com.sun.jbi.framework.Operation.run(Operation.java:104)
at java.lang.Thread.run(Thread.java:619)
HTTPBC-R00101: sun-http-binding started with the following configuration:
specification-version: unknown
build-number: unknown
OutboundThreads (max outbound threads): 10
HttpDefaultPort: 9080
HttpsDefaultPort: 9181
AMConfigDir:
ProxyType: DIRECT
ProxyHost:
ProxyPort: 0
NonProxyHosts: localhost|127.0.0.1
ProxyUserName:
UseJVMProxySettings: false
ApplicationVariables: { }
ApplicationConfigurations: { }
JBIFW1146: Binding sun-http-binding has been started.
EJBSCLookup:: sc.getEjbContainerAvailabilityEnabledFromConfig() ==> false
JTS5014: Recoverable JTS instance, serverId = [3700]
About to load the system app: MEjbApp
POARemoteRefFactory checking if SFSBVersionPolicy need to be added
EJBSCLookup:: sc.getEjbContainerAvailabilityEnabledFromConfig() ==> false
POARemoteRefFactory addSFSBVersionPolicy? false
POARemoteRefFactory checking if SFSBVersionPolicy need to be added
EJBSCLookup:: sc.getEjbContainerAvailabilityEnabledFromConfig() ==> false
POARemoteRefFactory addSFSBVersionPolicy? false
LDR5010: All ejb(s) of [MEjbApp] loaded successfully!
About to load the system app: __ejb_container_timer_app
EJB5109:EJB Timer Service started successfully for datasource [jdbc/__TimerPool]
LDR5010: All ejb(s) of [__ejb_container_timer_app] loaded successfully!
BPJBI-5001:BPEL service engine initialized
BPJBI-5002:Starting BPEL service engine
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
I18N:
BPJBI-5003: BPEL service engine started with following configurations:
Persistence Enabled : false
Monitor Enabled : false
Persistence Database NonXA JNDI ResourceName : jdbc/bpelseNonXA
Persistence Database XA JNDI Resource Name : jdbc/bpelseXA
Engine Expiry Interval (failover setting) : 60 seconds
Debug Enabled : false
Debug Port : 3,343
Thread Count 10
Engine Installed on Application Server Cluster : false
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
BPELSEInOutThread.Started_BPEL_service_engine_in-out_thread
JBIFW1146: Engine sun-bpel-engine has been started.
JBIMA0452: Successfully processed 0 Service Assemblies during startup.
JBIFW0012: JBI framework startup complete.
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.XWS_ClientProvider.property.signature.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "domain.applications.lifecycle-module.JBIFramework.property.com.sun.jbi.home"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.XWS_ServerProvider.property.encryption.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ClientProvider.property.security.config"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ClientProvider.property.encryption.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ServerProvider.property.security.config"
javax.management.InstanceNotFoundException: No object matches the specified name "server.applications.lifecycle-module.JBIFramework.property.com.sun.jbi.home"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ClientProvider.property.dynamic.username.password"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ServerProvider.property.signature.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.XWS_ClientProvider.property.dynamic.username.password"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.XWS_ClientProvider.property.encryption.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ClientProvider.property.signature.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.ServerProvider.property.encryption.key.alias"
javax.management.InstanceNotFoundException: No object matches the specified name "server.security-service.message-security-config.SOAP.provider-config.XWS_ServerProvider.property.signature.key.alias"
wsgen successful
DPL5306:EJB Web Service Endpoint [HPAdaptorWS] listening at address [http://jnambiar2.asiapacific.hpqcorp.net:8080/HPAdaptorWSDLService/HPAdaptorWS]
deployed with moduleid = HPAdaptorWSEJB
Container com.sun.enterprise.webservice.JAXWSContainer@1fae7b1 doesn't support class com.sun.xml.ws.api.server.Module
LDR5010: All ejb(s) of [HPAdaptorWSEJB] loaded successfully!
The log message is null.
javax.ejb.EJBException
at com.sun.ejb.containers.BaseContainer.processSystemException(BaseContainer.java:3869)
at com.sun.ejb.containers.BaseContainer.completeNewTx(BaseContainer.java:3769)
at com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:3571)
at com.sun.ejb.containers.WebServiceInvocationHandler.invoke(WebServiceInvocationHandler.java:200)
at $Proxy62.hpAdaptorWSDLOperation(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.webservice.InvokerImpl.invoke(InvokerImpl.java:81)
at com.sun.enterprise.webservice.EjbInvokerImpl.invoke(EjbInvokerImpl.java:82)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:146)
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:257)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:93)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:106)
at com.sun.enterprise.webservice.MonitoringPipe.process(MonitoringPipe.java:147)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:106)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:218)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:113)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:87)
at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:226)
at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:155)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:114)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:87)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.UnsupportedOperationException: Message Recieved Successfully
at hp.adaptor.gateway.HPAdaptorWS.hpAdaptorWSDLOperation(HPAdaptorWS.java:22)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1067)
at com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:176)
at com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2895)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:3986)
at com.sun.ejb.containers.WebServiceInvocationHandler.invoke(WebServiceInvocationHandler.java:189)
... 63 more
EJB5018: An exception was thrown during an ejb invocation on [HPAdaptorWS]
javax.ejb.EJBException
at com.sun.ejb.containers.BaseContainer.processSystemException(BaseContainer.java:3869)
at com.sun.ejb.containers.BaseContainer.completeNewTx(BaseContainer.java:3769)
at com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:3571)
at com.sun.ejb.containers.WebServiceInvocationHandler.invoke(WebServiceInvocationHandler.java:200)
at $Proxy62.hpAdaptorWSDLOperation(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.webservice.InvokerImpl.invoke(InvokerImpl.java:81)
at com.sun.enterprise.webservice.EjbInvokerImpl.invoke(EjbInvokerImpl.java:82)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:146)
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:257)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:93)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:106)
at com.sun.enterprise.webservice.MonitoringPipe.process(MonitoringPipe.java:147)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:106)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:218)
at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:113)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:87)
at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:226)
at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:155)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:114)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:87)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.UnsupportedOperationException: Message Recieved Successfully
at hp.adaptor.gateway.HPAdaptorWS.hpAdaptorWSDLOperation(HPAdaptorWS.java:22)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1067)
at com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:176)
at com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2895)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:3986)
at com.sun.ejb.containers.WebServiceInvocationHandler.invoke(WebServiceInvocationHandler.java:189)
... 63 more
Deploying service assembly HPAdapatorInboundCAwithFault to target server.
Cannot find CatalogManager.properties
Retrieving document at 'C:\Program Files\glassfish-v2ur2\domains\domain1\jbi\service-assemblies\HPAdapatorInboundCAwithFault\HPAdapatorInboundCAwithFault-sun-file-binding\sun-file-binding\HPAdaptorInboundBPEL\DBMessageFile.wsdl'.
Retrieving document at 'C:\Program Files\glassfish-v2ur2\domains\domain1\jbi\service-assemblies\HPAdapatorInboundCAwithFault\HPAdapatorInboundCAwithFault-sun-file-binding\sun-file-binding\HPAdaptorInboundBPEL\MsgInbound_DB.wsdl'.
Retrieving document at 'C:\Program Files\glassfish-v2ur2\domains\domain1\jbi\service-assemblies\HPAdapatorInboundCAwithFault\HPAdapatorInboundCAwithFault-sun-file-binding\sun-file-binding\HPAdaptorInboundBPEL\Partners\HPAdaptorWSDLService\HPAdaptorWS.wsdl'.
Retrieving document at 'C:\Program Files\glassfish-v2ur2\domains\domain1\jbi\service-assemblies\HPAdapatorInboundCA -
Using directory alias with a wanboot installation
I have setup a Jumpstart server and have been using it for a while without issues. Now I want to incorporate wanboot into the process so that I do not need boot servers in each of our subnets. Since the jumpstart directory structure is already in place and I have apache running on the same server, I did not want to have to recreate the whole jumpstart directory structure. So I decided to create an alias in the apache configuration for the jumpstart directory:
root@swamphenxb:/usr/local/apache2/conf> cat httpd.conf
<snip>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
Alias /jumpstart /export/jumpstart
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock logs/cgisock
</IfModule>
# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
*<Directory /export/jumpstart>*
AllowOverride None
Options All
Order allow,deny
Allow from all
*</Directory>*
The wanboot.conf file is located in /etc/netboot and looks with the following information:
root@swamphenxb:/usr/local/apache2/conf> cat /etc/netboot/wanboot.conf
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# ident "@(#)wanboot.conf.sample 1.2 04/01/30 SMI"
# wanboot.conf(4): boot configuration file.
# Please consult wanboot.conf(4) for further information. Note that
# this interface is "Evolving" as defined by attributes(5).
# Anything after a '#' is comment. Values may be quoted (e.g. "val").
# <empty> means there is no value, i.e. null. The absence of any
# parameter implies that it takes a default value (<empty> unless
# otherwise specified).
# <url> is of the form http://... or https://...
# The path of the bootstrap file (within htdocs) which is served up
# by wanboot-cgi(bootfile).
boot_file=/jumpstart/wanboot/wanboot.s10_sparc # <absolute pathname>
# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
# whether boot_file or the bootfs is to be sent encrypted/signed, or
# root_file is to be sent signed; the client must be setup with the
# corresponding encryption/signature key(s) (which cannot be auto-
# matically verified).
# If an encryption_type is specified then a signature_type must also
# be specified.
encryption_type= # 3des | aes | <empty>
signature_type= # sha1 | <empty>
# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
# server authentication should be requested during SSL connection
# setup.
server_authentication=no # yes | no
# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
# client authentication should be requested during SSL connection
# setup. If client_authentication is "yes", then server_authentication
# must also be "yes".
client_authentication=no # yes | no
# wanboot-cgi(bootfs) will construct a hosts file which resolves any
# hostnames specified in any of the URLs in the wanboot.conf file,
# plus those found in certificates, etc. The following parameter
# may be used to add additional mappings to the hosts file.
resolve_hosts= # <hostname>[,<hostname>*] | <empty>
# This is used to specify the URL of wanboot-cgi on the server on which
# the root_file exists, and used by wanboot to obtain the root server's
# URL; wanboot substitutes root_file for the pathname part of the URL.
# If the schema is http://... then the root_file will be signed if there
# is a non-empty signature_type. If server_authentication is "yes", the
# schema must be https://...; otherwise it must be http://...
root_server=http://170.12.14.240/cgi-bin/wanboot-cgi # <url> | <empty>
# This is used by wanboot-cgi(rootfs) to locate the path of the
# rootfs image (within htdocs) on the root_server.
root_file=/jumpstart/miniroot/miniroot # <absolute pathname> | <empty>
# This is used by wanboot to determine the URL of the bootserver
# (and whether bootlog traffic should be sent using http or https),
# or whether it should simply be sent to the console.
boot_logger= # <url> | <empty>
# This is used by the system startup scripts. If set, it should
# point to a file that contains name value pairs to be used at
# start up time. For example, this file may be used to provide
# install the values for sysidcfg and jumpscfg.
system_conf=system.conf
I have the client configured to boot from the web server and when I attempt to boot, I get the following message:
{2} ok boot net - install
Boot device: /pci@9,700000/pci@2/network@0 File and args: - install
/pci@9,700000/pci@2/network@0: 1000 Mbps full duplex link up
HTTP: Bad Response: 500 Internal Server Error (boot_file missing)
Boot load failed
I am able to see a listing of all the directories and files including the boot_file in my browser. The permissions for the /etc/netboot directory is:
root@swamphenxb:/etc/netboot> ls -al
total 26
drwx------ 3 daemon other 512 Nov 20 13:09 .
drwxr-xr-x 63 root sys 6144 Nov 2 11:43 ..
drwx------ 3 daemon other 512 Nov 20 13:10 170.12.144.0
-rw------- 1 daemon other 80 Nov 5 17:02 system.conf
-rw------- 1 daemon other 3331 Nov 2 14:07 wanboot.conf
It looks like maybe wanboot does not like the alias I am using, but I want to verify that before I move on to plan B. Thanks.
Chuck BriggsLong but this is a copy of my lab configuration files for WAN boot
*/etc/ethers*
0:3:ba:16:99:f5 wgls01
0:3:ba:14:b9:71 wgls02
0:3:ba:16:a5:bf wgls03
0:3:ba:5b:c7:5b wgls04
0:3:ba:16:9d:31 wgls05
0:3:ba:e8:65:9 wgls07
0:3:ba:e8:92:a9 wgls08
0:3:ba:16:6b:27 wgls09
0:3:ba:2b:35:c2 wgls10
0:3:ba:5c:b0:5 wgls11*/etc/bootparams*
wgls01 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls02 root=wgls06:/js/sparc/Solaris_9_2005-09/Solaris_9/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_9_2005-09 boottype=:in rootopts=:rsize=8192
wgls03 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls04 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls05 root=wgls06:/js/sparc/Solaris_9_2005-09/Solaris_9/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_9_2005-09 boottype=:in rootopts=:rsize=8192
wgls06 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls07 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls08 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192
wgls09 root=wgls06:/js/sparc/Solaris_8_2004-02/Solaris_8/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_8_2004-02 boottype=:in rootopts=:rsize=8192
wgls10 root=wgls06:/js/sparc/Solaris_10_2009-10/Solaris_10/Tools/Boot install=wgtsinf01:/js/sparc/Solaris_10_2009-10 boottype=:in rootopts=:rsize=8192*/etc/hosts*
# Fake prod subnet
#10.64.86.30 wgls01.nz.thenational.com wgls01
#10.64.86.31 wgls02.nz.thenational.com wgls02
10.64.86.32 wgls03.nz.thenational.com wgls03
10.64.86.33 wgls04.nz.thenational.com wgls04
10.64.86.34 wgls05.nz.thenational.com wgls05
10.64.86.35 wgls06.nz.thenational.com wgls06
10.64.86.36 wgls07.nz.thenational.com wgls07
#10.64.86.37 wgls08.nz.thenational.com wgls08
#10.64.86.42 wgls09.nz.thenational.com wgls09
10.64.86.43 wgls10.nz.thenational.com wgls10Under wgls06:/js/sparc I have many small (~85MB) directories just to load the boot code
# find /js/sparc/Solaris_10_2008-10
/js/sparc/Solaris_10_2008-10
/js/sparc/Solaris_10_2008-10/Solaris_10
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/solarisn
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/liveupgrade20
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/solarisn.class
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/JRE
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/liveupgrade20.class
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/com
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/com/sun
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/com/sun/launcher
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/com/sun/liveupgrade
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Installers/.install/install_common
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/rm_install_client
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/add_install_client
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/pkg_db.cpio.bz2
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/X_small.cpio.bz2
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4us
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4us/inetboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4us/wanboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4us/boot_archive
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4u
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4u/boot_archive
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4u/inetboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4u/wanboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4v
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4v/wanboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4v/inetboot
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/platform/sun4v/boot_archive
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/netmask
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/X.cpio.bz2
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/lu.platforms
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/Boot/lu.cpio.bz2
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/.wanboot_unneeded_packages
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/setup_install_server
/js/sparc/Solaris_10_2008-10/Solaris_10/Tools/dialAll OS files are located at wgtsinf01:/js/sparc
Firewalls should allow the traffic (TFTP) -
http://support.apple.com/kb/TS4498
this is a looooong list...and the full list of changes and fixes .......
Logic Pro X 10.0.7 update
New Features and Enhancements
It is now possible to insert the current values of volume, pan, and all active sends of selected tracks as automation points at the playhead position. The new functions are accessible as a menu option or key command.
It is now possible to paste track automation data at the Playhead or Marquee selection location.
A new MIDI Project Setting allows MIDI CC 7 (volume) and MIDI CC 10 (pan) messages to control the instrument plug-in instead of the channel strip.
The output of Auxiliary channel strips assigned to Tracks will now generate audio files when using any of the following Export menu options: "Region as Audio File," "Track as Audio File," or "All Tracks as Audio Files."
Logic now supports up to 24 processing threads on computers with 12 cores.
All menu items related to Snap, Alignment Guides, and "Snap to Grid" settings have been consolidated into the Snap menu in the Main window.
It is now possible to activate/deactivate multiple plug-ins on a channel strip by vertically click-dragging the mouse over their power buttons.
An auto-saved version of a project now contains the Undo History of the project from which it was derived.
It is now possible to install the Logic content to an alternate system drive even if the Logic application is not installed there.
Activating Auto Punch with a key command or Marquee selection now automatically adds the Autopunch button to the Control Bar.
It is now possible to use modifiers with the Velocity Slider in the Piano Roll and Score Inspectors to change its behavior in the same way as the Velocity tool. Holding Option allows velocities for notes to continue to be changed even when other notes have reached there minimum or maximum MIDI velocity value. Option-Shift sets all notes to the same velocity value.
The Scissors tool now works on arrangement markers.
It is now possible to drag a Summing Stack into a Folder Stack.
It is now possible to use the Beat Map feature with a track that has Flex enabled.
Flex Transient Analysis can now be aborted by pressing Command-period.
When a Transient Marker is inserted near the position of a previously deleted transient in the Audio File window, the marker will now only snap to the position of the deleted marker if the Option key is pressed while inserting it.
It is now possible to create more than 32 Folder Track Stacks in a project.
It is now possible to adjust sliders in the Mixer when controlling Logic via screen sharing, Apple Remote Desktop, or other VNC clients.
It is now possible to access the Recent Projects menu while the Open Project dialog is active.
It is now possible to remove the Master Output track from the Tracks area.
The master track of a Track Stack can now be designated as Groove Master.
Audio waveforms are now visible under automation on the master track of a Track Stack.
The Track Import window now shows plug-in preset names.
When Logic imports Final Cut Pro X XML, it now organizes audio tracks according to their assigned roles in Final Cut Pro.
Audio is now exported as 24-bit in projects exported to Final Cut Pro X XML.
When importing XML files that contain multiple projects from Final Cut Pro X 10.1 or later, Logic Pro X now offers a dialog to pick a specific project to import.
The 1/2 Note head symbol is now available in the the Score Part Box.
The Catch Playhead button is now available in the Score when the Advanced Tools preference is disabled.
It is now possible to load ".caf" format files into Space Designer with the Load IR file selector.
There is now a new key command to trim the start of a region to the end of the previous region in the track.
There is now a dedicated Piano Roll section in the Key Commands window. This includes commands for "View Mode: One Track," "View Mode: Selected Regions," and Toggle View Mode.
There is now a key command for “Detect Tempo of Selected Region.”
There is now a key command for “Adjust Tempo using Beat Mapping Track.”
The timeline in Logic Remote now changes color to indicate Logic is in Sync mode.
It is now possible to use the Option key to insert a mono plug-in between two existing plug-ins on a stereo channel strip or vice-versa.
The Velocity Processor MIDI plug-in now displays note-on as orange dots and note-off events as blue dots in the compression curve window.
Command-click on a vector point can now be used to modify the times of all subsequent points in the ES2 Vector Envelope.
The Distortion II plug-in now offers a Distortion Output Level and Mix control.
Stability
Logic no longer sometimes quits unexpectedly when:
Using the Option key to toggle all the disclosure triangles in the Project Audio window.
Dragging audio from the Project Audio window to the Tracks area.
Defining custom bank messages for a Multi Instrument in the Environment.
You insert a blank recordable DVD while Logic is running.
Changing the audio buffer size while the Audio Editor is open in Flex Pitch mode.
Selecting a font in the Number & Names panel of the Score preferences.
Deleting a group in the Project Audio window.
Undoing a flex edit.
Using the Glue tool on flex pitched notes after having switched from the Audio File Editor to the Audio Track Editor.
Performing undo and then redo in quick succession on an EQ in the Smart Controls.
Performing Undo after deleting a comp or take.
Closing a song while importing a MIDI file.
Enabling phase-locked editing on a group.
Using the Pencil tool in the Audio File editor.
Importing a long MP4 (AAC) file.
Changing a channel strip input from stereo to mono.
Disabling Core Audio.
Playing a Drummer track while downloading and installing new content.
Performing undo after certain operations.
Pasting channel strip settings in the Mixer.
Dragging a MIDI region over the Score editor.
Hot-plugging an Apogee Duet to a computer running OS X Mavericks.
Importing a patch that includes a Track Stack.
Adding AAC files containing Audio Transport Stream Data (file type “.adts”).
Performance
The Channel EQ no longer causes unexpected CPU spikes in live track mode on MacBook Pro with Retina Display.
Logic no longer becomes less responsive after making several adjustments to the size and/or position of a floating Transport window.
There is no longer a delay opening the list when clicking in a Send or Output slot on a channel strip.
Logic no longer becomes less responsive when working for long periods with Flex Pitch.
The Drummer track now reliably maintains proper timing if it is selected with Low Latency mode enabled.
Control points in the Transposition track now move more fluidly when edited.
Scrolling a channel strip fader in the Inspector with a mouse wheel now adjusts its value at the correct resolution.
Comping takes is now more responsive when Flex Time is enabled.
Playing a Touch Instrument in Logic Remote no longer sometimes leads to hung notes in Logic Pro X.
Improves responsiveness when dragging tempo events in the Global tempo track.
Songs with a very large number of regions now play back as expected.
Logic’s performance has improved when previewing notes in the Score, Piano Roll, and Event List for regions on a track other than the one selected.
Multi output Software Instruments with complex routings no longer sometimes cause Logic to become briefly unresponsive when starting playback.
Logic now reliably creates thumbnails to the end of the video track with long movie files.
Selecting Channel Strips in very large projects is now faster.
Improves compatibility with ProRes movie files on OS X Mountain Lion v10.8.5.
When scrolling over an open Take folder at high zoom levels on OS X Mountain Lion v10.8.5, there are no longer unexpected spikes in CPU usage.
Automation
Clicking on an event in the Score no longer sometimes selects the wrong events.
It is now possible to paste automation at the playhead or marquee selection area rather than only at its original position.
All MIDI Draw data created by moving track based automation to a Region now appears on the Region and in Piano Roll as expected.
Volume automation moved from a track to a region is now displayed in the Tracks area MIDI Draw view as expected.
It is now possible to use MIDI Draw for an event type that does not yet exist in the region.
When track based automation is moved to a region, the region now immediately switches on MIDI Draw to show the automation in the Track area.
When region automation is moved to a track, the automation now starts at the beginning of the track.
MIDI Draw now reliably creates Surround Diversity and Surround Angle fader events in regions.
It is now possible to make a Marquee selection over region loops when automation is visible.
MIDI Draw data is no longer shown on additional automation lanes when the main automation lane is set to “Off.”
MIDI Draw no longer incorrectly displays a ramp between isolated Pitch Bend events.
When switching between MIDI takes, the MIDI Draw area now properly updates to show the currently selected take.
Option-clicking a MIDI Draw point again selects all following MIDI Draw points for the region.
MIDI Draw points inserted with the Pencil are now reliably placed at the clicked position.
Audio no longer glitches when editing automation while playing back.
Score
It is now possible to deselect a voice in the Staff Style window by Command-clicking it.
The floating Part Box window in the Score no longer shows overlapping elements when first opened.
Clefs in the Staff Style window now scale properly when viewed on a Retina display.
Rests in Mapped Drum styles are now correctly positioned with their associated drum groups on the staff.
When printing a score part with Advanced Tools disabled, Logic no longer prints the track name twice.
Changing the split point of one voice in a multi-stave Staff Style now properly affects the other voices assigned to the same channel.
Page view of scores in songs created in Logic 9 now retain their proper paper size when opened in Logic Pro X.
Scores printed as PDF files now render properly when viewed in Adobe Reader.
The cursor now reliably shows the correct tools when editing the score in linear display mode.
It is no longer possible to give a new Score Part Box a name that is already in use by another Part Box.
The font names for Jazz Cord and Swing Cord fonts now display correctly in the Root Font and Chord Extension Font display in the Chords & Grids panel of the Score settings.
The staff display in the Staff Style editor now shows the proper key signature for transposed styles.
It is now possible to change settings for multiple selected staves in the Staff Style edit window at the same time.
Pasting a compound time signature in the Signature track no longer corrupts the time signature display in the Score.
Filter buttons on floating part boxes in the Score now remain visible when the part box is resized.
Tap to click on a trackpad now works with the Pencil tool in the Score.
It is again possible to insert a bar line at the end of a region in the Score.
The pencil tool again works in the Score when assigned to the right mouse button.
In the Score, selected notes in loops now show the selection color.
The Part box is no longer empty when first opened in a stand-alone Score window after recording.
The print border no longer sometimes changes unexpectedly when printing to PDF from the Score.
When Select All is used within a Score Set, the selection is now properly limited to regions within the Score Set.
Tooltips no longer sometimes obscure the guidelines when inserting elements into the Score.
The bar positions of SMPTE locked notes now update properly in the Score after the tempo is changed.
Pressing the Control key now allows for finer granularity when editing Duration Bars in the Score.
Undo now works after pasting Staff Styles.
Undo now works after changing the Low or High note value in a Staff Style.
In page view, the Score now correctly updates to reflect a different paper size selected in the Page Setup window.
Track names are now reliably shown in Page View when the track contains overlapping regions.
Drag handles now remain visible at all zoom settings when dragging parts into the Score in linear view mode.
Adding special bar lines next to added clef or signature changes in linear view mode no longer causes the bar lines and clef or signatures to overlap.
The mouse cursor now reliably shows the currently active tool in the Score.
The Score now displays as expected after scrolling vertically at high zoom settings.
Copy/paste of notes across multiple staves in the Score now works properly.
Custom colors defined in the Score Layout window are now recalled properly when Logic is relaunched.
The text cursor is now easier to see in various fields in the Score window.
The Display Level button in the Score now follows the entire Score hierarchy when an Instrument Set is in use.
The cursor now displays the Length Change tool when held over the end of a Duration Bar in the Score.
It is again possible to assign no clef or a drum clef to non-mapped score styles.
Plug-Ins
Importing plug-ins to a track no longer unexpectedly changes the input source on the track.
The pitch of notes held when using Sculpture or ES2 are no longer sometimes shifted when using non-Equal Tempered tunings.
Moving the Delay slider in the Note Repeater MIDI plug-in while notes are repeating no longer results in hung notes.
The cycle length in the Arpeggiator plug-in now reliably updates when set to Grid mode.
Recall Default now works with the Delay Designer plug-in.
Recall Default now works properly with Audio Unit plug-ins.
It is now possible to activate bypass on plug-ins that are not currently available.
When the I/O configuration of a plug-in is changed, its editor no longer opens.
The timing of multi-output software instruments is now maintained when latency inducing plug-ins like the Ad-Limiter are used on the main output.
Audio files created by the "Export All Tracks as Audio Files" command now maintain proper sync in projects where high latency plug-ins are used in Summing Stacks.
The Expander plug-in no longer sometimes introduces audio crackles with certain source signals.
With Beat Sync disabled, the Course Rate control in the Auto Filter plug-in again behaves as expected.
Audio now plays reliably from tracks in which there are two Tube Burner pedals inserted in the Pedalboard plug-in.
VoiceOver now works reliably to activate Smart Controls for the Vintage Clav and Vintage B3 Organ plug-ins.
Improves the behavior of Smart Controls when used with Voiceover.
The stand-alone Smart Controls window now properly remembers its last state when reopened.
When editing vector points in ES2 in loop mode, all envelope values are now properly shown as percentages when the envelope is time-synced.
Shift-clicking can again be used to insert a vector point in the ES2 Vector Envelope.
In the ES2 Vector Envelope, the Delete Selected Point contextual menu item again works as expected.
EXS instruments created in EXS24 MK I no longer exhibit unexpected random velocities when played.
Logic no longer changes a user-assigned track color when swapping Software Instruments.
Space Designer’s Filter and Density controls now remain active when the plug-in window is opened more than one time in a session.
Projects with multiple Ultrabeat instances now play back with reliable timing when the Process Buffer Range is set to Small in the Audio > Devices preferences.
A plug-in inserted on the 16th slot of an audio channel strip or the 15th slot of a Software Instrument channel strip now remains visible.
The percussion controls in the Vintage B3 now respond as expected to knob movements from the Native Instruments B4d remote control.
The mapping of value to position for the Organ sliders in the Smart Controls window is now consistent with the sliders in the Vintage B3 Organ.
In the Mixer, it is now possible to drag a plug-in from one channel strip to another when there is an External MIDI channel strip between the source and target.
One shot samples triggered in EXS24 no longer play back with clicks when Rewire Live Mode for Rewire is disabled.
All plug-in windows now reliably open after changing the order of plug-ins in a channel strip.
The Scripter plug-in now reliably triggers notes when playing back outside of an active cycle zone.
The meters in stereo instances of the Adaptive Limiter plug-in now show independent levels for the left and right channels.
Tuned taps in the Delay Designer plug-in now reliably play in sync.
Flex
Flexed regions no longer sometimes show waveforms in the wrong positions.
Flex Markers no longer unexpectedly change positions when moving them in songs that contain tempo curves.
Logic no longer sometimes incorrectly shows that an audio region is flexed in songs that contain tempo changes.
If Flex is enabled, Logic now properly includes manually added transients when an audio region is converted to a sampler track.
Flex Pitch controls are now available in the Tracks area and Audio Editor immediately after Flex Pitch is enabled for a track and analysis is complete.
Setting a Flex Mode now applies to all selected tracks.
It is again possible to cancel flex analysis before it completes.
The Transposition Track now works with flex-pitched regions.
Flex mode now gets enabled for all tracks in a group even if Group Clutch enabled.
The Audio Track editor now reliably shows all notes when scrolling with Flex Pitch enabled.
Logic no longer sometimes hangs when adjusting notes in Flex Pitch.
The Flex Pitch grid is now displayed for all takes in the Track Editor even when a Software Instrument track is directly above the selected Audio track.
Logic now offers the option “Do not show again” in the alert dialog that reads "This region contains inactive flex markers, which will be deleted if you perform the edit."
If a Flex mode has already been set, clicking the Flex drop-down menu will correctly highlight the currently selected Flex mode.
When dragging a region from one track to another, the region "Flex and Follow Tempo & Pitch" checkbox settings are now maintained as expected.
Transient detection is improved with quieter source material.
When Flex is bypassed on a Take folder, the Follow Tempo checkbox is also now disabled.
General
Resolves several issues with Snap introduced in Logic Pro X v10.0.6.
"Snap to Relative Value" now reliably works at all zoom levels with Smart Snap enabled.
Adjustments to the left border of a region now use relative snap when that option is enabled.
When Alignment guides is enabled, Snap to Absolute value now works with Cycle.
Alignment Guides now work as expected when Snap is set to Off.
The track icon picker now activates with the first right-click or Control-click.
Toggling the Tracks Inspector no longer sometimes activates Alignment Guides.
Logic no longer incorrectly shows an alert that the content must be installed the first time it is launched on computers purchased with Logic pre-installed.
The Capture as Recording key command no longer creates odd length regions when used in songs with time signatures other than 4/4.
The Hide Step Input Keyboard key command again works as expected.
The Nudge Region to Nearest Beat option in the Adjust Tempo using Beat Detection dialog now works as expected.
The Snip at Playhead Position key command no longer sometimes causes notes in the new righthand region to shift to the beginning of the region.
Logic Pro X no longer displays the error “Could not open source file” when opening certain MP3 files.
Logic now properly includes time signature, key signature, and tempo events when moving Arrangement markers.
Undoing the repositioning of an Arrangement Marker now correctly moves affected automation back to its original position.
Command-dragging one arrangement marker over another now replaces the previous marker as expected.
Colors assigned to arrangement markers now take effect as soon as the color is clicked in the Color Box.
It is now possible to use the Marquee stripe to delete a section within the area encompassed by an Arrangement Marker.
Using the "Split at Playhead" command on the last arrangement Marker in a song now properly sizes the arrangement marker to the right of the Playhead.
When an arrangement marker is split, the new marker to the right now maintains the same color and name as the original.
Arrangement markers can no longer be inadvertently moved by mouse clicks in an empty area of the Arrangement track.
Copying Arrangement markers no longer creates extra tempo events.
The Beat Mapping track now continues to display properly when it is resized after other Global tracks have been resized.
The Beat Mapping Track no longer disappears if Global Tracks are shown while it is already visible.
Deleting a connection in the Beat Mapping track now correctly also deletes its associated tempo event.
Tempo events created in the Global Tempo track now reliably display in the Tempo list.
Setting one track of a phase-locked edit group as Groove Master or Groove Follower now reliably shows all members of the group as being enabled.
Time signature changes are now reliably displayed in the timeline.
Logic no longer re-downloads basic content that has already been downloaded by MainStage.
Arrange Folders now reliably display as expected in the Mixer.
Double-clicking on the icon for a folder channel strip in the Mixer now opens the folder.
Commas may now be used as decimal separators when typing values into controls on the Mixer.
It is now possible to drag regions vertically without an unexpected horizontal shift when "Snap to Grid" is enabled in the Tracks area.
Recording a new take over multiple existing regions again works as expected.
It is now possible to create an empty MIDI region on a track hosting an Auxiliary channel strip.
Shift-click to delete a take selection again works reliably.
Region Gain now works as expected when applied to comp segments in a Take folder.
When a take selection is disabled and then re-enabled, the change is now properly reflected in all tracks that are part of the same group.
Logic no longer unexpectedly re-extends a shortened Take folder when the folder is dragged vertically to a different track.
When recording in Cycle mode, Logic no longer creates an automatic comp when a take encompasses only part of the Cycle range.
When regions are packed into a Take folder, regions from the same track are now placed on the same sub-track in the Take folder.
Fixes an issue in which it was sometimes no longer possible to change the length of a Take folder after performing several other Take folder length edits.
Take regions no longer unexpectedly shift horizontally when dragged vertically from one sub-track to another when the "Limit Dragging to One Direction In: Tracks" preference is enabled.
Copied Take folders are no longer missing their contents in certain rare situations.
Regions on audio tracks inside a folder now are reliably placed on their proper tracks when the folder is unpacked.
The key command “Select Previous Section for Realtime Comping” now works correctly when used while recording multiple takes in Cycle mode.
When Bounce-in Place is used with a channel strip that contains a plug-in that performs a mono to stereo conversion, Logic now creates a mono file if the option to bypass plug-ins is selected.
Regions created with "Bounce in Place" are no longer sometimes given random names.
Addresses and rare issue that could cause some MIDI notes to play back at the wrong pitch.
In Link mode, the Piano Roll now reliably shows the contents of the selected region.
The Event Float window no longer loses focus after a selected note has been edited in the Piano Roll.
The "Split Events by Playhead" command now works reliably with multiple notes in the Piano Roll.
Editing notes in the Piano Roll with multiple regions selected no longer sometimes results in notes being inadvertently moved from one region to another.
Closing the local inspector in the Piano Roll editor no longer leaves a blank area on the right side of the editor.
Opening MIDI Draw in the Piano Roll no longer offsets the keyboard into the editing area.
When adding notes in the Piano Roll with the Pencil, newly created notes again have the same Velocity as the last edited note.
It is now possible to lasso notes in the Piano Roll editor using a Wacom tablet when Logic’s Right Mouse Button -
Cisco anyconnect 3.1 - Certificate Validation Failure.
When i try to start a SSL VPN connection to the ASA(8.4) with anyconnect 3.1, Cisco anyconnect receives a message saying "No Valid Certificates Available for Authentication".
Prior to the test;
On the ASA, i have obtain CA certificate and its identity certificate. (Both certificates obtain from windows 2008 CA).
* ASA identity certificate's have EKU attribute = Server Authentication, Key Usage = Digital Signature, Key Encipherment.
On the PC in which anyconnect installed, i have obtain User Certificate (this User certificate also obtain from the same windows 2008 CA)
* Prior to obtaining User certificate from the windows2008 CA, ASA acts as a SCEP proxy onbehalf of the client PC.
* User Certificate's has EKU attribute = Client Authentication.
As in the ASDM Logs, it almost work.
In days of troubleshooting, i still could not find the cause of this problem. Error message as appeared on anyconnect;
Is there anyone could help.???
Keshara from Sri Lanka.Just run into this as well. We have CRL checking turned on. Turned out to be the CRL server was down. But that was the same message I got when the client wouldn't connect.
-
Cannot submit web filing form using acroread version 9.4.2 02/11/2011
Hello there.
I am running Fedora14 fully updated.
If I complete the interactive pdf form supplied by Companies House in the United Kingdom I get the following error message.
SSL Error!!!. Please install the CA certificate(s) for SSL communication.
If certificate resides on local disk, try "acroread -installCertificate [-PEM|
-DER] [pathname]" on tyhe command line.
If certificate resides on the server, try "acroread -installCertificate ewf.companieshouse.gov.uk 443" on command line.
So checked I the firewall settings.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp
ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW udp dpts:6881:6889
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:6881:6889
ACCEPT udp -- anywhere anywhere state NEW udp dpt:56849
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:56849
ACCEPT udp -- anywhere anywhere state NEW udp dpt:snmp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-is-bridged
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Which looks ok to me.
[user@k8 tv]$ acroread -installCertificate ewf.companieshouse.gov.uk 443
Fetching certificate from website....
depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
verify return:1
depth=1 C = IE, ST = Dublin, L = Dublin, O = Digi-Sign Limited, OU = Terms and Conditions of use: http://www.digi-sign.com/repository, CN = Digi-Sign CA Digi-SSL Xp
verify return:1
depth=0 C = GB, ST = Wales, L = Cardiff, O = Companies House, OU = Web Filing, OU = Provided by Digi-Sign Limited, OU = Digi-SSL Xp, CN = ewf.companieshouse.gov.uk
verify return:1
DONE
Processing ....
The website presented the following Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:a4:23:f4:cc:ef:4e:e9:d5:89:76:b4:ee:2f:4c:4b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IE, ST=Dublin, L=Dublin, O=Digi-Sign Limited, OU=Terms and Conditions of use: http://www.digi-sign.com/reposi
tory, CN=Digi-Sign CA Digi-SSL Xp
Validity
Not Before: Jul 26 00:00:00 2009 GMT
Not After : Jul 26 23:59:59 2011 GMT
Subject: C=GB, ST=Wales, L=Cardiff, O=Companies House, OU=Web Filing, OU=Provided by Digi-Sign Limited, OU=Digi-SSL Xp,
CN=ewf.companieshouse.gov.uk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:e8:68:c9:f7:4f:c5:98:18:5f:d6:34:d0:2a:3d:
53:f8:40:6f:4b:0a:ad:7b:d1:5c:99:85:8a:dd:19:
70:9d:9a:03:95:20:1d:a1:c3:9d:a9:cf:4f:10:97:
dc:5e:1e:c8:c0:d7:50:09:7c:e3:a5:df:48:3d:4e:
09:06:49:1b:ad:dc:b9:f4:42:35:ea:fd:14:e6:c9:
7d:2a:ef:1e:80:3f:26:cd:8e:2f:56:be:13:3c:3e:
f0:62:47:e2:ca:53:f8:8d:57:e7:5d:17:81:b6:1a:
f1:fd:1b:4a:e6:43:83:05:8a:02:92:a4:2d:57:07:
b8:f8:7c:8c:93:a1:09:ad:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:33:5A:0B:4E:35:DA:B8:8E:87:05:64:5F:D8:EC:7D:25:98:DA:BA:3F
X509v3 Subject Key Identifier:
24:CB:12:A4:AA:53:7E:96:83:80:ED:48:FB:D1:6D:CD:B8:3C:1B:BA
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.9
CPS: http://www.digi-sign.com/repository
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.digi-sign.com/DigiSignCADigiSSLXp.crl
Full Name:
URI:http://crl2.digi-sign.com/DigiSignCADigiSSLXp.crl
X509v3 Subject Alternative Name:
DNS:ewf.companieshouse.gov.uk, DNS:www.ewf.companieshouse.gov.uk
Signature Algorithm: sha1WithRSAEncryption
65:4d:83:e7:fa:42:f4:b2:fa:c9:bb:bb:68:56:63:39:f1:14:
98:a8:cb:35:42:32:40:a8:4e:54:95:cd:c9:6c:31:f3:f8:74:
00:df:80:4f:b5:61:65:06:7e:fc:a5:30:36:da:55:10:58:21:
c6:82:ba:f0:11:42:37:5a:6e:82:16:29:be:09:d3:a6:b9:11:
fb:f3:24:1a:ea:bb:73:ea:79:59:67:d7:bb:c8:48:51:bd:70:
01:6e:f2:11:bd:b7:86:13:9a:e9:22:9e:3b:c1:a6:a0:78:fc:
eb:e0:a7:2b:48:2c:26:b3:f9:f4:5b:bd:54:2f:56:83:1f:0a:
ee:2f:50:40:7f:c7:1a:e9:07:da:cd:23:18:14:c8:46:f5:f4:
c3:26:fa:af:12:8e:d8:ac:7a:b7:03:5c:8e:6e:23:9c:1b:ce:
53:03:1a:8e:74:98:47:c9:c5:3a:fa:7f:d3:f6:ca:dd:a4:0b:
50:02:40:64:cf:77:1d:72:3e:9b:4f:f9:c5:df:50:2e:90:a3:
3d:76:62:d8:ef:99:6e:be:1a:b4:89:5e:93:89:fd:0e:f5:47:
0b:2a:a6:08:c5:e5:6f:15:e9:82:42:ba:6a:0b:31:76:dc:d8:
77:70:3f:0a:87:2b:b3:21:0d:4e:09:62:9f:53:14:11:b3:ec:
0f:fb:4a:02
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIQB6Qj9MzvTunViXa07i9MSzANBgkqhkiG9w0BAQUFADCB
uTELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjEPMA0GA1UEBxMGRHVibGlu
MRowGAYDVQQKExFEaWdpLVNpZ24gTGltaXRlZDFJMEcGA1UECxNAVGVybXMgYW5k
IENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmRpZ2ktc2lnbi5jb20vcmVw
b3NpdG9yeTEhMB8GA1UEAxMYRGlnaS1TaWduIENBIERpZ2ktU1NMIFhwMB4XDTA5
MDcyNjAwMDAwMFoXDTExMDcyNjIzNTk1OVowgcAxCzAJBgNVBAYTAkdCMQ4wDAYD
VQQIEwVXYWxlczEQMA4GA1UEBxMHQ2FyZGlmZjEYMBYGA1UEChMPQ29tcGFuaWVz
IEhvdXNlMRMwEQYDVQQLEwpXZWIgRmlsaW5nMSYwJAYDVQQLEx1Qcm92aWRlZCBi
eSBEaWdpLVNpZ24gTGltaXRlZDEUMBIGA1UECxMLRGlnaS1TU0wgWHAxIjAgBgNV
BAMTGWV3Zi5jb21wYW5pZXNob3VzZS5nb3YudWswgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAOhoyfdPxZgYX9Y00Co9U/hAb0sKrXvRXJmFit0ZcJ2aA5UgHaHD
nanPTxCX3F4eyMDXUAl846XfSD1OCQZJG63cufRCNer9FObJfSrvHoA/Js2OL1a+
Ezw+8GJH4spT+I1X510XgbYa8f0bSuZDgwWKApKkLVcHuPh8jJOhCa1vAgMBAAGj
ggGPMIIBizAfBgNVHSMEGDAWgBQzWgtONdq4jocFZF/Y7H0lmNq6PzAdBgNVHQ4E
FgQUJMsSpKpTfpaDgO1I+9Ftzbg8G7owDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIw
QAYLKwYBBAGyMQECAgkwMTAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5kaWdpLXNp
Z24uY29tL3JlcG9zaXRvcnkwegYDVR0fBHMwcTA2oDSgMoYwaHR0cDovL2NybC5k
aWdpLXNpZ24uY29tL0RpZ2lTaWduQ0FEaWdpU1NMWHAuY3JsMDegNaAzhjFodHRw
Oi8vY3JsMi5kaWdpLXNpZ24uY29tL0RpZ2lTaWduQ0FEaWdpU1NMWHAuY3JsMEMG
A1UdEQQ8MDqCGWV3Zi5jb21wYW5pZXNob3VzZS5nb3YudWuCHXd3dy5ld2YuY29t
cGFuaWVzaG91c2UuZ292LnVrMA0GCSqGSIb3DQEBBQUAA4IBAQBlTYPn+kL0svrJ
u7toVmM58RSYqMs1QjJAqE5Ulc3JbDHz+HQA34BPtWFlBn78pTA22lUQWCHGgrrw
EUI3Wm6CFim+CdOmuRH78yQa6rtz6nlZZ9e7yEhRvXABbvIRvbeGE5rpIp47waag
ePzr4KcrSCwms/n0W71UL1aDHwruL1BAf8ca6QfazSMYFMhG9fTDJvqvEo7YrHq3
A1yObiOcG85TAxqOdJhHycU6+n/T9srdpAtQAkBkz3cdcj6bT/nF31AukKM9dmLY
75luvhq0iV6Tif0O9UcLKqYIxeVvFemCQrpqCzF23Nh3cD8KhyuzIQ1OCWKfUxQR
s+wP+0oC
-----END CERTIFICATE-----
Do you want to accept and install it (y|n)? [n] y
Certificate successfully installed.
Which looked ok to my inexperienced glance.
So I tried a resubmission.
I got the first error dialog again, followed by a second which said:
An error occurred during the submit process. Cannot process response due to unknown content type.
Can anybody here help me with this at all?
It would be a real boon to all of Britains UNIX users if anyone could suggest a way forward- as it would appear that the mandated web filing process
is preventing all UNIX and Linux users from filing their compulsory company returns online..
Thankyou.I wish to reiterate anonym0u5 concerns for this problem, but it could be a problem with Companies House.
I did
acroread -installCertificate -PEM ewf.companieshouse.gov.uk
acroread -installCertificate -PEM UTN-USERFirst-Hardware
acroread -installCertificate -PEM Digi-Sign\ CA\ Digi-SSL\ Xp
acroread -installCertificate -PEM Builtin\ Object\ Token\:AddTrust\ External\ Root
after having clicked the padlock at the top in Chrome and downloaded the certificates. Note the slight difference in file name.
then restarting acroread I get the above (again). So I stop it and do as it says:
acroread -installCertificate xmlgw.companieshouse.gov.uk 443
Unfortunately:
The problem still persists. I have written to Companies House:
Filling in my CT600 online and taking advantage of the ability to submit accounts to Companies House, I put in my company number and authentication code but then am presented by the following:
so I save the file, close Acrobat and do as it says:
nigel@p4dx2:~/Documents/accounts/nsl/certificates$ acroread -installCertificate xmlgw.companieshouse.gov.uk443
which eventually returns
Do you want to accept and install it (y|n)? [n] y
Certificate successfully installed.
Then I reopen the CT600 with Acrobat. But unfortunately the same thing happens. What digital certificate is needed? Where can I find it?
I will let this forum know of any response.
Maybe you are looking for
-
Can we use TCL commands in database triggers?
Hi, GoodDay, This is Ramesh. Please let me know that, can we use TCL (Commit, Rollback & Savepoint) commands in our[b] DATABASE triggers? If so how..? Regards, Ramesh.
-
How to associate nickname with apple id in gamecenter
I know I have a gamecenter nickname but it isn't associated with my apple id for some reason. I logged out and can't seem to recover it for some reason. Any help? Thanks
-
Production order line item data
Hello All, I am working on production orders co03 rite now. I want to access the line item data for a particular order, AUFK and AFPO are not giving the details i need, please advise, thanks, Gaurav
-
PO Amendments Interface po_document_update_pvt.update_document
i am working on PO Ammendment Interface i am using the API How can we update the multiple shipment lines.. using the API that is my doubt. as i can able to update single line ammendment. give me help on this. Message was edited by: user567944
-
Restoring version database history
Hi, We had performed a system refresh of a DEV system months earlier but had done a mistake of not exporting/importing the version database. Though we had corrected that mistake in our future refresh activities but the problem is now all the version