• RELEVANCY SCORE 3.80

    DB:3.80:Tls Handshake Fails On Mac Os X fk






    Hello,

    We have a problem with the authentication of Mac OS X 10.8 devices on our wireless network. We are using ISE version 1.2 with patch 2 and a 2504 with version 7.4.115 as WLC. The device should be authenticated with a client certificate over eap-tls.

    In general this setup works fine. But we have problems with two Macs which don’t finish the TLS handshake for authentication. ISE shows “5440 Endpoint abandoned EAP session and started new“ as error message. The Client log shows a missing or not completely received server certificate. We also made several traces to find the point at which the server certificate gets lost. But actually the client receives the complete server hello from the tls handshake and simply doesn’t respond.

    Finally we found the problem in this case. It was the Bluetooth connection to an Apple magic mouse. After deactivating the Bluetooth connection the authentication works fine. When the connection is established you can reactivate Bluetooth. But this is more a workaround than a solution. Also interesting is the fact that it doesn’t work with this specific controller but it works fine with another one with almost identical configuration. We got a hint from an apple specialist that changing the channel might help because of interference but it makes no difference.

    DB:3.80:Tls Handshake Fails On Mac Os X fk


    Hi

    I have the same problems with a viritual WLC and ISE v1.2. Windows 7 clients cant connect to their WLAN and the ISE log fills with authentication error messages.

    5440 Endpoint abandoned EAP session and started new

    Have you heard anything from TAC?

  • RELEVANCY SCORE 3.46

    DB:3.46:Problem With Work Group Bridge Authentication With Acs 5.X a9






    EAP-TLS authentication for workgoup brdige fails.

    Folloing is the log on ACS

    Authentication failed
    12514 EAP-TLS failed  SSL/TLS handshake because of an unknown CA in the client certificates chain

    12811 Extracted TLS Certificate message containing client certificate.
    12814 Prepared TLS Alert message.
    12817 TLS handshake failed.
    12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
    12507 EAP-TLS authentication failed
    12505 Prepared EAP-Request with another EAP-TLS challenge
    11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing session
    12504 Extracted EAP-Response containing EAP-TLS challenge-response
    11504 Prepared EAP-Failure

    11003 Returned RADIUS Access-Reject

    DB:3.46:Problem With Work Group Bridge Authentication With Acs 5.X a9


    I have seen this issue before, the AP is present an old PAC and doesnt update until after you reboot. You can open a wireless TAC case and they will get you the right image as to when this was fixed. As a workaround you can extend the lifetime of the PAC in your authentication settings for EAP-FAST.Thanks,Sent from Cisco Technical Support iPad App

  • RELEVANCY SCORE 3.38

    DB:3.38:Tls Handshake Fails Between Mediation Server Asterisk..! sx





     
    Hi All,
     
    I just tried to integrate Mediation Server with Asterisk to connect from OC to SIP/Analog phones and vice versa.
     
    With TCP as transport, the below topology is working fine.
     
    OC 2007 (TCP) -- OCS 2007 (TCP) -- Mediation Server (TCP)-- Asterisk(TCP) --Eyebeam (TCP)
     
    But facing few certificate problems, when I tried with TLS.
     
    Created Self Signed SSL Server Client Certificates and used Server Certs at Asterisk Client Certs at two Eyebeam clients. All the SIP calls worked perfectly between the Eyebeam clients thru Asterisk.
     
    Then, I tried with the below topology to connect Mediation Server with Asterisk. TLS handshake is failing between the Mediation Server Asterisk and getting an exception SSL routinesSL23_GET_CLIENT_HELLO:unknown protocol.
     
    OC 2007 (TLS) -- OCS 2007 (TLS) -- Mediation Server (TLS)----X----- Asterisk v1.6 (TLS) --Eyebeam (TLS)
     
     
    How the Certificates will be generated and used between the Mediation Server Asterisk for successful TLS handshake?
     
    Could anybody please help me out in resolving this issue?
     
    Would appreciate your efforts.
     
    Thanks,
    Rajendra

    DB:3.38:Tls Handshake Fails Between Mediation Server Asterisk..! sx

    Hi all.. since i'm still a newbie then i don't know where i've to put my question.. so, here i am following... i've got some problem when i make a secure VOIP call with TLS. FYI, i use ubuntu as my OS for my server (i install asterisk inside) and also my client (i use minisip as my softphone). i can make a call after i configure the certificate, but don't know why, the call can only establish for only 29-32 second..after that, the call hang up.. i'm already trying to look at my sip.conf and extension.conf, but still i didn't found the way out.. i think the problem comes from the asterisk side (either from sip.conf or extension.conf) and not from the softphone.. because, before i decided to use ubuntu on my project, i've already tried to implement the same thing in wnidows and the result was the same.. I hope there'll be someone help me to solve my problem.. I'll be very appreciate for all the answers :) Best regards.. NIKEN

  • RELEVANCY SCORE 3.27

    DB:3.27:Pci-Gpib Mac Osx.4 G5 az


    Running Labview 8.2 on MacOS X.4 with the latest PCI/X-GPIB card to a Spex / Jobin-Yvon monocromator. The interface handshake fails on first character sent to the device (TIMO). Using an older PCI-GPIB card (physically larger, I don't see how to differentiate between cards) with G4 MacOS X.4, this handshake is no problem. I admit the Spex interface probably hasn't been changed in 15 years!! Other devices (newer) on the same bus communicate reliably with this latest PCI-GPIB/ OSX.4Robin

    DB:3.27:Pci-Gpib Mac Osx.4 G5 az

    Dear raman_epflYou could try troubleshooting the communication problem following thehints onhttp://digital.ni.com/public.nsf/allkb/9C9DBA7A3A5​6B6B686256F4A006FC8DA.Best regardsPhilipp R.

  • RELEVANCY SCORE 3.23

    DB:3.23:Re: Jsse Ssl Server Fails During Ssl Handshake With Windows Sspi Client a7


    Hai,

    Thanks for reply. Client after connection sends SSL Continuation packet and 2nd packet is Client hello.

    For the first packet i could see Ignored unknown record. Then after receiving client hello server sends unxpected TLS alert to client and close the connection

    Regards,
    Chandu

  • RELEVANCY SCORE 3.18

    DB:3.18:Apple Osx Certificate Trust Issue With Crl And Ocsp Attributes zz



    Apple published the following link about a potential issue with certificates when using 802.1x on Mac OS X systems with EAP types that utilize server-side certificates (PEAP, EAP-TLS, etc).  The doc describes the issue and provides a workaround.

     

    http://support.apple.com/en-au/HT203841

     

    The issue would most likely manifest symptomatically where other wireless clients successfully authenticate and roam, but Mac OS X clients uniquely would not.

     

     

     

    DB:3.18:Apple Osx Certificate Trust Issue With Crl And Ocsp Attributes zz


    Apple published the following link about a potential issue with certificates when using 802.1x on Mac OS X systems with EAP types that utilize server-side certificates (PEAP, EAP-TLS, etc).  The doc describes the issue and provides a workaround.

     

    http://support.apple.com/en-au/HT203841

     

    The issue would most likely manifest symptomatically where other wireless clients successfully authenticate and roam, but Mac OS X clients uniquely would not.

     

     

     

  • RELEVANCY SCORE 3.09

    DB:3.09:Wireless Clients Fail Ssl/Tls Handshake And Reject Acs 5.2 Local Certificate fs



    I have a problem where wireless clients at a remote site cannot successfully authenticate through their WLC to my ACS 5.2 (Linux on VM). I have three sites where this authentication is functioning properly; at my fourth site the wireless clients fail with a PEAP error: "12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate". My wireless clients are Win7 using WPA2-Enterprise security type with AES encryption. The authentication method is set to Microsoft PEAP (EAP-MSCHAP v2) and the 'Validate server certificate' is not checked. My wireless access rules on ACS 5.2 are working well at three sites. My ACS 5.2 has a self-signed certificate that doesn't expire until August 2012. A laptop that can successfully authenticate at other sites cannot authenticate at the fourth site.

    Phase one of the PEAP process is where the client authenticates the server certificate and the TLS tunnel is created so that in phase two user authentication credentials are sent through the TLS tunnel using EAP. My clients do not seem to be able to create the TLS tunnel because they reject the ACS local certificate; thus, user credentials are never passed and authentication fails. I have renewed the ACS local certificate and rebooted the ACS server but the problem persists. My WLAN on the WLC has its security policy set to [WPA + WPA2][Auth(802.1X)]. WPA uses TKIP and WPA2 uses AES; Auth Key Mgmt is set to 802.1X. The remote site where authentication fails is a different domain; the other three sites are the same domain.

    I can see the failed authentication attempts in my ACS "Monitoring and Reports | Reports | Catalog | AAA Protocol | RADIUS Authentication" report. They all fail with the same PEAP error: 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate. The ACS local certificate works fine at three sites--just not at the fourth. Is my problem the certificate or is it an 802.1X client problem? What should I focus on to resolve this?

    DB:3.09:Wireless Clients Fail Ssl/Tls Handshake And Reject Acs 5.2 Local Certificate fs


    Hi Paul,

    did you get this fixed? I am having a same issue with a windows 7 laptop getting the ACS cert rejected message on ACS 5.3. works at one site and does not work at the other

  • RELEVANCY SCORE 3.08

    DB:3.08:Photoshop Elements 3.0 Fails To Install On Mac Os 10.9 cp


    It is impossibol to install Photo Shop Elements 3.0 on my Mac OS X 10.9: installation failed.

    DB:3.08:Photoshop Elements 3.0 Fails To Install On Mac Os 10.9 cp

    adobe didn't make that pse 3 to be compatible with a non-existant os and i doubt apple considered making an os to be compatible with software that old.

  • RELEVANCY SCORE 3.07

    DB:3.07:Mac Os X 99


    Will Sun Message Queue run on Max OS X?

    DB:3.07:Mac Os X 99

    mmm, do you want to use it in production enviroments?. It would be nice to try to use it in mac os x (not a supported platform), have you try from the Open Message Queue available source code? (https://mq.dev.java.net/)

    good luck!

  • RELEVANCY SCORE 3.00

    DB:3.00:Enabling Php On Mac Os X z3


    enabling PHP on Mac OS X

  • RELEVANCY SCORE 2.87

    DB:2.87:Custom Iedntity With Self-Signed Cert: No Trust Betwees As And Ms dp


    Short Problem Description:
    --------------------------
    WL admin server (AS) can't establish an SSL connection with managed servers (MS) after installing a custom Identity Keystore with self-signed certificate in it.

    Details
    --------

    I use a self-signed certificate in "Custom Identity Keystore" to establsih SSL connection between WL managed servers and clients. SSL handshake works fine between WL clients and WL managed servers, but AS can't establish SSL conection to MS after that. As a result, AS's LDAP repositories can't be replicated to MS's LDAP repositories, and clients can't be authenticated on MS.

    I've tried to create different kind of self-signed certificates using keytool and WL's CertGen with the same results: SSL works fine between clients and MS, but not between MS and AS.

    I got an imression that the only self-signed cert that WL likes is DemoIdentity.jks provided with the installation. Error messages with SSL/TLS debug information provided below.

    All suggestions are highly appreciated!

    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000332 Started We
    bLogic Managed Server "MS1" for domain "mydomain" running in Development Mode
    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000360 Server sta
    rted in RUNNING mode
    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000355 Thread "SS
    LListenThread.Default" listening on port 7003, ip address *.*
    DESCBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_RSA_EXPORT_WITH_RC4
    _40_MD5
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DHE_RSA_EXPORT_WITH
    DES40CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_RSA_EXPORT_WITH_DES
    40_CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_RSA_WITH_NULL_MD5

    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_RSA_WITH_NULL_SHA

    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_WITH_3DES_E
    DE_CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_WITH_RC4_12
    8_MD5
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_WITH_DES_CB
    C_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_EXPORT_WITH
    RC440_MD5
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_EXPORT_WITH
    DES40CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DHE_RSA_EXPORT_WITH
    DES40_CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_RSA_EXPORT_WITH_DES
    _40_CBC_SHA
    May 23, 2005 1:23:11 PM PDT Debug TLS 000000 TLS_DH_anon_EXPORT_WITH
    DES40_CBC_SHA
    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000332 Started We
    bLogic Managed Server "MS1" for domain "mydomain" running in Development Mode
    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000360 Server sta
    rted in RUNNING mode
    May 23, 2005 1:23:11 PM PDT Notice WebLogicServer BEA-000355 Thread "SS
    LListenThread.Default" listening on port 7003, ip address *.*
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 Filtering JSSE SSLSocket

    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLIOContextTable.addConte
    xt(ctx): 16757505
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLSocket will be Muxing

    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 5407977 SSL Version 2 with
    no padding
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 26484169 SSL3/TLS MAC
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 26484169 received SSL_20_R
    ECORD
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 HANDSHAKEMESSAGE: ClientHe
    lloV2
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 58
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 485
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 5394
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 4
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 26484169 SSL3/TLS MAC
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 26484169 received ALERT
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 NEW ALERT with Severity: F
    ATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknow
    n Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
    ource)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Sou
    rce)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
    n Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
    known Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unk
    nown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSoc
    ket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 Alert received from peer,
    notifying peer we received it: com.certicom.tls.record.alert.Alert@18eef25
    May 23, 2005 1:29:17 PM PDT Warning Security BEA-090482 BAD_CERTIFICATE
    alert was received from oakdev167743.pvn.ent.providian.com - 10.11.50.60. Check
    the peer to determine why it rejected the certificate chain (trusted CA configu
    ration, hostname verification). SSL debug tracing may be required to determine t
    he exact reason the certificate was rejected.
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 close(): 5407977
    May 23, 2005 1:29:17 PM PDT Debug TLS 000000 SSLIOContextTable.removeCo
    ntext(ctx): 16757505
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 Filtering JSSE SSLSocket

    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLIOContextTable.addConte
    xt(ctx): 7055953
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLSocket will be Muxing

    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 8347989 SSL Version 2 with
    no padding
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 13580450 SSL3/TLS MAC
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 13580450 received SSL_20_R
    ECORD
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 HANDSHAKEMESSAGE: ClientHe
    lloV2
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 58
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 485
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 5394
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 4
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 NEW ALERT with Severity: W
    ARNING, Type: 0
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un
    known Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source
    )
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.t3.srvr.ListenThread.rejectCatastrophe(ListenThread.java:443
    )
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:503)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 avalable(): 8347989 : 0 +
    7 = 7
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 8347989 read(offset=0, len
    gth=7)
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:21 PM PDT Debug TLS 000000 SSLIOContextTable.removeCo
    ntext(ctx): 7055953
    May 23, 2005 1:29:53 PM PDT Debug TLS 000000 Filtering JSSE SSLSocket

    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLIOContextTable.addConte
    xt(ctx): 19399826
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLSocket will be Muxing

    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 17751624 SSL Version 2 wit
    h no padding
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 19097147 SSL3/TLS MAC
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 19097147 received SSL_20_R
    ECORD
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 HANDSHAKEMESSAGE: ClientHe
    lloV2
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 58
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 485
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 5394
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 4
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 19097147 SSL3/TLS MAC
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 19097147 received ALERT
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 NEW ALERT with Severity: F
    ATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknow
    n Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
    ource)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Sou
    rce)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
    n Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
    known Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unk
    nown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSoc
    ket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 Alert received from peer,
    notifying peer we received it: com.certicom.tls.record.alert.Alert@187d20c
    May 23, 2005 1:29:55 PM PDT Warning Security BEA-090482 BAD_CERTIFICATE
    alert was received from oakdev167743.pvn.ent.providian.com - 10.11.50.60. Check
    the peer to determine why it rejected the certificate chain (trusted CA configu
    ration, hostname verification). SSL debug tracing may be required to determine t
    he exact reason the certificate was rejected.
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 close(): 17751624
    May 23, 2005 1:29:55 PM PDT Debug TLS 000000 SSLIOContextTable.removeCo
    ntext(ctx): 19399826
    May 23, 2005 1:30:27 PM PDT Debug TLS 000000 Filtering JSSE SSLSocket

    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLIOContextTable.addConte
    xt(ctx): 23028857
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLSocket will be Muxing

    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 250547 SSL Version 2 with
    no padding
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 16640218 SSL3/TLS MAC
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 16640218 received SSL_20_R
    ECORD
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 HANDSHAKEMESSAGE: ClientHe
    lloV2
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 58
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 485
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 5394
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 write HANDSHAKE, offset =
    0, length = 4
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 isMuxerActivated: false
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLFilter.isActivated: fal
    se
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 16640218 SSL3/TLS MAC
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 16640218 received ALERT
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 NEW ALERT with Severity: F
    ATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknow
    n Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
    ource)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Sou
    rce)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
    n Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
    known Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unk
    nown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSoc
    ket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 Alert received from peer,
    notifying peer we received it: com.certicom.tls.record.alert.Alert@1c27402
    May 23, 2005 1:30:28 PM PDT Warning Security BEA-090482 BAD_CERTIFICATE
    alert was received from oakdev167743.pvn.ent.providian.com - 10.11.50.60. Check
    the peer to determine why it rejected the certificate chain (trusted CA configu
    ration, hostname verification). SSL debug tracing may be required to determine t
    he exact reason the certificate was rejected.
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 close(): 250547
    May 23, 2005 1:30:28 PM PDT Debug TLS 000000 SSLIOContextTable.removeCo
    ntext(ctx): 23028857

    DB:2.87:Custom Iedntity With Self-Signed Cert: No Trust Betwees As And Ms dp

    ... yet another thought, since it happens after I change security config on AS (e.g. add a user to a group), probably something can be done with VDE configuration.

    In initial vde.prop file I found

    vde.tls.keystore=notused
    vde.tls.pass=notused

    I've changed it to

    vde.tls=1
    vde.tls.keystore=path-to-keystore
    vde.tls.pass=password

    but it didn't help :-(

    Is there any parameter in vde config for a private key alias?

    I mean, if I use two-way SSL in AS/MS probably I should configure VDE as well?

  • RELEVANCY SCORE 2.86

    DB:2.86:Unity Client Mac Os X 10.2 Fails To Split Tunnel - Cscdy51818 Bug jz



    Hi,

    Headline unity client mac os x 10.2 fails to split tunnel - CSCdy51818 Bug Details

    Is there anyone here that have installed unity client version 3.6(2) and verified that it works now?

    Thanks

    DB:2.86:Unity Client Mac Os X 10.2 Fails To Split Tunnel - Cscdy51818 Bug jz


    Hi to answer your question,

    Actually there were 2 bugs open for Mac OSX 10.2 in regard to Split tunneling:

    The 2 bug id's for this are:

    CSCdy51818: unity client mac os x 10.2 fails to split tunnel

    CSCdy81700: Unable to browse the internet with mac osx 10.2 and 3.6.2 vpn

    client

    I carried out the testing for the resolution of this problem.The fix is not in the current 3.6.2 VPN Client but there is a workaround attached to both bug id's.

    You need to turn of hardware checksumming, please read the bug id's for

    this workaround.

    I suggest you should upgrade to the new 3.7 Mac GUI client which should be out by next week. If your not interested in the GUI client the next release of 3.6.x

    will have the official fix for this problem.

    Hope this helps.

    Regards,

    Catherine

  • RELEVANCY SCORE 2.86

    DB:2.86:Thread: Cannot Install Secure Printers On Mac 8k


    When I try to install a secure printer (SSL/TLS required in iPrint client settings) on Mac OS X Leopard, after entering the eDirectory user credentials the browser reports the server dropped the connection. This is against a Netware6.5 SP7 server. Help!!

    DB:2.86:Thread: Cannot Install Secure Printers On Mac 8k

    KenHirsh,

    It appears that in the past few days you have not received a response to your

    posting. That concerns us, and has triggered this automated reply.

    Has your problem been resolved? If not, you might try one of the following options:

    - Visit http://support.novell.com and search the knowledgebase and/or check all

    the other self support options and support programs available.

    - You could also try posting your message again. Make sure it is posted in the

    correct newsgroup. (http://forums.novell.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:

    http://support.novell.com/forums/faq_general.html

    If this is a reply to a duplicate posting, please ignore and accept our apologies

    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your Novell Product Support Forums Team

    http://support.novell.com/forums/

  • RELEVANCY SCORE 2.85

    DB:2.85:[Solved] Openvpn Connection No Longer Working, Tls Error am



    Hey!

    I have a strange problem. The same setup was working for months, nothing changed. Perhaps it`s due to an update and you guys can help me. I can`t establish a vpn connection to our openvpn server any more.

    I`m using tunnelblick as vpn client to connect from my mac to the office. It hangs at waiting for response from server. I`m not an expert, but as I understand the tls handshake fails. I googled around and tried everything suggested, but no success.

    I haven`t used it since the latest openvpn package update, perhaps it has something to do with that?

    I found this, too, but it didn`t help either:http://openvpn.net/index.php/open-sourc … ivity.html

    This is the client log:
    2013-02-16 11:17:06 MANAGEMENT: STATE:1361009826,WAIT,,,
    2013-02-16 11:18:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2013-02-16 11:18:06 TLS Error: TLS handshake failed
    2013-02-16 11:18:06 TCP/UDP: Closing socket
    2013-02-16 11:18:06 SIGUSR1[soft,tls-error] received, process restarting
    2013-02-16 11:18:06 MANAGEMENT: STATE:1361009886,RECONNECTING,tls-error,,
    2013-02-16 11:18:06 MANAGEMENT: CMD hold release

    DB:2.85:[Solved] Openvpn Connection No Longer Working, Tls Error am


    I solved it

    I did more reading and it seemed to be a problem in the config files, anything else could be pretty much excluded.

    I started with fresh config files referring to the german wiki (it`s different) from .org. Since it was working with this I started to track the problem down. In the end I had to delete the

    multihome

    option in the server config. Everything seems fine now! Thanks for everyone that read it. Perhaps it helps someone in the future.

  • RELEVANCY SCORE 2.84

    DB:2.84:Java Thick Client + Ssl + Weblogic 7.0 7x


    I am seeing SSL handshake problems, interestingly they only appear from a java
    client and not from a browser.
    I used the WBL examples code (examples.security.sslclient.SSLClient ) compiled
    using JDK 1.4 on Solaris box.
    Does anyone test this stuff before release or am I just getting synical.

    Here is what I see if I use JSEE (as bundled with JDK 1.4)

    --------------------- Client side ------------------
    java examples.security.sslclient.SSLClient jsse myhost.domain.com 80 443/jetspeed

    JDK Protocol Handlers and Security Providers:
    java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol|null
    provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
    MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator;
    PKIX CertPathBuilder; LDAP, Collection CertStores)
    provider[1] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
    SunX509 key/trust factories, SSLv3, TLSv1)
    provider[2] - SunRsaSign - SUN's provider for RSA signatures
    provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
    PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    provider[4] - SunJGSS - Sun (Kerberos v5)

    Trying a new HTTP connection using JDK client classes -
    http://myhost.domain.com/jetspeed
    200 -- OK
    sun.net.www.protocol.http.HttpURLConnection$HttpInputStream
    Trying a new HTTPS connection using JDK client classes
    https://myhost.domain.com/jetspeed
    using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io.OutputStream.write(OutputStream.java:58)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.connect(DashoA6275)
    at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:121)
    at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:187)
    at examples.security.sslclient.SSLClient.main(SSLClient.java:70)
    Received fatal alert: handshake_failure----
    --------------------------

    Server side, where I have the turned on DEBUG I see :

    ----------------------------
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 Filtering JSSE SSLSocket

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLIOContextTable.addContext(ctx):
    8832552
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLSocket will be Muxing

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLIOContextTable.findContext(is):
    3906313
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 isMuxerActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 2179790 readRecord()
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 2179790 received SSL_20_RECORD

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 58
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 792
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 4
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 isMuxerActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 2179790 readRecord()
    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 2179790 received HANDSHAKE

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange
    RSA
    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 Exception during handshake,
    stack trace foll
    ows
    java.lang.IllegalStateException
    at com.certicom.tls.provider.cipher.JSAFE_RSA.doFinal(Unknown Source)
    at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown
    Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
    Sourc
    e)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
    Sour
    ce)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
    Sour
    ce)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:400)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

    ------------------

    I get similar results whether I am using SSL library of Weblogic or the JSSE
    of Java.

    [Q] Whats going on ?

    I notice this problem being reported back in 2001 with WBL 5 2002 with WBL
    6.0

    Is anyone listening for this, or are we all supporting each other and BEA is
    getting paid

    DB:2.84:Java Thick Client + Ssl + Weblogic 7.0 7x

    If you are okay with using weblogic ssl I would recommend that you include the weblogic jar file in you
    r classpath and explicitly remove jsse.jar from ext directory
    If bothe of them are present the jsse classes will be used since it gets loaded by the extension
    classloader .let me know if it works

    Tarang wrote:

    I am seeing SSL handshake problems, interestingly they only appear from a java
    client and not from a browser.
    I used the WBL examples code (examples.security.sslclient.SSLClient ) compiled
    using JDK 1.4 on Solaris box.
    Does anyone test this stuff before release or am I just getting synical.

    Here is what I see if I use JSEE (as bundled with JDK 1.4)

    --------------------- Client side ------------------
    java examples.security.sslclient.SSLClient jsse myhost.domain.com 80 443/jetspeed

    JDK Protocol Handlers and Security Providers:
    java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol|null
    provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
    MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator;
    PKIX CertPathBuilder; LDAP, Collection CertStores)
    provider[1] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
    SunX509 key/trust factories, SSLv3, TLSv1)
    provider[2] - SunRsaSign - SUN's provider for RSA signatures
    provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
    PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    provider[4] - SunJGSS - Sun (Kerberos v5)

    Trying a new HTTP connection using JDK client classes -
    http://myhost.domain.com/jetspeed
    200 -- OK
    sun.net.www.protocol.http.HttpURLConnection$HttpInputStream
    Trying a new HTTPS connection using JDK client classes
    https://myhost.domain.com/jetspeed
    using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io.OutputStream.write(OutputStream.java:58)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
    at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.connect(DashoA6275)
    at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:121)
    at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:187)
    at examples.security.sslclient.SSLClient.main(SSLClient.java:70)
    Received fatal alert: handshake_failure----
    --------------------------

    Server side, where I have the turned on DEBUG I see :

    ----------------------------
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 Filtering JSSE SSLSocket

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLIOContextTable.addContext(ctx):
    8832552
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLSocket will be Muxing

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLIOContextTable.findContext(is):
    3906313
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 isMuxerActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 2179790 readRecord()
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 2179790 received SSL_20_RECORD

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 58
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 792
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 write HANDSHAKE offset =
    0 length = 4
    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 isMuxerActivated: false

    Mar 27, 2003 6:24:20 PM PST Debug TLS 000000 SSLFilter.isActivated: false

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 2179790 readRecord()
    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 2179790 received HANDSHAKE

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange

    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange
    RSA
    Mar 27, 2003 6:24:21 PM PST Debug TLS 000000 Exception during handshake,
    stack trace foll
    ows
    java.lang.IllegalStateException
    at com.certicom.tls.provider.cipher.JSAFE_RSA.doFinal(Unknown Source)
    at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown
    Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
    Sourc
    e)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
    Sour
    ce)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
    Sour
    ce)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:400)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

    ------------------

    I get similar results whether I am using SSL library of Weblogic or the JSSE
    of Java.

    [Q] Whats going on ?

    I notice this problem being reported back in 2001 with WBL 5 2002 with WBL
    6.0

    Is anyone listening for this, or are we all supporting each other and BEA is
    getting paid

  • RELEVANCY SCORE 2.84

    DB:2.84:Tls Handshake kd


    Crazy situation here. Error happens when an iPad is behind the TMG and is accessing a Citrix netscaler. TLS negotiates in v1 but the iPad being iOS 6 will only work with TLSv1.2 It asks for the change and then there is an Encrypted Alert
    (21). Put the iPad out on a internet connection without TMG and it works (using TLSv1.2). Does anyone have a clue on this?
    iPad sends TLSv1 Change Cipher Spec to TMG
    then there are two SSL packets transmitted. One each way
    TMG sends TLSv1 Encrypted Alert(21)
    Connection fails at that point.

    DB:2.84:Tls Handshake kd

    HTTPS inspection is disabled. I thought that this would have been an easy one. We can't be the only ones using iPads and netscalers through TMG?

  • RELEVANCY SCORE 2.84

    DB:2.84:Mac G5 Install Issue- Skype 5.3 For Mac Os X Requires Mac Os 10.5.8 But Fails On Power Pc dx


    DB:2.84:Mac G5 Install Issue- Skype 5.3 For Mac Os X Requires Mac Os 10.5.8 But Fails On Power Pc dx


    Skype 2.8.0.866 is working very well on several PPC Macs here, G4 iMac Mac Mini, both running 10.5.8, even audio on an earlier Skype on a Tiger iBook! Not sure on the best solution. You have tried:

    resetting PRAM,

    several restarts,

    removing plist (quite a few threads guide on this),

    http://community.skype.com/t5/Mac/Skype-crashing-not-starting-Check-here/td-p/1468175

    and searching the forum, there are a number of threads that may be relevant.

    My G5 iMac gave up a couple of years ago, with I think motherboard / capacitor issues. Do you have a hardware issue as Skype is crashing so often?

  • RELEVANCY SCORE 2.80

    DB:2.80:Configuring Jms And Loadbalancer With Ssl Termination? Has Anyone Done It? dk


    Hi all,
    I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.

    Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
    29-Sep-2006 16:07:22 o'clock IST Debug TLS 000000 SSL/Domestic license found
    29-Sep-2006 16:07:22 o'clock IST Debug TLS 000000 Not in server, Certicom SSL license found
    29-Sep-2006 16:07:23 o'clock IST Debug TLS 000000 SSL Session TTL :90000
    29-Sep-2006 16:07:23 o'clock IST Debug TLS 000000 Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
    ore.keystore
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 886220
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 write SSL_20_RECORD
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 validationCallback: validateErr = 0
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 cert[0] = [
    [
    Version: V3
    Subject: EMAILADDRESS="webadmin@acompanyname.com ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
    =IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
    cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
    2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
    b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
    Validity: [From: Fri Sep 08 11:44:28 BST 2006,
    To: Mon Sep 05 11:44:28 BST 2016]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 0131]

    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e

    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A..
    0010: A2 39 4C 73 .9Ls
    ]
    ]

    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
    0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
    0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
    0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....

    ]
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 cert[1] = [
    [
    Version: V3
    Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
    53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
    Validity: [From: Mon May 31 15:22:15 BST 2004,
    To: Thu May 29 15:22:15 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 00]

    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]
    ]

    [2]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [3]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 d....H.pt...,.s
    0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
    0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
    0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....

    ]
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLTrustValidator returns: 0
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 Trust status (0): NONE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 Performing hostname validation checks: 10.51.0.200
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 134
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 272
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3445873 read(offset=0, length=2048)
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read databufferLen 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read A returns 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 339
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read(offset=372, length=1676)
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 6771926
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 93
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received HANDSHAKE
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received HANDSHAKE
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 402
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 1707
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read(offset=0, length=2048)
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read databufferLen 174
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read A returns 174
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
    at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
    at java.util.TimerThread.mainLoop(Unknown Source)
    at java.util.TimerThread.run(Unknown Source)

    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 avalable(): 23328673 : 0 + 0 = 0
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 write ALERT, offset = 0, length = 2
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 6771926
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3445873 read databufferLen 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3445873 read A returns 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 8406772
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 93
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received HANDSHAKE
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received HANDSHAKE
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 339
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 5618579 read(offset=0, length=2048)
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
    trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at TestAllManagedServers.main(TestAllManagedServers.java:54)
    Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
    med out
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
    ... 7 more
    o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:

    When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.

    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0Ar
    and=3018901804201457976AS=255HL=19 HTTP/1.1" 200 17
    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=7332722597180897050 HTTP/1
    .1" 200 2341
    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0rand=3415396992694182025 HTTP/
    1.1" 200 17

    When my request goes through the load balancer I see the following in the HTTP logs:

    10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A
    rand=8279752507152372405AS=255HL=19 HTTP/1.1" 200 17
    10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0rand=1051450669479197885 HTTP
    /1.1" 200 17
    10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=6035654607615870287 HTTP/
    1.1" 200 5
    10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=8245112057388607005 HTTP/
    1.1" 200 5

    Notice the time delay in some of the messages.

    The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:

    29-Sep-2006 16:31:43 o'clock IST Error RJVM BEA-000572 The server rejected a connection attempt JVMMessage from: '266014296
    868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
    :8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
    MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
    probably due to an incorrect firewall configuration or admin command.

    When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:

    Getting Initial context from ms01
    29-Sep-2006 16:29:22 o'clock IST Debug TLS 000000 SSL/Domestic license found
    29-Sep-2006 16:29:22 o'clock IST Debug TLS 000000 Not in server, Certicom SSL license found
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSL Session TTL :90000
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
    ore.keystore
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 7860099
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 write SSL_20_RECORD
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 validationCallback: validateErr = 0
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 cert[0] = [
    [
    Version: V3
    Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
    0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
    Validity: [From: Mon May 31 16:45:21 BST 2004,
    To: Thu May 29 16:45:21 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 05]

    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e

    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
    0010: 97 C5 DD F1 ....
    ]
    ]

    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
    0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 j2Bw.D..@......U
    0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
    0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..

    ]
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 cert[1] = [
    [
    Version: V3
    Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
    53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
    Validity: [From: Mon May 31 15:22:15 BST 2004,
    To: Thu May 29 15:22:15 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 00]

    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]
    ]

    [2]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [3]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 d....H.pt...,.s
    0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
    0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
    0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....

    ]
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLTrustValidator returns: 0
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 Trust status (0): NONE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 Performing hostname validation checks: 10.51.0.1
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 70
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 270
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 30340343 read(offset=0, length=2048)
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TL

    DB:2.80:Configuring Jms And Loadbalancer With Ssl Termination? Has Anyone Done It? dk

    Hi all,
    I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.

    Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
    29-Sep-2006 16:07:22 o'clock IST Debug TLS 000000 SSL/Domestic license found
    29-Sep-2006 16:07:22 o'clock IST Debug TLS 000000 Not in server, Certicom SSL license found
    29-Sep-2006 16:07:23 o'clock IST Debug TLS 000000 SSL Session TTL :90000
    29-Sep-2006 16:07:23 o'clock IST Debug TLS 000000 Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
    ore.keystore
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 886220
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 write SSL_20_RECORD
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 validationCallback: validateErr = 0
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 cert[0] = [
    [
    Version: V3
    Subject: EMAILADDRESS="webadmin@acompanyname.com ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
    =IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
    cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
    2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
    b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
    Validity: [From: Fri Sep 08 11:44:28 BST 2006,
    To: Mon Sep 05 11:44:28 BST 2016]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 0131]

    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e

    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A..
    0010: A2 39 4C 73 .9Ls
    ]
    ]

    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
    0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
    0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
    0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....

    ]
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 cert[1] = [
    [
    Version: V3
    Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
    53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
    Validity: [From: Mon May 31 15:22:15 BST 2004,
    To: Thu May 29 15:22:15 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 00]

    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]
    ]

    [2]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [3]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 d....H.pt...,.s
    0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
    0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
    0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....

    ]
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 SSLTrustValidator returns: 0
    29-Sep-2006 16:07:24 o'clock IST Debug TLS 000000 Trust status (0): NONE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 Performing hostname validation checks: 10.51.0.200
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 134
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3941240 received HANDSHAKE
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 272
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 3445873 read(offset=0, length=2048)
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read databufferLen 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read A returns 372
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 339
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3445873 read(offset=372, length=1676)
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 6771926
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 93
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received HANDSHAKE
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received HANDSHAKE
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 402
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 1707
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read(offset=0, length=2048)
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 SSL3/TLS MAC
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read databufferLen 174
    29-Sep-2006 16:07:29 o'clock IST Debug TLS 000000 23328673 read A returns 174
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
    at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
    at java.util.TimerThread.mainLoop(Unknown Source)
    at java.util.TimerThread.run(Unknown Source)

    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 avalable(): 23328673 : 0 + 0 = 0
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 write ALERT, offset = 0, length = 2
    29-Sep-2006 16:07:44 o'clock IST Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 6771926
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3941240 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3445873 read databufferLen 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 3445873 read A returns 98
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 8406772
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 93
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received HANDSHAKE
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 SSL3/TLS MAC
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 21830977 received HANDSHAKE
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 339
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 5618579 read(offset=0, length=2048)
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:08:13 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
    trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at TestAllManagedServers.main(TestAllManagedServers.java:54)
    Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
    med out
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
    ... 7 more
    o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:

    When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.

    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0Ar
    and=3018901804201457976AS=255HL=19 HTTP/1.1" 200 17
    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=7332722597180897050 HTTP/1
    .1" 200 2341
    25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0rand=3415396992694182025 HTTP/
    1.1" 200 17

    When my request goes through the load balancer I see the following in the HTTP logs:

    10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A
    rand=8279752507152372405AS=255HL=19 HTTP/1.1" 200 17
    10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0rand=1051450669479197885 HTTP
    /1.1" 200 17
    10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=6035654607615870287 HTTP/
    1.1" 200 5
    10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0rand=8245112057388607005 HTTP/
    1.1" 200 5

    Notice the time delay in some of the messages.

    The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:

    29-Sep-2006 16:31:43 o'clock IST Error RJVM BEA-000572 The server rejected a connection attempt JVMMessage from: '266014296
    868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
    :8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
    MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
    probably due to an incorrect firewall configuration or admin command.

    When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:

    Getting Initial context from ms01
    29-Sep-2006 16:29:22 o'clock IST Debug TLS 000000 SSL/Domestic license found
    29-Sep-2006 16:29:22 o'clock IST Debug TLS 000000 Not in server, Certicom SSL license found
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSL Session TTL :90000
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
    ore.keystore
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 Filtering JSSE SSLSocket
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 7860099
    29-Sep-2006 16:29:23 o'clock IST Debug TLS 000000 SSLSocket will NOT be Muxing
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 write SSL_20_RECORD
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 validationCallback: validateErr = 0
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 cert[0] = [
    [
    Version: V3
    Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
    0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
    Validity: [From: Mon May 31 16:45:21 BST 2004,
    To: Thu May 29 16:45:21 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 05]

    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
    0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
    0020: 65 e

    [2]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
    0010: 97 C5 DD F1 ....
    ]
    ]

    [3]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
    0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 j2Bw.D..@......U
    0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
    0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..

    ]
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 cert[1] = [
    [
    Version: V3
    Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
    53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
    Validity: [From: Mon May 31 15:22:15 BST 2004,
    To: Thu May 29 15:22:15 BST 2014]
    Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    SerialNumber: [ 00]

    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]
    ]

    [2]: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
    0010: AA 97 05 0D ....
    ]

    [CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
    SerialNumber: [ 00]
    ]

    [3]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 d....H.pt...,.s
    0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
    0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
    0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....

    ]
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 SSLTrustValidator returns: 0
    29-Sep-2006 16:29:24 o'clock IST Debug TLS 000000 Trust status (0): NONE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 Performing hostname validation checks: 10.51.0.1
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 70
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 16
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received CHANGE_CIPHER_SPEC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 received HANDSHAKE
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 0
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 write APPLICATION_DATA, offset = 0, length = 270
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 30340343 read(offset=0, length=2048)
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 isMuxerActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 SSLFilter.isActivated: false
    29-Sep-2006 16:29:28 o'clock IST Debug TLS 000000 32915800 SSL3/TLS MAC
    29-Sep-2006 16:29:28 o'clock IST Debug TL

  • RELEVANCY SCORE 2.80

    DB:2.80:Edge 6.1 Installation On Mac Os X 10.7.3 Fails 77



    Please give me a hint how I can get the new installation 6.1 on my MAC OS X 10.7.3 to run. The installer tells me that that I should de-install the older version of EDGE - that's what I did - restarted the MAC - but still the message.

  • RELEVANCY SCORE 2.78

    DB:2.78:Tls/Ssl Deferred Handshake dz


    I am trying to add TLS to an application using deferred handshake like described here: http://msdn.microsoft.com/en-us/library/aa922192.aspx After the handshake I always get the following error: a blocking operation is currently executing I am using asynchronous sockets only. This exception appears when I start an async receive while an async send operation is in progress and not completed yet. Are there any restrictions with SSL sockets on CF? Thanks, Alex

    Alexander Gnauck, AG-Software

    DB:2.78:Tls/Ssl Deferred Handshake dz

    I am trying to add TLS to an application using deferred handshake like described here: http://msdn.microsoft.com/en-us/library/aa922192.aspx After the handshake I always get the following error: a blocking operation is currently executing I am using asynchronous sockets only. This exception appears when I start an async receive while an async send operation is in progress and not completed yet. Are there any restrictions with SSL sockets on CF? Thanks, Alex

    Alexander Gnauck, AG-Software

  • RELEVANCY SCORE 2.78

    DB:2.78:Changed To At+T, Can't Access Mac Mail dz


    I got an error message saying server "p03-imap.mail.me.com" cannot be contacted on port 993. I had unchecked SSL checkbox, and that didn't make a difference. How do I find out what port to use for my icloud IMAP - 143 with SSL doesn't work..incoming is p03-imap.mail.me.comno TLS certificateThanks-I'm on a MacBook Pro - with Lion OS X 10.8.2Thanks for your excellent help!And Happy New Year!

    DB:2.78:Changed To At+T, Can't Access Mac Mail dz

    I had an issue where it wouldn't set up through iCloud prefs and had to do via Mail. Mail wouldn't set up the smtp server (outgoing) correctly, though. It eventually was fixed, and I don't think it was widespread.Theoretically, setting up through iCloud will gather the correct server information. Although Mail should do the same, also.

  • RELEVANCY SCORE 2.77

    DB:2.77:Tls Entourage pk


    I have OS X Leopard 10.5.8 and use Microsoft Entourage 12.3.2. I'm trying to configure TLS cetificate in my POP account. But I didn't see no place to configure this.
    I don't have inslaedX509Anchorsin my keychains. I didn't see no certificates available to install at my keychains to add.

    DB:2.77:Tls Entourage pk

    You need to get better instructions from your company administrator

  • RELEVANCY SCORE 2.77

    DB:2.77:Re: Handshake Fails For Clients Using Tls Extensions da


    Bizarre. I guess Java accepts the ClientHello TLS1.0 but it wouldn't accept 1.2 there. But on this evidence it both ignores and rejects the extra data in the header depending on who you are ...

    DB:2.77:Re: Handshake Fails For Clients Using Tls Extensions da

    Well, I parsed the packet by hand and it does indeed have 2 extensions which I would guess are ignored and thus should not cause a problem. I don't even know what the second extension (00 23) is, but the first one is a server_name extension. The server_name extension contains an invalid value according to the specs, but that doesn't appear to be what JSSE is complaining about, and wouldn't even be noticed if these were being ignored. So I'm still clueless.

  • RELEVANCY SCORE 2.75

    DB:2.75:Download Problem: Skype Disk Image Is Not Recognized On Mac kz



    Fist, It takes forever to download, and after the download is complete, the disc fails to open. As a result, I missed an important web conference!

    Mac OS X 10.6.8

    DB:2.75:Download Problem: Skype Disk Image Is Not Recognized On Mac kz


    Fist, It takes forever to download, and after the download is complete, the disc fails to open. As a result, I missed an important web conference!

    Mac OS X 10.6.8

  • RELEVANCY SCORE 2.75

    DB:2.75:Wls 8.1.4 Ssl Hanging c8


    Dear all,

    Could somebody please tell me, how to resolve this problem.

    my environment settings list below
    ========================================
    OS: Sun Solaris 5.8
    APP Server : Bea WebLogic 8.1.4
    JDK : Sun JDK 1.4.2_05
    SSL Certificate : 128 bits
    ========================================

    problem description
    ========================================
    1. First, startup wls server and check the ouput message about SSL debugging(e.g. SSLThread Listen on port 7002), everything is fine.

    2. When i open the browser(IE6.0) to connect to the wls admin console via https, there is no response in my browser, only a blank page.

    3. After that, i trying to check wls server's log file, the output is not expected as i run the same configuration on windows platform.

    messages on Windows list below, there are messages, like handshake, change_key_spec...etc.
    ======================================================
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 712593 SSL3/TLS MAC
    2005/8/12 025406 CST Debug TLS 000000 712593 received HANDSHA
    KE
    2005/8/12 025406 CST Debug TLS 000000 HANDSHAKEMESSAGE: Clien
    tHello
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 58
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 2414
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 4
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 712593 SSL3/TLS MAC
    2005/8/12 025406 CST Debug TLS 000000 712593 received HANDSHA
    KE
    2005/8/12 025406 CST Debug TLS 000000 HANDSHAKEMESSAGE: Clien
    tKeyExchange RSA
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    ======================================================

    messages on Solaris list below, it just breaks after "SSLFilter.isActivate() : false", there is no "SSL3/TLS MAC" message generated and the "ALERT" message appears immediatelly.

    No handshake and other activities could be found.
    ======================================================
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025507 CST Debug TLS 000000 NEW ALERT with Severity
    : WARNING, Type: 0
    java.lang.Exception: New alert stack
    =====================================================

    Thanks for any advices...

    Best Regards.

    DB:2.75:Wls 8.1.4 Ssl Hanging c8

    Dear all,

    Could somebody please tell me, how to resolve this problem.

    my environment settings list below
    ========================================
    OS: Sun Solaris 5.8
    APP Server : Bea WebLogic 8.1.4
    JDK : Sun JDK 1.4.2_05
    SSL Certificate : 128 bits
    ========================================

    problem description
    ========================================
    1. First, startup wls server and check the ouput message about SSL debugging(e.g. SSLThread Listen on port 7002), everything is fine.

    2. When i open the browser(IE6.0) to connect to the wls admin console via https, there is no response in my browser, only a blank page.

    3. After that, i trying to check wls server's log file, the output is not expected as i run the same configuration on windows platform.

    messages on Windows list below, there are messages, like handshake, change_key_spec...etc.
    ======================================================
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 712593 SSL3/TLS MAC
    2005/8/12 025406 CST Debug TLS 000000 712593 received HANDSHA
    KE
    2005/8/12 025406 CST Debug TLS 000000 HANDSHAKEMESSAGE: Clien
    tHello
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 58
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 2414
    2005/8/12 025406 CST Debug TLS 000000 write HANDSHAKE, offset
    = 0, length = 4
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 712593 SSL3/TLS MAC
    2005/8/12 025406 CST Debug TLS 000000 712593 received HANDSHA
    KE
    2005/8/12 025406 CST Debug TLS 000000 HANDSHAKEMESSAGE: Clien
    tKeyExchange RSA
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    ======================================================

    messages on Solaris list below, it just breaks after "SSLFilter.isActivate() : false", there is no "SSL3/TLS MAC" message generated and the "ALERT" message appears immediatelly.

    No handshake and other activities could be found.
    ======================================================
    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025406 CST Debug TLS 000000 isMuxerActivated: false

    2005/8/12 025406 CST Debug TLS 000000 SSLFilter.isActivated:
    false
    2005/8/12 025507 CST Debug TLS 000000 NEW ALERT with Severity
    : WARNING, Type: 0
    java.lang.Exception: New alert stack
    =====================================================

    Thanks for any advices...

    Best Regards.

  • RELEVANCY SCORE 2.75

    DB:2.75:Thread: Mac Tls Connection Errors 7z


    I saw another post in this forum on the following, but my question is

    where do you set the set the Delay Rebind Try in seconds to 0 on the

    client. the post follows

    We are having some success in authenticating with LDAP from MAC OS 10.3

    to Netware 6.5 edir 8.7.3 using TLS.

    But the LDAP trace on the server shows errors in connecting before a

    proper connection is finally established.Here is an exert from the LDAP

    trace -

    New TLS connection 0xa65ea380 from 128.232.254.6:49221, monitor =

    0x1aa,

    index

    19

    Monitor 0x1aa initiating TLS handshake on connection 0x8f9df000

    Monitor 0x1aa initiating TLS handshake on connection 0xa65ea380

    (128.232.254.6:49221)(0x0000:0*x00) DoTLSHandshake on connection

    0xa65ea380

    (128.232.254.6:49220)(0x0000:0*x00) DoTLSHandshake on connection

    0x8f9df000

    (128.232.254.6:49220)(0x0000:0*x00) TLS accept failure 5 on connection

    0x8f9df00

    , setting err = -5875. Error stack:

    (128.232.254.6:49220)(0x0000:0*x00) TLS handshake failed on connection

    0x8f9df00

    , err = -5875

    15:16:19

    Server closing connection 0x8f9df000, socket error = -5875

    Connection 0x8f9df000 closed

    (128.232.254.6:49221)(0x0000:0*x00) Completed TLS handshake on

    connection

    0xa65e

    Does anyone have any idea what is causing the errors above, namely -

    \'TLS accept failure 5 on connection 0x8f9df00, setting err = -5875\'.

    ?

    Charles

    reits...@denison.edu Jun 1 2004, 8:55 am show options

    Newsgroups: novell.support.native-file-access

    From: reits...@denison.edu - Find messages by this author

    Date: Tue, 01 Jun 2004 15:55:19 GMT

    Local: Tues, Jun 1 2004 8:55 am

    Subject: Mac TLS connection errors

    Reply to Author | Forward | Print | Individual Message | Show original

    | Report Abuse

    I put the notes on our experience at macosxlabs.org in their Wiki under

    Authentication and Directory Services:

    http://webcrossing.macosxlabs.*org/w...t.1@.*26bf4c24

    The two changes we needed to make were:

    1) set the Delay Rebind Try in seconds to 0 on the client

    2) use the SSL CertificateIP rather than the SSL CertificateDNS on the

    LDAP

    server

    DB:2.75:Thread: Mac Tls Connection Errors 7z

    Amills,

    It appears that in the past few days you have not received a response to your

    posting. That concerns us, and has triggered this automated reply.

    Has your problem been resolved? If not, you might try one of the following options:

    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp

    - Check all of the other support tools and options available at

    http://support.novell.com.

    - You could also try posting your message again. Make sure it is posted in the

    correct newsgroup. (http://support.novell.com/forums)

    Be sure to read the forum FAQ about what to expect in the way of responses:

    http://support.novell.com/forums/faq_general.html

    If this is a reply to a duplicate posting, please ignore and accept our apologies

    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your Novell Product Support Forums Team

    http://support.novell.com/forums/

  • RELEVANCY SCORE 2.75

    DB:2.75:Ssl Woes - Bea-090500 Decrypt_Error sx


    pHello,/p

    pWe have had a break out of an intermittant SSL Problem. The error is most commonly present when a WLS 8.1 SP4 cluster is started and then a single server is removed from the cluster and trys to rejoin it./p

    pThis can be as a result of restarting the server or due to lost multicast packets. The odd thing is that the problem is less lickley to occur when all servers in the cluster are started individually, often its not present at all./p

    pHere are the logs with SSL and Cluster debug:/p

    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLTrustValidator returns: 0
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Trust status (0): NONE
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Performing hostname validation checks: REMOVED HOST NAME BY HOOS
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 isMuxerActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 SSL3/TLS MAC
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 received HANDSHAKE
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 HANDSHAKEMESSAGE: CertificateRequest
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 isMuxerActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 SSL3/TLS MAC
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 received HANDSHAKE
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 HANDSHAKEMESSAGE: ServerHelloDone
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 2484
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 262
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Private key class is com.sun.net.ssl.internal.ssl.JSA_RSAPrivateKey
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Using standard Certicom CertificateVerify code
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 262
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 16
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 isMuxerActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 SSL3/TLS MAC

    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 22516384 received ALERT
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 NEW ALERT with Severity: FATAL, Type: 51
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
    at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
    at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:110)
    at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:308)
    at weblogic.cluster.MemberManager.waitForSync(MemberManager.java:226)
    at weblogic.cluster.MemberManager.waitToSyncWithCurrentMembers(MemberManager.java:167)
    at weblogic.cluster.ClusterCommunicationService.initialize(ClusterCommunicationService.java:58)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:924)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
    at weblogic.Server.main(Server.java:32)
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@c98337
    ####18-Nov-2005 15:25:22 o'clock GMT Warning Security box1 server1 main WLS Kernel BEA-090500 DECRYPT_ERROR alert received from server1 - 0.0.0.0. A decryption error occurred during the SSL handshake.
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 close(): 31617329
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLIOContextTable.removeContext(ctx): 31982318
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 Filtering JSSE SSLSocket
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLIOContextTable.addContext(ctx): 4779087
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLSocket will be Muxing
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 write SSL_20_RECORD
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 isMuxerActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 26597493 SSL3/TLS MAC
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 26597493 received HANDSHAKE
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 HANDSHAKEMESSAGE: ServerHello
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 isMuxerActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 SSLFilter.isActivated: false
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 26597493 SSL3/TLS MAC
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 26597493 received HANDSHAKE
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 HANDSHAKEMESSAGE: Certificate
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 validationCallback: validateErr = 0
    ####18-Nov-2005 15:25:22 o'clock GMT Debug TLS box1 server1 main WLS Kernel 000000 cert[0] = [ pHas anyone else come across this or can anyone suggest anything we can try that has not already been suggested in BEA docs, trouble shooting patterns or BEA support web site?/p

    pWe also have a support case open on this but so far we have had made little progress./p
    p
    Hussein Badakhchani/br
    /p

    DB:2.75:Ssl Woes - Bea-090500 Decrypt_Error sx

    pHello Pavel/b

    pThanks for the response but we managed to find the solution to this a while ago. I have not updated this post with the fix yet as it was such a problematic issue I decided to write a blog on it. the full story on the problem will be published on my blog in the next week or so: http://dev2dev.bea.com/blog/hoos//p

    pThe fix was to change the server SSL connection details from "Certificate requested but not enforced" to "client certs not requested". This problem only seems to affect WLS8.1sp4 in combination with out certificates which do not specifiy usage./p
    p
    Hussein Badakhchani/br
    /p

  • RELEVANCY SCORE 2.74

    DB:2.74:Skydrive 17.0 For Mac Crashes j3


    Installing the update from the previous version fails, but also manual installation doesn't work on my iMac OS X 10.7.5, It works on a macbook with the same OS X version though.

    DB:2.74:Skydrive 17.0 For Mac Crashes j3

    Hi Ton,

    You have submitted your request to the Dutch Support forum.
    To receive support in English, please change your profile language: Click on the Language at the bottom left of this page and select the preferrred language.
    If you prefer to receive support in Dutch, please reply to this post and write the problem description in Dutch.

    Regards,

    Marina R

    Hallo Ton,

    Je hebt je vraag in het Nederlandstalige forum gesteld.
    Om ondersteuning te krijgen in de taal van je keuze moet je de profiel instellingen veranderen. Klik op de Taal linksonderaan en selecteer de gewenste taal. Als je liever hulp in het Nederlands ontvangt, geef dan antwoord met een beschrijving van het probleem
    in het Nederlands.

    Groetjes,
    Marina R

  • RELEVANCY SCORE 2.74

    DB:2.74:Thread: Ifolder Admin Login Failed 3k


    I recently upgraded from NW6.0sp4 to NW6.5sp3. I installed iFolder on

    this box. Whenever I try to login to the Global Setting page I receive

    the following error message.

    Your Previous Login Failed.

    I have done a dstrace with +LDAP and the following is the output from the

    trace.

    Duplicate LDAP attribute name: groupID (ignored)

    NDS attribute staticMember does not exist, mapping ignored

    Duplicate LDAP class name: aliasObject (ignored)

    LDAP Agent for Novell eDirectory 8.7.3.5 (10553.05) started

    Updating server configuration

    Work info status: Total:2 Peak:2 Busy:0

    Thread pool status: Total:2 Peak:2 Busy:2

    Listener applying new configuration

    Listener setting up cleartext port 389

    Adding TLS module dependencies

    TLS initialized successfully

    TLS configured successfully

    Listener setting up TLS port 636

    Adding SASL module dependencies

    SASL initialized successfully

    SASL configured successfully

    Created new monitor 0x0

    New TLS connection 0x62e9a7e0 from 10.10.0.16:2197, monitor = 0x0, index

    = 1

    Monitor 0x55a started

    Monitor 0x55a initiating TLS handshake on connection 0x62e9a7e0

    DoTLSHandshake on connection 0x62e9a7e0

    Completed TLS handshake on connection 0x62e9a7e0

    New TLS connection 0x62e9a9a0 from 10.10.0.16:2198, monitor = 0x55a,

    index = 2

    Monitor 0x55a initiating TLS handshake on connection 0x62e9a9a0

    Connection 0x62e9a7e0 closed

    DoTLSHandshake on connection 0x62e9a9a0

    Completed TLS handshake on connection 0x62e9a9a0

    ..

    ..

    ..

    Monitor 0x55a initiating TLS handshake on connection 0x66d077e0

    DoTLSHandshake on connection 0x66d077e0

    TLS accept failure 1 on connection 0x66d077e0, setting err = -5875. Error

    stack:

    error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad

    certificate - SSL alert number 42

    TLS handshake failed on connection 0x66d077e0, err = -5875

    Server closing connection 0x66d077e0, socket error = -5875

    Connection 0x66d077e0 closed

    New TLS connection 0x66d077e0 from 10.10.0.16:2293, monitor = 0x55a,

    index = 9

    Monitor 0x55a initiating TLS handshake on connection 0x66d077e0

    DoTLSHandshake on connection 0x66d077e0

    TLS accept failure 1 on connection 0x66d077e0, setting err = -5875. Error

    stack:

    error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad

    certificate - SSL alert number 42

    TLS handshake failed on connection 0x66d077e0, err = -5875

    Server closing connection 0x66d077e0, socket error = -5875

    Connection 0x66d077e0 closed

    Any clues as to what is causing this and how I can fix this issue?

    I have read several TID\'s and none offer any help.

    DB:2.74:Thread: Ifolder Admin Login Failed 3k

    ,

    error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad

    certificate - SSL alert number 42

    You have an SSL handshake error when iFolder tries LDAP. Did you

    install iFolder when that server was 6.0 or after upgrading to 6.5?

    If iFolder and LDAP are on the same physical box, then just use the

    cleartext port for LDAP. You can also check that your certificates are

    OK with PKIDIAG.

    - Anders Gustafsson, Engineer, CNE6, ASE

    NSC Volunteer Sysop

    Pedago, The Aaland Islands (N60 E20)

    Novell does not monitor these forums officially.

    Enhancement requests for all Novell products may be made at

    http://support.novell.com/enhancement

    Using VA 5.51 build 315 on Windows 2000 build 2195

  • RELEVANCY SCORE 2.73

    DB:2.73:Authenticated Push Notifications Failing Randomly (403 Forbidden) k3


    Hello, my question is regarding to authenticated push notifications using Microsoft Push Notification Service (MPNS)

    We have taken all the necessary steps for setting the authentication via client certificate and it's working (well, sometimes). We're also testing the notifications in ASP.NET, Java and with the curl command line client. For testing purposes
    I will illustrate the case of curl (which behaves exactly the same in all the other platforms/languages). Just to clarify, priorly our certificate has been uploaded to our Dev Account properly and the Windows Phone application uses the certificate's Common
    Name (CN) in order to create the push channel.

    curl --cert P:\cert.pem:PASSWORD -v -H Content-Type:text/xml -H X-WindowsPhone-Target:To
    ast -H X-NotificationClass:2 -X POST -d ?xml version='1.0' encoding='utf-8'?wp:Notification xmlns:wp='WPNotification'wp:Toastwp:Text1My title/wp:Text1wp:Text2My subtitle/wp:Text2/wp:Toast/wp:Notification
    https://am3.notify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
    AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
    The notification is correctly delivered and MPNS responds as follows:
    HTTP/1.1 200 OK
    Cache-Control: private
    Server: Microsoft-IIS/7.5
    X-DeviceConnectionStatus: Connected
    X-NotificationStatus: Received
    X-SubscriptionStatus: Active
    X-MessageID: 00000000-0000-0000-0000-000000000000
    ActivityId: da569bb0-9e91-435d-bdc4-713b149d7c9e
    X-Server: AM3MPNSM039
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    Date: Thu, 22 May 2014 09:33:01 GMT

    But it turns out that the exact same command with a different Push URI from another device with the exact same application results in a 403 Forbidden from the server.
    HTTP/1.1 403 Forbidden
    Server Microsoft-IIS/8.0 is not blacklisted
    Server: Microsoft-IIS/8.0
    Date: Thu, 22 May 2014 09:38:38 GMT

    We're quite sure that it's not an implementation problem of ours. We would be very grateful if someone could debug the MPNS backend with the details that we provide. Here are the full logs of the mentioned erroneous activity:

    C:\Users\Usercurl --cert P:\cert.pem:PASSWORD -v -H Content-Type:text/xml -H X-WindowsPhone-Target:To
    ast -H X-NotificationClass:2 -X POST -d ?xml version='1.0' encoding='utf-8'
    ?wp:Notification xmlns:wp='WPNotification'wp:Toastwp:Text1My title/wp:Te
    xt1wp:Text2My subtitle/wp:Text2/wp:Toast/wp:Notification https://am3.n
    otify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
    AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
    * Adding handle: conn: 0x1d587c8
    * Adding handle: send: 0
    * Adding handle: recv: 0
    * Curl_addHandleToPipeline: length: 1
    * - Conn 0 (0x1d587c8) send_pipe: 1, recv_pipe: 0
    * About to connect() to am3.notify.live.net port 443 (#0)
    * Trying 134.170.65.250...
    * Connected to am3.notify.live.net (134.170.65.250) port 443 (#0)
    * successfully set certificate verify locations:
    * CAfile: C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
    CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using AES128-SHA
    * Server certificate:
    * subject: CN=*.push.live.net
    * start date: 2013-07-25 17:54:35 GMT
    * expire date: 2015-07-25 17:54:35 GMT
    * subjectAltName: am3.notify.live.net matched
    * issuer: DC=com; DC=microsoft; DC=corp; DC=redmond; CN=MSIT Machine Auth
    CA 2
    * SSL certificate verify ok.
    POST /unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAAAQUZm52
    OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ HTTP/1.1
    User-Agent: curl/7.30.0
    Host: am3.notify.live.net
    Accept: */*
    Content-Type:text/xml
    X-WindowsPhone-Target:Toast
    X-NotificationClass:2
    Content-Length: 181

    * upload completely sent off: 181 out of 181 bytes
    * SSLv3, TLS handshake, Hello request (0):
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Request CERT (13):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS handshake, CERT verify (15):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    HTTP/1.1 200 OK
    Cache-Control: private
    * Server Microsoft-IIS/7.5 is not blacklisted
    Server: Microsoft-IIS/7.5
    X-DeviceConnectionStatus: Connected
    X-NotificationStatus: Received
    X-SubscriptionStatus: Active
    X-MessageID: 00000000-0000-0000-0000-000000000000
    ActivityId: da569bb0-9e91-435d-bdc4-713b149d7c9e
    X-Server: AM3MPNSM039
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    Date: Thu, 22 May 2014 09:33:01 GMT
    Content-Length: 0

    * Connection #0 to host am3.notify.live.net left intact

    C:\Users\User

    C:\Users\Usercurl --cert P:\cert.pem:PASSWORD -v -H Content-Type:text/xml -H X-WindowsPhone-Target:To
    ast -H X-NotificationClass:2 -X POST -d ?xml version='1.0' encoding='utf-8'
    ?wp:Notification xmlns:wp='WPNotification'wp:Toastwp:Text1My title/wp:Te
    xt1wp:Text2My subtitle/wp:Text2/wp:Toast/wp:Notification https://s.not
    ify.live.net/a/1/db3/HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYS
    a2Zrh-l4XQ6neDbaO1AKTH5e8Cu7xK7q0/Ki5lbGV2ZW5wYXRocy5jb20/z_WezOv9DUCOV9vM1QvcWA
    /YCNL3xsxS6bCPEBEmHGgfZS3NsA
    * Adding handle: conn: 0x678948
    * Adding handle: send: 0
    * Adding handle: recv: 0
    * Curl_addHandleToPipeline: length: 1
    * - Conn 0 (0x678948) send_pipe: 1, recv_pipe: 0
    * About to connect() to s.notify.live.net port 443 (#0)
    * Trying 168.63.29.91...
    * Connected to s.notify.live.net (168.63.29.91) port 443 (#0)
    * successfully set certificate verify locations:
    * CAfile: C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
    CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using AES128-SHA
    * Server certificate:
    * subject: CN=*.push.live.net
    * start date: 2013-07-25 17:54:35 GMT
    * expire date: 2015-07-25 17:54:35 GMT
    * subjectAltName: s.notify.live.net matched
    * issuer: DC=com; DC=microsoft; DC=corp; DC=redmond; CN=MSIT Machine Auth
    CA 2
    * SSL certificate verify ok.
    POST /a/1/db3/HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYSa2Zrh
    -l4XQ6neDbaO1AKTH5e8Cu7xK7q0/Ki5lbGV2ZW5wYXRocy5jb20/z_WezOv9DUCOV9vM1QvcWA/YCNL
    3xsxS6bCPEBEmHGgfZS3NsA HTTP/1.1
    User-Agent: curl/7.30.0
    Host: s.notify.live.net
    Accept: */*
    Content-Type:text/xml
    X-WindowsPhone-Target:Toast
    X-NotificationClass:2
    Content-Length: 181

    * upload completely sent off: 181 out of 181 bytes
    * SSLv3, TLS handshake, Hello request (0):
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Request CERT (13):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS handshake, CERT verify (15):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    HTTP/1.1 403 Forbidden
    * Server Microsoft-IIS/8.0 is not blacklisted
    Server: Microsoft-IIS/8.0
    Date: Thu, 22 May 2014 09:38:38 GMT
    Content-Length: 0

    * Connection #0 to host s.notify.live.net left intact

    Thank you in advance

    DB:2.73:Authenticated Push Notifications Failing Randomly (403 Forbidden) k3

    It has to be on the list specified or it will not work.Jeff Sanders (MSFT)

    @jsandersrocks - Windows Store Developer Solutions
    @WSDevSol
    Getting Started With Windows Azure Mobile Services development?
    Click here
    Getting Started With Windows Phone or Store app development?
    Click here
    My Team Blog: Windows Store & Phone Developer Solutions
    My Blog: Http Client Protocol Issues (and other fun stuff I support)

  • RELEVANCY SCORE 2.73

    DB:2.73:802.1x Using Funks Odyssey Client, Acs3.3 Ldap Using Eap-Tls jk



    Hi Sir,

    Anyone knows how to configure 802.1x using EAP-TLS authentication?

    I'm setting up a demo at my customer site using the following components:

    (1) Windows 98 SE notebook and Funk's Odyssey Client v3.03 (30-day trial) as the Supplicant.

    (2) Cisco Catalyst 2950 Switch as the Authenticator.

    (3) CiscoSecure ACS v3.3 Trial as the Authentication Server.

    (4) My customer's live LDAP server as External User Database.

    I'm using Generic LDAP to interface with my customer's live LDAP. Customer created a test user entry in the LDAP. There's no account on ACS internal database. The integration tested okay because I'm doing "aaa authentication login" on the CAT2950 and I'm able to log in using the test account.

    I understand LDAP supports only EAP-TLS, Cisco PEAP (EAP-GTC), and EAP-FAST Phase Two, as far as integration with ACS is concerned. Odyssey client's only option, in this case, is EAP-TLS.

    My ACS generates a self-signed cert (CN = server1). I copied the cert file to my Win98 notebook. Using Certificate Manager, I imported it to Personal (required by Odyssey) and Trusted Root Certification Authorities. I point to this cert in Odyssey client (I got the error "You do not have a private key that corresponds to this certificate". Anyhow, I still proceed). Please see screenshots of Odyssey configuration, as attached. On ACS, I ticked everything under EAP-TLS.

    Odyssey fails the 802.1x authentication. It reports "Client issued alert 40 (handshake failure)". ACS reports "EAP-TLS or PEAP authentication failed during SSL handshake".

    What did I miss in the setup or is my setup correct at all? Do I need to set anything on the LDAP, e.g. attach the cert to the user entry, etc?

    Please help.

    Thank you.

    B.Rgds,

    Lim TS

    DB:2.73:802.1x Using Funks Odyssey Client, Acs3.3 Ldap Using Eap-Tls jk


    I am not really sure if this will work with a trial version.

  • RELEVANCY SCORE 2.72

    DB:2.72:Encryption Fails Between Uc520 And Cisco Ip Phone 7942 8m



    I am trying to get encryption set up for all the phones.

    The whole setup for encryption on the UC520 itself appears to go fine, no errors and all the cert chains appear to be created.

    However, it falls just short of registering the phone; a phone which has been fully registered and is functional without encryption.

    It gets the locale and IP but then it fails with:

    027676: Sep 18 19:08:12.498 EDT: New Skinny socket accepted [2] from 1, sub 1 (26 active)

    027677: Sep 18 19:08:12.498 EDT: sin_family 2, sin_port 51395, in_addr x.x.x.x

    027678: Sep 18 19:08:12.502 EDT: add_skinny_secure_socket: pid =337, new_sock=0, ip address = x.x.x.x

    027679: Sep 18 19:08:12.502 EDT: skinny_secure_handshake: pid =337, sock=0, args-pid=337, ip address = x.x.x.x

    027680: Sep 18 19:08:12.502 EDT: Start TLS Handshake 0 x.x.x.x 51395

    027681: Sep 18 19:08:12.502 EDT: TLS Handshake retcode OPSSLReadWouldBlockErr

    027682: Sep 18 19:08:13.502 EDT: TLS Handshake error -6992

    027683: Sep 18 19:08:13.502 EDT: TLS context configuration FAILED for 0 x.x.x.x 51395

    This is the basic test phone setup:

    ephone  36

    device-security-mode encrypted

    capf-auth-str xxxx

    cert-oper upgrade auth-mode auth-string

    mac-address x.x.x

    ephone-template 16

    username "x" password x

    type 7942

    button  1:130

    I've tried using the MIC as well, but no luck.

    Any suggestions or directoins to look in?

    DB:2.72:Encryption Fails Between Uc520 And Cisco Ip Phone 7942 8m


    Perhaps following link will help:

    https://supportforums.cisco.com/docs/DOC-21867

    HTH

    -- Jorge Armijo Please remember to rate helpful responses and identify helpful or correct answers.

  • RELEVANCY SCORE 2.71

    DB:2.71:Ise 1.2 Eap-Tls Handshake To External Radius jp



    Hi everyone!

    I'm trying to implement ISE to authenticate a wireless network using a cisco WLC 5508, I have an ISE virtual Appliance version 1.2  and a WLC 5508 version 7.6 with several 3602e Access Points (20 aproximately).

    Right now they are authenticating with a RADIUS Server (which I don't manage, it's out of my scope), the WLC uses this RADIUS Server to authenticate using 802.1x and EAP-TLS (which means the clients need to have a valid certificate and be in the RADIUS database which is integrated to the Active Directory), I can't touch the CA either. So now I need to authenticate using Cisco ISE instead of the RADIUS Server (at least directly), the problem is that for "security" reasons or whatever they don't let me integrate the ISE to the CA, so I added the RADIUS server as an external identity source and made my authentication Policy rule pointing at it, like this:

    If: Wireless_802.1X          Allow Protocols: Default Network Access          Use: RADIUS

    Then I added ISE as a RADIUS Server on my WLC and made a Test SSID 802.1X pointing to ISE to authenticate and all that, I did some tests and I got this error:

    12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate

    Which means the clients are trying to do the EAP-TLS Process to validate the certificate with the Cisco ISE (but ISE does not have the certificate because they won't let me integrate to the CA directly) so it fails. Is there any way I can do something to redirect that EAP-TLS handshake to the exernal RADIUS Server? Making ISE kind of like a connecting point only for the authentication, I realize it's not the best scenario but giving the circumstances it's the best I can do for now, later on I will add the AD to ISE and start creating some authorization policies based on that, but right now I just want them to authenticate.

    Any help is appreciated, thanks in advance!

    DB:2.71:Ise 1.2 Eap-Tls Handshake To External Radius jp


    Ok so it's in the supplicant, doesn't that mean that it will do the EAP-TLS process without validating the certificate? neither in ISE or the external RADIUS Server?

  • RELEVANCY SCORE 2.71

    DB:2.71:Mac Os X&Nbsp; And Wireless Eap-Tls Machine Authentication pz


    Hello
    Our wireless network use WPA2 Enterprise (802.1x EAP-TLS with machine only authentication). Certificates enrolled from Microsoft CA (with computer template). I have problem with authentication, because MacOS doesn't have setting to choose machine authentication (on RADIUS server side (Cisco ACS) auth request from Mac appears as user request not machine (without host/ prefix). Does anyone fix this issue?

    Regards,
    Stas

    DB:2.71:Mac Os X&Nbsp; And Wireless Eap-Tls Machine Authentication pz

    I agree, None of my OS X 10.6.1 machines will produce a machine password. Apple does not see to understand how Machine Auth works.

  • RELEVANCY SCORE 2.68

    DB:2.68:Starttls Failures Post 10.5 To 10.6 Migration c8


    We have migrated our 10.5.8 OD server to 10.6.3 via the install DVD's migration feature. Post-migration LDAP+TLS fails on 10.5 and 10.6 Mac clients, CentOS, Debian and FreeBSD clients.

    ldap.conf has TLS_REQCERT set to never.

    /etc/openldap/slapd_macosxserver.conf TLS settings:
    TLSCertificatePassphraseTool "/usr/sbin/certadmin --get-private-key-passphrase /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. key.pem"
    TLSCertificateFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. cert.pem
    TLSCertificateKeyFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. key.pem
    TLSCACertificateFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. chain.pem

    We can verify the trust of the certs via openssl s_client -connect gnome.darkhorse.com:636 -showcerts -state

    CONNECTED(00000003)
    SSL_connect:before/connect initialization
    SSL_connect:SSLv2/v3 write client hello A
    SSL_connect:SSLv3 read server hello A
    depth=1 /C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    SSL_connect:SSLv3 read server certificate A
    SSL_connect:SSLv3 read server done A
    SSL_connect:SSLv3 write client key exchange A
    SSL_connect:SSLv3 write change cipher spec A
    SSL_connect:SSLv3 write finished A
    SSL_connect:SSLv3 flush data
    SSL_connect:SSLv3 read finished A
    ---
    Certificate chain
    0 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com/emailAddress=hostmaster@darkhorse.com
    i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    -----BEGIN CERTIFICATE-----
    CLIPPED
    -----END CERTIFICATE-----
    1 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    -----BEGIN CERTIFICATE-----
    CLIPPED
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com/emailAddress=hostmaster@darkhorse.com
    issuer=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2640 bytes and written 325 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 1024 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : AES256-SHA
    Session-ID: 654B7294D9FAAE7FE553E5513172D78F02132946DC61B8FB192CDAB30E87B22C
    Session-ID-ctx:
    Master-Key: D8354A0742DAFEDB68E27E535FB6F5F998FFD7ED8F39429491D581F84314769811D0E5EACB22309 72D52CF4CF360D245
    Key-Arg : None
    Start Time: 1271264425
    Timeout : 300 (sec)
    Verify return code: 0 (ok)

    Using the check from Apple's documentation:
    ldapsearch -LLL -x -H ldaps://gnome.darkhorse.com -b "dc=darkhorse,dc=com" succeeds.

    However, using ldapsearch -h gnome.darkhorse.com -ZZZ -x -b "dc=darkhorse,dc=com" '(uid=donaldr)' returns ldapstarttls: Protocol error (2)

    This has been repeatable with the default cert and the migrated self signed cert. The server in question has an ethernet interface with two IPs assigned to it, checkhost name returns no errors.

    Any advice on addtional tests and especially pointers to the differences between 10.5/LDAP 10.6 LDAP handling of TLS would be aprreciated.

    Has anyone experienced any SSL/TLS issues post 10.6 OD migration?

    Message was edited by: wjstevens

    DB:2.68:Starttls Failures Post 10.5 To 10.6 Migration c8

    We have migrated our 10.5.8 OD server to 10.6.3 via the install DVD's migration feature. Post-migration LDAP+TLS fails on 10.5 and 10.6 Mac clients, CentOS, Debian and FreeBSD clients.

    ldap.conf has TLS_REQCERT set to never.

    /etc/openldap/slapd_macosxserver.conf TLS settings:
    TLSCertificatePassphraseTool "/usr/sbin/certadmin --get-private-key-passphrase /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. key.pem"
    TLSCertificateFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. cert.pem
    TLSCertificateKeyFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. key.pem
    TLSCACertificateFile /etc/certificates/gnome.darkhorse.com.794BB9A8C58B9E8517C0E02ABFEC9DF9AB635720. chain.pem

    We can verify the trust of the certs via openssl s_client -connect gnome.darkhorse.com:636 -showcerts -state

    CONNECTED(00000003)
    SSL_connect:before/connect initialization
    SSL_connect:SSLv2/v3 write client hello A
    SSL_connect:SSLv3 read server hello A
    depth=1 /C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    SSL_connect:SSLv3 read server certificate A
    SSL_connect:SSLv3 read server done A
    SSL_connect:SSLv3 write client key exchange A
    SSL_connect:SSLv3 write change cipher spec A
    SSL_connect:SSLv3 write finished A
    SSL_connect:SSLv3 flush data
    SSL_connect:SSLv3 read finished A
    ---
    Certificate chain
    0 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com/emailAddress=hostmaster@darkhorse.com
    i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    -----BEGIN CERTIFICATE-----
    CLIPPED
    -----END CERTIFICATE-----
    1 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    -----BEGIN CERTIFICATE-----
    CLIPPED
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com/emailAddress=hostmaster@darkhorse.com
    issuer=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department/emailAddress=hostmaster@darkhorse.com
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2640 bytes and written 325 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 1024 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : AES256-SHA
    Session-ID: 654B7294D9FAAE7FE553E5513172D78F02132946DC61B8FB192CDAB30E87B22C
    Session-ID-ctx:
    Master-Key: D8354A0742DAFEDB68E27E535FB6F5F998FFD7ED8F39429491D581F84314769811D0E5EACB22309 72D52CF4CF360D245
    Key-Arg : None
    Start Time: 1271264425
    Timeout : 300 (sec)
    Verify return code: 0 (ok)

    Using the check from Apple's documentation:
    ldapsearch -LLL -x -H ldaps://gnome.darkhorse.com -b "dc=darkhorse,dc=com" succeeds.

    However, using ldapsearch -h gnome.darkhorse.com -ZZZ -x -b "dc=darkhorse,dc=com" '(uid=donaldr)' returns ldapstarttls: Protocol error (2)

    This has been repeatable with the default cert and the migrated self signed cert. The server in question has an ethernet interface with two IPs assigned to it, checkhost name returns no errors.

    Any advice on addtional tests and especially pointers to the differences between 10.5/LDAP 10.6 LDAP handling of TLS would be aprreciated.

    Has anyone experienced any SSL/TLS issues post 10.6 OD migration?

    Message was edited by: wjstevens

  • RELEVANCY SCORE 2.68

    DB:2.68:Tls Handshake 19


    The TLS handshake is stuckTLS handshake is stuck at SSLv3, TLS handshake, CERT(11)

    DB:2.68:Tls Handshake 19

    The TLS handshake is stuckTLS handshake is stuck at SSLv3, TLS handshake, CERT(11)

  • RELEVANCY SCORE 2.67

    DB:2.67:Ssl Problem - Need Help Interpreting Ssl Logs az


    Hello -

    We have a Weblogic server which up to now has been working fine using 2-way SSL authentication with its clients. The certificates are self-signed. The problem is as follows:

    We have created a new certificate and installed it on the Weblogic server, and also created a corresponding client certificate (P7B format) and installed it on the client. Whenever the client contacts the server, the following SSL log is generated.

    I have some questions:
    - Is the certificate shown in the log file (which I have mangled before posting for confidentiality) one sent from the client, or from the server?

    - As far as I can see, this is a healthy SSL handshake, but no data flows between client and server afterwards. Why?

    - The client, a Windows CE device, only reports this error:
    12045 (ERROR_INTERNET_INVALID_CA). Does that correspond to the server logs?

    Thanks, log follows.

    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 19313712 SSL Version 2 with no padding
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received SSL_20_RECORD
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: ClientHelloV2
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 58
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 456
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 6816
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 4
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received HANDSHAKE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: Certificate
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 validationCallback: validateErr = 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 cert[0] = [
    [
    Version: V3
    Subject: CN=videv01.corp.acme.acme.uk
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    946139c9 00ac3b43 946139c9 946139c9 946139c9 946139c9 946139c9 946139c9
    d26f3579 8e246cfb 11fedc18 2a713e95 858548b7 49585fc3 b5630922 946139c9
    2ba739c0 946139c9 37984e9c 9597916e 5516e593 bda36edf 180f0abb 946139c9
    946139c9 946139c9 7d52e22a 946139c9 1b1a41f1 eec07e3c fccf1bf5 9fe0b403
    Validity: [From: Mon Nov 05 00:00:00 GMT 2007,
    To: Sun Feb 15 00:00:00 GMT 2009]
    Issuer: CN=videv01.corp.acme.acme.uk
    SerialNumber: [ 01]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0010: 08 F6 0E 88 40 03 EF 9A 6F 85 18 AD EF 11 61 6B abfababgvabd0.os
    0020: 08 F6 0E 88 40 03 EF 9A 39 63 98 70 B2 A7 25 D6 abfababgvabd0.os
    0030: 08 F6 0E 88 40 03 EF 9A 44 36 C2 DB 30 71 AF 80 abfababgvabd0.os
    0040: 08 F6 0E 88 40 03 EF 9A E4 AE F7 7F 32 23 2D 06 abfababgvabd0.os
    0050: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0060: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0070: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os

    ]
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLTrustValidator returns: 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 Trust status (0): NONE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: ClientKeyExchange RSA
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: CertificateVerify
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received CHANGE_CIPHER_SPEC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received HANDSHAKE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: Finished
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 40
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLIOContextTable.findContext(sock): 24819090
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 activateNoRegister()
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 avalable(): 19313712 : 0 + 0 = 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.activate(): activated: 23244214 18846388
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:290)
    at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:628)
    at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:592)
    at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:544)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:727)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:651)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 avalable(): 19313712 : 0 + 0 = 0
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 write ALERT, offset = 0, length = 2
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 SSLIOContextTable.removeContext(ctx): 15565752
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 Filtering JSSE SSLSocket
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 SSLIOContextTable.addContext(ctx): 24133698
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 SSLSocket will be Muxing
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 12541623 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 12541623 received HANDSHAKE

    DB:2.67:Ssl Problem - Need Help Interpreting Ssl Logs az

    Hello -

    We have a Weblogic server which up to now has been working fine using 2-way SSL authentication with its clients. The certificates are self-signed. The problem is as follows:

    We have created a new certificate and installed it on the Weblogic server, and also created a corresponding client certificate (P7B format) and installed it on the client. Whenever the client contacts the server, the following SSL log is generated.

    I have some questions:
    - Is the certificate shown in the log file (which I have mangled before posting for confidentiality) one sent from the client, or from the server?

    - As far as I can see, this is a healthy SSL handshake, but no data flows between client and server afterwards. Why?

    - The client, a Windows CE device, only reports this error:
    12045 (ERROR_INTERNET_INVALID_CA). Does that correspond to the server logs?

    Thanks, log follows.

    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 19313712 SSL Version 2 with no padding
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received SSL_20_RECORD
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: ClientHelloV2
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 58
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 456
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 6816
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 4
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:11 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received HANDSHAKE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: Certificate
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 validationCallback: validateErr = 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 cert[0] = [
    [
    Version: V3
    Subject: CN=videv01.corp.acme.acme.uk
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    946139c9 00ac3b43 946139c9 946139c9 946139c9 946139c9 946139c9 946139c9
    d26f3579 8e246cfb 11fedc18 2a713e95 858548b7 49585fc3 b5630922 946139c9
    2ba739c0 946139c9 37984e9c 9597916e 5516e593 bda36edf 180f0abb 946139c9
    946139c9 946139c9 7d52e22a 946139c9 1b1a41f1 eec07e3c fccf1bf5 9fe0b403
    Validity: [From: Mon Nov 05 00:00:00 GMT 2007,
    To: Sun Feb 15 00:00:00 GMT 2009]
    Issuer: CN=videv01.corp.acme.acme.uk
    SerialNumber: [ 01]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0010: 08 F6 0E 88 40 03 EF 9A 6F 85 18 AD EF 11 61 6B abfababgvabd0.os
    0020: 08 F6 0E 88 40 03 EF 9A 39 63 98 70 B2 A7 25 D6 abfababgvabd0.os
    0030: 08 F6 0E 88 40 03 EF 9A 44 36 C2 DB 30 71 AF 80 abfababgvabd0.os
    0040: 08 F6 0E 88 40 03 EF 9A E4 AE F7 7F 32 23 2D 06 abfababgvabd0.os
    0050: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0060: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os
    0070: 08 F6 0E 88 40 03 EF 9A 08 F6 0E 88 40 03 EF 9A abfababgvabd0.os

    ]
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLTrustValidator returns: 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 Trust status (0): NONE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: ClientKeyExchange RSA
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: CertificateVerify
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received CHANGE_CIPHER_SPEC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 33541463 received HANDSHAKE
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 HANDSHAKEMESSAGE: Finished
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write CHANGE_CIPHER_SPEC, offset = 0, length = 1
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 write HANDSHAKE, offset = 0, length = 40
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLIOContextTable.findContext(sock): 24819090
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 activateNoRegister()
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 avalable(): 19313712 : 0 + 0 = 0
    ####Nov 30, 2007 11:14:14 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.activate(): activated: 23244214 18846388
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:290)
    at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:628)
    at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:592)
    at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:544)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:727)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:651)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 avalable(): 19313712 : 0 + 0 = 0
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 write ALERT, offset = 0, length = 2
    ####Nov 30, 2007 11:14:15 AM GMT Debug TLS acme.com acServer ExecuteThread: '2' for queue: 'weblogic.socket.Muxer' WLS Kernel 000000 SSLIOContextTable.removeContext(ctx): 15565752
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 Filtering JSSE SSLSocket
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 SSLIOContextTable.addContext(ctx): 24133698
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer SSLListenThread.Default WLS Kernel 000000 SSLSocket will be Muxing
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 isMuxerActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 SSLFilter.isActivated: false
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 12541623 SSL3/TLS MAC
    ####Nov 30, 2007 11:14:33 AM GMT Debug TLS acme.com acServer ExecuteThread: '49' for queue: 'weblogic.kernel.Default' WLS Kernel 000000 12541623 received HANDSHAKE

  • RELEVANCY SCORE 2.67

    DB:2.67:Icc 11.1 Dmg Does Not Install On Mac Os X 10.4.11 pa



    I am trying to install ICC 11.1 on Mac OS X 10.4.11 which already has Xcode 2.5 installed. Upon installation ICC fails to install with an error message that Mac OS X version is not supported. I am trying to install Product for IA32/Intel 64. anything that I may be missing?

    DB:2.67:Icc 11.1 Dmg Does Not Install On Mac Os X 10.4.11 pa

    Quoting - shvetank

    Thanx....where can I get the ICC for Mac OS X 10.4.x?

    I Googled for release notes on the Intel site (+site:intel.com). From what I found there, it appears that the 11.0 version of icc supported Mac OS X 10.4.11. Assuming you've got a current license etc (I'm not familiar with all the requirements), you should be able to get that compiler from the usual Intel download site.

  • RELEVANCY SCORE 2.67

    DB:2.67:Silverlight Install Failing On Mac Os X 78


    Just downloaded install package. However, get error The Installer could not create the folder '/private/tmp/Silverlight.pkg.2685hONUBu' and installation fails. Running Mac OS X 10.5.1 on Mac Pro. Initially thought this was permissions problem so logged
    on with Admin permissions, but error still occurs. Ideas? Gary

    DB:2.67:Silverlight Install Failing On Mac Os X 78

    Granted R/W access to the /tmp/ folder and the install completed (and restored to previous permissions). So something appears to be wrong with the installer.

  • RELEVANCY SCORE 2.66

    DB:2.66:Ssl Fails With Alert From Partner 99


    We are testing a new release of an existing web services application. With server debug on, we can see what looks like an SSL failure, but have no clue why it is happening. Our trading partner claims that we are to blame, and we think that they are causing it. Can somebody please take a look at this abbreviated log and tell me what is going on.

    Thanks in advance....

    ****within checkCredentials Starting GET at: 1122063280028
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 clientInfo settings applied
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 199686906
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLSocket will be Muxing
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 199686819
    ****within checkCredentials Finished GET at: 1122063280274
    ....

    {removed for space}

    ....

    **** Starting static POST at: 1122063281291
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 200211803
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLSocket will be Muxing
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 200211716
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write SSL_20_RECORD
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 134
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received CHANGE_CIPHER_SPEC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 231
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 1478
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 read( offset: 0 length: 256 )
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received ALERT
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@bf12b99 Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(IZLjava.lang.String;)V(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(II)V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Ljava.io.ByteArrayInputStream;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent([BIILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
    at com.certicom.tls.record.ReadHandler.read([BII)I(Unknown Source)
    at java.io.BufferedInputStream.fill()V(BufferedInputStream.java:183)
    at java.io.BufferedInputStream.read()I(Optimized Method)
    at weblogic.webservice.binding.soap.HttpResponseParser.readLine(Lweblogic.utils.io.Chunk;Ljava.io.InputStream;)V(HttpResponseParser.java:333)
    at weblogic.webservice.binding.soap.HttpResponseParser.parse(Ljava.net.URL;Ljava.io.InputStream;)Lweblogic.webservice.binding.soap.HttpResponse;(HttpResponseParser.java:34)
    at weblogic.webservice.binding.soap.HttpClientBinding.receive(Ljavax.xml.rpc.handler.MessageContext;)V(HttpClientBinding.java:213)
    at weblogic.webservice.core.handler.ClientHandler.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(ClientHandler.java:63)
    at weblogic.webservice.core.HandlerChainImpl.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(HandlerChainImpl.java:230)
    at weblogic.webservice.core.ClientDispatcher.receive(Lweblogic.webservice.WLMessageContext;)Ljava.lang.Object;(ClientDispatcher.java:229)
    at weblogic.webservice.core.ClientDispatcher.dispatch([Ljava.lang.Object;)Ljava.lang.Object;(ClientDispatcher.java:144)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;Ljava.io.PrintStream;)Ljava.lang.Object;(DefaultOperation.java:444)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;)Ljava.lang.Object;(DefaultOperation.java:430)
    at weblogic.webservice.core.rpc.StubImpl._invoke(Ljava.lang.String;Ljava.util.Map;)Ljava.lang.Object;(StubImpl.java:270)
    at pjm.srcm.webservices.face.client.SoapFacePortType_Stub.SoapSetNnlAllocations(Lorg.rtodex.www.webservices.FACE.NNLAllocationMessage;)V(SoapFacePortType_Stub.java:26)
    at pjm.srcm.webservices.face.msgs.NnlAllocationMessageHolder.dispatch()V(NnlAllocationMessageHolder.java:95)
    at pjm.srcm.webservices.face.ejb.Sender.onMessage(Ljavax.jms.Message;)V(Sender.java:46)
    at weblogic.ejb20.internal.MDListener.execute(Lweblogic.kernel.ExecuteThread;)V(MDListener.java:382)
    at weblogic.ejb20.internal.MDListener.transactionalOnMessage(Ljavax.jms.Message;)V(MDListener.java:316)
    at weblogic.ejb20.internal.MDListener.onMessage(Ljavax.jms.Message;)V(MDListener.java:281)
    at weblogic.jms.client.JMSSession.onMessage(Ljavax.jms.MessageListener;Lweblogic.jms.common.MessageImpl;)V(JMSSession.java:2596)
    at weblogic.jms.client.JMSSession.execute(Lweblogic.kernel.ExecuteThread;)V(JMSSession.java:2516)
    at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:170)
    at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)

    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@bf12b99
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 CLOSE_NOTIFY received from peer, closing connection:
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 close(): 200217934
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@bf1eaee Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(IZLjava.lang.String;)V(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(II)V(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler()V(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close()V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handle(Lcom.certicom.tls.record.alert.Alert;)V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Ljava.io.ByteArrayInputStream;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent([BIILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
    at com.certicom.tls.record.ReadHandler.read([BII)I(Unknown Source)
    at java.io.BufferedInputStream.fill()V(BufferedInputStream.java:183)
    at java.io.BufferedInputStream.read()I(Optimized Method)
    at weblogic.webservice.binding.soap.HttpResponseParser.readLine(Lweblogic.utils.io.Chunk;Ljava.io.InputStream;)V(HttpResponseParser.java:333)
    at weblogic.webservice.binding.soap.HttpResponseParser.parse(Ljava.net.URL;Ljava.io.InputStream;)Lweblogic.webservice.binding.soap.HttpResponse;(HttpResponseParser.java:34)
    at weblogic.webservice.binding.soap.HttpClientBinding.receive(Ljavax.xml.rpc.handler.MessageContext;)V(HttpClientBinding.java:213)
    at weblogic.webservice.core.handler.ClientHandler.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(ClientHandler.java:63)
    at weblogic.webservice.core.HandlerChainImpl.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(HandlerChainImpl.java:230)
    at weblogic.webservice.core.ClientDispatcher.receive(Lweblogic.webservice.WLMessageContext;)Ljava.lang.Object;(ClientDispatcher.java:229)
    at weblogic.webservice.core.ClientDispatcher.dispatch([Ljava.lang.Object;)Ljava.lang.Object;(ClientDispatcher.java:144)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;Ljava.io.PrintStream;)Ljava.lang.Object;(DefaultOperation.java:444)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;)Ljava.lang.Object;(DefaultOperation.java:430)
    at weblogic.webservice.core.rpc.StubImpl._invoke(Ljava.lang.String;Ljava.util.Map;)Ljava.lang.Object;(StubImpl.java:270)
    at pjm.srcm.webservices.face.client.SoapFacePortType_Stub.SoapSetNnlAllocations(Lorg.rtodex.www.webservices.FACE.NNLAllocationMessage;)V(SoapFacePortType_Stub.java:26)
    at pjm.srcm.webservices.face.msgs.NnlAllocationMessageHolder.dispatch()V(NnlAllocationMessageHolder.java:95)
    at pjm.srcm.webservices.face.ejb.Sender.onMessage(Ljavax.jms.Message;)V(Sender.java:46)
    at weblogic.ejb20.internal.MDListener.execute(Lweblogic.kernel.ExecuteThread;)V(MDListener.java:382)
    at weblogic.ejb20.internal.MDListener.transactionalOnMessage(Ljavax.jms.Message;)V(MDListener.java:316)
    at weblogic.ejb20.internal.MDListener.onMessage(Ljavax.jms.Message;)V(MDListener.java:281)
    at weblogic.jms.client.JMSSession.onMessage(Ljavax.jms.MessageListener;Lweblogic.jms.common.MessageImpl;)V(JMSSession.java:2596)
    at weblogic.jms.client.JMSSession.execute(Lweblogic.kernel.ExecuteThread;)V(JMSSession.java:2516)
    at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:170)
    at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)

    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write ALERT offset = 0 length = 2
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 closed by last read
    Jul 22, 2005 4:14:41 PM EDT Info WebService BEA-220020 The Web Services call to https://xxx.xxx.org:-1 received an unexpected end of file (EOF) after reading 0 bytes.
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 close(): 200217934
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 200211803
    Jul 22, 2005 4:14:41 PM EDT Info WebService BEA-220025 Handler weblogic.webservice.core.handler.ClientHandler threw an exception from its handleResponse method. The exception was:
    javax.xml.rpc.JAXRPCException: java.io.EOFException: Received EOF from: https://xxx.xxx.org/Processes/NNL/FaceService after reading 0 bytes..
    **** Finished static POST at: 1122063282000

    Message was edited by:
    neilhorn

    Removed URL of partner.

    DB:2.66:Ssl Fails With Alert From Partner 99

    We are testing a new release of an existing web services application. With server debug on, we can see what looks like an SSL failure, but have no clue why it is happening. Our trading partner claims that we are to blame, and we think that they are causing it. Can somebody please take a look at this abbreviated log and tell me what is going on.

    Thanks in advance....

    ****within checkCredentials Starting GET at: 1122063280028
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 clientInfo settings applied
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 199686906
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLSocket will be Muxing
    Jul 22, 2005 4:14:40 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 199686819
    ****within checkCredentials Finished GET at: 1122063280274
    ....

    {removed for space}

    ....

    **** Starting static POST at: 1122063281291
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 200211803
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLSocket will be Muxing
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 200211716
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write SSL_20_RECORD
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 134
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received CHANGE_CIPHER_SPEC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received HANDSHAKE
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 231
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 1478
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 read( offset: 0 length: 256 )
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 isMuxerActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 readRecord()
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 SSL3/TLS MAC
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 received ALERT
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@bf12b99 Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(IZLjava.lang.String;)V(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(II)V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Ljava.io.ByteArrayInputStream;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent([BIILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
    at com.certicom.tls.record.ReadHandler.read([BII)I(Unknown Source)
    at java.io.BufferedInputStream.fill()V(BufferedInputStream.java:183)
    at java.io.BufferedInputStream.read()I(Optimized Method)
    at weblogic.webservice.binding.soap.HttpResponseParser.readLine(Lweblogic.utils.io.Chunk;Ljava.io.InputStream;)V(HttpResponseParser.java:333)
    at weblogic.webservice.binding.soap.HttpResponseParser.parse(Ljava.net.URL;Ljava.io.InputStream;)Lweblogic.webservice.binding.soap.HttpResponse;(HttpResponseParser.java:34)
    at weblogic.webservice.binding.soap.HttpClientBinding.receive(Ljavax.xml.rpc.handler.MessageContext;)V(HttpClientBinding.java:213)
    at weblogic.webservice.core.handler.ClientHandler.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(ClientHandler.java:63)
    at weblogic.webservice.core.HandlerChainImpl.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(HandlerChainImpl.java:230)
    at weblogic.webservice.core.ClientDispatcher.receive(Lweblogic.webservice.WLMessageContext;)Ljava.lang.Object;(ClientDispatcher.java:229)
    at weblogic.webservice.core.ClientDispatcher.dispatch([Ljava.lang.Object;)Ljava.lang.Object;(ClientDispatcher.java:144)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;Ljava.io.PrintStream;)Ljava.lang.Object;(DefaultOperation.java:444)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;)Ljava.lang.Object;(DefaultOperation.java:430)
    at weblogic.webservice.core.rpc.StubImpl._invoke(Ljava.lang.String;Ljava.util.Map;)Ljava.lang.Object;(StubImpl.java:270)
    at pjm.srcm.webservices.face.client.SoapFacePortType_Stub.SoapSetNnlAllocations(Lorg.rtodex.www.webservices.FACE.NNLAllocationMessage;)V(SoapFacePortType_Stub.java:26)
    at pjm.srcm.webservices.face.msgs.NnlAllocationMessageHolder.dispatch()V(NnlAllocationMessageHolder.java:95)
    at pjm.srcm.webservices.face.ejb.Sender.onMessage(Ljavax.jms.Message;)V(Sender.java:46)
    at weblogic.ejb20.internal.MDListener.execute(Lweblogic.kernel.ExecuteThread;)V(MDListener.java:382)
    at weblogic.ejb20.internal.MDListener.transactionalOnMessage(Ljavax.jms.Message;)V(MDListener.java:316)
    at weblogic.ejb20.internal.MDListener.onMessage(Ljavax.jms.Message;)V(MDListener.java:281)
    at weblogic.jms.client.JMSSession.onMessage(Ljavax.jms.MessageListener;Lweblogic.jms.common.MessageImpl;)V(JMSSession.java:2596)
    at weblogic.jms.client.JMSSession.execute(Lweblogic.kernel.ExecuteThread;)V(JMSSession.java:2516)
    at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:170)
    at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)

    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@bf12b99
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 CLOSE_NOTIFY received from peer, closing connection:
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 close(): 200217934
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@bf1eaee Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(IZLjava.lang.String;)V(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(II)V(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler()V(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close()V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handle(Lcom.certicom.tls.record.alert.Alert;)V(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Ljava.io.ByteArrayInputStream;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent([BIILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
    at com.certicom.tls.record.ReadHandler.read([BII)I(Unknown Source)
    at java.io.BufferedInputStream.fill()V(BufferedInputStream.java:183)
    at java.io.BufferedInputStream.read()I(Optimized Method)
    at weblogic.webservice.binding.soap.HttpResponseParser.readLine(Lweblogic.utils.io.Chunk;Ljava.io.InputStream;)V(HttpResponseParser.java:333)
    at weblogic.webservice.binding.soap.HttpResponseParser.parse(Ljava.net.URL;Ljava.io.InputStream;)Lweblogic.webservice.binding.soap.HttpResponse;(HttpResponseParser.java:34)
    at weblogic.webservice.binding.soap.HttpClientBinding.receive(Ljavax.xml.rpc.handler.MessageContext;)V(HttpClientBinding.java:213)
    at weblogic.webservice.core.handler.ClientHandler.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(ClientHandler.java:63)
    at weblogic.webservice.core.HandlerChainImpl.handleResponse(Ljavax.xml.rpc.handler.MessageContext;)Z(HandlerChainImpl.java:230)
    at weblogic.webservice.core.ClientDispatcher.receive(Lweblogic.webservice.WLMessageContext;)Ljava.lang.Object;(ClientDispatcher.java:229)
    at weblogic.webservice.core.ClientDispatcher.dispatch([Ljava.lang.Object;)Ljava.lang.Object;(ClientDispatcher.java:144)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;Ljava.io.PrintStream;)Ljava.lang.Object;(DefaultOperation.java:444)
    at weblogic.webservice.core.DefaultOperation.invoke(Ljava.util.Map;[Ljava.lang.Object;)Ljava.lang.Object;(DefaultOperation.java:430)
    at weblogic.webservice.core.rpc.StubImpl._invoke(Ljava.lang.String;Ljava.util.Map;)Ljava.lang.Object;(StubImpl.java:270)
    at pjm.srcm.webservices.face.client.SoapFacePortType_Stub.SoapSetNnlAllocations(Lorg.rtodex.www.webservices.FACE.NNLAllocationMessage;)V(SoapFacePortType_Stub.java:26)
    at pjm.srcm.webservices.face.msgs.NnlAllocationMessageHolder.dispatch()V(NnlAllocationMessageHolder.java:95)
    at pjm.srcm.webservices.face.ejb.Sender.onMessage(Ljavax.jms.Message;)V(Sender.java:46)
    at weblogic.ejb20.internal.MDListener.execute(Lweblogic.kernel.ExecuteThread;)V(MDListener.java:382)
    at weblogic.ejb20.internal.MDListener.transactionalOnMessage(Ljavax.jms.Message;)V(MDListener.java:316)
    at weblogic.ejb20.internal.MDListener.onMessage(Ljavax.jms.Message;)V(MDListener.java:281)
    at weblogic.jms.client.JMSSession.onMessage(Ljavax.jms.MessageListener;Lweblogic.jms.common.MessageImpl;)V(JMSSession.java:2596)
    at weblogic.jms.client.JMSSession.execute(Lweblogic.kernel.ExecuteThread;)V(JMSSession.java:2516)
    at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:170)
    at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)

    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 write ALERT offset = 0 length = 2
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 200217934 closed by last read
    Jul 22, 2005 4:14:41 PM EDT Info WebService BEA-220020 The Web Services call to https://xxx.xxx.org:-1 received an unexpected end of file (EOF) after reading 0 bytes.
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 close(): 200217934
    Jul 22, 2005 4:14:41 PM EDT Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 200211803
    Jul 22, 2005 4:14:41 PM EDT Info WebService BEA-220025 Handler weblogic.webservice.core.handler.ClientHandler threw an exception from its handleResponse method. The exception was:
    javax.xml.rpc.JAXRPCException: java.io.EOFException: Received EOF from: https://xxx.xxx.org/Processes/NNL/FaceService after reading 0 bytes..
    **** Finished static POST at: 1122063282000

    Message was edited by:
    neilhorn

    Removed URL of partner.

  • RELEVANCY SCORE 2.65

    DB:2.65:Installation Fails On Mac Mini (Late '06) m9


    I have a Mac Mini (Late 2006, Macmini1,1, MA608LL/S) OS X with 10.6.8.On installing OSX Server 10.6, all system reqmt's are met (2GB RAM, freshly formatted 80Gb disk),but I got error message: "Mac OS X cannot be installed on this computer."The HD is correctly formatted: Partition Map Scheme: GUID Partition Table Mac OS Extended (Journaled)Any ideas?

    DB:2.65:Installation Fails On Mac Mini (Late '06) m9

    I have a Mac Mini (Late 2006, Macmini1,1, MA608LL/S) OS X with 10.6.8.On installing OSX Server 10.6, all system reqmt's are met (2GB RAM, freshly formatted 80Gb disk),but I got error message: "Mac OS X cannot be installed on this computer."The HD is correctly formatted: Partition Map Scheme: GUID Partition Table Mac OS Extended (Journaled)Any ideas?

  • RELEVANCY SCORE 2.65

    DB:2.65:Reference Implementation Of J2ee For Mac Os X ap


    Is there a RI for Mac OS X? Mac OS X has a unix underpinning based on BSD Unix. Does the Linux binary work on Mac OS X system? If not, how do I proceed to use J2EE on Mac OS X system. I have Mac OS X 10.3.2.

    Thanks

    DB:2.65:Reference Implementation Of J2ee For Mac Os X ap

    You are correct, this is the only way to obtain a copy of the J2EE SDK for Mac OS X at this time.

  • RELEVANCY SCORE 2.65

    DB:2.65:Error: Xmlstreamexception With Ssl 9k


    We seem to be having a problem that happens only on our production env.

    We have a client application that communicates over SOAP over HTTPS with another application hosted on weblogic 8.1 sp6. There is also an IIS front ending the remote application. The client application is also hosted on weblogic 8.1 sp4. We have all certificates generated and in the right places - as I said it works perfectly fine on our local / dev and testing environments. But on production we get this error:

    Exception in thread "main" weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://xx.xx.xx.xx/AddAccount?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Line:18 ''' expected, got char[53] - with nested exception:
    [Error at line:18 col:28 Line:18 ''' expected, got char[53]]]
    at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:151)
    at weblogic.webservice.tools.wsdlp.WSDLParser.init(WSDLParser.java:76)
    at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
    at weblogic.webservice.core.rpc.ServiceImpl.init(ServiceImpl.java:86)
    at com.sotu.olad.client.AddAccount_Impl.init(AddAccount_Impl.java:22)
    at com.sotu.sara.OladSoapClient.main(OladSoapClient.java:47)

    The webservice url can be hit successfully using the same url on a browser: https://xx.xx.xx.xx/AddAccount?WSDL

    ******************************
    We have also enabled verbose output and here it is:

    /opt/beasys/wlserver81/beasys/j2sdk1.4.2_13
    ISO646-US
    Could not locate PEM preamble, now trying file as JKS
    temp PEM file created: /var/tmp/wls22378.pem
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 No JCE support for algorithm ECDSA, class java.security.Signature
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA1withDSA, class sun.security.provider.DSA using provider SUN version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD5withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA1withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD2withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA, class java.security.MessageDigest$Delegate using provider SUN version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD5, class java.security.MessageDigest$Delegate using provider SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm NullMac, class javax.crypto.Mac
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm HmacSHA1, class javax.crypto.Mac using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm HmacMD5, class javax.crypto.Mac using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DES/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DESede/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DESede/ECB/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RC4, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/NoPadding, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm Anonymous, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm ECDH, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DiffieHellman, class javax.crypto.KeyAgreement using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 ECDSA | java.security.Signature | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA1withDSA | java.security.Signature | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD5withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA1withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD2withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA | java.security.MessageDigest | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD5 | java.security.MessageDigest | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 NullMac | javax.crypto.Mac | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 HmacSHA1 | javax.crypto.Mac | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 HmacMD5 | javax.crypto.Mac | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DES/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DESede/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DESede/ECB/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RC4 | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA/ECB/PKCS1Padding | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Anonymous | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 ECDH | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DiffieHellman | javax.crypto.KeyAgreement | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE used for some SSL = true
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 jsafeJCE used for some SSL = false
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[0] - SUN
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[1] - SunJSSE
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[2] - SunRsaSign
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SUN's provider for RSA signatures
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[3] - SunJCE
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[4] - SunJGSS
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Sun (Kerberos v5)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Crypto to use for RSA is USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 usingJCE = true
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 usingJsafeJCE = false
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Algorithm DES/CBC/NoPadding is not configured for a specific provider
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Provider found by default for DES/CBC/NoPadding is SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Algorithm DESede/CBC/NoPadding is not configured for a specific provider
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Provider found by default for DESede/CBC/NoPadding is SunJCE version 1.42
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL/Domestic license found
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 Not in server, Certicom SSL license found
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Loaded local trusted certificates from java.io.FileInputStream@618d26
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Loaded local trusted certificates from java.io.FileInputStream@90d8ea
    Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@53ab04
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 3083604
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLSocket will NOT be Muxing
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 18096534
    Connecting to:xx.xx.xx.xx port:443 socket:Socket[addr=/xx.xx.xx.xx,port=443,localport=61751]com.certicom.tls.interfaceimpl.TLSConnectionImpl@6779e6
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write SSL_20_RECORD
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received HANDSHAKE
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 134
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received CHANGE_CIPHER_SPEC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received HANDSHAKE
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 33
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read( offset: 0 length: 4 )
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received APPLICATION_DATA
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 APPDATA databufferLen 0
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 APPDATA contentLength 1791
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read databufferLen 1791
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read B returns 4
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read( offset: 4 length: 8188 )
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read databufferLen 1787
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read A returns 1787
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 close(): 24374386
    Exception in thread "main" weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://xx.xx.xx.xx/AddAccount?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Line:18 ''' expected, got char[53] - with nested exception:
    [Error at line:18 col:28 Line:18 ''' expected, got char[53]]]

    Thanks in advance,

    DB:2.65:Error: Xmlstreamexception With Ssl 9k

    We seem to be having a problem that happens only on our production env.

    We have a client application that communicates over SOAP over HTTPS with another application hosted on weblogic 8.1 sp6. There is also an IIS front ending the remote application. The client application is also hosted on weblogic 8.1 sp4. We have all certificates generated and in the right places - as I said it works perfectly fine on our local / dev and testing environments. But on production we get this error:

    Exception in thread "main" weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://xx.xx.xx.xx/AddAccount?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Line:18 ''' expected, got char[53] - with nested exception:
    [Error at line:18 col:28 Line:18 ''' expected, got char[53]]]
    at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:151)
    at weblogic.webservice.tools.wsdlp.WSDLParser.init(WSDLParser.java:76)
    at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
    at weblogic.webservice.core.rpc.ServiceImpl.init(ServiceImpl.java:86)
    at com.sotu.olad.client.AddAccount_Impl.init(AddAccount_Impl.java:22)
    at com.sotu.sara.OladSoapClient.main(OladSoapClient.java:47)

    The webservice url can be hit successfully using the same url on a browser: https://xx.xx.xx.xx/AddAccount?WSDL

    ******************************
    We have also enabled verbose output and here it is:

    /opt/beasys/wlserver81/beasys/j2sdk1.4.2_13
    ISO646-US
    Could not locate PEM preamble, now trying file as JKS
    temp PEM file created: /var/tmp/wls22378.pem
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 No JCE support for algorithm ECDSA, class java.security.Signature
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA1withDSA, class sun.security.provider.DSA using provider SUN version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD5withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA1withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD2withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm SHA, class java.security.MessageDigest$Delegate using provider SUN version 1.42
    Apr 12, 2007 6:51:55 PM EDT Debug TLS 000000 JCE support for algorithm MD5, class java.security.MessageDigest$Delegate using provider SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm NullMac, class javax.crypto.Mac
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm HmacSHA1, class javax.crypto.Mac using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm HmacMD5, class javax.crypto.Mac using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DES/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DESede/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DESede/ECB/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RC4, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/NoPadding, class javax.crypto.Cipher
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm Anonymous, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm ECDH, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE support for algorithm DiffieHellman, class javax.crypto.KeyAgreement using provider SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 No JCE support for algorithm RSA, class javax.crypto.KeyAgreement
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 ECDSA | java.security.Signature | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA1withDSA | java.security.Signature | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD5withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA1withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD2withRSA | java.security.Signature | USEJCE | SunJSSE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SHA | java.security.MessageDigest | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 MD5 | java.security.MessageDigest | USEJCE | SUN version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 NullMac | javax.crypto.Mac | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 HmacSHA1 | javax.crypto.Mac | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 HmacMD5 | javax.crypto.Mac | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DES/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DESede/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DESede/ECB/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RC4 | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA/ECB/PKCS1Padding | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Anonymous | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 ECDH | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 DiffieHellman | javax.crypto.KeyAgreement | USEJCE | SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 RSA | javax.crypto.KeyAgreement | USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 JCE used for some SSL = true
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 jsafeJCE used for some SSL = false
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[0] - SUN
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[1] - SunJSSE
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[2] - SunRsaSign
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SUN's provider for RSA signatures
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[3] - SunJCE
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 provider[4] - SunJGSS
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Sun (Kerberos v5)
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Crypto to use for RSA is USEHARDWIRED
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 usingJCE = true
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 usingJsafeJCE = false
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Algorithm DES/CBC/NoPadding is not configured for a specific provider
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Provider found by default for DES/CBC/NoPadding is SunJCE version 1.42
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Algorithm DESede/CBC/NoPadding is not configured for a specific provider
    Apr 12, 2007 6:51:56 PM EDT Debug TLS 000000 Provider found by default for DESede/CBC/NoPadding is SunJCE version 1.42
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL/Domestic license found
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 Not in server, Certicom SSL license found
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:57 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Loaded local trusted certificates from java.io.FileInputStream@618d26
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSL Session TTL :90000
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 Weblogic license allows domestic
    Loaded local trusted certificates from java.io.FileInputStream@90d8ea
    Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@53ab04
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 Filtering JSSE SSLSocket
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 3083604
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLSocket will NOT be Muxing
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLIOContextTable.findContext(is): 18096534
    Connecting to:xx.xx.xx.xx port:443 socket:Socket[addr=/xx.xx.xx.xx,port=443,localport=61751]com.certicom.tls.interfaceimpl.TLSConnectionImpl@6779e6
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write SSL_20_RECORD
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received HANDSHAKE
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHelloDone
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 134
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received CHANGE_CIPHER_SPEC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received HANDSHAKE
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 33
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read( offset: 0 length: 4 )
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 isMuxerActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 SSLFilter.isActivated: false
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 readRecord()
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 SSL3/TLS MAC
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 received APPLICATION_DATA
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 APPDATA databufferLen 0
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 APPDATA contentLength 1791
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read databufferLen 1791
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read B returns 4
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read( offset: 4 length: 8188 )
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read databufferLen 1787
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 24374386 read A returns 1787
    Apr 12, 2007 6:51:58 PM EDT Debug TLS 000000 close(): 24374386
    Exception in thread "main" weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://xx.xx.xx.xx/AddAccount?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Line:18 ''' expected, got char[53] - with nested exception:
    [Error at line:18 col:28 Line:18 ''' expected, got char[53]]]

    Thanks in advance,

  • RELEVANCY SCORE 2.64

    DB:2.64:Winphone Push Notification Response 403 Error Code zj


    Hi:
    I have get the MPNS https url like:https://hk1.notify.live.net/unthrottledthirdparty/01.00/AQHSlrBXXXXXXX
    when i send the url some messages response 403 error code, more details below:
    * About to connect() to hk1.notify.live.net port 443 (#0)
    * Trying 134.170.142.126...
    * connected
    * Connected to hk1.notify.live.net (134.170.142.126) port 443 (#0)
    * successfully set certificate verify locations:
    * CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using AES128-SHA
    * Server certificate:
    * subject: CN=*.push.live.net
    * start date: 2013-07
    * expire date: 2015-07
    * subjectAltName: hk1.notify.live.net matched
    * issuer: DC=com;
    * SSL certificate verify ok.
    POST /unthrottledthirdparty/01.00/AQHSlrBYhQvdRJYPLwobcJtaAgAAAAADJwAAAAQUZm52OkJCMjg1QTg1QkZDMkUxREQFBkVVV0UwMQ HTTP/1.1
    User-Agent: curl/7.27.0
    Host: hk1.notify.live.net
    Accept: */*
    Content-Type:text/xml
    X-WindowsPhone-Target:Toast
    X-NotificationClass:2
    Content-Length: 181

    * upload completely sent off: 181 out of 181 bytes
    * SSLv3, TLS handshake, Hello request (0):
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Request CERT (13):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS handshake, CERT verify (15):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    HTTP/1.1 403 Forbidden
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Wed, 19 Feb 2014 08:29:16 GMT
    Content-Length: 1233

    someone can help me ? that trouble me for 4days.

    DB:2.64:Winphone Push Notification Response 403 Error Code zj


    Hello Eric:
    when i use http url , everything is ok, but the limit is 500, it not enough to me.
    but when i get a cert, so MPNS return a https url, that means the cert is ok. when i send the message to https url with cert, it respnse to me.
    so i am so confuse about that, need explain about it.

  • RELEVANCY SCORE 2.62

    DB:2.62:Innstallation Fails Again And Again And Again... c7


    I got Mac OS X 10.7.5

    DB:2.62:Innstallation Fails Again And Again And Again... c7


    I tried this and it works. Main question is: how this is even possible with F-secure?

    A) To uninstall the F-Secure Antivirus for Mac

    Copy your product key from manage subscription

    1.Open the folder where you installed the product. By default, the product is in the Applications folder.

    2.Open the F-Secure folder.

    3.Double-click the Uninstall F-Secure Anti-Virus for Mac icon. The uninstallation program opens.

    4.Click Uninstall . You need to enter your administrator password to uninstall the product.

    5.Enter your administrator user name and password and click OK .

    B) To install the F-Secure Antivirus for Mac

    Download link

    http://download.f-secure.com/estore/f-secure_anti-virus_for_mac.dmg

  • RELEVANCY SCORE 2.62

    DB:2.62:Schannel Sspi Implementation Of Tls Fails On Vista/Server 2008 8a


    I recently ported my working SChannel SSPI TLS/SSL POP3 server code for XP/Server 2003, recompiling it for Vista/Server 2008.  When run on Server 2008, the TLS handshake succeeds, but after encryption/decryption of data commands and responses between client and server takes place, the TLS session always fails at some point before the POP3 session completes (usually early on in the session).  I repeat, this code was working fine on XP/Server 2003. The errors encountered when running on Server 2008 varied, depending on which client was connecting:  Windows Mail just reported that the connection was reset by the server, but the server side recorded an event log error of SEC_E_ALGORITHM_MISMATCH (0x80090331) The client and server cannot communicate, because they do not possess a common algorithm.  Mozilla Thunderbird, on the other hand, proceeded successfully for a few commands/responses, then popped up a failure message reporting error -8188 (SEC_ERROR_INPUT_LEN) Security Library:  input length error, while the server recorded an event log error of SEC_E_DECRYPT_FAILURE (0x80090330) The specified data could not be decrypted. Thinking that I needed to change something to make this work on Vista/2008, I added exhaustive diagnostic logging code and combed over every line of code and all of the documentation.  However, I wasn't able to determine exactly why the TLS sessions were failing.  I had one last hunch that proved to be right--the Vista/Server 2008 implementation of TLS was the problem. The proof was apparent when I changed the value of the SCHANNEL_CRED::grbitEnabledProtocols data member from: (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) to just: SP_PROT_SSL3_SERVER Using SP_PROT_SSL3_SERVER (or just SSL v3.0 protocol) solved the problem and everything started working as it should.  So, the client programs I was testing with (Windows Mail and Mozilla Thunderbird) were apparently using SSL v3 to connect, but the server was not correctly backing down from TLS v1.1 (or SSL v3.2) to SSL v3.0 in order to interoperate as it should have.  This is a bug in the SChannel SSPI implementation on Vista/Server 2008. For anyone else having this problem, here's an abbreviated C++ example of what works: HCERTSTORE hRootStore = NULL; PCCERT_CONTEXT pCertCtx = NULL; SCHANNEL_CRED schanCred; SecHandle shTlsCred; // SSPI security credentials structure for TLS TimeStamp tsLifetime; SECURITY_STATUS ssStatus = SEC_E_OK; ::SecureZeroMemory(tsLifetime, (SIZE_T)sizeof(tsLifetime)); ::SecureZeroMemory(schanCred, (SIZE_T)sizeof(schanCred)); schanCred.dwVersion = (DWORD)SCHANNEL_CRED_VERSION; schanCred.cCreds = (DWORD)1; // ... retrieve the PCCERT_CONTEXT (not shown) schanCred.paCred = pCertCtx; // ... retrieve the HCERTSTORE (not shown) schanCred.hRootStore = hRootStore; schanCred.cSupportedAlgs = (DWORD)0; // use system defaults schanCred.palgSupportedAlgs = NULL; // // SChannel Bug:  can't use TLS on Vista/Server 2008--must specify SSL3 only! // Note:  on XP/2003, (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) works fine. schanCred.grbitEnabledProtocols = (DWORD)SP_PROT_SSL3_SERVER; // this works on Vista/Server 2008 schanCred.dwMinimumCipherStrength = (DWORD)0; // use system default schanCred.dwMaximumCipherStrength = (DWORD)0; // schanCred.dwSessionLifespan = (DWORD)3600000; // 1 hour in millisecs // Note:  dwAllowCertCliAuth was defined elsewhere and indicates whether we want to use // client X.509 certificate mapping for client authentication schanCred.dwFlags = (dwAllowCertCliAuth) ? (DWORD)0 : (DWORD)SCH_CRED_NO_SYSTEM_MAPPER; // get the server credentials ssStatus = ::AcquireCredentialsHandle(NULL, // require handle to credentials of process security context                    UNISP_NAME, // _T(Microsoft Unified Security Protocol Provider)                    SECPKG_CRED_INBOUND, // server side                    NULL,                    schanCred,                    NULL,                    NULL,                    shTlsCred, // service credential handle                    tsLifetime); // proceed as usual:  prepare SSPI input/output buffers and call ::AcceptSecurityContext, etc. I hope this helps someone.  Maybe it will save them the couple of weeks of grief that I had to go through before figuring this out. Dave KellyDave Kelly

    DB:2.62:Schannel Sspi Implementation Of Tls Fails On Vista/Server 2008 8a


    Now I understand more about it, Many
    thanks to your description!

  • RELEVANCY SCORE 2.62

    DB:2.62:Pop3 And Tls With Exchange 2010 - Problems 87


    I have set up my Exchange 2010 SP2 server with the following POP3 settings:
    TLS/Unencrypted Connections:
    IPv6: 110
    IPv4: 110

    Secure Sockets Layer (SSL) Connections:
    IPv6: 995
    IPv4: 995Authentication:[ ] Plain text logon (Basic authentication)...[ ] Plain text authentication logon (Integrated Windows authentication)...[X] Secure logon. A TLS connection is required for the client...X.509 certificate name:mail.mXXXX.com
    However I can't seem to connect with various clients.
    I have a POP3 client I developed in .NET that uses the SslStream class. I told it to connect to both ports 110 and 995, however in both cases I get an IOException The handshake failed due to an unexpected packet format..
    When I try using Outlook Express 6 (on an XP machine) with the following settings:
    Server Port Numbers:
    Incoming mail (POP3): 995
    [X] This server requires a secure connection (SSL)
    Outlook Express reports this error:
    Your server has unexpectedly terminated the connection.Possible causes for this include server problems, network problems, or a long period of inactivity.Account: 'TestAccount', Server: 'mail.mXXXX.com', Protocol: POP3, Port: 995, Secure(SSL): Yes, Error Number: 0x800CCC0F
    I get the same error when I use port 110, although one time I got a different error about the command not being valid in the current state, which is indicative of requiring explicit TLS on port 110 rather than implicit TLS on port 995.
    I didn't have these problems with Exchange 2007, what's going on?

    DB:2.62:Pop3 And Tls With Exchange 2010 - Problems 87

    Hi David,

    If you issued the CERT from the internal CA, please install the ROOT cert on the client, the parth: ..\trusted root certification Authorities\..
    What is your CAS server FQDN, if you want to connect to the server, the domain name should contain it.
    Please use get-popsettings |fl, and post the information.
    You could use the same CERT for pop3 and smtp.
    Then use outlook to check whether you could configure pop3 method to connect to exchange server successfully.
    Or, run EXBPA to post some information.
    Although the error on the server means the server side issue, sometimes I donot think it.

    Regards!Gavin
    TechNet Community Support

  • RELEVANCY SCORE 2.61

    DB:2.61:Tls Encryption Fails On Mac Os X x8


    using the same im server - the tls encryption lock will turn on in a sun mozilla browser, but will not on a mac running os x - the java version on the mac is:
    java version "1.5.0_07"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164)
    Java HotSpot(TM) Client VM (build 1.5.0_07-87, mixed mode, sharing)

    is tls supported on mac os x - or am i missing some setup on the client?

    DB:2.61:Tls Encryption Fails On Mac Os X x8

    i updated /etc/hosts on the mac, used the host name instead of the ip to access the im server, and the problem cleared right up - i now have the lock on the im frame.

    thanks for the help-
    david

  • RELEVANCY SCORE 2.61

    DB:2.61:Wls8.1 Two-Way Ssl Jms ≫ Handshake Failure 8z


    hi,

    I'm trying to set up a two-way SSL connection on Weblogic 8.1. The
    connection will be from my weblogic instance (as client) to another. I have
    created a keystore which contains the server CA as a trusted cert and also a
    trusted cert, which had been a self signed cert, whose CSR the server CA
    signed for me. Both weblogic configurations are correct I think. The output
    I'm getting is given below. If anyone has any advice I would really
    appreciate it.

    Cheers,

    Paul

    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 SSLManager:
    loaded 3 trusted CAs from /software/weblogic81/server/lib/RISKeyStore.jks
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 clientInfo
    settings applied
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 Filtering JSSE
    SSLSocket
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000
    SSLIOContextTable.addContext(ctx): 17072281
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 SSLSocket will be
    Muxing
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000
    SSLIOContextTable.findContext(is): 9891211
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 write
    SSL_20_RECORD
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:21 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962 received
    HANDSHAKE
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    ServerHello
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 5859962 received
    HANDSHAKE
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    Certificate
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 Performing
    hostname validation checks: 10.51.0.3
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 Converting
    principal: CN=Revenue Certificate Authority, OU=Revenue Certifacate
    Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 Converting
    principal: CN=25.5.1.170, OU=RIS, O=Revenue, L=Dublin, ST=Dublin, C=IE
    07-Apr-2004 16:48:22 o'clock IST Debug TLS 000000 Converting
    principal: CN=25.5.1.170, OU=RIS, O=Revenue, L=Dublin, ST=Dublin, C=IE
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000
    validationCallback: validateErr = 0
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 cert[0] = [

    ...cert info...

    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 SSLTrustValidator
    returns: 0
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 Trust status (0):
    NONE
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 5859962 received
    HANDSHAKE
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    ServerKeyExchange
    07-Apr-2004 16:48:23 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    ServerKeyExchangeDH
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 received
    HANDSHAKE
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    CertificateRequest
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 received
    HANDSHAKE
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 HANDSHAKEMESSAGE:
    ServerHelloDone
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 7
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 134
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 write
    CHANGE_CIPHER_SPEC offset = 0 length = 1
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 16
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 isMuxerActivated:
    false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962
    readRecord()
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 SSL3/TLS
    MAC
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 5859962 received
    ALERT
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 NEW ALERT:
    com.certicom.tls.record.alert.Alert@1da2b6d Severity: 2 Type: 40
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
    at java.io.DataOutputStream.flush(DataOutputStream.java:101)
    at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:281)
    at
    weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.java:77)
    at
    weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1769
    )
    at
    weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.jav
    a:1293)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:430)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:312)
    at
    weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:223)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:181)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:222)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:188)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:296)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:239)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
    ory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.init(InitialContext.java:195)
    at ros.services.jms.RISJMSConnection.init(RISJMSConnection.java:42)
    at ros.services.jms.JMSFactory.getRISJMSMessage(JMSFactory.java:70)
    at ros.services.jms.TestJMS.connect(TestJMS.java:15)
    at ros.utils.LogStartup.startup(LogStartup.java:98)
    at ros.utils.LogStartup.main(LogStartup.java:119)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
    )
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
    .java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
    ternal.java:61)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
    rnal.java:34)
    at
    weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
    at
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
    t.java:317)
    at
    weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
    at
    weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
    ontainer.java:4721)
    at
    weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
    4683)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :985)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :822)
    at
    weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
    oyer.java:3057)
    at
    weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
    eployer.java:895)
    at
    weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
    )
    at
    weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
    ymentManagerServerLifeCycleImpl.java:229)
    at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
    at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
    at weblogic.Server.main(Server.java:32)

    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 Alert received
    from peer, notifying peer we received it:
    com.certicom.tls.record.alert.Alert@1da2b6d
    07-Apr-2004 16:48:24 o'clock IST Debug TLS 000000 close(): 5859962
    - Naming Exception occured
    java.net.ConnectException: t3s://10.51.0.3:7006: Destination unreachable;
    nested exception is:
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE
    alert received from 10.51.0.3 - 10.51.0.3. Check both sides of the SSL
    configuration for mismatches in supported ciphers, supported protocol
    versions, trusted CAs, and hostname verification settings.; No available
    router to destination
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:199)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:296)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:239)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
    ory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.init(InitialContext.java:195)
    at ros.services.jms.RISJMSConnection.init(RISJMSConnection.java:42)
    at ros.services.jms.JMSFactory.getRISJMSMessage(JMSFactory.java:70)
    at ros.services.jms.TestJMS.connect(TestJMS.java:15)
    at ros.utils.LogStartup.startup(LogStartup.java:98)
    at ros.utils.LogStartup.main(LogStartup.java:119)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
    )
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
    .java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
    ternal.java:61)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
    rnal.java:34)
    at
    weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
    at
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
    t.java:317)
    at
    weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
    at
    weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
    ontainer.java:4721)
    at
    weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
    4683)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :985)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :822)
    at
    weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
    oyer.java:3057)
    at
    weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
    eployer.java:895)
    at
    weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
    )
    at
    weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
    ymentManagerServerLifeCycleImpl.java:229)
    at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
    at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
    at weblogic.Server.main(Server.java:32)
    9056 [main] ERROR ros.services.jms.RISJMSConnection - Naming Exception
    occured
    java.net.ConnectException: t3s://10.51.0.3:7006: Destination unreachable;
    nested exception is:
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE
    alert received from 10.51.0.3 - 10.51.0.3. Check both sides of the SSL
    configuration for mismatches in supported ciphers, supported protocol
    versions, trusted CAs, and hostname verification settings.; No available
    router to destination
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:199)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:296)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialCon
    textFactoryDelegate.java:239)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
    ory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.init(InitialContext.java:195)
    at ros.services.jms.RISJMSConnection.init(RISJMSConnection.java:42)
    at ros.services.jms.JMSFactory.getRISJMSMessage(JMSFactory.java:70)
    at ros.services.jms.TestJMS.connect(TestJMS.java:15)
    at ros.utils.LogStartup.startup(LogStartup.java:98)
    at ros.utils.LogStartup.main(LogStartup.java:119)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
    )
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
    .java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
    ternal.java:61)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
    rnal.java:34)
    at
    weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
    at
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
    t.java:317)
    at
    weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
    at
    weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
    ontainer.java:4721)
    at
    weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
    4683)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :985)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :822)
    at
    weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
    oyer.java:3057)
    at
    weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
    eployer.java:895)
    at
    weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
    )
    at
    weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
    ymentManagerServerLifeCycleImpl.java:229)
    at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
    at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
    at weblogic.Server.main(Server.java:32)
    - Exception 2: java.lang.NullPointerException
    java.lang.NullPointerException
    at ros.services.jms.RISJMSMessage.send(RISJMSMessage.java:72)
    at ros.services.jms.TestJMS.connect(TestJMS.java:16)
    at ros.utils.LogStartup.startup(LogStartup.java:98)
    at ros.utils.LogStartup.main(LogStartup.java:119)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
    )
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
    .java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
    ternal.java:61)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
    rnal.java:34)
    at
    weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
    at
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
    t.java:317)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118
    )
    at
    weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
    ontainer.java:4721)
    at
    weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
    4683)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :985)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :822)
    at
    weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
    oyer.java:3057)
    at
    weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
    eployer.java:895)
    at
    weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
    )
    at
    weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
    ymentManagerServerLifeCycleImpl.java:229)
    at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
    at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
    at weblogic.Server.main(Server.java:32)
    9060 [main] ERROR ros.services.jms.RISJMSMessage - Exception 2:
    java.lang.NullPointerException
    java.lang.NullPointerException
    at ros.services.jms.RISJMSMessage.send(RISJMSMessage.java:72)
    at ros.services.jms.TestJMS.connect(TestJMS.java:16)
    at ros.utils.LogStartup.startup(LogStartup.java:98)
    at ros.utils.LogStartup.main(LogStartup.java:119)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
    )
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
    .java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.invokeMain(AppLifecycleListenerIn
    ternal.java:61)
    at
    weblogic.j2ee.AppLifecycleListenerInternal.preStart(AppLifecycleListenerInte
    rnal.java:34)
    at
    weblogic.j2ee.ListenerInvocationAction.run(ListenerInvocationAction.java:50)
    at
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
    t.java:317)
    at
    weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
    at
    weblogic.j2ee.J2EEApplicationContainer.notifySecureListener(J2EEApplicationC
    ontainer.java:4721)
    at
    weblogic.j2ee.J2EEApplicationContainer.notify(J2EEApplicationContainer.java:
    4683)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :985)
    at
    weblogic.j2ee.J2EEApplicationContainer.prepare(J2EEApplicationContainer.java
    :822)
    at
    weblogic.management.deploy.slave.SlaveDeployer$Application.prepare(SlaveDepl
    oyer.java:3057)
    at
    weblogic.management.deploy.slave.SlaveDeployer.prepareAllApplications(SlaveD
    eployer.java:895)
    at
    weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:363
    )
    at
    weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(Deplo
    ymentManagerServerLifeCycleImpl.java:229)
    at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
    at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
    at weblogic.Server.main(Server.java:32)

    DB:2.61:Wls8.1 Two-Way Ssl Jms ≫ Handshake Failure 8z

    Hi Gibson,
    I have been also trying the 2 way SSL with but failing at the basic step. Are you following the way it has been mentioned in the example http://e-docs.bea.com/wls/docs91/security/SSL_client.html#1033891 ie 2 way authentication with JNDI ?. My question is, if I use using keytool -genkey utility, it gives me a private key/certificate pair. How do I extract the private key from that so that I can use the way it has been mentioned in the example?

    Thanks
    Satish

  • RELEVANCY SCORE 2.61

    DB:2.61:Eap-Tls And Ise 1.1 With Ad Certificates 8j



    Hello,

    I am trying to configure EAP-TLS authentication with AD certificates.

    All ISE servers are joined to AD

    I have the root certificate from the CA to Activie Directory installed on the ISE servers

    I created the certificate authentication profile using the root certificate

    I have PEAP\EAP-TLS enabled as my allowed protocol

    I am getting the following error for authentication:

    "11507  Extracted EAP-Response/Identity

    12500  Prepared EAP-Request proposing EAP-TLS with challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12301  Extracted EAP-Response/NAK requesting to use PEAP instead

    12300  Prepared EAP-Request proposing PEAP with challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12302  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated

    12318  Successfully negotiated PEAP version 0

    12800  Extracted first TLS record; TLS handshake started

    12805  Extracted TLS ClientHello message

    12814  Prepared TLS Alert message

    12817  TLS handshake failed

    12309  PEAP handshake failed"

    I have self-signed certificates on the ISE servers – do they need to be signed by the same CA as the client?

    Any other issues I am missing?

    Thanks,
    Michael Wynston
    Senior Solutions Architect
    CCIE# 5449
    Email: Michael.Wynston@eplus.com
    Phone: (212)401-5059
    Cell: (908)413-5813
    AOL IM: cw2kman
    E-Plus
    http://www.eplus.com

    DB:2.61:Eap-Tls And Ise 1.1 With Ad Certificates 8j


    Please review the below link which might be helpful :

    http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod_certificates.pdf

    http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_id_stores.pdf

  • RELEVANCY SCORE 2.61

    DB:2.61:Exception: Simultaneous Clienthello Message Present fz


    Trying to use NMDecrypt to decrypt LDAP/S traffic from a Win7 client to a Win2008R1 SP2 Active Directory domain controller, but the decryption always fails with EXCEPTION: Simultaneous ClientHello message present. Happens in multiple captures. Have
    selected the TCP conversation in the Network Conversations field. Using NMDecrypt 2.3.4 from CodePlex and have used both the Default and Windows parsers 3.4.2774.001.
    From debug log file:
    6,74: Processing Field: Ethernet.Ipv4.Tcp.TCPPayload.TLSSSLData.TLS.TlsRecLayer.TlsRecordLayer.SSLHandshake.HandShake
    Value:
    6,75: Processing Field: Ethernet.Ipv4.Tcp.TCPPayload.TLSSSLData.TLS.TlsRecLayer.TlsRecordLayer.SSLHandshake.HandShake.HandShakeType
    Value: ServerHello(0x02)
    Found Handshake Message 2 (Ethernet.Ipv4.Tcp.TCPPayload.TLSSSLData.Tls.TlsRecLayer.TlsRecordLayer.SSLHandshake.HandShake.HandShakeType)
    EXCEPTION: Simultaneous ClientHello message present
    No Frames were decrypted, Netmon Filter Set may not match with current parser version. Use parser version 3.4.2345.1 or greater.
    From the network capture:
    210:45:45 AM 9/7/20120.0000000169.172.16.7410.40.38.79TCPTCP:Flags=......S., SrcPort=58447, DstPort=ldap protocol over TLS/SSL (was sldap)(636), PayloadLen=0, Seq=2920459848, Ack=0, Win=65535 ( Negotiating scale
    factor 0x1 ) = 65535{TCP:2, IPv4:1}
    310:45:45 AM 9/7/20120.000155910.40.38.79169.172.16.74TCPTCP: [Bad CheckSum]Flags=...A..S., SrcPort=ldap protocol over TLS/SSL (was sldap)(636), DstPort=58447, PayloadLen=0, Seq=1588180437, Ack=2920459849, Win=8192
    ( Negotiated scale factor 0x8 ) = 2097152{TCP:2, IPv4:1}
    410:45:45 AM 9/7/20120.0041307169.172.16.7410.40.38.79TCPTCP:Flags=...A...., SrcPort=58447, DstPort=ldap protocol over TLS/SSL (was sldap)(636), PayloadLen=0, Seq=2920459849, Ack=1588180438, Win=33312 (scale factor
    0x1) = 66624{TCP:2, IPv4:1}
    510:45:45 AM 9/7/20120.0046922169.172.16.7410.40.38.79SSLSSL:SSLv2RecordLayer, ClientHello (0x01){SSL:4, SSLVersionSelector:3, TCP:2, IPv4:1}
    610:45:45 AM 9/7/20120.026300010.40.38.79169.172.16.74TLSTLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate. Certificate Request. Server Hello Done.{TLS:5, SSLVersionSelector:3, TCP:2, IPv4:1}
    710:45:45 AM 9/7/20120.0319092169.172.16.7410.40.38.79TCPTCP:Flags=...A...., SrcPort=58447, DstPort=ldap protocol over TLS/SSL (was sldap)(636), PayloadLen=0, Seq=2920459991, Ack=1588182724, Win=32863 (scale factor
    0x1) = 65726{TCP:2, IPv4:1}
    810:45:45 AM 9/7/20120.0327988169.172.16.7410.40.38.79TLSTLS:TLS Rec Layer-1 HandShake: Certificate.; TLS Rec Layer-2 HandShake: Client Key Exchange.; TLS Rec Layer-3 Cipher Change Spec; TLS Rec Layer-4 HandShake: Encrypted
    Handshake Message.{TLS:5, SSLVersionSelector:3, TCP:2, IPv4:1}
    910:45:45 AM 9/7/20120.034251110.40.38.79169.172.16.74TLSTLS:TLS Rec Layer-1 Cipher Change Spec; TLS Rec Layer-2 HandShake: Encrypted Handshake Message.{TLS:5, SSLVersionSelector:3, TCP:2, IPv4:1}
    1010:45:45 AM 9/7/20120.0385734169.172.16.7410.40.38.79LDAPLDAP:Encrypted Over SSL{LDAP:6, TLS:5, SSLVersionSelector:3, TCP:2, IPv4:1}
    1110:45:45 AM 9/7/20120.045946510.40.38.79169.172.16.74LDAPLDAP:Encrypted Over SSL{LDAP:6, TLS:5, SSLVersionSelector:3, TCP:2, IPv4:1}
    Ideas?BrianY MCT, MCLC

    DB:2.61:Exception: Simultaneous Clienthello Message Present fz

    Brain, I'm certain, but I might have addressed this problem recently and haven't posted a new version on Codeplex yet. I would need your trace to confirm this. If you could contact me via the
    blog, we could communicate in email and try to see if this is resovled by the newer unreleased version.
    Thanks,
    Paul

  • RELEVANCY SCORE 2.61

    DB:2.61:Issue While Attempting Client-Cert Authentication In 8.1 Sp5 fa


    Folks,

    I have been trying to do a client cert authentication in weblogic for a while now, condition is I cannot use weblogic's provided code for licensing issues. Appericiated much the help or pointers from your side.
    following is the run-down of whatever i did till now.

    Please note that this is a test code, so there could be so many minore issues like streams not closed properly and others.

    1. I have imported the server's SSL certificate in client's store
    2. Usermapper is configured in weblogic properly.following is my client code:

    import javax.net.ssl.*;
    import java.net.*;
    import javax.security.cert.*;
    import java.security.cert.CertificateFactory;
    import java.security.cert.X509Certificate;
    import java.security.*;
    import javax.security.auth.x500.X500Principal;

    import java.io.*;

    public class TwoWaySSLTest {

    public static String STORE_PASSWORD = "changeit";
    public static String STORE_ALIAS = "test";
    public static String STORE_FILENAME = "D:\\TP\\test1.keystore";

    public static void main(String s[]) {
    try {
    //System.out.println(System.getProperty("javax.net.ssl.trustStore"));
    System.setProperty("javax.net.ssl.trustStore", "C:/jdk1.5.0_03/jre/lib/security/cacerts");
    URL url = new URL("https://hostname:7002/springapp/welcome.jsp");

    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

    TestHostnameVerifier tHost = new TestHostnameVerifier();
    connection.setDefaultHostnameVerifier(tHost);
    connection.setHostnameVerifier(tHost);

    connection.setSSLSocketFactory(getFactory1(STORE_PASSWORD,"test1.keystore", "1.cer"));

    connection.connect();

    System.out.println("-------------------Start of Response---------------------------\n");

    InputStream in = connection.getInputStream();
    BufferedReader buff = new BufferedReader(new InputStreamReader(in));
    String temp = buff.readLine();
    do {
    System.out.println(temp);
    temp = buff.readLine();
    }
    while(temp != null);

    System.out.println("\n-------------------End of Response-----------------------------");
    }
    catch (Exception e) {
    System.out.println("Exception e : "+e);
    e.printStackTrace();
    }
    }

    public static SSLSocketFactory getFactory1(String password, String file, String certfile) throws Exception {
    SSLContext sc = SSLContext.getInstance("TLS");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    KeyStore ks = KeyStore.getInstance("jks");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(certfile));
    System.out.println("Loading the certificates in the keystore : " + file);
    ks.load(new FileInputStream(file), password.toCharArray());
    tmf.init(ks);
    kmf.init(ks, password.toCharArray());
    sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    return sc.getSocketFactory();
    }
    }

    class TestHostnameVerifier implements HostnameVerifier {

    public boolean verify(String hostname, SSLSession session) {
    try {
    System.out.println("Peer Histname : "+session.getPeerHost() + " Host name : "+ hostname);
    javax.security.cert.X509Certificate[] x = session.getPeerCertificateChain();
    for (int i = 0; i x.length ; i++ ) {
    System.out.println("One more");
    System.out.println("Certificate DN : " + x.getIssuerDN() + " Subject : "+(x[i].getSubjectDN()).getName()) ;
    }
    }
    catch (Exception e) {
    System.out.println("Exception in TestHostname Verifier "+e);
    e.printStackTrace();
    }
    return true;
    }
    }

    Following is the exception I am recieving at the client side:

    -------------------Start of Response---------------------------

    Exception e : java.io.IOException: Server returned HTTP response code: 403 for URL: https://hostname:7002/springapp/welcome.jsp
    java.io.IOException: Server returned HTTP response code: 403 for URL: https://hostname:7002/springapp/welcome.jsp
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    at TwoWaySSLTest.main(TwoWaySSLTest.java:36)

    and on the server side SSL Debug trace is :

    Debug TLS 000000 Filtering JSSE SSLSocket
    Debug TLS 000000 SSLIOContextTable.addContext(ctx): 6466829
    Debug TLS 000000 SSLSocket will be Muxing
    Debug TLS 000000 SSLIOContextTable.findContext(is): 5190593
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL Version 2 with no padding
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received SSL_20_RECORD
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 58
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 506
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 4
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received HANDSHAKE
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange RSA
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received CHANGE_CIPHER_SPEC
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received HANDSHAKE
    Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Debug TLS 000000 SSLIOContextTable.findContext(sock): 30335176
    Debug TLS 000000 activateNoRegister()
    Debug TLS 000000 avalable(): 25831178 : 0 + 0 = 0
    Debug TLS 000000 SSLFilter.activate(): activated: 5190593 25831178
    Debug TLS 000000 25831178 read( offset: 0 length: 4080 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns true
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received APPLICATION_DATA
    Debug TLS 000000 25831178 APPDATA databufferLen 0
    Debug TLS 000000 25831178 APPDATA contentLength 236
    Debug TLS 000000 25831178 read databufferLen 236
    Debug TLS 000000 25831178 read A returns 236
    Debug TLS 000000 25831178 read( offset: 236 length: 3844 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns false 1
    Debug TLS 000000 25831178 Rethrowing InterruptedIOException
    Debug TLS 000000 SSLIOContextTable.findContext(sock): 30335176
    Debug TLS 000000 activateNoRegister()
    Debug TLS 000000 avalable(): 25831178 : 0 + 0 = 0
    Debug TLS 000000 SSLFilter.activate(): activated: 5190593 25831178
    Debug TLS 000000 25831178 read( offset: 236 length: 3844 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns false 1
    Debug TLS 000000 25831178 Rethrowing InterruptedIOException
    Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 199
    Debug TLS 000000 write APPLICATION_DATA offset = 6 length = 1216
    Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@1a336d5 Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:267)
    at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:605)
    at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:569)
    at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:513)
    at weblogic.servlet.internal.ServletResponseImpl.send(ServletResponseImpl.java:1221)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2635)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    000000 avalable(): 25831178 : 0 + 0 = 0
    000000 write ALERT offset = 0 length = 2
    000000 SSLIOContextTable.removeContext(ctx): 6466829

    DB:2.61:Issue While Attempting Client-Cert Authentication In 8.1 Sp5 fa

    Folks,

    I have been trying to do a client cert authentication in weblogic for a while now, condition is I cannot use weblogic's provided code for licensing issues. Appericiated much the help or pointers from your side.
    following is the run-down of whatever i did till now.

    Please note that this is a test code, so there could be so many minore issues like streams not closed properly and others.

    1. I have imported the server's SSL certificate in client's store
    2. Usermapper is configured in weblogic properly.following is my client code:

    import javax.net.ssl.*;
    import java.net.*;
    import javax.security.cert.*;
    import java.security.cert.CertificateFactory;
    import java.security.cert.X509Certificate;
    import java.security.*;
    import javax.security.auth.x500.X500Principal;

    import java.io.*;

    public class TwoWaySSLTest {

    public static String STORE_PASSWORD = "changeit";
    public static String STORE_ALIAS = "test";
    public static String STORE_FILENAME = "D:\\TP\\test1.keystore";

    public static void main(String s[]) {
    try {
    //System.out.println(System.getProperty("javax.net.ssl.trustStore"));
    System.setProperty("javax.net.ssl.trustStore", "C:/jdk1.5.0_03/jre/lib/security/cacerts");
    URL url = new URL("https://hostname:7002/springapp/welcome.jsp");

    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

    TestHostnameVerifier tHost = new TestHostnameVerifier();
    connection.setDefaultHostnameVerifier(tHost);
    connection.setHostnameVerifier(tHost);

    connection.setSSLSocketFactory(getFactory1(STORE_PASSWORD,"test1.keystore", "1.cer"));

    connection.connect();

    System.out.println("-------------------Start of Response---------------------------\n");

    InputStream in = connection.getInputStream();
    BufferedReader buff = new BufferedReader(new InputStreamReader(in));
    String temp = buff.readLine();
    do {
    System.out.println(temp);
    temp = buff.readLine();
    }
    while(temp != null);

    System.out.println("\n-------------------End of Response-----------------------------");
    }
    catch (Exception e) {
    System.out.println("Exception e : "+e);
    e.printStackTrace();
    }
    }

    public static SSLSocketFactory getFactory1(String password, String file, String certfile) throws Exception {
    SSLContext sc = SSLContext.getInstance("TLS");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    KeyStore ks = KeyStore.getInstance("jks");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(certfile));
    System.out.println("Loading the certificates in the keystore : " + file);
    ks.load(new FileInputStream(file), password.toCharArray());
    tmf.init(ks);
    kmf.init(ks, password.toCharArray());
    sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    return sc.getSocketFactory();
    }
    }

    class TestHostnameVerifier implements HostnameVerifier {

    public boolean verify(String hostname, SSLSession session) {
    try {
    System.out.println("Peer Histname : "+session.getPeerHost() + " Host name : "+ hostname);
    javax.security.cert.X509Certificate[] x = session.getPeerCertificateChain();
    for (int i = 0; i x.length ; i++ ) {
    System.out.println("One more");
    System.out.println("Certificate DN : " + x.getIssuerDN() + " Subject : "+(x[i].getSubjectDN()).getName()) ;
    }
    }
    catch (Exception e) {
    System.out.println("Exception in TestHostname Verifier "+e);
    e.printStackTrace();
    }
    return true;
    }
    }

    Following is the exception I am recieving at the client side:

    -------------------Start of Response---------------------------

    Exception e : java.io.IOException: Server returned HTTP response code: 403 for URL: https://hostname:7002/springapp/welcome.jsp
    java.io.IOException: Server returned HTTP response code: 403 for URL: https://hostname:7002/springapp/welcome.jsp
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
    at TwoWaySSLTest.main(TwoWaySSLTest.java:36)

    and on the server side SSL Debug trace is :

    Debug TLS 000000 Filtering JSSE SSLSocket
    Debug TLS 000000 SSLIOContextTable.addContext(ctx): 6466829
    Debug TLS 000000 SSLSocket will be Muxing
    Debug TLS 000000 SSLIOContextTable.findContext(is): 5190593
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL Version 2 with no padding
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received SSL_20_RECORD
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 58
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 506
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 4
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received HANDSHAKE
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange
    Debug TLS 000000 HANDSHAKEMESSAGE: ClientKeyExchange RSA
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received CHANGE_CIPHER_SPEC
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 isMuxerActivated: false
    Debug TLS 000000 SSLFilter.isActivated: false
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received HANDSHAKE
    Debug TLS 000000 HANDSHAKEMESSAGE: Finished
    Debug TLS 000000 write CHANGE_CIPHER_SPEC offset = 0 length = 1
    Debug TLS 000000 write HANDSHAKE offset = 0 length = 16
    Debug TLS 000000 SSLIOContextTable.findContext(sock): 30335176
    Debug TLS 000000 activateNoRegister()
    Debug TLS 000000 avalable(): 25831178 : 0 + 0 = 0
    Debug TLS 000000 SSLFilter.activate(): activated: 5190593 25831178
    Debug TLS 000000 25831178 read( offset: 0 length: 4080 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns true
    Debug TLS 000000 25831178 readRecord()
    Debug TLS 000000 25831178 SSL3/TLS MAC
    Debug TLS 000000 25831178 received APPLICATION_DATA
    Debug TLS 000000 25831178 APPDATA databufferLen 0
    Debug TLS 000000 25831178 APPDATA contentLength 236
    Debug TLS 000000 25831178 read databufferLen 236
    Debug TLS 000000 25831178 read A returns 236
    Debug TLS 000000 25831178 read( offset: 236 length: 3844 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns false 1
    Debug TLS 000000 25831178 Rethrowing InterruptedIOException
    Debug TLS 000000 SSLIOContextTable.findContext(sock): 30335176
    Debug TLS 000000 activateNoRegister()
    Debug TLS 000000 avalable(): 25831178 : 0 + 0 = 0
    Debug TLS 000000 SSLFilter.activate(): activated: 5190593 25831178
    Debug TLS 000000 25831178 read( offset: 236 length: 3844 )
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 isMuxerActivated: true
    Debug TLS 000000 SSLFilter.isActivated: true
    Debug TLS 000000 hasSSLRecord()
    Debug TLS 000000 hasSSLRecord returns false 1
    Debug TLS 000000 25831178 Rethrowing InterruptedIOException
    Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 199
    Debug TLS 000000 write APPLICATION_DATA offset = 6 length = 1216
    Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@1a336d5 Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
    at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:267)
    at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:605)
    at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:569)
    at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:513)
    at weblogic.servlet.internal.ServletResponseImpl.send(ServletResponseImpl.java:1221)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2635)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    000000 avalable(): 25831178 : 0 + 0 = 0
    000000 write ALERT offset = 0 length = 2
    000000 SSLIOContextTable.removeContext(ctx): 6466829

  • RELEVANCY SCORE 2.61

    DB:2.61:No Access To Knowledge Base Discuss Forum From Ppc G3 Mac Os X And Safari k8



    Login to http://www.vmware.com/vmwarestore/newstore/register_done.jsp

    Try and click on Support | Knowledge Base or Support | Discussion and pop up menu list appears but at far left of screen.

    The second you move the mouse towards it the pop up menu list closes so you never get the chance to click on Knowledge Base or Discussion Forums.

    Does anyone know if this fails on Intel mac OS X Safari as well as PPC G3 mac OS X Safari ?

    PS I had to post this topic using using PPC G3 mac OS X Mozilla instead

    DB:2.61:No Access To Knowledge Base Discuss Forum From Ppc G3 Mac Os X And Safari k8


    There's another workaround for OS-X Safari

    1) Login at vmware.com

    2) Jump to http://www.vmware.com/vmtn/ and click forum link on LHS of screen

  • RELEVANCY SCORE 2.60

    DB:2.60:Filezilla Fails Establishing Ftpes Connexion Since Gnutls 3.0.0 Update f7



    Hi all,

    Im running into some troubles since the last gnutls update ( 3.0.0-2 ).

    Filezilla wont connect in FTPES to a server using a self signed certificate Im running into the following error :

    Status: Connecting to xx.xxx.xxx.xx:21...Status: Connection established, waiting for welcome message...Trace: CFtpControlSocket::OnReceive()Response: 220 ProFTPD 1.3.3a Server (XXXXXXX FTP SERVER) [::ffff:xx.xxx.xxx.xx]Trace: CFtpControlSocket::SendNextCommand()Command: AUTH TLSTrace: CFtpControlSocket::OnReceive()Response: 234 AUTH TLS successfulStatus: Initializing TLS...Trace: CTlsSocket::Handshake()Trace: CTlsSocket::ContinueHandshake()Trace: CTlsSocket::OnSend()Trace: CTlsSocket::OnRead()Trace: CTlsSocket::ContinueHandshake()Trace: CTlsSocket::Failure(-12, 103)Trace: GnuTLS alert 40: Handshake failedError: GnuTLS error -12: A TLS fatal alert has been received.Trace: CRealControlSocket::OnClose(103)Trace: CControlSocket::DoClose(64)Trace: CFtpControlSocket::ResetOperation(66)Trace: CControlSocket::ResetOperation(66)Error: Could not connect to serverTrace: CFileZillaEnginePrivate::ResetOperation(66)

    On the server side the tls error log shows :

    Aug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C requested, starting TLS handshakeAug 18 20:02:05 mod_tls/2.4.1[21290]: unable to accept TLS connection: protocol error: (1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipherAug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C negotiation failed on control channel

    Connexion with other clients such as lftp succeeds.

    Is anyone else running into this issue ?

    TeM

    Last edited by TeM (2011-08-18 20:33:31)

    DB:2.60:Filezilla Fails Establishing Ftpes Connexion Since Gnutls 3.0.0 Update f7


    A patch [1] has been posted which fixes this issue [2]. Either install through ABS and patch it or wait for the next release.[1]: http://trac.filezilla-project.org/attac … /patch.txt[2]: http://trac.filezilla-project.org/ticket/7742

    Last edited by SidK (2011-09-23 16:02:31)

  • RELEVANCY SCORE 2.60

    DB:2.60:Pop3 Sasl Auth Plain Not Supported Over Tls? c3


    Hi,

    Thunberbird does not work with Mac OS X server 10.5.5 POP3 because SASL AUTH PLAIN method is not supported when TLS or SSL is used.

    According to RFC5034:
    "To ensure interoperability, client and server implementations of this extension MUST implement the PLAIN SASL mechanism [RFC4616] running over TLS [RFC2595]."

    I have looked throught Cyrus documentation but I cannot find a find to enable AUTH PLAIN over TLS.

    Any clue how to make the server RFC compliant?

    Best regards,
    Nicolas.

    DB:2.60:Pop3 Sasl Auth Plain Not Supported Over Tls? c3

    In addition to above comments, I have come across a few odd issues while testing newer releases of Thunderbird.

    So if you can't get it to work, try and add the following to /etc/imapd.conf:
    saslmechlist: APOP USER CRAM-MD5 DIGEST-MD5
    (you can also add GSSAPI if you need it)

    HTH,
    Alex

  • RELEVANCY SCORE 2.60

    DB:2.60:Wls8.1 Ssl Jms ≫ Handshake Failure 71


    hi,

    I'm trying to set up a one-way SSL connection on Weblogic 8.1. The
    connection will be from my weblogic instance (as client) to another.
    I have created a keystore which contains the server CA as a trusted
    cert. I have configured the Weblogic console to use the keystore. I
    have disabled the SSL Listener for the client server as instructed
    previously. However, I continue to get the below output from
    weblogic. If anyone has any advice I would really appreciate it.

    Cheers,

    Paul

    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 SSLManager:
    loaded 1 trusted CAs from
    /software/weblogic81/server/lib/RISKeyStore.jks
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 clientInfo
    settings applied
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Filtering
    JSSE SSLSocket
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLIOContextTable.addContext(ctx): 4467737
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 SSLSocket
    will be Muxing
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLIOContextTable.findContext(is): 27995611
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 write
    SSL_20_RECORD
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerHello
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: Certificate
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Performing
    hostname validation checks: 25.10.1.221
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Converting
    principal: CN=Revenue Certificate Authority, OU=Revenue Certifacate
    Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin,
    C=IE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    validationCallback: validateErr = 0

    ...cert info...

    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLTrustValidator returns: 0
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Trust
    status (0): NONE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerKeyExchange
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerKeyExchangeDH
    05-Apr-2004 11:38:47 o'clock IST Debug TLS 000000 Exception
    during handshake, stack trace follows
    java.lang.IllegalArgumentException: Empty key
    at javax.crypto.spec.SecretKeySpec.init(DashoA6275)
    at com.certicom.tls.provider.Mac.init(Unknown Source)
    at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
    Source)
    at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
    Source)
    ....

    DB:2.60:Wls8.1 Ssl Jms ≫ Handshake Failure 71

    This seems to have been it actually. We use a different jce provider, so
    this seemed to be causing problems. Once I disabled them the handshake
    could be completed successfully.

    Now I'm planning to enable 2-way SSL. Expect more postings!!!

    Thanks for your help.

    Paul

    "Pavel" PavelS@no.spam wrote in message
    news:4072d120@newsgroups.bea.com...

    Looks like your ssl configuration is fine, and the certficate received bythe ssl
    client passed the validation check. Check if you have any non-default jceproviders
    installed in java.security or dynamically (specifically KeyAgreement), andif
    you do try to run without them and see if this makes a difference. Also,could
    you post the rest of the IllegalArgumentException error stack?

    Pavel.

    "Paul Gibson" paul.gibson@accenture.com wrote:
    hi,

    I'm trying to set up a one-way SSL connection on Weblogic 8.1. The
    connection will be from my weblogic instance (as client) to another.
    I have created a keystore which contains the server CA as a trusted
    cert. I have configured the Weblogic console to use the keystore. I
    have disabled the SSL Listener for the client server as instructed
    previously. However, I continue to get the below output from
    weblogic. If anyone has any advice I would really appreciate it.

    Cheers,

    Paul

    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 SSLManager:
    loaded 1 trusted CAs from
    /software/weblogic81/server/lib/RISKeyStore.jks
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 clientInfo
    settings applied
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Filtering
    JSSE SSLSocket
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLIOContextTable.addContext(ctx): 4467737
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 SSLSocket
    will be Muxing
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLIOContextTable.findContext(is): 27995611
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 write
    SSL_20_RECORD
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerHello
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: Certificate
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Performing
    hostname validation checks: 25.10.1.221
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Converting
    principal: CN=Revenue Certificate Authority, OU=Revenue Certifacate
    Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin,
    C=IE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    validationCallback: validateErr = 0

    ...cert info...

    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLTrustValidator returns: 0
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 Trust
    status (0): NONE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    isMuxerActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    SSLFilter.isActivated: false
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    readRecord()
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    SSL3/TLS MAC
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000 5539609
    received HANDSHAKE
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerKeyExchange
    05-Apr-2004 11:38:45 o'clock IST Debug TLS 000000
    HANDSHAKEMESSAGE: ServerKeyExchangeDH
    05-Apr-2004 11:38:47 o'clock IST Debug TLS 000000 Exception
    during handshake, stack trace follows
    java.lang.IllegalArgumentException: Empty key
    at javax.crypto.spec.SecretKeySpec.init(DashoA6275)
    at com.certicom.tls.provider.Mac.init(Unknown Source)
    at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
    Source)
    at com.certicom.tls.ciphersuite.SecurityParameters.TLS_PRF(Unknown
    Source)
    ....

  • RELEVANCY SCORE 2.60

    DB:2.60:Bridge Jms On Ssl Mutual Authenticathed Servers 3p


    Hi all,

    I'm facing a problem on bridging JMS message with WLS bridge on SSL Mutual authenticathed Servers

    I configured two WLS (8.1 SP6), say "ALICE" and "BOB", with SSL listen port and I enabled "Two Way Client Cert Behavior" with "Client Certs Requested and Enforced" for both servers.

    I configured a WLS bridge on ALICE with source destination on ALICE itself and target destination on BOB.

    When I start this bridge it cannot connect to BOB. I enabled SSL debug and I found that ALICE didn't send CLIENT certificate to BOB.

    Here is BOB's log:

    22-mag-2008 14.56.10 CEST Debug TLS 000000 Filtering JSSE SSLSocket
    22-mag-2008 14.56.10 CEST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 32975481
    22-mag-2008 14.56.10 CEST Debug TLS 000000 SSLSocket will be Muxing
    22-mag-2008 14.56.10 CEST Debug TLS 000000 SSLFilter.isActivated: false
    22-mag-2008 14.56.10 CEST Debug TLS 000000 isMuxerActivated: false
    22-mag-2008 14.56.10 CEST Debug TLS 000000 SSLFilter.isActivated: false
    22-mag-2008 14.56.12 CEST Debug TLS 000000 7192496 SSL Version 2 with no padding
    22-mag-2008 14.56.12 CEST Debug TLS 000000 21231495 SSL3/TLS MAC
    22-mag-2008 14.56.12 CEST Debug TLS 000000 21231495 received SSL_20_RECORD
    22-mag-2008 14.56.12 CEST Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2
    22-mag-2008 14.56.12 CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 58
    22-mag-2008 14.56.12 CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 566
    22-mag-2008 14.56.12 CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 260
    22-mag-2008 14.56.12 CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 4
    22-mag-2008 14.56.12 CEST Debug TLS 000000 SSLFilter.isActivated: false
    22-mag-2008 14.56.12 CEST Debug TLS 000000 isMuxerActivated: false
    22-mag-2008 14.56.12 CEST Debug TLS 000000 SSLFilter.isActivated: false
    22-mag-2008 14.56.13 CEST Debug TLS 000000 21231495 SSL3/TLS MAC
    22-mag-2008 14.56.13 CEST Debug TLS 000000 21231495 received HANDSHAKE
    22-mag-2008 14.56.13 CEST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    22-mag-2008 14.56.13 CEST Debug TLS 000000 validationCallback: validateErr = 0
    22-mag-2008 14.56.13 CEST Debug TLS 000000 Required peer certificates not supplied by peer
    22-mag-2008 14.56.13 CEST Warning Security BEA-090508 Certificate chain received from localhost - 127.0.0.1 was incomplete.
    22-mag-2008 14.56.13 CEST Debug TLS 000000 Validation error = 4
    22-mag-2008 14.56.13 CEST Debug TLS 000000 Certificate chain is incomplete
    22-mag-2008 14.56.13 CEST Debug TLS 000000 User defined JSSE trustmanagers not allowed to override
    22-mag-2008 14.56.13 CEST Debug TLS 000000 SSLTrustValidator returns: 68
    22-mag-2008 14.56.13 CEST Debug TLS 000000 Trust failure (68): CERT_CHAIN_INCOMPLETE
    22-mag-2008 14.56.13 CEST Debug TLS 000000 NEW ALERT with Severity: FATAL, Type: 40

    and here is ALICE's log:

    22-mag-2008 15.28.01 CEST Warning Connector BEA-190032 Weblogic Messaging Bridge Adapter (XA)_eis/jms/WLSConnectionFactoryJNDIXA ResourceAllocationException of javax.resource.ResourceException: ConnectionFactory: failed to get
    initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob) on createManagedConnection.
    22-mag-2008 15.28.01 CEST Info MessagingBridge BEA-200043 Bridge "AliceToBobMessagingBridge" failed to connect to the target destination and will try again in 25 seconds. (java.lang.Exception: javax.resource.ResourceException: Conn
    ectionFactory: failed to get initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3s://localhost:7002, user name = jmsbob)
    at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1386)
    at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1366)
    at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:345)
    at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
    at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
    at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
    at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
    at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
    at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
    at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
    at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
    at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
    at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
    -------------- Linked Exception ------------
    javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
    As, and hostname verification settings.; No available router to destination]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:651)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:320)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:253)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.init(InitialContext.java:195)
    at weblogic.jms.adapter.JMSBaseConnection.getInitialContext(JMSBaseConnection.java:1967)
    at weblogic.jms.adapter.JMSBaseConnection.startInternal(JMSBaseConnection.java:233)
    at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:219)
    at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnection(JMSManagedConnectionFactory.java:188)
    at weblogic.connector.common.internal.ConnectionFactory.createResource(ConnectionFactory.java:127)
    at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1193)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:345)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:286)
    at weblogic.connector.common.internal.ConnectionPool.reserveResource(ConnectionPool.java:567)
    at weblogic.common.resourcepool.ResourcePoolImpl.reserveResource(ResourcePoolImpl.java:280)
    at weblogic.connector.common.internal.ConnectionPoolManager.getConnection(ConnectionPoolManager.java:650)
    at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConnection(ConnectionManagerImpl.java:106)
    at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMSBaseConnectionFactory.java:120)
    at weblogic.jms.bridge.internal.MessagingBridge.getConnections(MessagingBridge.java:809)
    at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.java:991)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
    Caused by: java.net.ConnectException: t3s://localhost:7002: Destination unreachable; nested exception is:
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from localhost - 127.0.0.1. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted C
    As, and hostname verification settings.; No available router to destination
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:310)
    ... 23 more
    )
    22-mag-2008 15.28.09 CEST Info MessagingBridge BEA-200036 The Started attribute of Bridge "AliceToBobMessagingBridge" has been changed from "true" to "false".

    What I need to do to avoid this problem?
    Nathan65

    DB:2.60:Bridge Jms On Ssl Mutual Authenticathed Servers 3p

    I checked my configuration. ALICE's keystores are

    IDENTITY

    Tipo keystore: jks
    Provider keystore: SUN

    Il keystore contiene 2 entry

    Nome alias: certgenca
    Data di creazione: 21-mag-2008
    Tipo entry: trustedCertEntry

    Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
    Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
    Impronte digitali certificato:
    MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
    SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59

    *******************************************
    *******************************************

    Nome alias: alicecert
    Data di creazione: 21-mag-2008
    Tipo entry: keyEntry
    Lunghezza catena certificati: 1
    Certificato[1]:
    Proprietario: CN=alice@etnoteam.it, OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: -1dbb65eaa595141fa1e44ba5856d65e4
    Valido da Tue May 20 09:39:25 CEST 2008 a Sun May 21 09:39:25 CEST 2023
    Impronte digitali certificato:
    MD5: BA:01:C2:E3:CC:92:C4:99:F7:8C:28:FF:C1:16:88:D9
    SHA1: C0:D8:E8:B6:C2:62:03:90:3F:23:3C:FA:A8:C8:0A:00:FA:96:5A:4E

    *******************************************
    *******************************************

    TRUST

    Tipo keystore: jks
    Provider keystore: SUN

    Il keystore contiene 1 entry

    Nome alias: certgenca
    Data di creazione: 21-mag-2008
    Tipo entry: trustedCertEntry

    Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
    Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
    Impronte digitali certificato:
    MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
    SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59

    *******************************************
    *******************************************

    BOB's keystores are:

    IDENTITY

    Tipo keystore: jks
    Provider keystore: SUN

    Il keystore contiene 2 entry

    Nome alias: certgenca
    Data di creazione: 21-mag-2008
    Tipo entry: trustedCertEntry

    Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
    Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
    Impronte digitali certificato:
    MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
    SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59

    *******************************************
    *******************************************

    Nome alias: bobcert
    Data di creazione: 21-mag-2008
    Tipo entry: keyEntry
    Lunghezza catena certificati: 1
    Certificato[1]:
    Proprietario: CN=bob@etnoteam.it, OU=CompetenceCenter, O=ValueTeam, L=Rome, ST=IT, C=IT
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: 26ccb8983c1cd0dc2eb6b0c7019eddb2
    Valido da Tue May 20 09:53:38 CEST 2008 a Sun May 21 09:53:38 CEST 2023
    Impronte digitali certificato:
    MD5: 6C:B3:9D:02:6E:CD:F4:04:C2:76:F2:92:97:39:66:7E
    SHA1: D1:07:5A:64:79:2F:FE:35:4D:D4:FD:7E:42:FC:D3:9C:68:6B:EE:B8

    *******************************************
    *******************************************

    TRUST (same as ALICE's TRUST)

    Tipo keystore: jks
    Provider keystore: SUN

    Il keystore contiene 1 entry

    Nome alias: certgenca
    Data di creazione: 21-mag-2008
    Tipo entry: trustedCertEntry

    Proprietario: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Organismo di emissione: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Numero di serie: 234b5559d1fa0f3ff5c82bdfed032a87
    Valido da Thu Oct 24 17:54:45 CEST 2002 a Tue Oct 25 17:54:45 CEST 2022
    Impronte digitali certificato:
    MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
    SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59

    *******************************************
    *******************************************

    Here is a FRAGMENT of ALICE's "config.xml" (I use custom identity and custom trust)

    Server
    CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\alice.jks"
    CustomIdentityKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
    CustomIdentityKeyStoreType="JKS"
    CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\ALICE\CERTIFICATI\certgenca.jks"
    CustomTrustKeyStorePassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug=="
    CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
    JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}CVtHlHaDky1XKC1QZVz2Kw=="
    KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
    ListenPort="7011" Name="alice" NativeIOEnabled="true"
    ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
    StdoutDebugEnabled="true" StdoutSeverityLevel="64"
    SSL ClientCertificateEnforced="true" Enabled="true"
    HostnameVerificationIgnored="true"
    IdentityAndTrustLocations="KeyStores" ListenPort="7012"
    Name="alice" ServerPrivateKeyAlias="alicecert"
    ServerPrivateKeyPassPhraseEncrypted="{3DES}/q7+XXkrvz0zncx18PjDug==" TwoWaySSLEnabled="true"/
    Log FileCount="2" FileMinSize="5000" Name="alice" NumberOfFilesLimited="true"/
    /Server

    and also here is a fragment of BOB's "config.xml" (same of ALICE's keystores configuration)

    Server
    CustomIdentityKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\bob.jks"
    CustomIdentityKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
    CustomIdentityKeyStoreType="JKS"
    CustomTrustKeyStoreFileName="C:\bea\wlp81sp6\user_projects\domains\BOB\CERTIFICATI\certgenca.jks"
    CustomTrustKeyStorePassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w=="
    CustomTrustKeyStoreType="JKS" ExpectedToRun="false"
    JavaStandardTrustKeyStorePassPhraseEncrypted="{3DES}TXgi1bpazzUgtLpwMy9q9Q=="
    KeyStores="CustomIdentityAndCustomTrust" ListenAddress=""
    ListenPort="7001" Name="bob" NativeIOEnabled="true"
    ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.6.0"
    StdoutDebugEnabled="true" StdoutSeverityLevel="64"
    SSL ClientCertificateEnforced="true" Enabled="true"
    HostnameVerificationIgnored="true"
    IdentityAndTrustLocations="KeyStores" ListenPort="7002"
    Name="bob" ServerPrivateKeyAlias="bobcert"
    ServerPrivateKeyPassPhraseEncrypted="{3DES}PJMoAH+j5jeVWzQfY8Gf2w==" TwoWaySSLEnabled="true"/
    Log FileCount="2" FileMinSize="5000" Name="bob" NumberOfFilesLimited="true"/
    /Server

    PS: I used a JNDI Client to access to BOB configured with ALICE's keystores and I got a success.

    Nat.

  • RELEVANCY SCORE 2.60

    DB:2.60:Eap-Tls Certificate Key Size j7



    Hi,

    I'm in the process of setting up EAP-TLS authentication in my network. I have installed 2048 bit certificates on my ACS server and Client. When attempting to authenticate I receive the following message in ACS: EAP-TLS or PEAP authentication failed during SSL handshake.   

    Is anyone using 2048 bit certs or know if they work? Any suggestions what else might be causing the authentication failure?

    Thanks,              

    DB:2.60:Eap-Tls Certificate Key Size j7


    Thanks for letting us know the solution!Sent from Cisco Technical Support iPhone App

  • RELEVANCY SCORE 2.59

    DB:2.59:Mac Os X 11


    Can I get mac os x on my pc?

    DB:2.59:Mac Os X 11

    What does that have to do with anything?

  • RELEVANCY SCORE 2.59

    DB:2.59:Eap-Tls Failing On Wirelss Ipphone Cp-7925g sc



    Hi all,

    we had enabled the eap-tls authentication on our WIFI network. We are using Cisco ACS 1113 Microsoft Certificate Server for this setup. Currently we are able to successfully authenticat EAP-TLS on computer, but the Phones are not registering the network.

    On the ACS we are getting the following error.

    "EAP-TLS or PEAP authentication failed due to invalid certificate during SSL handshake".

    Thanks

    Nibin       

    DB:2.59:Eap-Tls Failing On Wirelss Ipphone Cp-7925g sc


    Dear all

    Thanks for your reply. Actually the setting is working for Laptops only issue with Wireless IP Phones.

    Please find the logs from Cisco ACS. I followed the deployment guide for IP Phone.

    AUTH 02/10/2013 13:29:58 I 0000 1756 0xb CryptoLib.SSLConnection.pvServerInfoCB - Process TLS data: SSL state=SSLv3 read client certificate A

    AUTH 02/10/2013 13:29:58 I 2009 1756 0xb EAP: EAP-TLS: Handshake failed

    AUTH 02/10/2013 13:29:58 E 2255 1756 0xb EAP: EAP-TLS: ProcessResponse: SSL recv alert fatal:bad certificate

    AUTH 02/10/2013 13:29:58 E 2258 1756 0xb EAP: EAP-TLS: ProcessResponse: SSL ext error reason: 412 (Ext error code = 0)

    AUTH 02/10/2013 13:29:58 E 2297 1756 0xb EAP: EAP-TLS: ProcessResponse(1519): mapped SSL error code (3) to -2198

    AUTH 02/10/2013 13:29:58 I 0526 1756 0xb EAP: EAP-TLS: Unknown EAP code Unknown EAP code

    AUTH 02/10/2013 13:29:58 I 0366 1756 0xb EAP: EAP state: action = send

    AUTH 02/10/2013 13:29:58 I 1151 1756 0xb [AuthenProcessResponse]:[eapAuthenticate] returned -2198

    AUTH 02/10/2013 13:29:58 I 1198 1756 0xb EAP: -- EAP Failure/EAP-Type=EAP-TLS (identifier=7, seq_id=7)

    AUTH 02/10/2013 13:29:58 I 5501 1756 0xb Done UDB_SEND_RESPONSE, client 50, status UDB_EAP_TLS_INVALID_CERTIFICATE

    Thanks

    Nibin Rodrigues

  • RELEVANCY SCORE 2.59

    DB:2.59:Office For Mac 2011 Fails To Activate With Office 365 University Subscription pj


    I have an Office 365 University subscription. I downloaded and installed Office for Mac 2011 on OS X 10.8.2 but I cant activate it.

    DB:2.59:Office For Mac 2011 Fails To Activate With Office 365 University Subscription pj

    Hi There,
    It is so very good to know that you were able to fix the issues by contacting our Tech Support Team.
    Thank you for posting the suggestions that have helped you as well.
    I am sure it would help others with the same issue.
    Since you have posted this question in the Windows section of the Community, i am moving the same to the Mac section.
    If you have any future issues with any of the Office for Mac applications, please get back to us and we will be happy to help you.
    Thank You

  • RELEVANCY SCORE 2.59

    DB:2.59:Enforce Machine Authentication With Mac Os X (Eap-Tls) zm



    Hello,

    I'm running the following:

    Aruba OS = v6.4.2.3

    ClearPass = v6.4.1.67428

    EAP-TLS with 'enforce machine authentication' works perfectly with Windows 7. Enforce machine authentication is done on CPPM. However, I'm having trouble with MAC OSX and machine authentication.Do any of you guys know how MAC devices behave in regards to EAP-TLS machine authentication?

    With Windows, my understanding is when it boots up (before user logs in), machine authentication happens. It either uses machine cert or AD computer account for machine authentication. In my case, since client supplicant is configured with EAP-TLS, it will use machine cert for machine authentication. Once user logs in, user cert is used for authentication. If user successully authenticates, CPPM will checks its cached for machine MAC which passes machine auth earlier and ties it to user auth. Hence, machine + user auth combination can be tied to a particular role on CPPM to give user full wifi access. The goal is to prevent non-AD devices from connecting to wifi. This works as expected.

    With MAC OSX, I can't figure out how it behaves. I'm able to join MAC OSX to Windows AD so it has a computer account on AD. But from MAC OSX supplicant perspective, how to force it to use machine certificate for machine authentication versus using its AD computer account with its SID as password?

    Thanks advance for the help.

    KT

  • RELEVANCY SCORE 2.59

    DB:2.59:Connecting To Ftp Repository Fails With 550 Ssl/Tls Required On The Control Channel 1f





    Hi,

    we run several Plesk 11 servers and upgraded some of them to Plesk 12. After the upgrade we got problems (on all Plesk 12 machines) to connect to our backup server via TLS.
    The backup server is a ProFTP that did his job pretty well so far. The interface throws the unspecific error:

    Transport error: unable to list directory: Curl error: Login denied

    I simulated the handshake with:

    Code:

    DB:2.59:Connecting To Ftp Repository Fails With 550 Ssl/Tls Required On The Control Channel 1f




    Hi,

    we run several Plesk 11 servers and upgraded some of them to Plesk 12. After the upgrade we got problems (on all Plesk 12 machines) to connect to our backup server via TLS.
    The backup server is a ProFTP that did his job pretty well so far. The interface throws the unspecific error:

    Transport error: unable to list directory: Curl error: Login denied

    I simulated the handshake with:

    Code:

  • RELEVANCY SCORE 2.59

    DB:2.59:Mac Os X aa


    can i run mac os x leopard on vmware?

  • RELEVANCY SCORE 2.59

    DB:2.59:Photoshop Cc On Mac Os X 10.9 zd



    Photoshop CC on Mac OS X doesn't recognize printers

    DB:2.59:Photoshop Cc On Mac Os X 10.9 zd


    Thanks anyway Jeff, will keep at it as always.

    Happy New Year to you too!

    Cheers,

    M

  • RELEVANCY SCORE 2.59

    DB:2.59:Trouble Setting Up Acrobat X On Mac - Failure Message At End ff



    I have the Product Key ready but after going through all the motions the installation fails on a Mac with OS X 8.x

    DB:2.59:Trouble Setting Up Acrobat X On Mac - Failure Message At End ff


    I have the same problem, and I have looked all through the threads and I can't find a solution. I have not seen a clear solution by anyone yet. Please post solution here.

    try installing adobe acrobat pro x1 for mac on mac pro retina 13"loads fine until the end of installing and then i get same error message posted above like NolaWink gets also posted below.Even though the program failed, its partially there. I can open pdfs and view them form a file location.safari, firefox, etc plugins for viewing pdfs for browsers don't work. see screen shot postedIf I try to update to 11.0.01 it doesn't allow me, and says my files . See screen shot posted
    Please help this is getting ridiculous, I have spend over an hour on the phone with support with no help at all, I have scoured all the forums and I can't get anyone to help me.

  • RELEVANCY SCORE 2.58

    DB:2.58:Visa Fails To Install On Os X 10.6 ca



    VISA fails to install on OS X 10.6 (used Fall 2009 release and download below recommended by NI support.

    If you are using Mac OS X 10.4.8 or later, PPC and x86 or Mac OS X 10.5.x
    PPC and x86, try downloading the VISA driver here:
    http://joule.ni.com/nidu/cds/view/p/id/1266/lang/e​n

    DB:2.58:Visa Fails To Install On Os X 10.6 ca

    See here and here for discussions on snow leopard and problems with that particular GPIB controller.

  • RELEVANCY SCORE 2.58

    DB:2.58:Error:Eap-Tls Or Peap Authentication Failed During Ssl Handshake jj



    hi guys

    am using cisco ACS SE to authenticate users on my wireless lan from the microsoft AD,my clients are using XP and so am using PEAP as my authentication protocol.

    when i try to log on to the network from my laptop i get the following error from the ACS SE log.how do i solve this problem and what is causing it?.

    EAP-TLS or PEAP authentication failed during SSL handshake

    DB:2.58:Error:Eap-Tls Or Peap Authentication Failed During Ssl Handshake jj


    We had a similar problem (in schools where any number of users might use a laptop so the user credentials were never cached).

    We got round the problem by making sure that the EAP-TLS machine authentication box was ticked in the ACS External Database (Windows) config

  • RELEVANCY SCORE 2.58

    DB:2.58:Mac Dr 9ir2 Install On G5 Fails With Ora-03113 d3


    Hi,

    I've not had any success installing the Developer Release
    for Mac OS X on a G5. I've tried Mac OS 10.2.8 and 10.3 Server (Panther) both produce
    ORA-03113: end-of-file on communication channel

    Any reports of successful installation on a G5 would be helpful.

    John.

    DB:2.58:Mac Dr 9ir2 Install On G5 Fails With Ora-03113 d3

    Thanks for you help.
    This was a message I got from Oracle which might be helpful for anyone else encountering this issue..

    The 9iR2 Developer release was tested on Jaguar and G4. G5 is a new processor which was introduced by Apple post 9iR2 developer release. Hence, No testing was done or will be done for the developer release on G5.

    10G will be the production release with Panther O/S 10.3.

  • RELEVANCY SCORE 2.58

    DB:2.58:Ignoring Trust Verification p1



    Hi,

    Is there a way to make WLS NOT to worry about the Trust part of the handshake?
    It is giving me the following error. I want the handshake to be successful even
    if the trust fails...

    John

    Jan 29, 2004 3:17:51 PM PST Warning Security BEA-090477 Certificate chain
    received from myServer.corp.com was not trusted causing SSL handshake failure.
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Validation error = 20
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Certificate chain is incomplete
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Certificate chain is untrusted
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 SSLTrustValidator returns:
    20
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Trust status (20): CERT_CHAIN_INCOMPLETE
    CERT_CHAIN_UNTRUSTED

    DB:2.58:Ignoring Trust Verification p1


    This is for the case when you write and configure your own SSL client. You cannot
    set TrustManager for the connections the server itself makes. Why would you need
    this anyway? You can simply configure the server to trust LDAP's server identity
    certificate.
    Not sure I understand the second question.

    Pavel.

    "John Meyer" john@no_mail.com wrote:

    Thanks Pavel. I have 2 questions now..

    1) The docs talk about SSL client programming between 2 webLogic Servers.
    In my
    case, the WLS is acting as a client to LDAP server. How does this work
    then?

    2) Where does this code for custom SSL client live? If I write my custom
    client,
    how/where do I deploy this?

    Thanks,
    John

    "Pavel" PavelS@no.spam wrote:
    You can set a custom TrustManager using weblogic SSL API that will override
    validation
    error.
    Example here: http://e-docs.bea.com/wls/docs81/security/SSL_client.html#1029656
    uses NulledTrustManager.

    Pavel.

    "John Meyer" john@no_mail.com wrote:
    Hi,

    Is there a way to make WLS NOT to worry about the Trust part of thehandshake?
    It is giving me the following error. I want the handshake to be successful
    even
    if the trust fails...

    John

    Jan 29, 2004 3:17:51 PM PST Warning Security BEA-090477 Certificate
    chain
    received from myServer.corp.com was not trusted causing SSL handshake
    failure.
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Validation error
    = 20
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Certificate chain
    is incomplete
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Certificate chain
    is untrusted
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 SSLTrustValidator
    returns:
    20
    Jan 29, 2004 3:17:51 PM PST Debug TLS 000000 Trust status(20):
    CERT_CHAIN_INCOMPLETE
    CERT_CHAIN_UNTRUSTED

  • RELEVANCY SCORE 2.58

    DB:2.58:Computer Fails To Connect To Internet For Os X Update km


    My computer fails to connect to server for an OS X update though I got a perfect internetconnection. When making a network diagnosis it all seems in order too. Is there a temporary glitch on the "update-server" or should I configure something else?

    MacBook Pro C2D 20" Apple Cinema Monitor Mac OS X (10.4.8)

    DB:2.58:Computer Fails To Connect To Internet For Os X Update km

    Hi RoyalOak:

    Great! I am glad everything is working well again. For unknown reasons, preference files (plist) will, very rarely, become corrupted. Since OS X rebuilds preference files as needed, there is little risk in deleting one (or more) and determining if that corrects the problem.

    Barry

  • RELEVANCY SCORE 2.57

    DB:2.57:Wap4400n Wpa2 Show Stopper Bug With Mac Os X pj


    Hi.

    I'm not sure where I should report this but there's a bug when using the wap4400n access point using WPA/WPA2 enterprise and Mac OS X clients.
    Using Windows, it works fine.
    Using Mac OS X and other vendors AP, it works fine.

    So this bug is really related to Mac+wap4400n.

    Basically, each time you restart the AP, the AP cannot authenticate to the Radius server because somehow the SSL encrypt/decrypt (used for tls/ttls) gets corrupted.
    To make it work again, all it needs is for one to connect to the AP web configuration interface then go to the wireless configuration page and click on "save settings" (without changing anything) ?????

    Very weird, but very real bug!
    If anyone has an idea, I'd be really happy to know about it

    (note that everything from the OS to the AP firmware is at the latest release).

    For info, here is the relevant log from the Radius server (freeradius):

    rlm_eap_tls: Length Included
    eaptls_verify returned 11
    rlm_eap_tls: TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
    rlm_eap_tls: TLS 1.0 ChangeCipherSpec [length 0001]
    rlm_eap_tls: TLS 1.0 Alert [length 0002], fatal bad_record_mac
    TLS Alert write:fatal:bad record mac
    TLS_accept: Need to read more data: SSLv3 read certificate verify A
    rlm_eap: SSL error error:1408F119SL routinesSL3_GET_RECORD:decryption
    failed or bad record mac
    rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
    eaptls_process returned 13
    rlm_eap: Freeing handler
    modcall[authenticate]: module "eap" returns reject for request 5
    modcall: leaving group authenticate (returns reject) for request 5
    auth: Failed to validate the user.

    DB:2.57:Wap4400n Wpa2 Show Stopper Bug With Mac Os X pj

    Wow, and I though I was the only one seeing this...
    It is nice to see I'm not crazy ;-)

    Anyway, no one at Linksys seems to give a **bleep** about this issue. Hopefully I may have some free time this week and try to dig into the problem so I can get as much information as possible.
    If I find anything new, I'll post it here of course.

  • RELEVANCY SCORE 2.57

    DB:2.57:Macintosh Os X, 802.1x, Eap-Tls m1



    Wanting to implement 802.1x authentication on my wired network. using Windows IAS as the radius and Windows 2000/XP/MAC OS X as clients. The Windows clients works perfectly, 802.1x authentication occurs before user login box. The Max OS X clients are the problem. Need a supplicant to authenticate to the network before login. Meetinghouse Aegis for Mac was a supplicant that could do this, but cannot find the software after Cisco acquired Meetinghouse. Is there a version of Cisco Secure Services Client for Mac OS X?

    Anyone else get this setup to work on Mac OS X using another product. Would appriciate any information.

    thanks

    DB:2.57:Macintosh Os X, 802.1x, Eap-Tls m1


    Wanting to implement 802.1x authentication on my wired network. using Windows IAS as the radius and Windows 2000/XP/MAC OS X as clients. The Windows clients works perfectly, 802.1x authentication occurs before user login box. The Max OS X clients are the problem. Need a supplicant to authenticate to the network before login. Meetinghouse Aegis for Mac was a supplicant that could do this, but cannot find the software after Cisco acquired Meetinghouse. Is there a version of Cisco Secure Services Client for Mac OS X?

    Anyone else get this setup to work on Mac OS X using another product. Would appriciate any information.

    thanks

  • RELEVANCY SCORE 2.57

    DB:2.57:Web Services Client And Https m9


    Greetings,

    I am trying to get a standalone, Java based webservices application to work over https. The client side classes were generated with WL's clientgen ant task and I am using the webserviceclient+ssl.jar. Below is a client side dump of the SSL Handshake. If I use the http protocol, all is fine. I am pretty sure the certificates are OK as I have test application that opens a weblogic.net.http.HttpsURLConnection connection and the SSL Handshake completes fine.

    A couple of things are troubling with the standalone application:
    1. The HostnameVerifier is null. I tried setting the weblogic.security.SSL.ignoreHostnameVerification property to true, but the results didn't change.
    2. The class weblogic.webservice.client.https.HttpsURLConnection is being used and seems to behave differently than the weblogic.net.http.HttpsURLConnection class in my test app.

    If I set the weblogic.webservice.client.ssl.strictcertchecking to false, all is fine. However, I am using a NullHostnameVerifier and a NullTrustManager, which doesn't seem like a good long term solution. Also, I receive warnings about cert chain untrusted and subject does not match server name (null).

    Has anyone had success in similiar configurations? Any thoughts/suggestions are appreciated.

    --Kent

    P.S. I am using Java 1.4.1_01 and WLS8.1SP2

    ==== DUMP ====
    SSLAdapter verbose output enabled
    Trusted certificates will be loaded from c:\bea-81sp2\weblogic81\server\lib\keystore\Identity.jks
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 No JCE support for algorithm ECDSA, class java.security.Signature
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm SHA1withDSA, class sun.security.provider.DSA using provider SUN version 1.2
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm MD5withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.41
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm SHA1withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.41
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm MD2withRSA, class java.security.Signature$Delegate using provider SunJSSE version 1.41
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm SHA, class java.security.MessageDigest$Delegate using provider SUN version 1.2
    Jul 29, 2004 9:44:11 AM MDT Debug TLS 000000 JCE support for algorithm MD5, class java.security.MessageDigest$Delegate using provider SUN version 1.2
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm NullMac, class javax.crypto.Mac
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm HmacSHA1, class javax.crypto.Mac using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm HmacMD5, class javax.crypto.Mac using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm DES/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm DESede/CBC/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm DESede/ECB/NoPadding, class javax.crypto.Cipher using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm RC4, class javax.crypto.Cipher
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm RSA/ECB/NoPadding, class javax.crypto.Cipher
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm Anonymous, class javax.crypto.KeyAgreement
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm ECDH, class javax.crypto.KeyAgreement
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE support for algorithm DiffieHellman, class javax.crypto.KeyAgreement using provider SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 No JCE support for algorithm RSA, class javax.crypto.KeyAgreement
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 ECDSA | java.security.Signature | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SHA1withDSA | java.security.Signature | USEJCE | SUN version 1.2
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 MD5withRSA | java.security.Signature | USEJCE | SunJSSE version 1.41
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SHA1withRSA | java.security.Signature | USEJCE | SunJSSE version 1.41
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 MD2withRSA | java.security.Signature | USEJCE | SunJSSE version 1.41
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SHA | java.security.MessageDigest | USEJCE | SUN version 1.2
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 MD5 | java.security.MessageDigest | USEJCE | SUN version 1.2
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 NullMac | javax.crypto.Mac | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 HmacSHA1 | javax.crypto.Mac | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 HmacMD5 | javax.crypto.Mac | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 DES/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 DESede/CBC/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 DESede/ECB/NoPadding | javax.crypto.Cipher | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 RC4 | javax.crypto.Cipher | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 RSA/ECB/PKCS1Padding | javax.crypto.Cipher | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 RSA/ECB/NoPadding | javax.crypto.Cipher | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Anonymous | javax.crypto.KeyAgreement | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 ECDH | javax.crypto.KeyAgreement | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 DiffieHellman | javax.crypto.KeyAgreement | USEJCE | SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 RSA | javax.crypto.KeyAgreement | USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 JCE used for some SSL = true
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 jsafeJCE used for some SSL = false
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 provider[0] - SUN
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 provider[1] - SunJSSE
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 provider[2] - SunRsaSign
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SUN's provider for RSA signatures
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 provider[3] - SunJCE
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 provider[4] - SunJGSS
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Sun (Kerberos v5)
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Crypto to use for RSA is USEHARDWIRED
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 usingJCE = true
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 usingJsafeJCE = false
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Algorithm DES/CBC/NoPadding is not configured for a specific provider
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Provider found by default for DES/CBC/NoPadding is SunJCE version 1.4
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Algorithm DESede/CBC/NoPadding is not configured for a specific provider
    Jul 29, 2004 9:44:12 AM MDT Debug TLS 000000 Provider found by default for DESede/CBC/NoPadding is SunJCE version 1.4
    Jul 29, 2004 9:44:13 AM MDT Debug TLS 000000 SSL/Domestic license found
    Jul 29, 2004 9:44:13 AM MDT Debug TLS 000000 Not in server, Certicom SSL license found
    Jul 29, 2004 9:44:13 AM MDT Debug TLS 000000 SSL Session TTL :90000
    Jul 29, 2004 9:44:13 AM MDT Debug TLS 000000 SSL Session TTL :90000
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 Weblogic license allows domestic
    Loaded local trusted certificates from java.io.FileInputStream@13c0b53
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSL Session TTL :90000
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSL Session TTL :90000
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 Weblogic license allows domestic
    Got new socketfactory javax.net.ssl.impl.SSLSocketFactoryImpl@10ffb38
    openConnection(https://localhost:7002/WsdlServices/Service?WSDL) returning weblogic.webservice.client.https.HttpsURLConnection:https://localhost:7002/WsdlServices/Service?WSDL
    -- using HostnameVerifier null
    -- loaded certs from c:\bea-81sp2\weblogic81\server\lib\keystore\Identity.jks
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLIOContextTable.addContext(ctx): 10288833
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLSocket will NOT be Muxing
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLIOContextTable.findContext(is): 18433730
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 write SSL_20_RECORD
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 isMuxerActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 readRecord()
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 SSL3/TLS MAC
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 received HANDSHAKE
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 isMuxerActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLFilter.isActivated: false
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 readRecord()
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 SSL3/TLS MAC
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 12206609 received HANDSHAKE
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@ef83d3 Severity: 2 Type: 42
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
    at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown Source)
    at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLConnection.java:216)
    at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:87)
    at weblogic.webservice.tools.wsdlp.WSDLParser.init(WSDLParser.java:76)
    at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
    at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:84)
    at weblogic.webservice.core.rpc.ServiceImpl.init(ServiceImpl.java:79)
    at webservices.generated.ServicesBean_Impl.init(ServicesBean_Impl.java:22)
    at WSDLTest.main(WSDLTest.java:12)

    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 write ALERT offset = 0 length = 2
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 close(): 12206609
    Jul 29, 2004 9:44:14 AM MDT Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 10288833
    Caught Throwable: weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://foo:bar@localhost:7002/WsdlServices/Service?WSDL. Please check the URL and make sure that it is a valid XML file [javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.]

    DB:2.57:Web Services Client And Https m9

    I am using wls7.0 sp6 and have the same issue, is there a fix for it?Thanks

  • RELEVANCY SCORE 2.57

    DB:2.57:Windows Xp 7 Fail Authentication To Acs 5.3 3j



    Greetings

    Here is the scenario

    previously using freeradius and no issues existed with windows clients connecting to the wireless.

    The SSID has wpa/wpa2, 802.1x authentication

    Installed ACS 5.3

    configured Store for LDAP - we don't use AD so don't recommend it

    allowing PEAP-GTC as PEAP-MSCHAP2 is unsupported

    uploaded a valid sign Certificate for our organization to be used for EAP

    all MAC clients work and most mobile devices, user receives the cert and click accept and then they are prompted for Username and Password

    However all  windows clients XPSP2, XPSP3, Windows 7 fail to connect

    first error was

    Windows was unable to find a certificate on local machine to use to validate network.

    I would expect that the acs would provide the cert like the MAC devices at this point, that doesn't seem to be the case.

    I exported the cert from acs and imported into the XPSP3 machine and placed it into Trusted Root CA

    I tried almost every store listed as well.

    After the import

    The error is unable to connect to network.

    ACS reports

    While trying to negotiate a TLS handshake with the client, ACS received  an unexpected TLS alert message. This might be due to the supplicant not  trusting the ACS server certificate for some reason. ACS treated the  unexpected message as a sign that the client rejected the tunnel  establishment.

    It also lists the username as the organization in the Cert and PEAP(null)

    for the windows client I have

    auth as WPA2

    Data Encryption as AES

    on the Authentication tab

    EAP type Protected EAP

    authenticate as computer unchecked

    authenticate as guest unchecked

    under EAP properties button

    Validate server cert - checked

    Trusted Root CA - the organizations cert - checked

    do not prompt user - unchecked

    select auth method - smart card or other cert - selected - since mschapv2 is not supported for the ldap store

    clicked configure

    use a certificate on this computer - checked

    use simple cert selection - checked

    Validate server cert - checked

    Trusted Root CA - checked the org cert

    use different user - unchecked

    enable fast reconnect - unchecked

    What I would like to see

    The user selects the ssid is prompted to accept cert from acs accepts user is prompted for their ldap login creds user is authenticated

    Any insight would be greatly appreciated

    15004  Matched rule

    15012  Selected Access Service - RBLDAP Network Access

    11507  Extracted EAP-Response/Identity

    12300  Prepared EAP-Request proposing PEAP with challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12302  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated

    12318  Successfully negotiated PEAP version 0

    12800  Extracted first TLS record; TLS handshake started.

    12805  Extracted TLS ClientHello message.

    12806  Prepared TLS ServerHello message.

    12807  Prepared TLS Certificate message.

    12810  Prepared TLS ServerDone message.

    12305  Prepared EAP-Request with another PEAP challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12304  Extracted EAP-Response containing PEAP challenge-response

    12305  Prepared EAP-Request with another PEAP challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12304  Extracted EAP-Response containing PEAP challenge-response

    12318  Successfully negotiated PEAP version 0

    12812  Extracted TLS ClientKeyExchange message.

    12804  Extracted TLS Finished message.

    12801  Prepared TLS ChangeCipherSpec message.

    12802  Prepared TLS Finished message.

    12816  TLS handshake succeeded.

    12310  PEAP full handshake finished successfully

    12305  Prepared EAP-Request with another PEAP challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12304  Extracted EAP-Response containing PEAP challenge-response

    12511  Unexpectedly received TLS alert message; treating as a rejection by the client

    11504  Prepared EAP-Failure

    11003  Returned RADIUS Access-Reject

    DB:2.57:Windows Xp 7 Fail Authentication To Acs 5.3 3j


    Ok got it working with the anyconnect and NAM.

    had to NAM the profile configuration.xml and place it in the NAM profile folder and install the NAM from scratch.

    this info helped

    https://supportforums.cisco.com/docs/DOC-23117

  • RELEVANCY SCORE 2.57

    DB:2.57:Eap-Tls Error .........Failed Ssl/Tls Handshake Because Of An Unknown Ca In Client Certificate Chain ds



    Hi,

    I am using 802.1x and EAP-TLS as authentication protocol. The clients are not able to pass the authentication the error log on ACS is

    Authentication failed: EAP-TLS handshake failed SSL/TLS handshake because of an unknown CA in the client certification chain.

    I have installed certificates on the WLC and ACS, however authentication is unsuccessful.

    Can anybody help regarding this issue.

    DB:2.57:Eap-Tls Error .........Failed Ssl/Tls Handshake Because Of An Unknown Ca In Client Certificate Chain ds


    Here are the details about LSC:

    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110141-loc-sig-cert.html

    Third Party Certificate:

    http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

    Yes thats rights, you dont see under LSC.It will work.

    Regards

    Dont forget to rate helpful posts

  • RELEVANCY SCORE 2.57

    DB:2.57:How To Enable Verbose Login? 13





    Im having issues where my guest OS (Mac OS X Server) is failing to boot up. It fails very early. Im trying to get some diagnostic info. What is the method for enabling verbose booting on guest OS? Im running Parallels Server for Mac 3.x

    DB:2.57:How To Enable Verbose Login? 13




    http://osxdaily.com/2007/03/25/always-boot-mac-os-x-in-verbose-mode/

    To turn on Verbose booting, at the Terminal type the following:
    sudo nvram boot-args=-v

    I know that doesnt help this time since you cant boot but you might want to do this for all future Mac VMs.

  • RELEVANCY SCORE 2.57

    DB:2.57:Plesk+Qmail, Tls Fallback 37





    Hello all,

    is there any possibility to implement an non-TLS fallback for qmail if sending emails via SMTP+TLS fails?

    On Centos 6.5, after running the latest openssl-update we get errors in /usr/local/psa/var/log/maillog when sending emails via TLS to some servers:

    Code:

    DB:2.57:Plesk+Qmail, Tls Fallback 37




    Thanks!! I will try Immediately.. Realy THANKS!

  • RELEVANCY SCORE 2.57

    DB:2.57:Failed Auto Update On Asa-Ssm-20 The Host Is Not Trusted. Add The Host To The Systems Trusted Tls Certificates. a3



    Failed auto update on ASA-SSM-20 The host is not trusted. Add the host to the system's trusted TLS certificates.

     

      errorMessage: WebSession::sessionTask TLS connection exception: handshake incomplete.

    Messages, like this one, in the category - TLS connection failure - were logged 1464 times in the last 21461 seconds.  name=errTransport  

  • RELEVANCY SCORE 2.57

    DB:2.57:Oc(Tls) -- Ocs (Tls) -- Mediation Server (Tls)-- Asterisk(Tls) --Eyebeam (Tls) == Not Working..! 77


     
    Hi All,
     
    I just tried to integrate Mediation Server with Asterisk to connect from OC to SIP/Analog phones and vice versa.
     
    With TCP as transport, the below topology is working fine.
     
    OC 2007 (TCP) -- OCS 2007 (TCP) -- Mediation Server (TCP)-- Asterisk(TCP) --Eyebeam (TCP)
     
    But facing few certificate problems, when I tried with TLS.
     
    Created Self Signed SSL Server Client Certificates and used Server Certs at Asterisk Client Certs at two Eyebeam clients. All the SIP calls worked perfectly between the Eyebeam clients thru Asterisk.
     
    Then, I tried with the below topology to connect Mediation Server with Asterisk. TLS handshake is failing between the Mediation Server Asterisk and getting an exception SSL routinesSL23_GET_CLIENT_HELLO:unknown protocol.
     
    OC 2007 (TLS) -- OCS 2007 (TLS) -- Mediation Server (TLS)----X----- Asterisk v1.6 (TLS) --Eyebeam (TLS)
     
     
    How the Certificates will be generated and used between the Mediation Server Asterisk for successful TLS handshake?
     
    Could anybody please help me out in resolving this issue?
     
    Would appreciate your efforts.
     
    Thanks,
    Rajendra
     

    DB:2.57:Oc(Tls) -- Ocs (Tls) -- Mediation Server (Tls)-- Asterisk(Tls) --Eyebeam (Tls) == Not Working..! 77

    This forum is for Speech Server issues. You will probably get better results in the OCS forum - http://forums.microsoft.com/unifiedcommunications/ShowForum.aspx?ForumID=1455SiteID=57
     

  • RELEVANCY SCORE 2.57

    DB:2.57:Peap Authentication Failed During Ssl Handshake f3



    I'm getting the error message "EAP-TLS or PEAP authentication failed during SSL handshake" whille trying to authenticate using PEAP with Win2k ACS 3.2.1. I am sure it's a certificate issue. if anybody out there could clue me in on how they got their certificate installed I'd appreciate it... I've tried a couple different instructions on Cisco's site (and others) and have had no luck.

    Thanks,

    Ben

    DB:2.57:Peap Authentication Failed During Ssl Handshake f3


    Hi Ben!

    I`ve had the same problem until i did the following (starting from the begining):

    1. Installed w2k (Standalone server) with SP4 (ONLY, no other patches).

    2. Install CS v.3.2

    3. Install the MS CA server (sharing a folder, CAConfig)

    4. Install the initial (CA) certificate on the ACS (NOT in the "CA Authority...", only "Install a certificate").

    5. Restart - after restart "Edit certificate... - mark your MS CA server.

    6. Mark EAP-TLS and EAP-GTC - restart

    7. From the client PC - go the webpage of your CA server - choose "Request.., then Advanced Request - in the name field WRITE the User (logon name) name of the user requesting the certificate, choose "Client Authentication", mark "Keys as Exportible", mark "Use local Machine Store" - click submit

    8. Issue the client certificate from the CA server.

    9. Go to the CA webpage (from the client PC), and install the certificate.

    10. From the client PC, choose "Run" write "mmc /c.

    11. Choose "Action", and the "Install Snap-in" - choose "Client certificate" - check to se if everything is correct.

    12. Configure the 802.1X settings - choose PEAP, and "Keys are provided.." click next (or advanced, don`t remember. I`m not in my office when I`m writing this), from the pulldown list, choose your CA.

    13. On that page choose your "Windows login.." password.

    By doing like this, i made work...but i prefer LEAP.

    4.

  • RELEVANCY SCORE 2.57

    DB:2.57:Unifi - Controller Fails To Start Up When Opened Mac Os X 10.9 Mavericks kz



    When I try to start the UniFi controller version 2.4.5 or 3.1.6-beta I get

    Initializing UniFi Controller ...Starting UniFi Controller ...Server taking too long to start...Start-up failed.

    on OSX 10.9 Mavericks.

    They both work on 10.8.5 just fine. Any suggestions?

    DB:2.57:Unifi - Controller Fails To Start Up When Opened Mac Os X 10.9 Mavericks kz


    The discovery tool does run, just never shows any devices unlike when ran on 10.8.5.

    I do agree with Planet-WiFi's responce and will get the unix version running shortly. Thanks for the help.

    I would do this check:

    - use wireshark to be 100% sure that you see discovery packets

    - check MAC OSX firewall configuration of UniFi Controller

    if you cannot solve it this way, use an alternative solution...

  • RELEVANCY SCORE 2.57

    DB:2.57:Ssl Two-Way Client Authentication Without Weblogic Classes? a1



    Hi!

    Client is running as a JSP. Its sole purpose is checking the availability
    of the (secure) URL on the server:
    %
    URL url = new URL(urlString);
    HttpURLConnection con = (HttpURLConnection)url.openConnection();
    %contacting %= urlString %br
    %= con.getResponseCode() + ": " + con.getResponseMessage() %
    %
    con.disconnect();
    %

    I don't want to use the proprietary weblogic classes, because I want this
    JSP to be generic for all platforms. One-way authentication works though!

    I'm using WL 8.1 SP1 on both clients and server.
    I have set up a two-way authentication using the following procedure.

    Server:
    1. configured Custom Identity Custom Trust in the admin console
    identity keystore: server-keys
    trust keystore: server-trust

    In the Keystores SSL tab I selected Two Way Client Cert Behavior as
    "Client certs are required and enforced"

    2. keytool -keystore server-keys -genkey -alias server -keysize 512
    Note: Development license support only low-grade encryption and
    requires 512-bit key size.
    CN field is set to the DNS name of the server, eg. server.name.com.
    3. keytool -keystore server-keys -export -alias server -file server.crt

    Client:
    The same steps as server, replace 'server' with 'client'.
    Then
    4. keytool -keystore client-trust -trustcacerts -import -alias ca_server
    -file server.crt

    And then on the server:
    keytool -keystore server-trust -trustcacerts -import -alias ca_client -file
    client.crt

    Machines reboot.
    After running the client, the code does not work, I get a HANDSHAKE ERROR
    on the client:
    ---
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE
    alert received from client.name.com - 111.111.111.111. Check both sides of
    the SSL configuration for mismatches in supported ciphers, supported
    protocol versions, trusted CAs, and hostname verification settings.
    ---

    I have enabled SSL debugging on the server and it says:
    ----
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Filtering JSSE
    SSLSocket
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.addContext(ctx): 23386952
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 SSLSocket will be
    Muxing
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.findContext(is): 7898079
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 isMuxerActivated:
    false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 readRecord()
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL
    Version 2 with no padding
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL3/TLS MAC
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 received
    SSL_20_RECORD
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 HANDSHAKEMESSAGE:
    ClientHelloV2
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 58
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 475
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Converting
    principal: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 128
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE
    offset = 0 length = 4
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 isMuxerActivated:
    false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 readRecord()
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL3/TLS MAC
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 received
    HANDSHAKE
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 HANDSHAKEMESSAGE:
    Certificate
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 validationCallback:
    validateErr = 16
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Required peer
    certificates not supplied by peer
    Sep 12, 2003 11:40:54 AM MEST Warning Security BEA-090508
    Certificate chain received from client.name.com - 111.111.111.111 was
    incomplete.
    Sep 12, 2003 11:40:54 AM MEST Warning Security BEA-090477
    Certificate chain received from client.name.com - 111.111.111.111 was not
    trusted causing SSL handshake failure.
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Validation error = 20
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Certificate chain
    is incomplete
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Certificate chain
    is untrusted
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 User defined JSSE
    trustmanagers not allowed to override
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 SSLTrustValidator
    returns: 84
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Trust failure (84):
    CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 NEW ALERT:
    com.certicom.tls.record.alert.Alert@81ad8f Severity: 2 Type: 40
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at
    com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at
    com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
    Source)
    at
    weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write ALERT offset
    = 0 length = 2
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 close(): 14411981
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.removeContext(ctx): 23386952
    ----

    I suspect something is missing in the client certificate, leading to server
    not trusting it. But the server loaded trust keystore successfully:

    --
    Sep 12, 2003 11:38:45 AM MEST Notice Security BEA-090169 Loading
    trusted certificates from the jks keystore file /path/to/client-trust.
    Sep 12, 2003 11:38:45 AM MEST Debug TLS 000000 Trusted CA: [
    [
    Version: V1
    Subject: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffe56
    Validity: [From: Thu Sep 11 22:28:35 MEST 2003,
    To: Wed Dec 10 21:28:35 MET 2003]
    Issuer: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    SerialNumber: [ 3f60daf3]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 24 BB BE D3 C4 F7 BB B5 C5 E0 43 F0 B6 AD AD 5C $.........C....\
    0010: 2D 92 CD 85 9F 9A A1 E1 2E A9 A6 CE CB A7 7C B2 -...............
    0020: 63 18 84 B0 70 59 ED A5 43 79 EE 9D 70 34 D9 FF c...pY..Cy..p4..
    0030: B0 43 FA 42 05 33 DE 27 E1 96 91 2C 38 1D C1 A3 .C.B.3.'...,8...

    ]
    Sep 12, 2003 11:38:45 AM MEST Debug TLS 000000 SSLManager: loaded
    1 trusted CAs from /path/to/client-trust
    --

    What am I doing wrong??

    Help strongly appreciated!

    Primoz

    DB:2.57:Ssl Two-Way Client Authentication Without Weblogic Classes? a1


    You could try using JSSE. This is not supported but might work in your case.
    Certicom SSL implementation used by WLS has own implementations for some of the
    JSSE classes. So, adding jsse.jar in front of weblogic classes in the classpath
    in some cases can break Certicom, adding it at the end might break Sun's implementation.

    Pavel.

    Primoz Hrvatin primozh@marand.si wrote:
    Is it possible to do that without using weblogic classes
    (weblogic.net.http.HttpsURLConnection)? I want to have as modular
    configuration of the client as possible.

    Primoz

    PavelS wrote:

    The server complains because the client did not send its identity certificate.
    You'll need to modify client's code to set its identity.

    Pavel.

    Primoz Hrvatin primozh@marand.si wrote:

    Hi!

    Client is running as a JSP. Its sole purpose is checking the availability

    of the (secure) URL on the server:
    %
    URL url = new URL(urlString);
    HttpURLConnection con = (HttpURLConnection)url.openConnection();
    %contacting %= urlString %br
    %= con.getResponseCode() + ": " + con.getResponseMessage() %
    %
    con.disconnect();
    %

    I don't want to use the proprietary weblogic classes, because I want
    this
    JSP to be generic for all platforms. One-way authentication works though!

    I'm using WL 8.1 SP1 on both clients and server.
    I have set up a two-way authentication using the following procedure.

    Server:
    1. configured Custom Identity Custom Trust in the admin console
    identity keystore: server-keys
    trust keystore: server-trust

    In the Keystores SSL tab I selected Two Way Client Cert Behavioras
    "Client certs are required and enforced"

    2. keytool -keystore server-keys -genkey -alias server -keysize 512
    Note: Development license support only low-grade encryption andrequires 512-bit key size.
    CN field is set to the DNS name of the server, eg. server.name.com.
    3. keytool -keystore server-keys -export -alias server -file server.crt

    Client:
    The same steps as server, replace 'server' with 'client'.
    Then
    4. keytool -keystore client-trust -trustcacerts -import -alias ca_server

    -file server.crt

    And then on the server:
    keytool -keystore server-trust -trustcacerts -import -alias ca_client
    -file
    client.crt

    Machines reboot.
    After running the client, the code does not work, I get a HANDSHAKEERROR
    on the client:
    ---
    javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE

    alert received from client.name.com - 111.111.111.111. Check both sides
    of
    the SSL configuration for mismatches in supported ciphers, supported

    protocol versions, trusted CAs, and hostname verification settings.
    ---

    I have enabled SSL debugging on the server and it says:
    ----
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Filtering JSSE

    SSLSocket
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.addContext(ctx): 23386952
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 SSLSocket will
    be
    Muxing
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.findContext(is): 7898079
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 isMuxerActivated:

    false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 readRecord()
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL

    Version 2 with no padding
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL3/TLS
    MAC
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 received

    SSL_20_RECORD
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 HANDSHAKEMESSAGE:

    ClientHelloV2
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE

    offset = 0 length = 58
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE

    offset = 0 length = 475
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Convertingprincipal: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE

    offset = 0 length = 128
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write HANDSHAKE

    offset = 0 length = 4
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 isMuxerActivated:

    false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLFilter.isActivated: false
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 readRecord()
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 SSL3/TLS
    MAC
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 14411981 received

    HANDSHAKE
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 HANDSHAKEMESSAGE:

    Certificate
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 validationCallback:

    validateErr = 16
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Required peer

    certificates not supplied by peer
    Sep 12, 2003 11:40:54 AM MEST Warning Security BEA-090508
    Certificate chain received from client.name.com - 111.111.111.111was
    incomplete.
    Sep 12, 2003 11:40:54 AM MEST Warning Security BEA-090477
    Certificate chain received from client.name.com - 111.111.111.111was
    not
    trusted causing SSL handshake failure.
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Validationerror
    = 20
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Certificatechain
    is incomplete
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Certificatechain
    is untrusted
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 User defined
    JSSE
    trustmanagers not allowed to override
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 SSLTrustValidator

    returns: 84
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 Trust failure
    (84):
    CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 NEW ALERT:com.certicom.tls.record.alert.Alert@81ad8f Severity: 2 Type: 40
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown

    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown

    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown

    Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown

    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown

    Source)
    at
    com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown

    Source)
    at
    weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 write ALERToffset
    = 0 length = 2
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000 close(): 14411981
    Sep 12, 2003 11:40:54 AM MEST Debug TLS 000000
    SSLIOContextTable.removeContext(ctx): 23386952
    ----

    I suspect something is missing in the client certificate, leading to
    server
    not trusting it. But the server loaded trust keystore successfully:

    --
    Sep 12, 2003 11:38:45 AM MEST Notice Security BEA-090169 Loading

    trusted certificates from the jks keystore file /path/to/client-trust.
    Sep 12, 2003 11:38:45 AM MEST Debug TLS 000000 Trusted CA:[
    Version: V1
    Subject: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffe56
    Validity: [From: Thu Sep 11 22:28:35 MEST 2003,
    To: Wed Dec 10 21:28:35 MET 2003]
    Issuer: CN=client.name.com, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xx
    SerialNumber: [ 3f60daf3]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 24 BB BE D3 C4 F7 BB B5 C5 E0 43 F0 B6 AD AD 5C $.........C....\
    0010: 2D 92 CD 85 9F 9A A1 E1 2E A9 A6 CE CB A7 7C B2 -...............
    0020: 63 18 84 B0 70 59 ED A5 43 79 EE 9D 70 34 D9 FF c...pY..Cy..p4..
    0030: B0 43 FA 42 05 33 DE 27 E1 96 91 2C 38 1D C1 A3 .C.B.3.'...,8...

    ]
    Sep 12, 2003 11:38:45 AM MEST Debug TLS 000000 SSLManager:loaded
    1 trusted CAs from /path/to/client-trust
    --

    What am I doing wrong??

    Help strongly appreciated!

    Primoz

  • RELEVANCY SCORE 2.57

    DB:2.57:Can I Install Os X 10.6 On A Usb Drive After The Mac Hd Dies? 3a


    I don't have a bootable backup HD for my Mac, nor a complete backup copy of my HD.So, if the Mac hard drive suddenly fails one day, would I be able to still turn on the Mac, plug in a USB drive, insert the OS install CD, and install the OS on the USB to use the Mac???

    DB:2.57:Can I Install Os X 10.6 On A Usb Drive After The Mac Hd Dies? 3a

    Ok, thanks Can the USB be one of those cheap small flash drives (16GB or so)?

  • RELEVANCY SCORE 2.56

    DB:2.56:Bad Record Mac cz


    Hello,
    Im getting the exception below in an SSL client server application, NIO unblocking. It happens after the handshake seems completed ok.
    but only happens about 1 time in 15 that I open the client.
    Ive tried setting the protocol to TLS and SSLv3 in SSLContext. but makes no difference.I think.

    Any ideas on what causes this to happen?
    TIA
    p butler

    javax.net.ssl.SSLException: bad record MAC
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:878)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:782)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
    at MyServer.readPackets(MyServer.java:1822)

    DB:2.56:Bad Record Mac cz

    Hello,
    Im getting the exception below in an SSL client server application, NIO unblocking. It happens after the handshake seems completed ok.
    but only happens about 1 time in 15 that I open the client.
    Ive tried setting the protocol to TLS and SSLv3 in SSLContext. but makes no difference.I think.

    Any ideas on what causes this to happen?
    TIA
    p butler

    javax.net.ssl.SSLException: bad record MAC
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1320)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:878)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:782)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
    at MyServer.readPackets(MyServer.java:1822)

  • RELEVANCY SCORE 2.56

    DB:2.56:More Detailed Log To Track Email Delivery Problem? j9


    Hello!

    I am trying to troubleshoot an email delivery problem. Since last weekend we are not able to send email to AOL.com. All emails to that domain get stuck in the queue with the error: "Conversation with mailin-04.mx.aol.com [64.12.138.89] timed out while receiving the initial SMTP greeting." The mail server name and IP address change depending on the message and what server it is trying to hit. I am able to connect to any number of aol's email servers via telnet, go through the negotiation and send mail. I have not been able to identify any DNS problems. It all looks good. I have not made any changes that I can think of to affect email.

    So my question is, is there a way to see a more detailed log of the SMTP negotiation? I want to see the actual handshake, so I can see where it is failing. I have contacted AOL about this. They are less than responsive. I have the log level set to Debug on my mail server. But it does not provide the level of detail I am looking for. I used to work on Exchange, and was able to see the fine grained SMTP handshake with logging set to Maximum. Is there anything in OS X that will show me such detail?

    Any help is appreciated!

    Mac Book Pro Mac OS X (10.4.7)

    Mac Book Pro Mac OS X (10.4.7)

  • RELEVANCY SCORE 2.56

    DB:2.56:7925g Eap-Fast Fails 79



    Everything works great with a Lenovo T61 laptop running EAP-FAST using the IBM Access Connections client.

    However a new out of box 7925G SCCP 1.3(4) phone shows "! connection failed" onscreen with WLC 4.0.217.0

    Here is what the RADIUS log on Cisco Secure ACS shows

    11001  Received RADIUS Access-Request

    11017  RADIUS created a new session

    Evaluating Service Selection Policy

    15004  Matched rule

    15012  Selected Access Service - 7925s

    11507  Extracted EAP-Response/Identity

    12100  Prepared EAP-Request proposing EAP-FAST with challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12102  Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated 12800  Extracted first TLS record; TLS handshake started.

    12805  Extracted TLS ClientHello message.

    12806  Prepared TLS ServerHello message.

    12808  Prepared TLS ServerKeyExchange message.

    12810  Prepared TLS ServerDone message.

    12105  Prepared EAP-Request with another EAP-FAST challenge

    11006  Returned RADIUS Access-Challenge

    5411  EAP session timed out

    DB:2.56:7925g Eap-Fast Fails 79


    Everything works great with a Lenovo T61 laptop running EAP-FAST using the IBM Access Connections client.

    However a new out of box 7925G SCCP 1.3(4) phone shows "! connection failed" onscreen with WLC 4.0.217.0

    Here is what the RADIUS log on Cisco Secure ACS shows

    11001  Received RADIUS Access-Request

    11017  RADIUS created a new session

    Evaluating Service Selection Policy

    15004  Matched rule

    15012  Selected Access Service - 7925s

    11507  Extracted EAP-Response/Identity

    12100  Prepared EAP-Request proposing EAP-FAST with challenge

    11006  Returned RADIUS Access-Challenge

    11001  Received RADIUS Access-Request

    11018  RADIUS is re-using an existing session

    12102  Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated 12800  Extracted first TLS record; TLS handshake started.

    12805  Extracted TLS ClientHello message.

    12806  Prepared TLS ServerHello message.

    12808  Prepared TLS ServerKeyExchange message.

    12810  Prepared TLS ServerDone message.

    12105  Prepared EAP-Request with another EAP-FAST challenge

    11006  Returned RADIUS Access-Challenge

    5411  EAP session timed out

  • RELEVANCY SCORE 2.56

    DB:2.56:Android Rejecting Ises Publicly-Signed Certificate? jj



    We have recently deployed a VeriSign certificate on ISE for both HTTPS and EAP, it uses a corporate CA to generate and push out user certs. It seems to work on all devices but Android.

    The Android device successfully completes onboarding process, but when it tries to connect using EAP-TLS, it fails and the following error shows on the ISE:

    "Authentication failed: 12520 EAP-TLS filed SSL/TLS handshake because the client rejectd the ISE local-certificate"

    It has been verified that VeriSign's root certificate has been pushed out and installed on the Android devices. I can't understand why would the client not trust validate the VeriSign certificate.

    Has anyone seen this before? Does the client need a corporate root certificate chain to trust the user certificate it has been privisoned with? Could that be the problem?

    The ISE is running v1.1.3 patch 1

  • RELEVANCY SCORE 2.55

    DB:2.55:Connectivity Issues With Ap-205 On 5ghz And Eap x3



    Hi,

    I’m experiencing weird issues with 802.1x/EAP-TLS authentication and AP205 running AOS 6.4.2.3 (620 and 7010 controllers) on newer set of machines with W8.1. This only occurs when on the 5 Ghz band, 2.4 Ghz works just fine on all devices. Other tested units such as older machines on 802.11a, Android devices on 4.2.2 and 4.4.3 and iPhone works just fine with AP205. It seems like the TLS handshake doesn’t properly finish according to the FreeRADIUS logs, and debugging Aruba controller gives me a reponse of 6, which would mean there’s something about the (lacking) challenge response. The strange thing is that it works just fine with all the other tested Campus AP’s (105, 125) and RAP’s (RAP3, RAP109) with the same set of configuration (AP Group). I have tried terminating the AP’s on both master and local controller with the same behavior.As a result of the failure in connecting the client’s wlan NIC seems to crash and it stops listing available SSIDs. Disabling/enabling or rebooting gets the NIC operational, but crashes everytime client attempts to reconnect to the AP-205 in question.

    Briefly described;• Same issues when running AOS 6.4.2.2 and 6.4.2.3• Older machine with EAP-TLS and Android/iOS with EAP-TLS/EAP-PEAP works fine with all APs/RAPs• New machine with EAP-TLS/EAP-PEAP does not work on AP-205 on 5 Ghz band, though working fine on 2.4 Ghz and both bands on other tested CAP/RAPs.• Connecting to PSK based SSIDs works just fine regardless of device, OS or frequency band.• auth-tracebuf gives me dot1x-timeout and controller output value 6.• client trail-info gives me "APAE Disconnect"

    Excerpt from FreeRADIUS;

    [eap] EAP/tls[eap] processing type tls[tls] Authenticate[tls] processing EAP-TLS[tls] eaptls_verify returned 7[tls] Done initial handshake[tls] (other): before/accept initialization[tls] TLS_accept: before/accept initialization[tls] TLS 1.0 Handshake [length 00c1], ClientHello[tls] TLS_accept: SSLv3 read client hello A[tls] TLS 1.0 Handshake [length 0031], ServerHello[tls] TLS_accept: SSLv3 write server hello A[tls] TLS 1.0 Handshake [length 0953], Certificate[tls] TLS_accept: SSLv3 write certificate A[tls] TLS 1.0 Handshake [length 030d], ServerKeyExchange[tls] TLS_accept: SSLv3 write key exchange A[tls] TLS 1.0 Handshake [length 0095], CertificateRequest[tls] TLS_accept: SSLv3 write certificate request A[tls] TLS_accept: SSLv3 flush data[tls] TLS_accept: Need to read more datacolon; SSLv3 read client certificate A..Sending Access-Challenge of id 162 to 192.168.5.9 port 32860Aruba-User-Role = "authenticated"EAP-Message = 0x010200060d20Message-Authenticator = 0x00000000000000000000000000000000State = 0x6bbc95f76bbe987fdf1d2f664c8f5cc2..WARNING: !! EAP session for state 0x5d2bf7975d29fa8d did not finish!

    .. This would indicate the lack of response from the client.

    auth-tracebuf Aruba controller;

    Jan 2 20:22:59 eap-req - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 5 1024Jan 2 20:23:04 eap-req - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 5 1024Jan 2 20:23:09 eap-req - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 5 1024Jan 2 20:23:14 eap-req - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 5 1024Jan 2 20:23:19 dot1x-timeout * 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 5 3 server timeoutJan 2 20:23:19 dot1x-timeout * 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 6 2 station timeoutJan 2 20:23:19 eap-id-req - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 6 5Jan 2 20:23:24 rad-acct-stop - 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 - -Jan 2 20:23:24 dot1x-timeout * 7c:7a:91:c4:b4:27 ac:a3:1e:c2:d4:70 6 1 station timeout

    I have a TAC open on this issue, but I thought there might've been others out there with the same problems.

    Any ideas?







    Solved!
    Go to Solution.

    DB:2.55:Connectivity Issues With Ap-205 On 5ghz And Eap x3


    You can enable 802.11k with the Intel 7260, but make sure you have "Advertise Quiet IE" disabled in the related rrm-ie-profile.

    Quiet IE will cause the 7260 to not connect on 5GHz anymore.




    ACMX#255 | ACMP | ACCP | AWMPwww.securelink.nl

  • RELEVANCY SCORE 2.55

    DB:2.55:Certificate_Unknown 3p


    My project requirement is like this:

    1.It contains 3 war files which are deployed on different servers.(Weblogic8.1sp3 and jdk1.4).

    2.First application has to forward the request to second application and second one will forward the request to third one.U ser can see the third application's home page.

    Here user can see only the first application's URL while submitting the request and the third application's URL only and not second application's URL. (Because in the background second application will forward the request to third).

    3.I have used Apache's HttpClient and PostMethod to forward the request to second application.

    4.Application wokrs fine with HTTP but with HTTPS i am facing some problem. Please take a look at the following stack trace.Jul 3, 2007 9:45:01 AM IST Debug TLS 000000 16515784 Rethrowing InterruptedIOException
    JDK Protocol Handlers and Security Providers:
    java.protocol.handler.pkgs - weblogic.utils|weblogic.utils|weblogic.net
    provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    provider[1] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    provider[2] - SunRsaSign - SUN's provider for RSA signatures
    provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    provider[4] - SunJGSS - Sun (Kerberos v5)

    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 Filtering JSSE SSLSocket
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 31253613
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLSocket will be Muxing
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLIOContextTable.findContext(is): 18407750
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLFilter.isActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 isMuxerActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLFilter.isActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 readRecord()
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 SSL Version 2 with no padding
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 SSL3/TLS MAC
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 received SSL_20_RECORD
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 write HANDSHAKE offset = 0 length = 58
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 write HANDSHAKE offset = 0 length = 503
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 write HANDSHAKE offset = 0 length = 4
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLFilter.isActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 isMuxerActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLFilter.isActivated: false
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 readRecord()
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 SSL3/TLS MAC
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 31665366 received ALERT
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 NEW ALERT: com.certicom.tls.record.alert.Alert@30fb71 Severity: 2 Type: 46
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:522)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    sun.security.validator.ValidatorException: No trusted certificate found
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 write APPLICATION_DATA offset = 0 length = 145
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@30fb71
    Jul 3, 2007 9:45:17 AM IST Warning Security BEA-090485 CERTIFICATE_UNKNOWN alert was received from localhost - 127.0.0.1. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 close(): 31665366
    Jul 3, 2007 9:45:17 AM IST Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 31253613

    I have deplyed all 3 wars in my local machine for testing.

    If any body helps in this it will be great.

    Thanks in advance.

    DB:2.55:Certificate_Unknown 3p

    I don't know if he got it, but I certainly gave it.

  • RELEVANCY SCORE 2.55

    DB:2.55:How To Get Tls Certificate For Mail In Os X 10.9 8d


    Hello,I have a problem with Mail because I don't have installed TLS certificate on Mail.Do You know How can I get it?

    DB:2.55:How To Get Tls Certificate For Mail In Os X 10.9 8d

    My mail provider is wirtualna polska. Problem is with IMAP. I can' receive and send emails. Mail cannot connect to the server.But i heard that the email provider has problem and it isn't Mail 7.0 fault- I'll be waiting for provider response

  • RELEVANCY SCORE 2.55

    DB:2.55:Stackframe.Getiloffset() Fails On Mac Os X d3


    Silverlight 2, beta 1:

    I'm trying to produce detailed stack traces to send runtime crash reports to my server, but the code does not work when tested on Mac OS X.

    Here's the problem...

    Having created a StackTrace, the GetILOffset() method on System.Diagnostics.StackFrame always fails and returns OFFSET_UNKNOWN (0xffffffff) on Mac OS X. However GetNativeOffset() works, and on Windows, both methods work.

    There should be no difference between the Mac and Windows functionality, right? Platform-specific code in Silverlight would be a real bummer.

    Cheers, John

    DB:2.55:Stackframe.Getiloffset() Fails On Mac Os X d3

    Found this information on MSDN for System.Diagnostics.DebuggingModes:
    http://msdn2.microsoft.com/en-us/library/system.diagnostics.debuggableattribute.debuggingmodes(VS.95).aspx
    In the .NET Framework for Silverlight, just-in-time (JIT) tracking information is always generated. This flag has the same effect as
    Default, except that the IsJITTrackingEnabled
    property is never false, because that setting has no meaning in the .NET Framework for Silverlight.
    Looks like it should be there?

  • RELEVANCY SCORE 2.55

    DB:2.55:Installing Spotify Fails kp



    Installing Spotify fails using the Spotify Installer.

    It's the downloading part that fails, after a while it times out and redirects tohttps://www.spotify.com/se/redirect/install-failed​/ where another "Spotify Installer" is download.

    This has been going on for a couple of days. Is there any other way to install Spotify?

    Mac OS X 10.10.1

    DB:2.55:Installing Spotify Fails kp


    Mine used to work fine, until last weekend. It's always offline and I assumed it was just my phone (mobile hotspot) slow connection. I'm now at work and the wifi is fast, but it's still offline. So I deleted and was trying to reinstall. Download failed, repeatedly.

  • RELEVANCY SCORE 2.55

    DB:2.55:Tls kj


    Introduction:
    Transport Layer Security (TLS).

    TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption problems related to TLS.

    TLS Handshake:

    The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. When a server and client communicate, TLS protocol ensures that no third party may eavesdrop, tamper with any message, and message forgery. A TLS message may span multiple TLS records.

    RFCs:
    RFC2246 TLS 1.0 - (formerly known as Secure Socket Layer - SSL)

    RFC4346 TLS 1.1

    DB:2.55:Tls kj

    Introduction:
    Transport Layer Security (TLS).

    TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption problems related to TLS.

    TLS Handshake:

    The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. When a server and client communicate, TLS protocol ensures that no third party may eavesdrop, tamper with any message, and message forgery. A TLS message may span multiple TLS records.

    RFCs:
    RFC2246 TLS 1.0 - (formerly known as Secure Socket Layer - SSL)

    RFC4346 TLS 1.1

  • RELEVANCY SCORE 2.55

    DB:2.55:Mac Os X, Fp 9 - Localconnection Fails xp


    After installing Flash Player 9.0.28.0 on an Intel Mac with
    Mac OS X 10.4.9 LocalConnection between to instances on same domain
    doesn't seem to work.

    al

    DB:2.55:Mac Os X, Fp 9 - Localconnection Fails xp

    After installing Flash Player 9.0.28.0 on an Intel Mac with
    Mac OS X 10.4.9 LocalConnection between to instances on same domain
    doesn't seem to work.

    al

  • RELEVANCY SCORE 2.55

    DB:2.55:Adobe Application Manager Fails To Install sc



    I'm trying to install Adobe Application Manager for the Creative Cloud on my Mac running OS X 10.7.4.

    Fails every time I try.

    What's the problem?

    DB:2.55:Adobe Application Manager Fails To Install sc


    Finally, solved the problem, but it require foour trip to the Apple Genius Bar. The geniuses seemed to enjoy the challenge. As best I can summarize they appear to have removed all evidence of AAM. Then repaired ACL permissions and followed the steps in message #33. They were able to avoid creating a new administrator. They then re-iinstalled AAM.

    For anyone else facing this problem, you should avoid trying to resolve it yourself unless you are comfortable operating in terminal mode. Also, be sure to run Time Machine before taking your machine to Apple. Without a full backup, you risk loosing all your data.

  • RELEVANCY SCORE 2.55

    DB:2.55:Can Not Connect To Sql Server On Port 1433 11


    guys ,I'm using oracle sql developer on mac os x and I'm trying to connect to sql server on port 1433 but it always fails...any ideas ?

    DB:2.55:Can Not Connect To Sql Server On Port 1433 11

    While this is probably no longer helpful to the original poster, it was still an issue for me and I believe I have found the answer.

    Using SQL Developer for Mac OS X to connect to MS SQL databases that require Windows Authentication using the jTDS driver, for some reason checking the "Use Windows Authentication" doesn't work. When I checked the logs on my sql server it was complaining that the login was using an NT account with SQL Authentication. The Use Windows Authentication was checked and all other settings were correct.

    I decided to poke around and find out what connection string was being used. If you look in ~/sqldeveloper/system3.0.04.34/o.jdeveloper.db.connection.11.1.1.4.37.59.31/connections.xml (There may be some variations in the path based on version of sql developer you are using) you can find an object called StringRefAddr addrType="customURL" The contents of which will look something like "jdbc:jtds:sqlserver://[server]:[port]/[database]". This is the connection string. If you add on to the end of it ";domain=[domain]" so that the whole string looks like the following then windows authentication works

    jdbc:jtds:sqlserver://[server]:[port]/[database];domain=[domain]

    This is because, the JTDS driver will use sql authentication if that domain is not set and presumably sql developer isn't doing that. I'm not sure if the problem is with the jTDS or sql developer, but once I made the change, I was able to login just fine. Hope this helps.

    Edited by: 909163 on Jan 19, 2012 11:01 AM

  • RELEVANCY SCORE 2.54

    DB:2.54:Installation Fails On Mac 10.4.10 a8


    Apple distributed a software update to OS 10.4.10 a few days ago. When I try to install Silverlight on the new OS X 10.4.10, I get a message that Silverlight requires OS X 10.4.8 or higher. The installer doesn't recognize OS X 10.4.10 as being higher than
    10.4.8.

    DB:2.54:Installation Fails On Mac 10.4.10 a8

    great, please be sure to mark the post as answered :-)

  • RELEVANCY SCORE 2.54

    DB:2.54:Ssl Handshake Fails c1


    Hi there! I'm trying to access a remote webservice with 2 way ssl from within wls 8.1 sp4
    In my tests where I use standard jsse techniques it works alright, as soon as I deploy to wls I get the following exception:

    10.12.2007 16.39 Uhr CET Debug TLS 000000 SSLManager: loaded 2 trusted CAs from C:\Java\bea_sp4\jdk142_05\jre\lib\security\cacerts
    10.12.2007 16.39 Uhr CET Debug TLS 000000 clientInfo settings applied
    10.12.2007 16.39 Uhr CET Debug TLS 000000 write SSL_20_RECORD
    10.12.2007 16.39 Uhr CET Debug TLS 000000 15308354 SSL3/TLS MAC
    10.12.2007 16.39 Uhr CET Debug TLS 000000 15308354 received HANDSHAKE
    10.12.2007 16.39 Uhr CET Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    10.12.2007 16.39 Uhr CET Debug TLS 000000 15308354 SSL3/TLS MAC
    10.12.2007 16.39 Uhr CET Debug TLS 000000 15308354 received HANDSHAKE
    10.12.2007 16.39 Uhr CET Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    10.12.2007 16.39 Uhr CET Debug TLS 000000 The certificate chain received from unknown contained a V3 CA certificate which didn't indicate it really is a CA
    10.12.2007 16.39 Uhr CET Warning Security BEA-090549 The certificate chain received from unknown contained a V3 CA certificate which did not indicate it really is a CA.
    10.12.2007 16.39 Uhr CET Debug TLS 000000 Exception during handshake, stack trace follows
    java.lang.NullPointerException
    at weblogic.security.utils.SSLSetup.logCertificateChainNotACaConstraintsFailure(SSLSetup.java:648)

    My code looks like this:

    SSLAdapterFactory factory = SSLAdapterFactory.getDefaultFactory();
    WLSSLAdapter adapter = (WLSSLAdapter) factory.getSSLAdapter();
    FileInputStream clientCredentialFile = new FileInputStream("P:/ssl/xxxxx0.pem");
    adapter.setTrustedCertificatesFile("P:/ssl/xxxx1.pem");
    String pwd = "changeit";
    adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
    adapter.setVerbose(true);
    adapter.setStrictChecking(false);
    factory.setDefaultAdapter(adapter);
    factory.setUseDefaultAdapter(true);
    System.setProperty("javax.net.debug", "all");
    String proxyHost = "prx0009.xxxx.ch";
    adapter.setProxy(proxyHost, 80);
    Properties systemSettings = System.getProperties();
    systemSettings.put("http.proxyHost", proxyHost);
    systemSettings.put("http.proxyPort", "80");
    systemSettings.put("https.proxyHost", proxyHost);
    systemSettings.put("weblogic.webservice.transport.https.proxy.host", proxyHost);
    systemSettings.put("weblogic.security.SSL.verbose", "true");
    systemSettings.put("https.proxyPort", "80");
    systemSettings.put("weblogic.webservice.transport.https.proxy.port", "80");
    WebLogicAuthenticator sa = new WebLogicAuthenticator();
    sa.init(proxyHost,80,"Basic",null);
    System.setProperty("weblogic.net.proxyAuthenticatorClassName", WebLogicAuthenticator.class.getName());
    URL url;
    url = new URL("https://xxxxxx/xxx/xxxxx");

    EBPPCCXV2Service_Impl locator = new EBPPCCXV2Service_Impl();
    locator.getEBPPCCXV2PortType();

    ccxService = (EBPPCCXV2PortType_Stub) locator.getEBPPCCXV2PortType();
    ccxService._setTargetEndpoint(url);

    Please help!
    Thanx

    DB:2.54:Ssl Handshake Fails c1

    I had the same problem time ago.

    As you can see here

    http://forums.bea.com/thread.jspa?threadID=600004243

    you should solve your problem finding this patch

    CR210310_81sp4.jar

    and applying it. (maybe you should ask it to BEA support, I don't remember how I got it)

  • RELEVANCY SCORE 2.54

    DB:2.54:Poblem With Ssl Configuration On Wls 8.1 8f


    I have a problem with SSL configuration on WLS 8.1.
    I obtain an error on the server of type:
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Trust status (16): CERT_CHAIN_UNTRUSTED
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack

    I obtain an error on the cklient of type:
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Validation error = 16
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Certificate chain is untrusted
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLTrustValidator returns: 16
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Trust status (16): CERT_CHAIN_UNTRUSTED
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)

    Can you help me?

    I add configuration e total logs.

    #####################################################
    ## SERVER WLS 8.1 AND SSL CONFIGURATION DESCRIPTION
    #####################################################

    My WLS configuration use "Keystores SSL" of type "Custom Identity and Custom Trust",
    with cypher provider bouncycastle (bcprov-jdk14-133.jar).

    The keystore with digital certificate Verisign CA are generated with this options:

    -keyalg RSA
    -keysize 1024
    -sigalg SHA1withRSA
    -validity 365
    -storetype jks

    ############################################
    ## SERVER WLS 8.1 INVOCATION COMMAND LINE
    ############################################

    java -client -Xms128m -Xmx512m \
    -Dweblogic.security.SSL.verbose=true \
    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true \
    -Dweblogic.security.SSL.debugEaten=true \
    -Djava.protocol.handler.pkgs=com.certicom.net.ssl \
    -Dweblogic.security.SSL.ignoreHostnameVerification=true \
    -Dweblogic.security.SSL.trustedCAKeyStore=/fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks \
    -Xverify:none -Dweblogic.transaction.SecurityInteropMode=compatibility \
    -Dweblogic.Name=WLS_SSL \
    -Dweblogic.management.server=http://10.6.168.62:8501 \
    -Djava.security.policy=/wlsadm/bea/bea81sp5/weblogic81/server/lib/weblogic.policy \
    -Dweblogic.system.StoreBootIdentity=true \
    weblogic.Server

    I add my logs:

    #############################################################
    ## SERVER WLS 8.1 LOGS at STARTUP (before CLIENT INVOCATION)
    #############################################################
    Aug 1, 2006 10:36:30 AM CEST Debug TLS 000000 SSL/Domestic license found
    Aug 1, 2006 10:36:30 AM CEST Debug TLS 000000 Certicom SSL license found
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSL Session TTL :90000
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLSetup: loading trusted CA certificates
    Aug 1, 2006 10:36:31 AM CEST Notice Security BEA-090169 Loading trusted certificates from the jks keystore file /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks.
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLManager: loaded 1 trusted CAs from /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLListenThread.getSSLManager()
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLManager: getting server private key
    Aug 1, 2006 10:36:31 AM CEST Notice Security BEA-090170 Loading the private key stored under the alias msc_identity from the jks keystore file /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscIdentity.jks.
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLManager.getServerCertificate()
    Aug 1, 2006 10:36:31 AM CEST Notice Security BEA-090171 Loading the identity certificate stored under the alias msc_identity from the jks keystore file /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscIdentity.jks.
    Aug 1, 2006 10:36:31 AM CEST Notice Security BEA-090169 Loading trusted certificates from the jks keystore file /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks.
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 SSLManager: loaded 1 trusted CAs from /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks
    Aug 1, 2006 10:36:31 AM CEST Debug TLS 000000 Trusted CA: [
    [
    Version: V3
    Subject: CN=www.tim.it, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=TIM, O=MSC, L=Rome, ST=Italy, C=IT
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    da54f3b0 83b99998 b559f27f 8c8f7b70 9bf8994b 92223fbc 31023462 f482336b
    05ff8d0c e37cf4b4 7438a142 c29bbe9a b266d185 da154527 d880e718 10c29448
    aedc2695 bd0c6dbd 7261b029 44397eda 092f750e 6930f131 89c6485a 4ac45c8b
    76967a3b 93754965 b785defa aaa64a89 7f0a8078 3bc7ebb8 066dd80a f0f43573
    Validity: [From: Mon Jul 31 02:00:00 CEST 2006,
    To: Tue Aug 15 01:59:59 CEST 2006]
    Issuer: CN=VeriSign Trial Secure Server Test Root CA, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
    SerialNumber: [ 3e5277e3 2b9630ad cc7d1b89 f4f96738]

    Certificate Extensions: 7
    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(00$..+.....0.
    0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
    0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com

    [2]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
    0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
    0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
    0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
    0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
    0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
    0060: 67 69 66 gif

    [3]: ObjectId: 2.5.29.31 Criticality=false
    CRLDistributionPoints [
    [DistributionPoint:
    [URIName: http://SVRSecure-crl.verisign.com/SVRTrialRoot2005.crl]
    ]]

    [4]: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]

    [5]: ObjectId: 2.5.29.32 Criticality=false
    CertificatePolicies [
    [CertificatePolicyId: [2.16.840.1.113733.1.7.21]
    [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 23 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .#https://www.ve
    0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 2F 74 risign.com/cps/t
    0020: 65 73 74 63 61 estca

    ]] ]
    ]

    [6]: ObjectId: 2.5.29.15 Criticality=false
    KeyUsage [
    DigitalSignature
    Key_Encipherment
    ]

    [7]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    ]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 1F 62 2A 00 B2 16 0A 4C 41 53 E9 0F BF BB 25 4B .b*....LAS....%K
    0010: A9 74 41 62 46 86 96 B8 73 A2 54 90 12 1E C2 94 .tAbF...s.T.....
    0020: 7E 40 64 AF 93 72 76 AC 77 D4 2E A8 4F 82 1A 0E .@d..rv.w...O...
    0030: FA 3D B1 68 4D 97 10 C5 47 63 A9 02 F5 0C 95 83 .=.hM...Gc......
    0040: CC 4B 5C 42 FB 73 26 99 2B 68 1F BF 14 A1 B4 A6 .K\B.s.+h......
    0050: 82 3F 0E 44 2D F9 A0 13 C0 B0 80 B0 B9 15 27 0B .?.D-.........'.
    0060: 78 C2 2A 39 62 68 6B 7B 72 A5 93 79 E8 BC 38 56 x.*9bhk.r..y..8V
    0070: 5F 01 A3 09 9E BC C7 15 35 E8 1C DB B5 5D F5 56 _.......5....].V

    ]
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 Cipher suites enabled:
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_RC4_128_MD5
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_RC4_128_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_AES_128_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_AES_256_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_3DES_EDE_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_DES_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DHE_RSA_WITH_DES_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_EXPORT_WITH_RC4_40_MD5
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_NULL_MD5
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_WITH_NULL_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_WITH_RC4_128_MD5
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_WITH_DES_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Debug TLS 000000 TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
    Aug 1, 2006 10:36:32 AM CEST Notice WebLogicServer BEA-000355 Thread "SSLListenThread.Default" listening on port 8512, ip address 10.6.168.62
    Aug 1, 2006 10:36:32 AM CEST Notice WebLogicServer BEA-000355 Thread "ListenThread.Default" listening on port 8511, ip address 10.6.168.62
    Aug 1, 2006 10:36:32 AM CEST Notice WebLogicServer BEA-000332 Started WebLogic Managed Server "WLS_SSL" for domain "MSC_Domain" running in Development Mode
    Aug 1, 2006 10:36:32 AM CEST Notice WebLogicServer BEA-000360 Server started in RUNNING mode

    ###################################
    ## CLIENT INVOCATION COMMAND LINE
    ###################################

    java \
    -Dweblogic.security.SSL.verbose=true \
    -Dssl.debug=true \
    -Dweblogic.StdoutDebugEnabled=true \
    -Dweblogic.security.SSL.debugEaten=true \
    -Djava.protocol.handler.pkgs=com.certicom.net.ssl \
    -Dweblogic.security.SSL.ignoreHostnameVerification=true \
    -Dweblogic.security.SSL.trustedCAKeyStore=/fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks \
    weblogic.Admin -url t3s://10.6.168.62:8512 -username tdsuser -password tdspwd GETSTATE

    ##################
    ## CLIENT LOGS
    ##################

    Aug 1, 2006 10:39:03 AM CEST Debug TLS 000000 SSL/Domestic license found
    Aug 1, 2006 10:39:03 AM CEST Debug TLS 000000 Not in server, Certicom SSL license found
    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 SSL Session TTL :90000
    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 Trusted CA keystore: /fpvcs/usr/mc509501/WLS_DOMAINS/keystorerepository/casigned/MscTrust.jks
    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 clientInfo settings applied
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Filtering JSSE SSLSocket
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 31538695
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLSocket will NOT be Muxing
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 write SSL_20_RECORD
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 isMuxerActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 31198842 SSL3/TLS MAC
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 31198842 received HANDSHAKE
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 HANDSHAKEMESSAGE: ServerHello
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 isMuxerActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 31198842 SSL3/TLS MAC
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 31198842 received HANDSHAKE
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 HANDSHAKEMESSAGE: Certificate
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Cannot complete the certificate chain: No trusted cert found
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 validationCallback: validateErr = 16
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 cert[0] = [
    [
    Version: V1
    Subject: CN=www.tim.it, OU=TIM, O=MSC, L=Rome, ST=Italy, C=IT
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    da54f3b0 83b99998 b559f27f 8c8f7b70 9bf8994b 92223fbc 31023462 f482336b
    05ff8d0c e37cf4b4 7438a142 c29bbe9a b266d185 da154527 d880e718 10c29448
    aedc2695 bd0c6dbd 7261b029 44397eda 092f750e 6930f131 89c6485a 4ac45c8b
    76967a3b 93754965 b785defa aaa64a89 7f0a8078 3bc7ebb8 066dd80a f0f43573
    Validity: [From: Mon Jul 31 17:47:50 CEST 2006,
    To: Tue Jul 31 17:47:50 CEST 2007]
    Issuer: CN=www.tim.it, OU=TIM, O=MSC, L=Rome, ST=Italy, C=IT
    SerialNumber: [ 44ce2626]

    ]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: CF 72 5F EC CB CA BD 62 56 51 53 7F E8 10 12 CD .r_....bVQS.....
    0010: 64 E3 DD 6A DF DE 64 58 EA DD CE 68 65 E6 4C 12 d..j..dX...he.L.
    0020: B1 F7 CD FE 74 83 8C 08 A3 93 F2 21 FA F5 7D 16 ....t......!....
    0030: 34 F6 28 B1 98 DE 42 85 BF 66 5D 21 8F A3 21 CA 4.(...B..f]!..!.
    0040: 22 7B 3D 9A F3 B0 B2 9D 21 0D 90 E2 1A 5B 2A 6E ".=.....!....[*n
    0050: D1 EF 0C 5C 21 37 1F 3C 70 78 33 7E 66 8C 11 0A ...\!7.px3.f...
    0060: 7E 7A 19 6B 71 CC 44 60 53 51 3C 1E 39 E5 92 FB .z.kq.D`SQ.9...
    0070: FF 54 B0 63 AE F3 B2 49 B1 21 FB 3A 43 D4 17 53 .T.c...I.!.:C..S

    ]
    Aug 1, 2006 10:39:15 AM CEST Warning Security BEA-090542 Certificate chain received from sdcsun002.rm.tim.it - 10.6.168.62 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Validation error = 16
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Certificate chain is untrusted
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLTrustValidator returns: 16
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Trust status (16): CERT_CHAIN_UNTRUSTED
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
    at java.io.DataOutputStream.flush(DataOutputStream.java:101)
    at weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:481)
    at weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.java:92)
    at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1781)
    at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1304)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:430)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:312)
    at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:222)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:180)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:223)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:188)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
    at weblogic.jndi.Environment.getContext(Environment.java:166)
    at weblogic.jndi.Environment.getInitialContext(Environment.java:145)
    at weblogic.management.commandline.tools.AdminToolHelper.getMBeanHome(AdminToolHelper.java:487)
    at weblogic.management.commandline.tools.ServerInfoCommandLineInvoker.doCommandline(ServerInfoCommandLineInvoker.java:908)
    at weblogic.management.commandline.tools.ServerInfoCommandLineInvoker.init(ServerInfoCommandLineInvoker.java:121)
    at weblogic.management.commandline.AdminMain.main(AdminMain.java:131)
    at weblogic.Admin.useAdminMain(Admin.java:169)
    at weblogic.Admin.main(Admin.java:54)

    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 write ALERT, offset = 0, length = 2
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 close(): 13190097

    Failed to connect to t3s://10.6.168.62:8512: Destination unreachable; nested exception is:
    javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from sdcsun002.rm.tim.it - 10.6.168.62 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination
    ...finished !

    ###################################################
    ## SERVER WLS 8.1 LOGS (after CLIENT INVOCATION)
    ###################################################

    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 Filtering JSSE SSLSocket
    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 SSLIOContextTable.addContext(ctx): 19097147
    Aug 1, 2006 10:39:14 AM CEST Debug TLS 000000 SSLSocket will be Muxing
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 isMuxerActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 13486459 SSL Version 2 with no padding
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 6744902 SSL3/TLS MAC
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 6744902 received SSL_20_RECORD
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 HANDSHAKEMESSAGE: ClientHelloV2
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 ........... Eating Exception ..........
    java.security.NoSuchAlgorithmException
    at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
    at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
    at com.certicom.tls.record.handshake.MessageClientHelloVersion2.init(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeMessage.createVersion2(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:478)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 ........... Eating Exception ..........
    java.security.NoSuchAlgorithmException
    at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
    at com.certicom.tls.ciphersuite.CipherSuiteSupport.getCipherSuite(Unknown Source)
    at com.certicom.tls.record.handshake.MessageClientHelloVersion2.init(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeMessage.createVersion2(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.handleVersion2HandshakeMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:478)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 58
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 570
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 write HANDSHAKE, offset = 0, length = 4
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 isMuxerActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLFilter.isActivated: false
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 6744902 SSL3/TLS MAC
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 6744902 received ALERT
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.init(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
    at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:478)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@1c27402
    Aug 1, 2006 10:39:15 AM CEST Warning Security BEA-090482 BAD_CERTIFICATE alert was received from sdcsun011.rm.tim.it - 10.6.168.76. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 close(): 13486459
    Aug 1, 2006 10:39:15 AM CEST Debug TLS 000000 SSLIOContextTable.removeContext(ctx): 19097147

    DB:2.54:Poblem With Ssl Configuration On Wls 8.1 8f

    Marco,

    You've probably already done this, but check to see that MscTrust on the client has the Verisign Test CA cert as a Trusted Cert Entry.

    My favorite standby when all else fails is to add the CA cert to the cacerts keystore for the JRE that's running your client. That is, JAVA_HOME/jre/lib/security/cacerts.
    .
    Mike
    Weblogic/J2EE Security Blog: http://monduke.com

  • RELEVANCY SCORE 2.54

    DB:2.54:Ssl/Tls Abbreviated Handshake p7


    Is there a way to implementan abbreviated handshake for SSL/TLS on Azure Web Roles (Cloud Service)?

    Thanks in advance for any help

  • RELEVANCY SCORE 2.54

    DB:2.54:Todays Flash Player Release 13.0.0.182 Fails Completely On Mac Os X p8



    Todays Flash player release 13.0.0.182 for Mac OS X fails on my Mac 10.7.5 on all browsers (Safari and Firefox).

    Instead of any flash animation I only get "Plugin-Error" (in German "Plugin-Fehler")

    Previous flash player worked without a problem.

    Any ideas ?

    @Adobe: What's wrong with rel. 13.0.0.182 ?