CERTs

By default. IE will store a self-signed cert as a CA cert not as a user cert (which is why I don't like using self-signed certs for testing client-auth). Probably the quickest way to see what is wrong is to set -Djavax net debug=all (at least if you have a Sun JVM) in your JAVA_OPTS and try again. You could also try using different files for the keystore and truststore."Werner Schalk" <werner_schalk@gmx de> wrote in message news:001001c81582$5492d5a0$1801a8c0@odeon...> Hello,>> I am trying to implement mutual authentication in Tomcat 5.5.20 for many > days now and it's giving me a real headache. I hope somebody is able to > shed some light on this. Here is a digest version of what I did so far. > would somebody please comment on the correctness (?) of my steps or > provide me with an alternative way? The steps I have made are outlined at > http://www vorburger ch/blog1/2006/08/setting-up-two-way-mutual-ssl-with html.>> 1) Creation of the server cert:>> $JAVA_HOME/bin/keytool -genkey -v -alias tomcat -keyalg RSA -validity > 3650 -keystore /tmp/tomcat keystore -dname "CN=192.168.1.34. OU=MYOU. > O=MYORG. L=MYCITY. ST=MYSTATE. C=MY" -storepass hello123 -keypass hello123>> 2) Activation of SSL connector in server xml:>> <Connector port="8443" maxHttpHeaderSize="8192"> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"> enableLookups="false" disableUploadTimeout="true"> keystoreFile="/tmp/tomcat keystore" keystorePass="hello123"> trustStoreFile="/tmp/tomcat keystore" > trustStorePass="hello123"> acceptCount="100" scheme="https" secure="true"> clientAuth="false" sslProtocol="TLS" />>> 3) Restartet Tomcat short connectivity test. SSL works fine.>> 4) Creation of client certificate:>> $JAVA_HOME/bin/keytool -genkey -v -alias wschalkKey -keyalg RSA -storetype > PKCS12 -keystore /tmp/wschalk p12 -dname "CN=Werner Schalk. OU=IT. > O=MyCompany. L=Munich. ST=Bavaria. C=DE" -storepass hello123 -keypass > hello123>> 5) Import of p12 file and (later cert file for FF) in both IE 6 and FF. > no problem>> 6) Export from client certificate from client keystore and import into > main tomcat keystore>> $JAVA_HOME/bin/keytool -export -alias wschalkKey -keystore > /tmp/wschalk p12 -storetype PKCS12 -storepass hello123 -rfc -file > /tmp/wschalk cert>> $JAVA_HOME/bin/keytool -import -v -file /tmp/wschalk cert -keystore > /tmp/tomcat keystore -storepass hello123>> Owner: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE> Issuer: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE> Serial number: 471dfc4b> Valid from: Tue Oct 23 13:51:07 GMT 2007 until: Mon Jan 21 13:51:07 GMT > 2008> Certificate fingerprints:> MD5: 4D:E0:13:E7:FC:D9:09:C7:A7:DD:04:47:32:58:6A:CD> SHA1: F3:1F:FF:7E:13:A8:A8:6B:EB:1A:72:14:8D:8C:B6:C4:EC:62:51:E9> Trust this certificate? [no]: yes> Certificate was added to keystore> [Storing /tmp/tomcat keystore]>> 7) Listing of the content of the keystore:>> tomcat:~# $JAVA_HOME/bin/keytool -v -list -keystore /tmp/tomcat keystore> Enter keystore password: hello123>> Keystore type: jks> Keystore provider: SUN>> Your keystore contains 2 entries>> Alias name: tomcat> Creation date: 18-Oct-2007> Entry type: keyEntry> Certificate chain length: 1> Certificate[1]:> Owner: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MY> Issuer: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MY> Serial number: 4716aedd> Valid from: Thu Oct 18 00:54:53 GMT 2007 until: Sun Oct 15 00:54:53 GMT > 2017> Certificate fingerprints:> MD5: 1C:65:FE:49:B2:40:66:96:47:13:46:42:10:83:2A:DE> SHA1: 6E:4A:E8:5F:25:C9:EE:6E:8B:22:50:AE:17:46:66:DE:39:29:29:CD>>> *******************************************> *******************************************>>> Alias name: mykey> Creation date: 18-Oct-2007> Entry type: trustedCertEntry>> Owner: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE> Issuer: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE> Serial number: 471dfc4b> Valid from: Tue Oct 23 13:51:07 GMT 2007 until: Mon Jan 21 13:51:07 GMT > 2008> Certificate fingerprints:> MD5: 4D:E0:13:E7:FC:D9:09:C7:A7:DD:04:47:32:58:6A:CD> SHA1: F3:1F:FF:7E:13:A8:A8:6B:EB:1A:72:14:8D:8C:B6:C4:EC:62:51:E9>>> *******************************************> *******************************************>> 8) Activation of mutual authentication in server xml>> <Connector port="8443" maxHttpHeaderSize="8192"> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"> enableLookups="false" disableUploadTimeout="true"> keystoreFile="/tmp/tomcat keystore" keystorePass="hello123"> trustStoreFile="/tmp/tomcat keystore" > trustStorePass="hello123"> acceptCount="100" scheme="https" secure="true"> clientAuth="true" sslProtocol="TLS" />>> 9) Finally start of Tomcat (no error messages):>> # /usr/local/tomcat/bin/startup sh && tail -f > /usr/local/tomcat/logs/catalina out> Using CATALINA_BASE: /usr/local/tomcat> Using CATALINA_HOME: /usr/local/tomcat> Using CATALINA_TMPDIR: /usr/local/tomcat/temp> Using JRE_HOME: /usr/local/jdk1.5.0_13> 18-Oct-2007 01:16:08 org apache coyote http11. Http11BaseProtocol pause> INFO: Pausing Coyote HTTP/1.1 on http-8443> 18-Oct-2007 01:16:09 org apache catalina core. StandardService stop> INFO: Stopping service Catalina> 18-Oct-2007 01:16:09 org apache coyote http11. Http11BaseProtocol destroy> INFO: Stopping Coyote HTTP/1.1 on http-8080> 18-Oct-2007 01:16:09 org apache coyote http11. Http11BaseProtocol destroy> INFO: Stopping Coyote HTTP/1.1 on http-8443> 18-Oct-2007 01:16:09 org apache catalina core. AprLifecycleListener > lifecycleEvent> INFO: Failed shutdown of Apache Portable Runtime> 18-Oct-2007 01:16:16 org apache catalina core. AprLifecycleListener > lifecycleEvent> INFO: The Apache Tomcat Native library which allows optimal performance in > production environments was not found on the java library path: > /usr/local/jdk1.5.0_13/jre/lib/i386/client:/usr/local/jdk1.5.0_13/jre/lib/i386:/usr/local/jdk1.5.0_13/jre/../lib/i386> 18-Oct-2007 01:16:17 org apache coyote http11. Http11BaseProtocol init> INFO: Initializing Coyote HTTP/1.1 on http-8080> 18-Oct-2007 01:16:17 org apache coyote http11. Http11BaseProtocol init> INFO: Initializing Coyote HTTP/1.1 on http-8443> 18-Oct-2007 01:16:17 org apache catalina startup. Catalina load> INFO: Initialization processed in 2521 ms> 18-Oct-2007 01:16:18 org apache catalina core. StandardService start> INFO: Starting service Catalina> 18-Oct-2007 01:16:18 org apache catalina core. StandardEngine start> INFO: Starting Servlet Engine: Apache Tomcat/5.5.20> 18-Oct-2007 01:16:18 org apache catalina core. StandardHost start> INFO: XML validation disabled> 18-Oct-2007 01:16:20 org apache coyote http11. Http11BaseProtocol start> INFO: Starting Coyote HTTP/1.1 on http-8080> 18-Oct-2007 01:16:20 org apache coyote http11. Http11BaseProtocol start> INFO: Starting Coyote HTTP/1.1 on http-8443> 18-Oct-2007 01:16:20 org apache jk common. ChannelSocket init> INFO: JK: ajp13 listening on /0.0.0.0:8009> 18-Oct-2007 01:16:20 org apache jk server. JkMain start> INFO: Jk running ID=0 time=0/76 config=null> 18-Oct-2007 01:16:20 org apache catalina storeconfig. StoreLoader load> INFO: Find registry server-registry xml at classpath resource> 18-Oct-2007 01:16:21 org apache catalina startup. Catalina start> INFO: Server startup in 3059 ms>> 10) Access with web browser: In IE 6 the list of client certificates to > send to the server is blank when accessing the site (see last comment from > the website mentioned above the same problem). In FF the following error > message occurs: "FF: Could not establish an encrypted connection because > your certificate was rejected by localhost. Error code : -12271.".>> Any ideas how to solve this mutual authentication problem would be highly > appreciated!>> Bye and thanks a lot,> Werner.>> ---------------------------------------------------------------------> To start a new topic e-mail: users@tomcat apache org> To unsubscribe e-mail: users-unsubscribe@tomcat apache org> For additional commands e-mail: users-help@tomcat apache org>> ---------------------------------------------------------------------To start a new topic e-mail: users@tomcat apache orgTo unsubscribe e-mail: users-unsubscribe@tomcat apache orgFor additional commands e-mail: users-help@tomcat apache org

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3Cffm5jv$6ld$1@ger.gmane.org%3E

comments | Add comment | Report as Spam

If you wanna browser is sending the cert to the server you may try to set clientAuth=truein server xml. ----- Original Message ----- From: Bill Barker To: users@tomcat apache org Sent: Wednesday. October 24. 2007 9:04 AM Subject: Re: Tomcat 5.5.20 and client certs not working (browser is not sending the certto the server) By default. IE will store a self-signed cert as a CA cert not as a user cert (which is why I don't like using self-signed certs for testing client-auth). Probably the quickest way to see what is wrong is to set -Djavax net debug=all (at least if you have a Sun JVM) in your JAVA_OPTS and try again. You could also try using different files for the keystore and truststore. "Werner Schalk" <werner_schalk@gmx de> wrote in message news:001001c81582$5492d5a0$1801a8c0@odeon... > Hello. > > I am trying to implement mutual authentication in Tomcat 5.5.20 for many > days now and it's giving me a real headache. I hope somebody is able to > shed some light on this. Here is a digest version of what I did so far. > would somebody please comment on the correctness (?) of my steps or > provide me with an alternative way? The steps I have made are outlined at > http://www vorburger ch/blog1/2006/08/setting-up-two-way-mutual-ssl-with html. > > 1) Creation of the server cert: > > $JAVA_HOME/bin/keytool -genkey -v -alias tomcat -keyalg RSA -validity > 3650 -keystore /tmp/tomcat keystore -dname "CN=192.168.1.34. OU=MYOU. > O=MYORG. L=MYCITY. ST=MYSTATE. C=MY" -storepass hello123 -keypass hello123 > > 2) Activation of SSL connector in server xml: > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > keystoreFile="/tmp/tomcat keystore" keystorePass="hello123" > trustStoreFile="/tmp/tomcat keystore" > trustStorePass="hello123" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > > 3) Restartet Tomcat short connectivity test. SSL works fine. > > 4) Creation of client certificate: > > $JAVA_HOME/bin/keytool -genkey -v -alias wschalkKey -keyalg RSA -storetype > PKCS12 -keystore /tmp/wschalk p12 -dname "CN=Werner Schalk. OU=IT. > O=MyCompany. L=Munich. ST=Bavaria. C=DE" -storepass hello123 -keypass > hello123 > > 5) Import of p12 file and (later cert file for FF) in both IE 6 and FF. > no problem > > 6) Export from client certificate from client keystore and import into > main tomcat keystore > > $JAVA_HOME/bin/keytool -export -alias wschalkKey -keystore > /tmp/wschalk p12 -storetype PKCS12 -storepass hello123 -rfc -file > /tmp/wschalk cert > > $JAVA_HOME/bin/keytool -import -v -file /tmp/wschalk cert -keystore > /tmp/tomcat keystore -storepass hello123 > > Owner: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE > Issuer: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE > Serial number: 471dfc4b > Valid from: Tue Oct 23 13:51:07 GMT 2007 until: Mon Jan 21 13:51:07 GMT > 2008 > Certificate fingerprints: > MD5: 4D:E0:13:E7:FC:D9:09:C7:A7:DD:04:47:32:58:6A:CD > SHA1: F3:1F:FF:7E:13:A8:A8:6B:EB:1A:72:14:8D:8C:B6:C4:EC:62:51:E9 > Trust this certificate? [no]: yes > Certificate was added to keystore > [Storing /tmp/tomcat keystore] > > 7) Listing of the content of the keystore: > > tomcat:~# $JAVA_HOME/bin/keytool -v -list -keystore /tmp/tomcat keystore > Enter keystore password: hello123 > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 2 entries > > Alias name: tomcat > Creation date: 18-Oct-2007 > Entry type: keyEntry > Certificate chain length: 1 > Certificate[1]: > Owner: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MY > Issuer: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MY > Serial number: 4716aedd > Valid from: Thu Oct 18 00:54:53 GMT 2007 until: Sun Oct 15 00:54:53 GMT > 2017 > Certificate fingerprints: > MD5: 1C:65:FE:49:B2:40:66:96:47:13:46:42:10:83:2A:DE > SHA1: 6E:4A:E8:5F:25:C9:EE:6E:8B:22:50:AE:17:46:66:DE:39:29:29:CD > > > ******************************************* > ******************************************* > > > Alias name: mykey > Creation date: 18-Oct-2007 > Entry type: trustedCertEntry > > Owner: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE > Issuer: CN=Werner Schalk. OU=IT. O=MyCompany. L=Munich. ST=Bavaria. C=DE > Serial number: 471dfc4b > Valid from: Tue Oct 23 13:51:07 GMT 2007 until: Mon Jan 21 13:51:07 GMT > 2008 > Certificate fingerprints: > MD5: 4D:E0:13:E7:FC:D9:09:C7:A7:DD:04:47:32:58:6A:CD > SHA1: F3:1F:FF:7E:13:A8:A8:6B:EB:1A:72:14:8D:8C:B6:C4:EC:62:51:E9 > > > ******************************************* > ******************************************* > > 8) Activation of mutual authentication in server xml > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > keystoreFile="/tmp/tomcat keystore" keystorePass="hello123" > trustStoreFile="/tmp/tomcat keystore" > trustStorePass="hello123" > acceptCount="100" scheme="https" secure="true" > clientAuth="true" sslProtocol="TLS" /> > > 9) Finally start of Tomcat (no error messages): > > # /usr/local/tomcat/bin/startup sh && tail -f > /usr/local/tomcat/logs/catalina out > Using CATALINA_BASE: /usr/local/tomcat > Using CATALINA_HOME: /usr/local/tomcat > Using CATALINA_TMPDIR: /usr/local/tomcat/temp > Using JRE_HOME: /usr/local/jdk1.5.0_13 > 18-Oct-2007 01:16:08 org apache coyote http11. Http11BaseProtocol pause > INFO: Pausing Coyote HTTP/1.1 on http-8443 > 18-Oct-2007 01:16:09 org apache catalina core. StandardService stop > INFO: Stopping service Catalina > 18-Oct-2007 01:16:09 org apache coyote http11. Http11BaseProtocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-8080 > 18-Oct-2007 01:16:09 org apache coyote http11. Http11BaseProtocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-8443 > 18-Oct-2007 01:16:09 org apache catalina core. AprLifecycleListener > lifecycleEvent > INFO: Failed shutdown of Apache Portable Runtime > 18-Oct-2007 01:16:16 org apache catalina core. AprLifecycleListener > lifecycleEvent > INFO: The Apache Tomcat Native library which allows optimal performance in > production environments was not found on the java library path: > /usr/local/jdk1.5.0_13/jre/lib/i386/client:/usr/local/jdk1.5.0_13/jre/lib/i386:/usr/local/jdk1.5.0_13/jre/../lib/i386 > 18-Oct-2007 01:16:17 org apache coyote http11. Http11BaseProtocol init > INFO: Initializing Coyote HTTP/1.1 on http-8080 > 18-Oct-2007 01:16:17 org apache coyote http11. Http11BaseProtocol init > INFO: Initializing Coyote HTTP/1.1 on http-8443 > 18-Oct-2007 01:16:17 org apache catalina startup. Catalina load > INFO: Initialization processed in 2521 ms > 18-Oct-2007 01:16:18 org apache catalina core. StandardService start > INFO: Starting service Catalina > 18-Oct-2007 01:16:18 org apache catalina core. StandardEngine start > INFO: Starting Servlet Engine: Apache Tomcat/5.5.20 > 18-Oct-2007 01:16:18 org apache catalina core. StandardHost start > INFO: XML validation disabled > 18-Oct-2007 01:16:20 org apache coyote http11. Http11BaseProtocol start > INFO: Starting Coyote HTTP/1.1 on http-8080 > 18-Oct-2007 01:16:20 org apache coyote http11. Http11BaseProtocol start > INFO: Starting Coyote HTTP/1.1 on http-8443 > 18-Oct-2007 01:16:20 org apache jk common. ChannelSocket init > INFO: JK: ajp13 listening on /0.0.0.0:8009 > 18-Oct-2007 01:16:20 org apache jk server. JkMain start > INFO: Jk running ID=0 time=0/76 config=null > 18-Oct-2007 01:16:20 org apache catalina storeconfig. StoreLoader load > INFO: Find registry server-registry xml at classpath resource > 18-Oct-2007 01:16:21 org apache catalina startup. Catalina start > INFO: Server startup in 3059 ms > > 10) Access with web browser: In IE 6 the list of client certificates to > send to the server is blank when accessing the site (see last comment from > the website mentioned above the same problem). In FF the following error > message occurs: "FF: Could not establish an encrypted connection because > your certificate was rejected by localhost. Error code : -12271.". > > Any ideas how to solve this mutual authentication problem would be highly > appreciated! > > Bye and thanks a lot. > Werner. > > --------------------------------------------------------------------- > To start a new topic e-mail: users@tomcat apache org > To unsubscribe e-mail: users-unsubscribe@tomcat apache org > For additional commands e-mail: users-help@tomcat apache org > > --------------------------------------------------------------------- To start a new topic e-mail: users@tomcat apache org To unsubscribe e-mail: users-unsubscribe@tomcat apache org For additional commands e-mail: users-help@tomcat apache org

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C000c01c815dc$de6860b0$ab00000a@Iris%3E

comments | Add comment | Report as Spam

November 2. 2007 -- () -- IT security solutions provider Comodo () announced on Thursday that online lamination and binding supply business retailer Laminator com () has deployed EV SSL certificates as a strategy to help distribute sales from its call center to its more cost-efficient website. While EV SSL certificates have come to be recognized as a powerful tool to increase customer confidence by displaying a conspicuous color indicator in the communicate bar in Microsoft Internet Explorer 7 the merchandise is also recognizing that EV SSL certificates can help improve the ROI of all sales operations by increasing online sales conversions that are now being completed by live telecommunicate operators says Comodo. "Many of our customers are government agencies schools and businesses who find the products they want on our website but then label in to alter a purchase. They do this because they are concerned about potential phishing threats," says John Moorehouse. CEO of Laminator com. "With EV SSL certificates we can alleviate this concern and calm customers that they are indeed on our site and not a phishing place. Even a few points of sales redistribution from our label bear on sales in advance of our website will have a huge positive impact on our bottom line." On Wednesday. Comodo's TrustFax online faxing solution added local telecommunicate numbers to its offerings.

Forex Groups - Tips on Trading

Related article:
http://www.webhostingtalk.com/news/laminatorcom-uses-comodo-certs/

comments | Add comment | Report as Spam

November 2. 2007 -- () -- IT security solutions provider Comodo () announced on Thursday that online lamination and binding supply business retailer Laminator com () has deployed EV SSL certificates as a strategy to back up distribute sales from its call center to its more cost-efficient website. While EV SSL certificates have come to be recognized as a powerful drive to change magnitude customer confidence by displaying a conspicuous green indicator in the address bar in Microsoft Internet Explorer 7 the market is also recognizing that EV SSL certificates can back up improve the ROI of all sales operations by increasing online sales conversions that are now being completed by live phone operators says Comodo. "Many of our customers are government agencies schools and businesses who sight the products they want on our website but then label in to make a purchase. They do this because they are concerned about potential phishing threats," says John Moorehouse. CEO of Laminator com. "With EV SSL certificates we can alleviate this concern and reassure customers that they are indeed on our place and not a phishing place. Even a few points of sales redistribution from our label bear on sales in advance of our website ordain have a huge positive impact on our bottom line." On Wednesday. Comodo's TrustFax online faxing solution added local telecommunicate numbers to its offerings.

Forex Groups - Tips on Trading

Related article:
http://www.webhostingtalk.com/news/laminatorcom-uses-comodo-certs/

comments | Add comment | Report as Spam

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Werner,Is it possible that the problem is with your cert?Your tomcat cert:> Owner: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MY> Issuer: CN=192.168.1.34. OU=MYOU. O=MYORG. L=MYCITY. ST=MYSTATE. C=MYYour error in FF:> "FF: Could not establish an encrypted connection> because your award was rejected by localhost. Error code :> -12271.""192.168.1.34" != "localhost". Maybe the browsers are being picky. Did you get a cert warning in step 3because the domain name didn't match the server cert? If so it'spossible that the client certs aren't being sent because of the domainmismatch.(Apologies if my questions make no sense whatsoever... I know nothingabout client certs... I thought they had to be signed by the server'skey but what do I know?)- -chris-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.7 (MingW32)Comment: Using GnuPG with Mozilla - http://enigmail mozdev orgiD8DBQFHHigw9CaO5/Lv0PARAiTWAKCh0Aoa0G/3sbPGtXqof/h5DsEHoQCePvgixyRoxA2jisZF3n7ShdmDeXE==eVJ8-----END PGP SIGNATURE--------------------------------------------------------------------------To go away a new topic e-mail: users@tomcat apache orgTo unsubscribe e-mail: users-unsubscribe@tomcat apache orgFor additional commands telecommunicate: users-help@tomcat apache org

Forex Groups - Tips on Trading

Related article:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C471E2830.8050408@christopherschultz.net%3E

comments | Add comment | Report as Spam

Event Type: WarningEvent Source: SchannelEvent Category: NoneEvent ID: 36885Date: 11/5/2007Time: 6:45:23 PMUser: N/AComputer: DOMAINDescription:When asking for client authentication this server sends a enumerate of trusted certificate authorities to the client. The client uses this enumerate to choose a client certificate that is trusted by the server. Currently this server trusts so many certificate authorities that the list has grown too long. This enumerate has thus been truncated. The administrator of this forge should review the certificate authorities trusted for client authentication and shift those that do not really be to be trusted. For more information see back up and give bear on at. Okay this is pretty sad when I go to Eventid net and sight me aka "SBSDiva" has posted a solution to my own problem that I had to go be up again how to fix it.... Copyright © is the original authors. communicate place is an independent place not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would desire to convey www ownwebnow com and www exchangedefender com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Forex Groups - Tips on Trading

Related article:
http://msmvps.com/blogs/bradley/archive/2007/11/05/certs-overboard.aspx

comments | Add comment | Report as Spam

Hi,I am trying to install my SSL certifcate from godaddy onto my godaddy dedicated server. I already called them and followed their instructions on re-keying and I think I did it all correctly. After the process four files were generated:mydomain com crtmydomain keymydomain csrgd_negociate_bundle crtI noticed that the directory for my website contained a 'public_html' folder and a 'certs' folder. So naturally. I moved them all to the 'certs' folder./domiciliate/myusername/certs/The instructions then said to edit ssl conf which I open in /etc/httpd/conf d/They said to ADD these 3 vague directives: SSLCertificateFile /pathtoyour/certificate/fileSSLCertificateKeyFile /pathtoyour/key/fileSSLCertficateChainFile /pathto/gd_intermediate_pack/fileMy ssl conf already contained similar directives but they pointed to what looked desire server defaults. Since the instructions said to add the directives. I simply added them underneath what was already there. Not exactly sure which file is which. I guessed here is what I added:SSLCertificateFile /home/myusername/certs/mydomain com crtSSLCertificateKeyFile /home/myusername/certs/mydomain keySSLCertficateChainFile /home/myusername/certs/gd_negociate_pack crtThen the instructions said to restart Apache. Here is where my trouble is. Apache won't restart! (This is Apache 2 by the way.)I went to the ssl conf file and commented out my 3 directives. Apache successfully restarted! So. I tried adding my 3 directives back in and this time commenting out the two default directives that looked similar. The lines were:SSLCertificateFile /etc/httpd/conf/ssl crt/server crtSSLCertificateKeyFile /etc/httpd/conf/ssl key/server keyI tried again and Apache again failed to start!I tried contacting godaddy they escalated the issue and I saw them poking around my server this morning. They left my Apache turned off when they logged out. So I decided it was time to put my website approve up (I be this thing running you know?) and ask for help so I can do this myself. What did I miss? What did I do that is causing Apache to not start up?Thanks in advance for any back up anyone can provide. do you have whm / cpanel ? ah.. rub that.. i just saw it was with gd's server and I'm sure they have a different cpanel ssl's can also be loaded via that way owm __________________Your heart is free.. undergo the courage to follow it!SEO Specialist - Currently Busy Until August 2008 Godaddy's control panel gives 4 boxes for SSL information."Primary Key". "CSR". "award" and "CA certification". The first three already include data. The measure one. CA certification is blank. The data in there does not exactly be the default files I found on my server. Nor does it be the files I obtained from Godaddy. So should I copy and attach what I undergo in my files inside there?I guess the gd_intermediate_bundle crt goes in CA award?

Forex Groups - Tips on Trading

Related article:
http://www.webhostingtalk.com/showthread.php?t=646330

comments | Add comment | Report as Spam

So the analyse says - and it's a real analyse not the small informal ones I put in this blog lay occasionally - that certified folks aren't as valuable today in comparison to populate with non-certified skills. Other articles inform to a worldwide IT skills shortage which isn't a contradiction but certainly bodes well for those workers in the IT w Get a real-time look beneath the surface in the with our tools and. Also see our original real-time tracking system. --> DIGG. DIGG IT. DUGG. DIGG THIS. Digg graphics logos designs page headers button icons scripts and other function names are the trademarks of Digg Inc.

We occasionally have customers call in reporting that they're neverprompted for credentials when attempting to connect to the VPN. Thishappens most often when they're at a hotel/public hotspot. However ifthey use a profile based on a preshared key instead of a certauthentication they connection works w/o air. I've captured trafficoff a failed user and it looks desire during a cert auth IPSec tunnelthere's a fair be of packet fragmentation. I'm guessing then that arouter in-between is probably just dropping those packets causing phase1to fail. Has anyone else seen something similar to this? I'm thinkingdropping the MTU on either our public interface or on the clientdirectly. Any other suggestions shared experiences would be great,Simon_______________________________________________firewall-wizards mailing listfirewall-wizards@xxxxxxxxxxxxxxxxxxxxx GFI LANguard Network Security ScannerAre hackers finding a way into your network?Identify and repair network vulnerabilities with the #1 vulnerability scanner. GFI LANguard communicate Security Scanner is the #1 Windows commercial security scanner as voted by Nmap users for two years running. It is a solution that allows you to scan detect evaluate and rectify any security vulnerabilities on your network and

Forex Groups - Tips on Trading

Related article:
http://www.derkeiler.com/Mailing-Lists/Firewall-Wizards/2007-09/msg00041.html

comments | Add comment | Report as Spam

[jason:/] root# dtrace -n 'syscall::change state*:entry { printf("%s %s",execname,copyinstr(arg0)); }'dtrace: description 'syscall::open*:entry ' matched 2 probesCPU ID FUNCTION:NAME 3 52380 open:entry know public/qmgr 0 52778 change state64:entry sshd /system/assure/affect/latest 0 52778 open64:entry sshd /system/contract/all/2751405/ctl 0 52380 open:entry locale /var/ld/ld config 0 52380 change state:entry locale /lib/libc so.1 0 52380 change state:entry locale /usr/lib/locale/iso_8859_1/iso_8859_1 so.3 0 52380 open:entry locale /usr/lib/locale/en_CA/en_CA so.3 0 52380 open:entry locale /usr/lib/locale/en_CA. UTF-8/en_CA. UTF-8 so.3 0 52380 change state:entry locale /usr/lib/locale/common/methods_unicode so.3 0 52380 change state:entry locale /usr/lib/locale/en_US/en_US so.3 0 52380 change state:entry locale /usr/lib/locale/en_US. ISO8859-15/en_US. ISO8859-15 so.3 0 52380 open:entry locale /usr/lib/locale/en_US. ISO8859-15@euro/LC_MESSAGES/SUNW_OST_SGS mo 0 52380 open:entry locale /usr/lib/locale/en_US. ISO8859-15@euro/LC_MESSAGES/SUNW_OST_OSLIB mo 0 52380 open:entry locale /usr/lib/locale/es/LC_MESSAGES/SUNW_OST_SGS mo 0 52380 open:entry locale /usr/lib/locale/es/LC_MESSAGES/SUNW_OST_OSLIB mo 0 52380 change state:entry locale /usr/lib/locale/es_MX/es_MX so.3 0 52380 open:entry locale /usr/lib/locale/es_MX. UTF-8/es_MX. UTF-8 so.3 0 52380 change state:entry locale /usr/lib/locale/es_MX. UTF-8/LC_MESSAGES/SUNW_OST_SGS mo 0 52380 open:entry locale /usr/lib/locale/es_MX. UTF-8/LC_MESSAGES/SUNW_OST_OSLIB mo 0 52380 open:entry locale /usr/lib/locale/fr/LC_MESSAGES/SUNW_OST_SGS mo 0 52380 open:entry locale /usr/lib/locale/fr/LC_MESSAGES/SUNW_OST_OSLIB mo 0 52380 change state:entry locale /usr/lib/locale/fr_CA/fr_CA so.3 0 52380 open:entry locale /usr/lib/locale/fr_CA. UTF-8/fr_CA. UTF-8 so.3 0 52380 open:entry locale /usr/lib/locale/en_US. UTF-8/en_US. UTF-8 so.3 0 52380 change state:entry sshd /etc/gss/mech 0 52380 change state:entry sshd /usr/lib/gss/mech_krb5 so 0 52380 open:entry sshd /lib/libresolv so.2 0 52380 change state:entry sshd /usr/lib/libpkcs11 so.1 0 52380 change state:entry sshd /usr/lib/libcryptoutil so.1 0 52778 open64:entry sshd /etc/ssh/moduli 2 52380 open:entry sshd /etc/hosts accept 2 52380 open:entry sshd /etc/hosts deny 2 52380 change state:entry sh /var/ld/ld config 2 52380 open:entry sh /lib/libc so.1 2 52380 change state:entry sshd /lib/libscf so.1 2 52380 change state:entry sshd /lib/libuutil so.1 2 52380 open:entry sshd /lib/libgen so.1 2 52380 change state:entry sshd /lib/libmp so.2 2 52380 change state:entry sshd /etc/krb5/krb5 conf 2 52380 open:entry sshd /etc/crypto/pkcs11 conf 2 52380 change state:entry sshd /usr/lib/security/pkcs11_kernel so 2 52380 open:entry sshd /dev/crypto 2 52380 open:entry sshd /usr/lib/security/pkcs11_softtoken so 2 52380 change state:entry sshd /var/run/kcfd_door 2 52380 change state:entry kcfd /etc/security/kmfpolicy xml 2 52380 change state:entry kcfd /usr/share/lib/xml/dtd/kmfpolicy dtd 2 52380 open:entry kcfd /usr/lib/security/pkcs11_softtoken so 2 52380 open:entry kcfd /etc/crypto/certs/SUNW_SunOS_5.10 2 52380 change state:entry kcfd /etc/crypto/certs/SUNW_SunOS_5.10 2 52380 change state:entry kcfd /etc/crypto/certs/SUNW_SunOS_5.11_Limited 2 52380 change state:entry kcfd /etc/crypto/certs/SUNW_SunOS_5.11_Limited 2 52380 open:entry kcfd /etc/crypto/certs/CA 2 52380 change state:entry kcfd /etc/crypto/certs/CA 2 52778 open64:entry kcfd /etc/crypto/certs/CA 2 52380 open:entry kcfd /etc/crypto/certs/SUNWObjectCA 2 52380 open:entry kcfd /etc/crypto/certs/SUNWObjectCA 2 52380 open:entry sshd /proc/14553/psinfo 2 52778 open64:entry sshd /var/run/name_function_door 2 52380 change state:entry sshd // sunw/pkcs11_softtoken/objstore_info 2 52380 open:entry sshd // sunw/pkcs11_softtoken/objstore_info 2 52380 change state:entry sshd /dev/urandom 2 52380 change state:entry sshd /proc/14553/psinfo 2 52380 open:entry sshd /dev/conslog 2 52380 change state:entry sshd /var/run/syslog_door 2 52380 open:entry sshd /var/run/syslog_door 2 52380 open:entry sshd /var/run/syslog_door 0 52380 change state:entry sshd /etc/pam_debug 0 52380 change state:entry nscd /etc/inet/ipnodes 0 52380 open:entry sshd /etc/pam conf 0 52380 open:entry sshd /usr/lib/security//pam_authtok_get so.1 0 52380 open:entry sshd /usr/lib/passwdutil so.1 0 52380 change state:entry sshd /usr/lib/libsldap so.1 0 52380 open:entry sshd /usr/lib/libldap so.5 0 52380 change state:entry sshd /usr/lib/libsasl so.1 0 52380 open:entry sshd /usr/lib/mps/libnspr4 so 0 52380 open:entry sshd /usr/lib/mps/libplc4 so 0 52380 open:entry sshd /usr/lib/mps/libnss3 so 0 52380 open:entry sshd /usr/lib/mps/libssl3 so 0 52380 open:entry sshd /lib/libpthread so.1 0 52380 change state:entry sshd /lib/libthread so.1 0 52380 open:entry sshd /lib/librt so.1 0 52380 change state:entry sshd /lib/libdl so.1 0 52380 open:entry sshd /usr/lib/mps/libsoftokn3 so 0 52380 open:entry sshd /usr/lib/mps/libplds4 so 0 52380 open:entry sshd /lib/libtsol so.2 0 52380 change state:entry sshd /usr/lib/security//pam_dhkeys so.1 0 52380 change state:entry sshd /usr/lib/security//pam_unix_cred so.1 0 52380 change state:entry sshd /usr/lib/libproject so.1 0 52380 open:entry sshd /lib/libproc so.1 0 52380 open:entry sshd /lib/librtld_db so.1 0 52380.

Forex Groups - Tips on Trading

Related article:
http://textsnippets.com/posts/show/1208

comments | Add comment | Report as Spam