Search Results

Search found 21250 results on 850 pages for 'client certificates'.

Page 5/850 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Comunication from Server to Client + Client LAN

    - by Filipe YaBa Polido
    I'm having some trouble with some network setup. I've tried OpenVPN, SocialVPN, Hamachi, still it is not working. This is my setup: Server A: NIC 1 with internet public address, NIC 2 to LAN Client B PC: NIC 1 (192.168.10.2) connects to router 192.168.10.1 Client B Device: 192.168.10.3 (Configured via software, can't do much here) Problem: Server A must connect to cliente device B. (I can install software needed at Client B PC). However... I can't change the router to some model with VPN like Draytek or Cisco :( OpenVPN fails at bridging, PC B can ping Server A, but Server A can't ping Device B, only PC B. What else can I do?!?!?

    Read the article

  • Client side certificates in client browsers with unix server for management

    - by user146253
    We are currently running Unix dedicated servers for everything (Web cluster, database, FTP, batch, ...) except for a Microsoft Active Directory Certificate Services. The sole purpose of this Windows box is to provide client side certificates to our clients browsers. All our clients are required to install a client side certificate on order for them to be able to access our website. Is there an alternative in the Unix space? The purpose is to make sure only the approved hardware of an approved client can access our website. I'm open for any solution that provides me with this level of security. We are however talking about thousands of certified computers just so you can factor that in in a proposed solution. Optionally we would also like to be able to revoke access. With Regards.

    Read the article

  • Website access per client and each client having multiple users Sample Application

    - by windson
    I'm interested in building a web application in .NET that is scalable to multiple Clients and each and every Client has users associated with them. Suppose that my website is xyz.com and I have 3 clients "abc", "klm", "pqr" and I want to give access to features of xyz.com under the link as follows www.xyz.com/abc www.xyz.com/klm www.xyz.com/pqr and Client abc has N users and I want to set 3 roles for every client's user role. Is there any sample application in .NET that support this kind of website access per client having multiple users? And If I use ASP.NET Membership will that be a suitable membership solution or Do I need to opt for any other type of Membership defined by my own or already available in open source market for .NET. Edit: All the clients will have same functionality. I would like to build a generic model for www.xyz.com/{whatever} so that in future if a new client want to register with me he/she just have to give client name and up on adding client name all the features avaiable to exising clients will be applicable.

    Read the article

  • Windows Azure Root CAs and SSL Client Certificates

    - by Your DisplayName here!
    I ran into some problems while trying to make SSL client certificates work for StarterSTS 1.5. In theory you have to do two things (via startup tasks): Unlock the SSL section in IIS Install all the root certificates for the client certs you want to accept I did that. But it still does not work. While inspecting the event log, I stumbled over an schannel error message that I’ve never seen before: “When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.” WTF? And indeed standard Azure (web role) VMs trust 275 root CAs (see attached list). Including kinda obscure ones. I don’t really know why MS made this design decision. It seems just wrong (including breaking the SSL client cert functionality). Deleting like 60% of them made SSL client certs from my CA work. So I guess I now have to find an automated way to attach CTLs to my site…joy. Exported list of trusted CA (as of 30th Dec 2010) AC Raíz Certicámara S.A. (4/2/2030 9:42:02 PM) AC RAIZ FNMT-RCM (1/1/2030 12:00:00 AM) A-CERT ADVANCED (10/23/2011 2:14:14 PM) Actalis Authentication CA G1 (6/25/2022 2:06:00 PM) Agence Nationale de Certification Electronique (8/12/2037 9:03:17 AM) Agence Nationale de Certification Electronique (8/12/2037 9:58:14 AM) Agencia Catalana de Certificacio (NIF Q-0801176-I) (1/7/2031 10:59:59 PM) America Online Root Certification Authority 1 (11/19/2037 8:43:00 PM) America Online Root Certification Authority 2 (9/29/2037 2:08:00 PM) ANCERT Certificados CGN (2/11/2024 5:27:12 PM) ANCERT Certificados Notariales (2/11/2024 3:58:26 PM) ANCERT Corporaciones de Derecho Publico (2/11/2024 5:22:45 PM) A-Trust-nQual-01 (11/30/2014 11:00:00 PM) A-Trust-nQual-03 (8/17/2015 10:00:00 PM) A-Trust-Qual-01 (11/30/2014 11:00:00 PM) A-Trust-Qual-02 (12/2/2014 11:00:00 PM) A-Trust-Qual-03a (4/24/2018 10:00:00 PM) Austria Telekom-Control Kommission (9/24/2005 12:40:00 PM) Austrian Society for Data Protection (2/12/2009 11:30:30 AM) Austrian Society for Data Protection GLOBALTRUST Certification Service (9/18/2036 2:12:35 PM) Autoridad Certificadora Raiz de la Secretaria de Economia (5/9/2025 12:00:00 AM) Autoridad de Certificacion de la Abogacia (6/13/2030 10:00:00 PM) Autoridad de Certificacion Firmaprofesional CIF A62634068 (10/24/2013 10:00:00 PM) Autoridade Certificadora Raiz Brasileira (11/30/2011 11:59:00 PM) Baltimore CyberTrust Root (5/12/2025 11:59:00 PM) BIT AdminCA-CD-T01 (1/25/2016 12:36:19 PM) BIT Admin-Root-CA (11/10/2021 7:51:07 AM) Buypass Class 2 CA 1 (10/13/2016 10:25:09 AM) Buypass Class 3 CA 1 (5/9/2015 2:13:03 PM) CA Disig (3/22/2016 1:39:34 AM) CertEurope (3/27/2037 11:00:00 PM) CERTICAMARA S.A. (2/23/2015 5:10:37 PM) Certicámara S.A. (5/23/2011 10:00:00 PM) Certigna (6/29/2027 3:13:05 PM) Certipost E-Trust Primary Normalised CA (7/26/2020 10:00:00 AM) Certipost E-Trust Primary Qualified CA (7/26/2020 10:00:00 AM) Certipost E-Trust Primary TOP Root CA (7/26/2025 10:00:00 AM) Certisign Autoridade Certificadora AC1S (6/27/2018 12:00:00 AM) Certisign Autoridade Certificadora AC2 (6/27/2018 12:00:00 AM) Certisign Autoridade Certificadora AC3S (7/9/2018 8:56:32 PM) Certisign Autoridade Certificadora AC4 (6/27/2018 12:00:00 AM) CertPlus Class 1 Primary CA (7/6/2020 11:59:59 PM) CertPlus Class 2 Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3 Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3P Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3TS Primary CA (7/6/2019 11:59:59 PM) CertRSA01 (3/3/2010 2:59:59 PM) certSIGN Root CA (7/4/2031 5:20:04 PM) Certum (6/11/2027 10:46:39 AM) Certum Trusted Network CA (12/31/2029 12:07:37 PM) Chambers of Commerce Root - 2008 (7/31/2038 12:29:50 PM) Chambersign Chambers of Commerce Root (9/30/2037 4:13:44 PM) Chambersign Global Root (9/30/2037 4:14:18 PM) Chambersign Public Notary Root (9/30/2037 4:14:49 PM) Chunghwa Telecom Co. Ltd. (12/20/2034 2:31:27 AM) Cisco Systems (5/14/2029 8:25:42 PM) CNNIC Root (4/16/2027 7:09:14 AM) Common Policy (10/15/2027 4:08:00 PM) COMODO (12/31/2028 11:59:59 PM) COMODO (1/18/2038 11:59:59 PM) COMODO (12/31/2029 11:59:59 PM) ComSign Advanced Security CA (3/24/2029 9:55:55 PM) ComSign CA (3/19/2029 3:02:18 PM) ComSign Secured CA (3/16/2029 3:04:56 PM) Correo Uruguayo - Root CA (12/31/2030 2:59:59 AM) Cybertrust Global Root (12/15/2021 8:00:00 AM) DanID (2/11/2037 9:09:30 AM) DanID (4/5/2021 5:03:17 PM) Deutsche Telekom Root CA 2 (7/9/2019 11:59:00 PM) DigiCert (11/10/2031 12:00:00 AM) DigiCert (11/10/2031 12:00:00 AM) DigiCert (11/10/2031 12:00:00 AM) DigiNotar Root CA (3/31/2025 6:19:21 PM) DIRECCION GENERAL DE LA POLICIA (2/8/2036 10:59:59 PM) DST (ABA.ECOM) CA (7/9/2009 5:33:53 PM) DST (ANX Network) CA (12/9/2018 4:16:48 PM) DST (Baltimore EZ) CA (7/3/2009 7:56:53 PM) DST (National Retail Federation) RootCA (12/8/2008 4:14:16 PM) DST (United Parcel Service) RootCA (12/7/2008 12:25:46 AM) DST ACES CA X6 (11/20/2017 9:19:58 PM) DST Root CA X3 (9/30/2021 2:01:15 PM) DST RootCA X1 (11/28/2008 6:18:55 PM) DST RootCA X2 (11/27/2008 10:46:16 PM) DSTCA E1 (12/10/2018 6:40:23 PM) DSTCA E2 (12/9/2018 7:47:26 PM) DST-Entrust GTI CA (12/9/2018 12:32:24 AM) D-TRUST GmbH (5/16/2022 5:20:47 AM) D-TRUST GmbH (6/8/2012 11:47:46 AM) D-TRUST GmbH (5/16/2022 5:20:47 AM) EBG Elektronik Sertifika Hizmet Saglayicisi (8/14/2016 12:31:09 AM) E-Certchile (9/5/2028 7:39:41 PM) Echoworx Root CA2 (10/7/2030 10:49:13 AM) ECRaizEstado (6/23/2030 1:41:27 PM) EDICOM (4/13/2028 4:24:22 PM) E-GÜVEN Elektronik Sertifika Hizmet Saglayicisi (1/4/2017 11:32:48 AM) E-ME SSI (RCA) (5/19/2027 8:48:15 AM) Entrust (11/27/2026 8:53:42 PM) Entrust (5/25/2019 4:39:40 PM) Entrust.net (12/7/2030 5:55:54 PM) Equifax Secure eBusiness CA-1 (6/21/2020 4:00:00 AM) Equifax Secure eBusiness CA-2 (6/23/2019 12:14:45 PM) Equifax Secure Global eBusiness CA-1 (6/21/2020 4:00:00 AM) eSign Australia: eSign Imperito Primary Root CA (5/23/2012 11:59:59 PM) eSign Australia: Gatekeeper Root CA (5/23/2014 11:59:59 PM) eSign Australia: Primary Utility Root CA (5/23/2012 11:59:59 PM) Fabrica Nacional de Moneda y Timbre (3/18/2019 3:26:19 PM) GeoTrust (8/22/2018 4:41:51 PM) GeoTrust (7/16/2036 11:59:59 PM) GeoTrust Global CA (5/21/2022 4:00:00 AM) GeoTrust Global CA 2 (3/4/2019 5:00:00 AM) GeoTrust Primary Certification Authority - G2 (1/18/2038 11:59:59 PM) GeoTrust Primary Certification Authority - G3 (12/1/2037 11:59:59 PM) GeoTrust Universal CA (3/4/2029 5:00:00 AM) GeoTrust Universal CA 2 (3/4/2029 5:00:00 AM) Global Chambersign Root - 2008 (7/31/2038 12:31:40 PM) GlobalSign (1/28/2028 12:00:00 PM) GlobalSign (12/15/2021 8:00:00 AM) Go Daddy Class 2 Certification Authority (6/29/2034 5:06:20 PM) GTE CyberTrust Global Root (8/13/2018 11:59:00 PM) GTE CyberTrust Root (4/3/2004 11:59:00 PM) GTE CyberTrust Root (2/23/2006 11:59:00 PM) Halcom CA FO (6/5/2020 10:33:31 AM) Halcom CA PO 2 (2/7/2019 6:33:31 PM) Hongkong Post Root CA (1/16/2010 11:59:00 PM) Hongkong Post Root CA 1 (5/15/2023 4:52:29 AM) I.CA První certifikacní autorita a.s. (4/1/2018 12:00:00 AM) I.CA První certifikacní autorita a.s. (4/1/2018 12:00:00 AM) InfoNotary (3/6/2026 5:33:05 PM) IPS SERVIDORES (12/29/2009 11:21:07 PM) IZENPE S.A. (1/30/2018 11:00:00 PM) Izenpe.com (12/13/2037 8:27:25 AM) Japan Certification Services, Inc. SecureSign RootCA1 (9/15/2020 2:59:59 PM) Japan Certification Services, Inc. SecureSign RootCA11 (4/8/2029 4:56:47 AM) Japan Certification Services, Inc. SecureSign RootCA2 (9/15/2020 2:59:59 PM) Japan Certification Services, Inc. SecureSign RootCA3 (9/15/2020 2:59:59 PM) Japan Local Government PKI Application CA (3/31/2016 2:59:59 PM) Japanese Government ApplicationCA (12/12/2017 3:00:00 PM) Juur-SK AS Sertifitseerimiskeskus (8/26/2016 2:23:01 PM) KamuSM (8/21/2017 11:37:07 AM) KISA RootCA 1 (8/24/2025 8:05:46 AM) KISA RootCA 3 (11/19/2014 6:39:51 AM) Macao Post eSignTrust (1/29/2013 11:59:59 PM) MicroSec e-Szigno Root CA (4/6/2017 12:28:44 PM) Microsoft Authenticode(tm) Root (12/31/1999 11:59:59 PM) Microsoft Root Authority (12/31/2020 7:00:00 AM) Microsoft Root Certificate Authority (5/9/2021 11:28:13 PM) Microsoft Timestamp Root (12/30/1999 11:59:59 PM) MOGAHA Govt of Korea (4/21/2012 9:07:23 AM) MOGAHA Govt of Korea GPKI (3/15/2017 6:00:04 AM) NetLock Arany (Class Gold) Fotanúsítvány (12/6/2028 3:08:21 PM) NetLock Expressz (Class C) Tanusitvanykiado (2/20/2019 2:08:11 PM) NetLock Kozjegyzoi (Class A) Tanusitvanykiado (2/19/2019 11:14:47 PM) NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado (12/15/2022 1:47:11 AM) NetLock Platina (Class Platinum) Fotanúsítvány (12/6/2028 3:12:44 PM) NetLock Uzleti (Class B) Tanusitvanykiado (2/20/2019 2:10:22 PM) Netrust CA1 (3/30/2021 2:57:45 AM) Network Solutions (12/31/2029 11:59:59 PM) NLB Nova Ljubljanska Banka d.d. Ljubljana (5/15/2023 12:22:45 PM) OISTE WISeKey Global Root GA CA (12/11/2037 4:09:51 PM) Post.Trust Root CA (7/5/2022 9:12:33 AM) Post.Trust Root CA (8/20/2010 1:56:21 PM) Posta CA Root (10/20/2028 12:52:08 PM) POSTarCA (2/7/2023 11:06:58 AM) QuoVadis Root CA 2 (11/24/2031 6:23:33 PM) QuoVadis Root CA 3 (11/24/2031 7:06:44 PM) QuoVadis Root Certification Authority (3/17/2021 6:33:33 PM) Root CA Generalitat Valenciana (7/1/2021 3:22:47 PM) RSA Security 2048 V3 (2/22/2026 8:39:23 PM) SECOM Trust Systems CO LTD (6/6/2037 2:12:32 AM) SECOM Trust Systems CO LTD (6/25/2019 10:23:48 PM) SECOM Trust Systems CO LTD (9/30/2023 4:20:49 AM) Secretaria de Economia Mexico (5/8/2025 12:00:00 AM) Secrétariat Général de la Défense Nationale (10/17/2020 2:29:22 PM) SecureNet CA Class B (10/16/2009 9:59:00 AM) Serasa Certificate Authority I (11/21/2024 2:12:45 PM) Serasa Certificate Authority II (11/21/2024 12:44:48 PM) Serasa Certificate Authority III (11/21/2024 1:24:14 PM) SERVICIOS DE CERTIFICACION - A.N.C. (3/9/2009 9:08:07 PM) Sigen-CA (6/29/2021 9:57:46 PM) Sigov-CA (1/10/2021 2:22:52 PM) Skaitmeninio sertifikavimo centras (12/28/2026 12:05:04 PM) Skaitmeninio sertifikavimo centras (12/25/2026 12:08:26 PM) Skaitmeninio sertifikavimo centras (12/22/2026 12:11:30 PM) Sonera Class1 CA (4/6/2021 10:49:13 AM) Sonera Class2 CA (4/6/2021 7:29:40 AM) Spanish Property & Commerce Registry CA (4/27/2012 9:39:50 AM) Staat der Nederlanden Root CA (12/16/2015 9:15:38 AM) Staat der Nederlanden Root CA - G2 (3/25/2020 11:03:10 AM) Starfield Class 2 Certification Authority (6/29/2034 5:39:16 PM) Starfield Technologies (6/26/2019 12:19:54 AM) Starfield Technologies Inc. (12/31/2029 11:59:59 PM) StartCom Certification Authority (9/17/2036 7:46:36 PM) S-TRUST Authentication and Encryption Root CA 2005:PN (6/21/2030 11:59:59 PM) Swisscom Root CA 1 (8/18/2025 10:06:20 PM) SwissSign (10/25/2036 8:30:35 AM) SwissSign Platinum G2 Root CA (10/25/2036 8:36:00 AM) SwissSign Silver G2 Root CA (10/25/2036 8:32:46 AM) TC TrustCenter Class 1 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 2 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 2 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Class 3 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 3 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Class 4 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 4 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Time Stamping CA (1/1/2011 11:59:59 AM) TC TrustCenter Universal CA I (12/31/2025 10:59:59 PM) TC TrustCenter Universal CA II (12/31/2030 10:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (7/16/2036 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte Primary Root CA - G2 (1/18/2038 11:59:59 PM) thawte Primary Root CA - G3 (12/1/2037 11:59:59 PM) Thawte Timestamping CA (12/31/2020 11:59:59 PM) Trustis EVS Root CA (1/9/2027 11:56:00 AM) Trustis FPS Root CA (1/21/2024 11:36:54 AM) Trustwave (1/1/2035 5:37:19 AM) Trustwave (12/31/2029 7:40:55 PM) Trustwave (12/31/2029 7:52:06 PM) TURKTRUST Elektronik Islem Hizmetleri (9/16/2015 12:13:05 PM) TURKTRUST Elektronik Islem Hizmetleri (3/22/2015 10:04:51 AM) TURKTRUST Elektronik Sertifika Hizmet Saglayicisi (9/16/2015 10:07:57 AM) TURKTRUST Elektronik Sertifika Hizmet Saglayicisi (3/22/2015 10:27:17 AM) TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi (12/22/2017 6:37:19 PM) TW Government Root Certification Authority (12/5/2032 1:23:33 PM) TWCA Root Certification Authority 1 (12/31/2030 3:59:59 PM) TWCA Root Certification Authority 2 (12/31/2030 3:59:59 PM) U.S. Government FBCA (10/6/2010 6:53:56 PM) UCA Global Root (12/31/2037 12:00:00 AM) UCA Root (12/31/2029 12:00:00 AM) USERTrust (7/9/2019 6:40:36 PM) USERTrust (7/9/2019 5:36:58 PM) USERTrust (6/24/2019 7:06:30 PM) USERTrust (7/9/2019 6:19:22 PM) USERTrust (5/30/2020 10:48:38 AM) UTN - USERFirst-Network Applications (7/9/2019 6:57:49 PM) ValiCert Class 3 Policy Validation Authority (6/26/2019 12:22:33 AM) VAS Latvijas Pasts SSI(RCA) (9/13/2024 9:27:57 AM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (12/31/1999 9:37:48 AM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (1/7/2020 11:59:59 PM) VeriSign (12/31/1999 9:35:58 AM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (1/7/2010 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign Class 3 Public Primary CA (8/1/2028 11:59:59 PM) VeriSign Class 3 Public Primary Certification Authority - G4 (1/18/2038 11:59:59 PM) VeriSign Time Stamping CA (1/7/2004 11:59:59 PM) VeriSign Universal Root Certification Authority (12/1/2037 11:59:59 PM) Visa eCommerce Root (6/24/2022 12:16:12 AM) Visa Information Delivery Root CA (6/29/2025 5:42:42 PM) VRK Gov. Root CA (12/18/2023 1:51:08 PM) Wells Fargo Root Certificate Authority (1/14/2021 4:41:28 PM) WellsSecure Public Certificate Authority (12/14/2022 12:07:54 AM) Xcert EZ by DST (7/11/2009 4:14:18 PM)

    Read the article

  • EV SSL Certificates - does anyone care?

    - by pygorex1
    Is any one aware of any data or studies from an impartial source that show the impact of EV SSL certificates on customer behavior? I've been unable to find any such studies. If an EV SSL certificate increases sales on a web store front by even a few points, I can see the value. Aside from data targeted at EV SSL it may be possible to guess at customer behavior based on user interaction with regular SSL certificates. Are users even aware of SSL security? Does regular SSL have any proven effect on web store front sales? Note, that I'm not asking about the necessity of good encryption - I'm asking about a potential customer's perception of security & trust.

    Read the article

  • Open-source and client-side IRC-Client

    - by user125197
    I'm administrating a homepage with an IRC-Webclient. At the moment, it uses a Java-client, modified to be SSL-compatible and compatible with whatever design I want to use. The usual PJIRC thing, with users wishes and concerns implemented (I'll give you SSL-PJIRC if you want - no problem. The login-script will be improved for IE6-support this weekend, means write the object tag if an old IE is found, that's it. Rest runs perfectly well). But still, the better user experience would be a client that only requires the user to enable JavaScript. So, before I go into rewriting and customizing a complete Java-IRC-solution, I'd like to ask some other people - after researching for half a year of time. The requirements are: a) Free hosting, no cgi-bin is acceptable. A lot of hosters also have CGI supported, but it doesn't allow IRC-access. So, seems you are limited to x10-hosting for CGI:IRC. b) Solution must be open source (not free as in free beer, but free as in free speech - I want to be able to read every line of the code). c) Hosting cannot be limited to Windows-hosting. Free operation systems (anything with Linux, BSD, whatever - I think you get what I mean) must be possible. d) No server-side technology. I'm limited to everything that runs client-side only. (Well, a Java-Applet does...). d) Solution must support SSL. e) The side must be able to move. Means, you register to a new free hoster, load your things up via FileZilla and the thing simply runs. No server-concerning implementations needed. f) Old browsers must be supported. From all my research, there are two ways a) Java-Applet b) Use HTML5-Websockets (it is impossible to use the JavaScript-library I found, as it depends on ActiveX - means, Windows hosting). b) means "you are going to enter very unstable content". I worked with HTML5 for month, and, well ... Though, HTML5 also is not suitable for older browsers (old browser support is an absolutely necessary requirement). PHP by the way is a server side solution ... so no line of PHP. My idea now was a Java Applet, and a fallback which again is embedded and proprietary, but only requieres JavaScript (wsirc or Mibbit are great here, whilst I prefer wsirc ... and zooming fonts that are plainly to small, but worse, cannot read the code). So my question is - with free hosting, not installation on server, plain upload - do you see and open source, complelety client-side, ssl-compatible way to use or write a client? This wouldn't be my first programming project, I'm not afraid of the code. If there was a way and I had to write it, even from scratch, I'd do. From all I know, there sadly is none. But maybe some experienced admin has an idea? Best Wishes, yetanotheruser Sry my English isn't perfect. It's enough for programming at least.

    Read the article

  • Internal Server Error with mod_wsgi [django] on windows xp

    - by sacabuche
    when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order allow,deny Allow from all </Directory> Alias /codevents/media C:/django/projects/CODEvents/html <Directory "C:/django/projects/CODEvents/html"> Order allow,deny Allow from all </Directory> in CODEvents.wsgi import os, sys sys.path.append('C:\\Python26\\Lib\\site-packages\\django') sys.path.append('C:\\django\\projects') sys.path.append('C:\\django\\apps') sys.path.append('C:\\django\\projects\\CODEvents') os.environ['DJANGO_SETTINGS_MODULE'] = 'CODEvents.settings' import django.core.handlers.wsgi application = django.core.handlers.wsgi.WSGIHandler() and in my error_log it said: [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] mod_wsgi (pid=1848): Exception occurred processing WSGI script 'C:/django/apache/CODEvents.wsgi'. [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Traceback (most recent call last): [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\wsgi.py", line 241, in __call__ [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] response = self.get_response(request) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\base.py", line 142, in get_response [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.handle_uncaught_exception(request, resolver, exc_info) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\base.py", line 166, in handle_uncaught_exception [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return debug.technical_500_response(request, *exc_info) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\views\\debug.py", line 58, in technical_500_response [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] html = reporter.get_traceback_html() [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\views\\debug.py", line 137, in get_traceback_html [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return t.render(c) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 173, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self._render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 167, in _render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.nodelist.render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 796, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] bits.append(self.render_node(node, context)) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\debug.py", line 72, in render_node [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] result = node.render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\debug.py", line 89, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] output = self.filter_expression.resolve(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 579, in resolve [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] new_obj = func(obj, *arg_vals) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\defaultfilters.py", line 693, in date [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return format(value, arg) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 281, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return df.format(format_string) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 30, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] pieces.append(force_unicode(getattr(self, piece)())) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 187, in r [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.format('D, j M Y H:i:s O') [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 30, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] pieces.append(force_unicode(getattr(self, piece)())) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\encoding.py", line 66, in force_unicode [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] s = unicode(s) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\functional.py", line 206, in __unicode_cast [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.__func(*self.__args, **self.__kw) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\__init__.py", line 55, in ugettext [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return real_ugettext(message) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\functional.py", line 55, in _curried [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return _curried_func(*(args+moreargs), **dict(kwargs, **morekwargs)) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\__init__.py", line 36, in delayed_loader [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return getattr(trans, real_name)(*args, **kwargs) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 276, in ugettext [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return do_translate(message, 'ugettext') [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 266, in do_translate [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] _default = translation(settings.LANGUAGE_CODE) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 176, in translation [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] default_translation = _fetch(settings.LANGUAGE_CODE) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 159, in _fetch [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] app = import_module(appname) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\importlib.py", line 35, in import_module [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] __import__(name) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\contrib\\admin\\__init__.py", line 1, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\contrib\\admin\\helpers.py", line 1, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django import forms [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\forms\\__init__.py", line 17, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from models import * [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\forms\\models.py", line 6, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django.db import connections [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\__init__.py", line 75, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] connection = connections[DEFAULT_DB_ALIAS] [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\utils.py", line 91, in __getitem__ [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] backend = load_backend(db['ENGINE']) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\utils.py", line 49, in load_backend [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] raise ImproperlyConfigured(error_msg) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] TemplateSyntaxError: Caught ImproperlyConfigured while rendering: 'django.db.backends.postgresql_psycopg2' isn't an available database backend. [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Try using django.db.backends.XXX, where XXX is one of: [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] 'dummy', 'mysql', 'oracle', 'postgresql', 'postgresql_psycopg2', 'sqlite3' [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Error was: cannot import name utils please help me!!

    Read the article

  • Internal Server Error with mod_wgsi [django] on windows xp

    - by sacabuche
    when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order allow,deny Allow from all </Directory> Alias /codevents/media C:/django/projects/CODEvents/html <Directory "C:/django/projects/CODEvents/html"> Order allow,deny Allow from all </Directory> in CODEvents.wsgi import os, sys sys.path.append('C:\\Python26\\Lib\\site-packages\\django') sys.path.append('C:\\django\\projects') sys.path.append('C:\\django\\apps') sys.path.append('C:\\django\\projects\\CODEvents') os.environ['DJANGO_SETTINGS_MODULE'] = 'CODEvents.settings' import django.core.handlers.wsgi application = django.core.handlers.wsgi.WSGIHandler() and in my error_log it said: [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] mod_wsgi (pid=1848): Exception occurred processing WSGI script 'C:/django/apache/CODEvents.wsgi'. [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Traceback (most recent call last): [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\wsgi.py", line 241, in __call__ [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] response = self.get_response(request) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\base.py", line 142, in get_response [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.handle_uncaught_exception(request, resolver, exc_info) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\core\\handlers\\base.py", line 166, in handle_uncaught_exception [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return debug.technical_500_response(request, *exc_info) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\views\\debug.py", line 58, in technical_500_response [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] html = reporter.get_traceback_html() [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\views\\debug.py", line 137, in get_traceback_html [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return t.render(c) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 173, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self._render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 167, in _render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.nodelist.render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 796, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] bits.append(self.render_node(node, context)) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\debug.py", line 72, in render_node [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] result = node.render(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\debug.py", line 89, in render [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] output = self.filter_expression.resolve(context) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\__init__.py", line 579, in resolve [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] new_obj = func(obj, *arg_vals) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\template\\defaultfilters.py", line 693, in date [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return format(value, arg) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 281, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return df.format(format_string) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 30, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] pieces.append(force_unicode(getattr(self, piece)())) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 187, in r [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.format('D, j M Y H:i:s O') [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\dateformat.py", line 30, in format [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] pieces.append(force_unicode(getattr(self, piece)())) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\encoding.py", line 66, in force_unicode [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] s = unicode(s) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\functional.py", line 206, in __unicode_cast [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return self.__func(*self.__args, **self.__kw) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\__init__.py", line 55, in ugettext [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return real_ugettext(message) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\functional.py", line 55, in _curried [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return _curried_func(*(args+moreargs), **dict(kwargs, **morekwargs)) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\__init__.py", line 36, in delayed_loader [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return getattr(trans, real_name)(*args, **kwargs) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 276, in ugettext [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] return do_translate(message, 'ugettext') [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 266, in do_translate [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] _default = translation(settings.LANGUAGE_CODE) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 176, in translation [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] default_translation = _fetch(settings.LANGUAGE_CODE) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\translation\\trans_real.py", line 159, in _fetch [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] app = import_module(appname) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\utils\\importlib.py", line 35, in import_module [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] __import__(name) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\contrib\\admin\\__init__.py", line 1, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\contrib\\admin\\helpers.py", line 1, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django import forms [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\forms\\__init__.py", line 17, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from models import * [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\forms\\models.py", line 6, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] from django.db import connections [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\__init__.py", line 75, in <module> [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] connection = connections[DEFAULT_DB_ALIAS] [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\utils.py", line 91, in __getitem__ [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] backend = load_backend(db['ENGINE']) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] File "C:\\Python26\\lib\\site-packages\\django\\db\\utils.py", line 49, in load_backend [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] raise ImproperlyConfigured(error_msg) [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] TemplateSyntaxError: Caught ImproperlyConfigured while rendering: 'django.db.backends.postgresql_psycopg2' isn't an available database backend. [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Try using django.db.backends.XXX, where XXX is one of: [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] 'dummy', 'mysql', 'oracle', 'postgresql', 'postgresql_psycopg2', 'sqlite3' [Mon May 24 23:31:39 2010] [error] [client 127.0.0.1] Error was: cannot import name utils please help me!!

    Read the article

  • Standards Corner: OAuth WG Client Registration Problem

    - by Tanu Sood
    Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id? An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?At present, the OAuth Working Group has two proposals two consider: Dynamic RegistrationDynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?Well, the answer is that some of us had some concerns, namely: Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change? Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions? Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities. Client Association A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to). Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood. Dynamic Take II At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements. Conclusion The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.And that folks is how the sausage is made.Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} About the Writer: Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at www.independentid.com and a Twitter handle of @independentid.

    Read the article

  • DDD and Client/Server apps

    - by Christophe Herreman
    I was wondering if any of you had successfully implemented DDD in a Client/Server app and would like to share some experiences. We are currently working on a smart client in Flex and a backend in Java. On the server we have a service layer exposed to the client that offers CRUD operations amongst some other service methods. I understand that in DDD these services should be repositories and services should be used to handle use cases that do not fit inside a repository. Right now, we mimic these services on the client behind an interface and inject implementations (Webservices, RMI, etc) via an IoC container. So some questions arise: should the server expose repositories to the client or do we need to have some sort of a facade (that is able to handle security for instance) should the client implement repositories (and DDD in general?) knowing that in the client, most of the logic is view related and real business logic lives on the server. All communication with the server happens asynchronously and we have a single threaded programming model on the client. how about mapping client to server objects and vice versa? We tried DTO's but reverted back to exposing the state of our objects and mapping directly to them. I know this is considered bad practice, but it saves us an incredible amount of time) In general I think a new generation of applications is coming with the growth of Flex, Silverlight, JavaFX and I'm curious how DDD fits into this.

    Read the article

  • Thin client - cloud machine - to run via iPad, iPhone, most Androids etc

    - by Carl Lindberg
    I'm tired of having a laptop macbook that breaks down or having files that I need to sync via dropbox etc all the time via the machines to different OS installations. It sucks. I want a thin client where I can login on any machine - my iPhone, PC desktop, iPad etc to one running machine. I would like to replace a modernly powerful desktop iMac with a thin client running via my iPad. I will connect the iPad with a keyboard/mouse too so you get the idea. But I want to be able to use some of the Android phones as well (I guess most Android phones today has a good enough performance/resolution etc to run a thin client). Of course it has to be able to have input/output in sound. Printing can be solved by PDF/emailing etc - so no direct communication to the printer ports to USB etc is necessary. Is there such a service today? It should cost somewhere under something like $40/ month. I will run stuff like CPU heavy duty ableton for music production, xCode for making iOS apps, some games etc. And on the thin client also run virtual machines. VM of Ubuntu and Windows.

    Read the article

  • How to end a relationship with a client without pissing them off?

    - by thesam18888
    Here's my situation: I'm a freelancing student and I was working on a software project for a client over the summer holidays of 2010. At the time I completed the application, tested it on my machine, delivered it to the client and went back to University. However the client is not completely satisfied with the product and apparently has found a couple of bugs with it. Ever since I went back to Uni, they have been chasing me up and asking me to spend some time to fix the bugs. I have explained that this is simply not possible as I am extremely busy with my Uni work and cannot afford to spare my time for anything else. The client is getting increasingly pissed off and have been chasing me by calling during lectures at evenings and even asking me if I could go over to their place over the weekend to talk about this. This is in turn pissing me off as well because they're essentially asking me to give up my education so that I could help them out by fixing bugs. I go to Uni 5 days a week, 9-6 and feel it is unreasonable for them to call me during evenings and to ask me to work over weekends etc. I would like to end my relationship with this client but would like to do it amicably without pissing them off. How can I do this? I really wish they would just find someone else but I was charging them piss-poor rates so I think they don't want to go to anyone else because they would have to pay more. EDIT The application does not seem to work perfectly on their machine. I had tested it extensively on my machine and it seemed to work fine. I am not sure what exactly is causing it to not work. I was paid a very low amount and it was on an hourly basis. e.g. I would send an invoice saying I worked on this for x amount of hours and they would pay me for it. Apart from the work itself, I have not charged them for all the time spent sending e-mails back and forth, phone calls, visits to their place etc. I would really like to end all my dealings with this client right away.

    Read the article

  • How important is using the same language for client and server?

    - by Makita
    I have been evaluating architecture solutions for a mobile project that will have a web-service/app in addition to native apps and have been looking at various libraries, frameworks, and stacks like Meteor, this being a sort of "open stack package framework", is tightly bound with Node.js. There is a lot of talk about the benefits of using the same language both client and server side, and I'm not getting it. I could understand if you want to mirror the entire state of a web application on both client and server but struggling to find other wins... Workflow efficiency? I'm trying to understand why client/server language parity is considered to be a holy grail. Why does client/server language parity matter in software development?

    Read the article

  • How to convince a non-technical client that their application spec needs to be simplified?

    - by Ryan
    Often times I am faced with the situation where a new client comes to me with an application that has literally 100s of unnecessary features and it is quite clear that things need to be drastically simplified for the project to have any chance of succeeding. How do you convince the client to take a more MVP approach and simplify? edit: So the current top answer is to provide the client with a time/cost estimate for the huge application. I'm not too fond of this answer because it doesn't address the real problem with this situation. And that is - it's a bad practice to spec out a massive application and then try and build it from the get go. I feel much more comfortable initially building a small, simple MVP foundation. And then adding small features to that foundation one by one. So how do I convince the client to approach building software in this way?

    Read the article

  • Nginx and client certificates from hierarchical OpenSSL-based certification authorities

    - by Fmy Oen
    I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results in "400 Bad Request. The SSL certificate error". Step 1: nginx virtual host configuration: server { server_name test.local; access_log /var/log/nginx/test.access.log; listen 443 default ssl; keepalive_timeout 70; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/ssl/client.pem; ssl_verify_client on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; location / { proxy_pass http://testsite.local/; } } Step 2: PKI infrastructure organization for both root and subordinate CA (based on this article): # mkdir ~/pki && cd ~/pki # mkdir rootCA subCA # cp -v /etc/ssl/openssl.cnf rootCA/ # cd rootCA/ # mkdir certs private crl newcerts; touch serial; echo 01 > serial; touch index.txt; touch crlnumber; echo 01 > crlnumber # cp -Rvp * ../subCA/ Almost no changes was made to rootCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/rootca.crt # The CA certificate ... private_key = $dir/private/rootca.key # The private key and to subCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/subca.crt # The CA certificate ... private_key = $dir/private/subca.key # The private key Step 3: Self-signed root CA certificate generation: # openssl genrsa -out ./private/rootca.key -des3 2048 # openssl req -x509 -new -key ./private/rootca.key -out certs/rootca.crt -config openssl.cnf Enter pass phrase for ./private/rootca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:rootca Email Address []: Step 4: Subordinate CA certificate generation: # cd ../subCA # openssl genrsa -out ./private/subca.key -des3 2048 # openssl req -new -key ./private/subca.key -out subca.csr -config openssl.cnf Enter pass phrase for ./private/subca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:subca Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Step 5: Subordinate CA certificate signing by root CA certificate: # cd ../rootCA/ # openssl ca -in ../subCA/subca.csr -extensions v3_ca -config openssl.cnf Using configuration from openssl.cnf Enter pass phrase for ./private/rootca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Feb 4 10:49:43 2013 GMT Not After : Feb 4 10:49:43 2014 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName = subca X509v3 extensions: X509v3 Subject Key Identifier: C9:E2:AC:31:53:81:86:3F:CD:F8:3D:47:10:FC:E5:8E:C2:DA:A9:20 X509v3 Authority Key Identifier: keyid:E9:50:E6:BF:57:03:EA:6E:8F:21:23:86:BB:44:3D:9F:8F:4A:8B:F2 DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca serial:9F:FB:56:66:8D:D3:8F:11 X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Feb 4 10:49:43 2014 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y ... # cd ../subCA/ # cp -v ../rootCA/newcerts/01.pem certs/subca.crt Step 6: Server certificate generation and signing by root CA (for nginx virtual host): # cd ../rootCA # openssl genrsa -out ./private/server.key -des3 2048 # openssl req -new -key ./private/server.key -out server.csr -config openssl.cnf Enter pass phrase for ./private/server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:test.local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in server.csr -out certs/server.crt -config openssl.cnf Step 7: Client #1 certificate generation and signing by root CA: # openssl genrsa -out ./private/client1.key -des3 2048 # openssl req -new -key ./private/client1.key -out client1.csr -config openssl.cnf Enter pass phrase for ./private/client1.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #1 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client1.csr -out certs/client1.crt -config openssl.cnf Step 8: Client #1 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client1.p12 -inkey private/client1.key -in certs/client1.crt -certfile certs/rootca.crt Step 9: Client #2 certificate generation and signing by subordinate CA: # cd ../subCA/ # openssl genrsa -out ./private/client2.key -des3 2048 # openssl req -new -key ./private/client2.key -out client2.csr -config openssl.cnf Enter pass phrase for ./private/client2.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #2 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client2.csr -out certs/client2.crt -config openssl.cnf Step 10: Client #2 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client2.p12 -inkey private/client2.key -in certs/client2.crt -certfile certs/subca.crt Step 11: Passing server certificate and private key to nginx (performed with OS superuser privileges): # cd ../rootCA/ # cp -v certs/server.crt /etc/nginx/ssl/ # cp -v private/server.key /etc/nginx/ssl/ Step 12: Passing root and subordinate CA certificates to nginx (performed with OS superuser privileges): # cat certs/rootca.crt > /etc/nginx/ssl/client.pem # cat ../subCA/certs/subca.crt >> /etc/nginx/ssl/client.pem client.pem file look like this: # cat /etc/nginx/ssl/client.pem -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) ... -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTA0OTQzWhcNMTQwMjA0 ... -----END CERTIFICATE----- It looks like everything is working fine: # service nginx reload # Reloading nginx configuration: Enter PEM pass phrase: # nginx. # Step 13: Installing *.p12 certificates in browser (Firefox in my case) gives the problem I've mentioned above. Client #1 = 200 OK, Client #2 = 400 Bad request/The SSL certificate error. Any ideas what should I do? Update 1: Results of SSL connection test attempts: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/rootCA/certs/client1.crt -key ~/pki/rootCA/private/client1.key -showcerts Enter pass phrase for tmp/testcert/client1.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTEwNjAzWhcNMTQwMjA0 ... -----END CERTIFICATE----- 1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- --- Server certificate subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca --- Acceptable client certificate CA names /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca --- SSL handshake has read 3395 bytes and written 2779 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 15BFC2029691262542FAE95A48078305E76EEE7D586400F8C4F7C516B0F9D967 Session-ID-ctx: Master-Key: 23246CF166E8F3900793F0A2561879E5DB07291F32E99591BA1CF53E6229491FEAE6858BFC9AACAF271D9C3706F139C7 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - c2 5e 1d d2 b5 6d 40 23-b2 40 89 e4 35 75 70 07 .^...m@#[email protected]. 0010 - 1b bb 2b e6 e0 b5 ab 10-10 bf 46 6e aa 67 7f 58 ..+.......Fn.g.X 0020 - cf 0e 65 a4 67 5a 15 ba-aa 93 4e dd 3d 6e 73 4c ..e.gZ....N.=nsL 0030 - c5 56 f6 06 24 0f 48 e6-38 36 de f1 b5 31 c5 86 .V..$.H.86...1.. ... 0440 - 4c 53 39 e3 92 84 d2 d0-e5 e2 f5 8a 6a a8 86 b1 LS9.........j... Compression: 1 (zlib compression) Start Time: 1359989684 Timeout : 300 (sec) Verify return code: 0 (ok) --- Everything seems fine with Client #2 and root CA certificate but request returns 400 Bad Request error: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 ... Compression: 1 (zlib compression) Start Time: 1359989989 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request Server: nginx/0.7.67 Date: Mon, 04 Feb 2013 15:00:43 GMT Content-Type: text/html Content-Length: 231 Connection: close <html> <head><title>400 The SSL certificate error</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The SSL certificate error</center> <hr><center>nginx/0.7.67</center> </body> </html> closed Verification fails with Client #2 certificate and subordinate CA certificate: # openssl s_client -connect test.local:443 -CAfile ~/pki/subCA/certs/subca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify error:num=19:self signed certificate in certificate chain verify return:0 ... Compression: 1 (zlib compression) Start Time: 1359990354 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Still getting 400 Bad Request error with concatenated CA certificates and Client #2 (but still everything ok with Client #1): # cat certs/rootca.crt ../subCA/certs/subca.crt > certs/concatenatedca.crt # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/concatenatedca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- ... Compression: 1 (zlib compression) Start Time: 1359990772 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Update 2: I've managed to recompile nginx with enabled debug. Here is the part of successfull conection by Client #1 track: 2013/02/05 14:08:23 [debug] 38701#0: *119 accept: <MY IP ADDRESS> fd:3 2013/02/05 14:08:23 [debug] 38701#0: *119 event timer add: 3: 60000:2856497512 2013/02/05 14:08:23 [debug] 38701#0: *119 kevent set event: 3: ft:-1 fl:0025 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28805200:660 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28834400:1024 2013/02/05 14:08:23 [debug] 38701#0: *119 posix_memalign: 28860000:4096 @16 2013/02/05 14:08:23 [debug] 38701#0: *119 http check ssl handshake 2013/02/05 14:08:23 [debug] 38701#0: *119 https ssl handshake: 0x16 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL server name: "test.local" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL handshake handler: 0 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:1, subject:"/C=AU /ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #1",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 524 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http request line: "GET / HTTP/1.1" And here is the part of unsuccessfull conection by Client #2 track: 2013/02/05 13:51:34 [debug] 38701#0: *112 accept: <MY_IP_ADDRESS> fd:3 2013/02/05 13:51:34 [debug] 38701#0: *112 event timer add: 3: 60000:2855488975 2013/02/05 13:51:34 [debug] 38701#0: *112 kevent set event: 3: ft:-1 fl:0025 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28805200:660 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28834400:1024 2013/02/05 13:51:34 [debug] 38701#0: *112 posix_memalign: 28860000:4096 @16 2013/02/05 13:51:34 [debug] 38701#0: *112 http check ssl handshake 2013/02/05 13:51:34 [debug] 38701#0: *112 https ssl handshake: 0x16 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL server name: "test.local" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:20, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:27, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:1, error:27, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #2",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 13:51:34 [debug] 38701#0: *112 http process request line 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 524 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 http request line: "GET / HTTP/1.1" So I'm getting OpenSSL error #20 and then #27. According to verify documentation: 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted the root CA is not marked as trusted for the specified purpose.

    Read the article

  • OpenVPN - Ubuntu 10.04 - Client Can't Connect to Server - Linux Route Add Command Failed

    - by nicorellius
    I suppose this could be asked on Server Fault as well, but it is specific to the client so I thought I'd start here. I have keys for access to an OpenVPN server already in place. I have used these keys to connect already, but using a Windows XP machine. On a Ubuntu machine, I installed OpenVPN and then configured client.conf file so that I could run: sudo openvpn --config client.conf And it seems correct but I still can't connect and get these errors and lines of output: Mon May 31 14:34:57 2010 ERROR: Linux route add command failed: external program exited with error status: 7 Mon May 31 14:34:57 2010 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.17 SIOCADDRT: File exists Mon May 31 14:34:57 2010 ERROR: Linux route add command failed: external program exited with error status: 7 Mon May 31 14:34:57 2010 Initialization Sequence Completed I searched the net for forums and ideas and tried some file moving and renaming but still ended up in the same place.

    Read the article

  • SysAdmin Career Question: Internal or Client Based

    - by Malnizzle
    ServerFault Community, It seems there are two positions SysAdmins find themselves in, either you are working for a non-IT services based single client (your employer) and providing in-house IT support or you work for a company who provides out sourced IT services to multiple clients. Right now I work for a company who does the latter, and I often consider how nice it would be doing the in-house side of things, to just have one network I am focused on and instead of feeling like I have a dozen bosses between clients and internal management, I would just have one set of management and people to appease. There is also the technical aspect of every client wanting something different, and having to manage numerous different technology platforms, or trying to force clients into using the technologies we prefer, neither situation is enjoyable. Is this just "the grass is greener on the other side" syndrome, or is there some legitimacy to the the stress of client based IT work compared to being an in-house IT guy? Thanks!

    Read the article

  • OpenVPN - Ubunut 10.04 - Client Can't Connect to Server - Linux Route Add Command Failed

    - by nicorellius
    I suppose this could be asked on Server Fault as well, but it is specific to the client so I thought I'd start here. I have keys for a OpenVPN server already in place. I have used these keys to connect already, but using a Windows XP machine. I started by building the client.conf file so that I could run: sudo openvpn --config client.conf And it seems correct but I still can't connect and get these errors and lines of output: Mon May 31 14:34:57 2010 ERROR: Linux route add command failed: external program exited with error status: 7 Mon May 31 14:34:57 2010 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.17 SIOCADDRT: File exists Mon May 31 14:34:57 2010 ERROR: Linux route add command failed: external program exited with error status: 7 Mon May 31 14:34:57 2010 Initialization Sequence Completed I searched the net for forums and ideas and tried some file moving and renaming but still ended up in the same place.

    Read the article

  • Slow Starting DHCP Client Service - HP Thin Clients

    - by Ryan
    We have recently began adding XPe thin clients to our domain in preperation for a new citrix environment. One thing that has been picked up on in testing is that they appear slow to boot. The issue manifest's it's self as the classic "Applying Computer Settings..." screen we are all used to seeing. After digging into the issue it appears the DHCP Client service is taking some time to load on boot, this varies but I would estimate it can take around 1 minute in some cases. I've eliminated the classic issues, DHCP is responding correctly and in quick time. DNS is not the cause and GPO's are applying promptly. A simple workaround is to assign the client a static IP which work's great so the TCP/IP servies are obviously firing up quickly, just not DHCP Client. Does anyone have any idea's on how I may be able to improve the service start time? Keen to find a better solution before I get my arm twisted into setting up 250 thin clients with static addressing!

    Read the article

  • DNS client configuration steps in Oracle Solaris 11

    - by Gurubalan
    This guide covers Quick how to configure DNS client on Solaris 11. DNS client configuration in Solaris 11 is based on SMF service rather than file based. When you configure a system as DNS client, you will be performing the following two configurations. I. DNS client setup II. Configure Name service switch to use DNS I. DNS client setup 1. Configure using SMF service network/dns/client # svccfg -s network/dns/clientsvc:/network/dns/client> setprop config/search = astring: ("test.com" "service.test.com")svc:/network/dns/client> setprop config/nameserver = net_address: (192.168.10.10 192.168.10.11)svc:/network/dns/client> exit 2.  Enable the DNS client service (when you configure it for the first time) #svccfg enable -r dns/client 3. Restart/Refresh DNS client service (It is done when there is any update to the configuration) #svccfg refresh dns/client #svccfg restart dns/client 4. Verify /etc/resolv.conf if it is updated with the changes. # more /etc/resolv.conf ## _AUTOGENERATED_FROM_SMF_V1_## WARNING: THIS FILE GENERATED FROM SMF DATA.#   DO NOT EDIT THIS FILE.  EDITS WILL BE LOST.# See resolv.conf(4) for details.search               test.com service.test.comnameserver      192.168.10.10nameserver      192.168.10.11 --- II.  Configuring Name service switch to use DNS 1. Configure using SMF service  system/name-service/switch # svccfg -s system/name-service/switchsvc:/system/name-service/switch> setprop config/host = astring: "files dns"svc:/system/name-service/switch>exit 2.  Restart/Refresh name-service/switch service #svccfg refresh name-service/switch #svccfg restart  name-service/switch 3. Verfiy host entry in /etc/nsswitch.conf  is updated with dns. # more /etc/nsswitch.conf## _AUTOGENERATED_FROM_SMF_V1_## WARNING: THIS FILE GENERATED FROM SMF DATA.#   DO NOT EDIT THIS FILE.  EDITS WILL BE LOST.# See nsswitch.conf(4) for details.passwd: filesgroup:  fileshosts:  files dnsipnodes:        files dns . --- PS: Thank you ollasi for your motivation behind the screen.

    Read the article

  • Openvpn client-to-client connection reencrypted at Server?

    - by user1684411
    currently i'm using a site-2-site openvpn setup. The routers en/decrypt all traffic that goes from one net to another. One of them is the Openvpn server. This works but performance is not as good as possible. I think the limiting factor is the cpu power of the router. Would it be better if i use client-to-client connections and access the fileserver in the one net from a pc in the other, because the openvpn-server does not have to decrypt the (whole) packets?

    Read the article

  • Intermittent Disconnection of Client Computers from Domain Server

    - by dilip nagle
    The Background: I have Windows 2008 server Enterprise Version with 25 user cal licences. It has a domain and all users and a network shared HP printer in it. The Server has two network cards and both these cards as well as all client machines are on IP addressing scheme of 192.168.1.* with subnetmask 255.255.255.0. Of the two network cards viz. 192.168.1.231 and 192.168.1.233, only 192.168.1.231 is registered with DNS. In 192.168.1.233(i.e. 2nd network card) has default getway as 192.168.1.231 and dns address as 192.168.1.231. The Server has three hard disks with capacities as 500gb, 500gb and 1TB and are partitioned as (C,D,E), (F,G) and (K) with partition K having all user data into various Shared Folders. Each of these folders(On Partition K), are mapped onto each user's computer as per the right of access given to them. The Problem: The Server was installed about 6 months ago and till date not even once, the Server has Hung or has given any problem. All the Clients computers are able to run the web based software from their computers via ip address, e.g. http://192.168.1.231/webERP/default.aspx. However, occassionally, when any client computer tries to browse network mappings, it hangs. Again, there is no fixed pattern. This may happen after running smoothly for say 3 days. On each Client's machine, the network settings are as follows: IP Address: 192.168.1.* where * is 1,2,3 .... Sunnetmask: 255.255.255.0 defauly getway: 192.168.1.231 Which is a server card and DNS address. preferred DNS Server: 192.168.1.231 In Advanced Tab under Wins: LMHostLookup is Unticked and default is radio buttoned. Ideally, I would have loved to have Disabled NETBIOS over TCP/IP but some network printers do not get accessed if this option is enabled(ie. Radio Buttoned). Bacause Disabling Netbios will drastically reduce traffic of NETBIOS broadcasting to all the computers on the net to do naming resolution. On Server, I have WINs Running which I have Scavanged Records, verified Database Integrity etc, removed Tombstoned Records etc. The Critical Errors shown only once a day when the server is statred are 4224(WINS) and 12923 - Server Licencing failed to Update DNS Record. I fail to understand as why do client machines HANG when they try to browse mapped network shared folders on K Drive. Kindly Advice

    Read the article

  • Run client applications from VMWare Workstation Host.

    - by user40470
    Does anyone know how to run applications hosted on a client VM from an icon created on the host computer. For example I want to run IE8 installed on the client VM on my host XP computer running IE6. I cant update to IE6 on the host because of compliance issues. I'm trying to do this with VMWare Workstation 7. I'll post the solution if I can figure this out before I get your assistance. Thanks!!!

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >