Search Results

Search found 15441 results on 618 pages for 'ssl security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 92/618 | < Previous Page | 88 89 90 91 92 93 94 95 96 97 98 99  | Next Page >

  • Trying to get WCF client to work with wss 1.0 username token security

    - by darius murauskas
    I am trying to use a WCF client to call a third party web service. The web Service usses username token authentication WSS-Security 1.0 Soap Message Security Here is a sample soap authentication header for what the web service expects <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security soap:mustUnderstand="1"> <wsse:UsernameToken namespaces> <wsse:Username>username</wsse:Username> <wsse:Password Type="type info">password</wsse:Password> <wsse:Nonce>nonce</wsse:Nonce> <wsu:Created>date created</wsu:Created> </wsse:UsernameToken> <wsse:Security> </soap:Header> <soap:Body> <WebServiceMethodName xmlns="Web Service Namespace" /> I configured the client to the following way <basicHttpBinding> <binding name="Binding1"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="Basic"/> </security> </basicHttpBinding> but recieved an error that stating that the nonce and datecreated attributes were missing in the header. Does anyone know how to configure a WCF client to work with WSS-Security 1.0 Soap Message Security username token authentication?

    Read the article

  • What development technologies or technology stack is typically used in the security industry?

    - by vfilby
    In this case security means building security (access control, alarm systems, etc). And I am not talking about working directly with the hardware, more focused on web based applications/api's that clients or companies can use? Are there technologies that are commonly used? Are there technologies that shouldn't be used? Are there any real benefits to a linux based stack as opposed to a windows based stack for exposing web based applications?

    Read the article

  • What is the correct way to configure a spring TextEncryptor for use on Heroku

    - by Ollie Edwards
    I have a spring TextEncryptor defined like this <bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" factory-method="text"> <constructor-arg value="${security.encryptPassword}" /> <constructor-arg value="${security.encryptSalt}" /> </bean> Which is fed these properties security.encryptPassword=47582920264f212c566d5e5a6d security.encryptSalt=39783e315e6a207e733d6f4141 Which works fine on my local environment. When I deploy to Heroku I get java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:110) at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:65) at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:36) ... Caused by: java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972) at javax.crypto.Cipher.implInit(Cipher.java:738) at javax.crypto.Cipher.chooseProvider(Cipher.java:797) at javax.crypto.Cipher.init(Cipher.java:1276) at javax.crypto.Cipher.init(Cipher.java:1215) at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105) ... 53 more So I tried some smaller keys but I always get the same problem. What is the correct key size to use on Heroku?

    Read the article

  • Is it safe to change the 'Security.salt' line to a more lengthy string {64 hex key}

    - by Gaurav Sharma
    Hi everyone, I have changed the Configure::write('Security.salt', '############'); value in the file config/core.php file to a '256-bit hex key'. Is it safe or a good practice to change these lines for every different installation of cakephp application or shall I revert back to the original ? I also changed the Configure::write('Security.cipherSeed','7927237598237592759727'); to a different one of more length. Please throw some light on this. Thanks

    Read the article

  • Where can I find a web-project "security checklist?"

    - by iaagty
    I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e., Cross Site Scripting Cross Site Request Forgery Sanitize form data that goes into database Disable register globals and error reporting in custom php.ini Upload files below web root ...(the list goes on) I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines. Thanks in advance.

    Read the article

  • Mal kurz erklärt: Advanced Security Option (ASO)

    - by Anne Manke
    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Heinz-Wilhelm Fabry 12.00 Normal 0 false false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Heinz-Wilhelm Fabry 12.00 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} WER? Kunden, die die Oracle Datenbank Enterprise Edition einsetzen und deren Sicherheitsabteilungen bzw. Fachabteilungen die Daten- und/oder Netzwerkverschlüsselung fordern und / oder die personenbezogene Daten in Oracle Datenbanken speichern und / oder die den Zugang zu Datenbanksystemen von der Eingabe Benutzername/Passwort auf Smartcards oder Kerberos umstellen wollen. Heinz-Wilhelm Fabry 12.00 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} WAS? Durch das Aktivieren der Option Advanced Security können folgende Anforderungen leicht erfüllt werden: Einzelne Tabellenspalten gezielt verschlüsselt ablegen, wenn beispielsweise der Payment Card Industry Data Security Standard (PCI DSS) oder der Europäischen Datenschutzrichtlinie eine Verschlüsselung bestimmter Daten nahelegen Sichere Datenablage – Verschlüsselung aller Anwendungsdaten Keine spürbare Performance-Veränderung Datensicherungen sind automatisch verschlüsselt - Datendiebstahl aus Backups wird verhindert Verschlüsselung der Netzwerkübertragung – Sniffer-Tools können keine lesbaren Daten abgreifen Aktuelle Verschlüsselungsalgorithmen werden genutzt (AES256, 3DES168, u.a.) Heinz-Wilhelm Fabry 12.00 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} WIE? Die Oracle Advanced Security Option ist ein wichtiger Baustein einer ganzheitlichen Sicherheitsarchitektur. Mit ihr lässt sich das Risiko eines Datenmissbrauchs erheblich reduzieren und implementiert ebenfalls den Schutz vor Nicht-DB-Benutzer, wie „root unter Unix“. Somit kann „root“ nicht mehr unerlaubterweise die Datenbank-Files lesen . ASO deckt den kompletten physikalischen Stack ab. Von der Kommunikation zwischen dem Client und der Datenbank, über das verschlüsselte Ablegen der Daten ins Dateisystem bis hin zur Aufbewahrung der Daten in einem Backupsystem. Heinz-Wilhelm Fabry 12.00 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Das BVA (Bundesverwaltungsamt) bietet seinen Kunden mit dem neuen Personalverwaltungssystem EPOS 2.0 mehr Sicherheit durch Oracle Sicherheitstechnologien an. Heinz-Wilhelm Fabry 12.00 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:12.0pt; mso-para-margin-left:0cm; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Und sonst so? Verschlüsselung des Netzwerkverkehrs Wie beeinflusst die Netzwerkverschlüsselung die Performance? Unsere Kunden bestätigen ständig, dass sie besonders in modernen Mehr-Schichten-Architekturen Anwender kaum Performance-Einbußen feststellen. Falls genauere Daten zur Performance benötigt werden, sind realitätsnahe, kundenspezifische Tests unerlässlich. Verschlüsselung von Anwendungsdaten (Transparent Data Encryption-TDE ) Muss ich meine Anwendungen umschreiben, damit sie TDE nutzen können? NEIN. TDE ist völlig transparent für Ihre Anwendungen. Kann ich nicht auch durch meine Applikation die Daten verschlüsseln? Ja - die Applikationsdaten werden dadurch allerdings nur in LOBs oder Textfeldern gespeichert. Und das hat gravierende Nachteile: Es existieren zum Beispiel keine Datums- /Zahlenfelder. Daraus folgt, dass auf diesen Daten kein sinnvolles Berichtsverfahren funktioniert. Auch können Applikationen nicht mit den Daten arbeiten, die von einer anderen Applikation verschlüsselt wurden. Der wichtigste Aspekt gegen die Verschlüsselung innerhalb einer Applikation ist allerdings die Performanz. Da keine Indizes auf die durch eine Applikation verschlüsselten Daten erstellt werden können, wird die Datenbank bei jedem Zugriff ein Full-Table-Scan durchführen, also jeden Satz der betroffenen Tabelle lesen. Dadurch steigt der Ressourcenbedarf möglicherweise enorm und daraus resultieren wiederum möglicherweise höhere Lizenzkosten. Mit ASO verschlüsselte Daten können von der Oracle DB Firewall gelesen und ausgewertet werden. Warum sollte ich TDE nutzen statt einer kompletten Festplattenverschlüsselung? TDE bietet einen weitergehenden Schutz. Denn TDE schützt auch vor Systemadministratoren, die zwar keinen Zugriff auf die Datenbank, aber auf der Betriebssystemebene Zugriff auf die Datenbankdateien haben. Ausserdem bleiben einmal verschlüsselte Daten verschlüsselt, egal wo diese hinkopiert werden. Dies ist bei einer Festplattenverschlüssung nicht der Fall. Welche Verschlüsselungsalgorithmen stehen zur Verfügung? AES (256-, 192-, 128-bit key) 3DES (3-key)

    Read the article

  • A more elegant way of embedding a SOAP security header in Silverlight 4

    - by Your DisplayName here!
    The current situation with Silverlight is, that there is no support for the WCF federation binding. This means that all security token related interactions have to be done manually. Requesting the token from an STS is not really the bad part, sending it along with outgoing SOAP messages is what’s a little annoying. So far you had to wrap all calls on the channel in an OperationContextScope wrapping an IContextChannel. This “programming model” was a little disruptive (in addition to all the async stuff that you are forced to do). It seems that starting with SL4 there is more support for traditional WCF extensibility points – especially IEndpointBehavior, IClientMessageInspector. I never read somewhere that these are new features in SL4 – but I am pretty sure they did not exist in SL3. With the above mentioned interfaces at my disposal, I thought I have another go at embedding a security header – and yeah – I managed to make the code much prettier (and much less bizarre). Here’s the code for the behavior/inspector: public class IssuedTokenHeaderInspector : IClientMessageInspector {     RequestSecurityTokenResponse _rstr;       public IssuedTokenHeaderInspector(RequestSecurityTokenResponse rstr)     {         _rstr = rstr;     }       public void AfterReceiveReply(ref Message reply, object correlationState)     { }       public object BeforeSendRequest(ref Message request, IClientChannel channel)     {         request.Headers.Add(new IssuedTokenHeader(_rstr));                  return null;     } }   public class IssuedTokenHeaderBehavior : IEndpointBehavior {     RequestSecurityTokenResponse _rstr;       public IssuedTokenHeaderBehavior(RequestSecurityTokenResponse rstr)     {         if (rstr == null)         {             throw new ArgumentNullException();         }           _rstr = rstr;     }       public void ApplyClientBehavior(       ServiceEndpoint endpoint, ClientRuntime clientRuntime)     {         clientRuntime.MessageInspectors.Add(new IssuedTokenHeaderInspector(_rstr));     }       // rest omitted } This allows to set up a proxy with an issued token header and you don’t have to worry anymore with embedding the header manually with every call: var client = GetWSTrustClient();   var rst = new RequestSecurityToken(WSTrust13Constants.KeyTypes.Symmetric) {     AppliesTo = new EndpointAddress("https://rp/") };   client.IssueCompleted += (s, args) => {     _proxy = new StarterServiceContractClient();     _proxy.Endpoint.Behaviors.Add(new IssuedTokenHeaderBehavior(args.Result));   };   client.IssueAsync(rst); Since SL4 also support the IExtension<T> interface, you can also combine this with Nicholas Allen’s AutoHeaderExtension.

    Read the article

  • Using Cloud Formation provisioned security group with specific subnet

    - by Fred Clausen
    Summary I'm attempting to create an AWS CloudFormation template which contains an instance for which I want to select a particular subnet. If I specify the subnet ID then I get the following error The parameter groupName cannot be used with the parameter subnet. From reading this thread it appears I need to provide security group IDs - not names. How can I create a security group in CloudFormation and then get its ID after the fact? Details The relevant part of the instance config is as follows "WebServerHost": { "Type" : "AWS::EC2::Instance", <..skipping metadata...> "Properties": { "ImageId" : { "ami-1234" }, "InstanceType" : { "Ref" : "WebServerInstanceType" }, "SecurityGroups" : [ {"Ref" : "WebServerSecurityGroup"} ], "SubnetId" : "subnet-abcdef123", and the security group looks as follows "WebServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP and SSH", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"} ] } }, How can I create and then get that security group's ID?

    Read the article

  • Cisco adaptive security appliance is dropping packets where SYN flag is not set

    - by Brett Ryan
    We have an apache instance sitting inside our DMZ which is configured to proxy requests to an internal NATed tomcat instance inside our network. It works fine, but then all of a sudden requests from apache to the tomcat instance stop getting through with the following in the apache logs: [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header Investigating into the Cisco log viewer reveals the following: Error Message %ASA-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name. Explanation The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet. Recommended Action None required unless the adaptive security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent. All are machines are virtualised using VMware, and by default machines have been using the Intel E1000 emulated NIC. Our network administrator has changed this to a VMXNET3 driver in an attempt to correct the problem, we just have to wait and see if the problem persists as it's an intermittent problem. Is there something else that could be causing this problem? This isn't the first service where we have had similar issues. Our apache host is running Ubuntu 11.10 with a kernel version of 3.0.0-17-server. We have also had this issue on RHEL5 (5.8) running kernel 2.6.18-308.16.1.el5, this machine also has the E1000 NIC. NOTE: I am not a network administrator and am a software architect and analyst programmer responsible for these systems.

    Read the article

  • "Checksum failed" during Kerberos SSO

    - by Buddy Casino
    This is an error that occurs when a mod_auth_kerb protected webapp is being accessed, and I have no idea what the cause might be. Can anyone give hints as into which direction I should look? Thankful for any help! Search Subject for Kerberos V5 ACCEPT cred (HTTP/[email protected], sun.security.jgss.krb5.Krb5AcceptCredential) Found key for HTTP/[email protected](23) Entered Krb5Context.acceptSecContext with state=STATE_NEW >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Checksum failed ! 16:36:30,248 TP-Processor31 WARN [site.servlet.KerberosSessionSetupPrivilegedAction] Caught GSS Error GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:95) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:337) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724) ... 24 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388) at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83) ... 30 more

    Read the article

  • Configuring IIS7 for TLS 1.0 only

    - by tomfanning
    I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only. I have come up with the following list of cipher suites which I have deduced are TLS 1.0. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA I have put that list in the box in the following policy: Computer Configuration | Administrative Templates | Network | SSL Configuration Settings | SSL Cipher Suite Order Is that sufficient? Are any of the suites in my list not TLS 1.0? Are there any other TLS 1.0 suites supported by IIS7 that aren't in the list? The server, by the way, is Windows Server 2008 R2. Thanks

    Read the article

  • Windows Server 2008 R2 LDAPS

    - by Chad Moran
    I have a Server 2008 R2 server with ADDS installed. I'm trying to configure HP's ILO utility to connect to it over SSL. I installed the Active Directory Certificate Service, after doing so I'm still not able to connect to LDAP over SSL. I checked the event log and it's showing warnings with Event ID 36886 saying that there aren't default credentials yet. I'm not too sure why this is happening. I haven't done anything with ADCS other than installing the service do I need to create a certificate for the server?

    Read the article

  • MySQL Replication Error

    - by Ian
    I recently updated my master server to 5.1.41 and noticed that the slave was no longer replicating. It was returning this erorr: 091208 12:53:31 [ERROR] Slave I/O: error connecting to master '[email protected]:3306' - retry-time: 10 retries: 86400, Error_code: 2026 091208 12:53:41 [ERROR] Slave I/O: error connecting to master '[email protected]:3306' - retry-time: 10 retries: 86400, Error_code: 1045 The first error is apparently an SSL error, followed by auth denied.. Thing is, I haven't touched my SSL key or user access in months (and the key is fine, since I'm using the same one on that machine to replicate from other master servers.. Any ideas? Edit: Months later, I've tried with 5.1.44 and the problem is persisting. When I roll back to 5.1.39 replication works great... I guess I can't use anything newer than 5.1.39....

    Read the article

  • Add a custom certificate authority to Ubuntu

    - by rmrobins
    Hello; I have created a custom root certificate authority for an internal network, example.com. Ideally, I would like to be able to deploy the CA certificate associated with this certificate authority to my Linux clients (running Ubuntu 9.04 and CentOS 5.3), such that all of the applications automatically recognize the certificate authority (i.e. I do not want to have to configure Firefox, Thunderbird, etc manually to trust this certificate authority). I have attempted this on Ubuntu by copying the PEM-encoded CA certificate to /etc/ssl/certs/ and /usr/share/ca-certificates/, as well as by modifying /etc/ca-certificates.conf and rerunning update-ca-certificates, however applications do not seem to recognize that I have added another trusted CA to the system. Therefore, is it possible to add a CA certificate once to a system, or is it necessary to manually add the CA to all of the possible applications that will attempt to make SSL connections to hosts signed by this CA in my network? If it is possible to add a CA certificate once to the system, where does it need to go? Thanks.

    Read the article

  • How can I connect JConsole to WebLogic using the WL SSL Listen Port

    - by Mircea Vutcovici
    I would like to be able to use JConsole on remote WebLogic servers via the multiplexer port on SSL. Is it possible this without doing any configuration changes WebLogic? Only by adding some jars (e.g. wljmxclient.jar) or parameters to JConsole. I've tried with variations of the following command without success: $JAVA_HOME/bin/jconsole -J-Djava.class.path=$JAVA_HOME/lib/jconsole.jar:\ $JAVA_HOME/lib/tools.jar:$WL_HOME/server/lib/wljmxclient.jar \ -J-Djmx.remote.protocol.provider.pkgs=weblogic.management.remote -debug \ service:jmx:rmi:///jndi/iiop://server_name:7441/jmxrmi I think that one of the problem is that the SSL is not enabled in JConsole.

    Read the article

  • How can I route all network traffic through Sonicwall Netextender VPN Client with Ethernet internet sharing enabled on a mac?

    - by Ryan Smith
    I basically have a sonic wall firewall protecting a server which I want to SSL VPN log into with multiple computers. However, I would like to do this by having those computers (or router with computer) connected to a Mac's ethernet port (the vpn would be over wireless) through the internet sharing feature on the iMac. We use the provided Sonicwall Netextender VPN Client to connect to the firewall / server and would like to only have to use one SSL ID to cover all the computers by only having the central Mac sign in. Can anyone out there help me achieve this or tell me it isn't possible? Thank a lot.

    Read the article

  • Debian Squeeze Upgrade Breaks Apache SSL

    - by PP
    I upgraded my Debian from Lenny to Squeeze. BIG MISTAKE. Now I get: [Tue Feb 08 16:34:57 2011] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) littered throughout /var/log/apache2/error.log. How to fix? Looking through a mess of forums it is easy to see that Apache changed the way it reads configurations around 2.2.13. Great. But not great for me or the millions of other web administrators who now have web servers that simply won't start, and an error message that says NOTHING about the problem or how to fix. Anybody else actually solved this issue? I had perfectly working virtual servers with SSL before (for years actually).

    Read the article

  • Directory listing through FTPS (TLS) is not working

    - by Aron Rotteveel
    We recently switched our server to require TLS for every connection. This is working flawlessly so far, but one of our clients is having problems. Some facts: Server uses Pure-FTPD Server has a passive port range configured Server has no firewall limitations regarding the FTP Client uses WS FTP Client is behind a router Client connects to the same IP as every other, using PASSIVE mode All other clients have no trouble connecting Because of the TLS requirement, connecting using ACTIVE mode is almost not possible, but PASSIVE is working fine for everyone except this specific client. It seems that he is able to connect, but once a LIST command is performed, things go wrong. Log: Finding Host <clienthost> ... Connecting to <serverip:21> Connected to <serverip:21> in 0.020000 seconds, Waiting for Server Response Initializing SSL Session ... 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 5 of 50 allowed. 220-Local time is now 22:14. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. AUTH TLS 234 AUTH TLS OK. SSL session NOT set for reuse SSL Session Started. Host type (1): Automatic Detect USER <user> 331 User <user> OK. Password required PASS (hidden) 230-User <user> has group access to: <user> 230 OK. Current restricted directory is / SYST 215 UNIX Type: L8 Host type (2): Unix (Standard) PBSZ 0 200 PBSZ=0 PROT P 200 Data protection level set to "private" PWD 257 "/" is your current location CWD /public_html 250 OK. Current directory is /public_html PWD257 "/public_html" is your current location TYPE A 200 TYPE is now ASCII PASV 227 Entering Passive Mode (<serverip>,132,100) connecting data channel to <serverip>:132,100(33892) Substituting connection address <serverip> for private address <serverip> from PASV Using external address <customer ext. ip> instead of local address <customer int. ip> for PORT command PORT 82,161,56,225,195,181 200 PORT command successful LIST Error reading response from server. It appears that the connection is dead. Attempting reconnect... Any help is appreciated.

    Read the article

  • Apache 2 with Weblogic Plug-in Redirection, original location still requested to backend

    - by Edo
    We're trying to setup an SSL server in front of a Weblogic server using Apache as the SSL provider. Here's what's inside of our httpd.conf: <Location /original> SetHandler weblogic-handler WebLogicHost 10.11.1.1 WebLogicPort 8700 PathTrim /original PathPrepend /destination ConnectTimeoutSecs 60 </Location> <Location /destination> SetHandler weblogic-handler WebLogicHost 10.11.1.1 WebLogicPort 8700 ConnectTimeoutSecs 60 </Location> This setup works mostly, but in the ssl_error_log file there're these entries: [Wed Aug 11 14:59:00 2010] [error] [client xxx.xxx.xxx.xxx] ap_proxy: trying GET /original at backend host '10.11.1.1/8700; got exception 'CONNECTION_REFUSED [os error=0, line 1739 of ../nsapi/URL.cpp]: Error connecting to host 10.11.1.1:8700' The weird thing is, the redirection still works, but these annoying entries still shows up. Anyone can point out where did we go wrong? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 88 89 90 91 92 93 94 95 96 97 98 99  | Next Page >