IdP custom self-signed certificate with error "Exception in law Service...". »

Hi all

We strive to use the identity provider 2 OAuth with self-signed SSL certificate and it seems that this approach are not supported by the system.

OAuth authentication endpoint is not accessible from the mobile application - Chrome debugger HTTP call tells to the endpoint of the status "cancelled".

Use of "Desktop Web Viewer" gives the possibility to add exceptions for host security, but at the stage of the passage "code" parameter Manager experience Mobile endpoint [1] forwarding flow always breaks with message 'Exception in the Service during processing of the result from the identity provider' passed as parameter in the call to redirect to the Web Viewer [2].

Here, I would like to note that the right is turned off for the project.

I wonder, is the error above caused by unreliable connection? Is it possible to use the custom with self-signed SSL certificate identity provider?

Thank you for considering my question.

[1] https://es.publish.adobe.com/oauth2?code=AAAAAAAAAAAAAAAAAAAAAA.9lqAHfrL0wjBCcQ-zGCW2Am6E6 M.AHySE6B2oTLWVfJMDVl5ExOct2vY...

[2] web Viewer

Hello

Free signed SSL of entitlement certificates are not supported. The connection is interrupted by the server because the certificate is not approved.

Tukker - Klaasjan

Tags: Experience Manager Mobile

Similar Questions

  • Cannot use jar with icon files gif and self signed certificate files (Exception in thread "AWT-EventQueue-3" java.lang.NoClassDefFoundError: oracle/ewt/laf/basic/SelColorChange)

    Hi all.

    I use Forms 11 g 11.1.2.1 and updating JRE 7 45.

    I have create a jar file containing gif icons files using this procedure:

    (1) create the jar file:

    set path = % path %; C:\Oracle\Middleware\Oracle_FRHome1\jdk\bin (my ORACLE_HOME/jdk)

    jar - cvf webfigolos.jar *.gif

    (2) self sign the file:

    c:\Oracle\Middleware\asinst_1\bin > sign_webutil.bat c:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar

    Jars is signed but with a warning:

    Generate a signature key certificate aaosa2015 = auto...

    keytool error: java.lang.Exception: key pair not generated, al alias < aaosa2015 >

    loan is

    .

    There are errors or warnings while generating a self signed certificate. Pleas

    e revisiting.

    .

    Backup as c: C:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar

    \Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar.old...

    1 file (s) copied.

    Signature using ke c:\Oracle\Middleware\Oracle_FRHome1\forms\java\webfigoicons.jar

    y = aaosa2015...

    .. own made.

    But I can use this file. The application crashes and get this error from the java console:

    network: connection http://myluism-pc:7001/forms/lservlet; jsessionid = p98GTL5Fh6XnQcykySBhLWq2823HwHlPGZ16TYHVv93006N4mmdl!-947562687 with proxy = LIVE

    network: connection http://myluism-PC:7001 / with proxy = LIVE

    Exception in thread "AWT-EventQueue-3" java.lang.NoClassDefFoundError: oracle/ewt/laf/basic/SelColorChange

    at oracle.ewt.laf.oracle.OracleTreeUI.createItemPainter (unknown Source)

    at oracle.ewt.laf.basic.BasicTreeUI._getItemPainter (unknown Source)

    at oracle.ewt.laf.basic.BasicTreeUI.getItemPainter (unknown Source)

    at oracle.ewt.dTree.DTreeBaseItem.getSize (unknown Source)

    at oracle.ewt.dTree.DTree.paintCanvasInterior (unknown Source)

    at oracle.ewt.EwtComponent.paintInterior (unknown Source)

    at oracle.ewt.lwAWT.SharedPainter._paintInterior (unknown Source)

    at oracle.ewt.lwAWT.SharedPainter.paintExtents (unknown Source)

    at oracle.ewt.lwAWT.LWComponent._paintComponent (unknown Source)

    at oracle.ewt.lwAWT.LWComponent.paint (unknown Source)

    at oracle.ewt.EwtComponent.paint (unknown Source)

    at oracle.ewt.lwAWT.SharedPainter.paintExtents (unknown Source)

    at oracle.ewt.lwAWT.LWComponent._paintComponent (unknown Source)

    This used to be a very simple procedure, but it has stopped working...!

    Don't know if the jar file is well born, or if it is corrupt.

    I can't start my application.

    Help, please!

    Best regards, Luis.

    Try again with the JRE 7 10 update, I get a problem with the update of JRE 7 45, but when I tried the update of JRE 7 10, it works fine.

    For the objective test, disable the check

    Java Panel-> advance-> mixed Code-> disable verification (unchecked)

  • Self-signed certificate installed successfully but with VR error device

    HI gurus,

    I'm in the middle of the upgrade of RS 5 5.1 RS for replication of vSphere.

    I'm trying to install and register the device VR 5.1.

    On the configuration tab I filled out the Info: and tried to produce the certificate and start the service.

    It comes up with the following msg.

    Self-signed certificate installed successfully.

    WARNING: Bad service state: execv() arg 2 must contain only strings.

    The info I have completed are as follows:

    VRM Host: ip address of host vrm

    Name of the Site of VRM: virtual site of DR (FQDN) appliance

    vCenter Server Address: address of the server vCenter DR FQDN

    vCenter Server Port: 80

    vCenter Server Admin Mail: e-mail administrators

    Thanks in advance!

    Here's your answer...

    Edit the/etc/sysconfig/network/config file.

    Find this line:

    NETCONFIG_DNS_STATIC_SERVERS = «»

    Change the line and put a DNS server IP address in quotes.

    Restart your device and try again.

    Edit: Still one thing, make sure that you deploy the version of the appliance corresponds to your version of vCenter. vCenter Server 5.5 uses the replication device 5.5, 5.1 VC uses 5.1 etc.

  • Faced with Windows 2008 R2 PKI, self-signed certificates &amp; view iPad customer Secure Authentication to view connection server: UGH!

    Background: I was instructed to create a VMware View isolated laboratory test so that HIGHER-UPS can see how they could access the VM dedicated as well as how their developers could put related clones on-the-fly. The project was successful! Yay!

    Addendum: A boss wants to see how VMware View works when accessing his computer virtual dedicated via his iPad on the internet... And who needs a secure SSL connection.

    The problem is: the domain name I chose casually because the lab did not belong to me... So I can't have a real certificate from a trusted commercial certification authority.

    So I'll try to roll my own public Windows 2008 R2 PKI and... All that forcing the iPad to use DC/DNS server in the lab... Get only the single get iPad trust view connection server by importing a sort of certificate.

    Can I export/import a certificate of the CA of DC to the iPad via an attachment... And it happens with confidence. But how to create a login to view the server certificate and electronic-mail/import in the iPad so it happens with confidence? Whenever I try to export the certificate of the certificate of the view connection server store, send it to the iPad and install... The connection server certificate appears as 'not reliable' and the VMware View client will not connect.

    (Of course, I could get sloppy and set the iPad Client to accept untrusted connections... "But I want to solve the problem of approved connection).

    I could be missing something royally on the self-signed certificates and certificate chains.

    (It is a first for me dealing with Active Directory Windows Certificate Services. In the past, I always just installed expensive commercial SSL CA certificates in the certificates Windows Server stores before.)

    Any help or direction, you can provide would be appreciated. I'm rather confused.

    See you soon!

    Keegan

    Hello

    Maybe was your initial problem that the provided certificate must be a descendant of a trusted root, such as Verisign cert or

    the root certificate must be installed and all the intermediate certificates in the trust chain down to the one you use?

    Concerning

    AndyR

  • cannot install self-signed certificates sbs2008 on Vista SP2 with IE8

    I use SBS2008 Setup and it is to use self-signed certificates,

    My laptop is Windows Vista SP2 with IE8.

    When I try and connect to my OWA SBS2008 Web site, I get this error: there is a problem with this site's secure certificate.

    I tried to solve my problem with this solution: http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx , don't worry! In date; May 8, 2008

    I also looked at: http://support.microsoft.com/default.aspx?scid=kb; EN-US; 932156 , dated; November 19, 2008

    This link is on the page above: download the update for Windows Vista (KB932156) package now. , dated March 24, 2008. I understand that all of the above links are ment to work with Vista & IE7, there is no mention of the Service Pack level.

    This patch really works on Vista SP2 with IE8 or do I have to change the registry and if so, this key is always the right pair?

    HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots

    Thank you

    Hello

    Questions like these are much better handled in the TechNet IT Pro Forums.

    My moderator tools cannot transfer messages on Windows forums, please re - ask you question there.

    http://social.technet.Microsoft.com/forums/en-us/itprovistanetworking/threads

  • RTMPS with self-signed certificate

    Hello

    I have a simple Webcam movie, publish live video
    FMS 2.0.2 r51 dev under Debian 3.1r2 edition
    and then he plays in another video-window.

    It works very well and rtmp, rtmpt, but with rtmps I get
    the error "NetConnection.Connect.Failed".

    I have prepared a simple and all assembled test scenario
    info here: http://pref.dyndns.org:8080/live/live.html

    The certificate has been created by me in this way:
    openssl req - x 509 - days 365 - newkey rsa:1024.
    -self-signed - certificate.pem - keyout pub-sec-.pem

    And implement defaultRoot_/Adaptor.xml:
    "< name HostPort ="edge1"ctl_channel =": 19350 ">: 1935, 80,-443 < / HostPort >"
    ... jumped...
    /Home/afarber/certs/self-signed-certificate.PEM < SSLCertificateFile > < / SSLCertificateFile >
    < SSLCertificateKeyFile type = "EMP" > /home/afarber/certs/pub-sec-key.pem < / SSLCertificateKeyFile >
    secret of < SSLPassPhrase > < / SSLPassPhrase >
    < SSLCipherSuite > ALL:! ADH:! BASS:! EXP:! MD5:@strength < / SSLCipherSuite >

    I'm sure that the server works as I see in the var:
    localhost adapter [2675]: listener started (_defaultRoot__edge1): 443 (secure)

    I also tried to put
    Import mx.remoting.Service;
    Import mx.services.Log;
    Import mx.remoting.debug.NetDebug;
    NetDebug.initialize ();

    at the top of my AS code, but the NetConnection debugger
    window displays no information at all, for some reason any:
    http://pref.dyndns.org:8080/live/NetDebug-empty.gif

    Concerning
    Alex

    I found the solution-

    There is a bug in the current Flash Player:
    If a pop-up window of dialogue for a reason any
    (as unknown CA or not is not host name)
    then the cert will be rejected even if you
    Click 'yes '.

    If you are generating a cert self-signed like this:

    OpenSSL genrsa-des3-out ca.key 4096
    openssl req - new - x 509 - days 365 - key ca.key - out ca.crt

    OpenSSL genrsa-des3-out server.key 4096
    openssl req - new - key server.key - out server.csr

    OpenSSL x 509 - req-days 365 - in server.csr - CA ca.crt - CAkey ca.key - set_serial 01 - out server.crt

    (increase the 01 above for each new cert).

    and then import the ca.crt from above in your
    browsers (i.e. double-click on Windows for IE
    Open from Mozilla Firefox and click OK).

    Concerning
    Alex

  • ASA SHA2 support with self-signed certificates

    Is it possible to use the signature SHA2 algorithm generating a certificate self-signed on an ASA? I can't find any documentation on orders that have control of things like the signature algorithm when you use self-signed certificates. I have seen documentation SHA2 is supported from 8.4.2 for the signature algorithm, but it always refers to the import of a certificate from an external certification authority.

    Hi William,.

    You can only generate self-signed certificate on the SAA SHA1. The solution is to import a certificate from a 3rd party with signature SHA2 algorithm.

    Here is the value for the same application:-

    ASA support for SHA - 2 for crypto IPsec and operations of the public key infrastructure
    CSCuj67576
    https://Tools.Cisco.com/bugsearch/bug/CSCuj67576/?reffering_site=dumpcr

    Kind regards
    Dinesh Moudgil

    PS Please rate helpful messages.

  • Configure SSL for OUD 4444 port Admin port-&gt; replace the self signed certificates used

    Hi Experts,

    When installing OUD choose Certification self-signed for ports 1636 and 4444.

    Later I change the certificates used by the port of 1636 to a new key file containing the CA certificates. (Track the steps of: https://docs.oracle.com/cd/E52734_01/oud/OUDAG/security_clients_severs.htm#OUDAG00050)

    But same procedure does not have to replace the self signed certificates used by ports 4444!  Everyone is configured SSL (with Cert CA) on the Administration port?

    I couldn't even start the servers, you see an error:

    """

    category = gravity CORE = NOTICE msgID = 458891 msg = the directory server sent a notification to alert generated by the class org.opends.server.core.DirectoryServer (org.opends.server.DirectoryServerShutdown alert type, alert ID 458893): the directory server started the shutdown process.  Stop was launched by an instance of the org.opends.server.core.DirectoryServer class and the reason for the closure was an error occurred trying to start the directory server: NullPointerException (File.java:277 AdministrationConnector.java:843 AdministrationConnector.java:675 AdministrationConnector.java:182 ConnectionHandlerConfigManager.java:356 DirectoryServer.java:2932 DirectoryServer.java:1584 DirectoryServer.java:10108)

    «[27/sep / 2015:06:22:53-0400] category = gravity = NOTICE msgID = 458955 msg = the directory server CORE is now stopped "«»

    Post edited by: 1976902

    Sorry, I cannot help here - here are a few possibilities.

    Change connector Administration certificate

    https://docs.Oracle.com/CD/E52668_01/E54669/HTML/ol7-genssc-auth.html

    The failure of the handshake could occur for various reasons:

    • Incompatible encryption suites in use by the client and the server. This would require the customer to use (or allow) a suite of encryption supported by the server.
    • Incompatible versions of SSL in use (the server can only accept TLS v1, while the client is capable of using SSL v3 only).
    • Incomplete trust for the certificate of the server path
    • The certificate is issued to another area.
    • incomplete certificate trust path between the certificate for the server, and a certification authority root.
    • In most cases, this is because the certificate is not present in the trust store

  • TLS fails on linux self-signed certificates

    on firefox 38.1.0 under centOS 6.6 I have some problem with TLS.

    When it first happened I re fact cert using keys of 2048 bytes. It seemed if address the issue when you navigate to similar addresses to https://localhost/somesite, however, I have try https://localhost:10000 with the fact that it still fails:

    An error occurred during a connection to localhost.localdomain:10000. The certificate server included a public key which was too low. (Error code: ssl_error_weak_server_cert_key)

       The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

    The signing certificate is algorithim-> PKCS #1 SHA-1 with RSA encryption

    The algorithim public key is-> PKCS #1 RSA encryption

    The key has been creating 07/06/15 for a period of 10 years is a Version 1 cert issued by myself with the info
    E = [email protected]
    CN = localhost
    UO = hq
    O = permite
    L = Stone Mountain
    ST = ga
    C = us

    It was a problem of webmin.

    To fix this /etc/webmin/miniserv.pem edition replace the cert and private key sections.

    Use a new generated key and self-signed certificate. If you follow the instructions of centOS, the location of the files are /etc/pki/tls/private/ca.key and /etc/pki/tls/certs/ca.crt

  • QNXStageWebView and self-signed certificates

    I use the QNXStageWebView control to load HTML pages in my AIR application. I'm testing with OS version 1.0.7.3133 and version 2.7 AIR and Tablet OS SDK 1.1.0.  When I use https and try to access a web site that uses a self-signed certificate (which is not approved on the device), the object of QNXStageWebView does not throw error events. How can I detect that the user tries to access a unreliable website and warn (as the native browser)? I saw the newspapers of Wireshark and I see an error "the handshake failed".

    Hello Kiran,

    After further investigation, the dialog box for the certificate that is popped up by the WebKit is made under the covers. The issue which is seen is actually a bug in sdk. However the bug has been fixed and the fix will be available in the next version of the blackberry Tablet sdk.

    Let me know if you have any questions, and I'll be happy to answer them for you.

  • Can I generate self-signed certificates free for Nexus 9 K?

    Hi, I have 22 9Ks Nexus that I just upgraded to 3,0000 I4 so I can use the REST API.

    I use vRealize Orchestrator for automation, and I can't access the REST API on the Orchestrator help link, as certificates are at expiration.

    I can't find much information on this subject for the 9 K, unless the 9Ks are mode of the AIT, in this case I think that TACS are the only people who can generate a certificate.

    Does anyone know otherwise work around this? Otherwise, I'll have to approach a TAC case for 22 certificates generated :-/

    Cheers, Dom

    I'm not familiar with the technology with what you're trying to integrate, but here's a guide on how generate a custom SSC (self-signed Cert) on a device:
    #conf t
    #hostname DEVICE01-NOTE: must not be changed
    #ip - domain test.local

    generate a General key label SSC_KEY module 2048 rsa key #crypto

    #crypto pki trustpoint SSC_LOCAL
    #subject - name, CN = DEVICE, DC = test, DC = local
    #enrollment selfsigned
    # crl revocation checking
    #rsakeypair SSC_KEY 2048

    #crypto ca enroll COMMAND SSC_LOCAL HIDDEN: initiate the creation of SSC

    % Include the serial number of the router in the name of the topic? [Yes/No]: no
    % Include an IP address in the name of the topic? [None]:
    % Generate self signed certificate router? [Yes/No]: Yes

    Router self-signed certificate created successfully

    After this make sure that you do NOT change the host name of the device :)

  • Password incorrect keystore self-signed certificate?

    Hello world

    I'm starting to learn how to make the self-signed certificates using the keytool utility. I use the Keytool page to learn: http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html
    However, I am having a problem with an error saying that my keystore password is incorrect?

    Here's what I do:
    -------------------------------
    C:\Program Files\Java\jdk1.5.0_11\bin > keytool - genkey - dname "cn = Paul Smith, or = myOU, o = myO, c = US" - alias psmith keypass - kpassword - keystore psmisth.ks - storepass spassword-validity 360

    C:\Program Files\Java\jdk1.5.0_11\bin > keytool-export - alias psmith-folder psmith.cer
    Keystore password: kpassword
    keytool error: java.io.IOException: keystore was tampered with, or password is incorrect

    C:\Program Files\Java\jdk1.5.0_11\bin > keytool-list - v - keystore psmith.ks
    Keystore password: kpassword

    Keystore type: jks
    Keystore provider: SUN

    Your keystore contains 1 entry

    Name of the alias: psmith
    Date created: August 2, 2011
    Entry type: keyEntry
    The certificate chain length: 1
    Certificate [1]:
    [...]
    -----------------------------------

    I tried to delete le.ks file and try again, but nothing has changed. I do not have any file .keystore in my folder.

    Why are told that my password is incorrect?

    When you exported the certificate you didn't specify the keystore file or the password for the keystore.

    keytool -export -alias psmith -file psmith.cer -keystore psmisth.ks -storepass spassword

  • Flex iOS app refuses to connect to a self-signed SSL server: error 2032

    Hello everyone, thank you for reading this and I hope you could help me with this problem.

    I'll cut to the Chase. I am currently working on a mobile app in Flex for Android and iOS and the app has to get a few HTTP requests and retrieve information from a server, which is currently developing a teammate.

    Everything had to be working very well until we decided a few days before when we have integrated a SSL self-signed certificate in order to make connections more secure, etc.

    On the side of the app, this change, lying just to replace the http with https url and it seems to work perfectly, or that's what we thought.

    Tests on the Simulator or on an Android device worked well, he just showed the warning provided access to a server that had a rogue certificate that could be ignored without any problem. But when we tried to test a Release on a camera of the iPhone version, it would not just work more. A connection every time trying to be established with the server, error 2032 flash is triggered and it fails miserably does not display not warning about certificates not approved at all. For me, it's really confusing that it works on Android devices, but not on the iPhone device.

    I searched on the Web for people having the same problem but I couldn't find an answer to this specific issue of Flex-iOS-Self-signature-SSL. I found this post unanswered questions: http://forums.adobe.com/message/3359072#3359072 but nothing much.

    I tried to create a crossdomain.xml file on the server with guaranteed set to false, and some other stuff to avoid crossdomain policies, but it changed nothing and the problem persists.

    I'm really out of clues, sort of desperate and have no idea how fix it. If anyone knows something related to this problem, please, help me, I'll be less grateful.

    Thank you!

    We decided to buy a verified SSL certificate, and it worked. We can say that the problem is solved, but it wasn't actually because the connection must be established and that the invited user to accept or decline the self-signed certificate, not only do not make the connection.

  • Flex [mobile] iOS app refuses to connect to a self-signed SSL server: error 2032. Ring the bells?

    Hello everyone, thank you for reading this and I hope you could help me with this problem.

    I'll cut to the Chase. I am currently working on a mobile app in Flex for Android and iOS and the app has to get a few HTTP requests and retrieve information from a server, which is currently developing a teammate.

    Everything had to be working very well until we decided a few days before when we have integrated a SSL self-signed certificate in order to make connections more secure, etc.

    On the side of the app, this change, lying just to replace the http with https url and it seems to work perfectly, or that's what we thought.

    Tests on the Simulator or on an Android device worked well, he just showed the warning provided access to a server that had a rogue certificate that could be ignored without any problem. But when we tried to test a Release on a camera of the iPhone version, it would not just work more. A connection every time trying to be established with the server, error 2032 flash is triggered and it fails miserably does not display not warning about certificates not approved at all. For me, it's really confusing that it works on Android devices, but not on the iPhone device.

    I searched on the Web for people having the same problem but I couldn't find an answer to this specific issue of Flex-iOS-Self-signature-SSL. I found this post unanswered questions: http://forums.adobe.com/message/3359072#3359072 but nothing much.

    I tried to create a crossdomain.xml file on the server with guaranteed set to false, and some other stuff to avoid crossdomain policies, but it changed nothing and the problem persists.

    I'm really out of clues, sort of desperate and have no idea how fix it. If anyone knows something related to this problem, please, help me, I'll be less grateful.

    Thank you!

    We decided to buy a verified SSL certificate, and it worked. We can say that the problem is solved, but it wasn't actually because the connection must be established and that the invited user to accept or decline the self-signed certificate, not only do not make the connection.

  • Generate a DRAC 7 - new self-signed certificate

    Try to generate a new cert self-signed by the DRAC, but keep the size to 2048 bits.

    racadm config-g cfgRacSecurity-o cfgRacSecCsrKeySize 2048

    sslresetcfg restores the cert to 1024...

    racadm sslresetcfg

    Counsel on how to obtain a self-signed certificate 2048?

    iDRAC 7 2.10.10.10 Firmware go iDRAC have by default with 2048-bit certificate. You can update iDRAC to 2.10.10.10 and run the command "racadm sslresetcfg" to load the default certificate of 2.10.10.10 firmware.

    iDRAC7 2.10.10.10 Firmware is available @ http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=Y5K20&fileId=3445456701&osCode=NAA&productCode=poweredge-r820&languageCode=EN&categoryId=LC

Maybe you are looking for