Are wallets dedicated to the pc where we have created them? or can I move my ewallet.p12 file to another client?
If the answer is "yes, why not?" then could you take a look below?
I did:
create mijn_wallet on a pc on which I could find a proper oracle client installation
download the certificate to a folder
add certificate to mijn_wallet
then I tried to reach to https web site that I've gotten the certificate from.
...
utl_http.set_wallet('file:C:\ora_wall', 'foo');
l_req := utl_http.begin_request(l_url);
l_result := utl_http.get_response(l_req);
however, I keep getting the same sql error message: Certificate Validation Failure
Do you have any suggestion? Thank you very much.
downloading "a certificate" is not enough. moments ago I downloaded all the certificate chain, then imported to my wallet. Now it works..
Related
I'm getting errors, such as the one below, in my /var/log/mail.log file.
Apr 9 18:28:29 blueberry postfix/smtps/smtpd[13294]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1544:SSL alert number 45:
I'm 100% sure the certificates are valid since I'm using them on my websites, all of which couldn't be happier with them. Postfix was also happy previously, but since I renewed the certificates it's been spamming this when my Nextcloud server tries to (and can't) connect to the mail server, despite my mail client still working (although without rDNS as I didn't manage to get my provider to set it up).
I assume the blame is somewhere with Nextcloud - presumably the php handler for mail. Another thing that could be at fault that I tried to check is OpenSSL, but I have no idea how to replace its certificates with my own (generated by Acme.sh).
Both dovecot and postfix have in their config mentioned the correct path to my keys, hence the assumption above.
EDIT: Fixed it.
So, turns out, when I updated my certificate locations when I changed the method of acquiring them (certbot vs acme.sh), I got a typo in one of the filenames. /etc/dovecot/conf.d/10-ssl.conf was correct and so was /etc/postfix/main.cf, but /etc/postfix/vmail_ssl.map had a typo which I didn't see previously - and so was throwing a certificate error.
When using EppLib.net (and as per the Nominet instructions - http://registrars.nominet.uk/namespace/uk/registration-and-domain-management/registrar-systems/epp/testbed)
In order to verify the identity of the secure server you will need the 'Verisign Class 3 Public Primary Certification Authority' root certificate available free from www.verisign.com (the certificate is also distributed with most web browsers).
I am supplying the Verisign Class 3 PPCA Certs in .crt format (I can't export as a pfx) within the code (and have tried every cert installed on the server).
However each one fails with the error (when trying to negotiate the connection):
An existing connection was forcibly closed by the remote host.
I've confirmed that I can connect from the server to Nominet by running cURL
curl -v https://testbed-epp.nominet.org.uk:700
and that responds as I would expect - or at least without an error!
I have also tried to use the same cert that curl appears to be using without success.
Can anyone help with pointing me in the right direction with the SSL that I should be using or how to get hold of the correct certificate?
thanks in advance
For anyone having a similar issue, it wasn't a question of which SSL certificate to use, but to ensure the correct protocol was being used. Incidentally, I got it working initially using the curl-ca-bundle.crt provided with cURL.
This certificate, in combination with a change to the target .net framework for the EppLib.net project resolved my issue.
On cloning from Github the target was .net 4.0 and Nominet needs at least TLS1.1, which wasn't available in v4.
Therefore I also updated the target to 4.5.1 for the EppLib.net project and changed the SslProtocol from
SslProtocol.Tls to
SslProtocol.Tls12
I did my project in MEAN stack. I have installed GeoTrust Wildcard SSL certificate. It worked very well till yesterday. From today morning onward, it returns an error : "Your connection is private".
I don't know why this error occurs suddenly in any browser while run an application. It required to adding manually in exception lists to visit site. Right now I am not able to keep going my site. Certificate having 1 year validity and it was renewed in last month.
Please review attached images.
Give me guideline to solve this issue.
The certificate installed has expired. Looks like you have not installed or assigned the new certificate to your website.
I've followed the following tutorials :
Create wallet,Create ACL
And I am still getting ORA-29024: Certificate validation failure error.
I'm trying this query :
UTL_HTTP.set_wallet('file:/home/oracle/wallet', 'password');
l_http_request := UTL_HTTP.begin_request('https://somedomain.co.il');
l_http_response := UTL_HTTP.get_response(l_http_request);
Now i've added to the ACL : *.somedomain.co.il,somedomain.co.il
And I've downloaded the certificate as DER encoded, as I've read somewhere that this is the one needed and didn't get any errors in the proccess of generating the wallet.
Any thoughts?
I'm using Oracle 11g
In the end my problem was when I exported the certificate i choose DER, in my case i should have used PCKS # 7, but this won't most likley work in all cases i guess it depends on the key.
So i guess if you landed here try and play with your certificate files (be sure to remove and re-add)
And very important, change sessions between tries to know if it worked or not because otherwise it'll keep giving you the error all though it should work.
i guess my .NET application needs to be signed or something. how do i get rid of that prompt unknown publisher when someone tries to install my app?
If it's the prompt I'm thinking of, you'd start by getting a certificate from someone like Verisign and use their certificate to sign your assembly.
You may be able to do a self-signed assembly using the information from these pages:
http://weblogs.asp.net/fbouma/archive/2003/12/23/45396.aspx
http://msdn.microsoft.com/en-us/library/ms247123(VS.80).aspx
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx
I'd recommnd reading up and going from there.