I have a problem on my EMM virtual machine.
When I go to my console an error appears, as the screen shows
I think I have done all the previous tasks correctly, but only the people who do not work are not mistaken, so the error can come from the previous steps.
I'm running Windows Server 2008 64-bit
I have Java JDK 8 update 121
I have the latest version of WSO2 EMM
I'm logged in admin
This is due to the SSL certificate available in wso2carbon.jks in set to localhost not to the ip address. You can simply navigate to the emm server by clicking on the WSO2 logo.
and you can create a self singed SSL certificate to the ip address and replace the current cert in order to prevent this screen.
Related
I am attempting to test a secure websocket connection from a Java server to an Angular client. The server uses a keystore I created by importing a self-signed certificate, which I created using OpenSSL. The client is supposed to display an error if the client connection fails.
For IE, Edge, and Firefox, if I do not install the browser certificate, I get a browser warning first, then if navigate to the site, I see the error. This is what I would expect.
For Chrome, I get the warning page "Your connection is not private" with the error NET::ERR_CERT_AUTHORITY_INVALID. If I then proceed to the site, it comes up without an error. My code shows that a connection is established. I didn't expect this to occur.
At first, I thought I had an old certificate installed in the browser. However, Chrome uses the same certificate store as IE and Edge, and they work. Still, I cleared the SSL cache and even uninstalled and reinstalled Chrome. It still didn't show the error.
Can anyone give me any suggestions as to why Chrome is allowing this connection without the browser certificate?
I just installed WSO2 iotserver 3.1.0 .
When i try to enroll a device (Android) i get :
Enrollment failed
Please contact administrator. Code : 500
Error : java.io.EOFException
I have yet to figure out the issue.
Does anyone know how to fix this?
Thanks
This could happen due to multiple issues.
If you are using HTTPS instead of HTTP without installing the certificates to the android agent (For this you will have to compile the Android agent. More information). When you are enrolling, give the server address as {IP}:8280 and username/password as admin/admin.
If the server is not accessible by the device. Please make sure that device is in a network which has access to the server.
Ports not being opened.(8243, 8280, 9443, 9763)
Due to a configuration error.
The best solution is to run the change-ip.sh script to set up the server. More information
Do it like below :
do not give your server ip address (112.234.34.888) or the IP address with 9443 port like (112.234.34.888:9443).
STEP 1 : Tap on Continue
STEP 2 : tap on skip and go to enrollment
STEP 3 : enter your server IP address with the port 8280. make sure port 8280 is opened in your server.
FINAL STEP : Enter the credentials like below. then your are good to go.
Attempting to authenticate a windows client (IE/Firefox) via SPNEGO and Kerberos. The server side is Java/Tomcat with JCIFS for SPNEGO authentication. The SSO (Kerberos) auth works fine when hosting the server side on a Win 2008 R2 server. However, when on a 2012 server it fails with a GSSException: Defective token detected.
Digging a bit deeper with network tracing I found that, in the working case the IE client sends the negotiate tokens with 4 mechTypes :
1.2.840.48018.1.2.2 - MS KRB5,
1.2.840.113554.1.2.2 - KRB5,
1.3.6.1.4.1.311.2.2.30 - NEGOEX, and
1.3.6.1.4.1.311.2.2.10 - NTLMSSP
In this case my server side will complete the SPNEGO selecting MS KRB5. However, in the problem case, the IE client only sends token with 2 mechtypes - NEGOEX and NTLMSSP. And this is initiator preferred. Java doesn't support NEGOEX and hence it fails.
Some search revealed that this problem is associated with bugs in JDK*, or otherwise issues with DNS. However, I'm on latest JDK and DNS seems to be okay. So my question is, when does a browser in Windows switch to NEGOEX in SPNEGO and why ? The closest answer I found was in an msdn blog which says Kerberos is not available since it's not in a domain environment. However, the client is indeed in domain environment and klist shows a valid Kerberos ticket. If it indeed is a domain problem, what exactly could be the root cause, and how can I avoid the problem ?
Footnote, some background research information : JDK8 has seen many fixes in the GSS mechanism. There were things broken in jdk8u40 and jdk8u45. Then further fixes are present in jdku65. A bug report which was supposed to implement NEGOEX was closed with a fix
"a fix to SPNEGO that allows NEGOEX be presented and bypassed"
however, I'm not sure if NEGOEX is indeed working. The NEGOEX IETF standard also looks abandoned with the draft RFC in the expired state. So I doubt if it will really be supported by Java, libraries.
Since two days I get this error when connecting via HTTPS to my local application running on localhost:
Server has a weak ephemeral Diffie-Hellman public key
I use latest Mac OSX and latest Google Chrome. My application runs on a Tomcat. How can I create a new self-signed certificate that will be accepted by Google? I just want to continue to develop! So any hack is welcome.
I'm trying to configure the new wls 12.1.2 with JDK 1.7 r45 on Windows 2008 R2
No problem with the admin console.
But i have problem with the node manager, it is on the same server (all-in-one).
On Machine voice (domainname/environment/machines) I check the status of my machine node manager status and I get :
Inactive
java.io.IOException
No error displayed on adminserver.log and nodemanager.log
The port 5556 is alive and tested with telnet.
With procmon I don't see errors or problem.
The instances are executed with the same user that is localadmin
What can I do to invastigate/debug it?
What could be the problem for you?
Thank you
If you don use SSL you have to modify the property SecureListener in the file nodemanager.properties:
SecureListener=false
(false=plain, true=SSL)