Have you tried Logmein.com? Wonderful, one of the easyest way to share remotely your Windows desktop.
You can connect at home or at work easily and bring the control of your machine.
You can help your parents if they are in trouble and check the computer.
It works almost with every browser and every operative system...
But, in the latest times, when I try to connect at the main page the browser show me this awful error: " The connection to the server was reset while the page was loading"
In the beginning I thought that was a so successful service, that so much clients have stunned the server.
To day a vague feeling that could be a different kind of problem, so I begun a search and...
Well, I think there is a real problem with the TCP/IP stack.
I think you can try different values since you found the correct one.
Incredible. For what I could discover now, the problem seems to affect every kind of browsers (Firefox/Konqueror/IE) in conjunction with the MTU parameter. Even if you try wget the https://secure.logmein.com/home.asp page the error appears.
To correct you need to change the MTU parameter at least into your ADSL modem, changing it from 1500 (my default value) to 1450.
Monday, December 17, 2007
Thursday, November 29, 2007
An Open Letter to the OpenDS Community and to Sun Microsystems
Neil Wilson one of the founders of the OpenDS project quits and, after about two month of silence, send to the Community a letter that explain his dealing. I would like to quote this letter to give the maximum spread what happened and what are behind the people that support the open source philosophy.
"My name is Neil Wilson, and until recently I held the Owner and Committer roles in the open source OpenDS project. I helped found OpenDS, served as the project architect, and have contributed more code than anyone else. However, I must now regrettably inform you that I have been compelled to end all involvement with OpenDS. I have resigned all roles that I held in the project and have rescinded my Sun Contributor
Agreement. I will no longer contribute code, documentation, bug reports, suggestions for improvement, or advice of any kind.
I joined Sun Microsystems in October of 2001, where I was directly involved with its proprietary directory products in addition to my later work with OpenDS. I wrote and analyzed code to provide new features, fix
bugs, and improve performance, and I developed a number of tools to help improve the Directory Server experience. I had excellent working relationships with a number of customers, and I was instrumental in
closing several deals worth many millions of dollars. I consistently received the top rating in annual performance reviews, and I worked with a number of other groups within Sun, as well as with Sun partners, to
help ensure that the Directory Server products worked as well as possible with other Sun technologies, including Solaris, Java, and a number of other software products, as well as many different kinds of
hardware.
On September 27, 2007, I was notified that Directory Server engineering, including OpenDS, was being consolidated in Grenoble, France, and that US-based positions were being eliminated. Some individuals were
reassigned to work on other software products, but among those laid off were the four OpenDS project owners (myself, Stephen Shoaff, Don Bowen, and David Ely), as well as the OpenDS community manager (Trey Drake). We would technically remain Sun employees for the next two months, but were
not able to access any Sun-internal resources and were not required to work in any way and were encouraged to use that time to seek employment elsewhere.
This was certainly a very surprising move, but the shock wore off and within a few days the OpenDS owners and community manager got together and decided that even if we were no longer working for Sun that we would like to continue our involvement with OpenDS and wished to ensure that the project was in the best possible position moving forward. To that end, we had face-to-face meetings, conference calls, and e-mail
discussions with Sun employees still involved in the project to provide advice and knowledge transfers. I also continued participation on the project mailing lists, committed code changes, and updated the project
issue tracker and documentation wiki.
The project owners also decided that as an act of good faith (and without any prompting from Sun) that we should elect a fifth owner who was a Sun employee, since Sun had certainly made a significant contribution to the project. We appointed Ludovic Poitou to this position, as he had served as the architect for Sun's proprietary Directory Server product for several years, and further suggested that we should amend the project governance to ensure that Sun Microsystems was granted a permanent seat in the project ownership. On November 13, 2007, the OpenDS project owners (including Ludovic) met via conference call with the intention of discussing this governance change. However, during that meeting Ludovic informed us that Sun's intention was to change the OpenDS governance policy so that the project was controlled entirely by a Sun-selected committee. This was a surprise to us, and we indicated that while we were willing to discuss this further to better understand what was involved, we were concerned that this was not necessarily in the best interests of the OpenDS project or its associated open source community. We noted that the current OpenDS
governance policy stated that governance changes could only be made by a consensus of the project owners, and therefore we would be required to approve any potential change.
On November 14, 2007, a member of executive management within Sun's software division contacted one of the recently-laid-off OpenDS project owners and demanded that the owners approve a governance change that would grant Sun full control of the OpenDS project. During this call, we were threatened that if we did not make this change we could face immediate termination and loss of all severance benefits. The four
former-Sun owners discussed this and decided that we could not in good conscience approve the requested change as we did not believe that it would be in the best interests of the project, but we were also not
willing to risk the considerable financial loss that could result if Sun decided to make good on that threat. After first trying to resolve the issue through more amicable avenues, we were ultimately compelled to
resign our ownership and end our association with the project on November 19, 2007.
This was a very disappointing and hurtful turn of events. I believe that we acted only in good faith and in the best interests of the community, and we had clearly taken action to protect Sun's position in the project
even after our own jobs had been eliminated. OpenDS was founded as a community-focused "doacracy", and no one has done more than I have to help ensure its success, or to ensure Sun's success through OpenDS.
However, Sun management has shown that at least in this case they are willing to resort to rather hostile tactics to preserve absolute control. This is most certainly not in the spirit of open source and
open development that we tried to foster or that Sun claims to embody.
Please note that I don't feel that this action was representative of Sun's true open source strategy, but was a relatively isolated incident brought on by middle management acting of their own accord. I believe
and certainly hope that the public statements made by individuals like CEO Jonathan Schwartz and Chief Open Source Officer Simon Phipps are honest and that Sun truly does want to be a genuine community-focused open source company, and I have no reason to believe that they were
aware of or involved with any of what happened with OpenDS. Similarly, I sympathize with the remaining Sun-employed OpenDS engineers who may have been unwittingly drawn into this turmoil, and am disappointed that we will no longer be able to work together, but it was not my choice.
Unfortunately, if Sun is unable to ensure that their middle management is on the same page as the senior management setting the open source strategy and the engineers making it happen, then it won't take too many more incidents like this (or the Project Indiana / OpenSolaris Developer Preview naming fiasco) for people to start to question Sun's true intentions.
In order to avoid potential retaliation from Sun, I have remained silent on this matter through the duration of the two-month period following the layoff notification during which I was still technically a Sun
employee. Now that this time has elapsed, I am no longer at risk of losing severance benefits and I believe that it is important to clear the air. I have no desire to pursue this matter any further through
legal or other channels, but simply wish to explain why I am no longer able to be involved with the OpenDS project.
I am passionate about the technology and hope to continue working in this area in the future, but I am not yet prepared to discuss where I'm going from here. You may watch my new blog at http://directorymanager.wordpress.com/ for more information in the future.
Neil Wilson
neil.a.wilson [at]directorymanager.org"
Support Java Plug-in on 64-bit AMD and Intel
I was tring to see, surfing with firefox, if there was snow on the mountain, I like the snow and love snowboarding!!
Well I discovered that I couldn't see anything because the java plugin wasn't installed into firefox.
Oh, so easy? Well... When I upgraded my Linux to Gutsy I though to update everything to the correct configuration, I have a wonderful (?) AMD64. In other words, I change the binary from i386 to AMD64.
So everything need to be compiled to work on a 64 bit processor. Until now I had some problem, but nothing too difficult. It seems every program was compiled for AMD64 too. Until now.
I discovered with big surprise that there is no support for the java plugin on a AMD64 platform. It is really incredible. In the forllowing lines I collect some of the most interesting link about this problem and, sometime, the probably solution.
Well I discovered that I couldn't see anything because the java plugin wasn't installed into firefox.
Oh, so easy? Well... When I upgraded my Linux to Gutsy I though to update everything to the correct configuration, I have a wonderful (?) AMD64. In other words, I change the binary from i386 to AMD64.
So everything need to be compiled to work on a 64 bit processor. Until now I had some problem, but nothing too difficult. It seems every program was compiled for AMD64 too. Until now.
I discovered with big surprise that there is no support for the java plugin on a AMD64 platform. It is really incredible. In the forllowing lines I collect some of the most interesting link about this problem and, sometime, the probably solution.
Tuesday, November 27, 2007
OpenOffice as Windows Service AKA How to install SRVANY and live happy
Install OpenOffice as Windows Service is not so easy as it seems. You could spent an afternoon or more to understand why it wont start! So I hope this could help somebody.
To install OpenOffice as Windows Service you need two application, SRVANY.EXE and INSTSRV.EXE. You can download it from the Windows Server 2003 Resource Kit Tools at Microsoft Download Center .
I suppose you have already installed OpenOffice and you have also have started it as Administrator. It is important after the first start that you agree the license. If you first don't agree the license after the service won't start as Service.
The easiest way after you have installed OpenOffice (at this moment I have installed the version 2.3) is:
copy c:\Program Files\Windows Resource Kits\Tools\SRVANY.EXE C:\Windows\system32\
instsrv.exe "OpenOffice" c:\WINDOWS\system32\SRVANY.EXE
and add the following key into the registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenOffice]
"DisplayName"="Resin - OpenOffice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenOffice\Parameters]
"AppParameters"="-headless -accept=socket,host=0.0.0.0,port=8100;urp;"
"Application"="C:\\OpenOffice.org.2.3\\program\\soffice.exe"
"AppDirectory"="C:\\OpenOffice.org.2.3"
to load these lines automatically you could copy into a OpenOffice.reg file and double click on the new file.
To install OpenOffice as Windows Service you need two application, SRVANY.EXE and INSTSRV.EXE. You can download it from the Windows Server 2003 Resource Kit Tools at Microsoft Download Center .
I suppose you have already installed OpenOffice and you have also have started it as Administrator. It is important after the first start that you agree the license. If you first don't agree the license after the service won't start as Service.
The easiest way after you have installed OpenOffice (at this moment I have installed the version 2.3) is:
copy c:\Program Files\Windows Resource Kits\Tools\SRVANY.EXE C:\Windows\system32\
instsrv.exe "OpenOffice" c:\WINDOWS\system32\SRVANY.EXE
and add the following key into the registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenOffice]
"DisplayName"="Resin - OpenOffice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenOffice\Parameters]
"AppParameters"="-headless -accept=socket,host=0.0.0.0,port=8100;urp;"
"Application"="C:\\OpenOffice.org.2.3\\program\\soffice.exe"
"AppDirectory"="C:\\OpenOffice.org.2.3"
to load these lines automatically you could copy into a OpenOffice.reg file and double click on the new file.
Tuesday, September 18, 2007
Setting Up a Virtual Frame Buffer (XVBF) to Support Open Office
Deploying Alfresco Community I may need to setup OpenOffice and how I discovered with surprise, OpenOffice insist to connect with X, and there was no X server to connect. So OpenOffice exits with error:
$ soffice "-accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager" -nologo -headless -nofirststartwizard &
soffice.bin X11 error: Can't open display:
Set DISPLAY environment variable, use -display option
or check permissions of your X-Server
(See "man X" resp. "man xhost" for details)
I think because it needs X as rendering engine. I installed Xvbf, that is a X server that can run on machines with no display hardware and no physical input devices. It emulates a dumb framebuffer using virtual memory.
To avoid this problem you have simply start Xvfb before OpenOffice and setup properly the DISPLAY environment variable. If you don't have Xvfb installed on your system you can add it with:
$ apt-get install xvfb
Then you can start it:
$ Xvfb :5 -screen 0 1600x1200x24 &
the Virtual Frame Buffer now is on display 5 screen 0, so you have to set the DISPLAY environment variable to:
$ export DISPLAY=:5.0
Finally now you can start Open Office as daemon.
$ soffice "-accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager" -nologo -headless -nofirststartwizard &
soffice.bin X11 error: Can't open display:
Set DISPLAY environment variable, use -display option
or check permissions of your X-Server
(See "man X" resp. "man xhost" for details)
I think because it needs X as rendering engine. I installed Xvbf, that is a X server that can run on machines with no display hardware and no physical input devices. It emulates a dumb framebuffer using virtual memory.
To avoid this problem you have simply start Xvfb before OpenOffice and setup properly the DISPLAY environment variable. If you don't have Xvfb installed on your system you can add it with:
$ apt-get install xvfb
Then you can start it:
$ Xvfb :5 -screen 0 1600x1200x24 &
the Virtual Frame Buffer now is on display 5 screen 0, so you have to set the DISPLAY environment variable to:
$ export DISPLAY=:5.0
Finally now you can start Open Office as daemon.
Alfresco 2.1.0 WCM Community + Ubuntu Feisty + Oracle Express
This is an easy wiky to install Alfresco on Ubuntu with Oracle 10.2 XE and Tomcat 5.5.
This wiki assumes you are knowledgeable enough with Tomcat and Oracle and don't follow you in deep to install them both.
Download the file alfresco-community-tomcat-2.1.0.tar.gz and uncompress it in /opt/alfresco-community-tomcat-2.1.0. You will find a complete installation of Tomcat 5.5 in the tomcat directory.
Now customize the file alfresco.sh setting:
Now you can setup the Oracle connection and to do this you need copy the Oracle JDBC drivers in alfresco/tomcat/common/lib/. Forget to put the JDBC drivers in the common/lib is one of most common problem in the Alfresco installation
Those files are custom-repository.properties and custom-hibernate-dialect.properties:
Customize the ./zstart_oo.sh and start OpenOffice like a daemon this will permit to document transformation.
Check if OpenOffice is started correctly looking for a process listening on port 8100
Now you can start alfresco running the script:
you can start the application with the following command and avoid the problem
This wiki assumes you are knowledgeable enough with Tomcat and Oracle and don't follow you in deep to install them both.
Download the file alfresco-community-tomcat-2.1.0.tar.gz and uncompress it in /opt/alfresco-community-tomcat-2.1.0. You will find a complete installation of Tomcat 5.5 in the tomcat directory.
Now customize the file alfresco.sh setting:
APPSERVER=/opt/alfresco-community-tomcat-2.1.0/tomcatUnder Oracle you have to create a new account (username: alfresco password:alfresco). Then grant connect and resource Rules.
Now you can setup the Oracle connection and to do this you need copy the Oracle JDBC drivers in alfresco/tomcat/common/lib/. Forget to put the JDBC drivers in the common/lib is one of most common problem in the Alfresco installation
Those files are custom-repository.properties and custom-hibernate-dialect.properties:
- custom-repository.properties
- uncomment custom content and index data location and adjust as appropriate:
#
# Sample custom content and index data location
#
dir.root=/opt/alfresco-community-tomcat-2.1.0/alf_data
dir.indexes=/opt/alfresco-community-tomcat-2.1.0/alf_data/lucene_indexes - uncomment the account info and adjust as appropriate:
#
# Sample database connection properties
#
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100 - uncomment the Oracle connection lines and adjust as appropriate (pay particular attention to the SID, in our case is XE)
#
# Oracle connection (requires ojdbc14_g.jar or equivalent jar in shared libraries location)
#
db.driver=oracle.jdbc.OracleDriver
db.url=jdbc:oracle:thin:@localhost:1521:XE - comment out any other connection lines using #
- custom-hibernate-dialect.properties -
- comment out any other dialect line using #
#
# Oracle dialect
#
hibernate.dialect=org.hibernate.dialect.Oracle9Dialect - copy the Oracle JDBC drivers ojdbc14_g.jar in the tomcat common lib:
cp $ORACLE_HOME/jdbc/lib/ojdbc14_g.jar alfresco/tomcat/common/lib/
$ sqlplus alfresco/alfresco@XE
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 17 22:47:32 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> quit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Customize the ./zstart_oo.sh and start OpenOffice like a daemon this will permit to document transformation.
Check if OpenOffice is started correctly looking for a process listening on port 8100
$ netstat -ntl | grep 8100The JAVA_HOME variable must be set correctly to your Java5 (or higher) installation.
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN
Now you can start alfresco running the script:
$ ./alfresco.sh startcheck the alfresco.log to see what's happening. If you find some exceptions as shown in the following lines, don't worry, that happens because the user haven't the administrator rights:01:39:48,474 ERROR [org.alfresco.smb.protocol.netbios] NetBIOSNameServer setup error:
java.net.BindException: Permission denied
at java.net.PlainDatagramSocketImpl.bind0(Native Method)
at java.net.PlainDatagramSocketImpl.bind(PlainDatagramSocketImpl.java:82)
at java.net.DatagramSocket.bind(DatagramSocket.java:368)
at java.net.DatagramSocket.(DatagramSocket.java:210)
at java.net.DatagramSocket.(DatagramSocket.java:261)
at java.net.DatagramSocket.(DatagramSocket.java:234)
at org.alfresco.filesys.netbios.server.NetBIOSNameServer.openSocket(NetBIOSNameServer.java:1085)
at org.alfresco.filesys.netbios.server.NetBIOSNameServer.run(NetBIOSNameServer.java:1611)
at java.lang.Thread.run(Thread.java:619)
01:39:48,557 ERROR [org.alfresco.ftp.protocol] FTP Socket error
java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:359)
at java.net.ServerSocket.bind(ServerSocket.java:319)
at java.net.ServerSocket.(ServerSocket.java:185)
at java.net.ServerSocket.(ServerSocket.java:141)
at org.alfresco.filesys.ftp.FTPNetworkServer.run(FTPNetworkServer.java:407)
at java.lang.Thread.run(Thread.java:619)
you can start the application with the following command and avoid the problem
$ sudo ./alfresco.sh startlook at alfresco.log to see if everything is going well and then check the http://localhost:8080/alfresco/faces/jsp/login.jsp with your browser.
Sunday, September 16, 2007
Oracle XE 10.2.0.1.0 - Connectivity Problems
After to have experienced some connectivity problems with Oracle XE in the following lines some suggestion found looking around on the web:
Oracle XE has it's own forum - to register and discuss XE problems with XE experts use URL http://www.oracle.com/technology/xe/registration
A few things to think about when troubleshooting XE connectivity problems:
1) Listener must be up (first)
2) Database must be up
3) Listener must recognize database
4) Listener must be monitoring for APEX (Home page)
5) Port for Apex must be available (8080, the default, is also default for tomcat and others)
6) All Oracle admin stuff must be handled by a user in the right group (ORA_DBA group in Windows, DBA in Linux). The group must have been set up using a local administrator (administrator, root) that can update the registry, create groups, and write to the disk.
I'll walk thru the steps of getting it all running in Linux - assuming successful install. Listener and database are services so use control panel appropriately. I start with database and listener down and show the various outputs
oracle@fuzzy:~> lsnrctl status
Oracle XE has it's own forum - to register and discuss XE problems with XE experts use URL http://www.oracle.com/technology/xe/registration
A few things to think about when troubleshooting XE connectivity problems:
1) Listener must be up (first)
2) Database must be up
3) Listener must recognize database
4) Listener must be monitoring for APEX (Home page)
5) Port for Apex must be available (8080, the default, is also default for tomcat and others)
6) All Oracle admin stuff must be handled by a user in the right group (ORA_DBA group in Windows, DBA in Linux). The group must have been set up using a local administrator (administrator, root) that can update the registry, create groups, and write to the disk.
I'll walk thru the steps of getting it all running in Linux - assuming successful install. Listener and database are services so use control panel appropriately. I start with database and listener down and show the various outputs
oracle@fuzzy:~> lsnrctl status
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 16-MAR-2006 07:58:27
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Linux Error: 2: No such file or directory
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=fuzzy)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Linux Error: 111: Connection refused
Start the listener. Use control panel in Windows
oracle@fuzzy:~> lsnrctl start
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 16-MAR-2006 08:00:45
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Starting /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
Log messages written to /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 16-MAR-2006 08:00:45
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Default Service XE
Listener Parameter File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
Listener Log File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
Make sure the database is running. Idle instance is not good
oracle@fuzzy:~> sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Mar 16 08:02:59 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to an idle instance.
SQL> rem start the database. Use control panel in WIndows
SQL> startup
ORACLE instance started.
Total System Global Area 289406976 bytes
Fixed Size 1258488 bytes
Variable Size 92277768 bytes
Database Buffers 192937984 bytes
Redo Buffers 2932736 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Check if listener knows about DB and APEX
oracle@fuzzy:~> lsnrctl status
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 16-MAR-2006 08:04:56
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 16-MAR-2006 08:00:45
Uptime 0 days 0 hr. 4 min. 10 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Default Service XE
Listener Parameter File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
Listener Log File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=8080))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "XE" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
Service "XEXDB" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
Service "XE_XPT" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
The command completed successfully
Great; it has a handle for database (XE) and Apex (XEXDB) but Apex is on 8080, which conflicts with Tomcat.Move Apex
oracle@fuzzy:~> sqlplus system/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Mar 16 08:06:37 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> exec dbms_xdb.sethttpport(8090);
PL/SQL procedure successfully completed.
SQL> select dbms_xdb.gethttpport() from dual;
DBMS_XDB.GETHTTPPORT()
----------------------
8090
SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Check that Apex is on 8090
oracle@fuzzy:~> lsnrctl status
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 16-MAR-2006 08:08:52
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 16-MAR-2006 08:00:45
Uptime 0 days 0 hr. 8 min. 6 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Default Service XE
Listener Parameter File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
Listener Log File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=fuzzy.forbrichcomputing.ca)(PORT=8090))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "XE" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
Service "XEXDB" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
Service "XE_XPT" has 1 instance(s).
Instance "XE", status READY, has 1 handler(s) for this service...
The command completed successfully
now check http://localhost:8090/apex/ with a browser
If you cannot reach the remote server, there is a useful trick using a ssh tunnel:
ssh -L 8090:localhost:8090 user@IP_of_your_server
This can be done recursively and permit to reach the remote server as you are there :-)
Friday, September 14, 2007
Installing Alfresco 2.1.0 WCM + Ubuntu Linux + Oracle 10 Express Edition
Once have successfully installed and configured Oracle (to know how to install Oracle 10 Express look here) you can install a fresh copy of Alfresco version 2.1.0 (AlfrescoEnterprisePlusWCM-2.1.0-Linux-x86-Install.zip), the zip file provide two different installer:
AlfrescoEnterprise-2.1.0-Linux-x86-Install.bin
AlfrescoWCMEnterprise-2.1.0-Linux-x86-Install.bin
I started with AlfrescoEnterprise-2.1.0-Linux-x86-Install.bin.
The installation process it is quite easy to complete, accept the license agreement, choose the destination folder and resolve a question: do you want use the jdk and openoffice already locally installed or do you want download these necessaries components? we don't need anything. We can install both JDK and OpenOffice via apt-get and anyway, we'll see later, the only thing we need is to know where JDK and OpenOffice are. The path to setup properly the startup scripts.
After the install wizard choose to start the configuration wizard and you will be asked for:
To setup the Oracle connection, you need to look 2 files from the $ALFRESCO_HOME/tomcat/shared/classes/alfresco/extension directory. Those files are custom-repository.properties and custom-hibernate-dialect.properties:
cp $ORACLE_HOME/jdbc/lib/ojdbc14_g.jar alfresco/tomcat/common/lib/
If you have an oracle client you could check the oracle connection with the following command:
$ sqlplus alfresco/alfresco@XE
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 17 22:47:32 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> quit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Looking at the startup script I see the Alfresco 2.1.0 configuration wizard have a bug, the @@ALFRESCO_DIR@@ should be replaced in the admin scripts with the correct path. Anyway this did not happened, so I had to patch all the scripts present in the installation directory (Be sure to be in the correct directory before submit this!):
$ perl -i -p -e 's/\@\@ALFRESCO_DIR\@\@/\/home\/freedev\/apps\/servers\/alfresco-2.1.0/g' *.sh
So I hoped to have resolved all installation problems, but JDK and OpenOffice although were downloaded successfully, during the package decompression many binary files necessaries to the execution did not have the execution permission, so the installation... well, I think you understand. Fortunately install a new package (i.e. JDK) under Ubuntu it is really easy:
sudo apt-get install sun-java6-jdk
and remove everything related the gcj:
sudo apt-get remove gcj-4.1-base
Finally to fix the startup scripts we need to create two link one to configure the JAVA_HOME in the startup scripts and another to allow the script to find OpenOffice:
ln -s /usr/lib/jvm/java-6-sun-1.6.0.00/ alfresco/java
ln -s /usr/lib/openoffice/ openoffice.org2.1
now we can finally try to start Alfresco.
$ ./alfresco.sh start
AlfrescoEnterprise-2.1.0-Linux-x86-Install.bin
AlfrescoWCMEnterprise-2.1.0-Linux-x86-Install.bin
I started with AlfrescoEnterprise-2.1.0-Linux-x86-Install.bin.
The installation process it is quite easy to complete, accept the license agreement, choose the destination folder and resolve a question: do you want use the jdk and openoffice already locally installed or do you want download these necessaries components? we don't need anything. We can install both JDK and OpenOffice via apt-get and anyway, we'll see later, the only thing we need is to know where JDK and OpenOffice are. The path to setup properly the startup scripts.
After the install wizard choose to start the configuration wizard and you will be asked for:
- Database Type - choose Oracle;
- Content Store Location - the directory where Alfresco will store files and other stuff, leave the default if you don't have particular needs;
- Index Location - another directory for the indexes, leave the default if you don't have particular needs;
- OpenOffice Installation Directory - /usr/lib/openoffice (if you have openoffice installed through apt-get) anyway this parameters will never be used because the configuration wizard have some bugs.
To setup the Oracle connection, you need to look 2 files from the $ALFRESCO_HOME/tomcat/shared/classes/alfresco/extension directory. Those files are custom-repository.properties and custom-hibernate-dialect.properties:
- custom-repository.properties
- uncomment the account info and adjust as appropriate:
#
# Sample database connection properties
#
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100 - uncomment the Oracle connection lines and adjust as appropriate (pay particular attention to the SID, in our case is XE)
#
# Oracle connection (requires ojdbc14_g.jar or equivalent jar in shared libraries location)
#
db.driver=oracle.jdbc.OracleDriver
db.url=jdbc:oracle:thin:@localhost:1521:XE - comment out any other connection lines using #
- custom-hibernate-dialect.properties -
- comment out any other dialect line using #
#
# Oracle dialect
#
hibernate.dialect=org.hibernate.dialect.Oracle9Dialect
cp $ORACLE_HOME/jdbc/lib/ojdbc14_g.jar alfresco/tomcat/common/lib/
If you have an oracle client you could check the oracle connection with the following command:
$ sqlplus alfresco/alfresco@XE
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 17 22:47:32 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> quit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Looking at the startup script I see the Alfresco 2.1.0 configuration wizard have a bug, the @@ALFRESCO_DIR@@ should be replaced in the admin scripts with the correct path. Anyway this did not happened, so I had to patch all the scripts present in the installation directory (Be sure to be in the correct directory before submit this!):
$ perl -i -p -e 's/\@\@ALFRESCO_DIR\@\@/\/home\/freedev\/apps\/servers\/alfresco-2.1.0/g' *.sh
So I hoped to have resolved all installation problems, but JDK and OpenOffice although were downloaded successfully, during the package decompression many binary files necessaries to the execution did not have the execution permission, so the installation... well, I think you understand. Fortunately install a new package (i.e. JDK) under Ubuntu it is really easy:
sudo apt-get install sun-java6-jdk
and remove everything related the gcj:
sudo apt-get remove gcj-4.1-base
Finally to fix the startup scripts we need to create two link one to configure the JAVA_HOME in the startup scripts and another to allow the script to find OpenOffice:
ln -s /usr/lib/jvm/java-6-sun-1.6.0.00/ alfresco/java
ln -s /usr/lib/openoffice/ openoffice.org2.1
now we can finally try to start Alfresco.
$ ./alfresco.sh start
Thursday, July 19, 2007
Zimbra 4.5.6 + Ubuntu 7.04
How to Install Zimbra (4.5.6) on Ubuntu Feisty
Zimbra Collaboration Suite (ZCS) is a groupware product created by Zimbra Inc, located in California, USA. It consists of both client and server components. There are two versions of Zimbra available: an open-source version, which is supported by the community, and a commercially supported version with closed-source components. In this article, I'll try to explain how to install the free (open-source) version of ZCS on an Ubuntu system Festy although Ubuntu Feisty is not supported at this time.
So what's ZCS more exactly? ZCS is a full-featured collaboration suite, which supports email and group calendars using an Ajax web interface that enables tool tips, draggable items and right click menus in the user interface. There are also some advanced searching capabilities included, as well as date relations, online document authoring and a full administration interface. The ZCS server works well with many open source projects such as Postfix, MySQL, OpenLDAP and it also acts as an IMAP and POP3 server.
That's why if you want install Zimbra you have to stop Postfix, MySQL, OpenLDAP, Apache 2, Tomcat and any other server application that could conflict with it.
You could also have some problem if there is a firewall installed, better disable it too. So first stop:
SHELL
sudo /etc/init.d/postifix stop
sudo /etc/init.d/mysql stopsudo /etc/init.d/apache2 stop
sudo /etc/init.d/openldap stop
These and the other related services (like Tomcat or Spamassassin).
SHELL
sudo update-rc.d -f mysql remove
sudo update-rc.d -f apache2 remove
sudo update-rc.d -f postfix remove
sudo update-rc.d -f openldap remove
Following the Zimbra Installation Manual finally i could install the Collaboration Suite:
SHELL
cd zcd
sudo apt-get install curl fetchmail libpcre3 libgmp3c2 libexpat1 libxml2 libtie-ixhash-perl
sudo ./install.sh
You could experience some problem with dependencies:
OUTPUT
Checking for prerequisites...
NPTL...FOUND
sudo...MISSING
libidn...MISSING
curl...MISSING
fetchmail...MISSING
gmp...MISSING
/usr/lib/libstdc++.so.5...FOUND
###ERROR### One or more prerequisite packages are missing.
Please install them before running this installer.
Installation cancelled.
You can go crazy searching the dependencies, but you hava the problem is not specific to dependencies.
The dependencies check can not be execute correctly, because the Zimbra Get Platform Tag script in the installation procedure.
The trick is modify the /etc/lsb-release:
SHELL
inside you'll find something like this:
/etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.04
DISTRIB_CODENAME=feisty
DISTRIB_DESCRIPTION="Ubuntu 7.04"
and correct this:
DISTRIB_RELEASE=7.04
in this:
DISTRIB_RELEASE=6.04
now you can continue with the installation and the prerequisites check will return success:
OUTPUT
Checking for prerequisites...
NPTL...FOUND
sudo...FOUND sudo-1.6.8p12-4ubuntu5
libidn11...FOUND libidn11-0.6.5-1build1
curl...FOUND curl-7.15.5-1ubuntu2.1
fetchmail...FOUND fetchmail-6.3.6-1ubuntu2
libpcre3...FOUND libpcre3-6.7-1ubuntu2
libgmp3c2...FOUND libgmp3c2-2:4.2.1+dfsg-4build1
libexpat1...FOUND libexpat1-1.95.8-3.4build1
libxml2...FOUND libxml2-2.6.27.dfsg-1ubuntu3
libstdc++6...FOUND libstdc++6-4.1.2-0ubuntu4
libstdc++5...FOUND libstdc++5-1:3.3.6-15ubuntu1
openssl...FOUND openssl-0.9.8c-4build1
Checking for prerequisites...
NPTL...FOUND
sudo...FOUND sudo-1.6.8p12-4ubuntu5
libidn11...FOUND libidn11-0.6.5-1build1
curl...FOUND curl-7.15.5-1ubuntu2.1
fetchmail...FOUND fetchmail-6.3.6-1ubuntu2
libpcre3...FOUND libpcre3-6.7-1ubuntu2
libgmp3c2...FOUND libgmp3c2-2:4.2.1+dfsg-4build1
libexpat1...FOUND libexpat1-1.95.8-3.4build1
libxml2...FOUND libxml2-2.6.27.dfsg-1ubuntu3
libstdc++6...FOUND libstdc++6-4.1.2-0ubuntu4
libstdc++5...FOUND libstdc++5-1:3.3.6-15ubuntu1
openssl...FOUND openssl-0.9.8c-4build1
Anyway the installation problems I found wasn't terminated.
Starting the installation process, the manual show how to modify the hosts file.
ZCS Single Server Quick Start, Network Edition 4.5: "Make sure that FQDN entry in /etc/hosts appear before the hostnames. If this is missing, the creation of the Zimbra certificate fails. The FQDN entry should look like this example."
/etc/hosts
127.0.0.1 localhost.localdomain localhost
your.ip.address FQDN yourhostname
This is an important moment of installation. If you specify there the public ip address of your FQDN but the mail server don't bind directly this ip address, because it is behind a firewall, you could have a big problem after, when the openldap server starts and try to bind the 389 port on that address. In other words, the installation won't continue, because openldap can't start. And there isn't any damn error message that help you to understand that!
So I specified in the hosts file the Ip address of network interface on internet.
But another choice is to change the ip address used by openldap, and you have to do that using the zimbra user:
SHELL
zmlocalconfig -e ldap_url=ldap://0.0.0.0:389
Looking at installation log I found this error:
/opt/zimbra/bin/zmfixperms.sh: No such file or directory
This works:
sudo /opt/zimbra/libexec/zmfixperms
When everything seems up and running, finally you could try to connect at the administration panel. Well, I don't understood why, but the admin password won't work.
To specify a new password you have to submit this command as zimbra user:
SHELL
I hope this can help to enjoy this wonderful suite.
Friday, July 13, 2007
Howto: Java and HTTPS with a self signed SSL Certificate
This code show how to connect in Java via HTTPS. The following code should works easily if you try to connect to a valid and verifiable source, like Google Service Authorization login.
But if you connect to an unverifiable source, you should receive this exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
or
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
This could happen easily, for example if you connect to a web server where SSL certificate is self signed. I read: There is no "workaround" for this, i.e. to disable the authentication step; the CA for the SSL cert must be trusted, and the common name must match, or the SSL connection will fail. Follow this link if you want know more about.
I'm not pretty sure about this, but I think you could extend the X509TrustManager creating a new one to avoid the problem, but heavily breaking the SSL protocol safety.
To complete the authentication step with success, you need to import the certificate and after you can proceed with a correct connection.
To import the certificate you can use the InstallCert.java (found here), the certificate will be stored locally in the jssecacerts file.
Finally when you connect, you need to specify to java where is the file where the certificate is stored. And you can do this adding this parameter:
-Djavax.net.ssl.trustStore=jssecacerts
The last suggestion: pay attention about the hostname in the url and hostname stored inside the certificate: they have to be the same name. If they are different (even though they point to the same ip address), you'll receive the following error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching www.bar.org found
In other words if you have a certificate for the www.foo.org site, you cannot connect to https://www.bar.org site.
You must connect to https://www.foo.org.
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
/**
* HTTPS Connection Sample
*
* @author freedev
* @version 0.1
*
*/
public class HttpsSample {
public static void main(String[] args) {
try {
String urlSite = "https://www.google.com/accounts/ServiceLoginAuth";
URL url = new URL(urlSite);
URLConnection conn = url.openConnection();
// Retrieve information from HTTPS: GET
InputStream istream = conn.getInputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(istream));
String curline;
while ((curline = in.readLine()) != null) {
System.out.println(curline);
}
} catch (IOException e) {
System.out.println("IO exception = " + e);
}
}
}
But if you connect to an unverifiable source, you should receive this exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
or
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
This could happen easily, for example if you connect to a web server where SSL certificate is self signed. I read: There is no "workaround" for this, i.e. to disable the authentication step; the CA for the SSL cert must be trusted, and the common name must match, or the SSL connection will fail. Follow this link if you want know more about.
I'm not pretty sure about this, but I think you could extend the X509TrustManager creating a new one to avoid the problem, but heavily breaking the SSL protocol safety.
To complete the authentication step with success, you need to import the certificate and after you can proceed with a correct connection.
To import the certificate you can use the InstallCert.java (found here), the certificate will be stored locally in the jssecacerts file.
/*
* @(#)InstallCert.java 1.1 06/10/09
*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved. Use is subject to
* license terms.
*/
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class InstallCert {
public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
System.out.println("Using passphrase " + p);
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file.getAbsolutePath() + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory factory = context.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
}
System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}
X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");
}
private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}
private static class SavingTrustManager implements X509TrustManager {
private final X509TrustManager tm;
private X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}
}
Finally when you connect, you need to specify to java where is the file where the certificate is stored. And you can do this adding this parameter:
-Djavax.net.ssl.trustStore=jssecacerts
The last suggestion: pay attention about the hostname in the url and hostname stored inside the certificate: they have to be the same name. If they are different (even though they point to the same ip address), you'll receive the following error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching www.bar.org found
In other words if you have a certificate for the www.foo.org site, you cannot connect to https://www.bar.org site.
You must connect to https://www.foo.org.
Subscribe to:
Posts (Atom)