Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources – Hyperledger

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise blockchain community.

If you have suggestions for resources or events that we should spotlight in a future Weekend Update, let us know here using #HLWeekendUpdate.

Hyperledger In-depth: An hour with Palm NFT Studio

In this session, Dan Heyman of Palm NFT Studio will introduce Palm Side Chain with an overview of technical specifications and architecture and detailed explanation how Hyperledger Besu is currently being used in this new network.

Tune on Tuesday, September 14, at 9:00 AM PDT. For more information and to register, go here.

Hyperledger In-depth: An hour with Thales

In 2019, 7.9 billion data records were breached. And yet, 39% of companies aren’t using robust data security measures because deployment complexity is a barrier. Security is not a nice-to-have feature. It’s not an opt-in. It’s a must. No one will buy your solution if they cannot trust it. It’s no wonder companies are exercising diligence when choosing a solution, ideally one that is system agnostic, automated, and simple. In this discussion, Blair Canavan of Thales and Avesta Hojjati of DigiCert will discuss how to incorporates critical levels of security into the blockchain, increasing the integrity of solutions built using Hyperledger Fabric.

Tune on Wednesday, September 15, at 10:00 AM PDT. For more information and to register, go here.

Learn more about how Thales and DigiCert have teamed up to increase cybersecurity for Hyperledger Fabric in this new case study.

Blockchain World Expo Global – Virtual Edition

On September 14-15, the full schedule of talks from the London-located Blockchain World Expo Global event will be presented to the global audience as a virtual event. Sessions include a panel moderated by Laura Ellis, Head of Technology Forecasting, BBC, covering the state of enterprise blockchain featuring Mark Cudden, CEO, we.trade and Shamit Bhat, Interoperability Solutions Director, GSMA.

Get more details here.

Virtual Meetups

See the full Virtual Meetup schedule here.

Related:

  • No Related Posts

IP does not like recipient.

I do not need a solution (just sharing information)

Hi,

I am using office 365 as a mail provider. When I send email from my mac to certain email addresses I get the bounce back message below. When I send the extact same message to the exact same recipient using Outlook online the message gets through no problems. 

Why is this email being blocked using my mac mail but not outlook 365?

Any help much appreciated.

Thanks,

Matt.

Hi. This is the qmail-send program at apm-internet.net.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.

<aaa@aaa.com>:
67.219.246.101 does not like recipient.
Remote host said: 553-SPF (Sender Policy Framework) domain authentication
553-fail. Refer to the Troubleshooting page at
553-https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.symanteccloud.com%2ftroubleshooting&c=E,1,pc9hEdG61NJSVH7AYssP-yywYul9TSypNsx3RBTdb4TL7v2bHMneVnKqBc9ZeD1QBoe4my3N124U8po0bHHiZAeXEMR3bgcpjJHoFvEa2oPF&typo=1 for more
553 information. (#5.7.1)
Giving up on 67.219.246.101.
STARTTLS proto=TLSv1.2; cipher=ECDHE-RSA-AES256-GCM-SHA384; subject=/C=US/ST=California/L=Mountain View/O=Symantec Corporation/OU=https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f%2f%2fSymantec.cloud%2fCN%3dmail385.messagelabs.com%3b&c=E,1,D8lOzAca7lsjaTLXAGwS1SiiVFfMYaeVAar8gtL8BooaDfYMy_4jwk3PSbbcEmugfMsbGmXHygo_LtDNvMnhwrqbqN7iyBtuOin9qvNsX30wMQ,,&typo=1 issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA;

— Below this line is a copy of the message.

0

Related:

StoreFront management console fails to open after upgrading, or clean installation of StoreFront 3.12.x (7.15 LTSR)

Use one of the methods described here according to your organization’s security policy, and whether the system has access to the Internet.

Method 1

If your organization permits automatic root certificate updates, and the system has access to the Internet,

  1. Check the Group Policy Administrative Templates setting “Turn off Automatic Root certificate update”. The setting is located in:

    “Computer ConfigurationAdministrative TemplatesSystemInternet Communication ManagementInternet Communication SettingsTurn off Automation Root certificate update”

  2. If this setting is Enabled (that is, automatic root certificate update is turned off), delete this setting.

  3. Close and re-open StoreFront management console.

Note: if this setting is being applied via domain Group Policy, consult your domain administrator.

Method 2

If your organization does not permit automatic root certificate updates, or the system does not have access to the Internet, download and install the following Root Certificates:

  • DigiCert Assured ID Root CA, available at https://www.digicert.com/digicert-root-certificates.htm
  • GlobalSign Root CA, available at https://support.globalsign.com/customer/en/portal/articles/1426602-globalsign-root-certificates
  • VeriSign Class 3 Public Primary Certification Authority – G5, available at https://knowledge.digicert.com/solution/SO5624.html

Note: consult your organization’s security specialist about these two root certificates.

Related:

  • No Related Posts

MessageLabs.com 421 Service Temporarily Unavailable, TLS negotiation failed with error IllegalMessage

I do not need a solution (just sharing information)

I have already indeed email a sample message to Symantec (investigation@review.symantec.com) for the NDR message delayed emails.

I poseted in hopes to maybe help with this issue and see if someone else has any ideas.

In the Send connector protocol logs, we see:

2019-01-09T16:42:03.318Z,Internet,08D1234567811DF6,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T16:42:03.334Z,Internet,08D6723456789DF6,1,x.x.x.x:32944,x.x.x.x:25,+,,
<,220 server-5.tower-347.messagelabs.com ESMTP,
>,EHLO Mail.xxxx.com,
<,250-server-5.tower-347.messagelabs.com,
<,250-STARTTLS,
<,250-PIPELINING,
<,250 8BITMIME,
>,STARTTLS,
<,220 ready for TLS,
*,,Sending certificate
*,”CN=mail.xxxx.com, O=””xxxx, Inc.””, L=xxxx, S=xxxx, C=US”,Certificate subject
*,”CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US”,Certificate issuer name
*,09024235443534F8234324,Certificate serial number
*,FDA0D53434343D933F32345123456789681DAAC3,Certificate thumbprint
*,mail.xxxx.com;autodiscover.xxxx.com;owa.xxxx.com;,Certificate alternate names
*,,TLS negotiation failed with error IllegalMessage
-,,Local

Then we Also See:

2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,1,x.x.x.x:48897,x.x.x.x:25,+,,
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,2,x.x.x.x:48897,x.x.x.x:25,<,”220 mail555.messagelabs.com ESMTP Wed, 09 Jan 2019 19:35:50 +0000″,
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,3,x.x.x.x:48897,x.x.x.x:25,>,EHLO mail.xxxx.com,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,4,x.x.x.x:48897,x.x.x.x:25,<,250-mail555.messagelabs.com Hello ip-100-112-14-171.us-east-1.aws.symcld.net [100.112.14.171],
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,5,x.x.x.x:48897,x.x.x.x:25,<,250-SIZE 52428800,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,6,x.x.x.x:48897,x.x.x.x:25,<,250-8BITMIME,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,7,x.x.x.x:48897,x.x.x.x:25,<,250-PIPELINING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,8,x.x.x.x:48897,x.x.x.x:25,<,250-CHUNKING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,9,x.x.x.x:48897,x.x.x.x:25,<,250-PRDR,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,10,x.x.x.x:48897,x.x.x.x:25,<,250 HELP,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,11,x.x.x.x:48897,x.x.x.x:25,*,,sending message with RecordId 10261234567442 and InternetMessageId <1523344547606.84370@xxxx.com>
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,12,x.x.x.x:48897,x.x.x.x:25,>,MAIL FROM:<Paul.xxxx@xxxx.com> SIZE=34071,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,13,x.x.x.x:48897,x.x.x.x:25,>,RCPT TO:<jschxxxx@xxxx.com>,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,14,x.x.x.x:48897,x.x.x.x:25,<,250 OK,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,15,x.x.x.x:48897,x.x.x.x:25,<,421 Service Temporarily Unavailable,

All Message Labs Servers we see with TLS Negoiation Problems:

server-6.tower-367.messagelabs.com

server-14.tower-387.messagelabs.com

server-35.tower-384.messagelabs.com

server-9.tower-347.messagelabs.com

server-13.tower-407.messagelabs.com

server-35.tower-404.messagelabs.com

server-3.tower-327.messagelabs.com

server-35.tower-344.messagelabs.com

server-8.tower-341.messagelabs.com

server-16.tower-381.messagelabs.com

server-3.tower-361.messagelabs.com

server-4.tower-246.messagelabs.com

MessageLabs with 421 Service Temporarily Unavailable:

mail555.messagelabs.com

0

Related:

7023362: Failed to create certificate request – countryName

This document (7023362) is provided subject to the disclaimer at the end of this document.

Environment

Privileged Account Manager

Situation

Unable to create a Certificate Signing Request (CSR) from the Hosts Console
The following browser dialog error when requesting a certificate for the framework manager console:
Failed to create certificate request
The following is found in the unifid.log:
Error, Error adding attribute countryName to request

Info, SSL Error: error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long

Info, admin certRequest client:localhost user:admin@<hostname>(137.65.60.249) rc:0 status:500(Failed to create certificate request) (66ms)[42078208:42078208]<90112><327680>

Resolution

The Country field of a Certificate Signing Request should be a 2-character ISO format country code.
More details can be found from documentation provided by the Certificate Authority (CA).
The following is a list of SSL Certificate Country Codes provided by Digicert as an example:

Cause

Invalid details provided in conflict with the certificate authority documentation.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Hyperledger Surpasses 250 Members for Blockchain Consortium

On July 32, 2018, Hyperledger announced the passing of its 250-member milestone, as they onboard nine additional members. The members include ChainDigit, Chainyard, Coil, DigiCert, LG CNS, Omnitude, Tierion, and UTRUST.

Multiple Companies with Multiple Disciplines

Some of the company’s focus on offering blockchain solutions like Tierion with anchoring data to the blockchain, Coil contributing to Hyperledger’s Quilt for better open-source solutions, and Chainyard helping businesses utilize blockchain systems more effectively.

Other new members like LG CNS, an IT Service provider with 11 overseas subsidiaries, has the potential to affect several different industries (energy, transportation, manufacturing, healthcare) and will be able to take what they learn in Hyperledger to potentially change entire sectors.

Many of the companies that join Hyperledger’s group are interested in collaborating to make open blockchain solutions that help give their enterprise a competitive advantage and to improve an entire industry.

Advertisement
advertisement

ICYMI We announced 9 new members this morning including @Tierion@UTRUST_Official@ChainDigit@Omnitudeorg@Coil + others! Check it out: https://t.co/xCkXIZv5fOpic.twitter.com/s0FmwGK5mg

— Hyperledger (@Hyperledger) August 1, 2018

Hyperledger has ten business blockchain and distributed ledger technologies, which helps the initiative attract companies from IT, finance, and many other sectors. Some collaborations even spawn cross-sector technologies thanks to the open-source nature and community development that Hyperledger fosters.

While Biran Behlendorf, Executive director at Hyperledger, admits that July is “traditionally a quiet month,” the blockchain initiative has been “quite busy hitting some key community and technology milestones.”

Members joining the initiative are always welcome, but Hyperledger has dedicated the second half of this year towards growth in their open-source frameworks. As demand increases for blockchain applications globally, the collaborative’s interest in businesses will continue to ramp up.

With blockchain spending expected to hit new all-time highs in the next five years, enterprises will be scrambling for solutions that deliver results faster and at a lower cost.

Related:

7022952: Sentinel Agent Manager modules will not install

This document (7022952) is provided subject to the disclaimer at the end of this document.

Environment

Sentinel Agent Manager 8.x Server

Situation

The modules will not import during the initial Sentinal Agent Manager install but the install will still successfully complete. There is another way to add the modules post install by doing an import from within the Sentinel Agent Manager console, however that also fails to import the modules. Both of the unsuccessful module import options are failing with the following error.
The module signature is invalid, missing or from an untrusted source: A certificate chain could not be built to a trusted root authority
The resulting issues are missing data collection policies and missing configuration options within the Agent Manager Console.

Resolution

The CA that Microfocus uses to sign the modules uses a signature that is provided by DigiCert so in order to successfully install the modules you must first install the DigiCertAssuredIDRootCA.crt and DigiCertHighAssuranceEVRootCA.crt into the trusted stores on the computer.
The CAs are available for download at https://www.digicert.com/digicert-root-certificates.htm.
Afterwards simply install Sentinel Agent Manager.
If Sentinel Agent Manager is already installed then simply install the modules using the following steps.
1. Open the Sentinal Agent Manager console.
2. Right click “data collection policies”.
3. Choose “restore content module”.
4. Choose the appropriate option. If this is a fresh install then choose the third option. Replace existing policies with those of the imported module.
5. Browse to the install CD modules folder and choose the module to import.
6. After the imports are complete the previously missing options should be available.

Cause

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store on the Sentinel Agent Manager computer.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Renew Public SSL Certificate

In order to import the SSL file to XenMobile you need to have the key file as XenMobile need the key in order to decrypt your traffic.

When you go to GoDaddy, DigiCert, Symantec, etc the files that you can download from there are certificates and usually, it doesn’t have the key embedded into the file,

Why they don’t have your key??

Because that is something that you did the first time you created certificate request and that key is stored on the IIS server, NetScaler, or in the SSL Listener certificate inside the XenMobile, also remember that if you have a pfx file with the old certificate the key should be there and you can extract that information using OpenSSL.

In order to create a PEM file Manually you can follow this process:

1) Open Notepad and add the key that is inside the pfx file or inside the old pm file (You should be able to export the file from the XM console and then extract the file using a text editor)

2) Then add the certificated that you downloaded from your Certificate Authority

3) Then add the Intermediate and the root certificate as the following explication.

—–BEGIN RSA PRIVATE KEY—– (Your Private Key: your_domain_name.key)

—–END RSA PRIVATE KEY—–

—–BEGIN CERTIFICATE—– (Your Primary SSL certificate: your_domain_name.crt)

—-END CERTIFICATE—–

—–BEGIN CERTIFICATE—– (Your Intermediate certificate: DigiCertCA.crt)

—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—– (Your Root certificate: TrustedRoot.crt)

—–END CERTIFICATE—–

4) Once you have created that file you will get a certificate with all the certificate chain + the key inside of it.

How do I extract the key from a pfx file?

Go to the NetScaler CLI Export the private key file from the pfx file using this command openssl pkcs12 -in the filename.pfx -nocerts –out the_key.pem

Note: if you don’t have a NetScaler you can install OpenSSL on a Linux appliance and extract the key using the command provided before

Related:

  • No Related Posts

What are the different formats of SSL certificates and how we can upload a certificate to NetScaler

This article explains the different formats of the SSL certificates and demonstrates how to upload the certificates to NetScaler.

Use Case

Ramesh wants to communicate in a secure manner using certificates provided by different Certificate Authorities(CA) which can be of different formats(PEM, DER, PFX). Ramesh should be able to use these certificates of different format for his secure communication.

Secure communication is one of the important requirements for enterprises and telcos, where they want to provide their customers/users with safe, secure environment.

However there are many culprits with malice intentions to steal your identity which can lead to a fortune for them and can be destructive for the users who lost their identity. To prevent this, certificates are used for security and identification. A certificate is an electronic document that contains data fields. If you were to compare a digital certificate with a traditional physical certificate, you will find many similarities. In a traditional certificate, say for e.g. a college degree certificate, we can see who has issued the certificate and to whom it was issued and can use it. Similarly a digital certificate will contain information on who issued the certificate and who can use this certificate.

Additionally a certificate contains validity information, indicating the period for which the certificate is valid, a public key and a digital signature which is just like a wax seal on the traditional physical certificate.

There are many well recognized Certificate Authorities(CA) who can issue certificates. Some of the well- known certificate authorities are Verisign, GoDaddy, GlobalSign, Digicert, StartCom, Trustwave, Secom etc. These Certificate Authorities can issue certificate in the below mentioned formats,

  • PEM – Privacy Enhanced Mail
  • DER – Distinguished Encoding Rule
  • PFX – Personal Information Exchange

Related:

  • No Related Posts

StoreFront Management Console Fails to Open After Upgrade to, or Clean Installation of, StoreFront 3.12.1000 (7.15 LTSR CU1)

Use one of the methods described here according to your organization’s security policy, and whether the system has access to the Internet.

Method 1

If your organization permits automatic root certificate updates, and the system has access to the Internet,

  1. Check the Group Policy Administrative Templates setting “Turn off Automatic Root certificate update”. The setting is located in:

    “Computer ConfigurationAdministrative TemplatesSystemInternet Communication ManagementInternet Communication SettingsTurn off Automation Root certificate update”

  2. If this setting is Enabled (that is, automatic root certificate update is turned off), delete this setting.

  3. Close and re-open StoreFront management console.

Note: if this setting is being applied via domain Group Policy, consult your domain administrator.

Method 2

If your organization does not permit automatic root certificate updates, or the system does not have access to the Internet, download and install the following Root Certificates:

  • DigiCert Assured ID Root CA, available at https://www.digicert.com/digicert-root-certificates.htm
  • GlobalSign Root CA, available at https://support.globalsign.com/customer/en/portal/articles/1426602-globalsign-root-certificates

Note: consult your organization’s security specialist about these two root certificates.

Related:

  • No Related Posts