Applying SSL

Similar Messages

• Issue in applying SSL selectively to Login JSP Page--Session getting lost.

  Hi,
  I am facing some issues with SSL configuration on my web site running on tomcat 5.5. I am using jdk 1.5 and form based authentication with JAAS framework.
  The SSL configuration is working perfectly when applied to complete web site, but starts giving problem when applied selectively to some JSP pages. At present I am trying to apply SSL just on the login page.
  When the login screen loads up, the URL in the browser has a protocol "*https*", as expected, but it doesn't gets changed to "*http*" once the user has successfully logged in. Why is the automatic change from https to http not ocurring?
  Also I want to know which is the default page, tomcat will direct the logged in user to, once successfully authenticated using form based login; Is there any way to change this default page to some other page. It looks like that tomcat automatically directs to index.html , once the user has been successfully authenticated, but I am not so sure. My index.html page is having 4 frames; the source of these frames are different JSP pages, which are not under SSL.
  My aim is to apply SSL just on login.jsp so that password doesn't travel in clear text. Once the user is authenticated he should see index.html and the address bar's URL should change it's protocol from https to http.
  Please, find below the code in my web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>CWA Application</web-resource-name>
  <url-pattern>/about.jsp</url-pattern>
  <url-pattern>/admin_listds.jsp</url-pattern>
  <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>*</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <url-pattern>/*login.jsp*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>*</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>CWA Application</realm-name>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/login.jsp?error=true</form-error-page>
  </form-login-config>
  </login-config>
  <welcome-file-list>
  <welcome-file>login.jsp</welcome-file>
  </welcome-file-list>
  My login. jsp has below code:
  <form name="login" method="POST" action='<%= response.encodeURL(*"j_security_check*") %>' >
  <tr>
  <td width="100%">
  <table width="260" border="0" cellspacing="0" cellpadding="1">
  <tr>
  <td align="left" valign="top" rowspan="4"><img src="images/space.gif" width="15" height="5"></td>
  <td align="right" class="login-user" nowrap ><p>User name: </p></td>
  <td align="left" valign="top"><input maxLength="64" name="j_username" size="20"></td>
  </tr>
  <tr>
  <td align="right" nowrap class="login-user"><p>Password: </p>
  </td>
  <td align="left" valign="top">
  <input maxLength=\"64\" tabindex="2" type="password" name="j_password" size="20">
  </td>
  </tr>
  </form>
  The entries in my server.xml are following:
  <Connector port="8080" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" />
  <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  maxThreads="150" scheme="https" secure="true"
  keystoreFile="${java.home}\lib\security\cacerts" keystorePass="changeit"
  clientAuth="false" sslProtocol="TLS" />
  I have gone through the http://forums.sun.com/thread.jspa?threadID=197150 and tried implementing it; The filter as explained in the thread does gets called but the session values are still lost.
  Please note I am using javascript to go from secure "https" to "http" once the user has successfully logged in The javascript code is as below:
  top.location.href="http://localhost:8080/qtv/index.html." ;
  If I use response.sendRedirect("http://localhost:8080/qtv/index.html") for going to non-secure mode, the index.html page does not gets loaded properly. (Please note that my index.html is made of *4 frames*, as explained earlier. This is a legacy code and frames can't be removed).
  The reason for index.html not getting loaded properly is that the Address bar URL does NOT change its URL and protocol from https (https://localhost:8443/qtv/index.html ) to "*http*" (http://localhost:8080/qtv/index.html) when esponse.sendRedirect() is used ;this is the default behaviour of response.sendRedirect(). And because the protocol in address bar is https, index.html is not able to load the other JSP's in it's frames because of cross-frame-scripting security issues (The other JSP's to be loaded in frames are are NOT secure as discussed earlier).
  Please let know if any way out.
  Thanks,
  Masaai

  Hi
  try to set the maximum interval between requests
  eg:
  session.setMaxInactiveInterval(6000);
  vis

• I'm getting an error (BEA-090508) when trying to apply SSL and starting the server

  I'm trying to apply SSL with my own CA on a Weblogic Server. I'm getting an error (BEA-090508) when trying to start the server.
  regards

  Hi peggy gray,
  I believe you have the Photography subscription purchased wherein the applications other than PS and LR are available as trial only.
  Please check the link below:
  Creative Cloud Photography plan | Adobe Creative Cloud
  Regards,
  Sheena

• Apply SSL in JSP with internal CA signed by Active Directory

  Hi geniuses, who has any idea how to apply SSL into JSP pages.
  I am try add SSL to my authentication JSP pages. My company has exist internal CA signed by Microsoft Server 2003 Active Directory.
  Who's have any idea or tutorial, can you please share to me?

  webster wrote:
  Hi geniuses, who has any idea how to apply SSL into JSP pages.
  I am try add SSL to my authentication JSP pages. My company has exist internal CA signed by Microsoft Server 2003 Active Directory.
  Who's have any idea or tutorial, can you please share to me?This really has nothing to do with JSP or this forum. It's a matter of setting up your Servlet/JSP container properly. Consult the docs for your servlet/jsp container for how to enable SSL.

• Configure EP6 SP11 for SSL

  I am following the instructions (help.sap.com) for applying SSL but they are slightly confusing.
  1. You apply the SSL to J2EE
  2. You have to have the Key Storage Server running - but how do you ensure that it is? Is it by default when the J2EE is running
  3. I want to use Verisign Certificates so I suppose that I generate a certificate signing request - do I have to create an entry first under the service_ssl view of the Visual Adminstrator or is this only if I am using a test CA.
  4. I then get the certicate back from Verisign and import it into the J2EE.
  I assume I can them call my portal on the secure port:
  https://myportal.com:500003/irj
  Where do I find the secure ports and do I have to do anything in the portal?
  Thanks
  Patrick

  Hi,
  I have gone through this document but still i am not able to achieve SSL. These are the steps that i have performed. Do let me know if i have missed out something.
  Creating the Server's Key Pair to Use for SSL:
  1) Visual Administrator -> KeyStore -> Views (service_ssl) -> 2 Enteries (ssl-credentials, ssl-credentials-cert). I would like to use ssl-credentials for testing purpose. So if i am not wrong, i don't need to do anything here.
  2) Assigning the Key Pair to Use for a Specific SSL Port:
  I have configured as described in the document.
  3)Managing the Credentials and Trusted Certificates to Use SSL:
  Is it necessary to select one of these:
  Request client certificate
  Require client certificate
  Can't i use the default, Do not request client certificate ?
  I have used Request client certificate and added, SAPServerCA and SAPPassportCA.
  4) Configuring the Use of Client Certificates for Authentication
  Here the pre-requisite says "The SAP J2EE Engine is configured to support SSL", what does that mean? How do i cross check this ?
  The rest of the steps are performed.
  Is there anything else that has to be taken care of ?
  Thanks in advance.
  Regards,
  Sunil

• SQL Server SSL Certificate

  Hi All,
  I am slowly getting to the bottom of applying SSL throughout my project but am stuck in the current situation and I need help please..
  Project is a Java servlet running on Windows. Java 1.6 and Tomcat 7 but connects to a SQL Server database and an Oracle database (running on unix). We have a keystore set up successfully on the servlets' server with root, intermediate certificates etc
  that successfully encrypts the connection to Oracle. The server team maintaining the server hosting the SQL Server database have supplied me with an SSL certificate, I am told is for accessing the SQL Server database. I am assuming it is a public key certificate.
  I am trying to apply this certificate to encrypt the network traffic to the SQL Server database. I have attempted to import the certificate into the keystore mentioned above using the Java keytool but this does not work so I deleted the certificate from
  the keystore again. I found the URL below which I have followed to install the certificate through MMC but cannot find how to now force Tomcat to encrypt the network traffic.
  http://support.microsoft.com/kb/316898
  Can someone please tell me what I am missing here please? There is loads of guidance on setting up keystores with root and intermediate certificates etc, but I cannot find any guidance on what to do in Tomcat to use a single provided SSL certificate. Do
  I use the Java cacerts file and import the certificate in there?
  Thanks in advance
  Regards
  AJF

  Hi SQL Team - MSFT
  Thank you for your response.
  I have been looking at this further.  I have only been given one SSL certificate which I am assuming because it has a file format of ".cer" it is the public key for the certificate on the server hosting the SQL server database.  For this to work
  they way we want, the "clients" will not have SQL Server Configuration Manager installed, but instead will have the SSL certificate mention above stored in a Keystore set up with the "Keytool" in the Java JRE.
  I am unsure how the guys who manage the server hosting the SQL server database have set up the SSL certificate, i.e. if they have set up a root and intermediate certificate etc.  I am currently trying to get information out of them (They are not
  located immdiately near my location).  I have a funny feeling they have not set up the SSL at their end correctly, and I am wondering if they have just imported into the servers browser, the same public key certificate they forwarded to me.  When
  you say "you have to first export the Trusted Root Certificate Authority from the server and import this to the client", what part of the SSL certificate(s) do you mean?
  Do you mean the Certificate Authority root certificate and I have to import that into the client as well as the public key certificate?
  I look forward to you next feedback.
  Regards
  Alanjo

• SSL Provider in PI 7.1 NWA

  Hello,
  We are trying to apply SSL to PI 7.1 (ABAP+JAVA). We haver created ssl certificate in the SSL key storage and now we want to activate this in SSL provider service.
  Now that there is no visual administrator in PI 7.1, we are forced to use NWA and we cannot find SSL provider service in NWA.
  Please let me know as where to find the SSL provide in new NWA.
  Thanks,
  Praveen

  Hi Praveen,
  Please look at the following link and see if helps you.
  https://ecohub.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/808d3048-638c-2a10-35a6-faa48e50ad59
  I have also found another link from the help site. Please check it out and see if it helps
  http://help.sap.com/saphelp_nwpi711/helpdata/en/a0/f3d378e6be44219237733d7cff3644/content.htm
  Please do check this link and see if it helps you
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/109aa318-5aa6-2a10-799d-a495383c1e01
  Best Regards.
  Edited by: Prakash Bhatia on Apr 20, 2009 10:39 AM
  Edited by: Prakash Bhatia on Apr 20, 2009 10:44 AM

• SSL provider service is PI 7.1

  Hello
  We are moving the interfaces from PI 7.0 to PI 7.1 EHP1 and trying to apply SSL to PI 7.1 EHP1. We have created ssl certificate in the SSL key storage and now we want to activate this in SSL provider service.
  Now that there is no visual administrator in PI 7.1. So could you please let me know as where to find the SSL provide in new NWA. or the procedure for activating the same.
  Thanks in advance
  Kalyan

  Hi Kalyan,
  Log on NWA and then Configuration Management -> Certificates and Keys.
  Content -> Trusted CA
  Add here the public certificate and the ssl connection should work.
  Please see the below link, it might be useful to you.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  Regards,
  Rajesh

• SSL Strust : Issuer certificate missing in database

  Hi,
  I am apply ssl in Abap stack STRUST.  When i apply the certificate respond from the CA , it showing error
  Issuer certificate missing in database:CN=DigiCert High Assurance CA-3, OU=www.digicert.c
  Any idea??
  Thanks

  In Strust, goto Certificate->Database, create a new "ROOT CA" entry ex;Z_NETCA.
  Select any PSE(System PSE) ->Certificate->Import  and Import the "Issuer Certificate".
  Certificate->Export->Database>Select Z_NETCA, CA, Some description ->OK
  Now you will be able to import your certificate response without any issues.
  To Get the "Issuer Certificate" open your certificate response(certificate) , goto Certification Path TAB and select the next level higher to your Server CA and ->View Certificate->Goto Details tab and Copy to File->Export in base64 or DER format.

• Applying Digital certificates on EP 7

  Hi SDN,
  Currently we are running EP 7 in which we have applied SSL. We want to apply digital certificates for the transaction happening between the end user and the portal. Kindly share SAP document to implement the same.
  Let me know if digital certificates can be applied on a user specific mode...
  Thanks & Regards,
  p188071.
  Edited by: p188071 on Apr 1, 2009 7:44 AM

  Hello Amit,
  The portal runs on the J2EE Engine, so you have to configure the use of client certificates there. There is a step-by-step procedure in the documentation. See: http://help.sap.com/saphelp_nw70/helpdata/en/62/881e3e3986f701e10000000a114084/frameset.htm
  If you have questions, just let us know.
  Greetings,
  Elizabeth Winker

• SSL on J2EE engine

  Hi,
  We are on Ep6 SP12 and we are making our portal available via internet. we have adapted IIS proxy and wanted to apply SSL. I'm little confused on number of SSL certificates I have to apply. Between Browser and J2ee engine I have IIS server.
  Do I have to apply SSL between browser and IIS or is it sufficient if I apply SSL to J2ee engine??
  Any suggestions or docs or ideas highly appreciated.
  thanks,
  Maya.

  It depends on the level of encryption that you want.  However, it is possible to have SSL terminate at the IIS proxy box and have the proxy send out requests in http to the portal.

• SSL on a single subdirectory/URI

  I wonder if anyone can help. I'm running WL 9.2 server and am looking to apply SSL to one subdirectory / URI of my struts app.
  For example:
  http://localhost:7001/myapp does not require SSL... but
  https://localhost:7002/myapp/subdir does require SSL.
  I've Googled like crazy but found no way to do this yet.
  thanks... Chumpster
  Edited by chumpster at 12/31/2007 12:12 PM

  Have a look at "transport-guarantee" in web.xml. For example:
  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure</web-resource-name>
        <url-pattern>/subdir/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  Mike
  Weblogic/J2EE Security Blog: http://monduke.com

• Ssl to remote gateway

  Is it possible to apply ssl to remote gateway port adapter?
  we have setup remote gateway and IIS on one machine.
  and IDM and App Server on another.
  configured the IIS SSL with Websphere to call IDM page.
  while IDM is interacting with Remote Gateway adapter, can we apply SSL to that port address(i think it is 9278)?

  Hi,
  For Event ID 102, please refer to following article and check if can help you.
  Event ID 102 — RD Gateway Server
  Configuration
  à
  What is confusing about this is that Remote Desktop Services role is not installed on this server
  Did you enable RWA on the SBS 2011?
  Small Business Server 2011 Standard installs and configures the Remote Desktop Gateway role for use with the Remote Web Access website. The setup process does not install the Remote Desktop Gateway Manager management console. As a result, the Remote Desktop
  Gateway Manager mmc will not be listed under the Administrative Tools and in Server Manager, the Remote Desktop Gateway role will appear to not be installed. The service is however installed and is properly configured for use with the Remote Web Access website
  by SBS Setup and the Internet Address Management wizard.
  Please type
  services.msc in RUN to open Services panel, navigate to Remote Desktop Gateway service and open its Properties. Would you please let me know the Startup type of this service that had been set? Meanwhile, please refer to following KB and check
  if help you to manage the Remote Desktop Gateway Service in SBS 2011 Standard.
  How to Manage the Remote Desktop Gateway Service in SBS 2011
  Standard , SBS 2011 Essentials, Windows Server 2012 Essentials and Windows Server 2012 R2 Essentials.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How can my applet communicate with servlet via HTTPS?

  hi all,
  I'm using jdk1.4.2_03. Tomcat 4.1.27/29.
  My applet used to communicate to serlvet/JSP via http protocol. However, I wish to apply SSL in my tomcat standalone. Is there any implication towards my existing applet to servlet codes?
  For example,
  URL servletURL = new URL("http://www.myhost.com/Shopping");
  // open connection between applet and servlet
  URLConnection servletConnection = servletURL.openConnection();
  servletConnection.setDoOutput(true); // allow connection do output
  servletConnection.setDoInput(true); // allow connection do input
  servletConnection.setUseCaches(false);
  servletConnection.setRequestProperty("Content-Type", "application/octet-stream");
  ObjectInputStream input = new ObjectInputStream(servletConnection.getInputStream());
  resultset = (Vector)input.readObject(); //get Object from Servlet
  input.close();

  http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/HttpsURLConnection.html
  I never used it though, you can check for some code here:
  http://javaalmanac.com/cgi-bin/search/find.pl?words=HttpsURLConnection

• Post an XML on HTTPS URL using XI

  Hi All,
  My scenario is SAP SRM - XI - HTTP, where I am posting an XML message from XI to HTTPS URL using HTTP receiver adapter.
  Can you tell me what all step needs to be done to configure HTTP receiver adapter in this case. Also, since I have to post an XML message on HTTPS URL (Which is outside the domain), do I need to apply SSL certificates as well?
  Appreciate your help!!!
  Thanks & Regards,
  Amit

  Hi Amit
  regarding HTTP URl  just check these
  You can use the HTTP adapter. Refer to following SDN TV demo of the HHTP adapter for details steps involved into it.
  https://media.sdn.sap.com/SDNTV/main.asp?mediaId=107
  HTTPS using XMLSPY
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  The HTTPS configuration data of the Adapter Engines has to be configured in the SLD.
  More Information in the "SAP Security Guide XI"
  http://help.sap.com/saphelp_nw04/helpdata/de/f7/c2953fc405330ee10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
  Under Security Check for Inbound Messages, you can specify which HTTP Security Level is to be assumed for incoming messages. You can choose from the following security levels:
  &#9675; HTTP (default value)
  &#9675; HTTPS without client authentication
  &#9675; HTTPS with client authentication
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/d23cbe11-0d01-0010-5287-873a22024f79
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  <b>Pls reward if useful </b>