Problems in accessing an SSL enabled site through Weblogic 6.1

Similar Messages

• Access a SSL-enabled server

  Hi,
  I'd appreciate it if somebody gives me a response or a hint. I want to send a request to a remote SSL-enable server from my application deployed in Tomcat. Is there any way to do it (like configure Tomcat) other than developing SSL java codes? I know that my question does not make much sense but it is nice to know if there would be some settings that allow 2 servers communicate each other on SSL level. Thank you

  Hi cjmose,
  Thank you for your response.
  I'm not really sure I understand your question. I assume you mean that you have a j2ee app deployed in one container, and the business logic in that app needs to communicate with another container on a separate server via ssl?
  Yes
  In that case I imagine you need to use jsse and use either an https or sslsocket to connect to the other server and do what you need to do...
  I'm developing new codes using jsse1.0.3_04 and HTTPClient (this package claims that it supports https). However, I got an exception HTTPClient.ProtocolNotSuppException when I call
  new HTTPConnection("https", "someserver", -1);Do you know how to fix this problem? Thanks

• 10.6.2 - Unable to access Wildcard SSL websites as Regular User, Admin OK

  Hello,
  I ran into a weird problem with Snow Leopard 10.6.2 after some of the recent updates on Snow Leopard 10.6.2:
  *If using a standard user account (one that cannot administer the machine), I am unable to access any SSL enabled website that uses a wildcard certificate*
  If I switch to the main account (or any account that can administer the computer) then all is OK and the wildcard SSL website comes right up!
  Here is a website to test on: https://vsi.powerschool.com (it uses a *.powerschool.com wildcard certificate)
  This behavior started just recently, as apple must have done some changes, but I cannot seem to find a fix, can anyone PLEASE help?
  Thanks in advance!
  Stefan.

  I did get a "stock" response from Apple support, and I am pasting it below.
  While it may help some of you, for me it is NOT a solution. It is as if Apple does not even want to acknowledge this major bug.
  I temporarily got around the problem by identifying that the parental controls are actually blocking DNS resolution, and not access to the sites themselves!
  Therefore, I added the wildcard SSL website to the /etc/hosts file with it's corresponding IP address as to bypass DNS lookups for it. As long as the IP address does not change all will be OK, so I still do not consider this a fix.
  =========== Apple Response ==========
  +Secure (HTTPS) websites need to be added to the list of allowed sites (white list). For each site that needs to be added, use the "host" command in Terminal with the domain name to obtain its IP address, then use the host command with the IP address to obtain the reverse domain name. For example:+
  +$ host gmail.com+
  +gmail.com has address 74.125.127.83+
  +gmail.com has address 209.85.225.83+
  +gmail.com has address 74.125.79.83+
  +gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.+
  +gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.+
  +gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.+
  +gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.+
  +gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.+
  +$ host 74.125.127.83+
  +83.127.125.74.in-addr.arpa domain name pointer pz-in-f83.1e100.net.+
  +In this case, the result is "1e100.net" (ignoring subdomains), which is different than the domain we started with. Therefore, add both "gmail.com" and "1e100.net" to the white list.+
  +Repeat these steps for each secure site that needs to be accessed in Parental Controls.+
  ======================================

• Help - can't access my staging web site

  Hello
  A while back I wrote in seeking advice re: losing my access to a staging web site - Camelot kindly wrote the following, which I did but it didn't work...
  "Provided you're an admin on your system the easiest way is to open /Applications/Utilities/Terminal.app and run the command:
  sudo echo "11.11.111.111 www.ekekekek.com" >> /etc/hosts
  exactly as written (changing the IP address if you need to). This command uses sudo to elevate your privileges. You'll be asked to authenticate by typing in your password (which won't be visible), then it'll run the 'echo' command which simply prints whatever's within the quotes and appends it to the file /etc/hosts. "
  Very helpful, but it didn't give me access to my staging site...last week my mac G5 crashed and had a kernel panic - spent about 1 1/2 days on the phone with half a dozen Apple techs trying to fix - it's fixed but now for whatever reason I can't access my Staging web site through any browser, though our live site is OK from any browser.
  So what can I do to again have access to the staging site? Are there more steps I should know in addition to Camelot's directions? What?
  I'm not a techy at all but designer so the more specific, very much appreciated.
  Thanks very much
  Kent

  OK so I figured out that I was supposed to go to
  Terminal/file/New Command to type in Camelot's code -
  which I did, got the password prompt, wrote it, it
  accepted it and came back with this: (the IP and name
  below, I've changed for this post only)
  "12.12.121.271 www.mycertainname.com">>/etc/hosts
  [Process completed]
  Hmm. That looks a little odd to me. First off, did you include the "sudo echo" part at the beginning from Camelot's post? I'm also a little curious about the "[process completed]" part. Usually, I come straight back to the prompt.
  But when I now go to type in my staging site's name
  in the browser, I get another web site which has the
  same name, still can't access this site of mine.
  I don't give my staging sites the same names, so I'm not sure how that would work if it had the same name as another site. For example, if I have a domain called "mydomain.com," the real web server would be "www.mydomain.com" and my staging server would be
  something like "staging.mydomain.com." That way, if I want to look at the real site, I type in one address. I type in the other if I want the staging server. You can't (easily) have the same text address (www.mydomain.com) resolve to different IP addresses. That requires some special DNS tricks that are beyond the abilities of the /etc/hosts file.
  At this point, re-run this Terminal command and post the results:
  <pre class="command">cat /etc/hosts</pre>Also, I can't figure out how to do this from the Network Utility, but you can check and see where your Mac is getting its lookup information by using another Terminal program called lookupd. You can also use it to flush the DNS cache, in case that's what's causing it to go to the other site. To flush the cache, type this in the Terminal at the prompt:
  <pre class="command">sudo lookupd -flushcache</pre>You should just get the prompt back when it's done. There's no feedback.
  To check where your Mac is getting its lookups, you use lookupd in an interactive mode. First, you type:
  <pre class="command">lookupd -d</pre>At the prompt in the Terminal window. Then you'll get a few lines of text and a ">" prompt. Type "hostWithName", then a space and your host's name, so it looks like this:
  <pre class="command">> hostWithName: www.apple.com</pre>When you hit the enter key, it'll do the lookup and give you a few lines information:
  <pre class="command">Dictionary: "DNS: host www.apple.com.akadns.net"
  lookup_DNSdomain: apple.com.akadns.net
  lookup_DNSserver: 208.67.222.222
  lookup_DNS_time_tolive: 58
  lookup_DNStimestamp: 1167796142
  lookupagent: DNSAgent
  lookup_infosystem: DNS
  interface: 4
  ip_address: 17.112.152.32
  name: www.apple.com.akadns.net www.apple.com
  + Category: host
  + Time to live: 43200
  + Age: 0 (expires in 43200 seconds)
  + Negative: No
  + Cache hits: 0
  + Retain count: 4</pre>Notice how it mentions DNS servers in several places, including "DNSAgent". That meant it used the DNS server at 208.67.222.222 to find the address for www.apple.com. Now, if I try it with a staging server (hosted on my iMac in this case), see what happens:
  <pre class="command">> hostWithName: test.mydomain.com
  Dictionary: "FF: host test.mydomain.com"
  lookupagent: FFAgent
  lookupvalidation: /etc/hosts 2 1166756640
  ip_address: 127.0.0.1
  name: test.mydomain.com
  + Category: host
  + Time to live: 43200
  + Age: 0 (expires in 43200 seconds)
  + Negative: No
  + Cache hits: 0
  + Retain count: 3</pre>Now, see how it says it looked it up using the FFAgent (Flat File), and even says it got it from /etc/hosts? If you're seeing anything except for FFAgent, then it's not looking in /etc/hosts for the info. There are ways to change the lookup order lookupd uses, but I'm pretty certain it was already set to use the flat files before DNS way before Panther.
  To quit the lookupd program, just type "quit" at the prompt.
  charlie

• Publishing a site through UAG without using the Portal login

  Good Day -
   I'd like to ask if there is a way to publish access to an internal site through UAG without users having to use the Portal login - say by providing a link -

  Hello,
  The portal app is mandatory even if you not use it, indeed if you delete this app UAG stop to work as expected.
  In order to publish your internal site without going through the portal, in select application select the following options:
  Type: Web
  Web: Other Web Application (application specific hostname)
  With this you could bind a direct DNS name to your publication without using the portal in order to access to it.
  Regards,
  Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
  http://security.sakuranohana.fr/

• Can't access some secure sites through proxy?

  can't access some secure sites through proxy server on osx it just keeps going local authority couldn't be contacted, i had the same problem with parental controls, but now that is off and its still doing it, is there a setting or something i need to enable?

  In my original post, not today's, I had said I was having the issues on the Mini, running OSX 10.6.8 and Safari v.5.1.5 for my bank's pill pay. I should have been more specific as to which machine and OSX Safari browser I'm having the T-Mobile problem with. My mistake.
  It is on both the MacMini and now the Air too. A moment ago, I was able to log in to my.t-mobile.com on the Air, but after putting into my Bookmarks folder, I can't do it anymore. The Log in button comes up greyed out instead of green.
  I'm also still having trouble with my bank's bill pay section on both computers too.
  I wonder if it's related to the saving of the log in info or putting in the Bookmark Folder?

• Can I re-enable SSL in Firefox without downgrading? When I hit an SSL-only site, my only current option is to use another browser.

  Just hit an SSL-only site that I needed to access that FF 35 blocked. I don't see an obvious way to create an exception or re-enable it. We need this option... many users understand POODLE and can make an intelligent decision regarding the risks. TLS has its vulnerabilities as well.

  hello ancistrus, as you know ssl3.0 encrypted connections can be no longer considered secure since an attack vector against them ("POODLE") has become known. please contact the webmaster in charge of the site and urge them to update their encryption to something contemporary.
  https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
  if you want to re-enable ssl 3.0 in firefox you can do that - however keep the consequences in mind, that you will become vulnerable to the attack mentioned above: enter '''about:config '''into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''security.tls.version.min'''. double-click it, change its value to '''0''' and restart the browser.

• Cannot access certain web sites through Airport Extreme Base Station

  I use the old (round) Airport Extreme Base Station (AEBS). Approximately three weeks ago I could no longer connect to americanexpress.com or to Godaddy or their mail servers. About a week ago the Godaddy sites started working again, but the American Express sites are still not working.
  My current setup:
  - AEBS connected to Time Warner New York cable modem
  - Three Airport Express units - two connected to speakers, and one set up with WDS to provide Ethernet access to computer (PowerMac G5), which is in a separate room from cable modem
  - I also have an Airport card in my G5 to connect directly to the wireless network (but that doesn't solve any of my problems)
  I have tried resetting all the units, and have also tried running the network with all the Airport Express units turned off, none of which as allowed me to access American Express.
  I have the exact same problems with my work-issued Windows 2000 laptop when logged in to the wireless network.
  When I plug a computer directly in to the cable modem, I have no problem accessing any of the sites, which leads me to believe that the solution somehow lies with the AEBS - I just can't figure out what it is.
  Any help/suggestions are much appreciated.
  PowerMac G5, 23" Cinema Display, Airport Extreme Base Station (802.11b/g)   Mac OS X (10.4.9)  

  If you're having trouble with throughput performance or just connecting to some websites, try changing the MTU value, on your Mac, to 1492. (The default value is 1500.) To do so, you can use a utility, like Cocktail or via OS X's Terminal.
  MTU will vary with connection type. Cable and non-PPPoE, can use up to 1500, whereas PPPoE connections (WinPoet, RASPPPOE, Enternet, etc.) can only use up to 1492. For secure VPN connections (i.e., IPSec) use a MTU value less than 1500.
  The best value for MTU is that value just before the packets get fragmented. To test, use the Ping utility.
  OS X: ping -D -s 1472 www.dslreports.com
  WinXP: ping -f -l 1472 www.dslreports.com
  Reduce 1472 by 10 until you no longer get the “packet needs to be fragmented” error message. Then increase by 1 until you are 1 less from getting the same error message. Add 28 more to this (since your ping packet size, not including IP/ICMP header is 28 bytes). This will be your MaxMTU. (Note: If you can ping thru at 1472, stop, you’re done! Add 28 and your MaxMTU is 1500.)

• Trusted sites through keychain access

  I'm trying to access a secure site through safari but am unable to do so. I've read posts on here, added the website to the trusted sites through keychain access

  but it still doesn't work. i've rebooted and still not luck.

• Is there a trusted plugin to access a list of sites in SSL only, similar to the extension, Use Https on Google Chrome?

  I would like to access most of the sites I visit in a secure connection (https). In Google Chrome there is an extension called "Use Https", but I'm rather uncomfortable using Chrome. Is there a suitable plugin available on Firefox?
  I use Firefox 4.0.1

  Have a look at these:<br><br>
  * https://addons.mozilla.org/en-US/firefox/addon/https-finder/<br><br>
  * https://addons.mozilla.org/en-US/firefox/addon/cert-alert/<br><br>
  * https://addons.mozilla.org/en-US/firefox/addon/certificate-watch/

• SSL Required but Microsoft says the directory can't have SSL enabled?

  I am confused? iPhone is requiring an SSL connection to the Exchange server, however, Microsoft's KB's are saying the Exchange directory that OMA and ActiveSync talks to cannot have SSL enabled, which means the iPhone will be attempting to sync through port 80?
  How are we suppose to use this technology with SSL, if the Exchange directory is configured for non-SSL connections. They are even going as far as telling you to set up a secondary virtual Exchange directory with SSL disabled, leaving WebAccess connections SSL enabled...

  Mr Upson wrote:
  But, I am still confused, why would Apple enable SSL to an option that Microsoft is not even allowing to begin with? If the virtual directory cannot have SSL enabled, why would Apple think differently?
  ActiveSync has allowances for SSL for certain components of access. I don't know which parts, but I can assure you that all phones that I have ever dealt with (most of those being windows mobile based) have SSL as the default checked option while configuring
  I had a full bar of power this morning that was charged over night and with Active Sync enabled for my Calendar and Contacts, I am now at 10% battery life.
  This has become more of a problem than a solution....
  I would have no idea what would be causing that. I have full push services on for both exchange (everything synced) alsong side of MobileMe. Now I don't use SSL, but all that does is force communications over a different port - I seriously doubt that usage of data differs weather or not SSL is used or not. I can tell you that I do not experience the same type of drain you describe unless you are heavily using things like you tube other services over WI-Fi.

• What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

  To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

  have you out.flush() and out.close() before you call connection.getInputStream()?

• How could it be possible to completely restrict other users to view any sites through firefox browser with the help of password ?

  I want complete control of firefox browser for my computer.
  For example:
  There is a similar feature in Internet Explorer which is called 'Content Adviser'.
  To restrict others for viewing sites through Internet Explorer here is what has to be done:
  1. Click to open Internet Explorer.
  2. Click the Tools button, and then click Internet Options.
  3. Click the Content tab, and then, under Content Advisor, do one of the following:
  *Click Enable. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  *If you've previously enabled Content Advisor, click Settings, and then type the supervisor password. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. To allow others to view restricted content, click the General tab, and then select the Supervisor can type a password to allow users to view restricted content check box.
  5. To allow others to view unrated content, select the Users can see websites that have no rating check box, and click OK.
  6. If a supervisor password has not previously been set up for Content Advisor, you will be prompted to create one.

  Looks like verdana is selected to 'off' in font book. Not sure if this could be the reason as to why i'm experiencing problems.

• I can access my employers web site, but when i try to access the employees section of the web site it says that i need netscape, can someone help

  Hi, My employer has a web site & as a part of the service to the employees, the employees can access personal details through the web site. I can access my employers web site not a problem, BUT - when i try to access the employees part of the web site it tells me "This browser is not supported.
  You must be running Netscape 7.1 or greater."
  Can someone please help?

  It is possible that the server gets confused by the user agent that is modified by your Ubuntu distribution and adds Ubuntu/10.10 (maverick)
  Mozilla/5.0 (X11; U; Linux i686; en-AU; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13
  You can try to reset the pref general.useragent.extra.* that add that part.<br />
  See [[Web sites or add-ons incorrectly report incompatible browser]]

• Starting Server with SSL Enabled

  I want to start iplanet directory server 5.1 with SSL Enabled, but It always ask me PIN Token.
  I write slapd-test-pin.txt file as following :
  slapd-test-pin.txt
  -------begin-----------
  Token:test123456
  -------end ------------
  I put the slapd-test-pin.txt into /usr/iplanet/server/alias
  then, I restart directory server from command line.
  /usr/iplanet/servers/slapd-test/stop-slapd
  /usr/iplanet/servers/slapd-test/start-slapd
  What's wrong ?
  Thank you !!!!

  I have a similar problem. I actually do set the correct format of certidcate db password file but the server stll does not start but reports the following:
  [26/Sep/2003:17:21:11 -0400] - Sun-ONE-Directory/5.2 B2003.143.0014 (32-bit) starting up
  [26/Sep/2003:17:21:11 -0400] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <636> failed : error -5966 (Access Denied.).
  I installed the certificate correctly. It was obtained from VeriSign with a ds 5.2 generated request.
  Any ideas?
  Thanks in advance!