Use of SSLs

I am considering getting SSL protection for one of my sites.
- Something new for me.
If I get a Certificate for a particular site does that mean
that all data transfer associated with that site becomes encrypted,
or does one select certain elements within the site, eg forms?
Can someone point me to a beginners guide?
Thanks
Steve

Hi
Your SSL should come with installation info, if you're on
shared hosting
you will likely have to get your host to complete the work
for you. You
would generally secure a folder and pass people to content
within that
folder for collecting sensitive data.
Cheers jojo
Adobe Community Expert for Dreamweaver 8
http://www.webade.co.uk
http://www.ukcsstraining.co.uk/
Extending Knowledge, Daily.
http://www.communityMX.com/
Free 10 day trial
http://www.communitymx.com/joincmx.cfm

Similar Messages

  • Can port 25 be used for SSL-enable SMTP server ?

    Hi,
    Our customer is using port 25 for a SSL-enabled SMTP server without certificate. When our email client tried to connect to it, the following exception thrown:
    DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    Since we don't want to ask our customer to change their port configuration unless absolutely necessary, we did some tests with our own SSL-enabled SMTP server that uses certificate. Here is what I got:
    1) with port 25, got the same exception as above;
    2) with port 465, worked fine;
    3) with any other randomly pick up valid port, worked fine.
    This made me wonder if 25 is for non SSL SMTP server ONLY. By the way, I'm using Javamail 1.3.4 and JSDK 1.4.2_02. My question is whether we can configure javamail so that port 25 can be used by SSL-enabled SMTP server?
    Your help will be appreciated.

    Yes, port 25 is intended for non-SSL servers only, although that doesn't
    prevent a client from making a plain text connection and then using the
    STARTTLS command to switch the connection to SSL/TLS. JavaMail 1.4
    supports that usage.
    You can configure JavaMail to use port 25 for SSL connections if you
    really want to. JavaMail 1.3.x requires you configure an appropriate
    socket factory to get SSL connections; you can configure whatever port
    you want for use with that socket factory.

  • Using internal SSL Certs for Webview and Reskill (ICM 7.2.X)

    Hi,
    I would like to use corporate ssl certs for webview and reskill to avoid the user having to install the self signed certificate on the local machine. Has anyone any experience of this? Can it cause any unforseen problems?
    My plan for webview is to create the certificate request in IIS for the default website, use this csr to generate the cert, then complete it by uploading the certificate.
    For reskilling, I will assume I will have to do some command line stuff here ...
    eg: keytool -genkey -keyalg RSA -keystore hostname.key
    to create the key,
    keytool -certreq -keyalg RSA -keystore hostname.key -file hostname.csr
    to create the csr, and
    keytool -import -trustcacerts -alias tomcat -file hostname.cer -keystore hostname.key
    to import the new cert
    Suggestions or comments for anyone who has tried this before would be appreciated.
    Regards,
    Brian

    I've never done it on a version so old, but at the end of the day it's just IIS and Tomcat and importing an SSL cert is very standard.
    david

  • Remote host supports the use of SSL ciphers that offer weak encryption

    Dear All,
    Our Internal security audit suggests to avoid the use of Week SSL ciphers for our SAP PI 7.0 servers.
    We have followed the SAP note 510007 - Setting up SSL on Web Application Server ABAP
    as mentioned in the point 6 we have added below parameter in the instance profile of application server  and restarted our server but still the issue is not resoved.
    ssl/ciphersuites=MEDIUM:HIGH:EXPORT:!LOW:!eNULL
    Clients are accessing our PI server through SAP Web dispatcher.
    Kindly suggest the action to be taken to resolve the issue.
    Please find the below comment from Audit.
    The remote host supports the use of SSL ciphers that offer weak encryption.
    Note: This is considerably easier to exploit if the attacker is on the same physical network
    Regards,
    Lalitha.

    Hi Jim,
    The remote host is the PI(7.0) server.
    PI server profile
    FN_JSTART = jcontrol$(FT_EXE)
    ssl/ciphersuites = HIGH:MEDIUM:!mMD5
    jstartup/recorder = java -classpath ../j2ee/cluster/bootstrap/launcher.jar com.sap.engine.offline.OfflineToolStart com.sap.engine.flightrecorder.core.Collector ../j2ee/
    cluster/bootstrap -node %nodeID% %startTime% -bz $(DIR_GLOBAL) âexitcode %exitcode%
    login/accept_sso2_ticket = 1
    SAPSYSTEMNAME = APQ
    SAPSYSTEM = 00
    INSTANCE_NAME = DVEBMGS00
    DIR_CT_RUN = $(DIR_EXE_ROOT)/run
    DIR_EXECUTABLE = $(DIR_INSTANCE)/exe
    jstartup/trimming_properties = off
    jstartup/protocol = on
    jstartup/vm/home = /opt/IBMJava2-amd64-142
    jstartup/max_caches = 500
    jstartup/release = 700
    jstartup/instance_properties = $(jstartup/j2ee_properties):$(jstartup/sdm_properties)
    j2ee/dbdriver = /oracle/client/10x_64/instantclient/ojdbc14.jar
    PHYS_MEMSIZE = 512
    exe/saposcol = $(DIR_CT_RUN)/saposcol
    rdisp/wp_no_dia = 10
    rdisp/wp_no_btc = 3
    exe/icmbnd = $(DIR_CT_RUN)/icmbnd
    rdisp/j2ee_start_control = 1
    rdisp/j2ee_start = 1
    rdisp/j2ee_libpath = $(DIR_EXECUTABLE)
    exe/j2ee = $(DIR_EXECUTABLE)/jcontrol$(FT_EXE)
    rdisp/j2ee_timeout = 1800
    rdisp/frfc_fallback = on
    icm/HTTP/j2ee_0 = PREFIX=/,HOST=localhost,CONN=0-500,PORT=5$$00
    icm/server_port_0 = PROT=HTTP,PORT=80$$
    # SAP Messaging Service parameters are set in the DEFAULT.PFL
    ms/server_port_0 = PROT=HTTP,PORT=81$$
    rdisp/wp_no_enq = 1
    rdisp/wp_no_vb = 1
    rdisp/wp_no_vb2 = 1
    rdisp/wp_no_spo = 1
    # Jcontrol: Migrated Profile Parameter
    #      create at Wed Mar 25 20:20:02 2009
    j2ee/instance_id = ID0079698
    Web dispatcher profile
    SAPSYSTEMNAME = WD0
    SAPSYSTEM = 00
    INSTANCE_NAME = W00
    DIR_CT_RUN = $(DIR_EXE_ROOT)/run
    DIR_EXECUTABLE = $(DIR_CT_RUN)
    wdisp/shm_attach_mode = 6
    # Accesssability of Message Server
    #rdisp/mshost = asapq00.b.com
    #ms/http_port = 8100
    #ms/https_port = 8101
    wdisp/system_0 = MSHOST=asapq00.b.com, MSPORT=8100, SID=APQ
    # Configuration for medium scenario
    icm/max_conn               = 16350
    icm/max_sockets            = 32768
    wdisp/HTTPS/max_pooled_con = 16350
    icm/req_queue_len          = 8000
    icm/min_threads            = 100
    icm/max_threads            = 500
    mpi/total_size_MB          = 700
    mpi/buffer_size            = 32768
    mpi/max_pipes              = 21000
    wdisp/HTTP/max_pooled_con  = 8192
    wdisp/HTTPS/max_pooled_con = 8192
    # SAP Web Dispatcher Ports
    icm/server_port_0 = PROT=HTTP,PORT=80,EXTBIND=1
    icm/server_port_1 = PROT=ROUTER,PORT=443,EXTBIND=1
    #icm/host_name_full= asapq00.b.com
    icm/host_name_full= qtyh2h.k.co.in
    icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=/sapmnt/WD0/global/security/data/icmauth.txt
    ssl/ssl_lib=/usr/sap/WD0/W00/sec/libsapcrypto.so
    wdisp/HTTPS/dest_logon_group = PUBLIC
    wdisp/HTTPS/max_client_ip_entries = 100000
    wdisp/HTTPS/sticky_mask = 255.255.255.0
    #Additional Parameters
    wdisp/add_client_protocol_header = true
    wdisp/auto_refresh = 120
    wdisp/max_servers = 100
    wdisp/handle_webdisp_ap_header = 1
    #Registering SAP Web Dispatcher in the SLD
    #wdisp/system_0 = HOST=asapq00.b.com, PORT=8100, SID=APQ, NR=00
    #Parameter to avoid week SSL ciphers
    ssl/ciphersuites=HIGH:MEDIUM:!mMD5
    Regards,
    Lalitha

  • Memory leak when "Use JSSE SSL" is enabled

    I'm investigating a memory leak that occurs in WebLogic 11g (10.3.3 and 10.3.5) when "Use JSSE SSL" is checked using the Sun/Oracle JVM and JCE/JSSE providers. The leak is reproducible just by hitting the WebLogic Admin Console login page repeatedly using SSL. Running the app server under JProfiler shows byte arrays (among other objects) leaking from the socket handling code. I thought it might be a general problem with the default JSSE provider, but Tomcat does not exhibit the problem.
    Anyone else seeing this?

    Yes, we are seeing it as well on Oracle 11g while running a GWT 2.1.1 application using GWT RPC. Our current fix is to remove the JSSE SSL configuration check, however this might not be an option if you really need it for your application. Have you found anything else about it?

  • Using the SSL-M (6500 blade) with a CSS

    Hi all,
    I think it is possible to use the SSL module for the 6500 chassis as a stand alone device, does that mean we can use our CSSs (11503) and send the SSL traffic to the blade (based on IP address I assume).
    cheers,
    Mike

    Yes you can do it.
    Check CSS sample configs with SCA - just replace the SCA with your SSLM.
    Gilles.

  • Netscape cert type does not permit use for SSL server on Weblogic

    We have WLS 11g (11.1.1.5 SOA) on UNIX and we are trying to connect secured service (Using client certificate along with UserName and Password for Authentication ). I was able to test it using SOAP UI.
    But when I am testing the webservice I am facing listed error
    java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): https://abcd:1111/JWSs/V1/TermsWS at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:575) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at
    and domain log shows that
    Caused By: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server
    Please help me to resolve listed issue.
    Can I use Netscape client certificate on WLS?
    Do I need to take any extra care while working with client cert?
    I appreciate your help.

    Netscape cert type does not permit use for SSL clientTry using another certificate. Your certificate can't be used as a web browser client certificate.

  • Browsing Oracle application using CISCO SSL VPN forms not opening

    Hi all,
    Any idea why am not able to access my application using CISCO SSL VPN.Normal clients are able to use our application there is no problem.i have modifyed the "certdb.txt",still i am having the same problem.here am attaching the Java console output.
    java.net.ConnectException: Operation timed out: connect
         at java.net.PlainSocketImpl.socketConnect(Native Method)
         at java.net.PlainSocketImpl.doConnect(Unknown Source)
         at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
         at java.net.PlainSocketImpl.connect(Unknown Source)
         at java.net.Socket.<init>(Unknown Source)
         at java.net.Socket.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
         at sun.net.www.http.HttpClient.openServer(Unknown Source)
         at sun.net.www.http.HttpClient.openServer(Unknown Source)
         at sun.net.www.http.HttpClient.<init>(Unknown Source)
         at sun.net.www.http.HttpClient.<init>(Unknown Source)
         at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
         at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
         at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
         at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
         at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
         at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
         at sun.misc.URLClassPath$2.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getResource(Unknown Source)
         at java.net.URLClassLoader$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(Unknown Source)
         at sun.applet.AppletClassLoader.findClass(Unknown Source)
         at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadCode(Unknown Source)
         at sun.applet.AppletPanel.createApplet(Unknown Source)
         at sun.plugin.AppletViewer.createApplet(Unknown Source)
         at sun.applet.AppletPanel.runLoader(Unknown Source)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmwebutil.jar
    java.net.ConnectException: Operation timed out: connect
         at java.net.PlainSocketImpl.socketConnect(Native Method)
         at java.net.PlainSocketImpl.doConnect(Unknown Source)
         at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
         at java.net.PlainSocketImpl.connect(Unknown Source)
         at java.net.Socket.<init>(Unknown Source)
         at java.net.Socket.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.doConnect(Unknown Source)
         at sun.net.www.http.HttpClient.openServer(Unknown Source)
         at sun.net.www.http.HttpClient.openServer(Unknown Source)
         at sun.net.www.http.HttpClient.<init>(Unknown Source)
         at sun.net.www.http.HttpClient.<init>(Unknown Source)
         at sun.plugin.protocol.jdk12.http.HttpClient.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.<init>(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsClient.New(Unknown Source)
         at oracle.jinitiator.protocol.https.HttpsURLConnection$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.jinitiator.protocol.https.HttpsURLConnection.connect(Unknown Source)
         at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source)
         at oracle.jre.protocol.jar.HttpUtils.followRedirects(Unknown Source)
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
         at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
         at oracle.jre.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
         at oracle.jre.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
         at sun.misc.URLClassPath$2.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getResource(Unknown Source)
         at java.net.URLClassLoader$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(Unknown Source)
         at sun.applet.AppletClassLoader.findClass(Unknown Source)
         at sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadCode(Unknown Source)
         at sun.applet.AppletPanel.createApplet(Unknown Source)
         at sun.plugin.AppletViewer.createApplet(Unknown Source)
         at sun.applet.AppletPanel.runLoader(Unknown Source)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    WARNING: Unable to cache https://212.72.22.86/+CSCO+1a756767633A2F2F62656E6A726F322E7A75712E70622E627A++/forms/java/frmall_jinit.jar
    java.net.ConnectException: Operation timed out: connect

    Hi,
    From your description, my understanding is that you get invalid workflowinstanceid error when you click on workflow link like "inprogress” in the current list.
    Please check the URL of workflow “inprogress” (also URL for workflow approval instance to open task form) to see if it’s correct.
    Please use your company network directly instead of CISCO SSL VPN, then access SharePoint portal url “https://vpnssl.companyname.com/”,  see if the issue still occur.
    Also, check the ULS log on the SharePoint server based on the Correlation ID value, get more detailed information about this error message.
    And you could refer to this similar issue:
    https://social.technet.microsoft.com/Forums/en-US/08aa6b33-cef6-4b01-8af7-6c25ed7d9953/invalid-workflowinstanceid-parameter-in-url?forum=sharepointgeneralprevious.
    Best Regards
    Vincent Han
    TechNet Community Support

  • Cannot connect using webserviceclient+ssl.jar

    Hello!
    I installed Verisign test certificate on my server and I am able to connect
    to the server using Web Service client with JSSE adapter class. Funnily
    enough, I cannot connect using WebLogic SSL library, I get an exception.
    Could someone help me understand, why I cannot connect using WebLogic SSL
    implementation?
    To connect using JSSE I use following system properties:
    java^
    -classpath
    .;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
    r;..\lib\jsse.jar;^
    -Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
    CJSSEAdapter^
    -Djavax.net.ssl.trustStore=abc.keystore^
    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
    Client https://MyServer:7002/webservice/ABCConnectService?WSDL
    where abcconnect-client.jar is the client jar file, and abc.keystore
    contains getcacert.cer root CA, which I downloaded from Verisign from this
    page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
    ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
    works fine.
    To connect using WebLogic SSL implementation I use following system
    properties:
    java^
    -classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
    -Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
    -Dweblogic.webservice.client.ssl.strictcertchecking=false^
    -Dweblogic.webservice.security.verbose=true^
    -Dweblogic.webservice.client.verbose=true^
    -Dbea.home=.^
    -Djava.protocol.handler.pkgs=com.certicom.net.ssl^
    Client https://MyServer:7002/webservice/ABCConnectService?WSDL
    I converted binary format of the certificate to PEM, but it did not help.
    I am getting this exception:
    [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
    [BaseWLSSLAdapter] : Strict cert checking disabled by default
    [BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
    [BaseWLSSLAdapter] : Loaded local trusted certificates from
    [email protected]
    [BaseWLSSLAdapter] : Disabling strict checking on adapter
    [email protected]
    [BaseWLSSLAdapter] : Set TrustManager to
    webl[email protected]
    [WLSSLAdapter] : Set HostnameVerifier to
    [email protected]
    [BaseWLSSLAdapter] : Loaded local trusted certificates from
    [email protected]
    [BaseWLSSLAdapter] : Disabling strict checking on adapter
    [email protected]
    [BaseWLSSLAdapter] : Set TrustManager to
    [email protected]44a
    [WLSSLAdapter] : Set HostnameVerifier to
    [email protected]
    [BaseWLSSLAdapter] : Got new socketfactory
    [email protected]
    [WLSSLAdapter] :
    openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
    returning
    weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
    bservice/ABCConnectService?WSDL
    [WLSSLAdapter] : -- using HostnameVerifier
    [email protected]
    [WLSSLAdapter] : -- loaded certs from getcacert.cer
    java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
    failure
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
    known Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
    nknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
    at
    com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
    Source)
    at
    weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
    onnection.java:216)
    at
    weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
    nFactory.java:71)
    at
    weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    106)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    82)
    at
    weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
    at Client.main(Client.java:136)

    Michael,
    I guess the getcacert.cer, which is on the client side, should have the
    server's certificate followed by the root CA certificate in .pem format.
    I have it working with this format.
    Could you please try this out and let us know.
    Regards,
    Anurag
    "Michael Jouravlev" <[email protected]> wrote in message
    news:[email protected]
    Hello!
    I installed Verisign test certificate on my server and I am able toconnect
    to the server using Web Service client with JSSE adapter class. Funnily
    enough, I cannot connect using WebLogic SSL library, I get an exception.
    Could someone help me understand, why I cannot connect using WebLogic SSL
    implementation?
    To connect using JSSE I use following system properties:
    java^
    -classpath
    .;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
    r;..\lib\jsse.jar;^
    -Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
    CJSSEAdapter^
    -Djavax.net.ssl.trustStore=abc.keystore^
    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
    Client https://MyServer:7002/webservice/ABCConnectService?WSDL
    where abcconnect-client.jar is the client jar file, and abc.keystore
    contains getcacert.cer root CA, which I downloaded from Verisign from this
    page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
    ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
    works fine.
    To connect using WebLogic SSL implementation I use following system
    properties:
    java^
    -classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
    -Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
    -Dweblogic.webservice.client.ssl.strictcertchecking=false^
    -Dweblogic.webservice.security.verbose=true^
    -Dweblogic.webservice.client.verbose=true^
    -Dbea.home=.^
    -Djava.protocol.handler.pkgs=com.certicom.net.ssl^
    Client https://MyServer:7002/webservice/ABCConnectService?WSDL
    I converted binary format of the certificate to PEM, but it did not help.
    I am getting this exception:
    [BaseWLSSLAdapter] : SSLAdapter verbose output enabled
    [BaseWLSSLAdapter] : Strict cert checking disabled by default
    [BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
    [BaseWLSSLAdapter] : Loaded local trusted certificates from
    [email protected]
    [BaseWLSSLAdapter] : Disabling strict checking on adapter
    [email protected]
    [BaseWLSSLAdapter] : Set TrustManager to
    [email protected]6df
    [WLSSLAdapter] : Set HostnameVerifier to
    [email protected]
    [BaseWLSSLAdapter] : Loaded local trusted certificates from
    [email protected]
    [BaseWLSSLAdapter] : Disabling strict checking on adapter
    [email protected]
    [BaseWLSSLAdapter] : Set TrustManager to
    [email protected]44a
    [WLSSLAdapter] : Set HostnameVerifier to
    [email protected]
    [BaseWLSSLAdapter] : Got new socketfactory
    [email protected]
    [WLSSLAdapter] :
    openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
    returning
    weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
    bservice/ABCConnectService?WSDL
    [WLSSLAdapter] : -- using HostnameVerifier
    [email protected]
    [WLSSLAdapter] : -- loaded certs from getcacert.cer
    java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
    failure
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
    known Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
    nknown Source)
    at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
    Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
    Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
    at
    com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
    Source)
    at
    weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
    onnection.java:216)
    at
    weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
    nFactory.java:71)
    at
    weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    106)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    82)
    at
    weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
    at Client.main(Client.java:136)

  • Error: The chosen certificate was not exported and cannot be used for SSL

    Hello there,
    when I try to configure the profilemanager in OS X Server and it comes to choose a certificate i get the following message:
    The chosen certificate cannot be used.
    The chosen certificate was not exported and cannot be used for SSL.
    I chose our Wildcard certificate we received from Thawte.
    It is completely imported in the Keychain from the Mac.
    (Sorry if any sentence is wrong, I translated it from german to english)
    Best regards,
    Christoph

    Is this a regular web ssl cert or a code signing cert?

  • How to sign a java applet using iPlanet SSL certificate?

    Dear all,
    I have a IPlanet web server with SSL installed,
    can I use the SSL certificate to sign my java applet which will run on the server? how to sign a java applet in this scenario? somebody please help me! thanks!
    yours sincerely
    dashel

    Why can't you create jar files?

  • Use public SSL certificate for WebAccess 8 on SLES10 Linux S

    Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
    Thanks in advance.
    Wilson

    wilsonhandy wrote:
    > Currently my WebAccess 8 server is running on NetWare. I want to move
    > my WebAccess to SLES10 SP3 server and use public SSL certificate from
    > third-party on SLES 10. I think this is just to get apache to use the
    > public cert on SLES 10 Linux server and nothing to change on
    > WebAccess, right?
    Yeah, it's purely an Apache config. No need to do anything to
    WebAccess just to get SSL working.
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms

  • How used single ssl for tow exchange server without clustering

    how used single ssl for tow exchange server without clustering
    exchange 2003 std fron-end server
    used for add new server for owa failover or standby 

    Olivia, hopefully by now you have solved your issue but just for the sake of answering that question here so that people having the same issue can later find it I'll go through the motions:
    there are a couple of ways you can achieve this.
    A. get a certificate for free out there
    B. generate your own self signed "fake" certificate.
    certutil will certainly let you do this, here's how:
    1. First, create a file/directory layout to store your certificates
    mkdir -p /path/to/certificates/selfsignedCA2. Initialize a database for the certificate you want to create
    certutil -N -d /path/to/certificates/selfsignedCA -P "ca-"3. Create a self-signed CA certificate
    certutil -S -x -n "ca-cert" -s "cn=SelfSigned CA Certificate,dc=yourSuffix" -t CTPu -v 120 -d /path/to/certificates/selfsignedCA -P "ca-" -5Note: when prompted, select choice (5) SSL CA and 'y' for critical extensions
    4. Export the your newly created self-signed CA certificate in PEM format
    certutil -L -d /path/to/certificates/selfsignedCA -P "ca-" -n "ca-cert" -a > /path/to/certificates/selfsignedCA.pemthat should get you going
    -=arnaud=-

  • How do I use an SSL Accelerator with iWS 6?

    I have an application that uses iWS 6 sp2 and iAS 6 sp4. The web server exposes a https port. I can get this port to work fine with a certificate requested against the internal module. When I use the module supplied by the SSL accelerator (Sun Crypto Accelerator 1) I can install and view a certificate, but I cannot start the web server. I get the following error in my logs:
    [18/Mar/2002:15:57:17] failure ( 2820): Invalid configuration: File /usr/local/iplanet/servers/https-www.exsel.org.uk/config/server.xml, line 22, column 390: SEC_ERROR_BAD_DER - Certificate is improperly DER encoded : unable to find certificate Server-Cert
    I can see a certificate by this name in the cerfticate database for the additional module. I can view it and it looks good (I'm generating my own certificates at the moment - so I know that the internal and external certificates were generated in the same way).
    Has anyone any experience of using this combination of things?

    I think you are getting your certificates crossed up some how. "Server-Cert" is normally the name of the internal certificate. See what the name of the one installed on your accelerator is and change the name in server.xml to match that. Be sure to backup up all your files first!

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • How to use a key file in the FTP Task using and SSL connection

    In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
    Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site?  If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
    from an SSL FTP site?  Thank you for any help offered.
    public void Main()
    ConnectionManager FTPConn;
    FTPConn = Dts.Connections["FTPServer"];
    FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
    Dts.TaskResult = (int)ScriptResults.Success;
    Antonio

    You can use SFTP for this.
    This is a way of implementing SFTP in SSIS using standard tasks 
    http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
    also see
    http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
    Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

Maybe you are looking for

  • Ipod not being shown in itunes

    Hello all, please please please help me if you can. I have an ipod video 30gb and it started to behave erratically the other day (freezing up, missing songs on play-list and not even playing some when selected), when I connected to itunes a message t

  • Magic mouse gestures mountain lion

    whats happened to magic mouse gestures on mountain lion...i can't even scroll up or down a web page with my magic mouse now....

  • Document types in New GL

    In New GL we have " define document types for entry view in a ledger" and " define document types for a general ledger view in a ledger". It says, we have define different document types if the fiscal year variant is different for a non leading ledge

  • Mandatory  Excise Group in Order (Urgent)

    Hi, I need to make it mandatory to select respective Plant / Excise Group / Series only, so that no-body can select other plant except the respective document. Rgds

  • Byte[] serialization/deserialization BLOB problem

    I want to store an image in DB. I choose to store a byte[], like a BLOB (i use MySql). But when byte[] is serialized in DB in front of the array are inserted 27 bytes. What should i do to store exact the given byte array ? (Or off course an ImageIcon