Apache 1.3.12 running with Raven SSL Proxy

Similar Messages

• Modifying an "ssl-proxy-list" without disturbing the active sessions.

  Hello,
  I would like to know if it is possible to have two SSL modules installed in a CSS11503 with each one having it's own "ssl-proxy-list" ("ssl-proxy-list list1" and "ssl-proxy-list list2"), but the two lists (list1 and list2) are exactly the same.
  I will explain my idea:
  In normal situation the two "ssl-proxy-list" are active and the user's encrypted sessions are load balanced between the two SSL modules. But when we need to make a change to the "ssl-proxy-list", like changing a server's certificate, I would like to be able to suspend one service (type ssl-accel with the "ssl-proxy-list List1" attached to it for example) and wait for all active sessions to terminate before suspending the "ssl-proxy-list list1" for applying the changes.
  Once the first "ssl-proxy-list" is updated I would make it active again and apply the same changes to the second "ssl-proxy-list".
  Doing this this way I would like to be able to upgrade the servers's certificate during the working houres without disturbing the connected users...
  Do you think this way of doing would be possible, or do you have an other solution to modify a "ssl-proxy-list" without disturbing the active running sessions ?
  Thank you for your answer,
  Best regards

  Hi Francois,
  An SSL proxy list may belong to multiple SSL services (one SSL proxy list per service), and an SSL service may belong to multiple content rules. You can apply the services to content rules that allow the CSS to direct SSL requests for content.
  The CSS supports one active SSL service for each SSL module in the CSS, one SSL service per slot. You can configure more than one SSL service for a slot but only a single SSL service can be active at a time.
  No modifications to an SSL proxy list are permitted on an active list. Suspend the list prior to making changes, and then reactivate the SSL proxy list once the changes are complete. Once you have modified the SSL proxy list, suspend the SSL service, reactivate the SSL proxy list, and then reactivate the SSL service.
  You can use maximum 4 different certificates at a time.
  Use the suspend command to suspend an active SSL proxy list.
  To suspend an active SSL proxy list, enter:
  (config-ssl-proxy-list[ssl_list1])# suspend
  use the url below for your reference:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.10/command/reference/CmdSSLC.html
  Kind regards,
  Sachin Garg
  Senior Specialist Security
  HCL Comnet Ltd.
  http://www.hclcomnet.co.in
  A-10, Sector 3, Noida- 201301
  INDIA
  Mob: +91-9911757733
  Email: [email protected]

• ACE SSL Proxy performance issue

  Hi I've got an ACE module in a 6500 that is being used as an SSL Proxy For a web service.
  So the configuration is fairly basic, matches a VIP which has been Nat'ed from the public IP address port 443 and load balances over a number of reservers with the server ports being set to 80.
  The problem is the main web site is hosted elsewhere and so when they switch to checkout on a secure port the browser page requests multiple https:// files .
  The users are seeing very slow page loads a considerable amount longer than equivalent on http and more than you'd expect. The ACE is no where near any throughout or transaction limits.
  My concern is on how the session is tracked, would the ACE attempt to renegotiate with every https:// get? I've seen example configs for stickiness inserting cookies for normal end-end load balancing but not with an SSL proxy configuration.
  Sent from Cisco Technical Support iPad App

  Hi Craig,
  The SSL negotiation/handshake will happen everytime a client opens a new TCP connection i.e comes with a different source port.
  To make sure that ACE doesn't renegotiate you can try and use this command:
  (config-parammap-ssl)# session-cache timeout . You can use 24 hours or anytime you think is suitable.
  This is basically to enable SSL session reuse. A little explanation below for your reference:
  When client connects to a server over SSL, the server creates a session for that connection. This session ID is sent as a part of the Server Hello message. This is to make things efficient, in case the client has any plans of closing the current connection and reconnect in the near future. Most of the servers have a time out for these sessions (I think 24 hours is a common value, unless pressed for space).
  When the client connects to the same server again, it can send the same session ID as a part of the Client Hello. The server will first look up if it can find any sessions with that ID. If found, the same session will be reused. Thus the time spent in verifying the certs and negotiating the keys is saved. If the server cannot find a matching session, then it responds with a new session ID and its certificate in Server Hello message. The client knows that it has to verity the cert and negotiate the key again.
  Considerable amount of time is spent in validating server certs. Reusing SSL session will save this time.
  Having said that you need to check if the client is coming with a session ID which it got in previous handshake or not. If it doesn't and it is a new TCP connection then SSL handshake will happen. Please enable that command before testing.
  Also, ensure that you have allocated proper SSL resources to your context. Lack of resources can also cause dropped connections and sluggish performance.
  Regards,
  Kanwal

• Apache Trinidad is running with time-stamp checking enabled.

  Experts,
  Contents of my web.xml file
  <context-param>
      <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
      <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
      <param-value>false</param-value>
    </context-param>When my application runs i get the following on the weblogic console
  <ViewHandlerImpl> <_checkTimestamp> Apache Trinidad is running with time-stamp checking enabled. This should not be used in a production environment. See the org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION property in WEB-INF/web.xml
  <UIXEditableValue> <_isBeanValidationAvailable> A Bean Validation provider is not present, therefore bean validation is disabled
  Isnt it a bit strange ? Please advise what is wrong.
  thnks
  jdev 11.1.2.1

  If you're talking about the integrated WLS, time-stamp checking is automatically enabled no matter what so that changes you make in the IDE can be picked up. It's nothing to worry about.
  John

• [SOLVED]Ruby on Rails won't run with apache/passenger

  Hi I want to run Redmine, a Ruby on Rails application, on a personal server using MariaDB as the database and Apache with the Phusion Passenger module as the application platform. So far I am able to run Redmine with the default WeBrick server, but if I try to run it via Apache (http://192.168.1.5/redmine) I just get the directory index of  /usr/share/webapps/redmine. I've been running various php webapps using this apache installation without issues but my unfamiliarity with Ruby on Rails makes me unsure how to fix this. If I create a Ruby on Rails test  application as described at https://wiki.archlinux.org/index.php/Ru … figuration I get the same issue.
  Using the arch wiki articles on Ruby on Rails and Redmine, This is basically how I installed things:
  $ yaourt -S ruby1.9 rubygems1.9 nodejs redmine
  # gem-1.9 install rails
  # gem-1.9 install passenger
  /opt/ruby-1-9/ and subfolders ended up having no read/exexute permissions for 'other', probably because of my umask settings, so I changed the permissions, also because apache runs as user/group 'apache'.
  Ran the script that installs the passenger apache module:
  # /opt/ruby1.9/bin/passenger-install-apache2-module
  added to httpd.conf:
  LoadModule passenger_module /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/passenger-4.0.5/libout/apache2/mod_passenger.so
  PassengerRoot /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/passenger-4.0.5
  PassengerDefaultRuby /opt/ruby1.9/bin/ruby
  ServerName arch-server
  DocumentRoot /usr/share/webapps
  <Directory "/usr/share/webapps">
  # This relaxes Apache security settings.
  AllowOverride all
  Order allow,deny
  Allow from all
  # MultiViews must be turned off.
  Options -MultiViews
  </Directory>
  I checked if the passenger module is loaded, and judging from /var/log/httpd/error_log that seems the case:
  [ 2013-07-03 22:52:22.8947 28902/b7407700 agents/Watchdog/Main.cpp:440 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nobody', 'default_python' => 'python', 'default_ruby' => '/opt/ruby1.9/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_instances_per_app' => '0', 'max_pool_size' => '6', 'passenger_root' => '/opt/ruby1.9/lib/ruby/gems/1.9.1/gems/passenger-4.0.5', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_pid' => '28901', 'web_server_type' => 'apache', 'web_server_worker_gid' => '1001', 'web_server_worker_uid' => '1006' }
  [ 2013-07-03 22:52:22.9120 28905/b73bd700 agents/HelperAgent/Main.cpp:555 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.28901/generation-0/request
  [ 2013-07-03 22:52:22.9262 28902/b7407700 agents/Watchdog/Main.cpp:564 ]: All Phusion Passenger agents started!
  [ 2013-07-03 22:52:22.9266 28910/b71dd700 agents/LoggingAgent/Main.cpp:271 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.28901/generation-0/logging
  [Wed Jul 03 22:52:22 2013] [notice] Apache/2.2.24 (Unix) PHP/5.4.16 mod_ssl/2.2.24 OpenSSL/1.0.1e DAV/2 Phusion_Passenger/4.0.5 configured -- resuming normal operations
  'apachectl configtest' gives 'Syntax OK'.
  I followed the wiki on redmine (https://wiki.archlinux.org/index.php/Redmine), chose to use "bundle install" to install the required gems with only a 'production' environment. What worried me is that those gems are now in /root/.gems while the webserver runs as user 'apache'.
  I can run Redmine at 192.168.1.5:3000 without errors using:
  # ruby script/rails server webrick -e production
  But if I kill it and try via apache http://192.168.1.5/redmine I get a directory content listing.
  Last edited by rwd (2013-07-04 21:00:10)

  Thanks markocz, my use of sub-url was indeed the problem. With help from the linked article I did the following:
  # mkdir /usr/share/webapps/phusion-passenger/
  # ln -s /usr/share/webapps/redmine/public /usr/share/webapps/phusion-passenger/redmine
  # chown -R root:http /usr/share/webapps/
  # chmod -R g+rx /usr/share/webapps/
  httpd.conf now looks like this:
  LoadModule passenger_module /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/passenger-4.0.5/libout/apache2/mod_passenger.so
  PassengerRoot /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/passenger-4.0.5
  PassengerDefaultRuby /opt/ruby1.9/bin/ruby
  ServerName arch-server
  DocumentRoot /usr/share/webapps/phusion-passenger
  <Directory "/usr/share/webapps/phusion-passenger">
  # This relaxes Apache security settings.
  AllowOverride all
  Order allow,deny
  Allow from all
  # MultiViews must be turned off.
  Options +FollowSymLinks
  </Directory>
  RailsBaseURI /redmine
  <Directory "/usr/share/webapps/phusion-passenger/redmine">
  Options -MultiViews
  </Directory>
  Redmine now works via passenger.
  Last edited by rwd (2013-07-04 20:59:40)

• Anyone able to run SOAP over SSL with Weblogic 5.1 and without purchasing third party tools???  If so, how???

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

• Trying to upgrade Apache on Solaris 10; errors with make

  Hi all, I have Apache 2.2.6 running on a Solaris 10 server and I want to upgrade it to Apache 2.2.25 using config.nice. I've been having lots of problems related to the compiler, but I finally got config.nice to run. Now when I run make (using GNU make) I get the following error:
  httpd-2.2.25/ => /usr/local/bin/make
  Making all in srclib
  make[1]: Entering directory `/export/home/voyager/httpd-2.2.25/srclib'
  Making all in pcre
  make[2]: Entering directory `/export/home/voyager/httpd-2.2.25/srclib/pcre'
  make[3]: Entering directory `/export/home/voyager/httpd-2.2.25/srclib/pcre'
  /usr/local/apr-httpd//build-1/libtool --silent --mode=compile /usr/local/bin/gcc -g -O2  -s -m32 -I/m1/shared/temp/include  -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE    -I/export/home/voyager/httpd-2.2.25/srclib/pcre -I. -I/export/home/voyager/httpd-2.2.25/os/unix -I/export/home/voyager/httpd-2.2.25/server/mpm/prefork -I/export/home/voyager/httpd-2.2.25/modules/http -I/export/home/voyager/httpd-2.2.25/modules/filters -I/export/home/voyager/httpd-2.2.25/modules/proxy -I/export/home/voyager/httpd-2.2.25/include -I/export/home/voyager/httpd-2.2.25/modules/generators -I/export/home/voyager/httpd-2.2.25/modules/mappers -I/export/home/voyager/httpd-2.2.25/modules/database -I/usr/local/apr-httpd//include/apr-1 -I/usr/local/apr-util-httpd//include/apr-1 -I/export/home/voyager/httpd-2.2.25/server -I/export/home/voyager/httpd-2.2.25/modules/proxy/../generators -I/export/home/voyager/httpd-2.2.25/modules/ssl -I/export/home/voyager/httpd-2.2.25/modules/dav/main  -prefer-non-pic -static -c maketables.c && touch maketables.lo
  libtool: compile: unable to infer tagged configuration
  libtool: compile: specify a tag with `--tag'
  make[3]: *** [maketables.lo] Error 1
  make[3]: Leaving directory `/export/home/voyager/httpd-2.2.25/srclib/pcre'
  make[2]: *** [all-recursive] Error 1
  make[2]: Leaving directory `/export/home/voyager/httpd-2.2.25/srclib/pcre'
  make[1]: *** [all-recursive] Error 1
  make[1]: Leaving directory `/export/home/voyager/httpd-2.2.25/srclib'
  make: *** [all-recursive] Error 1
  I've searched and searched and haven't been able to find anything that explains what the problem is. Can anyone help me with this?
  Here is my config.nice
  #! /bin/sh
  # Created by configure
  CC="/usr/local/bin/gcc"; export CC
  CFLAGS="-s -m32 -I/m1/shared/temp/include"; export CFLAGS
  LDFLAGS="-m32 -L/lib -L/usr/lib -L/m1/shared/temp"; export LDFLAGS
  "./configure" \
  "--with-apr=/usr/local/apr-httpd" \
  "--with-apr-util=/usr/local/apr-util-httpd" \
  "LIBTOOL=/m1/shared/httpd/2.2.6/build/libtool --tag=CC" \
  "--enable-deflate=static" \
  "--enable-reqtimeout" \
  "--enable-mods-shared=all vhost-alias unique-id v4-mapped rewrite mime-magic charset-lite" \
  "--without-berkely-db" \
  "--prefix=/m1/shared/apache2" \
  "CC=/usr/local/bin/gcc" \
  "CFLAGS=-s -m32 -I/m1/shared/temp/include" \
  "LDFLAGS=-m32 -L/lib -L/usr/lib -L/m1/shared/temp" \
  "$@"
  I've tried running it with /usr/local/apr-httpd/build-1/libtool and get the same error.

  apache should be using its local copy of libtool, at least thats what i see when i build from src.  just reran to make sure i wasnt seeing things:
  gmake
  Making all in srclib
  gmake[1]: Entering directory `/work/httpd-2.2.25/srclib'
  Making all in apr
  gmake[2]: Entering directory `/work/httpd-2.2.25/srclib/apr'
  gmake[3]: Entering directory `/work/httpd-2.2.25/srclib/apr'
  /bin/bash /work/httpd-2.2.25/srclib/apr/libtool --silent --mode=compile gcc -g -O2   -DHAVE_CONFIG_H -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE   -I./include -I/work/httpd-2.2.25/srclib/apr/include/arch/unix -I./include/arch/unix -I/work/httpd-2.2.25/srclib/apr/include/arch/unix -I/work/httpd-2.2.25/srclib/apr/include  -o passwd/apr_getpass.lo -c passwd/apr_getpass.c && touch passwd/apr_getpass.lo
  /bin/bash /work/httpd-2.2.25/srclib/apr/libtool --silent --mode=compile gcc -g -O2   -DHAVE_CONFIG_H -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE   -I./include -I/work/httpd-2.2.25/srclib/apr/include/arch/unix -I./include/arch/unix -I/work/httpd-2.2.25/srclib/apr/include/arch/unix -I/work/httpd-2.2.25/srclib/apr/include  -o strings/apr_cpystrn.lo -c strings/apr_cpystrn.c && touch strings/apr_cpystrn.lo
  have you tried a gmake distclean and then rerun configure with all your options to make sure the build/obj dir is clean?

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Convergence with LDAP SSL Failure

  Hello,
  I'm now having a problem securing connections between Convergence and my LDAP server.
  Once I set it in iwcadmin, ugldap.enablessl to true and change the port to 636, the following error occurs and convergence just couldn't authenticate.
  server.log in Glassfish 2.1.1, enterprise profile using NSS keystore
  [#|2010-11-12T20:17:15.208+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|LDAPS:Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values|#]
  [#|2010-11-12T20:17:15.209+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap.LDAPSingleHostPool|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|buildConnection: got LDAPException while connecting to Pool number:0. Host=<ldaphost> :netscape.ldap.LDAPException: Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values (91)|#]
  HTTP SSL connections to Webmail server and calendar servers are fine. I tried deploying the same configuration using developer profile with JKS keystore, the SSL authentication goes through then, but I need clustering for high availability.
  Does anyone have any ideas?
  Thanks so much in advance!
  Mathew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Connect OEPE to a Weblogic Server running in Production SSL mode

  I am trying to connect an ECLIPSE IDE to a production Weblogic Server domain. However when I add the AdminServer to the IDE I get the message that it is Stopped but Synchronized. Therefore I cannot deploy any code directly from the IDE. How do you get Eclipse to connect to a production domain running with SSL enabled?

  According to the Oracle docs you can connect via ssl to a domain in development mode using the demo certificates. See
  http://download.oracle.com/docs/cd/E11035_01/wls100/secmanage/identity_trust.html - Configuring Demo Certificates for Clients
  I was wondering if it was possible using proper certificates and a production domain.

• Load Balancing with BigIP / SSL question

  I have an oddball question. We're load balancing ColdFusion
  MX7 across 3 servers using a BigIP load balancing server. We
  decided to go the hardware approach and it has been great except
  for one small configuration issue.
  We use a mix of SSL and non SSL pages, prior to the switch
  from a single server to a load balanced setup I used to script that
  would determine if a page that was supposed to be SSL had the
  variable CGI.HTTPS turned on or off. If it was off, the page would
  redirect back to itself with the SSL turned on.
  The problem we have is that we followed BigIP's instruction
  to secure the load balancing hardware instead of the three servers
  running behind it. So what happens is that the traffic goes to the
  load balancer port 441, but then the calls from the load balancer
  to the individual servers is port 80. So even if a page is called
  as HTTPS://... the coldfusion server says that CGI.HTTPS is "off"
  since the traffic is port 80.
  This isn't much of a problem, our SSL pages are linked as
  HTTPS:// and the only problem would actually arise if someone was
  to type in the URL and call it as HTTP rather than HTTPS.
  My questions is this, does anyone know of a way that I can
  detect if the page should be HTTPS and is not without changing our
  configuration and putting SSL certificates on each individual
  server?

  Hey,
  Well the load balancing with the BigIP device is really very
  amazing. I think
  what i liked most was swapping out servers when their lease
  was up, through the
  BigIP manager I just stopped all traffic to a server, shut it
  down, plugged in
  the new one and turned traffic back on. It was really very
  easy.
  The SSL stuff still gives me a headache to think about. but
  I should mention I
  no longer work where I was, plus now I'm all .net C# but
  that's a different
  story.
  I think if I was going to do this all again I would not have
  secured the bigIP
  unit. It was nice to buy one SSL cert for all the servers I
  attached rather
  than one per server, but getting the SSL sites to work
  properly was a headache.
  We also use windows file replication where now I would go
  with like a pair of
  Dell MD1000's mirrored for storage and just have tons of ram
  and cpu on the
  front end units. Depends what you want to spend I guess. I
  think the bigIP unit
  we bought was like 20 grand, i think they are cheaper now
  though.
  Hope I helped.

• Cant get redmine to run with lighttpd under Arch

  Hi, I posted this already in the Redmine forum but I get no answer there since yesterday, so therefore I am trying here now hoping that someone gets me a hint.
  Searching the error with google finds solutions but none of them works for me (Mostly "seems you got no bundle installed", I have that).
  I am trying the whole day to get lighttpd to run with redmine, but I can not get a solution to that error.
  May 14 17:50:04 redmine lighttpd-angel[586]: /usr/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': cannot load such file -- bundler/setup (LoadError)
  May 14 17:50:04 redmine lighttpd-angel[586]: from /usr/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
  May 14 17:50:04 redmine lighttpd-angel[586]: from /srv/http/redmine/config/boot.rb:6:in `<top (required)>'
  May 14 17:50:04 redmine lighttpd-angel[586]: from /usr/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
  May 14 17:50:04 redmine lighttpd-angel[586]: from /usr/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
  May 14 17:50:04 redmine lighttpd-angel[586]: from /srv/http/redmine/public/dispatch.fcgi:3:in `<main>'
  I searched the web for "cannot load such file -- bundler/setup (LoadError)" and I get some results but none of the solutions helped.
  I got all gems installed and the test with "ruby script/rails server webrick -e production" runs, bringing up a working redmine on localhost:3000 however lighttpd keeps crashing.
  Here the versions that I have installed
  # cd /srv/http/redmine
  # bundle install
  Using <various gems>
  Your bundle is complete!
  Gems in the groups development and test were not installed.
  Use `bundle show [gemname]` to see where a bundled gem is installed.
  # ruby --version
  ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]
  # gem --version
  2.0.0
  # rake --version
  rake, version 10.0.4
  # bundle --version
  Bundler version 1.3.5
  I am running archlinux and that's not the first webserver I set up with arch, however the first attempt with ruby and lighttpd. Testing redmine with unicorn or webrick works, the site is up, I can login as admin and create users and content, but I can not use unicorn or webrick, because I need SSL for redmine...
  I am quite lost now, how can I get the thing up?

  You didn't include the root cause of  the error - it's somewhere more up in the error log. Rerunning systemctl like this should get you better feedback.
  systemctl --full -n 100 status lighttpd
  Anyway no matter the cause it's likely not the only problem you can run into while setting up redmine - so i'll give you my entire step-by-step configuration with php that works  (Tested it all in virtualbox with latest packages) and you might figure out what you did wrong.
  Make sure you have installed the neccessary stuff - in my case following
  pacman --needed --noconfirm -S mariadb mariadb-clients subversion ruby imagemagick lighttpd php php-cgi php-fpm fcgi base-devel
  Get redmine
  [ -d /srv/http ] || mkdir -p /srv/http
  cd /srv/http
  svn co http://svn.redmine.org/redmine/branches/2.3-stable redmine
  cd redmine
  Create database access for redmine
  mysql -u root -e "CREATE DATABASE redmine CHARACTER SET utf8;"
  mysql -u root -e "CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password';"
  mysql -u root -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';"
  Copy database config and modify the desired sections of file accordingly
  cp config/database.yml.example config/database.yml
  production:
  adapter: mysql2
  database: redmine
  host: localhost
  username: redmine
  password: my_password
  encoding: utf8
  Install gems and setup redmine
  cp public/dispatch.fcgi.example public/dispatch.fcgi
  gem install bundler --no-user-install
  echo 'gem "fcgi"' > Gemfile.local
  bundle install --without development test
  rake generate_secret_token
  RAILS_ENV=production rake db:migrate
  RAILS_ENV=production REDMINE_LANG=en rake redmine:load_default_data
  Modify permissions
  mkdir -p files log tmp tmp/pdf public/plugin_assets
  chown -R http:http files log tmp public/plugin_assets
  chmod -R 755 files log tmp public/plugin_assets
  Test redmine
  ruby script/rails server webrick -e production -p 8080
  Configure your /etc/lighttpd/lighttpd.conf - here is mine.
  Now if your redmine runs in subdirectory (like mine) fix the routes in 'config/routes.rb' by replacing
  RedmineApp::Application.routes.draw do
  root :to => 'welcome#index', :as => 'home'
  with
  Redmine::Utils::relative_url_root = '/redmine'
  RedmineApp::Application.routes.draw do
  scope ActionController::Base.relative_url_root do
  root :to => 'welcome#index', :as => 'home'
  Don't forget to add an extra 'end' to the end of file and you should be done. Start your lighttpd and visit your redmine. For futher debug check what's in the following
  systemctl --full -n 100 status lighttpd
  redmine/log/production.log
  your lighttpd error log
  Hope i helped you - so drop me a feedback
  Edit: Guess it's obvious, but make sure the user that runs lighttpd has all permissions for the folders in which you create sockets...
  Last edited by markocz (2013-07-04 12:09:02)

• Apache flex 4.8.0 with flash builder 4.7 beta 1

  Hi
  Just downloaded the Apache Flex 4.8.0 with their installer application and tried to use it with flash builder 4.7 beta 1.
  I created a new flex project and configured it to use the apache flex 4.8.0.
  Then try to run the project but hundreds of actionscript errors occur.
  VerifyError: Error #1014: Class mx.core::UIComponent could not be found.
    at flash.display::MovieClip/nextFrame()
            at mx.managers::SystemManager/deferredNextFrame()[/Users/cframpto/dev/master/frameworks/proj ects/framework/src/mx/managers/SystemManager.as:286]
            at mx.managers::SystemManager/preloader_preloaderDocFrameReadyHandler()[/Users/cframpto/dev/ master/frameworks/projects/framework/src/mx/managers/SystemManager.as:2635]
            at flash.events::EventDispatcher/dispatchEventFunction()
            at flash.events::EventDispatcher/dispatchEvent()
            at mx.preloaders::Preloader/timerHandler()[/Users/cframpto/dev/master/frameworks/projects/fr amework/src/mx/preloaders/Preloader.as:523]
            at flash.utils::Timer/_timerDispatch()
            at flash.utils::Timer/tick()
  VerifyError: Error #1014: Class spark.components.supportClasses::SkinnableComponent could not be found.
  VerifyError: Error #1014: Class spark.components::Application could not be found.
  Does anyone had the same issue?
  cyrill

  Hi Crill,
  I don't see any error on creating new projects and running the same.
  Where did you get the installer from?
  What is the framework linkage type? You can check this in project properties -> flex build path. It should be Merged into code for Apache SDK.
  thanks,
  Sudhir

• Anyone using Cisco Clean Access with Juniper SSL VPN?

  We're testing Cisco Clean Access with Juniper SSL VPN, and are running into a problem with single sign on. The Juniper box is sending the user's source IP as the framed-ip-address, and not the Network Connect assigned IP, which is why we need to get SSO to work. Has anyone done this, and what did you do to get it working? Thanks.

  Hi,
  I've no experience with this app but it does list
  Juniper as a sujpported client:
  http://www.equinux.com/us/products/vpntracker/interoperability.html

• DS 1.2 SDK extension component cause APS running with error

  By following DS Administrator Guide Section 6.1.3, we are able to successfully deploy the extension to the BI platform (BO 4.1 SP2 version 14.1.2.1121) from the DS design tools.
  However, after restarting Adaptive Processing Servers, it state become "Running with Errors".
  By checking the properties, the error came from Analysis Application Service "Unable to initialize service. LogID:"
  With this error, attempt to execute a simple DS analysis application (e.g. standard desktop blank template - blank page) on BI platform will result in error.
  "A session with the Application Service could not be established."
  The initial exception that caused the request to fail, was:
  Analysis Applications enterprise client was unable to open the session: while trying to invoke the method com.sap.ip.bi.zen.boe.server.transport.corba.ZenServiceImpl.openSession(com.sap.ip.bi.zen.boe.transport.corba.CorbaLocale, java.lang.String, java.lang.String, com.crystaldecisions.thirdparty.org.omg.PortableServer.POA) of an object loaded from field com.sap.framework.services.zen.Zen.zenService of an object loaded from local variable 'this'
  com.sap.ip.bi.zen.boe.client.ZenRemoteException: Analysis Applications enterprise client was unable to open the session: while trying to invoke the method com.sap.ip.bi.zen.boe.server.transport.corba.ZenServiceImpl.openSession(com.sap.ip.bi.zen.boe.transport.corba.CorbaLocale, java.lang.String, java.lang.String, com.crystaldecisions.thirdparty.org.omg.PortableServer.POA) of an object loaded from field com.sap.framework.services.zen.Zen.zenService of an object loaded from local variable 'this' at com.sap.ip.bi.zen.boe.client.enterprise.ZenEnterpriseClient.openSession(ZenEnterpriseClient.java:163) at com.sap.ip.bi.zen.boe.remoting.BIRemoteExecutionService.createNewSessionContainer(BIRemoteExecutionService.java:222) at com.sap.ip.bi.zen.boe.remoting.BIRemoteExecutionService.getZenSessionContainer(BIRemoteExecutionService.java:184) at com.sap.ip.bi.zen.boe.remoting.BIRemoteExecutionService.getZenSessionContainer(BIRemoteExecutionService.java:165) at com.sap.ip.bi.zen.boe.remoting.BIRemoteExecutionService.executeRequest(BIRemoteExecutionService.java:125) [...]
  Uninstall the SDK extension and restart the APS will bring everything back to normal.  Have tried others SDK extension package and all give the same problem.
  Following error message found in BI Log
  1B07420EA054E8A885B28ED475B19202e|2014 03 19 15:18:25.637|-0400|Error| |==|E| |aps_VMOGPSAP01.APS.Analysis|11304|  52|service builder-2| ||||||||||||||||||||com.sap.ip.bi.base.exception.BIBaseRuntimeException||BI exception with class "BIBaseRuntimeException" and message "Error: Failure in system landscape initialization: No connection with name "" found". See default trace for log ID "f1277229-852b-4ddf-a7ad-093844d787c9".
  |81B07420EA054E8A885B28ED475B19202f|2014 03 19 15:18:25.638|-0400|Error| |==|E| |aps_VMOGPSAP01.APS.Analysis|11304|  52|service builder-2| ||||||||||||||||||||com.sap.framework.services.ps.PS||PS Service start() failed. An unexpected exception has occured: Error: Failure in system landscape initialization: No connection with name "" found
  com.sap.ip.bi.base.exception.BIBaseRuntimeException: Error: Failure in system landscape initialization: No connection with name "" found
    at com.sap.pioneer.services.service.core.landscape.BoeConnectorLandscape.initializeBoeEnterpriseService(BoeConnectorLandscape.java:253)
    at com.sap.framework.services.ps.PS.start(PS.java:227)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.businessobjects.framework.servers.platform.modules.scope.internal.ScopeListener.fireEvent(ScopeListener.java:107)
    at com.businessobjects.framework.servers.platform.modules.scope.internal.ScopeListener.notifyScopeStart(ScopeListener.java:70)
    at com.businessobjects.framework.servers.platform.modules.scope.internal.AbstractScopeAgent.createScope(AbstractScopeAgent.java:194)
    at com.businessobjects.framework.servers.platform.modules.contextscope.ContextScopeAgent.createScope(ContextScopeAgent.java:48)
    at com.businessobjects.framework.servers.platform.deployment.core.RegisterBeanModule.process(RegisterBeanModule.java:51)
    at com.businessobjects.framework.servers.platform.deployment.DeploymentEngine.execute(DeploymentEngine.java:221)
    at com.businessobjects.framework.servers.platform.deployment.DeploymentEngine.postServiceStart(DeploymentEngine.java:169)
    at com.businessobjects.framework.servers.platform.deployment.AbstractPJSService.activateService(AbstractPJSService.java:126)
    at com.businessobjects.framework.servers.platform.deployment.servicebuilder.AbstractServiceBuilder.startService(AbstractServiceBuilder.java:332)
    at com.businessobjects.framework.servers.platform.lifecycle.internal.LifeCycleManager$ServiceController.startSvc(LifeCycleManager.java:226)
    at com.businessobjects.framework.servers.platform.lifecycle.internal.LifeCycleManager$ServiceController.call(LifeCycleManager.java:177)
    at com.businessobjects.framework.servers.platform.lifecycle.internal.LifeCycleManager$ServiceController.call(LifeCycleManager.java:155)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:138)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:743)
  Any ideas?
  Thanks.
  Message was edited by: Sunny Chau
  Coworker help me to solve this problem.  Solution below
  To resolve this issue:
  1. Go to the properties of the APS service for Design Studio in your CMC console.
  2. Go to the command line parameters and append the following line to the parameters listed:
  -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl
  3. Hit save and close
  4. Restart the APS server
  5. Test your page again and the issue should now be resolved.

  Repost the solution for clear visibility.
  Solution below To resolve this issue:
  1. Go to the properties of the APS service for Design Studio in your CMC console.
  2. Go to the command line parameters and append the following line to the parameters listed: -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl
  3. Hit save and close
  4. Restart the APS server
  5. Test your page again and the issue should now be resolved.