Apache 2.4 problem with SSL

hello,
i have updated my configuration to apache 2.4, i replaced my httpd.conf with the pacnew one. I use mod_mpm_prefork.so.
i can access regular websites (http) and php is ok.
Nevertheless i have an handshake error when i try to access https website
this is my ssl.conf
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex sysvsem default
my website in https
<VirtualHost *:443>
ServerName myadmin.com:443
ServerAdmin [email protected]
ServerSignature Off
SSLEngine on
SSLOptions +StrictRequire
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile /data/system/etc/httpd/ssl/ca.crt
SSLCertificateFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.crt
SSLCertificateKeyFile /data/system/etc/httpd/ssl/hostadmin.myadmin.com.key
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
<Location />
SSLRequireSSL
SSLVerifyClient require
SSLRenegBufferSize 524288000
</Location>
DocumentRoot "/data/www_ssl/hostadmin/_www"
ErrorLog "/data/www_ssl/hostadmin/logs/error.log"
TransferLog "/data/www_ssl/hostadmin/logs/access.log"
CustomLog "/data/www_ssl/hostadmin/logs/access_ssl.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
<Directory "/data/www_ssl/hostadmin/_www">
DirectoryIndex index.php index.html index.htm
Options ExecCGI Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"
<Directory "/usr/share/webapps/phpMyAdmin">
AllowOverride None
Options FollowSymlinks
Require all granted
</Directory>
</VirtualHost>
if somebody can give me an example of ssl.conf
thanks for your help
Last edited by freaks (2014-03-18 10:37:02)

freaks wrote:if somebody can give me an example of ssl.conf
Hi freaks; you can find an example SSL configuration file here on your system:
/etc/httpd/conf/extra/httpd-ssl.conf
It’s full of comments describing what the different options are.
Apache’s documentation on SSL is full of good stuff, including a howto.
As far as selecting ciphers go, you could do worse than following Qualys’ advice on the subject.
Paul
Last edited by prelog (2014-03-19 04:05:40)

Similar Messages

Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
A) We're at version 11 ---- these kinds of issues should have been fixed years ago
B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
My tests seem to show that
(a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
(b) if a dialog is at a higher level, this is a global setting.
So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back. So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

Glibc-2.9.2-i686 breaks apache and causes problems with samba?

I could not start the apache daemon. The output from /usr/sbin/apachectl start is
httpd: ../sysdeps/posix/getaddrinfo.c:1465: rfc3484_sort: Assertion `src->results[i].native == -1 || src->results[i].native == a2_native' failed.
/usr/sbin/apachectl: line 78: 2933 Aborted $HTTPD -k $ARGV
The getaddrinfo.c, I believe, is in the glibc package.
Also, I get error logs in my /var/log/samba directory named like "__ffff" followed by the IP address of a remote client. In one of them it says that samba is dumping core and contains
[2008/12/24 18:47:10, 0] lib/util.c:log_stack_trace(1767)
BACKTRACE: 23 stack frames:
#0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7cda584]
#1 /usr/sbin/smbd(smb_panic+0x80) [0xb7cda6e1]
#2 /usr/sbin/smbd [0xb7cc5033]
#3 [0xb7a31400]
#4 /lib/libc.so.6(abort+0x188) [0xb733b0c8]
#5 /lib/libc.so.6(__assert_fail+0xee) [0xb73326ee]
#6 /lib/libc.so.6 [0xb73c7a01]
#7 /lib/libc.so.6 [0xb733b888]
#8 /lib/libc.so.6(qsort_r+0x291) [0xb733bdd1]
#9 /lib/libc.so.6(getaddrinfo+0x7cf) [0xb73c91ff]
#10 /usr/sbin/smbd [0xb7cdca56]
#11 /usr/sbin/smbd(get_mydnsfullname+0x181) [0xb7cdcc5d]
#12 /usr/sbin/smbd(get_mydnsdomname+0x17) [0xb7cdada1]
#13 /usr/sbin/smbd [0xb7b7af8c]
#14 /usr/sbin/smbd(ntlmssp_update+0x297) [0xb7b792d6]
#15 /usr/sbin/smbd(auth_ntlmssp_update+0x48) [0xb7d27cc1]
#16 /usr/sbin/smbd [0xb7b04ecf]
#17 /usr/sbin/smbd(reply_sesssetup_and_X+0x1c4) [0xb7b057cd]
#18 /usr/sbin/smbd [0xb7b39f16]
#19 /usr/sbin/smbd(smbd_process+0x429) [0xb7b3ba61]
#20 /usr/sbin/smbd(main+0xfa2) [0xb7f2bbc7]
#21 /lib/libc.so.6(__libc_start_main+0xe5) [0xb73256c5]
#22 /usr/sbin/smbd [0xb7abfa81]
I downgraded glibc to 2.8-3 and I can now start apache. No problems with samba yet either although I had to make pacman skip dependency checks because a number of packages depended on glibc >= 2.9.

getaddrinfo.c - this is place where glibc 2.9 has a major change in IP resolving. see the bugreport we had and still have. search google and upstream (Fedora/RedHat) for reports.
maybe a simple recompile of the affected packages can help. holding an outdated version is a bad solution. new packages compiled against the new version may use new functions and break with the old one.

TS3899 iPad mail account says problem with 'ssl settings' - can you help me?

iPad mail account says problem with 'ssl settings' - can you help me?

The 4Gs hardware, only 256 MB of RAM, prohibits updating beyond 6.1.6.
Starting when iOS 7 was released, Apple now allows downloading the last compatible version of some apps (iOS 4.2.1 and later only)
App Store: Downloading Older Versions of Apps on iOS - Apple Club
App Store: Install the latest compatible version of an app
You first have to download the non-compatible version on your computer. Then when you try to purchase the version on your iPod you will be offered a compatible version if one exists.

Problem with SSL weblogic plug in and Apache

We're using mod_wl_22.so with Apache, and after some problems with the mod failing on startup it is now working. We can access the weblogic SSL page fine directly on port 16101 with no warning, when we try via the proxy we get a failure of server Apache bride --------------------------------------------------------------------------------
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF. And in the wl_proxy.log there is a message that I think relates to the trustedcertfile in our http.conf file. We have a root certificate in pem format as the trustedcertfile.
================New Request: [GET /irm_desktop HTTP/1.1] =================
Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL is configured
Thu Jan 27 21:52:15 2011 <258812961651354> INFO: SSL configured successfully
Thu Jan 27 21:52:15 2011 <258812961651354> Using Uri /irm_desktop
Thu Jan 27 21:52:15 2011 <258812961651354> After trimming path: '/irm_desktop'
Thu Jan 27 21:52:15 2011 <258812961651354> The final request string is '/irm_desktop'
Thu Jan 27 21:52:15 2011 <258812961651354> SEARCHING id=[sealedinfo-prod:16101] from current ID=[sealedinfo-prod:16101]
Thu Jan 27 21:52:15 2011 <258812961651354> The two ids matched
Thu Jan 27 21:52:15 2011 <258812961651354> @@@FOUND...id=[sealedinfo-prod:16101], server_name=[uat.sealedinfo.com], server_port=[443]
Thu Jan 27 21:52:15 2011 <258812961651354> attempt #0 out of a max of 5
Thu Jan 27 21:52:15 2011 <258812961651354> Trying a pooled connection for '10.10.10.10/16101/16101'
Thu Jan 27 21:52:15 2011 <258812961651354> getPooledConn: No more connections in the pool for Host[10.10.10.10] Port[16101] SecurePort[16101]
Thu Jan 27 21:52:15 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:15 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:15 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:15 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:15 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:15 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:15 2011 <258812961651354> Local Port of the socket is 63867
Thu Jan 27 21:52:15 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:15 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63867
Thu Jan 27 21:52:15 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> attempt #1 out of a max of 5
Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63868
Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63868
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> attempt #2 out of a max of 5
Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63869
Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63869
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> attempt #3 out of a max of 5
Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63870
Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63870
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> attempt #4 out of a max of 5
Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63871
Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63871
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> attempt #5 out of a max of 5
Thu Jan 27 21:52:16 2011 <258812961651354> general list: trying connect to '10.10.10.10'/16101/16101 at line 2658 for '/irm_desktop'
Thu Jan 27 21:52:16 2011 <258812961651354> New SSL URL: match = 0 oid = 22
Thu Jan 27 21:52:16 2011 <258812961651354> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Jan 27 21:52:16 2011 <258812961651354> EINPROGRESS in connect() - selecting
Thu Jan 27 21:52:16 2011 <258812961651354> Setting peerID for new SSL connection
Thu Jan 27 21:52:16 2011 <258812961651354> 0a0a 0a0a e53e 0000 .....>..
Thu Jan 27 21:52:16 2011 <258812961651354> Local Port of the socket is 63872
Thu Jan 27 21:52:16 2011 <258812961651354> Remote Host 10.10.10.10 Remote Port 16101
Thu Jan 27 21:52:16 2011 <258812961651354> general list: created a new connection to '10.10.10.10'/16101 for '/irm_desktop', Local port:63872
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: GetSessionCallback: No session match found
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: SSL certificate chain validation failed: 3015
Thu Jan 27 21:52:16 2011 <258812961651354> trusted certs = 0
Thu Jan 27 21:52:16 2011 <258812961651354> dumping cert chain
Thu Jan 27 21:52:16 2011 <258812961651354> commonName is uat.sealedinfo.com
Thu Jan 27 21:52:16 2011 <258812961648171> WARN: DeleteSessionCallback: No match found!!
Thu Jan 27 21:52:16 2011 <258812961651354> ERROR: SSLWrite failed
Thu Jan 27 21:52:16 2011 <258812961651354> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
Thu Jan 27 21:52:16 2011 <258812961651354> Marking 10.10.10.10:16101 as bad
Thu Jan 27 21:52:16 2011 <258812961651354> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 794 of ../nsapi/URL.cpp]: at line 3094
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Closing SSL context
Thu Jan 27 21:52:16 2011 <258812961651354> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Jan 27 21:52:16 2011 <258812961651354> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Jan 27 21:52:16 2011 <258812961651354> request [irm_desktop] did NOT process successfully..................

I see that it is six months ago that I first posted this. Nothing has changed. When I use affixa to create a message with an attachment from my gmail account in firefox, the message is created in drafts, but the gmail window is closed and I have to re-open it. Not critical, but annoying.
Now there is a plug-in on the affixa site that is supposed to be designed for Firefox, and which affixa support claims should take care of this. And I've downloaded it twice. When you download it and open it, it says that it will be installed when Firefox restarts, and gives you a button to restart Firefox. But after you click that button and firefox disappears and re-appears, the affixa plug-in is NOT in the plugin list.
Please, somebody, HELP.

Problem with SSL

I have created a java application that communicates with a Server via HTTPS.
I use both jdk and jre 1.5
I know this has somthing to do with Certificates and Storing them
But i dont know exactly what to do.
Can Som1 pls help me
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
     at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
     at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
     at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
     at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
     at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
     at lk.informatics.infopro.connector.command.AptiloHTTPCommand.httpPost(AptiloHTTPCommand.java:106)
     at lk.informatics.infopro.connector.command.AptiloHTTPCommand.performTask(AptiloHTTPCommand.java:134)
     at lk.informatics.infopro.connector.SimpleRMIImpl.performTask(SimpleRMIImpl.java:112)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
     at sun.rmi.transport.Transport$1.run(Transport.java:153)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
     at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
     at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
     at java.lang.Thread.run(Thread.java:595)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
     at sun.security.validator.Validator.validate(Validator.java:203)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
     at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
     ... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
     ... 35 more

The problem that i had was that my application was unable to find a valid certificate that proved that the site can be trusted.
What you need to do is to tell the application that the site can be trusted and point it to a certificate that proves the site that you want to communicate with is a valid one.
If the application cannot find a proper certificate then it results in a failed SSL handshake.
What you must do is save the certificate provided by the site you wish to communicate and point the application to it. Done in 3 steps
1.     Save the certificate provided by the end site on the as a .cer file
     eg:- theSite.cer
     This can be done via IE or Mozilla (Has not been tested with Mozilla yet)
To do this open the site on your browser, When the browser asks if you
wish to accept the certificate provided by the site view the certificate and
save it.
2.     Create a keyStore and add the saved certificate to it. Use the java "keytool" command in the command prompt to achive this
     keytool -import -alias ALIAS -file CERTIFICATE.cer -keystore KEY_STORE_NAME
     eg:-
     keytool -import -alias test -file theSite.cer -keystore TS
3.     In you application make sure that you specify where to look for the Trusted Key Store in.
     System.setProperty("javax.net.ssl.trustStore", "TRUST_STORE_NAME");
     System.setProperty("javax.net.ssl.trustStorePassword", "TRUST_STORE_PASSWORD");
     eg:-
     System.setProperty("javax.net.ssl.trustStore", "C:\\Key_Store\\TS");
     System.setProperty("javax.net.ssl.trustStorePassword", "XXX");
     ALT: you can also specify the above values on the java execution command as
-Djavax.net.ssl.trustStore=C:\Key_Store\TS -Djavax.net.ssl.trustStorePassword=XXX
-Djavax.net.debug=all
Can be used to view all debug information.
Simply put we save the sites certificate in step 1. create a new KeyStore and and save the certificate in it in step 2 and show the application where to look for the valid certificate by pointing it to the proper keyStore in step 3.
Note that you can save multiple certificates on the same keyStore.
If you have any problems with this let me know

Problem with SSL Activated on SSO Login

Hi Guys,
One of my applications has recently hit a few problems when SSL was activated on several environments. My application requires you to login using a SSO username and password before you can use the application. Before SSL was implemented, when you pressed the main menu button the page would redirect to the login server and the SSO login would remember your details and log you in again and then take you to the 1st page with a new session id. However, with SSL implemented, when the main menu button is pressed it redirects you to the login server but this time it asks you to enter your username and password. This is a problem as every time authentication is required on my application, it will keep telling you to login even if you have already done so before.
For extra information, the main menu button (which is a navigation bar entry) redirects you to a piece of javascript which is used to take you back to the 1st page depending on what page you are on.
I am also using the latest version of APEX.
Any help is much appreciated as I am not sure where to go with this problem.
Also is it a problem with the SSL setup or my application?
Thanks
-Mark

I have tried to pass the cookie through the URL to the login server but this does nothing.I can't imagine what you mean by that or what exactly you did.
it just takes me to the login page and resets the session id after i have logged in again!What do you mean by "reset"?
How can I make cookies be accepted by SSL?Have you constructed an experiment to prove that this is the problem?
Is there something i can put in the application itself?Definitely not.
Scott

Windows Server 2003 and problem with SSL connection (TLS)

Hi,
We are forcing a problem with SLL/TLS connection on a machine Windows Server 2003 SP2.
We spent hours trying to solve it without any result.
SYMPTOMS
No SSL connection can be established in any application since last year, e.g.:
we cannot do any windows update, because there is a time verification over SSL on the windows update website (there is an error that the time is incorrect while it is up-to-date)
we cannot open any website in Internet Explorer over https
when we try to connect to the SQL Server (database SQL 2008 hosted on the same server) with Management Studio it fails with an error: "A connection
was successfully established with the server, but then an error occurred during the pre-login handshake.(provider: SSL Provider, error: 0 - Could not
contact LSA)(Microsoft SQL Server)"
in a custom applications which sends requests over https we receive an error: "Could not establish trust relationship for SSL/TLS secure channel"
Everything seems to point at some SSL problem somewhere deep inside Windows.
We installed several patches, but without any result.
Can anybody help?
Regards,
Dawid

Hi, thanks for answers,
- In IE both SSL2.0 and TLS1.0 are checked. We tried to disable TLS1.0 - with no results.
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel both SSL2.0
and TLS1.0 are enabled. We also tried to dislable TLS1.0 on the Client side - with no resuts.
- In
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL EventLogging is set to 3, so it should log warnings
and errors. But we cannot find any related logs in EventLog
Unfortunately we are still in the same place.

[solved]partially working network, problems with ssl and irc

Hi,
for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
My rc.conf looks like this:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
# in the hardware clock being left untouched (useful for virtualization)
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="de_DE.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Europe/Berlin"
KEYMAP="de"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="horst-lp"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
eth0="dhcp"
# Wireless: See network profiles below
#Static IP example
#eth0="dhcp"
eth0="dhcp"
INTERFACES=(!eth0 !eth1 !wlan0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
thx for reading
e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
Last edited by dt (2009-11-07 09:02:46)

Hi,
for a weird reason I can't access any websites with https anymore nor can i connect to any irc servers with irssi and connection attempts with ssh time out. The system is up2date and I am using kdemod as DE.
My rc.conf looks like this:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime", any other value will result
# in the hardware clock being left untouched (useful for virtualization)
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="de_DE.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Europe/Berlin"
KEYMAP="de"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(!b44 !mii !ipw2200 !libipw !ac97_bus !snd-mixer-oss !snd-pcm-oss !snd-page-alloc !snd-pcm !snd-timer !snd !snd-ac97-codec !snd-intel8x0 !snd-intel8x0m !soundcore b44 mii ipw2200 libipw ac97_bus snd-mixer-oss snd-pcm-oss snd-page-alloc snd-pcm snd-timer snd snd-ac97-codec snd-intel8x0 snd-intel8x0m soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="horst-lp"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
eth0="dhcp"
# Wireless: See network profiles below
#Static IP example
#eth0="dhcp"
eth0="dhcp"
INTERFACES=(!eth0 !eth1 !wlan0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng hal !network networkmanager avahi-daemon avahi-dnsconfd alsa cdemud kdm samba mpd lighttpd)
Earlier I had some problems with not resolving addresses, which I somehow got rid of. At the time I blamed my isp.
Perhaps something broke when I had a program running in wine to play with a car too and I had to switch the laptop off bc it didn't want to react anymore.
thx for reading
e: I don't know why, but it worked when I started Arch this morning.. while it didn't yesterday although everything worked correctly on my other PCs.
Last edited by dt (2009-11-07 09:02:46)

Strange problem with SSL Sockets using more than 10 Clients

Hi
I�m using Jsse ( JDK 1.4.2_06 ). I have coded a Client/Server Applikation acting over SSLSockets or over unsecured Sockets. If I use unsecured Sockets everthing works fine, but if I use SSLSockets for the Connection and about 20 Clients, the Clients often can�t connect to the Server and the following Exception was thrown:
java.net.ConnectException: Connection refused: connect
Could it be that there is some strange problem with SSLServerSockets relating to this phenomenon?
If I use only a few Clients the Exception occurs never or only sometimes.
Has anyboby an idea what is happaning there?
Regards Chrisli

Hi
From the description of your scenario, you have coded your own server side of the application. I would advise that you consider moving your application to run under Tomcat framework and test if you still get the same exception.

Problems with SSL using Apache proxy

I'm trying to use Apache+mod_ssl+openssl on linux RedHat 6.2 and mod_wl_ssl from WLS 5.1+SP5. Setting PathTrim in httpd.conf I'm able to send http request
to WebLogic Cluster located on outside machines. However, https requests don't work and I receive the following messages in httpd's error_log
[Fri Sep 1 13:44:01 2000] [notice] Apache/1.3.12 (Unix) mod_ssl/2.6.6 OpenSSL/0.9.5a configured -- resuming normal operations
[Fri Sep 1 13:44:28 2000] [notice] child pid 12329 exit signal Segmentation fault (11) Do you receive the same message in error_log
Any help you can provide will be appreciated.
Enrico

My client (Netscape browser) are making SSL connection to Apache.
I would use SSL3 from client to Apache then read the client certificate from
WebLogic (in back-end) servlet to check the user's attribute from ldap
server. Could you tell me if there is some example of keeping client
certificate from front-end web server to WebLogic servlet?
Thanks,
Enrico
Michael Girdley <[email protected]> wrote in message
[email protected]..
>
>
You're making SSL connections from Apache to WebLogic? Or your clientsare
making SSL connections to Apache?
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"enrico notariale" <[email protected]> wrote in message
news:39b5fa6f$[email protected]..
I'm trying to use Apache+mod_ssl+openssl on linux RedHat 6.2 andmod_wl_ssl from WLS 5.1+SP5. Setting PathTrim in httpd.conf I'm able tosend
http request
to WebLogic Cluster located on outside machines. However, https
requests
don't work and I receive the following messages in httpd's error_log
[Fri Sep 1 13:44:01 2000] [notice] Apache/1.3.12 (Unix) mod_ssl/2.6.6OpenSSL/0.9.5a configured -- resuming normal operations
[Fri Sep 1 13:44:28 2000] [notice] child pid 12329 exit signalSegmentation fault (11) Do you receive the same message in error_log
Any help you can provide will be appreciated.
Enrico

Problem with SSL and IAS 9.0.4.3.0

Hi,
I want to use SSL for my own webservice, but when I enabled SSL for my AS then I can't use my Forms-Applikation.
I use a new installed Applikation Server Version 9.0.4.3.0 (Forms/Reports) on SLES 9 and the webservice is in a new OC4J-Container.
Without SSL is everything fine.
But when I made the changes to use SSL then I can use my Webservice with or without SSL, but I can't start the Test-Form-Mask (test.fmx) from the AS.
In the Java-Console I see the following:
oracle.forms.net.ConnectionException: 500
     at oracle.forms.net.ConnectionException.createConnectionException(Unknown Source)
     at oracle.forms.net.HTTPNStream.getResponse(Unknown Source)
     at oracle.forms.net.HTTPNStream.doFlush(Unknown Source)
     at oracle.forms.net.HTTPNStream.flush(Unknown Source)
     at java.io.DataOutputStream.flush(Unknown Source)
     at oracle.forms.net.HTTPConnection.connect(Unknown Source)
     at oracle.forms.engine.FormsDispatcher.initConnection(Unknown Source)
     at oracle.forms.engine.FormsDispatcher.init(Unknown Source)
     at oracle.forms.engine.Runform.initConnection(Unknown Source)
     at oracle.forms.engine.Runform.startRunform(Unknown Source)
     at oracle.forms.engine.Main.createRunform(Unknown Source)
     at oracle.forms.engine.Main.start(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
And in the error log from the Apache I see the following:
[Mon Nov 5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561304,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/registry/default.dat
[Mon Nov 5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561477,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/engine/RunformBundle_de_DE.class
[Mon Nov 5 17:45:47 2007] [error] [client 127.0.0.2] [ecid: 84777561497,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/forms/engine/RunformBundle_de_DE.properties
[Mon Nov 5 17:45:52 2007] [error] [client 127.0.0.2] [ecid: 76187632590,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/ewt/alert/resource/AlertBundle_de_DE.class
[Mon Nov 5 17:45:53 2007] [error] [client 127.0.0.2] [ecid: 76187632640,1] File does not exist: /opt/oracle/product/ias904/forms90/java/oracle/ewt/alert/resource/AlertBundle_de_DE.properties
[Mon Nov 5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0095: mod_oc4j's SSL is enabled for communication with oc4j, but the oc4j process it gets has a non-SSL port. Possibly a configuration problem.
[Mon Nov 5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0119: Failed to get an oc4j process for destination: home
[Mon Nov 5 17:46:39 2007] [error] [client 127.0.0.2] [ecid: 1194281199:127.0.0.2:31638:0:36,0] MOD_OC4J_0013: Failed to call destination: home's service() to service the request.
I think the first 5 messages are not so important, but I don't know what the last 3 messages mean.
I can't find any mistakes in my configuration. I have tested it with the SUN-Java Plug-In and with the JIinitator, but is the same result.
Have someone a hint for me or better idea to use SSL with a webservice?
Thanks in advance.
Knut

I configured the HTTP-Server and the OC4J-Containers for Forms and my webservice for SSL.
But for Forms I don't need SSL, only for the webservices.
In the meantime I tested SSL with IAS 10.1.2.0.2 and there is the same problem.
I think the last 3 messages come from Web Cache, because everytime when I try to test whether the Web Cache is working these messages shown in the error log from Apache.
Sometimes are the following messages in the error log of the Apache:
[Tue Nov 6 16:07:58 2007] [warn] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0184: Failed to find an oc4j process for destination: OC4J_BI_Forms
[Tue Nov 6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0145: There is no oc4j process (for destination: OC4J_BI_Forms) available to service request.
[Tue Nov 6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0119: Failed to get an oc4j process for destination: OC4J_BI_Forms
[Tue Nov 6 16:07:58 2007] [error] [client 127.0.0.2] [ecid: 89154992130,1] MOD_OC4J_0013: Failed to call destination: OC4J_BI_Forms's service() to service the request.
But I can not figure out when these messages are written
Message was edited by:
Melman

Problem with SSL socket(SSLSocketFactoryImpl.createSocket())

Hello,
I'm trying to create a ssl socket but I get an exception, I really don't know why. I have alredy include the certificate via keytool to my jdk. And I'm able to get html header with URLConnection with the code below
import java.net.URL;
import java.net.URLConnection;
public class testClass {
     public static void main(String[] args) throws Exception {
          try{
               URL url = new URL("https://ippbx1:8443/axl/");
               String userPassword = "****" + ":" + "****";
               String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
               URLConnection c = url.openConnection();
               c.setRequestProperty("Authorization", "Basic " + encoding);
               for (int i=0; ; i++)
                    String name = c.getHeaderFieldKey(i);
                    String value = c.getHeaderField(i);
                    if (name == null && value == null)     // end of headers
                         break;
                    if (name == null)     // first line of headers
                         System.out.println("Server HTTP version, Response code:");
                         System.out.println(value);
                         System.out.print("\n");
                    else
                         System.out.println(name + "=" + value);
          catch (Exception e) {}
}and I get the following result :
Server HTTP version, Response code:
HTTP/1.1 200 OK
Server=Apache-Coyote/1.1
Pragma=No-cache
Cache-Control=no-cache
Expires=Thu, 01 Jan 1970 01:00:00 CET
Set-Cookie=JSESSIONIDSSO=77670D5480DAD295C6519E812F9FED64; Path=/
Set-Cookie=JSESSIONID=B71BDB730FA5B3B431D3B16C41E190E3; Path=/axl; Secure
Content-Type=text/html;charset=ISO-8859-1
Content-Length=233
Date=Wed, 10 Jun 2009 15:17:10 GMTBut when I try to make a socket :
import java.io.*;
import java.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
public class axlforward {
     public static void main(String[] args) {
String address = "https://ippbx1:8443/axl/";
          int portnum = 8443;
try
               SocketFactory socketFactory = SSLSocketFactory.getDefault();
               Socket socket = socketFactory.createSocket(address, portnum);
} catch (Exception e) {e.printStackTrace();} I get the following
java.net.UnknownHostException: https://ippbx1/axl/
     at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
     at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
     at java.net.Socket.connect(Socket.java:519)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:550)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:353)
     at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:71)
     at axlforward.main(axlforward.java:89)I have a VB program that connects to the socket(with Inet1.Protocol = icHTTPS and Inet1.Execute strURL, "Post", strFormData, strFormHdr methods) and do what I want but I need to do it in Java but I'm not able to find the error.
the server socket is a Cisco callManager Service(AXL Web Service) which receives and html+SOAP request and sends back an xml response and this server socket is running correctly with no problem.
Thanks for your help.

Jdevelopper8709 wrote:
Thanks for your reply.
I now can access to my socket and get the information I want with:
SocketFactory socketFactory = SSLSocketFactory.getDefault();
               socket = (SSLSocket) socketFactory.createSocket("ippbx1", 8443);In fact the problem was a username/password issue.
Thanks.I quote from reply #1 "The address is just "ippbx1" and not "https://ippbx1:8443/axl/". The protocol is not part of the IP address.".

Problem with ssl and tomcat

Hi to all, I'm trying to do ssl in a intranet. I have tomcat 4.1 and JDK 4.1_02. I have following all steps thats indicate the tomcat ssl documentation, I have copied the jcert.jar jnet.jar and jsse.jar to the directorie jre\lib\ext I have generated the keystore and verisign have sent me the keys. I have modified the server.xml where I have put the new port and the factory tag but I cannot see a page through https.
I have port 8080 that redirects to 8443, which have the scheme=https.
if I put http:\\localhost:8080 appear the tomcat home page.
if I put https:\\localhost:8443 not appear nothing.
if I put http:\\localhost:8443 not appear error but don't show nothing.
I have seen the log of tomcat and appear an exception:
org.apache.commons.digester.Digester error
Parse Error al line 89 column 11: the content element type "web-app" must match (icon?,display-name?....
this exception don't appear previously,it seems that is a problem of xerces.
Any idea or help it is welcome.
THANKS.

Obviously you have a syntax error in your one of your .xml files. Most likely in either the global web.xml or the application specific one.

Apache/Jserv Config Problem with JSP

Problem: Any JSP that contains a bean reference is not being loaded correctly.
The first thing I did was to create a softlink from the ".../Apache/Apache/htdocs" directory to
the directory which contains my *.html and *.jsp files (as instructed in the httpd.conf file).
Then, I followed the instructions on page A-9 of "OracleJSP Developer's Guide and
Reference, Release 1.1.0.0.0". They instruct you to add a wrapper.classpath entry into
jserv.properties that points at your directory that contains the .class files for your bean
classes. I did this too.
I then attempted to load my JSP file from the browser URL entry line. If my JSP does not contain
a reference to a bean, then the page loads fine. If it contains a reference to a bean, then I
get the following message:
Request URI:/webdocs/vps/hellouser/hellouser.jsp
Exception:
oracle.jsp.parse.JspParseException: Line # 4, Error: Unable to find class for bean: myBean defined
by tag with class: hello.NameHandler
I cannot for the life of me get Apache to look in one directory for the .jsp file and another for
the .class file(s). Any suggestions would be greatly appreciated!
MORE BACKGROUND:
If it matters..... My first venture was servlets and I've managed to workt that just fine: I
successfully modified "jserv.conf" to add a mount point (ApJServMount) for my new servlet zone
which I have specified in "jserv.properties". I have also created an associated properties file
for my new servlet zone. I've tested this configuration and all works fine for servlets, just not
JSP.
Once again, thanks in advance for any help regarding a solution to this problem!!!
Dave

Problem: Any JSP that contains a bean reference is not being loaded correctly.
The first thing I did was to create a softlink from the ".../Apache/Apache/htdocs" directory to
the directory which contains my *.html and *.jsp files (as instructed in the httpd.conf file).
Then, I followed the instructions on page A-9 of "OracleJSP Developer's Guide and
Reference, Release 1.1.0.0.0". They instruct you to add a wrapper.classpath entry into
jserv.properties that points at your directory that contains the .class files for your bean
classes. I did this too.
I then attempted to load my JSP file from the browser URL entry line. If my JSP does not contain
a reference to a bean, then the page loads fine. If it contains a reference to a bean, then I
get the following message:
Request URI:/webdocs/vps/hellouser/hellouser.jsp
Exception:
oracle.jsp.parse.JspParseException: Line # 4, Error: Unable to find class for bean: myBean defined
by tag with class: hello.NameHandler
I cannot for the life of me get Apache to look in one directory for the .jsp file and another for
the .class file(s). Any suggestions would be greatly appreciated!
MORE BACKGROUND:
If it matters..... My first venture was servlets and I've managed to workt that just fine: I
successfully modified "jserv.conf" to add a mount point (ApJServMount) for my new servlet zone
which I have specified in "jserv.properties". I have also created an associated properties file
for my new servlet zone. I've tested this configuration and all works fine for servlets, just not
JSP.
Once again, thanks in advance for any help regarding a solution to this problem!!!
Dave

Apache 2.4 problem with SSL

Similar Messages

Maybe you are looking for