Assurance SSL cerificate installing

Hello!
How can I install SSL certificate to Prime Assurance? Guide offers to use bash script, I've done it, but nothing to do. CUCM nodes still have Inaccessible state with SSL certificate error, either the certificate is expired or not imported status reason.
What should be happen in installing process?
Thanks!
Best regards, Ilya

I've got it, I've downloaded certificates with certificate name tomcat-trust and with certificate type trust-certs with .pem extention, by openssl utility I've converted them to files with .cer extention and run bash script. Log has Certificate was added to keystore message.

Similar Messages

SSL certificate installed in Apache - determine browser's encryption

Hi all,
I have Apache Web Server and WebLogic6.1 Application Server. The two are
connected by a plugin. All my web pages are installed in the Application
server, ie. in WebLogic. I am using Apache Web Server just to direct the
client requests to WebLogic Application Server.
I have installed 128 bit SSL in the Apache Web Server, and left WebLogic as
is with its default SSL encryption.
My question is, is it possible to determine whether the client's browser has
128 bit encryption or not, using servlets that reside in WebLogic
Application Server? If yes, how?
Thanks in advance,
Regards,
Jaya

Hi,
Thanks for your mail. The browserhawk is really a good software, but my
purpose is to determine the browser settings from servlet, so that I can
inform the user to upgrade his/her browser from 40 bit encryption to 128 bit
encryption.
Thanks,
Jaya
"Utpal" <[email protected]> wrote in message
news:[email protected]..
My question is, is it possible to determine whether the client's browserhas
128 bit encryption or not, using servlets that reside in WebLogic
Application Server? If yes, how?
Have you tried http://www.cyscape.com/products/bhawk/javabean.asp .
On the top right click on the [more] , it will run a browser test foryou.
I hope that halps.
-utpal
"Vikor" <[email protected]> wrote in message
news:[email protected]..
Hi all,
I have Apache Web Server and WebLogic6.1 Application Server. The two are
connected by a plugin. All my web pages are installed in the Application
server, ie. in WebLogic. I am using Apache Web Server just to direct the
client requests to WebLogic Application Server.
I have installed 128 bit SSL in the Apache Web Server, and left WebLogicas
is with its default SSL encryption.
My question is, is it possible to determine whether the client's browserhas
128 bit encryption or not, using servlets that reside in WebLogic
Application Server? If yes, how?
Thanks in advance,
Regards,
Jaya

SSL Certificate Install Problem

To all Sun App Server Gurus,
I face a major challenge trying to install an SSL certificate on our Application Server.
The Manage Database was successful.
I filled out the certificate request form in the Security > Certificate Management > Request section and forwared the information / CSR to the CA.
The certificate is issued and validated by our CA.
I follow the steps according the documentation to import the certificate.
I specify the following to import the certificate
1) Certificate for : o This Server
2) Cryptographic Module: internal
3) Key Pair File Password: **************
4) Message Text (with headers):
-----BEGIN CERTIFICATE-----
U0UgT05MWSAtIE5PIFdBUlJBTlRZIEFUVEFDSE.....
-----END CERTIFICATE-----
5) Click OK
The next screen shows the certificate information which are correct as well.
After pressing "Add Server Certificate" it take about 20 seconds until I receive a pop error message. It says: "Incorrect Useage: No Private Key. The server could not find the private key associated with this certificate."
After I click OK the Admin GUI displays the following error in the browser: "Not Found
The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. "
Security > General
Log Level: finest
Audit Logging Enabled: unchecked
Default Realm: file
Anonymous Roule: ANYONE
In the admin server log I get the following entry:
WARNING ( 1182): for host x.x.x.x trying to GET /instance-server1/admin/bin/(null), cgi_start_exec reports: HTTP4049: cannot find CGI program /opt/SUNWappserver7/lib/admincgi/(null) (File not found)
I checked the directories and they all exist and the admincgi even has files included. I don't know which one should be missing.
I also reinstalled the App Server twice so far and used the default options.
If anyone could please help me with this that would be extremly helpful.
Thank you.
Regards,
Martin

try converting your key from der2pem using
java utils.der2pem {keyfile in der} {keyfile out in pem}
thanks
kiran
"eraldo" <[email protected]> wrote in message
news:[email protected]..
hi,
I tried to install SSL certicate on a Weblogic 6.1 SP3 (running on a
Solaris 8). Following the post 5457 (found in your newsgroup) I made
this steps:
- I generated CSR using web application /certificate
- I sent CSR to Entrust.com obtaining a certicate and a chain
certificate
- I configured the server under "Configuration - SSL" with following
parameters:
- Enabled = true
- Listen port = 8002
- Server Key File Name = <path to private key ".der" file>
- Server Certificate File Name = <path to Entrust CRT ".pem" file>
- Server Certificate Chain File Name = <path to Entrust CA ".pem"
file>
- Key Encrypted = true
- I changed startWebLogic.sh:
- added "-Dweblogic.management.pkpassword=<my_pwd>" to JAVA command
line
Launchin' the script I got the following exception:
<Nov 22, 2002 2:34:44 PM GMT-01:00> <Alert> <WebLogicServer> <Security
configuration problem with ce
rtificate file config/sdfdomain/H3MIS097_H3G_IT-key.der,
java.io.IOException: weblogic.security.Ciph
erException: Invalid padding length 48>
java.io.IOException: weblogic.security.CipherException: Invalid
padding length 48
atweblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
atweblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1097)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:490)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:206)
at weblogic.Server.main(Server.java:35)
Any idea?
Thanks in advance,
Eraldo

How to authenticate BPEL process to a PL with Client SSL Cerificate

Hi,
I need to invoke a partner link which requires authentication with Client SSL certificate. So, here is the use case:
- The PL's endpoint is https://some.server.com/web_service;
- I have a client SSL certificate supplied by the web service provider in the form of PKCS12 (PFX) file. I should use this certificate for authentication.
I read carefully the BPEL Administration Guide, the part about SSL authentication (http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#CHDHIBEG), but in this guide is described how outer services can be authenticated by the BPEL Process Manager with client SSL certificates, not the vice versa.
So, I completed the following tasks:
- I imported the server certificate of https://some.server.com/web_service into $ORACLE_HOME/jdk/jre/lib/security/cacerts file;
- since I didn't find a way to import the client certificate as a PFX file, I converted it PEM file, using OpenSSL utilities and manage to import in cacerts client certificate's public key, but not the private key. Of course this didn't help me in any way to get authenticated.
I would appreciate any help on this topic!
Thank you!
Simeon

i get this action plan and works for me...
1. Download the new Client Certificate.
2. Convert the Client PFX to JKS as per:
http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores
3. Using firefox go to the WSDL site:
* Add the exception, if Firefox ask for it.
* Import the server certificate to Firefox following the instructions displayed
4. Once you imported the certificate on Firefox, go to:
* Tools -> Options
* Select Advanced and click on "Encryption" tab
* Click on View Certificates
* Go to the Servers tab
* Select the "servercfa" and click on "Export"
* Save the certificate adding the .cer extention to the name.
* Ensure that you select in Save as Type "X.509 Certificate with Chain (PEM)"
5. Import using keytool the exported certificate from step 4 to the JKS obtained in step
2:
* i.e: keytool -import -alias servercert -file servercfa.crt -keystore client.jks -storepass welcome1
6. Add both keyStore and trustStore properties to the jdev.conf pointing to the same JKS :
AddVMOption -Djavax.net.ssl.keyStore=C:\jdevstudio10133\jdk\jre\lib\security\client.jks
AddVMOption -Djavax.net.ssl.keyStorePassword=welcome1
AddVMOption -Djavax.net.ssl.keyStoreType=JKS
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
AddVMOption -Djavax.net.ssl.trustStore=C:\jdevstudio10133\jdk\jre\lib\security\client.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1
7. Open Jdev and retest the issue.
Tocarli.

BI Scheduler error after SSL

Hi,
I am unable to schedule the reports after implementing SSL in OBIEE 11.1.1.6.2
I get the below error. when ever i try to save the agent.
The following error occurred: Oracle BI Scheduler Error: Error Message From BI Security Service: [nQSError: 12002] Socket communication error at call=SSL_connect: (Number=1) error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[nQSError: 46119] Failed to open HTTP connection to server 167.83.84.82 at port 9814.
[nQSError: 68021] Message from Oracle BI Scheduler.
Please let me know if there is any confugration that needs to be done to BI scheduler after implemeting SSL
please help me
Thanks.

Hi,
please make sure SSL Cerificate installed properly...i just implemented step by step..refer my document with screen short.
Are you using Custom SSL Cerificate or Oracle Demo? if your using custom certicate just check with u r SSL Admin (CA, port expire date..etc)
Step by step word document
http://obieedue.blogspot.sg/2012/08/obiee11g-ssl-setup-and-configuration.html
Thanks
Deva

Installing a new SSL Certificate to Exchange

Hi,
We have a Windows Server 2008 R2 machine running Exchange 2010 (sorry, there wasn't an option for a 2010 forum). As a company which handles payments, we need to be PCI DSS registered and the scan has picked up a failing point being we don't have
an SSL Certificate installed. I have purchased one via GoDaddy and followed the instructions on their site to install it, however the PCI DSS scan is still failing because of the following reason:-
"The following certificate was at the top of the certificate chain sent by the remote host, but is signed by an unknown certificate authority."
The certificate at the top of the chain is the 'built-in' default certificate. How do I promote the installed GoDaddy certificate to the top of the chain?
Thanks

Hi,
Please refer to this similar thread.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/e80a77f8-4f88-439e-85dd-76463c7a69d3/certification-authority?forum=winserversecurity
And try to Save your root CA(s) public certificate in PEM format into a text file to PCI DSS scanner.
Hope this will be helpful for you.

Problems installing SSL certificates for more than one alias on iMS 5.2

I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
Environment: Full 420R, Solaris 8, iMS5.2
Thanks in advice

Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

IOS SSL VPN problem

I am implementing a SSL VPN with IOS version 12.4(13r)T5 on a 2801 but when I try to connect to the tunnel mode with the latest svc (anyconnect-win-2.2.0133-web-deploy-k9.exe) with https://1.2.3.4/tunnel the ssl vpn client can't connect.
The error on the router is:
Jun 5 16:07:55.755: WV: Appl. processing Failed : 2
Jun 5 16:07:55.755: WV: server side not ready to send.
The following is the configuration:
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group vpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context vpn1
ssl authenticate verify all
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
policy group vpn1
url-list "eng"
default-group-policy vpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context vpn2
ssl authenticate verify all
policy group vpn2tunnel
functions svc-enabled
svc address-pool "WEBVPN"
svc split include 10.0.0.2 255.255.255.255
default-group-policy vpn2tunnel
gateway ISR2801-RM domain tunnel
inservice

Thanks for the reply !!!!
the configation is the following:
interface Ethernet 0
ip address 10.0.0.128 255.255.255.0
ip http secure-server
ip local pool WEBVPN 10.0.0.140 10.0.0.150 group policy-sslvpn2
webvpn gateway ISR2801-RM
hostname ISR2801-RM
ip address 1.2.3.4 port 443
ssl trustpoint TP-self-signed-50153718
ssl encryption aes-sha1
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context context-sslvpn1
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn1/
url-list "eng"
url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"
nbns-list cifs-servers
nbns-server 172.16.1.1 master
nbns-server 172.16.2.2 timeout 10 retries 5
nbns-server 172.16.3.3 timeout 10 retries 5
login-message "UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access this device. All activities performed on
this device are logged and violations of this policy may result in disciplinary action."
port-forward "portlist"
local-port 30019 remote-server ssh-server remote-port 22 description SSH
local-port 30020 remote-server mailserver remote-port 143 description IMAP
local-port 30021 remote-server mailserver remote-port 110 description POP3
local-port 30022 remote-server mailserver remote-port 25 description SMTP
policy group policy-sslvpn1
url-list "eng"
port-forward "portlist"
nbns-list "cifs-servers"
functions file-access
functions file-browse
functions file-entry
citrix enabled
default-group-policy policy-sslvpn1
gateway ISR2801-RM domain clientless
inservice
webvpn context context-sslvpn2
ssl authenticate verify all
user-profile location flash:webvpn/sslvpn/context-sslvpn2/
policy group policy-sslvpn2
functions svc-enabled
svc address-pool "WEBVPN"
svc keep-client-installed
svc dpd-interval gateway 30
svc dpd-interval client 300
svc rekey method new-tunnel
svc rekey time 3600
svc split include 10.0.0.0 255.255.255.0
svc default-domain cisco.com
svc dns-server primary 192.168.3.1
svc dns-server secondary 192.168.4.1
default-group-policy policy-sslvpn2
gateway ISR2801-RM domain tunnel
inservice
ISR2801-RM#show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
2,2,0133
Mon 05/19/2008 12:58:52.34 v
ISR2801-RM#
WHEN I TRY TO CONNECT TO THE SSL CONTEXT 2 with a client
https://1.2.3.4/tunnel
* the ssl client installed on the pc tell me can't connect.
* on the router the log:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283:
Jun 6 10:28:08.283: WV: Entering APPL with Context: 0x6AA85130,
Data buffer(buffer: 0x6C4B4280, data: 0xF5C043D8, len: 560,
offset: 0, domain: 0)
Jun 6 10:28:08.283: CONNECT /CSCOSSLC/tunnel HTTP/1.1
Jun 6 10:28:08.283: Host: host4-234-static.105-80-b.business.telecomitalia.it
Jun 6 10:28:08.283: User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133
Jun 6 10:28:08.283: Cookie: webvpn=00@1566900393@00025@3421729574@3982902438@context-sslvpn2
Jun 6 10:28:08.287: X-CSTP-Version: 1
Jun 6 10:28:08.287: X-CSTP-Hostname: telefonicadata
Jun 6 10:28:08.287: X-CSTP-Accept-Encoding: deflate;q=1.0
Jun 6 10:28:08.287: X-CSTP-MTU: 1406
Jun 6 10:28:08.287: X-CSTP-Address-Type: IPv6,IPv4
Jun 6 10:28:08.287: X-DTLS-Master-Secret: 27EA2210E377A9E039E458FA604F523C69BEB2BF8D9B40334F72C9F424B83EE26C6D5D57D0F84419DC7A1139D3F08EE9
Jun 6 10:28:08.287: X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
Jun 6 10:28:08.287:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291:
Jun 6 10:28:08.291: WV: Appl. processing Failed : 2
Jun 6 10:28:08.291: WV: server side not ready to send.
SSLVPN sock pid 182 sid 161: closing

SSL error happened while calling a web service on a managed oc4j instance

While calling a webservice, I got SSL Error: Unrecognized SSL message, plaintext connection? The webservice is deployed on a managed oc4j which is created on a 10.1.3.4 oracle application server. We have SSL certificate installed for http server.
Any ideas?
Thanks!

Hello,
The error is stating there isn't a descriptor for the Agent class the app is trying to execute a query on. This could be due to improper mappings, but assuming Agent is mapped, is more likely due to a classloader issue. TopLink uses the classloader at login to initialize the descriptors and hash them on the Class objects. If the application uses a different classloader, descriptors will not be found for classes loaded from the new classloader. How are you obtaining sessions, and where is the session being used?
Best Regards,
Chris

Web Service over SSL hangs if sent data size exceeds around 12Kb

Hi,
I have a Web Service running on a WebLogic Server 10.3. One of its purposes is to send and receive documents over a one-way SSL connection. The service runs fine if the documents are smaller than around 12Kb, however if its larger than that, the service simply hangs. From SSL debug information it looks like some data is sent but afterwards it simply stops. When testing the Web Service without SSL it works fine, which points to an SSL issue. Also, surprisingly, when it receives documents over the SSL, it also works fine. I assumed there is a parameter that limits the size of the POST message sent over SSL, however all the parameters that I found, that could do that, were already set to unlimited.

We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.

Exchange 2013 CU5 fresh install suffering issues with services not starting and coexistence with 2007

Hi everyone,
Hope you can help me out on a couple of issues I've been experiencing during the initial stages of a project to upgrade an on premise Exchange 2007 to 2013.
On Monday last week I installed the first Exchange 2013 server into the network after a few weeks of careful planning, information gathering and remediation of our current Exchange 2007 environment and associated systems.
The server itself has been having some issues from the word go, some of which I've resolved but none that are show stoppers but I want to get them resolved before building more servers and setting up the planned 2 x 2 node DAG's
The main problems are as follows:
There's usually one service that does not start following an OS restart and it's not always the same service. So far I've seen the following not start: DAG Management, Migration Workflow, Anti-spam Update, Unified Messaging, UM Call Router, Transport
Service.
The critical system event log entries are complaining of timeouts when the services are starting up but I can't imagine that the servers boot time is too long... It's a 2 vCPU/12Gb vRAM VM, Windows 2012 R2
I receive an error in the Event Log regarding RPC over HTTP Proxy
to one of the 2007 CAS servers (not our primary one). The first error was because the Windows Component was missing but since installing it, disabling Outlook Anywhere, reenabling it, restarting the server, I now have a new error which is shown further down
this post
The Exchange 2013 server install is pretty default, CAS/MBX roles and some basic configuration performed such as new DNS entries, Public SSL certs installed and assigned, URL's updates, SCP updated. I have review and resolved some errors from the event logs
for over chatty warnings about disk space (the warning is that we have loads of space...)
This is a brief outline of the environment:
Exchange 2007 SP3 RU13
UK - Two physical locations in a stretch LAN (100Mb WAN)
4 x CCR Cluster Mailbox Servers in two separate CCR Clusters
Cluster 1 - Windows 2003 R2: One physical, one virtual server - don't ask, legacy install and I know the virtual is not a supported configuration.
Cluster 2 - Windows 2008 R2: Two virtuals - New cluster built following a 4 day failure of Cluster 1. The aim was to move to supported config and decommission cluster 1.
Note: Migration of Cluster 1 to Cluster 2 was halted as 2013 was so close it seemed pointless to continue the migration and instead migrate both Clusters to 2013 once in production.
2 x Virtual Windows 2003 R2 - Hub Transport Servers
2 x Virtual Windows 2003 R2 - Client Access Servers
1 x Virtual Windows 2003 R2 - Unified Messaging Server
1 x Virtual Windows 2003 R2 - Edge Transport Server (DMZ)
US - One physical location
1 x Physical Windows 2008 R2 - Mailbox, Client Access, Hub Transport Server
Exchange 2013 CU5
UK - Installed into same site along side Exchange 2007 servers
1 x Virtual Windows 2012 R2 - Mailbox, Client Access Server
Problem 2 Error Message - Please note, server names and domain name changed:
Log Name:      Application
Source:        MSExchange Front End HTTP Proxy
Date:          18/07/2014 10:00:37
Event ID:      3005
Task Category: Core
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      EXC2013.domain.local
Description:
[RpcHttp] Marking ClientAccess 2010 server EXC2007CAS1.domain.local (https://EXC2007CAS1.domain.local/rpc/rpcproxy.dll) as unhealthy due to exception: System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
Event Xml:
<Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event>
<System>
    <Provider Name="MSExchange Front End HTTP Proxy" />
    <EventID Qualifiers="32768">3005</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-18T09:00:37.000000000Z" />
    <EventRecordID>64832</EventRecordID>
    <Channel>Application</Channel>
    <Computer>EXC2013.domain.local</Computer>
    <Security />
</System>
<EventData>
    <Data>RpcHttp</Data>
    <Data>EXC2007CAS1.domain.local</Data>
    <Data>https://EXC2007CAS1.domain.local/rpc/rpcproxy.dll</Data>
    <Data>System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)</Data>
</EventData>
</Event>

Hi Off2work,
I've gone through the article and the Get-OutlookAnywhere commandlet looks fine (especially when compared with our working CAS).
Having looked through IIS I have spotted two additional misconfigurations with a missing setting to require SSL on the RPC folder and also the .NET version was not set.
I've now set those to Require SSL and .NET 2.0.5072 however this has made no difference following restarted of both 2007 CAS and 2013 servers.
I could potentially reinstall the CAS server or additionally decommission it as we have two of them and the other is not causing any errors with the 2013 server. This broken CAS server doesn't even have DNS records (except it's own hostname) or firewall
rules pointing to it, nor does it have any active client connections if I check with a quick netstat -a
As for UM, it's next on my list following some client/server connectivity testing so I have not yet assigned the SSL to the services or setup the dial plans, etc.
The services do start most of the time, but others then don't so it's not a consistent issue with just this service. On my current boot, the DAG Management service failed to start, but again I don't have a DAG implemented yet.
I will see if UM drops out of that list once I've configured it shortly
Thanks for taking the time to respond (and that goes to DareDevil too)

Securing RDS with SSL certificate

Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?

Hi,
I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2???

Error installing Net::SSLeay to get TLS working in napp-it

Hi,
I'm using napp-it on my Solaris 11 Express server and to get email alerts through gmail I have to install Net::SMTP::TLS.
This requires two other packages, Net::SSLeay and IO::Socket::SSL.
Installing Net::SSLeay failes with:
How can I solve this?
cpan> install Net::SSLeay
Running install for module Net::SSLeay
Running make for F/FL/FLORA/Net-SSLeay-1.36.tar.gz
Is already unwrapped into directory /root/.cpan/build/Net-SSLeay-1.36
CPAN.pm: Going to build F/FL/FLORA/Net-SSLeay-1.36.tar.gz
Cannot determine perl version info from lib/Net/SSLeay.pm
Cannot determine license info from lib/Net/SSLeay.pm
*** Found OpenSSL-0.9.8o installed in /usr
*** Be sure to use the same compiler and options to compile your OpenSSL, perl,
and Net::SSLeay. Mixing and matching compilers is not supported.
Do you want to run external tests?
These tests will fail if you do not have network connectivity. [n]
Checking if your kit is complete...
Looks good
Writing Makefile for Net::SSLeay
Writing MYMETA.yml and MYMETA.json
cp lib/Net/SSLeay.pm blib/lib/Net/SSLeay.pm
AutoSplitting blib/lib/Net/SSLeay.pm (blib/lib/auto/Net/SSLeay)
blib/lib/Net/SSLeay.pm: some names are not unique when truncated to 8 characters:
directory blib/lib/auto/Net/SSLeay:
do_https3.al, do_https2.al, do_https4.al, do_https.al truncate to do_https
do_httpx3.al, do_httpx2.al, do_httpx4.al truncate to do_httpx
get_https.al, get_https3.al, get_https4.al, get_http.al, get_http3.al, get_http4.al, get_httpx.al, get_httpx3.al, get_httpx4.al truncate to get_http
head_https.al, head_https3.al, head_https4.al, head_http.al, head_http3.al, head_http4.al, head_httpx.al, head_httpx3.al, head_httpx4.al truncate to head_htt
post_https.al, post_https3.al, post_https4.al, post_http.al, post_http3.al, post_http4.al, post_httpx.al, post_httpx3.al, post_httpx4.al truncate to post_htt
put_https.al, put_https3.al, put_https4.al, put_http.al, put_http3.al, put_http4.al, put_httpx.al, put_httpx3.al, put_httpx4.al truncate to put_http
ssl_read_all.al, ssl_read_until.al, ssl_read_CRLF.al truncate to ssl_read
ssl_write_all.al, ssl_write_CRLF.al truncate to ssl_writ
tcp_read_all.al, tcp_read_until.al, tcp_read_CRLF.al truncate to tcp_read
tcp_write_all.al, tcp_write_CRLF.al truncate to tcp_writ
cp lib/Net/SSLeay/Handle.pm blib/lib/Net/SSLeay/Handle.pm
/usr/bin/perl "-Iinc" /usr/perl5/5.8.4/lib/ExtUtils/xsubpp -typemap /usr/perl5/5.8.4/lib/ExtUtils/typemap -typemap typemap SSLeay.xs > SSLeay.xsc && mv SSLeay.xsc SSLeay.c
cc -c -I/usr/include -I/usr/inc32 -I/usr/kerberos/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TS_ERRNO -O2 -g -DVERSION=\"1.36\" -DXS_VERSION=\"1.36\" -KPIC "-I/usr/perl5/5.8.4/lib/i86pc-solaris-64int/CORE" SSLeay.c
cc: unrecognized option `-KPIC'
In file included from SSLeay.xs:80:
/usr/perl5/5.8.4/lib/i86pc-solaris-64int/CORE/perl.h:2838:22: math.h: No such file or directory
SSLeay.xs: In function `ssleay_verify_callback_invoke':
SSLeay.xs:157: warning: cast from pointer to integer of different size
SSLeay.xs:164: warning: cast from pointer to integer of different size
SSLeay.xs: In function `ssleay_ctx_passwd_cb_new':
SSLeay.xs:233: warning: cast from pointer to integer of different size
SSLeay.xs:235: warning: cast from pointer to integer of different size
SSLeay.xs: In function `ssleay_ctx_passwd_cb_get':
SSLeay.c:6426: warning: cast to pointer from integer of different size
SSLeay.c: In function `XS_Net__SSLeay_EVP_add_digest':
SSLeay.c:6532: warning: cast to pointer from integer of different size
SSLeay.c: In function `XS_Net__SSLeay_EVP_sha256':
SSLeay.c:6555: warning: cast from pointer to integer of different size
make: *** [SSLeay.o] Error 1
/usr/gnu/bin/make -- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible

Thanks but it didnt help, same error even after changing this.
Dubbelchecked the changes just to be sure I didnt screw up on my end, it was /usr/perl5/5.8.4/lib/*bold*i86pc*bold*-solaris-64int/Config.pm and not /usr/perl5/5.8.4/lib/*bold*sun4*bold*-solaris-64int/Config.pm
I then ran
sudo perl -MCPAN -e shell
followed by
clean Net::SSLeay
install Net::SSLeay
and I still got the same error.
Anything else that could be causing this?

Error : Invalid/unknown SSL header was received from peer

Hi,
I am having Weblogic 8.1 (SP5) Application Server running in US. I have a GUI application which is talking to this application server using SSL protocol. We have same SSL certificates installed machines from where this GUI application is executed.
When I connect to this app. server from India, I am able to connect and do required operations, without any problem
Using same GUI application when a user tries to connect from US, he is able to connect and do some basic operation. But after some time suddenly the connection with the server gets broken and he is not able to do any further operation. After that when he closes the application and tries to connect again, he is able to connect. Again after sometime server communication is broken. But I am able to connect and do operation on the same server and at the same time without any connection break up.
When I checked Weblogic logs (wl-domain.log), I saw the below error printed.
####<Aug 30, 2006 7:54:40 AM CDT> <Warning> <Security> <TANGO2> <DevServer> <ExecuteThread: '24' for queue: 'default'> <<WLS Kernel>> <> <BEA-090476> <Invalid/unknown SSL header was received from peer 220.225.40.242 - 220.225.40.242 during SSL handshake.>
####<Aug 30, 2006 8:07:37 AM CDT> <Error> <HTTP> <TANGO2> <DevServer> <ExecuteThread: '24' for queue: 'default'> <<WLS Kernel>> <> <BEA-101018> <[ServletContext(id=200305,name=DefaultWebApp,context-path=)] Servlet failed with ServletException
java.lang.Throwable: Write Channel Closed
at com.tpt.thresher.servlet.TPTRPCRouterServletSession.doPost(TPTRPCRouterServletSession.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6981)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
But server has not gone down, its up all the time. Only thing is after this error comes up, user is not able to do any operation. He has to close the application and reconnect to the server. This is happening after random operation and there is no particular pattern for this. Server connection gets broken after every 5-10 minutes when connected from US.
Does anyone have any idea why this error comes?
Does it have to do anything with Operation System?

Please clarify. Do you believe that this is a JRockit error? If not, I would recommend one of the WebLogic newsgroups instead.
Cheers -- Henrik

SSL Setup in a load balanced portal

Hi,
We are implementing a portal landscape and also we are using a hardware based (Cisco ACE) load balancer for load balancing purposes.
So the configuration would be:
Portal requests --> Load Balancer --> Portal --> Backend
We are trying to implement SSL until the portal server and I have a question regarding the SSL certificate installation process.
The URL on the load balancer would be for example https://portaltest.mycompany.com which would load balance the requests between the application servers of the portal (https://sapeptest1.mycompany.com:50001/irj/portal and https://sapeptest2.mycompany.com:50001/irj/portal).
So, first thing we will have to do would be to install an SSL certificate (signed by a Trusted CA) on the load balancer with a CN=portaltest.mycompany.com.
I understand that for https to function properly, the host name in the URL we are using to get to the server should match the CN of the SSL certificate installed on the server.
Now, can we install the same certificate (that we put on the LB) on the portal as well?
(This might not work because the server type will be different)
(or)
Do we need to buy 2 certificates with the same CN and install one each on the LB and portal ?
Can some one please suggest on how to proceed with the SSL setup and certificate installation process ?
Thank You ,
Raj

Raj Kumar wrote:
My question is about how to go about installing the certificates on the LB and on the portal.
If you aren't using web dispatcher, then the details of the installation on the LB will depend on your LB (Cisco? Radware? etc?). I suggest contacting your LB vendor for that.
Sen's link is for SSO, you want the [SSL procedure|http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm].
You probably don't need a signed cert on the portal server itself (depending on whether your LB validates the cert). You could just use the default self-signed cert, since users won't be connecting to it directly and so won't be troubled by warnings about untrusted certs: the traffic from the AS would still be encrypted, you would only lose out on the server authentication feature (which you don't need, since again users won't see it).
On the other hand, do you really need SSL on portal server? That adds overhead at both the LB and portal. It's usually sufficient to use HTTP from the LB to the back-end, as long as the servers only allow connections from the LB. I realize you aren't using web dispatcher, but this looks like scenario #3 in [this diagram|http://help.sap.com/saphelp_nw70/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm]
Regards,
Sean

Assurance SSL cerificate installing

Similar Messages

Maybe you are looking for