BingMaps not showing with SSL certificate
I have recently added SSL certificate to the server for the website I am developing.
I changed my applications to use https from http.
<script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0">
After changing it from http to https, it is showing a blank page in place of map. The error it says is
This page is trying to load scripts from unauthenticated sources
I had to click on the right top corner shield and allow the browser to run unsafe scripts to get the bingmaps to show up.
Any ideas on how I can resolve it. I am using ASP.NEt, C#, Javascript and jQuery.
Thanks in advance.
Nate
I had to add &s=1 to run the BingMaps in secure mode
so, we should use following link to run the bing maps with SSL.
https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&s=1
Thanks
Nate
Similar Messages
-
Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL
I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
A) We're at version 11 ---- these kinds of issues should have been fixed years ago
B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
My tests seem to show that
(a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
(b) if a dialog is at a higher level, this is a global setting.
So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back. So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window). -
Importing external web service with SSL certificate security
Hello,
I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [Error: com.sap.ide.es.core.ui.internal.wizards.fragments Thread[ModalContext,6,main]]
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 21 more
Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
Cheers!Hi Alain,
I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info -
REDUNDANT ACE 20 WITH SSL CERTIFICATE
Hi
I have an ACE 20 redundant infrastructure (Active-Standby),and it´s needed to implement a secure aplication with SSL certificate.
The question I have is, for this solution is neccesary to generate a digital certificate and key for each ACE module? and, It´s is possible to use the same certificate and key in both ACE modules?
Thanks for your help.
RegardsRicardo,
You can just the same certificates for both devices.
Jorge -
Finish good material not showed with 131 movement type in mfbf code in REM
Hi experts,
I am working in Repetitive manufacturing process, I have 6 operations in rate routing from which 6th operation is mile stone.
When i confirm last operation through MFBF, system shows components list with movement type 261 but finish material is not showing with movement type 131. The document no. is generated at the time of saving but in displayed document FG shows with 131mov. type and component list with 261.
Setting for REM are as follows
1. control key- pp03
2. production versions- maintained with standard REM profile
So my question is how can i see FG material in MFBF screen along with componets list ? What is the settings for this or any development is there ?
Regards,
Nitin NerkarNitin,
System behavior is not wrong. What i understand from Backflush is, Back flushing is nothing but automatic goods issue. System will automatically posts the goods issue when you confirm the operations.You have no need to make manual issue. It will reduce the effort.
Backflushing is automatic accounting (Goods issues - 261 mvt) of material consumed for production, at the time of confirmation.
When you use auto goods receipt indicator then at the time of confirmation system will do auto GR. In normal discrete mfg scenario, when you are doing confirmation when you click on GOOD MOVEMENT tab you will get GI as well as GR with movement type.
But in REM scenario you doing MFBF (REM Backflush) means This activity executes multiple activities in a single step, such as: finished product goods receipt, backflush of component materials, posting of costs to cost collector and creation of material and accounting documents. When you are doing MFBF and clicking on post with correction tab it will show you what are the components going to backflush, and that is ok. Here you are not going GOODS MOVEMENT tab to display GR.
I think this SAP system std behavior.
Tara -
Superdrive does not show with the other devices on Macbook Air
My superdrive does not show with the other devices in Finder any longer.
Mid 2011 11" model
OS 10.7.5So the applications is causing failures and ejects. Contact the software mfg. about resolution of this.
Have you tried the app TOAST? Very reliable and highly popular.
You can drag any disk to the trash to cause ejection -
ICal server won't work with SSL certificate
I'm running Leopard Server 10.5.7, and have a GoDaddy SSL certificate installed on the server, which is working fine in Apache, but not for iCal server.
In the Security Certificates section of Server Admin, the certificate shows up properly with the correct hostname, with the correct authority (i.e. not self-signed). I can use the certificate for one of my SSL websites, and it works fine, no browser errors, all works great.
However, if I use Server Admin to enable SSL for iCal server and then select my GoDaddy certificate from the "Certificate" dropdown, the dropdown immediately changes to "Custom Configuration." So I save changes and stop/start the iCal service.
Then I took my iCal clients (which were all working fine without SSL), and in 'Server Settings,' I changed the server address to https (instead of http), and port 8443 (instead of port 8008). But then when I refresh the calendars, iCal throws an error saying:
"Unexpected secure name resolution error (code -9844). The server name may be incorrect."
When I set everything back to the way it was before I started, all works fine.
Anyone have any suggestions?Your problem seems similar to this thread:
http://discussions.apple.com/thread.jspa?threadID=1992033&tstart=0
There is some contradictory anecdotal information there, however. Tis reply in another thread:
http://discussions.apple.com/message.jspa?messageID=6288712#6288712
may hold some answers to your problem. There are two very enlightening articles on AFP548.com regarding certificate issues:
http://www.afp548.com/article.php?story=20080624005724638
http://www.afp548.com/article.php?story=20071203011158936
That might also be of assistance. Then there's this little tidbit:
http://www.networkjack.info/blog/2007/11/30/ssl-cert-with-subject-alternate-name /
These may-or-may-not solve theproblem but may provide insight as to why it's happening. -
Enterprise subordinate CA does not show up in certificate authorities list
After much discussion I decided the best approach was to clean eveything up and start over. I went through the KB on decommissioning an enterprise CA and Subordinate CA, install a new standalone root, and a new enterprise subordinate CA. Everything appeared
to be working with one exception. The new Enterprise Subordinate does not show up in the Certificate Authorities section of Public key services in AD Sites&Services. It does show up in AIA, CDP and Enrollment services. The standalone root is trusted and
I set up group policy with the certificate of the Enterprise Subordinate as a trusted intermediate. The templates were configured also as well as autoenrollment for computers but so far only the DCs and my workstation has received certificates. I am sure I
am missing something but after 100s of pages and artcle after article I don't see it. I ran the certutil -viewstore query and it doesn't see it either and it doesn't tell me how to fix it. Also, what is the deal with case; it seems no matter how careful I
was with upper and lower case letter AD did what it wanted and my published CA name looks like I can't figure out hows caps lock works.
Thanks in advance
[email protected]yes, it is possible. However, you will need to make some modifications on root CA:
certutil -setreg ca\dsconfig "AD Configuration naming context"
certutil -setreg ca\dsconfigdn "AD Configuration naming context"
certutil -setreg ca\dsdomaindn "AD Forest root domain DN"
AD configuration naming context is (usually) CN=Configuration, DC=rootdomainname, DC=domainsuffix.
To extend Root CA CRL validity, in the Certification Authority MMC, select properties of Revoked Certificates folder and specify validity period (something about 6-12 months). Make sure that Delta CRLs are NOT enabled. Save settings and restart certificate
services.
Then you should republish all CRLs and publish CRL to Active Directory:
certutil -dspublish -f path\RootCAcrl.crl
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki -
ACS Not installing renewed SSL Certificate for PEAP/EAP-TLS?
We recently renewed our SSL certificate through RapidSSL. While attempting to install the new certificate into ACS, I was given the prompt to showing the updated dates, confirmed and installed the new certificate, deleting the old. I restarted ACS, as required, but when trying to enable PEAP or EAP-TLS, I am getting the error "Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed."
The worst part, is that I when I tried to reinstall the old certificate, I am now getting the same problem.
Any suggestions?Matt,
How did you perform the CSR.... did you use ACS or OpenSSL? Also, did you verify that the certificate is in the trusted personal folder on the server?
Scott -
Webservice with SSL Certificate givivg error
Hi all,
I am configuring an abap webservice with client certificate
I had
1) installed the sap cryptographic library.
2) created SSL Server PSE in transaction STRUST
3)imported the certificate response by CA.
4)Exported the certificate to local computer.
5)Added the certificate in mmc under trusted certificate authority.
but when i am running the endpoint url, i am getting folllowing error
Error Code: ICF-LE-https-c:800-l:E-T:-C:5-U:4-P:4-L:7
HTTP 401 - Unauthorized
Your SAP Internet Communication Framework Team
Please help me on what step i am missing.
Thanks,
AnshulYou can add FOR TEST your pi userid & passw into enpoint url, like follow:
&sap-user=<userid>&sap-password=<passw>
Example:
http://sapi.sap.com:50xxx/sap/xi/.....&sap-user=donald&sap-password=duck
ps. Create a Service User into PI System for this. Regarding Role, i'm not a security guru, but i think that SAP_BC_WEBSERVICE_PI_CFG_SRV or SAP_BC_WEBSERVICE_ADMIN roles can be enough for this purpose. -
Securing RDS with SSL certificate
Hi, is it possible to lock down 2008 R2 RDS so that a user can only connect to the server via RDP if they have the appropriate SSL certificate installed on their PC?
Hi,
I´m looking for the same, there is no way to accomplish that even today with RDS from W2012 R2??? -
Transactional Iviews are not showing ( with out super admin role assigned )
Please any solutions for the fallowing.
First Problem
I am not able to create the user from portal directly. Its showing the fallowing error.
An error occurred in the persistence; contact your system administrator.
so i had created the users in WAS by SU01.
Second
We have some users at production server ( Assume 5 users ). and those users need to be mapped at portal. So that those users can directly enter into portal and operate on SAP system .
If u dont mine Please provide with me the steps to fallow
Third
i had created some transactional Iviews that are working fine when i am log in with Administrator( super administrator role). The problem is that the reports are not showing when i am log in with general user ( with out super administrator role ) .
Its showing the error
Could not able to look up the system.
And the problem with user mapping also .
For aministrator its working fine .and for a general end user ( created on WAS )
i am not able to provide user mapping. Its showing
There are no systems available for user mapping for the selected principal
wat could be the problem ?
Your solutions will be appreciated .please urgentHi Pratap,
Second Problem
If the Portal user name and R/3 user are the same then no problem other wise you have to do user mapping
Third Problem
Check the permissions. Right click the system object and give permissions for all
Create an alias for the system object for doing user mapping
First Problem
Try creating user from http://<portalserver>:50000/useradmin
Regards
Arun -
Accents not showing with attachement ?
Hi, I posted a couple of months earlier about accents in my email not showing properly when I add an atachement like a PDF file, JPG, or even a GIF. I was wondering if it was Mail 2 that is having a problem or is it some software I installed. The only software I can think of that could have done this is Antidote, a french spelling app. It added it's own script in the services menu that I can use when selecting text to start the app and see if I miss spelled words or grammar errors.
I dont' know if anyone is experiencing the same thing. I was actually so fed up with it, that I actually re-installed Mac OS 10.4 from scratch to see if I could have played around with my characters palet or something, but the problem is still there..... lingering somewhere within mail 2, haunting my whole entire work days to come.
Please help out !
Edhas anyone had this probleme other than me ?
-
Jars not signed with same certificat
Hi,
I have signed my jars with jarsigner and same certificat. I have verify with jarsigner -verify -cert -verbose.
But JWS says than my jars are not signed with the same certificat. I don't undestand why.
Here is the stack :
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1023)
at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:925)
at com.sun.javaws.Launcher.continueLaunch(Launcher.java:814)
at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:515)
at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:218)
at com.sun.javaws.Launcher.run(Launcher.java:165)
at java.lang.Thread.run(Thread.java:595)
How can I know what is the jar with bad certificat ?if you set deployment.property file entry:
deployment.trace.level=all
you should see some debug output in the console and trace file that might help determine what jar it is (I am assuming you are using javaws 5.0)
The problem is probably that although you use the same root certificate chan you purchased for each jar file, the entire certificate chain is not the same.
pleas post the full set of steps you used to sign each jar.
/Andy -
What's the difference with SSL Certificates?
Hi,
I need to get an SSL Certificate for my client's online
store. There are so
many choices out there ranging from stupidly expensive, down
to suspiciously
cheap.
Can anyone help me sort through the mob and recommend
something that is
trustworthy, secure and cheap.
I'm happy to buy globally, but I'd prefer either a true
multi-national, or
an Australian company.
Thanks,
BWhich certificate you choose depends on your intended use for
the cert. The cheap ones (US $20/year and up) simply assure that
you control the domain in question. The certificate agency sends an
email to the administrative contact specified in the domain's Whois
listing. If they get the appropriate response, the certificate is
issued. If all you are out to do is establish SSL connections to a
web site to prevent eavesdropping, this type of certificate is
fine. There is no difference in the level of security between these
certificates and fancier offerings as long as both the cert and
your web server support 256 bit encryption. You can also get a
certificate that is valid for up to 10 years, so you won't have to
worry about SSL for a long time. The cheap certificates are not
recommended for online commerce, as there is no assurance you are
an actual company. If you go this route, getting a certificate from
an outfit that supports single root verification greatly eases
installation on your server. (Translation from geek: A single root
certificate is inherently trusted by all major browsers. Companies
such as RapidSSL (cheap), Geotrust and Thawte (not so cheap), and
Verisign (expensive) all own their root certificates. Many other
certificate agencies require installing a chain of certificates on
your server that point back to the trusted root certificate. Use
Firefox to test your SSL site, as it has the most comprehensive
certificate validation routines.)
The next step up are the high assurance certificates. These
require you to prove that you own or represent the company whose
domain you are getting a certificate for. The price for these
certificates ranges from US$100/year to ~$400. The certificate
company will perform a search on your business or organization, and
you may be required to submit supporting documentation to prove you
are who you claim to be. The more expensive flavors of these certs
usually offer larger guarantees against credit card fraud resulting
from certificate misuse. These certificates are valid for up to 3
years.
Finally, there are the new extended validation certificates.
These require an in-depth evaluation of your business, including an
investigation into the overall legitimacy of your corporation.
Government agencies also qualify. Sole proprietorships and and
general partnerships are not eligible, although the CA/B says they
may be in the future. Get one of these and IE users can see the
navigation bar turn a trustworthy green color. There is also a
large amount of green involved in purchasing one of these
certificates, ranging from US$500/year from the cheapie outfits to
$900/year from Thawte to $1500 per year from Verisign.
No matter which option you pursue, there are a couple of
points to be aware of. First, choose a vendor that offers free
certificate replacement. This protects you in case a change in
hosting provider or web server invalidates your existing
certificate. Also, a normal certificate is very specific in terms
of which domain it supports. For example, a certificate for
www.domain.com does not work for mail.domain.com, ftp.domain.com,
or even domain.com. If this is important to you, you can either
purchase multiple certificates or a wildcard certificate that
supports any number of subdomains. Wildcard cert prices are
typically 4-5x higher than for a single cert. Finally, many cert
companies offer verification seals that you can add to your SSL web
pages. These allow your clients to click or hover over the seal to
get a quick verification that your site certificate comes from a
recognizable brand. Useful, perhaps, if you want to brag that "I
care enough to purchase certs from Thawte, Network Solutions,
Geotrust, et. al." or "I'm a penny-pincher and use GoDaddy!"
Maybe you are looking for
-
Just updated my itunes but it wont open due to runtime error what do i do?
just updated my itunes but it wont open due to runtime error what do i do?
-
Assigning categories to multiple Commodities - Smart Forms
Hi Folks, appreciate any feedback you could give, i'm creating smart forms in 11i for my company based on vendor. were looking to lock down the correct category (not editable) so requestors dont have a choice - reducing backend reclassing to the GL.
-
Error1962 the FIRST TIME I turned on this NEW PC!!
I received the 18kg package of the B750 that I ordered. After plugged it to the power and turned it on, BOOM, it gave an error message 1962 saying that no operating system is found. Why is that? I googled it and some people say it's a hard drive or c
-
HT5902 i lost my ipad can i get my photos from it onto my windows phone
I lost my iPad.can I get my photos from it on my windows phone
-
Wow---never have I had such a problem installing a program---4.5 hours without success . . . I followed the instructions (though perhaps not the 'missing' instruction---what is it? I installed HP ePrint Home and Biz (from Android Market)---for p